diff options
author | Ross Burton <ross.burton@arm.com> | 2023-07-03 13:19:25 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-07-10 11:36:06 +0100 |
commit | 2200fde7011c4206382150c2602b2eb17423d45e (patch) | |
tree | 679cfc671fb238538d69466ed61a8965fe5e17dc /meta/recipes-multimedia/libtiff/files | |
parent | 829c742b5461c4599d304541e0da0915dc44146c (diff) | |
download | openembedded-core-2200fde7011c4206382150c2602b2eb17423d45e.tar.gz |
tiff: upgrade to 4.5.1
Also remove old CVE_CHECK_IGNOREs which are no longer needed due to CPE
updates.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files')
3 files changed, 0 insertions, 167 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch deleted file mode 100644 index e356d377ea..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch +++ /dev/null @@ -1,29 +0,0 @@ -CVE: CVE-2022-48281 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001 -From: Su Laus <sulau@freenet.de> -Date: Sat, 21 Jan 2023 15:58:10 +0000 -Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488. - ---- - tools/tiffcrop.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index 14fa18da..7db69883 100644 ---- a/tools/tiffcrop.c -+++ b/tools/tiffcrop.c -@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image, - cropsize + NUM_BUFF_OVERSIZE_BYTES); - else - { -- prev_cropsize = seg_buffs[0].size; -+ prev_cropsize = seg_buffs[i].size; - if (prev_cropsize < cropsize) - { - next_buff = _TIFFrealloc( --- -GitLab - diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-26965.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-26965.patch deleted file mode 100644 index 5fdc1ed013..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2023-26965.patch +++ /dev/null @@ -1,99 +0,0 @@ -From ec8ef90c1f573c9eb1f17d6a056aa0015f184acf Mon Sep 17 00:00:00 2001 -From: Su_Laus <sulau@freenet.de> -Date: Tue, 14 Feb 2023 20:43:43 +0100 -Subject: [PATCH] tiffcrop: Do not reuse input buffer for subsequent images. - Fix issue 527 - -Reuse of read_buff within loadImage() from previous image is quite unsafe, because other functions (like rotateImage() etc.) reallocate that buffer with different size without updating the local prev_readsize value. - -Closes #527 - -CVE: CVE-2023-26965 -Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf] -Signed-off-by: Natasha Bailey <nat.bailey@windriver.com> ---- - tools/tiffcrop.c | 47 +++++++++++++---------------------------------- - 1 file changed, 13 insertions(+), 34 deletions(-) - -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index d7ad5ca8..d3e11ba2 100644 ---- a/tools/tiffcrop.c -+++ b/tools/tiffcrop.c -@@ -6771,9 +6771,7 @@ static int loadImage(TIFF *in, struct image_data *image, struct dump_opts *dump, - uint32_t tw = 0, tl = 0; /* Tile width and length */ - tmsize_t tile_rowsize = 0; - unsigned char *read_buff = NULL; -- unsigned char *new_buff = NULL; - int readunit = 0; -- static tmsize_t prev_readsize = 0; - - TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); - TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp); -@@ -7097,43 +7095,25 @@ static int loadImage(TIFF *in, struct image_data *image, struct dump_opts *dump, - } - - read_buff = *read_ptr; -- /* +3 : add a few guard bytes since reverseSamples16bits() can read a bit */ -- /* outside buffer */ -- if (!read_buff) -+ /* +3 : add a few guard bytes since reverseSamples16bits() can read a bit -+ * outside buffer */ -+ /* Reuse of read_buff from previous image is quite unsafe, because other -+ * functions (like rotateImage() etc.) reallocate that buffer with different -+ * size without updating the local prev_readsize value. */ -+ if (read_buff) - { -- if (buffsize > 0xFFFFFFFFU - 3) -- { -- TIFFError("loadImage", "Unable to allocate/reallocate read buffer"); -- return (-1); -- } -- read_buff = -- (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES); -+ _TIFFfree(read_buff); - } -- else -+ if (buffsize > 0xFFFFFFFFU - 3) - { -- if (prev_readsize < buffsize) -- { -- if (buffsize > 0xFFFFFFFFU - 3) -- { -- TIFFError("loadImage", -- "Unable to allocate/reallocate read buffer"); -- return (-1); -- } -- new_buff = -- _TIFFrealloc(read_buff, buffsize + NUM_BUFF_OVERSIZE_BYTES); -- if (!new_buff) -- { -- free(read_buff); -- read_buff = (unsigned char *)limitMalloc( -- buffsize + NUM_BUFF_OVERSIZE_BYTES); -- } -- else -- read_buff = new_buff; -- } -+ TIFFError("loadImage", "Required read buffer size too large"); -+ return (-1); - } -+ read_buff = -+ (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES); - if (!read_buff) - { -- TIFFError("loadImage", "Unable to allocate/reallocate read buffer"); -+ TIFFError("loadImage", "Unable to allocate read buffer"); - return (-1); - } - -@@ -7141,7 +7121,6 @@ static int loadImage(TIFF *in, struct image_data *image, struct dump_opts *dump, - read_buff[buffsize + 1] = 0; - read_buff[buffsize + 2] = 0; - -- prev_readsize = buffsize; - *read_ptr = read_buff; - - /* N.B. The read functions used copy separate plane data into a buffer as --- -2.39.0 - diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch deleted file mode 100644 index 7db0a35f72..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Sat, 29 Apr 2023 12:20:46 +0200 -Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a - strip whith a missing end-of-information marker (fixes #548) - -CVE: CVE-2023-2731 -Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b] - ---- - libtiff/tif_lzw.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c -index ba75a07e..d631fa10 100644 ---- a/libtiff/tif_lzw.c -+++ b/libtiff/tif_lzw.c -@@ -423,6 +423,10 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s) - - if (sp->read_error) - { -+ TIFFErrorExtR(tif, module, -+ "LZWDecode: Scanline %" PRIu32 " cannot be read due to " -+ "previous error", -+ tif->tif_row); - return 0; - } - -@@ -742,6 +746,7 @@ after_loop: - return (1); - - no_eoi: -+ sp->read_error = 1; - TIFFErrorExtR(tif, module, - "LZWDecode: Strip %" PRIu32 " not terminated with EOI code", - tif->tif_curstrip); --- -2.34.1 - |