diff options
author | Armin Kuster <akuster808@gmail.com> | 2016-12-10 09:38:43 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-01-11 17:21:45 +0000 |
commit | baf73313b3f63537853278992fa7c00775a6eff4 (patch) | |
tree | d5983f67c33f88b81df914f0cfbf5883d4de4877 /meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch | |
parent | 985beaaa1309a97d42aa0f886096db041060a95e (diff) | |
download | openembedded-core-contrib-baf73313b3f63537853278992fa7c00775a6eff4.tar.gz |
libtiff: Update to 4.0.7
Major changes:
The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution, used for demos.
CVEs fixed:
CVE-2016-9297
CVE-2016-9448
CVE-2016-9273
CVE-2014-8127
CVE-2016-3658
CVE-2016-5875
CVE-2016-5652
CVE-2016-3632
plus more that are not identified in the changelog.
removed patches integrated into update.
more info: http://libtiff.maptools.org/v4.0.7.html
(From OE-Core rev: 9945cbccc4c737c84ad441773061acbf90c7baed)
(From OE-Core rev: 009b330591b27bd14d4c8ceb767c78fd7eb924fd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch | 129 |
1 files changed, 0 insertions, 129 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch deleted file mode 100644 index 0c8b7164e5..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 92d966a5fcfbdca67957c8c5c47b467aa650b286 Mon Sep 17 00:00:00 2001 -From: bfriesen <bfriesen> -Date: Sat, 24 Sep 2016 23:11:55 +0000 -Subject: [PATCH] * libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts - to read floating point images. - -* libtiff/tif_predict.c (PredictorSetup): Enforce bits-per-sample -requirements of floating point predictor (3). Fixes CVE-2016-3622 -"Divide By Zero in the tiff2rgba tool." - -CVE: CVE-2016-3622 -Upstream-Status: Backport -https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286 - -Signed-off-by: Yi Zhao <yi.zhao@windirver.com> ---- - ChangeLog | 11 ++++++++++- - libtiff/tif_getimage.c | 38 ++++++++++++++++++++------------------ - libtiff/tif_predict.c | 11 ++++++++++- - 3 files changed, 40 insertions(+), 20 deletions(-) - -diff --git a/ChangeLog b/ChangeLog -index 26d6f47..a628277 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,3 +1,12 @@ -+2016-09-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> -+ -+ * libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts to -+ read floating point images. -+ -+ * libtiff/tif_predict.c (PredictorSetup): Enforce bits-per-sample -+ requirements of floating point predictor (3). Fixes CVE-2016-3622 -+ "Divide By Zero in the tiff2rgba tool." -+ - 2016-08-15 Even Rouault <even.rouault at spatialys.com> - - * tools/rgb2ycbcr.c: validate values of -v and -h parameters to -diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c -index 386cee0..3e689ee 100644 ---- a/libtiff/tif_getimage.c -+++ b/libtiff/tif_getimage.c -@@ -95,6 +95,10 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024]) - td->td_bitspersample); - return (0); - } -+ if (td->td_sampleformat == SAMPLEFORMAT_IEEEFP) { -+ sprintf(emsg, "Sorry, can not handle images with IEEE floating-point samples"); -+ return (0); -+ } - colorchannels = td->td_samplesperpixel - td->td_extrasamples; - if (!TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric)) { - switch (colorchannels) { -@@ -182,27 +186,25 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024]) - "Planarconfiguration", td->td_planarconfig); - return (0); - } -- if( td->td_samplesperpixel != 3 || colorchannels != 3 ) -- { -- sprintf(emsg, -- "Sorry, can not handle image with %s=%d, %s=%d", -- "Samples/pixel", td->td_samplesperpixel, -- "colorchannels", colorchannels); -- return 0; -- } -+ if ( td->td_samplesperpixel != 3 || colorchannels != 3 ) { -+ sprintf(emsg, -+ "Sorry, can not handle image with %s=%d, %s=%d", -+ "Samples/pixel", td->td_samplesperpixel, -+ "colorchannels", colorchannels); -+ return 0; -+ } - break; - case PHOTOMETRIC_CIELAB: -- if( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 ) -- { -- sprintf(emsg, -- "Sorry, can not handle image with %s=%d, %s=%d and %s=%d", -- "Samples/pixel", td->td_samplesperpixel, -- "colorchannels", colorchannels, -- "Bits/sample", td->td_bitspersample); -- return 0; -- } -+ if ( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 ) { -+ sprintf(emsg, -+ "Sorry, can not handle image with %s=%d, %s=%d and %s=%d", -+ "Samples/pixel", td->td_samplesperpixel, -+ "colorchannels", colorchannels, -+ "Bits/sample", td->td_bitspersample); -+ return 0; -+ } - break; -- default: -+ default: - sprintf(emsg, "Sorry, can not handle image with %s=%d", - photoTag, photometric); - return (0); -diff --git a/libtiff/tif_predict.c b/libtiff/tif_predict.c -index 081eb11..555f2f9 100644 ---- a/libtiff/tif_predict.c -+++ b/libtiff/tif_predict.c -@@ -80,6 +80,15 @@ PredictorSetup(TIFF* tif) - td->td_sampleformat); - return 0; - } -+ if (td->td_bitspersample != 16 -+ && td->td_bitspersample != 24 -+ && td->td_bitspersample != 32 -+ && td->td_bitspersample != 64) { /* Should 64 be allowed? */ -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Floating point \"Predictor\" not supported with %d-bit samples", -+ td->td_bitspersample); -+ return 0; -+ } - break; - default: - TIFFErrorExt(tif->tif_clientdata, module, -@@ -174,7 +183,7 @@ PredictorSetupDecode(TIFF* tif) - } - /* - * Allocate buffer to keep the decoded bytes before -- * rearranging in the ight order -+ * rearranging in the right order - */ - } - --- -2.7.4 - |