From 92a2e6dc73085ccb5482986c6b61d40992fb4f50 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Thu, 22 Nov 2018 16:41:25 +0100
Subject: tiff: update to 4.0.10

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../libtiff/files/CVE-2018-8905.patch              | 61 ----------------------
 1 file changed, 61 deletions(-)
 delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch

(limited to 'meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch')

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch b/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch
deleted file mode 100644
index 962646dbe0..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 12 May 2018 15:32:31 +0200
-Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 /
- CVE-2018-8905
-
-The fix consists in using the similar code LZWDecode() to validate we
-don't write outside of the output buffer.
-
----
-CVE: CVE-2018-8905
-
-Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/58a898...]
-
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-
----
- libtiff/tif_lzw.c |   18 ++++++++++++------
- 1 file changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
-index 4ccb443..94d85e3 100644
---- a/libtiff/tif_lzw.c
-+++ b/libtiff/tif_lzw.c
-@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
- 	char *tp;
- 	unsigned char *bp;
- 	int code, nbits;
-+	int len;
- 	long nextbits, nextdata, nbitsmask;
- 	code_t *codep, *free_entp, *maxcodep, *oldcodep;
- 
-@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
- 				}  while (--occ);
- 				break;
- 			}
--			assert(occ >= codep->length);
--			op += codep->length;
--			occ -= codep->length;
--			tp = op;
-+			len = codep->length;
-+			tp = op + len;
- 			do {
--				*--tp = codep->value;
--			} while( (codep = codep->next) != NULL );
-+				int t;
-+				--tp;
-+				t = codep->value;
-+				codep = codep->next;
-+				*tp = (char)t;
-+			} while (codep && tp > op);
-+			assert(occ >= len);
-+			op += len;
-+			occ -= len;
- 		} else {
- 			*op++ = (char)code;
- 			occ--;
--- 
-1.7.9.5
-
-- 
cgit 1.2.3-korg