tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058

Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2022-07-11 14:19:03 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-07-12 12:52:48 +0100
commit: a84538dbe760fed94cfe22a39b0a6f95c61c307d (patch)
tree: 8422b75a6b09eb08e76dea4dcfbfb5ae0d13606e /meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
parent: 708421238ed149b1eabf463bd563a37480ad1169 (diff)
download: openembedded-core-a84538dbe760fed94cfe22a39b0a6f95c61c307d.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
index c82965ffa1..0af956a8f0 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
@@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=34da3db46fab7501992f9615d7e158cf"
 
 CVE_PRODUCT = "libtiff"
 
-SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz"
+SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
+           file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch"
 
 SRC_URI[sha256sum] = "917223b37538959aca3b790d2d73aa6e626b688e02dcda272aec24c2f498abed"
author	Ross Burton <ross.burton@arm.com>	2022-07-11 14:19:03 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-07-12 12:52:48 +0100
commit	a84538dbe760fed94cfe22a39b0a6f95c61c307d (patch)
tree	8422b75a6b09eb08e76dea4dcfbfb5ae0d13606e /meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
parent	708421238ed149b1eabf463bd563a37480ad1169 (diff)
download	openembedded-core-a84538dbe760fed94cfe22a39b0a6f95c61c307d.tar.gz