From 9e80f93ada4eae638350d86b8aa514203f757d43 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Fri, 22 Sep 2023 09:24:27 +0200 Subject: tiff: upgrade 4.5.1 -> 4.6.0 Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie --- .../libtiff/files/CVE-2023-40745.patch | 35 ------------ .../libtiff/files/CVE-2023-41175.patch | 63 ---------------------- meta/recipes-multimedia/libtiff/tiff_4.5.1.bb | 62 --------------------- meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 60 +++++++++++++++++++++ 4 files changed, 60 insertions(+), 160 deletions(-) delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch delete mode 100644 meta/recipes-multimedia/libtiff/tiff_4.5.1.bb create mode 100644 meta/recipes-multimedia/libtiff/tiff_4.6.0.bb (limited to 'meta/recipes-multimedia/libtiff') diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch deleted file mode 100644 index 73f1f37bab..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 4fc16f649fa2875d5c388cf2edc295510a247ee5 Mon Sep 17 00:00:00 2001 -From: Arie Haenel -Date: Thu, 14 Sep 2023 04:31:35 +0000 -Subject: [PATCH] tiffcp: fix memory corruption (overflow) on hostile images - (fixes #591) - -CVE: CVE-2023-40745 - -Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5] - -Signed-off-by: Yogita Urade ---- - tools/tiffcp.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/tools/tiffcp.c b/tools/tiffcp.c -index 3b2d1dd..57fa6e8 100644 ---- a/tools/tiffcp.c -+++ b/tools/tiffcp.c -@@ -1754,6 +1754,13 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) - "Width * Samples/Pixel)"); - return 0; - } -+ -+ if ( (imagew - tilew * spp) > INT_MAX ){ -+ TIFFError(TIFFFileName(in), -+ "Error, image raster scan line size is too large"); -+ return 0; -+ } -+ - iskew = imagew - tilew * spp; - tilebuf = limitMalloc(tilesize); - if (tilebuf == 0) --- -2.35.5 diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch deleted file mode 100644 index cca30b2196..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 6e2dac5f904496d127c92ddc4e56eccfca25c2ee Mon Sep 17 00:00:00 2001 -From: Arie Haenel -Date: Thu, 14 Sep 2023 04:36:58 +0000 -Subject: [PATCH] raw2tiff: fix integer overflow and bypass of the check (fixes - #592) - -CVE: CVE-2023-41175 - -Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee] - -Signed-off-by: Yogita Urade ---- - tools/raw2tiff.c | 28 ++++++++++++++++++++++++++++ - 1 file changed, 28 insertions(+) - -diff --git a/tools/raw2tiff.c b/tools/raw2tiff.c -index 4ee59e5..a811077 100644 ---- a/tools/raw2tiff.c -+++ b/tools/raw2tiff.c -@@ -101,6 +101,7 @@ int main(int argc, char *argv[]) - int fd; - char *outfilename = NULL; - TIFF *out; -+ uint32_t temp_limit_check = 0; /* temp for integer overflow checking*/ - - uint32_t row, col, band; - int c; -@@ -221,6 +222,33 @@ int main(int argc, char *argv[]) - if (guessSize(fd, dtype, hdr_size, nbands, swab, &width, &length) < 0) - return EXIT_FAILURE; - -+ /* check for integer overflow in */ -+ /* hdr_size + (*width) * (*length) * nbands * depth */ -+ -+ if ((width == 0) || (length == 0) ){ -+ fprintf(stderr, "Too large nbands value specified.\n"); -+ return (EXIT_FAILURE); -+ } -+ -+ temp_limit_check = nbands * depth; -+ -+ if ( !temp_limit_check || length > ( UINT_MAX / temp_limit_check ) ) { -+ fprintf(stderr, "Too large length size specified.\n"); -+ return (EXIT_FAILURE); -+ } -+ temp_limit_check = temp_limit_check * length; -+ -+ if ( !temp_limit_check || width > ( UINT_MAX / temp_limit_check ) ) { -+ fprintf(stderr, "Too large width size specified.\n"); -+ return (EXIT_FAILURE); -+ } -+ temp_limit_check = temp_limit_check * width; -+ -+ if ( !temp_limit_check || hdr_size > ( UINT_MAX - temp_limit_check ) ) { -+ fprintf(stderr, "Too large header size specified.\n"); -+ return (EXIT_FAILURE); -+ } -+ - if (outfilename == NULL) - outfilename = argv[optind + 1]; - out = TIFFOpen(outfilename, "w"); --- -2.35.5 diff --git a/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb b/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb deleted file mode 100644 index 2b5e66b8f3..0000000000 --- a/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb +++ /dev/null @@ -1,62 +0,0 @@ -SUMMARY = "Provides support for the Tag Image File Format (TIFF)" -DESCRIPTION = "Library provides support for the Tag Image File Format \ -(TIFF), a widely used format for storing image data. This library \ -provide means to easily access and create TIFF image files." -HOMEPAGE = "http://www.libtiff.org/" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3" - -CVE_PRODUCT = "libtiff" - -SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ - file://CVE-2023-40745.patch \ - file://CVE-2023-41175.patch \ - " - -SRC_URI[sha256sum] = "d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167dca5e2b" - -# exclude betas -UPSTREAM_CHECK_REGEX = "tiff-(?P\d+(\.\d+)+).tar" - -CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue" - -inherit autotools multilib_header - -CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no" - -PACKAGECONFIG ?= "cxx jpeg zlib lzma \ - strip-chopping extrasample-as-alpha check-ycbcr-subsampling" - -PACKAGECONFIG[cxx] = "--enable-cxx,--disable-cxx,," -PACKAGECONFIG[jbig] = "--enable-jbig,--disable-jbig,jbig," -PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg," -PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib," -PACKAGECONFIG[lzma] = "--enable-lzma,--disable-lzma,xz," -PACKAGECONFIG[webp] = "--enable-webp,--disable-webp,libwebp," -PACKAGECONFIG[zstd] = "--enable-zstd,--disable-zstd,zstd," -PACKAGECONFIG[libdeflate] = "--enable-libdeflate,--disable-libdeflate,libdeflate," - -# Convert single-strip uncompressed images to multiple strips of specified -# size (default: 8192) to reduce memory usage -PACKAGECONFIG[strip-chopping] = "--enable-strip-chopping,--disable-strip-chopping,," - -# Treat a fourth sample with no EXTRASAMPLE_ value as being ASSOCALPHA -PACKAGECONFIG[extrasample-as-alpha] = "--enable-extrasample-as-alpha,--disable-extrasample-as-alpha,," - -# Control picking up YCbCr subsample info. Disable to support files lacking -# the tag -PACKAGECONFIG[check-ycbcr-subsampling] = "--enable-check-ycbcr-subsampling,--disable-check-ycbcr-subsampling,," - -# Support a mechanism allowing reading large strips (usually one strip files) -# in chunks when using TIFFReadScanline. Experimental 4.0+ feature -PACKAGECONFIG[chunky-strip-read] = "--enable-chunky-strip-read,--disable-chunky-strip-read,," - -PACKAGES =+ "tiffxx tiff-utils" -FILES:tiffxx = "${libdir}/libtiffxx.so.*" -FILES:tiff-utils = "${bindir}/*" - -do_install:append() { - oe_multilib_header tiffconf.h -} - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb new file mode 100644 index 0000000000..49984f1125 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb @@ -0,0 +1,60 @@ +SUMMARY = "Provides support for the Tag Image File Format (TIFF)" +DESCRIPTION = "Library provides support for the Tag Image File Format \ +(TIFF), a widely used format for storing image data. This library \ +provide means to easily access and create TIFF image files." +HOMEPAGE = "http://www.libtiff.org/" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3" + +CVE_PRODUCT = "libtiff" + +SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ + " + +SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a" + +# exclude betas +UPSTREAM_CHECK_REGEX = "tiff-(?P\d+(\.\d+)+).tar" + +CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue" + +inherit autotools multilib_header + +CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no" + +PACKAGECONFIG ?= "cxx jpeg zlib lzma \ + strip-chopping extrasample-as-alpha check-ycbcr-subsampling" + +PACKAGECONFIG[cxx] = "--enable-cxx,--disable-cxx,," +PACKAGECONFIG[jbig] = "--enable-jbig,--disable-jbig,jbig," +PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg," +PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib," +PACKAGECONFIG[lzma] = "--enable-lzma,--disable-lzma,xz," +PACKAGECONFIG[webp] = "--enable-webp,--disable-webp,libwebp," +PACKAGECONFIG[zstd] = "--enable-zstd,--disable-zstd,zstd," +PACKAGECONFIG[libdeflate] = "--enable-libdeflate,--disable-libdeflate,libdeflate," + +# Convert single-strip uncompressed images to multiple strips of specified +# size (default: 8192) to reduce memory usage +PACKAGECONFIG[strip-chopping] = "--enable-strip-chopping,--disable-strip-chopping,," + +# Treat a fourth sample with no EXTRASAMPLE_ value as being ASSOCALPHA +PACKAGECONFIG[extrasample-as-alpha] = "--enable-extrasample-as-alpha,--disable-extrasample-as-alpha,," + +# Control picking up YCbCr subsample info. Disable to support files lacking +# the tag +PACKAGECONFIG[check-ycbcr-subsampling] = "--enable-check-ycbcr-subsampling,--disable-check-ycbcr-subsampling,," + +# Support a mechanism allowing reading large strips (usually one strip files) +# in chunks when using TIFFReadScanline. Experimental 4.0+ feature +PACKAGECONFIG[chunky-strip-read] = "--enable-chunky-strip-read,--disable-chunky-strip-read,," + +PACKAGES =+ "tiffxx tiff-utils" +FILES:tiffxx = "${libdir}/libtiffxx.so.*" +FILES:tiff-utils = "${bindir}/*" + +do_install:append() { + oe_multilib_header tiffconf.h +} + +BBCLASSEXTEND = "native nativesdk" -- cgit 1.2.3-korg