diff options
author | Armin Kuster <akuster808@gmail.com> | 2016-12-10 09:38:43 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-12-13 22:47:33 +0000 |
commit | 9945cbccc4c737c84ad441773061acbf90c7baed (patch) | |
tree | 19446d6a6bee8d9313abb332df9ba71dbbb86fce /meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch | |
parent | facf9fa905100945738c13f9f79e938ed4a81030 (diff) | |
download | openembedded-core-contrib-9945cbccc4c737c84ad441773061acbf90c7baed.tar.gz |
libtiff: Update to 4.0.7
Major changes:
The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution, used for demos.
CVEs fixed:
CVE-2016-9297
CVE-2016-9448
CVE-2016-9273
CVE-2014-8127
CVE-2016-3658
CVE-2016-5875
CVE-2016-5652
CVE-2016-3632
plus more that are not identified in the changelog.
removed patches integrated into update.
more info: http://libtiff.maptools.org/v4.0.7.html
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch deleted file mode 100644 index 1d9be423a7..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch +++ /dev/null @@ -1,60 +0,0 @@ -From ae9365db1b271b62b35ce018eac8799b1d5e8a53 Mon Sep 17 00:00:00 2001 -From: erouault <erouault> -Date: Fri, 14 Oct 2016 19:13:20 +0000 -Subject: [PATCH ] * tools/tiffcrop.c: fix out-of-bound read of up to 3 bytes - in readContigTilesIntoBuffer(). Reported as MSVR 35092 by Axel Souchet - & Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team. - -CVE: CVE-2016-9539 - -Upstream-Status: Backport -https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53 - -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> - ---- - ChangeLog | 6 ++++++ - tools/tiffcrop.c | 11 ++++++++++- - 2 files changed, 16 insertions(+), 1 deletion(-) - -Index: tiff-4.0.6/ChangeLog -=================================================================== ---- tiff-4.0.6.orig/ChangeLog 2016-11-28 14:56:32.109283913 +0800 -+++ tiff-4.0.6/ChangeLog 2016-11-28 16:36:01.805325534 +0800 -@@ -17,6 +17,12 @@ - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500 - (CVE-2014-8127, duplicate: CVE-2016-3658) - -+2016-10-14 Even Rouault <even.rouault at spatialys.com> -+ -+ * tools/tiffcrop.c: fix out-of-bound read of up to 3 bytes in -+ readContigTilesIntoBuffer(). Reported as MSVR 35092 by Axel Souchet -+ & Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team. -+ - 2016-10-08 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: fix out-of-bounds write on tiled images with odd -Index: tiff-4.0.6/tools/tiffcrop.c -=================================================================== ---- tiff-4.0.6.orig/tools/tiffcrop.c 2016-11-28 14:56:31.433283908 +0800 -+++ tiff-4.0.6/tools/tiffcrop.c 2016-11-28 16:42:13.793328128 +0800 -@@ -819,9 +819,18 @@ - } - } - -- tilebuf = _TIFFmalloc(tile_buffsize); -+ /* Add 3 padding bytes for extractContigSamplesShifted32bits */ -+ if( tile_buffsize > 0xFFFFFFFFU - 3 ) -+ { -+ TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size."); -+ exit(-1); -+ } -+ tilebuf = _TIFFmalloc(tile_buffsize + 3); - if (tilebuf == 0) - return 0; -+ tilebuf[tile_buffsize] = 0; -+ tilebuf[tile_buffsize+1] = 0; -+ tilebuf[tile_buffsize+2] = 0; - - dst_rowsize = ((imagewidth * bps * spp) + 7) / 8; - for (row = 0; row < imagelength; row += tl) |