diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff')
-rw-r--r-- | meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch | 43 | ||||
-rw-r--r-- | meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch | 30 | ||||
-rw-r--r-- | meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch | 32 | ||||
-rw-r--r-- | meta/recipes-multimedia/libtiff/tiff_4.3.0.bb (renamed from meta/recipes-multimedia/libtiff/tiff_4.1.0.bb) | 24 |
4 files changed, 122 insertions, 7 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch new file mode 100644 index 0000000000..72776f09ba --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch @@ -0,0 +1,43 @@ +CVE: CVE-2022-22844 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From b12a0326e6064b6e0b051d1184a219877472f69b Mon Sep 17 00:00:00 2001 +From: 4ugustus <wangdw.augustus@qq.com> +Date: Tue, 25 Jan 2022 16:25:28 +0000 +Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where + count is required (fixes #355) + +--- + tools/tiffset.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/tools/tiffset.c b/tools/tiffset.c +index 8c9e23c5..e7a88c09 100644 +--- a/tools/tiffset.c ++++ b/tools/tiffset.c +@@ -146,9 +146,19 @@ main(int argc, char* argv[]) + + arg_index++; + if (TIFFFieldDataType(fip) == TIFF_ASCII) { +- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1) +- fprintf( stderr, "Failed to set %s=%s\n", +- TIFFFieldName(fip), argv[arg_index] ); ++ if(TIFFFieldPassCount( fip )) { ++ size_t len; ++ len = strlen(argv[arg_index]) + 1; ++ if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip), ++ (uint16_t)len, argv[arg_index]) != 1) ++ fprintf( stderr, "Failed to set %s=%s\n", ++ TIFFFieldName(fip), argv[arg_index] ); ++ } else { ++ if (TIFFSetField(tiff, TIFFFieldTag(fip), ++ argv[arg_index]) != 1) ++ fprintf( stderr, "Failed to set %s=%s\n", ++ TIFFFieldName(fip), argv[arg_index] ); ++ } + } else if (TIFFFieldWriteCount(fip) > 0 + || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) { + int ret = 1; +-- +2.25.1 diff --git a/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch new file mode 100644 index 0000000000..0b41dde606 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch @@ -0,0 +1,30 @@ +From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Sat, 5 Feb 2022 20:36:41 +0100 +Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null + source pointer and size of zero (fixes #362) + +Upstream-Status: Backport +CVE: CVE-2022-0562 + +--- + libtiff/tif_dirread.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index 2bbc4585..23194ced 100644 +--- a/libtiff/tif_dirread.c ++++ b/libtiff/tif_dirread.c +@@ -4177,7 +4177,8 @@ TIFFReadDirectory(TIFF* tif) + goto bad; + } + +- memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); ++ if (old_extrasamples > 0) ++ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); + _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); + _TIFFfree(new_sampleinfo); + } +-- +GitLab + diff --git a/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch new file mode 100644 index 0000000000..74f9649fdf --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch @@ -0,0 +1,32 @@ +From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Sun, 6 Feb 2022 13:08:38 +0100 +Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null + source pointer and size of zero (fixes #362) + +Upstream-Status: Backport +CVE: CVE-2022-0561 + +--- + libtiff/tif_dirread.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index 23194ced..50ebf8ac 100644 +--- a/libtiff/tif_dirread.c ++++ b/libtiff/tif_dirread.c +@@ -5777,8 +5777,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l + _TIFFfree(data); + return(0); + } +- _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t)); +- _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t)); ++ if( dir->tdir_count ) ++ _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t)); ++ _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t)); + _TIFFfree(data); + data=resizeddata; + } +-- +GitLab + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 1f92c18513..6b933a409b 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -1,17 +1,27 @@ SUMMARY = "Provides support for the Tag Image File Format (TIFF)" +DESCRIPTION = "Library provides support for the Tag Image File Format \ +(TIFF), a widely used format for storing image data. This library \ +provide means to easily access and create TIFF image files." +HOMEPAGE = "http://www.libtiff.org/" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=34da3db46fab7501992f9615d7e158cf" CVE_PRODUCT = "libtiff" SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ - " -SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424" -SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634" + file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch \ + file://561599c99f987dc32ae110370cfdd7df7975586b.patch \ + file://eecb0712f4c3a5b449f70c57988260a667ddbdef.patch" + +SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" # exclude betas UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar" +# Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 +# and 4.3.0 doesn't have the issue +CVE_CHECK_IGNORE += "CVE-2015-7313" + inherit autotools multilib_header CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no" @@ -40,11 +50,11 @@ PACKAGECONFIG[check-ycbcr-subsampling] = "--enable-check-ycbcr-subsampling,--dis PACKAGECONFIG[chunky-strip-read] = "--enable-chunky-strip-read,--disable-chunky-strip-read,," PACKAGES =+ "tiffxx tiff-utils" -FILES_tiffxx = "${libdir}/libtiffxx.so.*" -FILES_tiff-utils = "${bindir}/*" +FILES:tiffxx = "${libdir}/libtiffxx.so.*" +FILES:tiff-utils = "${bindir}/*" -do_install_append() { +do_install:append() { oe_multilib_header tiffconf.h } -BBCLASSEXTEND = "native" +BBCLASSEXTEND = "native nativesdk" |