tiff: Update to 4.0.0beta6

This includes a number of security fixes.  In addition, side-port
the fix for CVE-2010-2482.  Since we updated for security reasons
and there was only one version before this (the previous beta),
git mv and update the distros that had pinned down.

Signed-off-by: Tom Rini <tom_rini@mentor.com>

3 files changed, 42 insertions, 6 deletions

diff --git a/recipes/libtiff/tiff-3.9.4+4.0.0beta6/tiff-lp589145.diff b/recipes/libtiff/tiff-3.9.4+4.0.0beta6/tiff-lp589145.diff
new file mode 100644
index 0000000000..bf2dbfe36d
--- /dev/null
+++ b/recipes/libtiff/tiff-3.9.4+4.0.0beta6/tiff-lp589145.diff
@@ -0,0 +1,17 @@
+https://bugzilla.redhat.com/attachment.cgi?id=423232
+
+Index: libtiff/tif_ojpeg.c
+===================================================================
+--- libtiff/tif_ojpeg.c.orig
++++ libtiff/tif_ojpeg.c
+@@ -1937,6 +1937,10 @@ OJPEGReadBufferFill(OJPEGState* sp)
+ 					sp->in_buffer_source=osibsEof;
+ 				else
+ 				{
++					if (sp->tif->tif_dir.td_stripoffset == 0) {
++						TIFFErrorExt(sp->tif->tif_clientdata,sp->tif->tif_name,"Strip offsets are missing");
++						return(0);
++					}
+ 					sp->in_buffer_file_pos=sp->tif->tif_dir.td_stripoffset[sp->in_buffer_next_strile];
+ 					if (sp->in_buffer_file_pos!=0)
+ 					{
diff --git a/recipes/libtiff/tiff-3.9.4+4.0.0beta6/tiff-ojpeg-null-stripbytecount.diff b/recipes/libtiff/tiff-3.9.4+4.0.0beta6/tiff-ojpeg-null-stripbytecount.diff
new file mode 100644
index 0000000000..209e78a52c
--- /dev/null
+++ b/recipes/libtiff/tiff-3.9.4+4.0.0beta6/tiff-ojpeg-null-stripbytecount.diff
@@ -0,0 +1,17 @@
+https://bugzilla.redhat.com/attachment.cgi?id=425925
+
+Index: libtiff/tif_ojpeg.c
+===================================================================
+--- libtiff/tif_ojpeg.c.orig
++++ libtiff/tif_ojpeg.c
+@@ -1948,6 +1948,10 @@ OJPEGReadBufferFill(OJPEGState* sp)
+ 							sp->in_buffer_file_pos=0;
+ 						else
+ 						{
++							if (sp->tif->tif_dir.td_stripbytecount == 0) {
++								TIFFErrorExt(sp->tif->tif_clientdata,sp->tif->tif_name,"Strip byte counts are missing");
++								return(0);
++							}
+ 							sp->in_buffer_file_togo=sp->tif->tif_dir.td_stripbytecount[sp->in_buffer_next_strile];
+ 							if (sp->in_buffer_file_togo==0)
+ 								sp->in_buffer_file_pos=0;
diff --git a/recipes/libtiff/tiff_3.9.2.bb b/recipes/libtiff/tiff_3.9.4.bb
index dd2d80ee6e..f54a19b405 100644
--- a/recipes/libtiff/tiff_3.9.2.bb
+++ b/recipes/libtiff/tiff_3.9.4.bb
@@ -2,15 +2,17 @@ DESCRIPTION = "This software provides support for the Tag Image File Format (TIF
 LICENSE = "${PN}"
 HOMEPAGE = "http://www.remotesensing.org/libtiff/"
 DEPENDS = "zlib jpeg lzo"
-PV = "3.9.2+4.0.0beta5"
+PV = "3.9.4+4.0.0beta6"
 
-PR = "r5"
+PR = "r0"
 
-SRC_URI = "http://download.osgeo.org/libtiff/tiff-4.0.0beta5.tar.gz;name=tiff400beta5targz"
-SRC_URI[tiff400beta5targz.md5sum] = "a0a83604e38a299fae9f0b1a39c04870"
-SRC_URI[tiff400beta5targz.sha256sum] = "64b61567782643a841e33a8d031d0d6a9b3e436108829e2e947183f8dcdc6ec7"
+SRC_URI = "http://download.osgeo.org/libtiff/tiff-4.0.0beta6.tar.gz \
+	   file://tiff-lp589145.diff;striplevel=0 \
+	   file://tiff-ojpeg-null-stripbytecount.diff;striplevel=0"
+SRC_URI[md5sum] = "6a1e51841a5a5062cc381e34a48122a0"
+SRC_URI[sha256sum] = "de016175742bcdd0cd6f326dd2e7bbc7154437d7bb09976ad4789016065061e6"
 
-S = "${WORKDIR}/tiff-4.0.0beta5"
+S = "${WORKDIR}/tiff-4.0.0beta6"
 
 inherit autotools