diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch')
-rw-r--r-- | import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch | 77 |
1 files changed, 40 insertions, 37 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch b/import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch index 94f33900a5..3392285901 100644 --- a/import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch +++ b/import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch @@ -32,38 +32,38 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> libtiff/tif_dirread.c | 4 ++ 4 files changed, 128 insertions(+) -Index: tiff-4.0.7/ChangeLog -=================================================================== ---- tiff-4.0.7.orig/ChangeLog -+++ tiff-4.0.7/ChangeLog +diff --git a/ChangeLog b/ChangeLog +index ee8d9d0..5739292 100644 +--- a/ChangeLog ++++ b/ChangeLog @@ -1,3 +1,23 @@ +2017-06-01 Even Rouault <even.rouault at spatialys.com> + -+ * libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(), -+ and use it in TIFFReadDirectory() so as to ignore fields whose tag is a -+ codec-specified tag but this codec is not enabled. This avoids TIFFGetField() -+ to behave differently depending on whether the codec is enabled or not, and -+ thus can avoid stack based buffer overflows in a number of TIFF utilities -+ such as tiffsplit, tiffcmp, thumbnail, etc. -+ Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch -+ (http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog. -+ Fixes: -+ http://bugzilla.maptools.org/show_bug.cgi?id=2580 -+ http://bugzilla.maptools.org/show_bug.cgi?id=2693 -+ http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095) -+ http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554) -+ http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318) -+ http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128) -+ http://bugzilla.maptools.org/show_bug.cgi?id=2441 -+ http://bugzilla.maptools.org/show_bug.cgi?id=2433 ++ * libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(), ++ and use it in TIFFReadDirectory() so as to ignore fields whose tag is a ++ codec-specified tag but this codec is not enabled. This avoids TIFFGetField() ++ to behave differently depending on whether the codec is enabled or not, and ++ thus can avoid stack based buffer overflows in a number of TIFF utilities ++ such as tiffsplit, tiffcmp, thumbnail, etc. ++ Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch ++ (http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog. ++ Fixes: ++ http://bugzilla.maptools.org/show_bug.cgi?id=2580 ++ http://bugzilla.maptools.org/show_bug.cgi?id=2693 ++ http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095) ++ http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554) ++ http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318) ++ http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128) ++ http://bugzilla.maptools.org/show_bug.cgi?id=2441 ++ http://bugzilla.maptools.org/show_bug.cgi?id=2433 + - 2017-01-11 Even Rouault <even.rouault at spatialys.com> + 2017-05-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> - * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and -Index: tiff-4.0.7/libtiff/tif_dir.h -=================================================================== ---- tiff-4.0.7.orig/libtiff/tif_dir.h -+++ tiff-4.0.7/libtiff/tif_dir.h + * configure.ac: libtiff 4.0.8 released. +diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h +index e12b44b..5206be4 100644 +--- a/libtiff/tif_dir.h ++++ b/libtiff/tif_dir.h @@ -291,6 +291,7 @@ struct _TIFFField { extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); @@ -72,11 +72,11 @@ Index: tiff-4.0.7/libtiff/tif_dir.h #if defined(__cplusplus) } -Index: tiff-4.0.7/libtiff/tif_dirinfo.c -=================================================================== ---- tiff-4.0.7.orig/libtiff/tif_dirinfo.c -+++ tiff-4.0.7/libtiff/tif_dirinfo.c -@@ -956,6 +956,109 @@ TIFFMergeFieldInfo(TIFF* tif, const TIFF +diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c +index 0c8ef42..97c0df0 100644 +--- a/libtiff/tif_dirinfo.c ++++ b/libtiff/tif_dirinfo.c +@@ -956,6 +956,109 @@ TIFFMergeFieldInfo(TIFF* tif, const TIFFFieldInfo info[], uint32 n) return 0; } @@ -186,11 +186,11 @@ Index: tiff-4.0.7/libtiff/tif_dirinfo.c /* vim: set ts=8 sts=8 sw=8 noet: */ /* -Index: tiff-4.0.7/libtiff/tif_dirread.c -=================================================================== ---- tiff-4.0.7.orig/libtiff/tif_dirread.c -+++ tiff-4.0.7/libtiff/tif_dirread.c -@@ -3566,6 +3566,10 @@ TIFFReadDirectory(TIFF* tif) +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index 1d4f0b9..f1dc3d7 100644 +--- a/libtiff/tif_dirread.c ++++ b/libtiff/tif_dirread.c +@@ -3580,6 +3580,10 @@ TIFFReadDirectory(TIFF* tif) goto bad; dp->tdir_tag=IGNORE; break; @@ -201,3 +201,6 @@ Index: tiff-4.0.7/libtiff/tif_dirread.c } } } +-- +2.7.4 + |