diff options
Diffstat (limited to 'poky/meta/recipes-multimedia/libtiff')
-rw-r--r-- | poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch | 29 | ||||
-rw-r--r-- | poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb (renamed from poky/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb) | 10 |
2 files changed, 2 insertions, 37 deletions
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch deleted file mode 100644 index e356d377ea..0000000000 --- a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch +++ /dev/null @@ -1,29 +0,0 @@ -CVE: CVE-2022-48281 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001 -From: Su Laus <sulau@freenet.de> -Date: Sat, 21 Jan 2023 15:58:10 +0000 -Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488. - ---- - tools/tiffcrop.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index 14fa18da..7db69883 100644 ---- a/tools/tiffcrop.c -+++ b/tools/tiffcrop.c -@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image, - cropsize + NUM_BUFF_OVERSIZE_BYTES); - else - { -- prev_cropsize = seg_buffs[0].size; -+ prev_cropsize = seg_buffs[i].size; - if (prev_cropsize < cropsize) - { - next_buff = _TIFFrealloc( --- -GitLab - diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb index f8a2482a84..5af3f84265 100644 --- a/poky/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb +++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb @@ -8,10 +8,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3" CVE_PRODUCT = "libtiff" -SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ - file://CVE-2022-48281.patch" +SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz" -SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464" +SRC_URI[sha256sum] = "d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167dca5e2b" # exclude betas UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar" @@ -19,11 +18,6 @@ UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar" # Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 # and 4.3.0 doesn't have the issue CVE_CHECK_IGNORE += "CVE-2015-7313" -# These issues only affect libtiff post-4.3.0 but before 4.4.0, -# caused by 3079627e and fixed by b4e79bfa. -CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623" -# Issue is in jbig which we don't enable -CVE_CHECK_IGNORE += "CVE-2022-1210" inherit autotools multilib_header |