mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

tiff: backport fix for CVE-2022-48281

Browse Source 
(From OE-Core rev: bf0cf66c10c95ddada595dd5a84b45235c09ebab)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Ross Burton
2023-02-20 16:28:16 +00:00
committed by Richard Purdie
parent d4be0469a8
commit 1e9b6bf803
2 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch Normal file
View File

@@ -0,0 +1,29 @@
CVE: CVE-2022-48281
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
From: Su Laus <sulau@freenet.de>
Date: Sat, 21 Jan 2023 15:58:10 +0000
Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
---
tools/tiffcrop.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index 14fa18da..7db69883 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image,
cropsize + NUM_BUFF_OVERSIZE_BYTES);
else
{
- prev_cropsize = seg_buffs[0].size;
+ prev_cropsize = seg_buffs[i].size;
if (prev_cropsize < cropsize)
{
next_buff = _TIFFrealloc(
--
GitLab

3
meta/recipes-multimedia/libtiff/tiff_4.5.0.bb
View File

@@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3"
CVE_PRODUCT = "libtiff"
SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz"
SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2022-48281.patch"
SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464"