[oe-commits] [openembedded-core] 12/53: tiff: Security fix for CVE-2017-7594

git at git.openembedded.org git at git.openembedded.org
Tue Nov 21 14:44:33 UTC 2017 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch morty
in repository openembedded-core.

commit 7bdb52d06a46ad659fc85db1992f9c6ab2fcf065
Author: Rajkumar Veer <rveer at mvista.com>
AuthorDate: Fri Nov 3 22:25:08 2017 -0700

    tiff: Security fix for CVE-2017-7594
    
    Signed-off-by: Rajkumar Veer <rveer at mvista.com>
    Signed-off-by: Armin Kuster <akuster at mvista.com>
---
 .../libtiff/files/CVE-2017-7594-p1.patch           | 43 +++++++++++++++++++
 .../libtiff/files/CVE-2017-7594-p2.patch           | 50 ++++++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.0.7.bb      |  2 +
 3 files changed, 95 insertions(+)

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p1.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p1.patch
new file mode 100644
index 0000000..5c7e460
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p1.patch
@@ -0,0 +1,43 @@
+rom 8283e4d1b7e53340684d12932880cbcbaf23a8c1 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Thu, 12 Jan 2017 17:43:25 +0000
+
+* libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
+  when read fails.
+  Patch by Nicolas Pena.
+  Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7594 #patch1
+Signed-off-by: Rajkumar Veer <rveer at mvista.com>
+Index: tiff-4.0.7/ChangeLog
+===================================================================
+--- tiff-4.0.7.orig/ChangeLog	2017-04-24 16:13:15.000000000 +0530
++++ tiff-4.0.7/ChangeLog	2017-04-24 16:50:26.465897646 +0530
+@@ -1,3 +1,10 @@
++2017-01-12 Even Rouault <even.rouault at spatialys.com>
++
++	* libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
++	when read fails.
++	Patch by Nicolás Peña.
++	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
++
+ 2017-01-11 Even Rouault <even.rouault at spatialys.com>
+ 
+ 	* libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
+Index: tiff-4.0.7/libtiff/tif_ojpeg.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_ojpeg.c	2017-04-24 16:02:29.817973051 +0530
++++ tiff-4.0.7/libtiff/tif_ojpeg.c	2017-04-24 16:52:27.349894477 +0530
+@@ -1918,7 +1918,10 @@
+ 				rb[sizeof(uint32)+5+n]=o[n];
+ 			p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+ 			if (p!=q)
++                        {
++                                _TIFFfree(rb);
+ 				return(0);
++                        }
+ 			sp->actable[m]=rb;
+ 			sp->sos_tda[m]=(sp->sos_tda[m]|m);
+ 		}
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p2.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p2.patch
new file mode 100644
index 0000000..82a19c6
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p2.patch
@@ -0,0 +1,50 @@
+From 2ea32f7372b65c24b2816f11c04bf59b5090d05b Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Thu, 12 Jan 2017 19:23:20 +0000
+Subject: [PATCH 2/2] * libtiff/tif_ojpeg.c: fix leak in
+ OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and
+ OJPEGReadHeaderInfoSecTablesAcTable
+
+Upstream-status: Backport
+
+CVE: CVE-2017-7594 #patch2
+Signed-off-by: Rajkumar Veer <rveer at mvista.com>
+Index: tiff-4.0.7/ChangeLog
+===================================================================
+--- tiff-4.0.7.orig/ChangeLog	2017-04-24 16:50:26.465897646 +0530
++++ tiff-4.0.7/ChangeLog	2017-04-24 16:56:20.685888360 +0530
+@@ -1,6 +1,7 @@
+ 2017-01-12 Even Rouault <even.rouault at spatialys.com>
+ 
+-	* libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
++	* libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable,
++	OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable
+ 	when read fails.
+ 	Patch by Nicolás Peña.
+ 	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
+Index: tiff-4.0.7/libtiff/tif_ojpeg.c
+===================================================================
+--- tiff-4.0.7.orig/libtiff/tif_ojpeg.c	2017-04-24 16:52:27.349894477 +0530
++++ tiff-4.0.7/libtiff/tif_ojpeg.c	2017-04-24 16:59:20.001883660 +0530
+@@ -1790,7 +1790,10 @@
+ 			TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); 
+ 			p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
+ 			if (p!=64)
++                        {
++                                _TIFFfree(ob);
+ 				return(0);
++                        }
+ 			sp->qtable[m]=ob;
+ 			sp->sof_tq[m]=m;
+ 		}
+@@ -1854,7 +1857,10 @@
+ 				rb[sizeof(uint32)+5+n]=o[n];
+ 			p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+ 			if (p!=q)
++                        {
++                                _TIFFfree(rb);
+ 				return(0);
++                        }
+ 			sp->dctable[m]=rb;
+ 			sp->sos_tda[m]=(m<<4);
+ 		}
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
index 303eff0..12ab936 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
@@ -19,6 +19,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2016-10269.patch \
            file://CVE-2016-10270.patch \
            file://CVE-2017-7592.patch \
+           file://CVE-2017-7594-p1.patch \
+           file://CVE-2017-7594-p2.patch \
         "
 
 SRC_URI[md5sum] = "77ae928d2c6b7fb46a21c3a29325157b"

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list