tiff: 4.0.8 -> 4.0.9

1.Upgrade tiff from 4.0.8 to 4.0.9. 2.Delete CVE-2017-10688.patch, CVE-2017-11335.patch, CVE-2017-13726.patch, CVE-2017-13727.patch, CVE-2017-9147.patch, CVE-2017-9936.patch, since it is integrated upstream. Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
author: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> 2018-01-18 10:29:37 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-19 12:18:04 +0000
commit: df894b523d74f8fd723d1c8fb03f55e46c6af0f5 (patch)
tree: 45acf94f0a97d7b0eae2b7c1c420e9e5a6c86c9f
parent: cd8aadcfb3cc7af8ad0d44b1ee2101c499621f95 (diff)
download: openembedded-core-df894b523d74f8fd723d1c8fb03f55e46c6af0f5.tar.gz
openembedded-core-df894b523d74f8fd723d1c8fb03f55e46c6af0f5.tar.bz2
openembedded-core-df894b523d74f8fd723d1c8fb03f55e46c6af0f5.zip
7 files changed, 2 insertions, 527 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-10688.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-10688.patch
deleted file mode 100644
index b0db96949f..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2017-10688.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 333ba5599e87bd7747516d7863d61764e4ca2d92 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Fri, 30 Jun 2017 17:29:44 +0000
-Subject: [PATCH] * libtiff/tif_dirwrite.c: in
- TIFFWriteDirectoryTagCheckedXXXX() functions associated with LONG8/SLONG8
- data type, replace assertion that the file is BigTIFF, by a non-fatal error.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 Reported by team
- OWL337
-
-Upstream-Status: Backport
-[https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1]
-
-CVE: CVE-2017-10688
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- ChangeLog              |  8 ++++++++
- libtiff/tif_dirwrite.c | 20 ++++++++++++++++----
- 2 files changed, 24 insertions(+), 4 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 0240f0b..42eaeb7 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,11 @@
-+2017-06-30  Even Rouault <even.rouault at spatialys.com>
-+
-+	* libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()
-+	functions associated with LONG8/SLONG8 data type, replace assertion that
-+	the file is BigTIFF, by a non-fatal error.
-+	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712
-+	Reported by team OWL337
-+
- 2017-06-26  Even Rouault <even.rouault at spatialys.com>
- 
- 	* libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode()
-diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
-index 2967da5..8d6686b 100644
---- a/libtiff/tif_dirwrite.c
-+++ b/libtiff/tif_dirwrite.c
-@@ -2111,7 +2111,10 @@ TIFFWriteDirectoryTagCheckedLong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, ui
- {
- 	uint64 m;
- 	assert(sizeof(uint64)==8);
--	assert(tif->tif_flags&TIFF_BIGTIFF);
-+	if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
-+		TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
-+		return(0);
-+	}
- 	m=value;
- 	if (tif->tif_flags&TIFF_SWAB)
- 		TIFFSwabLong8(&m);
-@@ -2124,7 +2127,10 @@ TIFFWriteDirectoryTagCheckedLong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* di
- {
- 	assert(count<0x20000000);
- 	assert(sizeof(uint64)==8);
--	assert(tif->tif_flags&TIFF_BIGTIFF);
-+	if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
-+		TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
-+		return(0);
-+	}
- 	if (tif->tif_flags&TIFF_SWAB)
- 		TIFFSwabArrayOfLong8(value,count);
- 	return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value));
-@@ -2136,7 +2142,10 @@ TIFFWriteDirectoryTagCheckedSlong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, u
- {
- 	int64 m;
- 	assert(sizeof(int64)==8);
--	assert(tif->tif_flags&TIFF_BIGTIFF);
-+	if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
-+		TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
-+		return(0);
-+	}
- 	m=value;
- 	if (tif->tif_flags&TIFF_SWAB)
- 		TIFFSwabLong8((uint64*)(&m));
-@@ -2149,7 +2158,10 @@ TIFFWriteDirectoryTagCheckedSlong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* d
- {
- 	assert(count<0x20000000);
- 	assert(sizeof(int64)==8);
--	assert(tif->tif_flags&TIFF_BIGTIFF);
-+	if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
-+		TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
-+		return(0);
-+	}
- 	if (tif->tif_flags&TIFF_SWAB)
- 		TIFFSwabArrayOfLong8((uint64*)value,count);
- 	return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value));
--- 
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-11335.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-11335.patch
deleted file mode 100644
index d08e7612b7..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2017-11335.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From e8b15ccf8c9c593000f8202cf34cc6c4b936d01e Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 15 Jul 2017 11:13:46 +0000
-Subject: [PATCH] * tools/tiff2pdf.c: prevent heap buffer overflow write in
- "Raw" mode on PlanarConfig=Contig input images. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2715 Reported by team OWL337
-
-Upstream-Status: Backport
-[https://github.com/vadz/libtiff/commit/69bfeec247899776b1b396651adb47436e5f1556]
-
-CVE: CVE-2017-11355
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- ChangeLog        | 7 +++++++
- tools/tiff2pdf.c | 7 ++++++-
- 2 files changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 42eaeb7..6980da8 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,10 @@
-+2017-07-15  Even Rouault <even.rouault at spatialys.com>
-+
-+	* tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
-+	mode on PlanarConfig=Contig input images.
-+	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2715
-+	Reported by team OWL337
-+
- 2017-06-30  Even Rouault <even.rouault at spatialys.com>
- 
- 	* libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()
-diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
-index db196e0..cd1e235 100644
---- a/tools/tiff2pdf.c
-+++ b/tools/tiff2pdf.c
-@@ -1737,7 +1737,12 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
- 	    return;
- 
- 	t2p->pdf_transcode = T2P_TRANSCODE_ENCODE;
--	if(t2p->pdf_nopassthrough==0){
-+        /* It seems that T2P_TRANSCODE_RAW mode doesn't support separate->contig */
-+        /* conversion. At least t2p_read_tiff_size and t2p_read_tiff_size_tile */
-+        /* do not take into account the number of samples, and thus */
-+        /* that can cause heap buffer overflows such as in */
-+        /* http://bugzilla.maptools.org/show_bug.cgi?id=2715 */
-+	if(t2p->pdf_nopassthrough==0 && t2p->tiff_planar!=PLANARCONFIG_SEPARATE){
- #ifdef CCITT_SUPPORT
- 		if(t2p->tiff_compression==COMPRESSION_CCITTFAX4  
- 			){
--- 
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch
deleted file mode 100644
index c60ffa698d..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 5317ce215936ce611846557bb104b49d3b4c8345 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Wed, 23 Aug 2017 13:21:41 +0000
-Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion related to not
- finding the SubIFD tag by runtime check. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2727 Reported by team OWL337
-
-Upstream-Status: Backport
-[https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e]
-
-CVE: CVE-2017-13726
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- ChangeLog              | 7 +++++++
- libtiff/tif_dirwrite.c | 7 ++++++-
- 2 files changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 6980da8..3e299d9 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,10 @@
-+2017-08-23  Even Rouault <even.rouault at spatialys.com>
-+
-+	* libtiff/tif_dirwrite.c: replace assertion related to not finding the
-+	SubIFD tag by runtime check.
-+	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727
-+	Reported by team OWL337
-+
- 2017-07-15  Even Rouault <even.rouault at spatialys.com>
- 
- 	* tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
-diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
-index 8d6686b..14090ae 100644
---- a/libtiff/tif_dirwrite.c
-+++ b/libtiff/tif_dirwrite.c
-@@ -821,7 +821,12 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
- 			TIFFDirEntry* nb;
- 			for (na=0, nb=dir; ; na++, nb++)
- 			{
--				assert(na<ndir);
-+				if( na == ndir )
-+                                {
-+                                    TIFFErrorExt(tif->tif_clientdata,module,
-+                                                 "Cannot find SubIFD tag");
-+                                    goto bad;
-+                                }
- 				if (nb->tdir_tag==TIFFTAG_SUBIFD)
- 					break;
- 			}
--- 
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch
deleted file mode 100644
index e228c2f17c..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From a5e8245cc67646f7b448b4ca29258eaac418102c Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Wed, 23 Aug 2017 13:33:42 +0000
-Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion to tag value not
- fitting on uint32 when selecting the value of SubIFD tag by runtime check (in
- TIFFWriteDirectoryTagSubifd()). Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2728 Reported by team OWL337
-
-SubIFD tag by runtime check (in TIFFWriteDirectorySec())
-
-Upstream-Status: Backport
-[https://github.com/vadz/libtiff/commit/b6af137bf9ef852f1a48a50a5afb88f9e9da01cc]
-
-CVE: CVE-2017-13727
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- ChangeLog              | 10 +++++++++-
- libtiff/tif_dirwrite.c |  9 ++++++++-
- 2 files changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 3e299d9..8f5efe9 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,7 +1,15 @@
- 2017-08-23  Even Rouault <even.rouault at spatialys.com>
- 
-+	* libtiff/tif_dirwrite.c: replace assertion to tag value not fitting
-+	on uint32 when selecting the value of SubIFD tag by runtime check
-+	(in TIFFWriteDirectoryTagSubifd()).
-+	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2728
-+	Reported by team OWL337
-+
-+2017-08-23  Even Rouault <even.rouault at spatialys.com>
-+
- 	* libtiff/tif_dirwrite.c: replace assertion related to not finding the
--	SubIFD tag by runtime check.
-+	SubIFD tag by runtime check (in TIFFWriteDirectorySec())
- 	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727
- 	Reported by team OWL337
- 
-diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
-index 14090ae..f0a4baa 100644
---- a/libtiff/tif_dirwrite.c
-+++ b/libtiff/tif_dirwrite.c
-@@ -1949,7 +1949,14 @@ TIFFWriteDirectoryTagSubifd(TIFF* tif, uint32* ndir, TIFFDirEntry* dir)
- 		for (p=0; p < tif->tif_dir.td_nsubifd; p++)
- 		{
-                         assert(pa != 0);
--			assert(*pa <= 0xFFFFFFFFUL);
-+
-+                        /* Could happen if an classicTIFF has a SubIFD of type LONG8 (which is illegal) */
-+                        if( *pa > 0xFFFFFFFFUL)
-+                        {
-+                            TIFFErrorExt(tif->tif_clientdata,module,"Illegal value for SubIFD tag");
-+                            _TIFFfree(o);
-+                            return(0);
-+                        }
- 			*pb++=(uint32)(*pa++);
- 		}
- 		n=TIFFWriteDirectoryTagCheckedIfdArray(tif,ndir,dir,TIFFTAG_SUBIFD,tif->tif_dir.td_nsubifd,o);
--- 
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch
deleted file mode 100644
index 3392285901..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch
+++ /dev/null
@@ -1,206 +0,0 @@
-From 0acf01fea714af573b814e10cf105c3359a236c3 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Thu, 1 Jun 2017 12:44:04 +0000
-Subject: [PATCH] * libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(),
-and use it in TIFFReadDirectory() so as to ignore fields whose tag is a
-codec-specified tag but this codec is not enabled. This avoids TIFFGetField()
-to behave differently depending on whether the codec is enabled or not, and
-thus can avoid stack based buffer overflows in a number of TIFF utilities
-such as tiffsplit, tiffcmp, thumbnail, etc.
-Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch
-(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog.
-Fixes:
-http://bugzilla.maptools.org/show_bug.cgi?id=2580
-http://bugzilla.maptools.org/show_bug.cgi?id=2693
-http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095)
-http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554)
-http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318)
-http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128)
-http://bugzilla.maptools.org/show_bug.cgi?id=2441
-http://bugzilla.maptools.org/show_bug.cgi?id=2433
-
-Upstream-Status: Backport
-[https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06]
-
-CVE: CVE-2017-9147
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- ChangeLog             |  20 ++++++++++
- libtiff/tif_dir.h     |   1 +
- libtiff/tif_dirinfo.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++
- libtiff/tif_dirread.c |   4 ++
- 4 files changed, 128 insertions(+)
-
-diff --git a/ChangeLog b/ChangeLog
-index ee8d9d0..5739292 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,23 @@
-+2017-06-01  Even Rouault <even.rouault at spatialys.com>
-+
-+	* libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(),
-+	and use it in TIFFReadDirectory() so as to ignore fields whose tag is a
-+	codec-specified tag but this codec is not enabled. This avoids TIFFGetField()
-+	to behave differently depending on whether the codec is enabled or not, and
-+	thus can avoid stack based buffer overflows in a number of TIFF utilities
-+	such as tiffsplit, tiffcmp, thumbnail, etc.
-+	Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch
-+	(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog.
-+	Fixes:
-+	http://bugzilla.maptools.org/show_bug.cgi?id=2580
-+	http://bugzilla.maptools.org/show_bug.cgi?id=2693
-+	http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095)
-+	http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554)
-+	http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318)
-+	http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128)
-+	http://bugzilla.maptools.org/show_bug.cgi?id=2441
-+	http://bugzilla.maptools.org/show_bug.cgi?id=2433
-+
- 2017-05-21  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
- 
- 	* configure.ac: libtiff 4.0.8 released.
-diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h
-index e12b44b..5206be4 100644
---- a/libtiff/tif_dir.h
-+++ b/libtiff/tif_dir.h
-@@ -291,6 +291,7 @@ struct _TIFFField {
- extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32);
- extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType);
- extern  TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType);
-+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag);
- 
- #if defined(__cplusplus)
- }
-diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
-index 0c8ef42..97c0df0 100644
---- a/libtiff/tif_dirinfo.c
-+++ b/libtiff/tif_dirinfo.c
-@@ -956,6 +956,109 @@ TIFFMergeFieldInfo(TIFF* tif, const TIFFFieldInfo info[], uint32 n)
- 	return 0;
- }
- 
-+int
-+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
-+{
-+	/* Filter out non-codec specific tags */
-+	switch (tag) {
-+	    /* Shared tags */
-+	    case TIFFTAG_PREDICTOR:
-+	    /* JPEG tags */
-+	    case TIFFTAG_JPEGTABLES:
-+	    /* OJPEG tags */
-+	    case TIFFTAG_JPEGIFOFFSET:
-+	    case TIFFTAG_JPEGIFBYTECOUNT:
-+	    case TIFFTAG_JPEGQTABLES:
-+	    case TIFFTAG_JPEGDCTABLES:
-+	    case TIFFTAG_JPEGACTABLES:
-+	    case TIFFTAG_JPEGPROC:
-+	    case TIFFTAG_JPEGRESTARTINTERVAL:
-+	    /* CCITT* */
-+	    case TIFFTAG_BADFAXLINES:
-+	    case TIFFTAG_CLEANFAXDATA:
-+	    case TIFFTAG_CONSECUTIVEBADFAXLINES:
-+	    case TIFFTAG_GROUP3OPTIONS:
-+	    case TIFFTAG_GROUP4OPTIONS:
-+		break;
-+	    default:
-+		return 1;
-+	}
-+	/* Check if codec specific tags are allowed for the current
-+	 * compression scheme (codec) */
-+	switch (tif->tif_dir.td_compression) {
-+	    case COMPRESSION_LZW:
-+		if (tag == TIFFTAG_PREDICTOR)
-+		    return 1;
-+		break;
-+	    case COMPRESSION_PACKBITS:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_THUNDERSCAN:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_NEXT:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_JPEG:
-+		if (tag == TIFFTAG_JPEGTABLES)
-+		    return 1;
-+		break;
-+	    case COMPRESSION_OJPEG:
-+		switch (tag) {
-+		    case TIFFTAG_JPEGIFOFFSET:
-+		    case TIFFTAG_JPEGIFBYTECOUNT:
-+		    case TIFFTAG_JPEGQTABLES:
-+		    case TIFFTAG_JPEGDCTABLES:
-+		    case TIFFTAG_JPEGACTABLES:
-+		    case TIFFTAG_JPEGPROC:
-+		    case TIFFTAG_JPEGRESTARTINTERVAL:
-+			return 1;
-+		}
-+		break;
-+	    case COMPRESSION_CCITTRLE:
-+	    case COMPRESSION_CCITTRLEW:
-+	    case COMPRESSION_CCITTFAX3:
-+	    case COMPRESSION_CCITTFAX4:
-+		switch (tag) {
-+		    case TIFFTAG_BADFAXLINES:
-+		    case TIFFTAG_CLEANFAXDATA:
-+		    case TIFFTAG_CONSECUTIVEBADFAXLINES:
-+			return 1;
-+		    case TIFFTAG_GROUP3OPTIONS:
-+			if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3)
-+			    return 1;
-+			break;
-+		    case TIFFTAG_GROUP4OPTIONS:
-+			if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4)
-+			    return 1;
-+			break;
-+		}
-+		break;
-+	    case COMPRESSION_JBIG:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_DEFLATE:
-+	    case COMPRESSION_ADOBE_DEFLATE:
-+		if (tag == TIFFTAG_PREDICTOR)
-+		    return 1;
-+		break;
-+	   case COMPRESSION_PIXARLOG:
-+		if (tag == TIFFTAG_PREDICTOR)
-+		    return 1;
-+		break;
-+	    case COMPRESSION_SGILOG:
-+	    case COMPRESSION_SGILOG24:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_LZMA:
-+		if (tag == TIFFTAG_PREDICTOR)
-+		    return 1;
-+		break;
-+
-+	}
-+	return 0;
-+}
-+
- /* vim: set ts=8 sts=8 sw=8 noet: */
- 
- /*
-diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
-index 1d4f0b9..f1dc3d7 100644
---- a/libtiff/tif_dirread.c
-+++ b/libtiff/tif_dirread.c
-@@ -3580,6 +3580,10 @@ TIFFReadDirectory(TIFF* tif)
- 							goto bad;
- 						dp->tdir_tag=IGNORE;
- 						break;
-+                                        default:
-+                                            if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
-+                                                dp->tdir_tag=IGNORE;
-+                                            break;
- 				}
- 			}
- 		}
--- 
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-9936.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-9936.patch
deleted file mode 100644
index fc99363284..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2017-9936.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 62efea76592647426deec5592fd7274d5c950646 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Mon, 26 Jun 2017 15:19:59 +0000
-Subject: [PATCH] * libtiff/tif_jbig.c: fix memory leak in error code path of
- JBIGDecode() Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 Reported
- by team OWL337
-
-* libtiff/tif_jpeg.c: error out at decoding time if anticipated libjpeg
-
-Upstream-Status: Backport
-[https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a]
-
-CVE: CVE-2017-9936
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- ChangeLog          | 6 ++++++
- libtiff/tif_jbig.c | 1 +
- 2 files changed, 7 insertions(+)
-
-diff --git a/ChangeLog b/ChangeLog
-index 5739292..0240f0b 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,9 @@
-+2017-06-26  Even Rouault <even.rouault at spatialys.com>
-+
-+	* libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode()
-+	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706
-+	Reported by team OWL337
-+
- 2017-06-01  Even Rouault <even.rouault at spatialys.com>
- 
- 	* libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(),
-diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
-index 5f5f75e..c75f31d 100644
---- a/libtiff/tif_jbig.c
-+++ b/libtiff/tif_jbig.c
-@@ -94,6 +94,7 @@ static int JBIGDecode(TIFF* tif, uint8* buffer, tmsize_t size, uint16 s)
- 			     jbg_strerror(decodeStatus)
- #endif
- 			     );
-+		jbg_dec_free(&decoder);
- 		return 0;
- 	}
- 
--- 
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.8.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
index cb91baa607..57bf7408d0 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.0.8.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
@@ -6,16 +6,10 @@ CVE_PRODUCT = "libtiff"
 
 SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://libtool2.patch \
-           file://CVE-2017-9147.patch \
-           file://CVE-2017-9936.patch \
-           file://CVE-2017-10688.patch \
-           file://CVE-2017-11335.patch \
-           file://CVE-2017-13726.patch \
-           file://CVE-2017-13727.patch \
           "
 
-SRC_URI[md5sum] = "2a7d1c1318416ddf36d5f6fa4600069b"
-SRC_URI[sha256sum] = "59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910"
+SRC_URI[md5sum] = "54bad211279cc93eb4fca31ba9bfdc79"
+SRC_URI[sha256sum] = "6e7bdeec2c310734e734d19aae3a71ebe37a4d842e0e23dbb1b8921c0026cfcd"
 
 # exclude betas
 UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
author	Huang Qiyu <huangqy.fnst@cn.fujitsu.com>	2018-01-18 10:29:37 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-01-19 12:18:04 +0000
commit	df894b523d74f8fd723d1c8fb03f55e46c6af0f5 (patch)
tree	45acf94f0a97d7b0eae2b7c1c420e9e5a6c86c9f
parent	cd8aadcfb3cc7af8ad0d44b1ee2101c499621f95 (diff)
download	openembedded-core-df894b523d74f8fd723d1c8fb03f55e46c6af0f5.tar.gz openembedded-core-df894b523d74f8fd723d1c8fb03f55e46c6af0f5.tar.bz2 openembedded-core-df894b523d74f8fd723d1c8fb03f55e46c6af0f5.zip