On Thu, Jul 12, 2018 at 9:40 AM, Burton, Ross <[email protected]> wrote: > Please. > > Ross > > On 12 July 2018 at 17:29, Slater, Joseph <[email protected]> wrote: >> Should this be resubmitted? I could always remove the comment about 4.0.8. >> Joe >> ________________________________________ >> From: Slater, Joseph >> Sent: Tuesday, July 10, 2018 4:56 PM >> To: akuster808; [email protected] >> Subject: RE: [OE-core] [oe-core][PATCH 1/1] tiff: security fix CVE-2018-10963 >> >> Yes, it is not clear. What it means is that the patch was applied to 4.0.8 >> code, but not, I think, 4.0.8 code as seen on openembedded-core before 4.0.8 >> was obsolete. It still applies for 4.0.9. >> >> Joe >> >> -----Original Message----- >> From: akuster808 [mailto:[email protected]] >> Sent: Tuesday, July 10, 2018 4:48 PM >> To: Slater, Joseph; [email protected] >> Subject: Re: [OE-core] [oe-core][PATCH 1/1] tiff: security fix CVE-2018-10963 >> >> On 07/10/2018 04:03 PM, Joe Slater wrote: >>> Denial of service described at >>> https://nvd.nist.gov/vuln/detail/CVE-2018-10963. >>> >>> Signed-off-by: Joe Slater <[email protected]> >>> --- >>> .../libtiff/files/CVE-2018-10963.patch | 41 >>> ++++++++++++++++++++++ >>> meta/recipes-multimedia/libtiff/tiff_4.0.9.bb | 1 + >>> 2 files changed, 42 insertions(+) >>> create mode 100644 >>> meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch >>> >>> diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch >>> b/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch >>> new file mode 100644 >>> index 0000000..13a1eb5 >>> --- /dev/null >>> +++ b/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch >>> @@ -0,0 +1,41 @@ >>> +From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001 >>> +From: Even Rouault <[email protected]> >>> +Date: Sat, 12 May 2018 14:24:15 +0200 >>> +Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes >>> + http://bugzilla.maptools.org/show_bug.cgi?id=2795. >>> + CVE-2018-10963 >>> + >>> +--- >>> +CVE: CVE-2018-10963 >>> + >>> +Same patch as applied to 4.0.8. >> I don't know what that means. The fix is in 4.0.8 or this patch applies >> cleanly to 4.0.8 or affects < 4.0.8. >> - armin >> >>> + >>> +Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/de144f...]
This link seems to have got corrupted somehow. It would be good to fix that too. >>> + >>> +Signed-off-by: Joe Slater <[email protected]> >>> + >>> +--- >>> + libtiff/tif_dirwrite.c | 7 +++++-- >>> + 1 file changed, 5 insertions(+), 2 deletions(-) >>> + >>> +diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c >>> +index 2430de6..c15a28d 100644 >>> +--- a/libtiff/tif_dirwrite.c >>> ++++ b/libtiff/tif_dirwrite.c >>> +@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int >>> imagedone, uint64* pdiroff) >>> + } >>> + break; >>> + default: >>> +- assert(0); >>> /* we should never get here */ >>> +- break; >>> ++ >>> TIFFErrorExt(tif->tif_clientdata,module, >>> ++ >>> "Cannot write tag %d (%s)", >>> ++ >>> TIFFFieldTag(o), >>> ++ >>> o->field_name ? o->field_name : "unknown"); >>> ++ goto bad; >>> + } >>> + } >>> + } >>> +-- >>> +1.7.9.5 >>> + >>> diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb >>> b/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb >>> index 8c3bba5..e8e2a11 100644 >>> --- a/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb >>> +++ b/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb >>> @@ -9,6 +9,7 @@ SRC_URI = >>> "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ >>> file://CVE-2017-9935.patch \ >>> file://CVE-2017-18013.patch \ >>> file://CVE-2018-5784.patch \ >>> + file://CVE-2018-10963.patch \ >>> " >>> >>> SRC_URI[md5sum] = "54bad211279cc93eb4fca31ba9bfdc79" >> >> -- >> _______________________________________________ >> Openembedded-core mailing list >> [email protected] >> http://lists.openembedded.org/mailman/listinfo/openembedded-core > -- > _______________________________________________ > Openembedded-core mailing list > [email protected] > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
