Sent to the wrong list, please ignore it .... Zheng Qiu Linux Developer
M/ (437) 341-1849 >-----Original Message----- >From: [email protected] <openembedded- >[email protected]> On Behalf Of Qiu, Zheng via >lists.openembedded.org >Sent: Friday, November 25, 2022 12:48 PM >To: [email protected] >Cc: Qiu, Zheng <[email protected]>; MacLeod, Randy ><[email protected]> >Subject: [oe] [master][PATCH v3] tiff: Security fix for CVE-2022-3970 > >This patch contains a fix for CVE-2022-3970 > >Reference: >https://nvd.nist.gov/vuln/detail/CVE-2022-3970 >https://security-tracker.debian.org/tracker/CVE-2022-3970 > >Patch generated from : >https://gitlab.com/libtiff/libtiff/- >/commit/227500897dfb07fb7d27f7aa570050e62617e3be > >Upstream-Status: Accepted > >Signed-off-by: Zheng Qiu <[email protected]> >--- > .../libtiff/files/CVE-2022-3970.patch | 38 +++++++++++++++++++ > meta/recipes-multimedia/libtiff/tiff_4.4.0.bb | 1 + > 2 files changed, 39 insertions(+) > create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022- >3970.patch > >diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch >b/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch >new file mode 100644 >index 0000000000..e8f143933a >--- /dev/null >+++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch >@@ -0,0 +1,38 @@ >+From 227500897dfb07fb7d27f7aa570050e62617e3be Mon Sep 17 00:00:00 >2001 >+From: Even Rouault <[email protected]> >+Date: Tue, 8 Nov 2022 15:16:58 +0100 >+Subject: [PATCH] TIFFReadRGBATileExt(): fix (unsigned) integer overflow >+on strips/tiles > 2 GB >+ >+Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 >+--- >+ libtiff/tif_getimage.c | 8 ++++---- >+ 1 file changed, 4 insertions(+), 4 deletions(-) >+ >+diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c index >+a4d0c1d6..60b94d8e 100644 >+--- a/libtiff/tif_getimage.c >++++ b/libtiff/tif_getimage.c >+@@ -3016,15 +3016,15 @@ TIFFReadRGBATileExt(TIFF* tif, uint32_t col, >uint32_t row, uint32_t * raster, in >+ return( ok ); >+ >+ for( i_row = 0; i_row < read_ysize; i_row++ ) { >+- memmove( raster + (tile_ysize - i_row - 1) * tile_xsize, >+- raster + (read_ysize - i_row - 1) * read_xsize, >++ memmove( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize, >++ raster + (size_t)(read_ysize - i_row - 1) * >++ read_xsize, >+ read_xsize * sizeof(uint32_t) ); >+- _TIFFmemset( raster + (tile_ysize - i_row - 1) * >tile_xsize+read_xsize, >++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * >++ tile_xsize+read_xsize, >+ 0, sizeof(uint32_t) * (tile_xsize - read_xsize) ); >+ } >+ >+ for( i_row = read_ysize; i_row < tile_ysize; i_row++ ) { >+- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize, >++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * >++ tile_xsize, >+ 0, sizeof(uint32_t) * tile_xsize ); >+ } >+ >+-- >+2.33.0 >+ >diff --git a/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb b/meta/recipes- >multimedia/libtiff/tiff_4.4.0.bb >index 29cb4111d6..970aab5433 100644 >--- a/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb >+++ b/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb >@@ -12,6 +12,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff- >${PV}.tar.gz \ > file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \ > file://CVE-2022-34526.patch \ > file://CVE-2022-2953.patch \ >+ file://CVE-2022-3970.patch \ > file://0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related- >TIF.patch \ > file://0001-tiffcrop-S-option-Make-decision-simpler.patch \ > > file://0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch \ >-- >2.33.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#99737): https://lists.openembedded.org/g/openembedded-devel/message/99737 Mute This Topic: https://lists.openembedded.org/mt/95258355/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
