From bf495325c1e3d2ab0184ebafeceac07b4797be39 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Sun, 25 Jun 2023 22:37:35 +0200 Subject: [PATCH] package/tiff: security bump to version 4.5.1 Fixes the following security issues: - CVE-2023-1916: A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. - CVE-2023-25434: libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215. - CVE-2023-26965: loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image Drop the now upstream 0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch. Signed-off-by: Peter Korsgaard (cherry picked from commit cb496970c0c7117f9f00d8495e234871f2bae4c1) Signed-off-by: Peter Korsgaard --- .checkpackageignore | 1 - ...rect-simple-copy-paste-error-Fix-488.patch | 28 ------------------- package/tiff/tiff.hash | 2 +- package/tiff/tiff.mk | 5 +--- 4 files changed, 2 insertions(+), 34 deletions(-) delete mode 100644 package/tiff/0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch diff --git a/.checkpackageignore b/.checkpackageignore index 2d838e7ff3..48c5b27d59 100644 --- a/.checkpackageignore +++ b/.checkpackageignore @@ -1515,7 +1515,6 @@ package/ti-gfx/esrev.sh Shellcheck package/ti-sgx-um/0001-Makefile-do-not-install-init-script.patch Upstream package/ti-sgx-um/S80ti-sgx Variables package/ti-utils/0001-plt.h-fix-build-with-gcc-10.patch Upstream -package/tiff/0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch Upstream package/tinyalsa/0001-include-time.h-before-asound.h.patch Upstream package/tinycbor/0001-Makefile-add-DISABLE_WERROR.patch Upstream package/tinycompress/0001-wave-add-time.h-missing-header-inclusion.patch Upstream diff --git a/package/tiff/0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch b/package/tiff/0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch deleted file mode 100644 index 73c0d10ffc..0000000000 --- a/package/tiff/0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001 -From: Su Laus -Date: Sat, 21 Jan 2023 15:58:10 +0000 -Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488. - -[Retrieved from: -https://gitlab.com/libtiff/libtiff/-/commit/97d65859bc29ee334012e9c73022d8a8e55ed586] -Signed-off-by: Fabrice Fontaine ---- - tools/tiffcrop.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index 14fa18da..7db69883 100644 ---- a/tools/tiffcrop.c -+++ b/tools/tiffcrop.c -@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image, - cropsize + NUM_BUFF_OVERSIZE_BYTES); - else - { -- prev_cropsize = seg_buffs[0].size; -+ prev_cropsize = seg_buffs[i].size; - if (prev_cropsize < cropsize) - { - next_buff = _TIFFrealloc( --- -GitLab - diff --git a/package/tiff/tiff.hash b/package/tiff/tiff.hash index 73732892a5..0fa503a02a 100644 --- a/package/tiff/tiff.hash +++ b/package/tiff/tiff.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464 tiff-4.5.0.tar.gz +sha256 d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167dca5e2b tiff-4.5.1.tar.gz sha256 0780558a8bfba0af1160ec1ff11ade4f41c0d7deafd6ecfc796b492a788e380d LICENSE.md diff --git a/package/tiff/tiff.mk b/package/tiff/tiff.mk index f9754a4b49..0006f461a0 100644 --- a/package/tiff/tiff.mk +++ b/package/tiff/tiff.mk @@ -4,7 +4,7 @@ # ################################################################################ -TIFF_VERSION = 4.5.0 +TIFF_VERSION = 4.5.1 TIFF_SITE = http://download.osgeo.org/libtiff TIFF_LICENSE = tiff license TIFF_LICENSE_FILES = LICENSE.md @@ -12,9 +12,6 @@ TIFF_CPE_ID_VENDOR = libtiff TIFF_CPE_ID_PRODUCT = libtiff TIFF_INSTALL_STAGING = YES -# 0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch -TIFF_IGNORE_CVES += CVE-2022-48281 - # webp has a (optional) dependency on tiff, so we can't have webp # support in tiff, or that would create a circular dependency. TIFF_CONF_OPTS = \