Re: [OE-core] [PATCH] tiff: upgrade 4.5.0 -> 4.5.1

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alexandre Belloni <alexandre.belloni@bootlin.com>
To: wangmy <wangmy@fujitsu.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH] tiff: upgrade 4.5.0 -> 4.5.1
Date: Thu, 29 Jun 2023 11:45:30 +0200	[thread overview]
Message-ID: <20230629094530eaffd643@mail.local> (raw)
In-Reply-To: <1687850250-20040-31-git-send-email-wangmy@fujitsu.com>

Hello,

Can you rebase on master as we have a few more CVE patch that need to be
reviewed too?

On 27/06/2023 15:17:28+0800, wangmy wrote:
> From: Wang Mingyu <wangmy@fujitsu.com>
> 
> CVE-2022-48281.patch
> CVE-2023-2731.patch
> removed since they're included in 4.5.1
> 
> Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
> ---
>  .../libtiff/files/CVE-2022-48281.patch        | 29 --------------
>  .../libtiff/files/CVE-2023-2731.patch         | 39 -------------------
>  .../libtiff/{tiff_4.5.0.bb => tiff_4.5.1.bb}  |  7 +---
>  3 files changed, 2 insertions(+), 73 deletions(-)
>  delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
>  delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
>  rename meta/recipes-multimedia/libtiff/{tiff_4.5.0.bb => tiff_4.5.1.bb} (91%)
> 
> diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
> deleted file mode 100644
> index e356d377ea..0000000000
> --- a/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
> +++ /dev/null
> @@ -1,29 +0,0 @@
> -CVE: CVE-2022-48281
> -Upstream-Status: Backport
> -Signed-off-by: Ross Burton <ross.burton@arm.com>
> -
> -From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
> -From: Su Laus <sulau@freenet.de>
> -Date: Sat, 21 Jan 2023 15:58:10 +0000
> -Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
> -
> ----
> - tools/tiffcrop.c | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
> -index 14fa18da..7db69883 100644
> ---- a/tools/tiffcrop.c
> -+++ b/tools/tiffcrop.c
> -@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image,
> -                     cropsize + NUM_BUFF_OVERSIZE_BYTES);
> -             else
> -             {
> --                prev_cropsize = seg_buffs[0].size;
> -+                prev_cropsize = seg_buffs[i].size;
> -                 if (prev_cropsize < cropsize)
> -                 {
> -                     next_buff = _TIFFrealloc(
> --- 
> -GitLab
> -
> diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
> deleted file mode 100644
> index 7db0a35f72..0000000000
> --- a/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
> +++ /dev/null
> @@ -1,39 +0,0 @@
> -From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001
> -From: Even Rouault <even.rouault@spatialys.com>
> -Date: Sat, 29 Apr 2023 12:20:46 +0200
> -Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a
> - strip whith a missing end-of-information marker (fixes #548)
> -
> -CVE: CVE-2023-2731
> -Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b]
> -
> ----
> - libtiff/tif_lzw.c | 5 +++++
> - 1 file changed, 5 insertions(+)
> -
> -diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
> -index ba75a07e..d631fa10 100644
> ---- a/libtiff/tif_lzw.c
> -+++ b/libtiff/tif_lzw.c
> -@@ -423,6 +423,10 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s)
> - 
> -     if (sp->read_error)
> -     {
> -+        TIFFErrorExtR(tif, module,
> -+                      "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
> -+                      "previous error",
> -+                      tif->tif_row);
> -         return 0;
> -     }
> - 
> -@@ -742,6 +746,7 @@ after_loop:
> -     return (1);
> - 
> - no_eoi:
> -+    sp->read_error = 1;
> -     TIFFErrorExtR(tif, module,
> -                   "LZWDecode: Strip %" PRIu32 " not terminated with EOI code",
> -                   tif->tif_curstrip);
> --- 
> -2.34.1
> -
> diff --git a/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
> similarity index 91%
> rename from meta/recipes-multimedia/libtiff/tiff_4.5.0.bb
> rename to meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
> index ca4a3eff91..1c0d54900a 100644
> --- a/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb
> +++ b/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
> @@ -8,12 +8,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3"
>  
>  CVE_PRODUCT = "libtiff"
>  
> -SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
> -           file://CVE-2022-48281.patch \
> -           file://CVE-2023-2731.patch \
> -"
> +SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz"
>  
> -SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464"
> +SRC_URI[sha256sum] = "d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167dca5e2b"
>  
>  # exclude betas
>  UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
> -- 
> 2.34.1
> 

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#183472): https://lists.openembedded.org/g/openembedded-core/message/183472
> Mute This Topic: https://lists.openembedded.org/mt/99805188/3617179
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 


-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

next prev parent reply	other threads:[~2023-06-29  9:45 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-27  7:16 [OE-core] [PATCH] freetype: upgrade 2.13.0 -> 2.13.1 wangmy
2023-06-27  7:16 ` [OE-core] [PATCH] gstreamer1.0: upgrade 1.22.3 -> 1.22.4 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] kbd: upgrade 2.5.1 -> 2.6.0 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] libassuan: upgrade 2.5.5 -> 2.5.6 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] libksba: upgrade 1.6.3 -> 1.6.4 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] libmd: upgrade 1.0.4 -> 1.1.0 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] libsdl2: upgrade 2.26.5 -> 2.28.0 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] libtraceevent: upgrade 1.7.2 -> 1.7.3 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] libx11: upgrade 1.8.5 -> 1.8.6 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] libxcrypt-compat: upgrade 4.4.34 -> 4.4.35 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] lttng-ust: upgrade 2.13.5 -> 2.13.6 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] nettle: upgrade 3.9 -> 3.9.1 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] nghttp2: upgrade 1.53.0 -> 1.54.0 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] ccache: upgrade 4.8.1 -> 4.8.2 wangmy
2023-06-27  7:17 ` [PATCH] [OE-core] [PATCH] gettext: upgrade 0.21.1 -> 0.22 wangmy
2023-06-27 14:25   ` Richard Purdie
2023-06-28  8:53     ` Mingyu Wang (Fujitsu)
2023-07-06  9:54       ` Alexander Kanavin
2023-06-27  7:17 ` [OE-core] [PATCH] mesa: upgrade 23.1.1 -> 23.1.3 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-numpy: upgrade 1.24.3 -> 1.25.0 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-typing-extensions: upgrade 4.6.2 -> 4.6.3 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] xorgproto: upgrade 2022.2 -> 2023.2 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-hatchling: upgrade 1.17.0 -> 1.18.0 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-hypothesis: upgrade 6.75.7 -> 6.79.2 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-importlib-metadata: upgrade 6.6.0 -> 6.7.0 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-iso8601: upgrade 1.1.0 -> 2.0.0 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-markupsafe: upgrade 2.1.2 -> 2.1.3 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-pluggy: upgrade 1.0.0 -> 1.2.0 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-pycairo: upgrade 1.23.0 -> 1.24.0 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-pyparsing: upgrade 3.0.9 -> 3.1.0 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-pytest: upgrade 7.3.1 -> 7.4.0 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-ruamel-yaml: upgrade 0.17.31 -> 0.17.32 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] python3-sphinx-rtd-theme: upgrade 1.2.1 -> 1.2.2 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] tiff: upgrade 4.5.0 -> 4.5.1 wangmy
2023-06-29  9:45   ` Alexandre Belloni [this message]
2023-06-27  7:17 ` [OE-core] [PATCH] xkeyboard-config: upgrade 2.38 -> 2.39 wangmy
2023-06-27  7:17 ` [OE-core] [PATCH] xwayland: upgrade 23.1.1 -> 23.1.2 wangmy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230629094530eaffd643@mail.local \
    --to=alexandre.belloni@bootlin.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=wangmy@fujitsu.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.