From: wangmy@fujitsu.com
To: openembedded-core@lists.openembedded.org
Cc: Wang Mingyu <wangmy@fujitsu.com>
Subject: [OE-core] [PATCH] tiff: upgrade 4.5.0 -> 4.5.1
Date: Tue, 27 Jun 2023 15:17:28 +0800 [thread overview]
Message-ID: <1687850250-20040-31-git-send-email-wangmy@fujitsu.com> (raw)
In-Reply-To: <1687850250-20040-1-git-send-email-wangmy@fujitsu.com>
From: Wang Mingyu <wangmy@fujitsu.com>
CVE-2022-48281.patch
CVE-2023-2731.patch
removed since they're included in 4.5.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
---
.../libtiff/files/CVE-2022-48281.patch | 29 --------------
.../libtiff/files/CVE-2023-2731.patch | 39 -------------------
.../libtiff/{tiff_4.5.0.bb => tiff_4.5.1.bb} | 7 +---
3 files changed, 2 insertions(+), 73 deletions(-)
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
rename meta/recipes-multimedia/libtiff/{tiff_4.5.0.bb => tiff_4.5.1.bb} (91%)
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
deleted file mode 100644
index e356d377ea..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-CVE: CVE-2022-48281
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
-From: Su Laus <sulau@freenet.de>
-Date: Sat, 21 Jan 2023 15:58:10 +0000
-Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
-
----
- tools/tiffcrop.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index 14fa18da..7db69883 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image,
- cropsize + NUM_BUFF_OVERSIZE_BYTES);
- else
- {
-- prev_cropsize = seg_buffs[0].size;
-+ prev_cropsize = seg_buffs[i].size;
- if (prev_cropsize < cropsize)
- {
- next_buff = _TIFFrealloc(
---
-GitLab
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
deleted file mode 100644
index 7db0a35f72..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 29 Apr 2023 12:20:46 +0200
-Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a
- strip whith a missing end-of-information marker (fixes #548)
-
-CVE: CVE-2023-2731
-Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b]
-
----
- libtiff/tif_lzw.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
-index ba75a07e..d631fa10 100644
---- a/libtiff/tif_lzw.c
-+++ b/libtiff/tif_lzw.c
-@@ -423,6 +423,10 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s)
-
- if (sp->read_error)
- {
-+ TIFFErrorExtR(tif, module,
-+ "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
-+ "previous error",
-+ tif->tif_row);
- return 0;
- }
-
-@@ -742,6 +746,7 @@ after_loop:
- return (1);
-
- no_eoi:
-+ sp->read_error = 1;
- TIFFErrorExtR(tif, module,
- "LZWDecode: Strip %" PRIu32 " not terminated with EOI code",
- tif->tif_curstrip);
---
-2.34.1
-
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
similarity index 91%
rename from meta/recipes-multimedia/libtiff/tiff_4.5.0.bb
rename to meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
index ca4a3eff91..1c0d54900a 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
@@ -8,12 +8,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3"
CVE_PRODUCT = "libtiff"
-SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
- file://CVE-2022-48281.patch \
- file://CVE-2023-2731.patch \
-"
+SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz"
-SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464"
+SRC_URI[sha256sum] = "d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167dca5e2b"
# exclude betas
UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
--
2.34.1
next prev parent reply other threads:[~2023-06-27 7:19 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-27 7:16 [OE-core] [PATCH] freetype: upgrade 2.13.0 -> 2.13.1 wangmy
2023-06-27 7:16 ` [OE-core] [PATCH] gstreamer1.0: upgrade 1.22.3 -> 1.22.4 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] kbd: upgrade 2.5.1 -> 2.6.0 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] libassuan: upgrade 2.5.5 -> 2.5.6 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] libksba: upgrade 1.6.3 -> 1.6.4 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] libmd: upgrade 1.0.4 -> 1.1.0 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] libsdl2: upgrade 2.26.5 -> 2.28.0 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] libtraceevent: upgrade 1.7.2 -> 1.7.3 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] libx11: upgrade 1.8.5 -> 1.8.6 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] libxcrypt-compat: upgrade 4.4.34 -> 4.4.35 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] lttng-ust: upgrade 2.13.5 -> 2.13.6 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] nettle: upgrade 3.9 -> 3.9.1 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] nghttp2: upgrade 1.53.0 -> 1.54.0 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] ccache: upgrade 4.8.1 -> 4.8.2 wangmy
2023-06-27 7:17 ` [PATCH] [OE-core] [PATCH] gettext: upgrade 0.21.1 -> 0.22 wangmy
2023-06-27 14:25 ` Richard Purdie
2023-06-28 8:53 ` Mingyu Wang (Fujitsu)
2023-07-06 9:54 ` Alexander Kanavin
2023-06-27 7:17 ` [OE-core] [PATCH] mesa: upgrade 23.1.1 -> 23.1.3 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-numpy: upgrade 1.24.3 -> 1.25.0 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-typing-extensions: upgrade 4.6.2 -> 4.6.3 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] xorgproto: upgrade 2022.2 -> 2023.2 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-hatchling: upgrade 1.17.0 -> 1.18.0 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-hypothesis: upgrade 6.75.7 -> 6.79.2 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-importlib-metadata: upgrade 6.6.0 -> 6.7.0 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-iso8601: upgrade 1.1.0 -> 2.0.0 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-markupsafe: upgrade 2.1.2 -> 2.1.3 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-pluggy: upgrade 1.0.0 -> 1.2.0 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-pycairo: upgrade 1.23.0 -> 1.24.0 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-pyparsing: upgrade 3.0.9 -> 3.1.0 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-pytest: upgrade 7.3.1 -> 7.4.0 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-ruamel-yaml: upgrade 0.17.31 -> 0.17.32 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] python3-sphinx-rtd-theme: upgrade 1.2.1 -> 1.2.2 wangmy
2023-06-27 7:17 ` wangmy [this message]
2023-06-29 9:45 ` [OE-core] [PATCH] tiff: upgrade 4.5.0 -> 4.5.1 Alexandre Belloni
2023-06-27 7:17 ` [OE-core] [PATCH] xkeyboard-config: upgrade 2.38 -> 2.39 wangmy
2023-06-27 7:17 ` [OE-core] [PATCH] xwayland: upgrade 23.1.1 -> 23.1.2 wangmy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1687850250-20040-31-git-send-email-wangmy@fujitsu.com \
--to=wangmy@fujitsu.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox