From: Siddharth <sdoshi@mvista.com>
To: openembedded-core@lists.openembedded.org
Cc: Siddharth Doshi <sdoshi@mvista.com>
Subject: [OE-core][master][PATCH] tiff: upgrade 4.7.1 -> 4.7.2
Date: Sat, 4 Jul 2026 23:31:37 +0530 [thread overview]
Message-ID: <20260704180137.17826-1-sdoshi@mvista.com> (raw)
From: Siddharth Doshi <sdoshi@mvista.com>
Note:
Removed CVE-2026-4775 as it is already fixed in 4.7.2
Detailed Information:
https://libtiff.gitlab.io/libtiff/releases/v4.7.2.html
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
.../libtiff/tiff/CVE-2026-4775.patch | 55 -------------------
.../libtiff/{tiff_4.7.1.bb => tiff_4.7.2.bb} | 3 +-
2 files changed, 1 insertion(+), 57 deletions(-)
delete mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2026-4775.patch
rename meta/recipes-multimedia/libtiff/{tiff_4.7.1.bb => tiff_4.7.2.bb} (95%)
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2026-4775.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2026-4775.patch
deleted file mode 100644
index 1f3c026b28..0000000000
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2026-4775.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 782a11d6b5b61c6dc21e714950a4af5bf89f023c Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sun, 22 Feb 2026 23:32:47 +0100
-Subject: [PATCH] TIFFReadRGBAImage(): prevent integer overflow and later heap
- overflow on images with huge width in YCbCr tile decoding functions
-
-Fixes https://gitlab.com/libtiff/libtiff/-/issues/787
-
-CVE: CVE-2026-4775
-Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/782a11d6b5b61c6dc21e714950a4af5bf89f023c]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- libtiff/tif_getimage.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
-index 4543ddda..fa82d091 100644
---- a/libtiff/tif_getimage.c
-+++ b/libtiff/tif_getimage.c
-@@ -2216,7 +2216,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr44tile)
- uint32_t *cp1 = cp + w + toskew;
- uint32_t *cp2 = cp1 + w + toskew;
- uint32_t *cp3 = cp2 + w + toskew;
-- int32_t incr = 3 * w + 4 * toskew;
-+ const tmsize_t incr = 3 * (tmsize_t)w + 4 * (tmsize_t)toskew;
-
- (void)y;
- /* adjust fromskew */
-@@ -2356,7 +2356,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr44tile)
- DECLAREContigPutFunc(putcontig8bitYCbCr42tile)
- {
- uint32_t *cp1 = cp + w + toskew;
-- int32_t incr = 2 * toskew + w;
-+ const tmsize_t incr = 2 * (tmsize_t)toskew + w;
-
- (void)y;
- fromskew = (fromskew / 4) * (4 * 2 + 2);
-@@ -2512,7 +2512,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr41tile)
- DECLAREContigPutFunc(putcontig8bitYCbCr22tile)
- {
- uint32_t *cp2;
-- int32_t incr = 2 * toskew + w;
-+ const tmsize_t incr = 2 * (tmsize_t)toskew + w;
- (void)y;
- fromskew = (fromskew / 2) * (2 * 2 + 2);
- cp2 = cp + w + toskew;
-@@ -2615,7 +2615,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile)
- DECLAREContigPutFunc(putcontig8bitYCbCr12tile)
- {
- uint32_t *cp2;
-- int32_t incr = 2 * toskew + w;
-+ const tmsize_t incr = 2 * (tmsize_t)toskew + w;
- (void)y;
- fromskew = (fromskew / 1) * (1 * 2 + 2);
- cp2 = cp + w + toskew;
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.7.1.bb b/meta/recipes-multimedia/libtiff/tiff_4.7.2.bb
similarity index 95%
rename from meta/recipes-multimedia/libtiff/tiff_4.7.1.bb
rename to meta/recipes-multimedia/libtiff/tiff_4.7.2.bb
index 750565e11c..3462803cb2 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.7.1.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.7.2.bb
@@ -9,10 +9,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=4ab490c3088a0acff254eb2f8c577547"
CVE_PRODUCT = "libtiff"
SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
- file://CVE-2026-4775.patch \
"
-SRC_URI[sha256sum] = "f698d94f3103da8ca7438d84e0344e453fe0ba3b7486e04c5bf7a9a3fabe9b69"
+SRC_URI[sha256sum] = "672bd7d10aee4606171afb864f3570b83340f6a33e2c186dc0512f7145ffdf6a"
# exclude betas
UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
--
2.34.1
reply other threads:[~2026-07-04 18:03 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260704180137.17826-1-sdoshi@mvista.com \
--to=sdoshi@mvista.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox