* [OE-core][kirkstone 01/31] openssl: export necessary env vars in SDK
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 02/31] openssl: Fix SSL_CERT_FILE to match ca-certs location Steve Sakoman
` (29 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
In current SDK, when running the following command in python
shell, we get an error.
$ python3
>>> from cryptography.hazmat.backends import openssl
The error message is as below:
cryptography.exceptions.InternalError: Unknown OpenSSL error.
We could set OPENSSL_MODULES explicitly in nativesdk-openssl package
so that when SDK is set up, it's in environment and we can
get rid of the above error.
Also, there are other env vars that need to be exported. And we export
all of them to keep sync with openssl-native.bbclass.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d6b15d1e70b99185cf245d829ada5b6fb99ec1af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 69030b368773baae65d95e39d3587913b8401bc7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/files/environment.d-openssl.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
index b9cc24a7ac..516bbd1c56 100644
--- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
+++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
@@ -1 +1,5 @@
export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
+export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
+export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/cert.pem"
+export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/"
+export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 02/31] openssl: Fix SSL_CERT_FILE to match ca-certs location
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 01/31] openssl: export necessary env vars in SDK Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 03/31] openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption Steve Sakoman
` (28 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
In OE-Core d6b15d1e70b99185cf245d829ada5b6fb99ec1af,
"openssl: export necessary env vars in SDK", the value added for
SSL_CERT_FILE was in conflict with the value used elsewhere, such as
in buildtools. This makes them match and fixes buildtools testsdk
failures.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7d383a7fc6da666c80f2fc037af5f49a3388eb2b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit a9a50f2216951e26b62ed2f86f341d9ad13acf48)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../recipes-connectivity/openssl/files/environment.d-openssl.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
index 516bbd1c56..6f23490c87 100644
--- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
+++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
@@ -1,5 +1,5 @@
export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
-export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/cert.pem"
+export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"
export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/"
export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 03/31] openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 01/31] openssl: export necessary env vars in SDK Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 02/31] openssl: Fix SSL_CERT_FILE to match ca-certs location Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 04/31] openssl: Upgrade 3.0.5 -> 3.0.7 Steve Sakoman
` (27 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
Description:
CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption.
Affects "openssl < 3.0.6"
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f98b2273c6f03f8f6029a7a409600ce290817e27)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 08b32d2b35c2ba63774d098af467d1c723b1b6e6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/openssl/CVE-2022-3358.patch | 55 +++++++++++++++++++
.../openssl/openssl_3.0.5.bb | 1 +
2 files changed, 56 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch
new file mode 100644
index 0000000000..18b2a5a6b2
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch
@@ -0,0 +1,55 @@
+From 56e1d693f0ec5550a8e3dd52d30e57a02f0287af Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Wed, 19 Oct 2022 11:08:23 +0530
+Subject: [PATCH] CVE-2022-3358
+
+Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
+CVE : CVE-2022-3358
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ crypto/evp/digest.c | 4 +++-
+ crypto/evp/evp_enc.c | 6 ++++--
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
+index de9a1dc..e6e03ea 100644
+--- a/crypto/evp/digest.c
++++ b/crypto/evp/digest.c
+@@ -225,7 +225,9 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
+ || tmpimpl != NULL
+ #endif
+ || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0
+- || type->origin == EVP_ORIG_METH) {
++ || (type != NULL && type->origin == EVP_ORIG_METH)
++ || (type == NULL && ctx->digest != NULL
++ && ctx->digest->origin == EVP_ORIG_METH)) {
+ if (ctx->digest == ctx->fetched_digest)
+ ctx->digest = NULL;
+ EVP_MD_free(ctx->fetched_digest);
+diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
+index 19a07de..5df08bd 100644
+--- a/crypto/evp/evp_enc.c
++++ b/crypto/evp/evp_enc.c
+@@ -131,7 +131,10 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
+ #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
+ || tmpimpl != NULL
+ #endif
+- || impl != NULL) {
++ || impl != NULL
++ || (cipher != NULL && cipher->origin == EVP_ORIG_METH)
++ || (cipher == NULL && ctx->cipher != NULL
++ && ctx->cipher->origin == EVP_ORIG_METH)) {
+ if (ctx->cipher == ctx->fetched_cipher)
+ ctx->cipher = NULL;
+ EVP_CIPHER_free(ctx->fetched_cipher);
+@@ -147,7 +150,6 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
+ ctx->cipher_data = NULL;
+ }
+
+-
+ /* Start of non-legacy code below */
+
+ /* Ensure a context left lying around from last time is cleared */
+--
+2.25.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.5.bb b/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
index e50ff7f8c5..ee051ee7d4 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
+ file://CVE-2022-3358.patch \
"
SRC_URI:append:class-nativesdk = " \
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 04/31] openssl: Upgrade 3.0.5 -> 3.0.7
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (2 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 03/31] openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 05/31] lighttpd: fix CVE-2022-41556 Steve Sakoman
` (26 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Ed Tanous <edtanous@google.com>
OpenSSL 3.0.5 includes a HIGH level security vulnerability [1].
Upgrade the recipe to point to 3.0.7.
CVE-2022-3358 is reported fixed in 3.0.6, so drop the patch for that as
well.
[1] https://www.openssl.org/news/vulnerabilities.html
Fixes CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
Signed-off-by: Ed Tanous <edtanous@google.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a69ea1f7db96ec8b853573bd581438edd42ad6e0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/openssl/CVE-2022-3358.patch | 55 -------------------
.../{openssl_3.0.5.bb => openssl_3.0.7.bb} | 3 +-
2 files changed, 1 insertion(+), 57 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.5.bb => openssl_3.0.7.bb} (98%)
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch
deleted file mode 100644
index 18b2a5a6b2..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 56e1d693f0ec5550a8e3dd52d30e57a02f0287af Mon Sep 17 00:00:00 2001
-From: Hitendra Prajapati <hprajapati@mvista.com>
-Date: Wed, 19 Oct 2022 11:08:23 +0530
-Subject: [PATCH] CVE-2022-3358
-
-Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
-CVE : CVE-2022-3358
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- crypto/evp/digest.c | 4 +++-
- crypto/evp/evp_enc.c | 6 ++++--
- 2 files changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
-index de9a1dc..e6e03ea 100644
---- a/crypto/evp/digest.c
-+++ b/crypto/evp/digest.c
-@@ -225,7 +225,9 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
- || tmpimpl != NULL
- #endif
- || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0
-- || type->origin == EVP_ORIG_METH) {
-+ || (type != NULL && type->origin == EVP_ORIG_METH)
-+ || (type == NULL && ctx->digest != NULL
-+ && ctx->digest->origin == EVP_ORIG_METH)) {
- if (ctx->digest == ctx->fetched_digest)
- ctx->digest = NULL;
- EVP_MD_free(ctx->fetched_digest);
-diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
-index 19a07de..5df08bd 100644
---- a/crypto/evp/evp_enc.c
-+++ b/crypto/evp/evp_enc.c
-@@ -131,7 +131,10 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
- #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- || tmpimpl != NULL
- #endif
-- || impl != NULL) {
-+ || impl != NULL
-+ || (cipher != NULL && cipher->origin == EVP_ORIG_METH)
-+ || (cipher == NULL && ctx->cipher != NULL
-+ && ctx->cipher->origin == EVP_ORIG_METH)) {
- if (ctx->cipher == ctx->fetched_cipher)
- ctx->cipher = NULL;
- EVP_CIPHER_free(ctx->fetched_cipher);
-@@ -147,7 +150,6 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
- ctx->cipher_data = NULL;
- }
-
--
- /* Start of non-legacy code below */
-
- /* Ensure a context left lying around from last time is cleared */
---
-2.25.1
-
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.5.bb b/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_3.0.5.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.7.bb
index ee051ee7d4..9ed5f11df0 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
@@ -12,14 +12,13 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
- file://CVE-2022-3358.patch \
"
SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "aa7d8d9bef71ad6525c55ba11e5f4397889ce49c2c9349dcea6d3e4f0b024a7a"
+SRC_URI[sha256sum] = "83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 05/31] lighttpd: fix CVE-2022-41556
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (3 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 04/31] openssl: Upgrade 3.0.5 -> 3.0.7 Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 06/31] tiff: fix CVE-2022-2953 Steve Sakoman
` (25 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Backport the fix from upstream to fix this CVE.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 59f69125fb00dc8fd335f32fe6898e7a480141e4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../lighttpd/lighttpd/CVE-2022-41556.patch | 31 +++++++++++++++++++
.../lighttpd/lighttpd_1.4.66.bb | 1 +
2 files changed, 32 insertions(+)
create mode 100644 meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
diff --git a/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch b/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
new file mode 100644
index 0000000000..284a5a3ea9
--- /dev/null
+++ b/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
@@ -0,0 +1,31 @@
+CVE: CVE-2022-41556
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Sun, 11 Sep 2022 22:31:34 -0400
+Subject: [PATCH] [core] handle RDHUP when collecting chunked body
+
+handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked
+request body (and when not streaming request body to backend)
+
+x-ref:
+ https://github.com/lighttpd/lighttpd1.4/pull/115
+---
+ src/gw_backend.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/gw_backend.c b/src/gw_backend.c
+index df9d8217..5db56287 100644
+--- a/src/gw_backend.c
++++ b/src/gw_backend.c
+@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) {
+ * and module is flagged to stream request body to backend) */
+ return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST)
+ ? http_response_reqbody_read_error(r, 411)
+- : HANDLER_WAIT_FOR_EVENT;
++ : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc;
+ }
+
+ if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) {
diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb
index 801162867c..78978105b2 100644
--- a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb
+++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb
@@ -14,6 +14,7 @@ RRECOMMENDS:${PN} = "lighttpd-module-access \
lighttpd-module-accesslog"
SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
+ file://CVE-2022-41556.patch \
file://index.html.lighttpd \
file://lighttpd.conf \
file://lighttpd \
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 06/31] tiff: fix CVE-2022-2953
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (4 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 05/31] lighttpd: fix CVE-2022-41556 Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-07 9:10 ` Shubham Kulkarni
2022-11-04 3:00 ` [OE-core][kirkstone 07/31] expat: backport the fix for CVE-2022-43680 Steve Sakoman
` (24 subsequent siblings)
30 siblings, 1 reply; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Zheng Qiu <zheng.qiu@windriver.com>
While this does not happen with the tiff 4.3.0 release, it does happen with
the series of patches we have, so backport the two simple changes that
restrict the tiffcrop options to avoid the vulnerability.
CVE-2022-2953.patch was taken from upstream, and a small typo was fixed
for the CVE number. The other patch is included in tiff 4.4.0 but not
4.3.0, so add it as well.
Signed-off-by: Randy MacLeod <randy.macleod@windriver.com>
Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ue-330-and-some-more-from-320-to-349.patch | 609 ++++++++++++++++++
.../libtiff/tiff/CVE-2022-2953.patch | 87 +++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
3 files changed, 698 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
new file mode 100644
index 0000000000..07acf5eb90
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
@@ -0,0 +1,609 @@
+From e319508023580e2f70e6e626f745b5b2a1707313 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Tue, 10 May 2022 20:03:17 +0000
+Subject: [PATCH] tiffcrop: Fix issue #330 and some more from 320 to 349
+Upstream-Status: Backport
+Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
+---
+ tools/tiffcrop.c | 282 +++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 210 insertions(+), 72 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 77cf6ed1..791ec5e7 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -63,20 +63,24 @@
+ * units when sectioning image into columns x rows
+ * using the -S cols:rows option.
+ * -X # Horizontal dimension of region to extract expressed in current
+- * units
++ * units, relative to the specified origin reference 'edge' left (default for X) or right.
+ * -Y # Vertical dimension of region to extract expressed in current
+- * units
++ * units, relative to the specified origin reference 'edge' top (default for Y) or bottom.
+ * -O orient Orientation for output image, portrait, landscape, auto
+ * -P page Page size for output image segments, eg letter, legal, tabloid,
+ * etc.
+ * -S cols:rows Divide the image into equal sized segments using cols across
+ * and rows down
+- * -E t|l|r|b Edge to use as origin
++ * -E t|l|r|b Edge to use as origin (i.e. 'side' of the image not 'corner')
++ * top = width from left, zones from top to bottom (default)
++ * bottom = width from left, zones from bottom to top
++ * left = zones from left to right, length from top
++ * right = zones from right to left, length from top
+ * -m #,#,#,# Margins from edges for selection: top, left, bottom, right
+ * (commas separated)
+ * -Z #:#,#:# Zones of the image designated as zone X of Y,
+ * eg 1:3 would be first of three equal portions measured
+- * from reference edge
++ * from reference edge (i.e. 'side' not corner)
+ * -N odd|even|#,#-#,#|last
+ * Select sequences and/or ranges of images within file
+ * to process. The words odd or even may be used to specify
+@@ -103,10 +107,13 @@
+ * selects which functions dump data, with higher numbers selecting
+ * lower level, scanline level routines. Debug reports a limited set
+ * of messages to monitor progress without enabling dump logs.
++ *
++ * Note: The (-X|-Y), -Z and -z options are mutually exclusive.
++ * In no case should the options be applied to a given selection successively.
+ */
+
+-static char tiffcrop_version_id[] = "2.4.1";
+-static char tiffcrop_rev_date[] = "03-03-2010";
++static char tiffcrop_version_id[] = "2.5";
++static char tiffcrop_rev_date[] = "02-09-2022";
+
+ #include "tif_config.h"
+ #include "libport.h"
+@@ -774,6 +781,9 @@ static const char usage_info[] =
+ " The four debug/dump options are independent, though it makes little sense to\n"
+ " specify a dump file without specifying a detail level.\n"
+ "\n"
++"Note: The (-X|-Y), -Z and -z options are mutually exclusive.\n"
++" In no case should the options be applied to a given selection successively.\n"
++"\n"
+ ;
+
+ /* This function could be modified to pass starting sample offset
+@@ -2121,6 +2131,15 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+ /*NOTREACHED*/
+ }
+ }
++ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and -z are mutually exclusive) --*/
++ char XY, Z, R;
++ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));
++ Z = (crop_data->crop_mode & CROP_ZONES);
++ R = (crop_data->crop_mode & CROP_REGIONS);
++ if ((XY && Z) || (XY && R) || (Z && R)) {
++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z and -z are mutually exclusive.->Exit");
++ exit(EXIT_FAILURE);
++ }
+ } /* end process_command_opts */
+
+ /* Start a new output file if one has not been previously opened or
+@@ -2746,7 +2765,7 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols,
+ tsample_t count, uint32_t start, uint32_t end)
+ {
+ int i, bytes_per_sample, sindex;
+- uint32_t col, dst_rowsize, bit_offset;
++ uint32_t col, dst_rowsize, bit_offset, numcols;
+ uint32_t src_byte /*, src_bit */;
+ uint8_t *src = in;
+ uint8_t *dst = out;
+@@ -2757,6 +2776,10 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols,
+ return (1);
+ }
+
++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
++ */
++ numcols = abs(end - start);
+ if ((start > end) || (start > cols))
+ {
+ TIFFError ("extractContigSamplesBytes",
+@@ -2769,6 +2792,9 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols,
+ "Invalid end column value %"PRIu32" ignored", end);
+ end = cols;
+ }
++ if (abs(end - start) > numcols) {
++ end = start + numcols;
++ }
+
+ dst_rowsize = (bps * (end - start) * count) / 8;
+
+@@ -2812,7 +2838,7 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ tsample_t count, uint32_t start, uint32_t end)
+ {
+ int ready_bits = 0, sindex = 0;
+- uint32_t col, src_byte, src_bit, bit_offset;
++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
+ uint8_t maskbits = 0, matchbits = 0;
+ uint8_t buff1 = 0, buff2 = 0;
+ uint8_t *src = in;
+@@ -2824,6 +2850,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ return (1);
+ }
+
++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
++ */
++ numcols = abs(end - start);
+ if ((start > end) || (start > cols))
+ {
+ TIFFError ("extractContigSamples8bits",
+@@ -2836,7 +2866,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ "Invalid end column value %"PRIu32" ignored", end);
+ end = cols;
+ }
+-
++ if (abs(end - start) > numcols) {
++ end = start + numcols;
++ }
++
+ ready_bits = 0;
+ maskbits = (uint8_t)-1 >> (8 - bps);
+ buff1 = buff2 = 0;
+@@ -2889,7 +2922,7 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ tsample_t count, uint32_t start, uint32_t end)
+ {
+ int ready_bits = 0, sindex = 0;
+- uint32_t col, src_byte, src_bit, bit_offset;
++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
+ uint16_t maskbits = 0, matchbits = 0;
+ uint16_t buff1 = 0, buff2 = 0;
+ uint8_t bytebuff = 0;
+@@ -2902,6 +2935,10 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ return (1);
+ }
+
++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
++ */
++ numcols = abs(end - start);
+ if ((start > end) || (start > cols))
+ {
+ TIFFError ("extractContigSamples16bits",
+@@ -2914,6 +2951,9 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ "Invalid end column value %"PRIu32" ignored", end);
+ end = cols;
+ }
++ if (abs(end - start) > numcols) {
++ end = start + numcols;
++ }
+
+ ready_bits = 0;
+ maskbits = (uint16_t)-1 >> (16 - bps);
+@@ -2978,7 +3018,7 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ tsample_t count, uint32_t start, uint32_t end)
+ {
+ int ready_bits = 0, sindex = 0;
+- uint32_t col, src_byte, src_bit, bit_offset;
++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
+ uint32_t maskbits = 0, matchbits = 0;
+ uint32_t buff1 = 0, buff2 = 0;
+ uint8_t bytebuff1 = 0, bytebuff2 = 0;
+@@ -2991,6 +3031,10 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ return (1);
+ }
+
++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
++ */
++ numcols = abs(end - start);
+ if ((start > end) || (start > cols))
+ {
+ TIFFError ("extractContigSamples24bits",
+@@ -3003,6 +3047,9 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ "Invalid end column value %"PRIu32" ignored", end);
+ end = cols;
+ }
++ if (abs(end - start) > numcols) {
++ end = start + numcols;
++ }
+
+ ready_bits = 0;
+ maskbits = (uint32_t)-1 >> (32 - bps);
+@@ -3087,7 +3134,7 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ tsample_t count, uint32_t start, uint32_t end)
+ {
+ int ready_bits = 0, sindex = 0 /*, shift_width = 0 */;
+- uint32_t col, src_byte, src_bit, bit_offset;
++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
+ uint32_t longbuff1 = 0, longbuff2 = 0;
+ uint64_t maskbits = 0, matchbits = 0;
+ uint64_t buff1 = 0, buff2 = 0, buff3 = 0;
+@@ -3102,6 +3149,10 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ }
+
+
++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
++ */
++ numcols = abs(end - start);
+ if ((start > end) || (start > cols))
+ {
+ TIFFError ("extractContigSamples32bits",
+@@ -3114,6 +3165,9 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ "Invalid end column value %"PRIu32" ignored", end);
+ end = cols;
+ }
++ if (abs(end - start) > numcols) {
++ end = start + numcols;
++ }
+
+ /* shift_width = ((bps + 7) / 8) + 1; */
+ ready_bits = 0;
+@@ -3193,7 +3247,7 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ int shift)
+ {
+ int ready_bits = 0, sindex = 0;
+- uint32_t col, src_byte, src_bit, bit_offset;
++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
+ uint8_t maskbits = 0, matchbits = 0;
+ uint8_t buff1 = 0, buff2 = 0;
+ uint8_t *src = in;
+@@ -3205,6 +3259,10 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ return (1);
+ }
+
++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
++ */
++ numcols = abs(end - start);
+ if ((start > end) || (start > cols))
+ {
+ TIFFError ("extractContigSamplesShifted8bits",
+@@ -3217,6 +3275,9 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ "Invalid end column value %"PRIu32" ignored", end);
+ end = cols;
+ }
++ if (abs(end - start) > numcols) {
++ end = start + numcols;
++ }
+
+ ready_bits = shift;
+ maskbits = (uint8_t)-1 >> (8 - bps);
+@@ -3273,7 +3334,7 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ int shift)
+ {
+ int ready_bits = 0, sindex = 0;
+- uint32_t col, src_byte, src_bit, bit_offset;
++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
+ uint16_t maskbits = 0, matchbits = 0;
+ uint16_t buff1 = 0, buff2 = 0;
+ uint8_t bytebuff = 0;
+@@ -3286,6 +3347,10 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ return (1);
+ }
+
++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
++ */
++ numcols = abs(end - start);
+ if ((start > end) || (start > cols))
+ {
+ TIFFError ("extractContigSamplesShifted16bits",
+@@ -3298,6 +3363,9 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ "Invalid end column value %"PRIu32" ignored", end);
+ end = cols;
+ }
++ if (abs(end - start) > numcols) {
++ end = start + numcols;
++ }
+
+ ready_bits = shift;
+ maskbits = (uint16_t)-1 >> (16 - bps);
+@@ -3363,7 +3431,7 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ int shift)
+ {
+ int ready_bits = 0, sindex = 0;
+- uint32_t col, src_byte, src_bit, bit_offset;
++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
+ uint32_t maskbits = 0, matchbits = 0;
+ uint32_t buff1 = 0, buff2 = 0;
+ uint8_t bytebuff1 = 0, bytebuff2 = 0;
+@@ -3376,6 +3444,16 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ return (1);
+ }
+
++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
++ */
++ /*--- Remark, which is true for all those functions extractCongigSamplesXXX() --
++ * The mitigation of the start/end test does not allways make sense, because the function is often called with e.g.:
++ * start = 31; end = 32; cols = 32 to extract the last column in a 32x32 sample image.
++ * If then, a worng parameter (e.g. cols = 10) is provided, the mitigated settings would be start=0; end=1.
++ * Therefore, an error message and no copy action might be the better reaction to wrong parameter configurations.
++ */
++ numcols = abs(end - start);
+ if ((start > end) || (start > cols))
+ {
+ TIFFError ("extractContigSamplesShifted24bits",
+@@ -3388,6 +3466,9 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ "Invalid end column value %"PRIu32" ignored", end);
+ end = cols;
+ }
++ if (abs(end - start) > numcols) {
++ end = start + numcols;
++ }
+
+ ready_bits = shift;
+ maskbits = (uint32_t)-1 >> (32 - bps);
+@@ -3449,7 +3530,7 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ buff2 = (buff2 << 8);
+ bytebuff2 = bytebuff1;
+ ready_bits -= 8;
+- }
++ }
+
+ return (0);
+ } /* end extractContigSamplesShifted24bits */
+@@ -3461,7 +3542,7 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ int shift)
+ {
+ int ready_bits = 0, sindex = 0 /*, shift_width = 0 */;
+- uint32_t col, src_byte, src_bit, bit_offset;
++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
+ uint32_t longbuff1 = 0, longbuff2 = 0;
+ uint64_t maskbits = 0, matchbits = 0;
+ uint64_t buff1 = 0, buff2 = 0, buff3 = 0;
+@@ -3476,6 +3557,10 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ }
+
+
++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
++ */
++ numcols = abs(end - start);
+ if ((start > end) || (start > cols))
+ {
+ TIFFError ("extractContigSamplesShifted32bits",
+@@ -3488,6 +3573,9 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ "Invalid end column value %"PRIu32" ignored", end);
+ end = cols;
+ }
++ if (abs(end - start) > numcols) {
++ end = start + numcols;
++ }
+
+ /* shift_width = ((bps + 7) / 8) + 1; */
+ ready_bits = shift;
+@@ -5429,7 +5517,7 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
+ {
+ struct offset offsets;
+ int i;
+- int32_t test;
++ uint32_t uaux;
+ uint32_t seg, total, need_buff = 0;
+ uint32_t buffsize;
+ uint32_t zwidth, zlength;
+@@ -5510,8 +5598,13 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
+ seg = crop->zonelist[j].position;
+ total = crop->zonelist[j].total;
+
+- /* check for not allowed zone cases like 0:0; 4:3; etc. and skip that input */
++ /* check for not allowed zone cases like 0:0; 4:3; or negative ones etc. and skip that input */
++ if (crop->zonelist[j].position < 0 || crop->zonelist[j].total < 0) {
++ TIFFError("getCropOffsets", "Negative crop zone values %d:%d are not allowed, thus skipped.", crop->zonelist[j].position, crop->zonelist[j].total);
++ continue;
++ }
+ if (seg == 0 || total == 0 || seg > total) {
++ TIFFError("getCropOffsets", "Crop zone %d:%d is out of specification, thus skipped.", seg, total);
+ continue;
+ }
+
+@@ -5524,17 +5617,23 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
+
+ crop->regionlist[i].x1 = offsets.startx +
+ (uint32_t)(offsets.crop_width * 1.0 * (seg - 1) / total);
+- test = (int32_t)offsets.startx +
+- (int32_t)(offsets.crop_width * 1.0 * seg / total);
+- if (test < 1 )
+- crop->regionlist[i].x2 = 0;
+- else
+- {
+- if (test > (int32_t)(image->width - 1))
++ /* FAULT: IMHO in the old code here, the calculation of x2 was based on wrong assumtions. The whole image was assumed and 'endy' and 'starty' are not respected anymore!*/
++ /* NEW PROPOSED Code: Assumption: offsets are within image with top left corner as origin (0,0) and 'start' <= 'end'. */
++ if (crop->regionlist[i].x1 > offsets.endx) {
++ crop->regionlist[i].x1 = offsets.endx;
++ } else if (crop->regionlist[i].x1 >= image->width) {
++ crop->regionlist[i].x1 = image->width - 1;
++ }
++
++ crop->regionlist[i].x2 = offsets.startx + (uint32_t)(offsets.crop_width * 1.0 * seg / total);
++ if (crop->regionlist[i].x2 > 0) crop->regionlist[i].x2 = crop->regionlist[i].x2 - 1;
++ if (crop->regionlist[i].x2 < crop->regionlist[i].x1) {
++ crop->regionlist[i].x2 = crop->regionlist[i].x1;
++ } else if (crop->regionlist[i].x2 > offsets.endx) {
++ crop->regionlist[i].x2 = offsets.endx;
++ } else if (crop->regionlist[i].x2 >= image->width) {
+ crop->regionlist[i].x2 = image->width - 1;
+- else
+- crop->regionlist[i].x2 = test - 1;
+- }
++ }
+ zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
+
+ /* This is passed to extractCropZone or extractCompositeZones */
+@@ -5549,22 +5648,27 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
+ crop->regionlist[i].x1 = offsets.startx;
+ crop->regionlist[i].x2 = offsets.endx;
+
+- test = offsets.endy - (uint32_t)(offsets.crop_length * 1.0 * seg / total);
+- if (test < 1 )
+- crop->regionlist[i].y1 = 0;
+- else
+- crop->regionlist[i].y1 = test + 1;
++ /* FAULT: IMHO in the old code here, the calculation of y1/y2 was based on wrong assumtions. The whole image was assumed and 'endy' and 'starty' are not respected anymore!*/
++ /* NEW PROPOSED Code: Assumption: offsets are within image with top left corner as origin (0,0) and 'start' <= 'end'. */
++ uaux = (uint32_t)(offsets.crop_length * 1.0 * seg / total);
++ if (uaux <= offsets.endy + 1) {
++ crop->regionlist[i].y1 = offsets.endy - uaux + 1;
++ } else {
++ crop->regionlist[i].y1 = 0;
++ }
++ if (crop->regionlist[i].y1 < offsets.starty) {
++ crop->regionlist[i].y1 = offsets.starty;
++ }
+
+- test = offsets.endy - (offsets.crop_length * 1.0 * (seg - 1) / total);
+- if (test < 1 )
+- crop->regionlist[i].y2 = 0;
+- else
+- {
+- if (test > (int32_t)(image->length - 1))
+- crop->regionlist[i].y2 = image->length - 1;
+- else
+- crop->regionlist[i].y2 = test;
+- }
++ uaux = (uint32_t)(offsets.crop_length * 1.0 * (seg - 1) / total);
++ if (uaux <= offsets.endy) {
++ crop->regionlist[i].y2 = offsets.endy - uaux;
++ } else {
++ crop->regionlist[i].y2 = 0;
++ }
++ if (crop->regionlist[i].y2 < offsets.starty) {
++ crop->regionlist[i].y2 = offsets.starty;
++ }
+ zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
+
+ /* This is passed to extractCropZone or extractCompositeZones */
+@@ -5575,32 +5679,42 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
+ crop->combined_width = (uint32_t)zwidth;
+ break;
+ case EDGE_RIGHT: /* zones from right to left, length from top */
+- zlength = offsets.crop_length;
+- crop->regionlist[i].y1 = offsets.starty;
+- crop->regionlist[i].y2 = offsets.endy;
+-
+- crop->regionlist[i].x1 = offsets.startx +
+- (uint32_t)(offsets.crop_width * (total - seg) * 1.0 / total);
+- test = offsets.startx +
+- (offsets.crop_width * (total - seg + 1) * 1.0 / total);
+- if (test < 1 )
+- crop->regionlist[i].x2 = 0;
+- else
+- {
+- if (test > (int32_t)(image->width - 1))
+- crop->regionlist[i].x2 = image->width - 1;
+- else
+- crop->regionlist[i].x2 = test - 1;
+- }
+- zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
++ zlength = offsets.crop_length;
++ crop->regionlist[i].y1 = offsets.starty;
++ crop->regionlist[i].y2 = offsets.endy;
++
++ crop->regionlist[i].x1 = offsets.startx +
++ (uint32_t)(offsets.crop_width * (total - seg) * 1.0 / total);
++ /* FAULT: IMHO from here on, the calculation of y2 are based on wrong assumtions. The whole image is assumed and 'endy' and 'starty' are not respected anymore!*/
++ /* NEW PROPOSED Code: Assumption: offsets are within image with top left corner as origin (0,0) and 'start' <= 'end'. */
++ uaux = (uint32_t)(offsets.crop_width * 1.0 * seg / total);
++ if (uaux <= offsets.endx + 1) {
++ crop->regionlist[i].x1 = offsets.endx - uaux + 1;
++ } else {
++ crop->regionlist[i].x1 = 0;
++ }
++ if (crop->regionlist[i].x1 < offsets.startx) {
++ crop->regionlist[i].x1 = offsets.startx;
++ }
+
+- /* This is passed to extractCropZone or extractCompositeZones */
+- crop->combined_length = (uint32_t)zlength;
+- if (crop->exp_mode == COMPOSITE_IMAGES)
+- crop->combined_width += (uint32_t)zwidth;
+- else
+- crop->combined_width = (uint32_t)zwidth;
+- break;
++ uaux = (uint32_t)(offsets.crop_width * 1.0 * (seg - 1) / total);
++ if (uaux <= offsets.endx) {
++ crop->regionlist[i].x2 = offsets.endx - uaux;
++ } else {
++ crop->regionlist[i].x2 = 0;
++ }
++ if (crop->regionlist[i].x2 < offsets.startx) {
++ crop->regionlist[i].x2 = offsets.startx;
++ }
++ zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
++
++ /* This is passed to extractCropZone or extractCompositeZones */
++ crop->combined_length = (uint32_t)zlength;
++ if (crop->exp_mode == COMPOSITE_IMAGES)
++ crop->combined_width += (uint32_t)zwidth;
++ else
++ crop->combined_width = (uint32_t)zwidth;
++ break;
+ case EDGE_TOP: /* width from left, zones from top to bottom */
+ default:
+ zwidth = offsets.crop_width;
+@@ -5608,6 +5722,14 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
+ crop->regionlist[i].x2 = offsets.endx;
+
+ crop->regionlist[i].y1 = offsets.starty + (uint32_t)(offsets.crop_length * 1.0 * (seg - 1) / total);
++ if (crop->regionlist[i].y1 > offsets.endy) {
++ crop->regionlist[i].y1 = offsets.endy;
++ } else if (crop->regionlist[i].y1 >= image->length) {
++ crop->regionlist[i].y1 = image->length - 1;
++ }
++
++ /* FAULT: IMHO from here on, the calculation of y2 are based on wrong assumtions. The whole image is assumed and 'endy' and 'starty' are not respected anymore!*/
++ /* OLD Code:
+ test = offsets.starty + (uint32_t)(offsets.crop_length * 1.0 * seg / total);
+ if (test < 1 )
+ crop->regionlist[i].y2 = 0;
+@@ -5618,6 +5740,18 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
+ else
+ crop->regionlist[i].y2 = test - 1;
+ }
++ */
++ /* NEW PROPOSED Code: Assumption: offsets are within image with top left corner as origin (0,0) and 'start' <= 'end'. */
++ crop->regionlist[i].y2 = offsets.starty + (uint32_t)(offsets.crop_length * 1.0 * seg / total);
++ if (crop->regionlist[i].y2 > 0)crop->regionlist[i].y2 = crop->regionlist[i].y2 - 1;
++ if (crop->regionlist[i].y2 < crop->regionlist[i].y1) {
++ crop->regionlist[i].y2 = crop->regionlist[i].y1;
++ } else if (crop->regionlist[i].y2 > offsets.endy) {
++ crop->regionlist[i].y2 = offsets.endy;
++ } else if (crop->regionlist[i].y2 >= image->length) {
++ crop->regionlist[i].y2 = image->length - 1;
++ }
++
+ zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
+
+ /* This is passed to extractCropZone or extractCompositeZones */
+@@ -7551,7 +7685,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ total_width = total_length = 0;
+ for (i = 0; i < crop->selections; i++)
+ {
+- cropsize = crop->bufftotal;
++
++ cropsize = crop->bufftotal;
+ crop_buff = seg_buffs[i].buffer;
+ if (!crop_buff)
+ crop_buff = (unsigned char *)limitMalloc(cropsize);
+@@ -7640,6 +7775,9 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
++ /* rotateImage() changes image->width, ->length, ->xres and ->yres, what it schouldn't do here, when more than one section is processed.
++ * ToDo: Therefore rotateImage() and its usage has to be reworked (e.g. like mirrorImage()) !!
++ */
+ if (rotateImage(crop->rotation, image, &crop->regionlist[i].width,
+ &crop->regionlist[i].length, &crop_buff))
+ {
+@@ -7655,8 +7793,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ seg_buffs[i].size = (((crop->regionlist[i].width * image->bps + 7 ) / 8)
+ * image->spp) * crop->regionlist[i].length;
+ }
+- }
+- }
++ } /* for crop->selections loop */
++ } /* Separated Images (else case) */
+ return (0);
+ } /* end processCropSelections */
+
+--
+2.33.0
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
new file mode 100644
index 0000000000..3a3a915688
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
@@ -0,0 +1,87 @@
+CVE: CVE-2022-2953
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
+
+From 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Mon, 15 Aug 2022 22:11:03 +0200
+Subject: [PATCH] =?UTF-8?q?According=20to=20Richard=20Nolde=20https://gitl?=
+ =?UTF-8?q?ab.com/libtiff/libtiff/-/issues/401#note=5F877637400=20the=20ti?=
+ =?UTF-8?q?ffcrop=20option=20=E2=80=9E-S=E2=80=9C=20is=20also=20mutually?=
+ =?UTF-8?q?=20exclusive=20to=20the=20other=20crop=20options=20(-X|-Y),=20-?=
+ =?UTF-8?q?Z=20and=20-z.?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This is now checked and ends tiffcrop if those arguments are not mutually exclusive.
+
+This MR will fix the following tiffcrop issues: #349, #414, #422, #423, #424
+---
+ tools/tiffcrop.c | 31 ++++++++++++++++---------------
+ 1 file changed, 16 insertions(+), 15 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 90286a5e..c3b758ec 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-09-2022";
+ #define ROTATECW_270 32
+ #define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270)
+
+-#define CROP_NONE 0
+-#define CROP_MARGINS 1
+-#define CROP_WIDTH 2
+-#define CROP_LENGTH 4
+-#define CROP_ZONES 8
+-#define CROP_REGIONS 16
++#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and page->rows/->cols != 0 */
++#define CROP_MARGINS 1 /* "-m" */
++#define CROP_WIDTH 2 /* "-X" */
++#define CROP_LENGTH 4 /* "-Y" */
++#define CROP_ZONES 8 /* "-Z" */
++#define CROP_REGIONS 16 /* "-z" */
+ #define CROP_ROTATE 32
+ #define CROP_MIRROR 64
+ #define CROP_INVERT 128
+@@ -316,7 +316,7 @@ struct crop_mask {
+ #define PAGE_MODE_RESOLUTION 1
+ #define PAGE_MODE_PAPERSIZE 2
+ #define PAGE_MODE_MARGINS 4
+-#define PAGE_MODE_ROWSCOLS 8
++#define PAGE_MODE_ROWSCOLS 8 /* for -S option */
+
+ #define INVERT_DATA_ONLY 10
+ #define INVERT_DATA_AND_TAG 11
+@@ -781,7 +781,7 @@ static const char usage_info[] =
+ " The four debug/dump options are independent, though it makes little sense to\n"
+ " specify a dump file without specifying a detail level.\n"
+ "\n"
+-"Note: The (-X|-Y), -Z and -z options are mutually exclusive.\n"
++"Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.\n"
+ " In no case should the options be applied to a given selection successively.\n"
+ "\n"
+ ;
+@@ -2131,13 +2131,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+ /*NOTREACHED*/
+ }
+ }
+- /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and -z are mutually exclusive) --*/
+- char XY, Z, R;
++ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/
++ char XY, Z, R, S;
+ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));
+ Z = (crop_data->crop_mode & CROP_ZONES);
+ R = (crop_data->crop_mode & CROP_REGIONS);
+- if ((XY && Z) || (XY && R) || (Z && R)) {
+- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z and -z are mutually exclusive.->Exit");
++ S = (page->mode & PAGE_MODE_ROWSCOLS);
++ if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) {
++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
+ exit(EXIT_FAILURE);
+ }
+ } /* end process_command_opts */
+--
+2.34.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index f84057c46b..29a2c38d8e 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -25,6 +25,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2022-2869.patch \
file://CVE-2022-2867.patch \
file://b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch \
+ file://0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch \
+ file://CVE-2022-2953.patch \
"
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* Re: [OE-core][kirkstone 06/31] tiff: fix CVE-2022-2953
2022-11-04 3:00 ` [OE-core][kirkstone 06/31] tiff: fix CVE-2022-2953 Steve Sakoman
@ 2022-11-07 9:10 ` Shubham Kulkarni
2022-11-07 14:19 ` Steve Sakoman
0 siblings, 1 reply; 37+ messages in thread
From: Shubham Kulkarni @ 2022-11-07 9:10 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 38263 bytes --]
Hello, I am new to this community and trying to understand the CVE patch
fixing process. Kindly correct me if I am wrong with my understanding.
So, this patch is fixing the code present in the file tools/tiffcrop.c . I
can see this patch is having combined changes from following commits:
1] https://gitlab.com/libtiff/libtiff/-/commit/e319508 - tiffcrop: Fix
issue #330 and some more from 320 to 349
2] https://gitlab.com/libtiff/libtiff/-/commit/8fe3735 - According to
Richard Nolde #401 (comment 877637400)
3] https://gitlab.com/libtiff/libtiff/-/commit/bad48e9 - tiffcrop -S
option: Make decision simpler.
Debian website for this CVE (
https://security-tracker.debian.org/tracker/CVE-2022-2953) suggests commits
"2]" & "3]" as a fix. And both "2]" & "3]" fixes the code introduced by
commit "1]". So, can we say that the vulnerability was introduced by commit
"1]" , and solved by "2]" & "3]" ?
If yes, then as per my understanding, there is no need of fixing, as
vulnerability itself is not present in current code and it's Not Affected
by the CVE. But this patch is introducing the vulnerability ("1]") and on
top of it, fixing the same ("2]" & "3]"). Is it required Or can we just say
that this version of code/tiff package is not affected by this CVE?
Please rectify my understanding.
Thanks in Advance,
Shubham
On Fri, Nov 4, 2022 at 8:31 AM Steve Sakoman <steve@sakoman.com> wrote:
> From: Zheng Qiu <zheng.qiu@windriver.com>
>
> While this does not happen with the tiff 4.3.0 release, it does happen with
> the series of patches we have, so backport the two simple changes that
> restrict the tiffcrop options to avoid the vulnerability.
>
> CVE-2022-2953.patch was taken from upstream, and a small typo was fixed
> for the CVE number. The other patch is included in tiff 4.4.0 but not
> 4.3.0, so add it as well.
>
> Signed-off-by: Randy MacLeod <randy.macleod@windriver.com>
> Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> ...ue-330-and-some-more-from-320-to-349.patch | 609 ++++++++++++++++++
> .../libtiff/tiff/CVE-2022-2953.patch | 87 +++
> meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
> 3 files changed, 698 insertions(+)
> create mode 100644
> meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
> create mode 100644
> meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
>
> diff --git
> a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
> b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
> new file mode 100644
> index 0000000000..07acf5eb90
> --- /dev/null
> +++
> b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
> @@ -0,0 +1,609 @@
> +From e319508023580e2f70e6e626f745b5b2a1707313 Mon Sep 17 00:00:00 2001
> +From: Su Laus <sulau@freenet.de>
> +Date: Tue, 10 May 2022 20:03:17 +0000
> +Subject: [PATCH] tiffcrop: Fix issue #330 and some more from 320 to 349
> +Upstream-Status: Backport
> +Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
> +---
> + tools/tiffcrop.c | 282 +++++++++++++++++++++++++++++++++++------------
> + 1 file changed, 210 insertions(+), 72 deletions(-)
> +
> +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
> +index 77cf6ed1..791ec5e7 100644
> +--- a/tools/tiffcrop.c
> ++++ b/tools/tiffcrop.c
> +@@ -63,20 +63,24 @@
> + * units when sectioning image into columns x rows
> + * using the -S cols:rows option.
> + * -X # Horizontal dimension of region to extract expressed in
> current
> +- * units
> ++ * units, relative to the specified origin reference
> 'edge' left (default for X) or right.
> + * -Y # Vertical dimension of region to extract expressed in
> current
> +- * units
> ++ * units, relative to the specified origin reference
> 'edge' top (default for Y) or bottom.
> + * -O orient Orientation for output image, portrait, landscape, auto
> + * -P page Page size for output image segments, eg letter, legal,
> tabloid,
> + * etc.
> + * -S cols:rows Divide the image into equal sized segments using cols
> across
> + * and rows down
> +- * -E t|l|r|b Edge to use as origin
> ++ * -E t|l|r|b Edge to use as origin (i.e. 'side' of the image not
> 'corner')
> ++ * top = width from left, zones from top to bottom
> (default)
> ++ * bottom = width from left, zones from bottom to top
> ++ * left = zones from left to right, length from top
> ++ * right = zones from right to left, length from top
> + * -m #,#,#,# Margins from edges for selection: top, left, bottom,
> right
> + * (commas separated)
> + * -Z #:#,#:# Zones of the image designated as zone X of Y,
> + * eg 1:3 would be first of three equal portions measured
> +- * from reference edge
> ++ * from reference edge (i.e. 'side' not corner)
> + * -N odd|even|#,#-#,#|last
> + * Select sequences and/or ranges of images within file
> + * to process. The words odd or even may be used to
> specify
> +@@ -103,10 +107,13 @@
> + * selects which functions dump data, with higher numbers
> selecting
> + * lower level, scanline level routines. Debug reports a
> limited set
> + * of messages to monitor progress without enabling dump
> logs.
> ++ *
> ++ * Note: The (-X|-Y), -Z and -z options are mutually exclusive.
> ++ * In no case should the options be applied to a given
> selection successively.
> + */
> +
> +-static char tiffcrop_version_id[] = "2.4.1";
> +-static char tiffcrop_rev_date[] = "03-03-2010";
> ++static char tiffcrop_version_id[] = "2.5";
> ++static char tiffcrop_rev_date[] = "02-09-2022";
> +
> + #include "tif_config.h"
> + #include "libport.h"
> +@@ -774,6 +781,9 @@ static const char usage_info[] =
> + " The four debug/dump options are independent, though it
> makes little sense to\n"
> + " specify a dump file without specifying a detail level.\n"
> + "\n"
> ++"Note: The (-X|-Y), -Z and -z options are mutually exclusive.\n"
> ++" In no case should the options be applied to a given
> selection successively.\n"
> ++"\n"
> + ;
> +
> + /* This function could be modified to pass starting sample offset
> +@@ -2121,6 +2131,15 @@ void process_command_opts (int argc, char
> *argv[], char *mp, char *mode, uint32
> + /*NOTREACHED*/
> + }
> + }
> ++ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and -z
> are mutually exclusive) --*/
> ++ char XY, Z, R;
> ++ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode &
> CROP_LENGTH));
> ++ Z = (crop_data->crop_mode & CROP_ZONES);
> ++ R = (crop_data->crop_mode & CROP_REGIONS);
> ++ if ((XY && Z) || (XY && R) || (Z && R)) {
> ++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z
> and -z are mutually exclusive.->Exit");
> ++ exit(EXIT_FAILURE);
> ++ }
> + } /* end process_command_opts */
> +
> + /* Start a new output file if one has not been previously opened or
> +@@ -2746,7 +2765,7 @@ extractContigSamplesBytes (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + tsample_t count, uint32_t start, uint32_t end)
> + {
> + int i, bytes_per_sample, sindex;
> +- uint32_t col, dst_rowsize, bit_offset;
> ++ uint32_t col, dst_rowsize, bit_offset, numcols;
> + uint32_t src_byte /*, src_bit */;
> + uint8_t *src = in;
> + uint8_t *dst = out;
> +@@ -2757,6 +2776,10 @@ extractContigSamplesBytes (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + return (1);
> + }
> +
> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set
> one after the index of the last column to be copied!
> ++ */
> ++ numcols = abs(end - start);
> + if ((start > end) || (start > cols))
> + {
> + TIFFError ("extractContigSamplesBytes",
> +@@ -2769,6 +2792,9 @@ extractContigSamplesBytes (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + "Invalid end column value %"PRIu32" ignored", end);
> + end = cols;
> + }
> ++ if (abs(end - start) > numcols) {
> ++ end = start + numcols;
> ++ }
> +
> + dst_rowsize = (bps * (end - start) * count) / 8;
> +
> +@@ -2812,7 +2838,7 @@ extractContigSamples8bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + tsample_t count, uint32_t start, uint32_t end)
> + {
> + int ready_bits = 0, sindex = 0;
> +- uint32_t col, src_byte, src_bit, bit_offset;
> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> + uint8_t maskbits = 0, matchbits = 0;
> + uint8_t buff1 = 0, buff2 = 0;
> + uint8_t *src = in;
> +@@ -2824,6 +2850,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + return (1);
> + }
> +
> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set
> one after the index of the last column to be copied!
> ++ */
> ++ numcols = abs(end - start);
> + if ((start > end) || (start > cols))
> + {
> + TIFFError ("extractContigSamples8bits",
> +@@ -2836,7 +2866,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + "Invalid end column value %"PRIu32" ignored", end);
> + end = cols;
> + }
> +-
> ++ if (abs(end - start) > numcols) {
> ++ end = start + numcols;
> ++ }
> ++
> + ready_bits = 0;
> + maskbits = (uint8_t)-1 >> (8 - bps);
> + buff1 = buff2 = 0;
> +@@ -2889,7 +2922,7 @@ extractContigSamples16bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + tsample_t count, uint32_t start, uint32_t
> end)
> + {
> + int ready_bits = 0, sindex = 0;
> +- uint32_t col, src_byte, src_bit, bit_offset;
> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> + uint16_t maskbits = 0, matchbits = 0;
> + uint16_t buff1 = 0, buff2 = 0;
> + uint8_t bytebuff = 0;
> +@@ -2902,6 +2935,10 @@ extractContigSamples16bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + return (1);
> + }
> +
> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set
> one after the index of the last column to be copied!
> ++ */
> ++ numcols = abs(end - start);
> + if ((start > end) || (start > cols))
> + {
> + TIFFError ("extractContigSamples16bits",
> +@@ -2914,6 +2951,9 @@ extractContigSamples16bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + "Invalid end column value %"PRIu32" ignored", end);
> + end = cols;
> + }
> ++ if (abs(end - start) > numcols) {
> ++ end = start + numcols;
> ++ }
> +
> + ready_bits = 0;
> + maskbits = (uint16_t)-1 >> (16 - bps);
> +@@ -2978,7 +3018,7 @@ extractContigSamples24bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + tsample_t count, uint32_t start, uint32_t
> end)
> + {
> + int ready_bits = 0, sindex = 0;
> +- uint32_t col, src_byte, src_bit, bit_offset;
> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> + uint32_t maskbits = 0, matchbits = 0;
> + uint32_t buff1 = 0, buff2 = 0;
> + uint8_t bytebuff1 = 0, bytebuff2 = 0;
> +@@ -2991,6 +3031,10 @@ extractContigSamples24bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + return (1);
> + }
> +
> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set
> one after the index of the last column to be copied!
> ++ */
> ++ numcols = abs(end - start);
> + if ((start > end) || (start > cols))
> + {
> + TIFFError ("extractContigSamples24bits",
> +@@ -3003,6 +3047,9 @@ extractContigSamples24bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + "Invalid end column value %"PRIu32" ignored", end);
> + end = cols;
> + }
> ++ if (abs(end - start) > numcols) {
> ++ end = start + numcols;
> ++ }
> +
> + ready_bits = 0;
> + maskbits = (uint32_t)-1 >> (32 - bps);
> +@@ -3087,7 +3134,7 @@ extractContigSamples32bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + tsample_t count, uint32_t start, uint32_t
> end)
> + {
> + int ready_bits = 0, sindex = 0 /*, shift_width = 0 */;
> +- uint32_t col, src_byte, src_bit, bit_offset;
> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> + uint32_t longbuff1 = 0, longbuff2 = 0;
> + uint64_t maskbits = 0, matchbits = 0;
> + uint64_t buff1 = 0, buff2 = 0, buff3 = 0;
> +@@ -3102,6 +3149,10 @@ extractContigSamples32bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + }
> +
> +
> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set
> one after the index of the last column to be copied!
> ++ */
> ++ numcols = abs(end - start);
> + if ((start > end) || (start > cols))
> + {
> + TIFFError ("extractContigSamples32bits",
> +@@ -3114,6 +3165,9 @@ extractContigSamples32bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> + "Invalid end column value %"PRIu32" ignored", end);
> + end = cols;
> + }
> ++ if (abs(end - start) > numcols) {
> ++ end = start + numcols;
> ++ }
> +
> + /* shift_width = ((bps + 7) / 8) + 1; */
> + ready_bits = 0;
> +@@ -3193,7 +3247,7 @@ extractContigSamplesShifted8bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + int shift)
> + {
> + int ready_bits = 0, sindex = 0;
> +- uint32_t col, src_byte, src_bit, bit_offset;
> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> + uint8_t maskbits = 0, matchbits = 0;
> + uint8_t buff1 = 0, buff2 = 0;
> + uint8_t *src = in;
> +@@ -3205,6 +3259,10 @@ extractContigSamplesShifted8bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + return (1);
> + }
> +
> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set
> one after the index of the last column to be copied!
> ++ */
> ++ numcols = abs(end - start);
> + if ((start > end) || (start > cols))
> + {
> + TIFFError ("extractContigSamplesShifted8bits",
> +@@ -3217,6 +3275,9 @@ extractContigSamplesShifted8bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + "Invalid end column value %"PRIu32" ignored", end);
> + end = cols;
> + }
> ++ if (abs(end - start) > numcols) {
> ++ end = start + numcols;
> ++ }
> +
> + ready_bits = shift;
> + maskbits = (uint8_t)-1 >> (8 - bps);
> +@@ -3273,7 +3334,7 @@ extractContigSamplesShifted16bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + int shift)
> + {
> + int ready_bits = 0, sindex = 0;
> +- uint32_t col, src_byte, src_bit, bit_offset;
> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> + uint16_t maskbits = 0, matchbits = 0;
> + uint16_t buff1 = 0, buff2 = 0;
> + uint8_t bytebuff = 0;
> +@@ -3286,6 +3347,10 @@ extractContigSamplesShifted16bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + return (1);
> + }
> +
> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set
> one after the index of the last column to be copied!
> ++ */
> ++ numcols = abs(end - start);
> + if ((start > end) || (start > cols))
> + {
> + TIFFError ("extractContigSamplesShifted16bits",
> +@@ -3298,6 +3363,9 @@ extractContigSamplesShifted16bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + "Invalid end column value %"PRIu32" ignored", end);
> + end = cols;
> + }
> ++ if (abs(end - start) > numcols) {
> ++ end = start + numcols;
> ++ }
> +
> + ready_bits = shift;
> + maskbits = (uint16_t)-1 >> (16 - bps);
> +@@ -3363,7 +3431,7 @@ extractContigSamplesShifted24bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + int shift)
> + {
> + int ready_bits = 0, sindex = 0;
> +- uint32_t col, src_byte, src_bit, bit_offset;
> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> + uint32_t maskbits = 0, matchbits = 0;
> + uint32_t buff1 = 0, buff2 = 0;
> + uint8_t bytebuff1 = 0, bytebuff2 = 0;
> +@@ -3376,6 +3444,16 @@ extractContigSamplesShifted24bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + return (1);
> + }
> +
> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set
> one after the index of the last column to be copied!
> ++ */
> ++ /*--- Remark, which is true for all those functions
> extractCongigSamplesXXX() --
> ++ * The mitigation of the start/end test does not allways make sense,
> because the function is often called with e.g.:
> ++ * start = 31; end = 32; cols = 32 to extract the last column in a
> 32x32 sample image.
> ++ * If then, a worng parameter (e.g. cols = 10) is provided, the
> mitigated settings would be start=0; end=1.
> ++ * Therefore, an error message and no copy action might be the better
> reaction to wrong parameter configurations.
> ++ */
> ++ numcols = abs(end - start);
> + if ((start > end) || (start > cols))
> + {
> + TIFFError ("extractContigSamplesShifted24bits",
> +@@ -3388,6 +3466,9 @@ extractContigSamplesShifted24bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + "Invalid end column value %"PRIu32" ignored", end);
> + end = cols;
> + }
> ++ if (abs(end - start) > numcols) {
> ++ end = start + numcols;
> ++ }
> +
> + ready_bits = shift;
> + maskbits = (uint32_t)-1 >> (32 - bps);
> +@@ -3449,7 +3530,7 @@ extractContigSamplesShifted24bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + buff2 = (buff2 << 8);
> + bytebuff2 = bytebuff1;
> + ready_bits -= 8;
> +- }
> ++ }
> +
> + return (0);
> + } /* end extractContigSamplesShifted24bits */
> +@@ -3461,7 +3542,7 @@ extractContigSamplesShifted32bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + int shift)
> + {
> + int ready_bits = 0, sindex = 0 /*, shift_width = 0 */;
> +- uint32_t col, src_byte, src_bit, bit_offset;
> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> + uint32_t longbuff1 = 0, longbuff2 = 0;
> + uint64_t maskbits = 0, matchbits = 0;
> + uint64_t buff1 = 0, buff2 = 0, buff3 = 0;
> +@@ -3476,6 +3557,10 @@ extractContigSamplesShifted32bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + }
> +
> +
> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set
> one after the index of the last column to be copied!
> ++ */
> ++ numcols = abs(end - start);
> + if ((start > end) || (start > cols))
> + {
> + TIFFError ("extractContigSamplesShifted32bits",
> +@@ -3488,6 +3573,9 @@ extractContigSamplesShifted32bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> + "Invalid end column value %"PRIu32" ignored", end);
> + end = cols;
> + }
> ++ if (abs(end - start) > numcols) {
> ++ end = start + numcols;
> ++ }
> +
> + /* shift_width = ((bps + 7) / 8) + 1; */
> + ready_bits = shift;
> +@@ -5429,7 +5517,7 @@ getCropOffsets(struct image_data *image, struct
> crop_mask *crop, struct dump_opt
> + {
> + struct offset offsets;
> + int i;
> +- int32_t test;
> ++ uint32_t uaux;
> + uint32_t seg, total, need_buff = 0;
> + uint32_t buffsize;
> + uint32_t zwidth, zlength;
> +@@ -5510,8 +5598,13 @@ getCropOffsets(struct image_data *image, struct
> crop_mask *crop, struct dump_opt
> + seg = crop->zonelist[j].position;
> + total = crop->zonelist[j].total;
> +
> +- /* check for not allowed zone cases like 0:0; 4:3; etc. and skip
> that input */
> ++ /* check for not allowed zone cases like 0:0; 4:3; or negative ones
> etc. and skip that input */
> ++ if (crop->zonelist[j].position < 0 || crop->zonelist[j].total < 0) {
> ++ TIFFError("getCropOffsets", "Negative crop zone values %d:%d are
> not allowed, thus skipped.", crop->zonelist[j].position,
> crop->zonelist[j].total);
> ++ continue;
> ++ }
> + if (seg == 0 || total == 0 || seg > total) {
> ++ TIFFError("getCropOffsets", "Crop zone %d:%d is out of
> specification, thus skipped.", seg, total);
> + continue;
> + }
> +
> +@@ -5524,17 +5617,23 @@ getCropOffsets(struct image_data *image, struct
> crop_mask *crop, struct dump_opt
> +
> + crop->regionlist[i].x1 = offsets.startx +
> + (uint32_t)(offsets.crop_width * 1.0 *
> (seg - 1) / total);
> +- test = (int32_t)offsets.startx +
> +- (int32_t)(offsets.crop_width * 1.0 * seg / total);
> +- if (test < 1 )
> +- crop->regionlist[i].x2 = 0;
> +- else
> +- {
> +- if (test > (int32_t)(image->width - 1))
> ++ /* FAULT: IMHO in the old code here, the calculation of x2
> was based on wrong assumtions. The whole image was assumed and 'endy' and
> 'starty' are not respected anymore!*/
> ++ /* NEW PROPOSED Code: Assumption: offsets are within image
> with top left corner as origin (0,0) and 'start' <= 'end'. */
> ++ if (crop->regionlist[i].x1 > offsets.endx) {
> ++ crop->regionlist[i].x1 = offsets.endx;
> ++ } else if (crop->regionlist[i].x1 >= image->width) {
> ++ crop->regionlist[i].x1 = image->width - 1;
> ++ }
> ++
> ++ crop->regionlist[i].x2 = offsets.startx +
> (uint32_t)(offsets.crop_width * 1.0 * seg / total);
> ++ if (crop->regionlist[i].x2 > 0) crop->regionlist[i].x2 =
> crop->regionlist[i].x2 - 1;
> ++ if (crop->regionlist[i].x2 < crop->regionlist[i].x1) {
> ++ crop->regionlist[i].x2 = crop->regionlist[i].x1;
> ++ } else if (crop->regionlist[i].x2 > offsets.endx) {
> ++ crop->regionlist[i].x2 = offsets.endx;
> ++ } else if (crop->regionlist[i].x2 >= image->width) {
> + crop->regionlist[i].x2 = image->width - 1;
> +- else
> +- crop->regionlist[i].x2 = test - 1;
> +- }
> ++ }
> + zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
> +
> + /* This is passed to extractCropZone or extractCompositeZones */
> +@@ -5549,22 +5648,27 @@ getCropOffsets(struct image_data *image, struct
> crop_mask *crop, struct dump_opt
> + crop->regionlist[i].x1 = offsets.startx;
> + crop->regionlist[i].x2 = offsets.endx;
> +
> +- test = offsets.endy - (uint32_t)(offsets.crop_length * 1.0 *
> seg / total);
> +- if (test < 1 )
> +- crop->regionlist[i].y1 = 0;
> +- else
> +- crop->regionlist[i].y1 = test + 1;
> ++ /* FAULT: IMHO in the old code here, the calculation of y1/y2
> was based on wrong assumtions. The whole image was assumed and 'endy' and
> 'starty' are not respected anymore!*/
> ++ /* NEW PROPOSED Code: Assumption: offsets are within image
> with top left corner as origin (0,0) and 'start' <= 'end'. */
> ++ uaux = (uint32_t)(offsets.crop_length * 1.0 * seg / total);
> ++ if (uaux <= offsets.endy + 1) {
> ++ crop->regionlist[i].y1 = offsets.endy - uaux + 1;
> ++ } else {
> ++ crop->regionlist[i].y1 = 0;
> ++ }
> ++ if (crop->regionlist[i].y1 < offsets.starty) {
> ++ crop->regionlist[i].y1 = offsets.starty;
> ++ }
> +
> +- test = offsets.endy - (offsets.crop_length * 1.0 * (seg - 1)
> / total);
> +- if (test < 1 )
> +- crop->regionlist[i].y2 = 0;
> +- else
> +- {
> +- if (test > (int32_t)(image->length - 1))
> +- crop->regionlist[i].y2 = image->length - 1;
> +- else
> +- crop->regionlist[i].y2 = test;
> +- }
> ++ uaux = (uint32_t)(offsets.crop_length * 1.0 * (seg - 1) /
> total);
> ++ if (uaux <= offsets.endy) {
> ++ crop->regionlist[i].y2 = offsets.endy - uaux;
> ++ } else {
> ++ crop->regionlist[i].y2 = 0;
> ++ }
> ++ if (crop->regionlist[i].y2 < offsets.starty) {
> ++ crop->regionlist[i].y2 = offsets.starty;
> ++ }
> + zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
> +
> + /* This is passed to extractCropZone or extractCompositeZones */
> +@@ -5575,32 +5679,42 @@ getCropOffsets(struct image_data *image, struct
> crop_mask *crop, struct dump_opt
> + crop->combined_width = (uint32_t)zwidth;
> + break;
> + case EDGE_RIGHT: /* zones from right to left, length from top */
> +- zlength = offsets.crop_length;
> +- crop->regionlist[i].y1 = offsets.starty;
> +- crop->regionlist[i].y2 = offsets.endy;
> +-
> +- crop->regionlist[i].x1 = offsets.startx +
> +- (uint32_t)(offsets.crop_width * (total
> - seg) * 1.0 / total);
> +- test = offsets.startx +
> +- (offsets.crop_width * (total - seg + 1) * 1.0 / total);
> +- if (test < 1 )
> +- crop->regionlist[i].x2 = 0;
> +- else
> +- {
> +- if (test > (int32_t)(image->width - 1))
> +- crop->regionlist[i].x2 = image->width - 1;
> +- else
> +- crop->regionlist[i].x2 = test - 1;
> +- }
> +- zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
> ++ zlength = offsets.crop_length;
> ++ crop->regionlist[i].y1 = offsets.starty;
> ++ crop->regionlist[i].y2 = offsets.endy;
> ++
> ++ crop->regionlist[i].x1 = offsets.startx +
> ++ (uint32_t)(offsets.crop_width * (total - seg) *
> 1.0 / total);
> ++ /* FAULT: IMHO from here on, the calculation of y2 are based
> on wrong assumtions. The whole image is assumed and 'endy' and 'starty' are
> not respected anymore!*/
> ++ /* NEW PROPOSED Code: Assumption: offsets are within image
> with top left corner as origin (0,0) and 'start' <= 'end'. */
> ++ uaux = (uint32_t)(offsets.crop_width * 1.0 * seg / total);
> ++ if (uaux <= offsets.endx + 1) {
> ++ crop->regionlist[i].x1 = offsets.endx - uaux + 1;
> ++ } else {
> ++ crop->regionlist[i].x1 = 0;
> ++ }
> ++ if (crop->regionlist[i].x1 < offsets.startx) {
> ++ crop->regionlist[i].x1 = offsets.startx;
> ++ }
> +
> +- /* This is passed to extractCropZone or extractCompositeZones */
> +- crop->combined_length = (uint32_t)zlength;
> +- if (crop->exp_mode == COMPOSITE_IMAGES)
> +- crop->combined_width += (uint32_t)zwidth;
> +- else
> +- crop->combined_width = (uint32_t)zwidth;
> +- break;
> ++ uaux = (uint32_t)(offsets.crop_width * 1.0 * (seg - 1) /
> total);
> ++ if (uaux <= offsets.endx) {
> ++ crop->regionlist[i].x2 = offsets.endx - uaux;
> ++ } else {
> ++ crop->regionlist[i].x2 = 0;
> ++ }
> ++ if (crop->regionlist[i].x2 < offsets.startx) {
> ++ crop->regionlist[i].x2 = offsets.startx;
> ++ }
> ++ zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
> ++
> ++ /* This is passed to extractCropZone or
> extractCompositeZones */
> ++ crop->combined_length = (uint32_t)zlength;
> ++ if (crop->exp_mode == COMPOSITE_IMAGES)
> ++ crop->combined_width += (uint32_t)zwidth;
> ++ else
> ++ crop->combined_width = (uint32_t)zwidth;
> ++ break;
> + case EDGE_TOP: /* width from left, zones from top to bottom */
> + default:
> + zwidth = offsets.crop_width;
> +@@ -5608,6 +5722,14 @@ getCropOffsets(struct image_data *image, struct
> crop_mask *crop, struct dump_opt
> + crop->regionlist[i].x2 = offsets.endx;
> +
> + crop->regionlist[i].y1 = offsets.starty +
> (uint32_t)(offsets.crop_length * 1.0 * (seg - 1) / total);
> ++ if (crop->regionlist[i].y1 > offsets.endy) {
> ++ crop->regionlist[i].y1 = offsets.endy;
> ++ } else if (crop->regionlist[i].y1 >= image->length) {
> ++ crop->regionlist[i].y1 = image->length - 1;
> ++ }
> ++
> ++ /* FAULT: IMHO from here on, the calculation of y2 are based
> on wrong assumtions. The whole image is assumed and 'endy' and 'starty' are
> not respected anymore!*/
> ++ /* OLD Code:
> + test = offsets.starty + (uint32_t)(offsets.crop_length * 1.0
> * seg / total);
> + if (test < 1 )
> + crop->regionlist[i].y2 = 0;
> +@@ -5618,6 +5740,18 @@ getCropOffsets(struct image_data *image, struct
> crop_mask *crop, struct dump_opt
> + else
> + crop->regionlist[i].y2 = test - 1;
> + }
> ++ */
> ++ /* NEW PROPOSED Code: Assumption: offsets are within
> image with top left corner as origin (0,0) and 'start' <= 'end'. */
> ++ crop->regionlist[i].y2 = offsets.starty +
> (uint32_t)(offsets.crop_length * 1.0 * seg / total);
> ++ if (crop->regionlist[i].y2 > 0)crop->regionlist[i].y2 =
> crop->regionlist[i].y2 - 1;
> ++ if (crop->regionlist[i].y2 < crop->regionlist[i].y1) {
> ++ crop->regionlist[i].y2 = crop->regionlist[i].y1;
> ++ } else if (crop->regionlist[i].y2 > offsets.endy) {
> ++ crop->regionlist[i].y2 = offsets.endy;
> ++ } else if (crop->regionlist[i].y2 >= image->length) {
> ++ crop->regionlist[i].y2 = image->length - 1;
> ++ }
> ++
> + zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
> +
> + /* This is passed to extractCropZone or extractCompositeZones */
> +@@ -7551,7 +7685,8 @@ processCropSelections(struct image_data *image,
> struct crop_mask *crop,
> + total_width = total_length = 0;
> + for (i = 0; i < crop->selections; i++)
> + {
> +- cropsize = crop->bufftotal;
> ++
> ++ cropsize = crop->bufftotal;
> + crop_buff = seg_buffs[i].buffer;
> + if (!crop_buff)
> + crop_buff = (unsigned char *)limitMalloc(cropsize);
> +@@ -7640,6 +7775,9 @@ processCropSelections(struct image_data *image,
> struct crop_mask *crop,
> +
> + if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it
> can reallocate the buffer */
> + {
> ++ /* rotateImage() changes image->width, ->length, ->xres and
> ->yres, what it schouldn't do here, when more than one section is
> processed.
> ++ * ToDo: Therefore rotateImage() and its usage has to be
> reworked (e.g. like mirrorImage()) !!
> ++ */
> + if (rotateImage(crop->rotation, image, &crop->regionlist[i].width,
> + &crop->regionlist[i].length, &crop_buff))
> + {
> +@@ -7655,8 +7793,8 @@ processCropSelections(struct image_data *image,
> struct crop_mask *crop,
> + seg_buffs[i].size = (((crop->regionlist[i].width * image->bps +
> 7 ) / 8)
> + * image->spp) *
> crop->regionlist[i].length;
> + }
> +- }
> +- }
> ++ } /* for crop->selections loop */
> ++ } /* Separated Images (else case) */
> + return (0);
> + } /* end processCropSelections */
> +
> +--
> +2.33.0
> +
> diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
> b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
> new file mode 100644
> index 0000000000..3a3a915688
> --- /dev/null
> +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
> @@ -0,0 +1,87 @@
> +CVE: CVE-2022-2953
> +Upstream-Status: Backport
> +Signed-off-by: Ross Burton <ross.burton@arm.com>
> +Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
> +
> +From 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf Mon Sep 17 00:00:00 2001
> +From: Su_Laus <sulau@freenet.de>
> +Date: Mon, 15 Aug 2022 22:11:03 +0200
> +Subject: [PATCH] =?UTF-8?q?According=20to=20Richard=20Nolde=20
> https://gitl?=
> + =?UTF-8?q?
> ab.com/libtiff/libtiff/-/issues/401#note=5F877637400=20the=20ti?=
> + =?UTF-8?q?ffcrop=20option=20=E2=80=9E-S=E2=80=9C=20is=20also=20mutually?=
> +
> =?UTF-8?q?=20exclusive=20to=20the=20other=20crop=20options=20(-X|-Y),=20-?=
> + =?UTF-8?q?Z=20and=20-z.?=
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +This is now checked and ends tiffcrop if those arguments are not mutually
> exclusive.
> +
> +This MR will fix the following tiffcrop issues: #349, #414, #422, #423,
> #424
> +---
> + tools/tiffcrop.c | 31 ++++++++++++++++---------------
> + 1 file changed, 16 insertions(+), 15 deletions(-)
> +
> +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
> +index 90286a5e..c3b758ec 100644
> +--- a/tools/tiffcrop.c
> ++++ b/tools/tiffcrop.c
> +@@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-09-2022";
> + #define ROTATECW_270 32
> + #define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270)
> +
> +-#define CROP_NONE 0
> +-#define CROP_MARGINS 1
> +-#define CROP_WIDTH 2
> +-#define CROP_LENGTH 4
> +-#define CROP_ZONES 8
> +-#define CROP_REGIONS 16
> ++#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and
> page->rows/->cols != 0 */
> ++#define CROP_MARGINS 1 /* "-m" */
> ++#define CROP_WIDTH 2 /* "-X" */
> ++#define CROP_LENGTH 4 /* "-Y" */
> ++#define CROP_ZONES 8 /* "-Z" */
> ++#define CROP_REGIONS 16 /* "-z" */
> + #define CROP_ROTATE 32
> + #define CROP_MIRROR 64
> + #define CROP_INVERT 128
> +@@ -316,7 +316,7 @@ struct crop_mask {
> + #define PAGE_MODE_RESOLUTION 1
> + #define PAGE_MODE_PAPERSIZE 2
> + #define PAGE_MODE_MARGINS 4
> +-#define PAGE_MODE_ROWSCOLS 8
> ++#define PAGE_MODE_ROWSCOLS 8 /* for -S option */
> +
> + #define INVERT_DATA_ONLY 10
> + #define INVERT_DATA_AND_TAG 11
> +@@ -781,7 +781,7 @@ static const char usage_info[] =
> + " The four debug/dump options are independent, though it
> makes little sense to\n"
> + " specify a dump file without specifying a detail level.\n"
> + "\n"
> +-"Note: The (-X|-Y), -Z and -z options are mutually exclusive.\n"
> ++"Note: The (-X|-Y), -Z, -z and -S options are mutually
> exclusive.\n"
> + " In no case should the options be applied to a given
> selection successively.\n"
> + "\n"
> + ;
> +@@ -2131,13 +2131,14 @@ void process_command_opts (int argc, char
> *argv[], char *mp, char *mode, uint32
> + /*NOTREACHED*/
> + }
> + }
> +- /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and -z
> are mutually exclusive) --*/
> +- char XY, Z, R;
> ++ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and
> -S are mutually exclusive) --*/
> ++ char XY, Z, R, S;
> + XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode &
> CROP_LENGTH));
> + Z = (crop_data->crop_mode & CROP_ZONES);
> + R = (crop_data->crop_mode & CROP_REGIONS);
> +- if ((XY && Z) || (XY && R) || (Z && R)) {
> +- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z
> and -z are mutually exclusive.->Exit");
> ++ S = (page->mode & PAGE_MODE_ROWSCOLS);
> ++ if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) ||
> (R && S)) {
> ++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z,
> -z and -S are mutually exclusive.->Exit");
> + exit(EXIT_FAILURE);
> + }
> + } /* end process_command_opts */
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
> b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
> index f84057c46b..29a2c38d8e 100644
> --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
> +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
> @@ -25,6 +25,8 @@ SRC_URI = "
> http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
> file://CVE-2022-2869.patch \
> file://CVE-2022-2867.patch \
> file://b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch \
> +
> file://0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch \
> + file://CVE-2022-2953.patch \
> "
>
> SRC_URI[sha256sum] =
> "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#172667):
> https://lists.openembedded.org/g/openembedded-core/message/172667
> Mute This Topic: https://lists.openembedded.org/mt/94799048/7032091
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> skulkarni@mvista.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 47153 bytes --]
^ permalink raw reply [flat|nested] 37+ messages in thread* Re: [OE-core][kirkstone 06/31] tiff: fix CVE-2022-2953
2022-11-07 9:10 ` Shubham Kulkarni
@ 2022-11-07 14:19 ` Steve Sakoman
2022-11-09 10:27 ` Shubham Kulkarni
0 siblings, 1 reply; 37+ messages in thread
From: Steve Sakoman @ 2022-11-07 14:19 UTC (permalink / raw)
To: Zheng Qiu; +Cc: openembedded-core, Shubham Kulkarni
Hello Zheng,
Could you respond to Shubham's question on your patch?
Thanks,
Steve
On Sun, Nov 6, 2022 at 11:10 PM Shubham Kulkarni <skulkarni@mvista.com> wrote:
>
> Hello, I am new to this community and trying to understand the CVE patch fixing process. Kindly correct me if I am wrong with my understanding.
>
> So, this patch is fixing the code present in the file tools/tiffcrop.c . I can see this patch is having combined changes from following commits:
>
> 1] https://gitlab.com/libtiff/libtiff/-/commit/e319508 - tiffcrop: Fix issue #330 and some more from 320 to 349
> 2] https://gitlab.com/libtiff/libtiff/-/commit/8fe3735 - According to Richard Nolde #401 (comment 877637400)
> 3] https://gitlab.com/libtiff/libtiff/-/commit/bad48e9 - tiffcrop -S option: Make decision simpler.
>
> Debian website for this CVE (https://security-tracker.debian.org/tracker/CVE-2022-2953) suggests commits "2]" & "3]" as a fix. And both "2]" & "3]" fixes the code introduced by commit "1]". So, can we say that the vulnerability was introduced by commit "1]" , and solved by "2]" & "3]" ?
>
> If yes, then as per my understanding, there is no need of fixing, as vulnerability itself is not present in current code and it's Not Affected by the CVE. But this patch is introducing the vulnerability ("1]") and on top of it, fixing the same ("2]" & "3]"). Is it required Or can we just say that this version of code/tiff package is not affected by this CVE?
> Please rectify my understanding.
>
> Thanks in Advance,
> Shubham
>
>
> On Fri, Nov 4, 2022 at 8:31 AM Steve Sakoman <steve@sakoman.com> wrote:
>>
>> From: Zheng Qiu <zheng.qiu@windriver.com>
>>
>> While this does not happen with the tiff 4.3.0 release, it does happen with
>> the series of patches we have, so backport the two simple changes that
>> restrict the tiffcrop options to avoid the vulnerability.
>>
>> CVE-2022-2953.patch was taken from upstream, and a small typo was fixed
>> for the CVE number. The other patch is included in tiff 4.4.0 but not
>> 4.3.0, so add it as well.
>>
>> Signed-off-by: Randy MacLeod <randy.macleod@windriver.com>
>> Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
>> Signed-off-by: Steve Sakoman <steve@sakoman.com>
>> ---
>> ...ue-330-and-some-more-from-320-to-349.patch | 609 ++++++++++++++++++
>> .../libtiff/tiff/CVE-2022-2953.patch | 87 +++
>> meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
>> 3 files changed, 698 insertions(+)
>> create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
>> create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
>>
>> diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
>> new file mode 100644
>> index 0000000000..07acf5eb90
>> --- /dev/null
>> +++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
>> @@ -0,0 +1,609 @@
>> +From e319508023580e2f70e6e626f745b5b2a1707313 Mon Sep 17 00:00:00 2001
>> +From: Su Laus <sulau@freenet.de>
>> +Date: Tue, 10 May 2022 20:03:17 +0000
>> +Subject: [PATCH] tiffcrop: Fix issue #330 and some more from 320 to 349
>> +Upstream-Status: Backport
>> +Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
>> +---
>> + tools/tiffcrop.c | 282 +++++++++++++++++++++++++++++++++++------------
>> + 1 file changed, 210 insertions(+), 72 deletions(-)
>> +
>> +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
>> +index 77cf6ed1..791ec5e7 100644
>> +--- a/tools/tiffcrop.c
>> ++++ b/tools/tiffcrop.c
>> +@@ -63,20 +63,24 @@
>> + * units when sectioning image into columns x rows
>> + * using the -S cols:rows option.
>> + * -X # Horizontal dimension of region to extract expressed in current
>> +- * units
>> ++ * units, relative to the specified origin reference 'edge' left (default for X) or right.
>> + * -Y # Vertical dimension of region to extract expressed in current
>> +- * units
>> ++ * units, relative to the specified origin reference 'edge' top (default for Y) or bottom.
>> + * -O orient Orientation for output image, portrait, landscape, auto
>> + * -P page Page size for output image segments, eg letter, legal, tabloid,
>> + * etc.
>> + * -S cols:rows Divide the image into equal sized segments using cols across
>> + * and rows down
>> +- * -E t|l|r|b Edge to use as origin
>> ++ * -E t|l|r|b Edge to use as origin (i.e. 'side' of the image not 'corner')
>> ++ * top = width from left, zones from top to bottom (default)
>> ++ * bottom = width from left, zones from bottom to top
>> ++ * left = zones from left to right, length from top
>> ++ * right = zones from right to left, length from top
>> + * -m #,#,#,# Margins from edges for selection: top, left, bottom, right
>> + * (commas separated)
>> + * -Z #:#,#:# Zones of the image designated as zone X of Y,
>> + * eg 1:3 would be first of three equal portions measured
>> +- * from reference edge
>> ++ * from reference edge (i.e. 'side' not corner)
>> + * -N odd|even|#,#-#,#|last
>> + * Select sequences and/or ranges of images within file
>> + * to process. The words odd or even may be used to specify
>> +@@ -103,10 +107,13 @@
>> + * selects which functions dump data, with higher numbers selecting
>> + * lower level, scanline level routines. Debug reports a limited set
>> + * of messages to monitor progress without enabling dump logs.
>> ++ *
>> ++ * Note: The (-X|-Y), -Z and -z options are mutually exclusive.
>> ++ * In no case should the options be applied to a given selection successively.
>> + */
>> +
>> +-static char tiffcrop_version_id[] = "2.4.1";
>> +-static char tiffcrop_rev_date[] = "03-03-2010";
>> ++static char tiffcrop_version_id[] = "2.5";
>> ++static char tiffcrop_rev_date[] = "02-09-2022";
>> +
>> + #include "tif_config.h"
>> + #include "libport.h"
>> +@@ -774,6 +781,9 @@ static const char usage_info[] =
>> + " The four debug/dump options are independent, though it makes little sense to\n"
>> + " specify a dump file without specifying a detail level.\n"
>> + "\n"
>> ++"Note: The (-X|-Y), -Z and -z options are mutually exclusive.\n"
>> ++" In no case should the options be applied to a given selection successively.\n"
>> ++"\n"
>> + ;
>> +
>> + /* This function could be modified to pass starting sample offset
>> +@@ -2121,6 +2131,15 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
>> + /*NOTREACHED*/
>> + }
>> + }
>> ++ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and -z are mutually exclusive) --*/
>> ++ char XY, Z, R;
>> ++ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));
>> ++ Z = (crop_data->crop_mode & CROP_ZONES);
>> ++ R = (crop_data->crop_mode & CROP_REGIONS);
>> ++ if ((XY && Z) || (XY && R) || (Z && R)) {
>> ++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z and -z are mutually exclusive.->Exit");
>> ++ exit(EXIT_FAILURE);
>> ++ }
>> + } /* end process_command_opts */
>> +
>> + /* Start a new output file if one has not been previously opened or
>> +@@ -2746,7 +2765,7 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols,
>> + tsample_t count, uint32_t start, uint32_t end)
>> + {
>> + int i, bytes_per_sample, sindex;
>> +- uint32_t col, dst_rowsize, bit_offset;
>> ++ uint32_t col, dst_rowsize, bit_offset, numcols;
>> + uint32_t src_byte /*, src_bit */;
>> + uint8_t *src = in;
>> + uint8_t *dst = out;
>> +@@ -2757,6 +2776,10 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols,
>> + return (1);
>> + }
>> +
>> ++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
>> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
>> ++ */
>> ++ numcols = abs(end - start);
>> + if ((start > end) || (start > cols))
>> + {
>> + TIFFError ("extractContigSamplesBytes",
>> +@@ -2769,6 +2792,9 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols,
>> + "Invalid end column value %"PRIu32" ignored", end);
>> + end = cols;
>> + }
>> ++ if (abs(end - start) > numcols) {
>> ++ end = start + numcols;
>> ++ }
>> +
>> + dst_rowsize = (bps * (end - start) * count) / 8;
>> +
>> +@@ -2812,7 +2838,7 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + tsample_t count, uint32_t start, uint32_t end)
>> + {
>> + int ready_bits = 0, sindex = 0;
>> +- uint32_t col, src_byte, src_bit, bit_offset;
>> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
>> + uint8_t maskbits = 0, matchbits = 0;
>> + uint8_t buff1 = 0, buff2 = 0;
>> + uint8_t *src = in;
>> +@@ -2824,6 +2850,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + return (1);
>> + }
>> +
>> ++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
>> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
>> ++ */
>> ++ numcols = abs(end - start);
>> + if ((start > end) || (start > cols))
>> + {
>> + TIFFError ("extractContigSamples8bits",
>> +@@ -2836,7 +2866,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + "Invalid end column value %"PRIu32" ignored", end);
>> + end = cols;
>> + }
>> +-
>> ++ if (abs(end - start) > numcols) {
>> ++ end = start + numcols;
>> ++ }
>> ++
>> + ready_bits = 0;
>> + maskbits = (uint8_t)-1 >> (8 - bps);
>> + buff1 = buff2 = 0;
>> +@@ -2889,7 +2922,7 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + tsample_t count, uint32_t start, uint32_t end)
>> + {
>> + int ready_bits = 0, sindex = 0;
>> +- uint32_t col, src_byte, src_bit, bit_offset;
>> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
>> + uint16_t maskbits = 0, matchbits = 0;
>> + uint16_t buff1 = 0, buff2 = 0;
>> + uint8_t bytebuff = 0;
>> +@@ -2902,6 +2935,10 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + return (1);
>> + }
>> +
>> ++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
>> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
>> ++ */
>> ++ numcols = abs(end - start);
>> + if ((start > end) || (start > cols))
>> + {
>> + TIFFError ("extractContigSamples16bits",
>> +@@ -2914,6 +2951,9 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + "Invalid end column value %"PRIu32" ignored", end);
>> + end = cols;
>> + }
>> ++ if (abs(end - start) > numcols) {
>> ++ end = start + numcols;
>> ++ }
>> +
>> + ready_bits = 0;
>> + maskbits = (uint16_t)-1 >> (16 - bps);
>> +@@ -2978,7 +3018,7 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + tsample_t count, uint32_t start, uint32_t end)
>> + {
>> + int ready_bits = 0, sindex = 0;
>> +- uint32_t col, src_byte, src_bit, bit_offset;
>> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
>> + uint32_t maskbits = 0, matchbits = 0;
>> + uint32_t buff1 = 0, buff2 = 0;
>> + uint8_t bytebuff1 = 0, bytebuff2 = 0;
>> +@@ -2991,6 +3031,10 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + return (1);
>> + }
>> +
>> ++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
>> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
>> ++ */
>> ++ numcols = abs(end - start);
>> + if ((start > end) || (start > cols))
>> + {
>> + TIFFError ("extractContigSamples24bits",
>> +@@ -3003,6 +3047,9 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + "Invalid end column value %"PRIu32" ignored", end);
>> + end = cols;
>> + }
>> ++ if (abs(end - start) > numcols) {
>> ++ end = start + numcols;
>> ++ }
>> +
>> + ready_bits = 0;
>> + maskbits = (uint32_t)-1 >> (32 - bps);
>> +@@ -3087,7 +3134,7 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + tsample_t count, uint32_t start, uint32_t end)
>> + {
>> + int ready_bits = 0, sindex = 0 /*, shift_width = 0 */;
>> +- uint32_t col, src_byte, src_bit, bit_offset;
>> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
>> + uint32_t longbuff1 = 0, longbuff2 = 0;
>> + uint64_t maskbits = 0, matchbits = 0;
>> + uint64_t buff1 = 0, buff2 = 0, buff3 = 0;
>> +@@ -3102,6 +3149,10 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + }
>> +
>> +
>> ++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
>> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
>> ++ */
>> ++ numcols = abs(end - start);
>> + if ((start > end) || (start > cols))
>> + {
>> + TIFFError ("extractContigSamples32bits",
>> +@@ -3114,6 +3165,9 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + "Invalid end column value %"PRIu32" ignored", end);
>> + end = cols;
>> + }
>> ++ if (abs(end - start) > numcols) {
>> ++ end = start + numcols;
>> ++ }
>> +
>> + /* shift_width = ((bps + 7) / 8) + 1; */
>> + ready_bits = 0;
>> +@@ -3193,7 +3247,7 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + int shift)
>> + {
>> + int ready_bits = 0, sindex = 0;
>> +- uint32_t col, src_byte, src_bit, bit_offset;
>> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
>> + uint8_t maskbits = 0, matchbits = 0;
>> + uint8_t buff1 = 0, buff2 = 0;
>> + uint8_t *src = in;
>> +@@ -3205,6 +3259,10 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + return (1);
>> + }
>> +
>> ++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
>> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
>> ++ */
>> ++ numcols = abs(end - start);
>> + if ((start > end) || (start > cols))
>> + {
>> + TIFFError ("extractContigSamplesShifted8bits",
>> +@@ -3217,6 +3275,9 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + "Invalid end column value %"PRIu32" ignored", end);
>> + end = cols;
>> + }
>> ++ if (abs(end - start) > numcols) {
>> ++ end = start + numcols;
>> ++ }
>> +
>> + ready_bits = shift;
>> + maskbits = (uint8_t)-1 >> (8 - bps);
>> +@@ -3273,7 +3334,7 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + int shift)
>> + {
>> + int ready_bits = 0, sindex = 0;
>> +- uint32_t col, src_byte, src_bit, bit_offset;
>> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
>> + uint16_t maskbits = 0, matchbits = 0;
>> + uint16_t buff1 = 0, buff2 = 0;
>> + uint8_t bytebuff = 0;
>> +@@ -3286,6 +3347,10 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + return (1);
>> + }
>> +
>> ++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
>> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
>> ++ */
>> ++ numcols = abs(end - start);
>> + if ((start > end) || (start > cols))
>> + {
>> + TIFFError ("extractContigSamplesShifted16bits",
>> +@@ -3298,6 +3363,9 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + "Invalid end column value %"PRIu32" ignored", end);
>> + end = cols;
>> + }
>> ++ if (abs(end - start) > numcols) {
>> ++ end = start + numcols;
>> ++ }
>> +
>> + ready_bits = shift;
>> + maskbits = (uint16_t)-1 >> (16 - bps);
>> +@@ -3363,7 +3431,7 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + int shift)
>> + {
>> + int ready_bits = 0, sindex = 0;
>> +- uint32_t col, src_byte, src_bit, bit_offset;
>> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
>> + uint32_t maskbits = 0, matchbits = 0;
>> + uint32_t buff1 = 0, buff2 = 0;
>> + uint8_t bytebuff1 = 0, bytebuff2 = 0;
>> +@@ -3376,6 +3444,16 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + return (1);
>> + }
>> +
>> ++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
>> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
>> ++ */
>> ++ /*--- Remark, which is true for all those functions extractCongigSamplesXXX() --
>> ++ * The mitigation of the start/end test does not allways make sense, because the function is often called with e.g.:
>> ++ * start = 31; end = 32; cols = 32 to extract the last column in a 32x32 sample image.
>> ++ * If then, a worng parameter (e.g. cols = 10) is provided, the mitigated settings would be start=0; end=1.
>> ++ * Therefore, an error message and no copy action might be the better reaction to wrong parameter configurations.
>> ++ */
>> ++ numcols = abs(end - start);
>> + if ((start > end) || (start > cols))
>> + {
>> + TIFFError ("extractContigSamplesShifted24bits",
>> +@@ -3388,6 +3466,9 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + "Invalid end column value %"PRIu32" ignored", end);
>> + end = cols;
>> + }
>> ++ if (abs(end - start) > numcols) {
>> ++ end = start + numcols;
>> ++ }
>> +
>> + ready_bits = shift;
>> + maskbits = (uint32_t)-1 >> (32 - bps);
>> +@@ -3449,7 +3530,7 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + buff2 = (buff2 << 8);
>> + bytebuff2 = bytebuff1;
>> + ready_bits -= 8;
>> +- }
>> ++ }
>> +
>> + return (0);
>> + } /* end extractContigSamplesShifted24bits */
>> +@@ -3461,7 +3542,7 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + int shift)
>> + {
>> + int ready_bits = 0, sindex = 0 /*, shift_width = 0 */;
>> +- uint32_t col, src_byte, src_bit, bit_offset;
>> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
>> + uint32_t longbuff1 = 0, longbuff2 = 0;
>> + uint64_t maskbits = 0, matchbits = 0;
>> + uint64_t buff1 = 0, buff2 = 0, buff3 = 0;
>> +@@ -3476,6 +3557,10 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + }
>> +
>> +
>> ++ /* Number of extracted columns shall be kept as (end-start + 1). Otherwise buffer-overflow might occur.
>> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be set one after the index of the last column to be copied!
>> ++ */
>> ++ numcols = abs(end - start);
>> + if ((start > end) || (start > cols))
>> + {
>> + TIFFError ("extractContigSamplesShifted32bits",
>> +@@ -3488,6 +3573,9 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols,
>> + "Invalid end column value %"PRIu32" ignored", end);
>> + end = cols;
>> + }
>> ++ if (abs(end - start) > numcols) {
>> ++ end = start + numcols;
>> ++ }
>> +
>> + /* shift_width = ((bps + 7) / 8) + 1; */
>> + ready_bits = shift;
>> +@@ -5429,7 +5517,7 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
>> + {
>> + struct offset offsets;
>> + int i;
>> +- int32_t test;
>> ++ uint32_t uaux;
>> + uint32_t seg, total, need_buff = 0;
>> + uint32_t buffsize;
>> + uint32_t zwidth, zlength;
>> +@@ -5510,8 +5598,13 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
>> + seg = crop->zonelist[j].position;
>> + total = crop->zonelist[j].total;
>> +
>> +- /* check for not allowed zone cases like 0:0; 4:3; etc. and skip that input */
>> ++ /* check for not allowed zone cases like 0:0; 4:3; or negative ones etc. and skip that input */
>> ++ if (crop->zonelist[j].position < 0 || crop->zonelist[j].total < 0) {
>> ++ TIFFError("getCropOffsets", "Negative crop zone values %d:%d are not allowed, thus skipped.", crop->zonelist[j].position, crop->zonelist[j].total);
>> ++ continue;
>> ++ }
>> + if (seg == 0 || total == 0 || seg > total) {
>> ++ TIFFError("getCropOffsets", "Crop zone %d:%d is out of specification, thus skipped.", seg, total);
>> + continue;
>> + }
>> +
>> +@@ -5524,17 +5617,23 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
>> +
>> + crop->regionlist[i].x1 = offsets.startx +
>> + (uint32_t)(offsets.crop_width * 1.0 * (seg - 1) / total);
>> +- test = (int32_t)offsets.startx +
>> +- (int32_t)(offsets.crop_width * 1.0 * seg / total);
>> +- if (test < 1 )
>> +- crop->regionlist[i].x2 = 0;
>> +- else
>> +- {
>> +- if (test > (int32_t)(image->width - 1))
>> ++ /* FAULT: IMHO in the old code here, the calculation of x2 was based on wrong assumtions. The whole image was assumed and 'endy' and 'starty' are not respected anymore!*/
>> ++ /* NEW PROPOSED Code: Assumption: offsets are within image with top left corner as origin (0,0) and 'start' <= 'end'. */
>> ++ if (crop->regionlist[i].x1 > offsets.endx) {
>> ++ crop->regionlist[i].x1 = offsets.endx;
>> ++ } else if (crop->regionlist[i].x1 >= image->width) {
>> ++ crop->regionlist[i].x1 = image->width - 1;
>> ++ }
>> ++
>> ++ crop->regionlist[i].x2 = offsets.startx + (uint32_t)(offsets.crop_width * 1.0 * seg / total);
>> ++ if (crop->regionlist[i].x2 > 0) crop->regionlist[i].x2 = crop->regionlist[i].x2 - 1;
>> ++ if (crop->regionlist[i].x2 < crop->regionlist[i].x1) {
>> ++ crop->regionlist[i].x2 = crop->regionlist[i].x1;
>> ++ } else if (crop->regionlist[i].x2 > offsets.endx) {
>> ++ crop->regionlist[i].x2 = offsets.endx;
>> ++ } else if (crop->regionlist[i].x2 >= image->width) {
>> + crop->regionlist[i].x2 = image->width - 1;
>> +- else
>> +- crop->regionlist[i].x2 = test - 1;
>> +- }
>> ++ }
>> + zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
>> +
>> + /* This is passed to extractCropZone or extractCompositeZones */
>> +@@ -5549,22 +5648,27 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
>> + crop->regionlist[i].x1 = offsets.startx;
>> + crop->regionlist[i].x2 = offsets.endx;
>> +
>> +- test = offsets.endy - (uint32_t)(offsets.crop_length * 1.0 * seg / total);
>> +- if (test < 1 )
>> +- crop->regionlist[i].y1 = 0;
>> +- else
>> +- crop->regionlist[i].y1 = test + 1;
>> ++ /* FAULT: IMHO in the old code here, the calculation of y1/y2 was based on wrong assumtions. The whole image was assumed and 'endy' and 'starty' are not respected anymore!*/
>> ++ /* NEW PROPOSED Code: Assumption: offsets are within image with top left corner as origin (0,0) and 'start' <= 'end'. */
>> ++ uaux = (uint32_t)(offsets.crop_length * 1.0 * seg / total);
>> ++ if (uaux <= offsets.endy + 1) {
>> ++ crop->regionlist[i].y1 = offsets.endy - uaux + 1;
>> ++ } else {
>> ++ crop->regionlist[i].y1 = 0;
>> ++ }
>> ++ if (crop->regionlist[i].y1 < offsets.starty) {
>> ++ crop->regionlist[i].y1 = offsets.starty;
>> ++ }
>> +
>> +- test = offsets.endy - (offsets.crop_length * 1.0 * (seg - 1) / total);
>> +- if (test < 1 )
>> +- crop->regionlist[i].y2 = 0;
>> +- else
>> +- {
>> +- if (test > (int32_t)(image->length - 1))
>> +- crop->regionlist[i].y2 = image->length - 1;
>> +- else
>> +- crop->regionlist[i].y2 = test;
>> +- }
>> ++ uaux = (uint32_t)(offsets.crop_length * 1.0 * (seg - 1) / total);
>> ++ if (uaux <= offsets.endy) {
>> ++ crop->regionlist[i].y2 = offsets.endy - uaux;
>> ++ } else {
>> ++ crop->regionlist[i].y2 = 0;
>> ++ }
>> ++ if (crop->regionlist[i].y2 < offsets.starty) {
>> ++ crop->regionlist[i].y2 = offsets.starty;
>> ++ }
>> + zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
>> +
>> + /* This is passed to extractCropZone or extractCompositeZones */
>> +@@ -5575,32 +5679,42 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
>> + crop->combined_width = (uint32_t)zwidth;
>> + break;
>> + case EDGE_RIGHT: /* zones from right to left, length from top */
>> +- zlength = offsets.crop_length;
>> +- crop->regionlist[i].y1 = offsets.starty;
>> +- crop->regionlist[i].y2 = offsets.endy;
>> +-
>> +- crop->regionlist[i].x1 = offsets.startx +
>> +- (uint32_t)(offsets.crop_width * (total - seg) * 1.0 / total);
>> +- test = offsets.startx +
>> +- (offsets.crop_width * (total - seg + 1) * 1.0 / total);
>> +- if (test < 1 )
>> +- crop->regionlist[i].x2 = 0;
>> +- else
>> +- {
>> +- if (test > (int32_t)(image->width - 1))
>> +- crop->regionlist[i].x2 = image->width - 1;
>> +- else
>> +- crop->regionlist[i].x2 = test - 1;
>> +- }
>> +- zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
>> ++ zlength = offsets.crop_length;
>> ++ crop->regionlist[i].y1 = offsets.starty;
>> ++ crop->regionlist[i].y2 = offsets.endy;
>> ++
>> ++ crop->regionlist[i].x1 = offsets.startx +
>> ++ (uint32_t)(offsets.crop_width * (total - seg) * 1.0 / total);
>> ++ /* FAULT: IMHO from here on, the calculation of y2 are based on wrong assumtions. The whole image is assumed and 'endy' and 'starty' are not respected anymore!*/
>> ++ /* NEW PROPOSED Code: Assumption: offsets are within image with top left corner as origin (0,0) and 'start' <= 'end'. */
>> ++ uaux = (uint32_t)(offsets.crop_width * 1.0 * seg / total);
>> ++ if (uaux <= offsets.endx + 1) {
>> ++ crop->regionlist[i].x1 = offsets.endx - uaux + 1;
>> ++ } else {
>> ++ crop->regionlist[i].x1 = 0;
>> ++ }
>> ++ if (crop->regionlist[i].x1 < offsets.startx) {
>> ++ crop->regionlist[i].x1 = offsets.startx;
>> ++ }
>> +
>> +- /* This is passed to extractCropZone or extractCompositeZones */
>> +- crop->combined_length = (uint32_t)zlength;
>> +- if (crop->exp_mode == COMPOSITE_IMAGES)
>> +- crop->combined_width += (uint32_t)zwidth;
>> +- else
>> +- crop->combined_width = (uint32_t)zwidth;
>> +- break;
>> ++ uaux = (uint32_t)(offsets.crop_width * 1.0 * (seg - 1) / total);
>> ++ if (uaux <= offsets.endx) {
>> ++ crop->regionlist[i].x2 = offsets.endx - uaux;
>> ++ } else {
>> ++ crop->regionlist[i].x2 = 0;
>> ++ }
>> ++ if (crop->regionlist[i].x2 < offsets.startx) {
>> ++ crop->regionlist[i].x2 = offsets.startx;
>> ++ }
>> ++ zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
>> ++
>> ++ /* This is passed to extractCropZone or extractCompositeZones */
>> ++ crop->combined_length = (uint32_t)zlength;
>> ++ if (crop->exp_mode == COMPOSITE_IMAGES)
>> ++ crop->combined_width += (uint32_t)zwidth;
>> ++ else
>> ++ crop->combined_width = (uint32_t)zwidth;
>> ++ break;
>> + case EDGE_TOP: /* width from left, zones from top to bottom */
>> + default:
>> + zwidth = offsets.crop_width;
>> +@@ -5608,6 +5722,14 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
>> + crop->regionlist[i].x2 = offsets.endx;
>> +
>> + crop->regionlist[i].y1 = offsets.starty + (uint32_t)(offsets.crop_length * 1.0 * (seg - 1) / total);
>> ++ if (crop->regionlist[i].y1 > offsets.endy) {
>> ++ crop->regionlist[i].y1 = offsets.endy;
>> ++ } else if (crop->regionlist[i].y1 >= image->length) {
>> ++ crop->regionlist[i].y1 = image->length - 1;
>> ++ }
>> ++
>> ++ /* FAULT: IMHO from here on, the calculation of y2 are based on wrong assumtions. The whole image is assumed and 'endy' and 'starty' are not respected anymore!*/
>> ++ /* OLD Code:
>> + test = offsets.starty + (uint32_t)(offsets.crop_length * 1.0 * seg / total);
>> + if (test < 1 )
>> + crop->regionlist[i].y2 = 0;
>> +@@ -5618,6 +5740,18 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
>> + else
>> + crop->regionlist[i].y2 = test - 1;
>> + }
>> ++ */
>> ++ /* NEW PROPOSED Code: Assumption: offsets are within image with top left corner as origin (0,0) and 'start' <= 'end'. */
>> ++ crop->regionlist[i].y2 = offsets.starty + (uint32_t)(offsets.crop_length * 1.0 * seg / total);
>> ++ if (crop->regionlist[i].y2 > 0)crop->regionlist[i].y2 = crop->regionlist[i].y2 - 1;
>> ++ if (crop->regionlist[i].y2 < crop->regionlist[i].y1) {
>> ++ crop->regionlist[i].y2 = crop->regionlist[i].y1;
>> ++ } else if (crop->regionlist[i].y2 > offsets.endy) {
>> ++ crop->regionlist[i].y2 = offsets.endy;
>> ++ } else if (crop->regionlist[i].y2 >= image->length) {
>> ++ crop->regionlist[i].y2 = image->length - 1;
>> ++ }
>> ++
>> + zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
>> +
>> + /* This is passed to extractCropZone or extractCompositeZones */
>> +@@ -7551,7 +7685,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
>> + total_width = total_length = 0;
>> + for (i = 0; i < crop->selections; i++)
>> + {
>> +- cropsize = crop->bufftotal;
>> ++
>> ++ cropsize = crop->bufftotal;
>> + crop_buff = seg_buffs[i].buffer;
>> + if (!crop_buff)
>> + crop_buff = (unsigned char *)limitMalloc(cropsize);
>> +@@ -7640,6 +7775,9 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
>> +
>> + if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
>> + {
>> ++ /* rotateImage() changes image->width, ->length, ->xres and ->yres, what it schouldn't do here, when more than one section is processed.
>> ++ * ToDo: Therefore rotateImage() and its usage has to be reworked (e.g. like mirrorImage()) !!
>> ++ */
>> + if (rotateImage(crop->rotation, image, &crop->regionlist[i].width,
>> + &crop->regionlist[i].length, &crop_buff))
>> + {
>> +@@ -7655,8 +7793,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
>> + seg_buffs[i].size = (((crop->regionlist[i].width * image->bps + 7 ) / 8)
>> + * image->spp) * crop->regionlist[i].length;
>> + }
>> +- }
>> +- }
>> ++ } /* for crop->selections loop */
>> ++ } /* Separated Images (else case) */
>> + return (0);
>> + } /* end processCropSelections */
>> +
>> +--
>> +2.33.0
>> +
>> diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
>> new file mode 100644
>> index 0000000000..3a3a915688
>> --- /dev/null
>> +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
>> @@ -0,0 +1,87 @@
>> +CVE: CVE-2022-2953
>> +Upstream-Status: Backport
>> +Signed-off-by: Ross Burton <ross.burton@arm.com>
>> +Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
>> +
>> +From 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf Mon Sep 17 00:00:00 2001
>> +From: Su_Laus <sulau@freenet.de>
>> +Date: Mon, 15 Aug 2022 22:11:03 +0200
>> +Subject: [PATCH] =?UTF-8?q?According=20to=20Richard=20Nolde=20https://gitl?=
>> + =?UTF-8?q?ab.com/libtiff/libtiff/-/issues/401#note=5F877637400=20the=20ti?=
>> + =?UTF-8?q?ffcrop=20option=20=E2=80=9E-S=E2=80=9C=20is=20also=20mutually?=
>> + =?UTF-8?q?=20exclusive=20to=20the=20other=20crop=20options=20(-X|-Y),=20-?=
>> + =?UTF-8?q?Z=20and=20-z.?=
>> +MIME-Version: 1.0
>> +Content-Type: text/plain; charset=UTF-8
>> +Content-Transfer-Encoding: 8bit
>> +
>> +This is now checked and ends tiffcrop if those arguments are not mutually exclusive.
>> +
>> +This MR will fix the following tiffcrop issues: #349, #414, #422, #423, #424
>> +---
>> + tools/tiffcrop.c | 31 ++++++++++++++++---------------
>> + 1 file changed, 16 insertions(+), 15 deletions(-)
>> +
>> +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
>> +index 90286a5e..c3b758ec 100644
>> +--- a/tools/tiffcrop.c
>> ++++ b/tools/tiffcrop.c
>> +@@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-09-2022";
>> + #define ROTATECW_270 32
>> + #define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270)
>> +
>> +-#define CROP_NONE 0
>> +-#define CROP_MARGINS 1
>> +-#define CROP_WIDTH 2
>> +-#define CROP_LENGTH 4
>> +-#define CROP_ZONES 8
>> +-#define CROP_REGIONS 16
>> ++#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and page->rows/->cols != 0 */
>> ++#define CROP_MARGINS 1 /* "-m" */
>> ++#define CROP_WIDTH 2 /* "-X" */
>> ++#define CROP_LENGTH 4 /* "-Y" */
>> ++#define CROP_ZONES 8 /* "-Z" */
>> ++#define CROP_REGIONS 16 /* "-z" */
>> + #define CROP_ROTATE 32
>> + #define CROP_MIRROR 64
>> + #define CROP_INVERT 128
>> +@@ -316,7 +316,7 @@ struct crop_mask {
>> + #define PAGE_MODE_RESOLUTION 1
>> + #define PAGE_MODE_PAPERSIZE 2
>> + #define PAGE_MODE_MARGINS 4
>> +-#define PAGE_MODE_ROWSCOLS 8
>> ++#define PAGE_MODE_ROWSCOLS 8 /* for -S option */
>> +
>> + #define INVERT_DATA_ONLY 10
>> + #define INVERT_DATA_AND_TAG 11
>> +@@ -781,7 +781,7 @@ static const char usage_info[] =
>> + " The four debug/dump options are independent, though it makes little sense to\n"
>> + " specify a dump file without specifying a detail level.\n"
>> + "\n"
>> +-"Note: The (-X|-Y), -Z and -z options are mutually exclusive.\n"
>> ++"Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.\n"
>> + " In no case should the options be applied to a given selection successively.\n"
>> + "\n"
>> + ;
>> +@@ -2131,13 +2131,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
>> + /*NOTREACHED*/
>> + }
>> + }
>> +- /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and -z are mutually exclusive) --*/
>> +- char XY, Z, R;
>> ++ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/
>> ++ char XY, Z, R, S;
>> + XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));
>> + Z = (crop_data->crop_mode & CROP_ZONES);
>> + R = (crop_data->crop_mode & CROP_REGIONS);
>> +- if ((XY && Z) || (XY && R) || (Z && R)) {
>> +- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z and -z are mutually exclusive.->Exit");
>> ++ S = (page->mode & PAGE_MODE_ROWSCOLS);
>> ++ if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) {
>> ++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
>> + exit(EXIT_FAILURE);
>> + }
>> + } /* end process_command_opts */
>> +--
>> +2.34.1
>> +
>> diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
>> index f84057c46b..29a2c38d8e 100644
>> --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
>> +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
>> @@ -25,6 +25,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
>> file://CVE-2022-2869.patch \
>> file://CVE-2022-2867.patch \
>> file://b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch \
>> + file://0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch \
>> + file://CVE-2022-2953.patch \
>> "
>>
>> SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
>> --
>> 2.25.1
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#172667): https://lists.openembedded.org/g/openembedded-core/message/172667
>> Mute This Topic: https://lists.openembedded.org/mt/94799048/7032091
>> Group Owner: openembedded-core+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [skulkarni@mvista.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
^ permalink raw reply [flat|nested] 37+ messages in thread* Re: [OE-core][kirkstone 06/31] tiff: fix CVE-2022-2953
2022-11-07 14:19 ` Steve Sakoman
@ 2022-11-09 10:27 ` Shubham Kulkarni
0 siblings, 0 replies; 37+ messages in thread
From: Shubham Kulkarni @ 2022-11-09 10:27 UTC (permalink / raw)
To: Zheng Qiu; +Cc: openembedded-core, Steve Sakoman, Shubham Kulkarni
[-- Attachment #1: Type: text/plain, Size: 41000 bytes --]
Hi Zheng,
Can you please clear my confusion, if possible.
Thanks,
Shubham
On Mon, Nov 7, 2022 at 7:49 PM Steve Sakoman <steve@sakoman.com> wrote:
> Hello Zheng,
>
> Could you respond to Shubham's question on your patch?
>
> Thanks,
>
> Steve
>
> On Sun, Nov 6, 2022 at 11:10 PM Shubham Kulkarni <skulkarni@mvista.com>
> wrote:
> >
> > Hello, I am new to this community and trying to understand the CVE patch
> fixing process. Kindly correct me if I am wrong with my understanding.
> >
> > So, this patch is fixing the code present in the file tools/tiffcrop.c .
> I can see this patch is having combined changes from following commits:
> >
> > 1] https://gitlab.com/libtiff/libtiff/-/commit/e319508 - tiffcrop: Fix
> issue #330 and some more from 320 to 349
> > 2] https://gitlab.com/libtiff/libtiff/-/commit/8fe3735 - According to
> Richard Nolde #401 (comment 877637400)
> > 3] https://gitlab.com/libtiff/libtiff/-/commit/bad48e9 - tiffcrop -S
> option: Make decision simpler.
> >
> > Debian website for this CVE (
> https://security-tracker.debian.org/tracker/CVE-2022-2953) suggests
> commits "2]" & "3]" as a fix. And both "2]" & "3]" fixes the code
> introduced by commit "1]". So, can we say that the vulnerability was
> introduced by commit "1]" , and solved by "2]" & "3]" ?
> >
> > If yes, then as per my understanding, there is no need of fixing, as
> vulnerability itself is not present in current code and it's Not Affected
> by the CVE. But this patch is introducing the vulnerability ("1]") and on
> top of it, fixing the same ("2]" & "3]"). Is it required Or can we just say
> that this version of code/tiff package is not affected by this CVE?
> > Please rectify my understanding.
> >
> > Thanks in Advance,
> > Shubham
> >
> >
> > On Fri, Nov 4, 2022 at 8:31 AM Steve Sakoman <steve@sakoman.com> wrote:
> >>
> >> From: Zheng Qiu <zheng.qiu@windriver.com>
> >>
> >> While this does not happen with the tiff 4.3.0 release, it does happen
> with
> >> the series of patches we have, so backport the two simple changes that
> >> restrict the tiffcrop options to avoid the vulnerability.
> >>
> >> CVE-2022-2953.patch was taken from upstream, and a small typo was fixed
> >> for the CVE number. The other patch is included in tiff 4.4.0 but not
> >> 4.3.0, so add it as well.
> >>
> >> Signed-off-by: Randy MacLeod <randy.macleod@windriver.com>
> >> Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
> >> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> >> ---
> >> ...ue-330-and-some-more-from-320-to-349.patch | 609 ++++++++++++++++++
> >> .../libtiff/tiff/CVE-2022-2953.patch | 87 +++
> >> meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
> >> 3 files changed, 698 insertions(+)
> >> create mode 100644
> meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
> >> create mode 100644
> meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
> >>
> >> diff --git
> a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
> b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
> >> new file mode 100644
> >> index 0000000000..07acf5eb90
> >> --- /dev/null
> >> +++
> b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
> >> @@ -0,0 +1,609 @@
> >> +From e319508023580e2f70e6e626f745b5b2a1707313 Mon Sep 17 00:00:00 2001
> >> +From: Su Laus <sulau@freenet.de>
> >> +Date: Tue, 10 May 2022 20:03:17 +0000
> >> +Subject: [PATCH] tiffcrop: Fix issue #330 and some more from 320 to 349
> >> +Upstream-Status: Backport
> >> +Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
> >> +---
> >> + tools/tiffcrop.c | 282 +++++++++++++++++++++++++++++++++++------------
> >> + 1 file changed, 210 insertions(+), 72 deletions(-)
> >> +
> >> +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
> >> +index 77cf6ed1..791ec5e7 100644
> >> +--- a/tools/tiffcrop.c
> >> ++++ b/tools/tiffcrop.c
> >> +@@ -63,20 +63,24 @@
> >> + * units when sectioning image into columns x rows
> >> + * using the -S cols:rows option.
> >> + * -X # Horizontal dimension of region to extract expressed
> in current
> >> +- * units
> >> ++ * units, relative to the specified origin reference
> 'edge' left (default for X) or right.
> >> + * -Y # Vertical dimension of region to extract expressed
> in current
> >> +- * units
> >> ++ * units, relative to the specified origin reference
> 'edge' top (default for Y) or bottom.
> >> + * -O orient Orientation for output image, portrait, landscape,
> auto
> >> + * -P page Page size for output image segments, eg letter,
> legal, tabloid,
> >> + * etc.
> >> + * -S cols:rows Divide the image into equal sized segments using
> cols across
> >> + * and rows down
> >> +- * -E t|l|r|b Edge to use as origin
> >> ++ * -E t|l|r|b Edge to use as origin (i.e. 'side' of the image not
> 'corner')
> >> ++ * top = width from left, zones from top to
> bottom (default)
> >> ++ * bottom = width from left, zones from bottom to top
> >> ++ * left = zones from left to right, length from top
> >> ++ * right = zones from right to left, length from top
> >> + * -m #,#,#,# Margins from edges for selection: top, left,
> bottom, right
> >> + * (commas separated)
> >> + * -Z #:#,#:# Zones of the image designated as zone X of Y,
> >> + * eg 1:3 would be first of three equal portions
> measured
> >> +- * from reference edge
> >> ++ * from reference edge (i.e. 'side' not corner)
> >> + * -N odd|even|#,#-#,#|last
> >> + * Select sequences and/or ranges of images within file
> >> + * to process. The words odd or even may be used to
> specify
> >> +@@ -103,10 +107,13 @@
> >> + * selects which functions dump data, with higher
> numbers selecting
> >> + * lower level, scanline level routines. Debug reports
> a limited set
> >> + * of messages to monitor progress without enabling
> dump logs.
> >> ++ *
> >> ++ * Note: The (-X|-Y), -Z and -z options are mutually exclusive.
> >> ++ * In no case should the options be applied to a given
> selection successively.
> >> + */
> >> +
> >> +-static char tiffcrop_version_id[] = "2.4.1";
> >> +-static char tiffcrop_rev_date[] = "03-03-2010";
> >> ++static char tiffcrop_version_id[] = "2.5";
> >> ++static char tiffcrop_rev_date[] = "02-09-2022";
> >> +
> >> + #include "tif_config.h"
> >> + #include "libport.h"
> >> +@@ -774,6 +781,9 @@ static const char usage_info[] =
> >> + " The four debug/dump options are independent, though it
> makes little sense to\n"
> >> + " specify a dump file without specifying a detail
> level.\n"
> >> + "\n"
> >> ++"Note: The (-X|-Y), -Z and -z options are mutually
> exclusive.\n"
> >> ++" In no case should the options be applied to a given
> selection successively.\n"
> >> ++"\n"
> >> + ;
> >> +
> >> + /* This function could be modified to pass starting sample offset
> >> +@@ -2121,6 +2131,15 @@ void process_command_opts (int argc, char
> *argv[], char *mp, char *mode, uint32
> >> + /*NOTREACHED*/
> >> + }
> >> + }
> >> ++ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and
> -z are mutually exclusive) --*/
> >> ++ char XY, Z, R;
> >> ++ XY = ((crop_data->crop_mode & CROP_WIDTH) ||
> (crop_data->crop_mode & CROP_LENGTH));
> >> ++ Z = (crop_data->crop_mode & CROP_ZONES);
> >> ++ R = (crop_data->crop_mode & CROP_REGIONS);
> >> ++ if ((XY && Z) || (XY && R) || (Z && R)) {
> >> ++ TIFFError("tiffcrop input error", "The crop options(-X|-Y),
> -Z and -z are mutually exclusive.->Exit");
> >> ++ exit(EXIT_FAILURE);
> >> ++ }
> >> + } /* end process_command_opts */
> >> +
> >> + /* Start a new output file if one has not been previously opened or
> >> +@@ -2746,7 +2765,7 @@ extractContigSamplesBytes (uint8_t *in, uint8_t
> *out, uint32_t cols,
> >> + tsample_t count, uint32_t start, uint32_t
> end)
> >> + {
> >> + int i, bytes_per_sample, sindex;
> >> +- uint32_t col, dst_rowsize, bit_offset;
> >> ++ uint32_t col, dst_rowsize, bit_offset, numcols;
> >> + uint32_t src_byte /*, src_bit */;
> >> + uint8_t *src = in;
> >> + uint8_t *dst = out;
> >> +@@ -2757,6 +2776,10 @@ extractContigSamplesBytes (uint8_t *in, uint8_t
> *out, uint32_t cols,
> >> + return (1);
> >> + }
> >> +
> >> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> >> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be
> set one after the index of the last column to be copied!
> >> ++ */
> >> ++ numcols = abs(end - start);
> >> + if ((start > end) || (start > cols))
> >> + {
> >> + TIFFError ("extractContigSamplesBytes",
> >> +@@ -2769,6 +2792,9 @@ extractContigSamplesBytes (uint8_t *in, uint8_t
> *out, uint32_t cols,
> >> + "Invalid end column value %"PRIu32" ignored", end);
> >> + end = cols;
> >> + }
> >> ++ if (abs(end - start) > numcols) {
> >> ++ end = start + numcols;
> >> ++ }
> >> +
> >> + dst_rowsize = (bps * (end - start) * count) / 8;
> >> +
> >> +@@ -2812,7 +2838,7 @@ extractContigSamples8bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> >> + tsample_t count, uint32_t start, uint32_t
> end)
> >> + {
> >> + int ready_bits = 0, sindex = 0;
> >> +- uint32_t col, src_byte, src_bit, bit_offset;
> >> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> >> + uint8_t maskbits = 0, matchbits = 0;
> >> + uint8_t buff1 = 0, buff2 = 0;
> >> + uint8_t *src = in;
> >> +@@ -2824,6 +2850,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> >> + return (1);
> >> + }
> >> +
> >> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> >> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be
> set one after the index of the last column to be copied!
> >> ++ */
> >> ++ numcols = abs(end - start);
> >> + if ((start > end) || (start > cols))
> >> + {
> >> + TIFFError ("extractContigSamples8bits",
> >> +@@ -2836,7 +2866,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> >> + "Invalid end column value %"PRIu32" ignored", end);
> >> + end = cols;
> >> + }
> >> +-
> >> ++ if (abs(end - start) > numcols) {
> >> ++ end = start + numcols;
> >> ++ }
> >> ++
> >> + ready_bits = 0;
> >> + maskbits = (uint8_t)-1 >> (8 - bps);
> >> + buff1 = buff2 = 0;
> >> +@@ -2889,7 +2922,7 @@ extractContigSamples16bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> >> + tsample_t count, uint32_t start, uint32_t
> end)
> >> + {
> >> + int ready_bits = 0, sindex = 0;
> >> +- uint32_t col, src_byte, src_bit, bit_offset;
> >> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> >> + uint16_t maskbits = 0, matchbits = 0;
> >> + uint16_t buff1 = 0, buff2 = 0;
> >> + uint8_t bytebuff = 0;
> >> +@@ -2902,6 +2935,10 @@ extractContigSamples16bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + return (1);
> >> + }
> >> +
> >> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> >> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be
> set one after the index of the last column to be copied!
> >> ++ */
> >> ++ numcols = abs(end - start);
> >> + if ((start > end) || (start > cols))
> >> + {
> >> + TIFFError ("extractContigSamples16bits",
> >> +@@ -2914,6 +2951,9 @@ extractContigSamples16bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> >> + "Invalid end column value %"PRIu32" ignored", end);
> >> + end = cols;
> >> + }
> >> ++ if (abs(end - start) > numcols) {
> >> ++ end = start + numcols;
> >> ++ }
> >> +
> >> + ready_bits = 0;
> >> + maskbits = (uint16_t)-1 >> (16 - bps);
> >> +@@ -2978,7 +3018,7 @@ extractContigSamples24bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> >> + tsample_t count, uint32_t start, uint32_t
> end)
> >> + {
> >> + int ready_bits = 0, sindex = 0;
> >> +- uint32_t col, src_byte, src_bit, bit_offset;
> >> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> >> + uint32_t maskbits = 0, matchbits = 0;
> >> + uint32_t buff1 = 0, buff2 = 0;
> >> + uint8_t bytebuff1 = 0, bytebuff2 = 0;
> >> +@@ -2991,6 +3031,10 @@ extractContigSamples24bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + return (1);
> >> + }
> >> +
> >> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> >> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be
> set one after the index of the last column to be copied!
> >> ++ */
> >> ++ numcols = abs(end - start);
> >> + if ((start > end) || (start > cols))
> >> + {
> >> + TIFFError ("extractContigSamples24bits",
> >> +@@ -3003,6 +3047,9 @@ extractContigSamples24bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> >> + "Invalid end column value %"PRIu32" ignored", end);
> >> + end = cols;
> >> + }
> >> ++ if (abs(end - start) > numcols) {
> >> ++ end = start + numcols;
> >> ++ }
> >> +
> >> + ready_bits = 0;
> >> + maskbits = (uint32_t)-1 >> (32 - bps);
> >> +@@ -3087,7 +3134,7 @@ extractContigSamples32bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> >> + tsample_t count, uint32_t start, uint32_t
> end)
> >> + {
> >> + int ready_bits = 0, sindex = 0 /*, shift_width = 0 */;
> >> +- uint32_t col, src_byte, src_bit, bit_offset;
> >> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> >> + uint32_t longbuff1 = 0, longbuff2 = 0;
> >> + uint64_t maskbits = 0, matchbits = 0;
> >> + uint64_t buff1 = 0, buff2 = 0, buff3 = 0;
> >> +@@ -3102,6 +3149,10 @@ extractContigSamples32bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + }
> >> +
> >> +
> >> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> >> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be
> set one after the index of the last column to be copied!
> >> ++ */
> >> ++ numcols = abs(end - start);
> >> + if ((start > end) || (start > cols))
> >> + {
> >> + TIFFError ("extractContigSamples32bits",
> >> +@@ -3114,6 +3165,9 @@ extractContigSamples32bits (uint8_t *in, uint8_t
> *out, uint32_t cols,
> >> + "Invalid end column value %"PRIu32" ignored", end);
> >> + end = cols;
> >> + }
> >> ++ if (abs(end - start) > numcols) {
> >> ++ end = start + numcols;
> >> ++ }
> >> +
> >> + /* shift_width = ((bps + 7) / 8) + 1; */
> >> + ready_bits = 0;
> >> +@@ -3193,7 +3247,7 @@ extractContigSamplesShifted8bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + int shift)
> >> + {
> >> + int ready_bits = 0, sindex = 0;
> >> +- uint32_t col, src_byte, src_bit, bit_offset;
> >> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> >> + uint8_t maskbits = 0, matchbits = 0;
> >> + uint8_t buff1 = 0, buff2 = 0;
> >> + uint8_t *src = in;
> >> +@@ -3205,6 +3259,10 @@ extractContigSamplesShifted8bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + return (1);
> >> + }
> >> +
> >> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> >> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be
> set one after the index of the last column to be copied!
> >> ++ */
> >> ++ numcols = abs(end - start);
> >> + if ((start > end) || (start > cols))
> >> + {
> >> + TIFFError ("extractContigSamplesShifted8bits",
> >> +@@ -3217,6 +3275,9 @@ extractContigSamplesShifted8bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + "Invalid end column value %"PRIu32" ignored", end);
> >> + end = cols;
> >> + }
> >> ++ if (abs(end - start) > numcols) {
> >> ++ end = start + numcols;
> >> ++ }
> >> +
> >> + ready_bits = shift;
> >> + maskbits = (uint8_t)-1 >> (8 - bps);
> >> +@@ -3273,7 +3334,7 @@ extractContigSamplesShifted16bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + int shift)
> >> + {
> >> + int ready_bits = 0, sindex = 0;
> >> +- uint32_t col, src_byte, src_bit, bit_offset;
> >> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> >> + uint16_t maskbits = 0, matchbits = 0;
> >> + uint16_t buff1 = 0, buff2 = 0;
> >> + uint8_t bytebuff = 0;
> >> +@@ -3286,6 +3347,10 @@ extractContigSamplesShifted16bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + return (1);
> >> + }
> >> +
> >> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> >> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be
> set one after the index of the last column to be copied!
> >> ++ */
> >> ++ numcols = abs(end - start);
> >> + if ((start > end) || (start > cols))
> >> + {
> >> + TIFFError ("extractContigSamplesShifted16bits",
> >> +@@ -3298,6 +3363,9 @@ extractContigSamplesShifted16bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + "Invalid end column value %"PRIu32" ignored", end);
> >> + end = cols;
> >> + }
> >> ++ if (abs(end - start) > numcols) {
> >> ++ end = start + numcols;
> >> ++ }
> >> +
> >> + ready_bits = shift;
> >> + maskbits = (uint16_t)-1 >> (16 - bps);
> >> +@@ -3363,7 +3431,7 @@ extractContigSamplesShifted24bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + int shift)
> >> + {
> >> + int ready_bits = 0, sindex = 0;
> >> +- uint32_t col, src_byte, src_bit, bit_offset;
> >> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> >> + uint32_t maskbits = 0, matchbits = 0;
> >> + uint32_t buff1 = 0, buff2 = 0;
> >> + uint8_t bytebuff1 = 0, bytebuff2 = 0;
> >> +@@ -3376,6 +3444,16 @@ extractContigSamplesShifted24bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + return (1);
> >> + }
> >> +
> >> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> >> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be
> set one after the index of the last column to be copied!
> >> ++ */
> >> ++ /*--- Remark, which is true for all those functions
> extractCongigSamplesXXX() --
> >> ++ * The mitigation of the start/end test does not allways make
> sense, because the function is often called with e.g.:
> >> ++ * start = 31; end = 32; cols = 32 to extract the last column in a
> 32x32 sample image.
> >> ++ * If then, a worng parameter (e.g. cols = 10) is provided, the
> mitigated settings would be start=0; end=1.
> >> ++ * Therefore, an error message and no copy action might be the
> better reaction to wrong parameter configurations.
> >> ++ */
> >> ++ numcols = abs(end - start);
> >> + if ((start > end) || (start > cols))
> >> + {
> >> + TIFFError ("extractContigSamplesShifted24bits",
> >> +@@ -3388,6 +3466,9 @@ extractContigSamplesShifted24bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + "Invalid end column value %"PRIu32" ignored", end);
> >> + end = cols;
> >> + }
> >> ++ if (abs(end - start) > numcols) {
> >> ++ end = start + numcols;
> >> ++ }
> >> +
> >> + ready_bits = shift;
> >> + maskbits = (uint32_t)-1 >> (32 - bps);
> >> +@@ -3449,7 +3530,7 @@ extractContigSamplesShifted24bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + buff2 = (buff2 << 8);
> >> + bytebuff2 = bytebuff1;
> >> + ready_bits -= 8;
> >> +- }
> >> ++ }
> >> +
> >> + return (0);
> >> + } /* end extractContigSamplesShifted24bits */
> >> +@@ -3461,7 +3542,7 @@ extractContigSamplesShifted32bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + int shift)
> >> + {
> >> + int ready_bits = 0, sindex = 0 /*, shift_width = 0 */;
> >> +- uint32_t col, src_byte, src_bit, bit_offset;
> >> ++ uint32_t col, src_byte, src_bit, bit_offset, numcols;
> >> + uint32_t longbuff1 = 0, longbuff2 = 0;
> >> + uint64_t maskbits = 0, matchbits = 0;
> >> + uint64_t buff1 = 0, buff2 = 0, buff3 = 0;
> >> +@@ -3476,6 +3557,10 @@ extractContigSamplesShifted32bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + }
> >> +
> >> +
> >> ++ /* Number of extracted columns shall be kept as (end-start + 1).
> Otherwise buffer-overflow might occur.
> >> ++ * 'start' and 'col' count from 0 to (cols-1) but 'end' is to be
> set one after the index of the last column to be copied!
> >> ++ */
> >> ++ numcols = abs(end - start);
> >> + if ((start > end) || (start > cols))
> >> + {
> >> + TIFFError ("extractContigSamplesShifted32bits",
> >> +@@ -3488,6 +3573,9 @@ extractContigSamplesShifted32bits (uint8_t *in,
> uint8_t *out, uint32_t cols,
> >> + "Invalid end column value %"PRIu32" ignored", end);
> >> + end = cols;
> >> + }
> >> ++ if (abs(end - start) > numcols) {
> >> ++ end = start + numcols;
> >> ++ }
> >> +
> >> + /* shift_width = ((bps + 7) / 8) + 1; */
> >> + ready_bits = shift;
> >> +@@ -5429,7 +5517,7 @@ getCropOffsets(struct image_data *image, struct
> crop_mask *crop, struct dump_opt
> >> + {
> >> + struct offset offsets;
> >> + int i;
> >> +- int32_t test;
> >> ++ uint32_t uaux;
> >> + uint32_t seg, total, need_buff = 0;
> >> + uint32_t buffsize;
> >> + uint32_t zwidth, zlength;
> >> +@@ -5510,8 +5598,13 @@ getCropOffsets(struct image_data *image, struct
> crop_mask *crop, struct dump_opt
> >> + seg = crop->zonelist[j].position;
> >> + total = crop->zonelist[j].total;
> >> +
> >> +- /* check for not allowed zone cases like 0:0; 4:3; etc. and skip
> that input */
> >> ++ /* check for not allowed zone cases like 0:0; 4:3; or negative
> ones etc. and skip that input */
> >> ++ if (crop->zonelist[j].position < 0 || crop->zonelist[j].total <
> 0) {
> >> ++ TIFFError("getCropOffsets", "Negative crop zone values %d:%d
> are not allowed, thus skipped.", crop->zonelist[j].position,
> crop->zonelist[j].total);
> >> ++ continue;
> >> ++ }
> >> + if (seg == 0 || total == 0 || seg > total) {
> >> ++ TIFFError("getCropOffsets", "Crop zone %d:%d is out of
> specification, thus skipped.", seg, total);
> >> + continue;
> >> + }
> >> +
> >> +@@ -5524,17 +5617,23 @@ getCropOffsets(struct image_data *image,
> struct crop_mask *crop, struct dump_opt
> >> +
> >> + crop->regionlist[i].x1 = offsets.startx +
> >> + (uint32_t)(offsets.crop_width * 1.0
> * (seg - 1) / total);
> >> +- test = (int32_t)offsets.startx +
> >> +- (int32_t)(offsets.crop_width * 1.0 * seg / total);
> >> +- if (test < 1 )
> >> +- crop->regionlist[i].x2 = 0;
> >> +- else
> >> +- {
> >> +- if (test > (int32_t)(image->width - 1))
> >> ++ /* FAULT: IMHO in the old code here, the calculation of x2
> was based on wrong assumtions. The whole image was assumed and 'endy' and
> 'starty' are not respected anymore!*/
> >> ++ /* NEW PROPOSED Code: Assumption: offsets are within image
> with top left corner as origin (0,0) and 'start' <= 'end'. */
> >> ++ if (crop->regionlist[i].x1 > offsets.endx) {
> >> ++ crop->regionlist[i].x1 = offsets.endx;
> >> ++ } else if (crop->regionlist[i].x1 >= image->width) {
> >> ++ crop->regionlist[i].x1 = image->width - 1;
> >> ++ }
> >> ++
> >> ++ crop->regionlist[i].x2 = offsets.startx +
> (uint32_t)(offsets.crop_width * 1.0 * seg / total);
> >> ++ if (crop->regionlist[i].x2 > 0) crop->regionlist[i].x2 =
> crop->regionlist[i].x2 - 1;
> >> ++ if (crop->regionlist[i].x2 < crop->regionlist[i].x1) {
> >> ++ crop->regionlist[i].x2 = crop->regionlist[i].x1;
> >> ++ } else if (crop->regionlist[i].x2 > offsets.endx) {
> >> ++ crop->regionlist[i].x2 = offsets.endx;
> >> ++ } else if (crop->regionlist[i].x2 >= image->width) {
> >> + crop->regionlist[i].x2 = image->width - 1;
> >> +- else
> >> +- crop->regionlist[i].x2 = test - 1;
> >> +- }
> >> ++ }
> >> + zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1
> + 1;
> >> +
> >> + /* This is passed to extractCropZone or
> extractCompositeZones */
> >> +@@ -5549,22 +5648,27 @@ getCropOffsets(struct image_data *image,
> struct crop_mask *crop, struct dump_opt
> >> + crop->regionlist[i].x1 = offsets.startx;
> >> + crop->regionlist[i].x2 = offsets.endx;
> >> +
> >> +- test = offsets.endy - (uint32_t)(offsets.crop_length * 1.0
> * seg / total);
> >> +- if (test < 1 )
> >> +- crop->regionlist[i].y1 = 0;
> >> +- else
> >> +- crop->regionlist[i].y1 = test + 1;
> >> ++ /* FAULT: IMHO in the old code here, the calculation of
> y1/y2 was based on wrong assumtions. The whole image was assumed and 'endy'
> and 'starty' are not respected anymore!*/
> >> ++ /* NEW PROPOSED Code: Assumption: offsets are within image
> with top left corner as origin (0,0) and 'start' <= 'end'. */
> >> ++ uaux = (uint32_t)(offsets.crop_length * 1.0 * seg / total);
> >> ++ if (uaux <= offsets.endy + 1) {
> >> ++ crop->regionlist[i].y1 = offsets.endy - uaux + 1;
> >> ++ } else {
> >> ++ crop->regionlist[i].y1 = 0;
> >> ++ }
> >> ++ if (crop->regionlist[i].y1 < offsets.starty) {
> >> ++ crop->regionlist[i].y1 = offsets.starty;
> >> ++ }
> >> +
> >> +- test = offsets.endy - (offsets.crop_length * 1.0 * (seg -
> 1) / total);
> >> +- if (test < 1 )
> >> +- crop->regionlist[i].y2 = 0;
> >> +- else
> >> +- {
> >> +- if (test > (int32_t)(image->length - 1))
> >> +- crop->regionlist[i].y2 = image->length - 1;
> >> +- else
> >> +- crop->regionlist[i].y2 = test;
> >> +- }
> >> ++ uaux = (uint32_t)(offsets.crop_length * 1.0 * (seg - 1) /
> total);
> >> ++ if (uaux <= offsets.endy) {
> >> ++ crop->regionlist[i].y2 = offsets.endy - uaux;
> >> ++ } else {
> >> ++ crop->regionlist[i].y2 = 0;
> >> ++ }
> >> ++ if (crop->regionlist[i].y2 < offsets.starty) {
> >> ++ crop->regionlist[i].y2 = offsets.starty;
> >> ++ }
> >> + zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1
> + 1;
> >> +
> >> + /* This is passed to extractCropZone or
> extractCompositeZones */
> >> +@@ -5575,32 +5679,42 @@ getCropOffsets(struct image_data *image,
> struct crop_mask *crop, struct dump_opt
> >> + crop->combined_width = (uint32_t)zwidth;
> >> + break;
> >> + case EDGE_RIGHT: /* zones from right to left, length from top */
> >> +- zlength = offsets.crop_length;
> >> +- crop->regionlist[i].y1 = offsets.starty;
> >> +- crop->regionlist[i].y2 = offsets.endy;
> >> +-
> >> +- crop->regionlist[i].x1 = offsets.startx +
> >> +- (uint32_t)(offsets.crop_width *
> (total - seg) * 1.0 / total);
> >> +- test = offsets.startx +
> >> +- (offsets.crop_width * (total - seg + 1) * 1.0 /
> total);
> >> +- if (test < 1 )
> >> +- crop->regionlist[i].x2 = 0;
> >> +- else
> >> +- {
> >> +- if (test > (int32_t)(image->width - 1))
> >> +- crop->regionlist[i].x2 = image->width - 1;
> >> +- else
> >> +- crop->regionlist[i].x2 = test - 1;
> >> +- }
> >> +- zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1
> + 1;
> >> ++ zlength = offsets.crop_length;
> >> ++ crop->regionlist[i].y1 = offsets.starty;
> >> ++ crop->regionlist[i].y2 = offsets.endy;
> >> ++
> >> ++ crop->regionlist[i].x1 = offsets.startx +
> >> ++ (uint32_t)(offsets.crop_width * (total - seg)
> * 1.0 / total);
> >> ++ /* FAULT: IMHO from here on, the calculation of y2 are
> based on wrong assumtions. The whole image is assumed and 'endy' and
> 'starty' are not respected anymore!*/
> >> ++ /* NEW PROPOSED Code: Assumption: offsets are within image
> with top left corner as origin (0,0) and 'start' <= 'end'. */
> >> ++ uaux = (uint32_t)(offsets.crop_width * 1.0 * seg / total);
> >> ++ if (uaux <= offsets.endx + 1) {
> >> ++ crop->regionlist[i].x1 = offsets.endx - uaux + 1;
> >> ++ } else {
> >> ++ crop->regionlist[i].x1 = 0;
> >> ++ }
> >> ++ if (crop->regionlist[i].x1 < offsets.startx) {
> >> ++ crop->regionlist[i].x1 = offsets.startx;
> >> ++ }
> >> +
> >> +- /* This is passed to extractCropZone or
> extractCompositeZones */
> >> +- crop->combined_length = (uint32_t)zlength;
> >> +- if (crop->exp_mode == COMPOSITE_IMAGES)
> >> +- crop->combined_width += (uint32_t)zwidth;
> >> +- else
> >> +- crop->combined_width = (uint32_t)zwidth;
> >> +- break;
> >> ++ uaux = (uint32_t)(offsets.crop_width * 1.0 * (seg - 1) /
> total);
> >> ++ if (uaux <= offsets.endx) {
> >> ++ crop->regionlist[i].x2 = offsets.endx - uaux;
> >> ++ } else {
> >> ++ crop->regionlist[i].x2 = 0;
> >> ++ }
> >> ++ if (crop->regionlist[i].x2 < offsets.startx) {
> >> ++ crop->regionlist[i].x2 = offsets.startx;
> >> ++ }
> >> ++ zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 +
> 1;
> >> ++
> >> ++ /* This is passed to extractCropZone or
> extractCompositeZones */
> >> ++ crop->combined_length = (uint32_t)zlength;
> >> ++ if (crop->exp_mode == COMPOSITE_IMAGES)
> >> ++ crop->combined_width += (uint32_t)zwidth;
> >> ++ else
> >> ++ crop->combined_width = (uint32_t)zwidth;
> >> ++ break;
> >> + case EDGE_TOP: /* width from left, zones from top to bottom */
> >> + default:
> >> + zwidth = offsets.crop_width;
> >> +@@ -5608,6 +5722,14 @@ getCropOffsets(struct image_data *image, struct
> crop_mask *crop, struct dump_opt
> >> + crop->regionlist[i].x2 = offsets.endx;
> >> +
> >> + crop->regionlist[i].y1 = offsets.starty +
> (uint32_t)(offsets.crop_length * 1.0 * (seg - 1) / total);
> >> ++ if (crop->regionlist[i].y1 > offsets.endy) {
> >> ++ crop->regionlist[i].y1 = offsets.endy;
> >> ++ } else if (crop->regionlist[i].y1 >= image->length) {
> >> ++ crop->regionlist[i].y1 = image->length - 1;
> >> ++ }
> >> ++
> >> ++ /* FAULT: IMHO from here on, the calculation of y2 are
> based on wrong assumtions. The whole image is assumed and 'endy' and
> 'starty' are not respected anymore!*/
> >> ++ /* OLD Code:
> >> + test = offsets.starty + (uint32_t)(offsets.crop_length *
> 1.0 * seg / total);
> >> + if (test < 1 )
> >> + crop->regionlist[i].y2 = 0;
> >> +@@ -5618,6 +5740,18 @@ getCropOffsets(struct image_data *image, struct
> crop_mask *crop, struct dump_opt
> >> + else
> >> + crop->regionlist[i].y2 = test - 1;
> >> + }
> >> ++ */
> >> ++ /* NEW PROPOSED Code: Assumption: offsets are within
> image with top left corner as origin (0,0) and 'start' <= 'end'. */
> >> ++ crop->regionlist[i].y2 = offsets.starty +
> (uint32_t)(offsets.crop_length * 1.0 * seg / total);
> >> ++ if (crop->regionlist[i].y2 > 0)crop->regionlist[i].y2 =
> crop->regionlist[i].y2 - 1;
> >> ++ if (crop->regionlist[i].y2 < crop->regionlist[i].y1)
> {
> >> ++ crop->regionlist[i].y2 =
> crop->regionlist[i].y1;
> >> ++ } else if (crop->regionlist[i].y2 > offsets.endy) {
> >> ++ crop->regionlist[i].y2 = offsets.endy;
> >> ++ } else if (crop->regionlist[i].y2 >= image->length) {
> >> ++ crop->regionlist[i].y2 = image->length - 1;
> >> ++ }
> >> ++
> >> + zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1
> + 1;
> >> +
> >> + /* This is passed to extractCropZone or
> extractCompositeZones */
> >> +@@ -7551,7 +7685,8 @@ processCropSelections(struct image_data *image,
> struct crop_mask *crop,
> >> + total_width = total_length = 0;
> >> + for (i = 0; i < crop->selections; i++)
> >> + {
> >> +- cropsize = crop->bufftotal;
> >> ++
> >> ++ cropsize = crop->bufftotal;
> >> + crop_buff = seg_buffs[i].buffer;
> >> + if (!crop_buff)
> >> + crop_buff = (unsigned char *)limitMalloc(cropsize);
> >> +@@ -7640,6 +7775,9 @@ processCropSelections(struct image_data *image,
> struct crop_mask *crop,
> >> +
> >> + if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as
> it can reallocate the buffer */
> >> + {
> >> ++ /* rotateImage() changes image->width, ->length, ->xres and
> ->yres, what it schouldn't do here, when more than one section is processed.
> >> ++ * ToDo: Therefore rotateImage() and its usage has to be
> reworked (e.g. like mirrorImage()) !!
> >> ++ */
> >> + if (rotateImage(crop->rotation, image,
> &crop->regionlist[i].width,
> >> + &crop->regionlist[i].length, &crop_buff))
> >> + {
> >> +@@ -7655,8 +7793,8 @@ processCropSelections(struct image_data *image,
> struct crop_mask *crop,
> >> + seg_buffs[i].size = (((crop->regionlist[i].width * image->bps
> + 7 ) / 8)
> >> + * image->spp) *
> crop->regionlist[i].length;
> >> + }
> >> +- }
> >> +- }
> >> ++ } /* for crop->selections loop */
> >> ++ } /* Separated Images (else case) */
> >> + return (0);
> >> + } /* end processCropSelections */
> >> +
> >> +--
> >> +2.33.0
> >> +
> >> diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
> b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
> >> new file mode 100644
> >> index 0000000000..3a3a915688
> >> --- /dev/null
> >> +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
> >> @@ -0,0 +1,87 @@
> >> +CVE: CVE-2022-2953
> >> +Upstream-Status: Backport
> >> +Signed-off-by: Ross Burton <ross.burton@arm.com>
> >> +Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
> >> +
> >> +From 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf Mon Sep 17 00:00:00 2001
> >> +From: Su_Laus <sulau@freenet.de>
> >> +Date: Mon, 15 Aug 2022 22:11:03 +0200
> >> +Subject: [PATCH] =?UTF-8?q?According=20to=20Richard=20Nolde=20
> https://gitl?=
> >> + =?UTF-8?q?
> ab.com/libtiff/libtiff/-/issues/401#note=5F877637400=20the=20ti?=
> >> +
> =?UTF-8?q?ffcrop=20option=20=E2=80=9E-S=E2=80=9C=20is=20also=20mutually?=
> >> +
> =?UTF-8?q?=20exclusive=20to=20the=20other=20crop=20options=20(-X|-Y),=20-?=
> >> + =?UTF-8?q?Z=20and=20-z.?=
> >> +MIME-Version: 1.0
> >> +Content-Type: text/plain; charset=UTF-8
> >> +Content-Transfer-Encoding: 8bit
> >> +
> >> +This is now checked and ends tiffcrop if those arguments are not
> mutually exclusive.
> >> +
> >> +This MR will fix the following tiffcrop issues: #349, #414, #422,
> #423, #424
> >> +---
> >> + tools/tiffcrop.c | 31 ++++++++++++++++---------------
> >> + 1 file changed, 16 insertions(+), 15 deletions(-)
> >> +
> >> +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
> >> +index 90286a5e..c3b758ec 100644
> >> +--- a/tools/tiffcrop.c
> >> ++++ b/tools/tiffcrop.c
> >> +@@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-09-2022";
> >> + #define ROTATECW_270 32
> >> + #define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270)
> >> +
> >> +-#define CROP_NONE 0
> >> +-#define CROP_MARGINS 1
> >> +-#define CROP_WIDTH 2
> >> +-#define CROP_LENGTH 4
> >> +-#define CROP_ZONES 8
> >> +-#define CROP_REGIONS 16
> >> ++#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and
> page->rows/->cols != 0 */
> >> ++#define CROP_MARGINS 1 /* "-m" */
> >> ++#define CROP_WIDTH 2 /* "-X" */
> >> ++#define CROP_LENGTH 4 /* "-Y" */
> >> ++#define CROP_ZONES 8 /* "-Z" */
> >> ++#define CROP_REGIONS 16 /* "-z" */
> >> + #define CROP_ROTATE 32
> >> + #define CROP_MIRROR 64
> >> + #define CROP_INVERT 128
> >> +@@ -316,7 +316,7 @@ struct crop_mask {
> >> + #define PAGE_MODE_RESOLUTION 1
> >> + #define PAGE_MODE_PAPERSIZE 2
> >> + #define PAGE_MODE_MARGINS 4
> >> +-#define PAGE_MODE_ROWSCOLS 8
> >> ++#define PAGE_MODE_ROWSCOLS 8 /* for -S option */
> >> +
> >> + #define INVERT_DATA_ONLY 10
> >> + #define INVERT_DATA_AND_TAG 11
> >> +@@ -781,7 +781,7 @@ static const char usage_info[] =
> >> + " The four debug/dump options are independent, though it
> makes little sense to\n"
> >> + " specify a dump file without specifying a detail
> level.\n"
> >> + "\n"
> >> +-"Note: The (-X|-Y), -Z and -z options are mutually
> exclusive.\n"
> >> ++"Note: The (-X|-Y), -Z, -z and -S options are mutually
> exclusive.\n"
> >> + " In no case should the options be applied to a given
> selection successively.\n"
> >> + "\n"
> >> + ;
> >> +@@ -2131,13 +2131,14 @@ void process_command_opts (int argc, char
> *argv[], char *mp, char *mode, uint32
> >> + /*NOTREACHED*/
> >> + }
> >> + }
> >> +- /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and
> -z are mutually exclusive) --*/
> >> +- char XY, Z, R;
> >> ++ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z
> and -S are mutually exclusive) --*/
> >> ++ char XY, Z, R, S;
> >> + XY = ((crop_data->crop_mode & CROP_WIDTH) ||
> (crop_data->crop_mode & CROP_LENGTH));
> >> + Z = (crop_data->crop_mode & CROP_ZONES);
> >> + R = (crop_data->crop_mode & CROP_REGIONS);
> >> +- if ((XY && Z) || (XY && R) || (Z && R)) {
> >> +- TIFFError("tiffcrop input error", "The crop options(-X|-Y),
> -Z and -z are mutually exclusive.->Exit");
> >> ++ S = (page->mode & PAGE_MODE_ROWSCOLS);
> >> ++ if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S)
> || (R && S)) {
> >> ++ TIFFError("tiffcrop input error", "The crop options(-X|-Y),
> -Z, -z and -S are mutually exclusive.->Exit");
> >> + exit(EXIT_FAILURE);
> >> + }
> >> + } /* end process_command_opts */
> >> +--
> >> +2.34.1
> >> +
> >> diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
> b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
> >> index f84057c46b..29a2c38d8e 100644
> >> --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
> >> +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
> >> @@ -25,6 +25,8 @@ SRC_URI = "
> http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
> >> file://CVE-2022-2869.patch \
> >> file://CVE-2022-2867.patch \
> >> file://b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch \
> >> +
> file://0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch \
> >> + file://CVE-2022-2953.patch \
> >> "
> >>
> >> SRC_URI[sha256sum] =
> "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
> >> --
> >> 2.25.1
> >>
> >>
> >> -=-=-=-=-=-=-=-=-=-=-=-
> >> Links: You receive all messages sent to this group.
> >> View/Reply Online (#172667):
> https://lists.openembedded.org/g/openembedded-core/message/172667
> >> Mute This Topic: https://lists.openembedded.org/mt/94799048/7032091
> >> Group Owner: openembedded-core+owner@lists.openembedded.org
> >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> skulkarni@mvista.com]
> >> -=-=-=-=-=-=-=-=-=-=-=-
> >>
>
[-- Attachment #2: Type: text/html, Size: 54555 bytes --]
^ permalink raw reply [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 07/31] expat: backport the fix for CVE-2022-43680
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (5 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 06/31] tiff: fix CVE-2022-2953 Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 08/31] wayland: fix CVE-2021-3782 Steve Sakoman
` (23 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../expat/expat/CVE-2022-43680.patch | 33 +++++++++++++++++++
meta/recipes-core/expat/expat_2.4.9.bb | 1 +
2 files changed, 34 insertions(+)
create mode 100644 meta/recipes-core/expat/expat/CVE-2022-43680.patch
diff --git a/meta/recipes-core/expat/expat/CVE-2022-43680.patch b/meta/recipes-core/expat/expat/CVE-2022-43680.patch
new file mode 100644
index 0000000000..76c55edc76
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-43680.patch
@@ -0,0 +1,33 @@
+CVE: CVE-2022-43680
+Upstream-Status: Backport [5290462a7ea1278a8d5c0d5b2860d4e244f997e4]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 5290462a7ea1278a8d5c0d5b2860d4e244f997e4 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Tue, 20 Sep 2022 02:44:34 +0200
+Subject: [PATCH] lib: Fix overeager DTD destruction in
+ XML_ExternalEntityParserCreate
+
+---
+ expat/lib/xmlparse.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index aacd6e7fc..57bf103cc 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -1068,6 +1068,14 @@ parserCreate(const XML_Char *encodingName,
+ parserInit(parser, encodingName);
+
+ if (encodingName && ! parser->m_protocolEncodingName) {
++ if (dtd) {
++ // We need to stop the upcoming call to XML_ParserFree from happily
++ // destroying parser->m_dtd because the DTD is shared with the parent
++ // parser and the only guard that keeps XML_ParserFree from destroying
++ // parser->m_dtd is parser->m_isParamEntity but it will be set to
++ // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
++ parser->m_dtd = NULL;
++ }
+ XML_ParserFree(parser);
+ return NULL;
+ }
diff --git a/meta/recipes-core/expat/expat_2.4.9.bb b/meta/recipes-core/expat/expat_2.4.9.bb
index cb007708c7..22f9845a99 100644
--- a/meta/recipes-core/expat/expat_2.4.9.bb
+++ b/meta/recipes-core/expat/expat_2.4.9.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7b3b078238d0901d3b339289117cb7fb"
VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}"
SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \
+ file://CVE-2022-43680.patch \
file://run-ptest \
"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 08/31] wayland: fix CVE-2021-3782
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (6 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 07/31] expat: backport the fix for CVE-2022-43680 Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 09/31] cve-update-db-native: add timeout to urlopen() calls Steve Sakoman
` (22 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Narpat Mali <narpat.mali@windriver.com>
An internal reference count is held on the buffer pool,
incremented every time a new buffer is created from the pool.
The reference count is maintained as an int;
on LP64 systems this can cause thereference count to overflow if
the client creates a large number of wl_shm buffer objects,
or if it can coerce the server to create a large number of external references
to the buffer storage. With the reference count overflowing, a use-after-free
can be constructed on the wl_shm_pool tracking structure,
where values may be incremented or decremented;
it may also be possible to construct a limited oracle to leak 4 bytes of
server-side memory to the attacking client at a time.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-3782
Upstream patch:
https://gitlab.freedesktop.org/wayland/wayland/-/commit/b19488c7154b902354cb26a27f11415d7799b0b2
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../wayland/wayland/CVE-2021-3782.patch | 111 ++++++++++++++++++
.../wayland/wayland_1.20.0.bb | 2 +
2 files changed, 113 insertions(+)
create mode 100644 meta/recipes-graphics/wayland/wayland/CVE-2021-3782.patch
diff --git a/meta/recipes-graphics/wayland/wayland/CVE-2021-3782.patch b/meta/recipes-graphics/wayland/wayland/CVE-2021-3782.patch
new file mode 100644
index 0000000000..df204508e9
--- /dev/null
+++ b/meta/recipes-graphics/wayland/wayland/CVE-2021-3782.patch
@@ -0,0 +1,111 @@
+From 5eed6609619cc2e4eaa8618d11c15d442abf54be Mon Sep 17 00:00:00 2001
+From: Derek Foreman <derek.foreman@collabora.com>
+Date: Fri, 28 Jan 2022 13:18:37 -0600
+Subject: [PATCH] util: Limit size of wl_map
+
+Since server IDs are basically indistinguishable from really big client
+IDs at many points in the source, it's theoretically possible to overflow
+a map and either overflow server IDs into the client ID space, or grow
+client IDs into the server ID space. This would currently take a massive
+amount of RAM, but the definition of massive changes yearly.
+
+Prevent this by placing a ridiculous but arbitrary upper bound on the
+number of items we can put in a map: 0xF00000, somewhere over 15 million.
+This should satisfy pathological clients without restriction, but stays
+well clear of the 0xFF000000 transition point between server and client
+IDs. It will still take an improbable amount of RAM to hit this, and a
+client could still exhaust all RAM in this way, but our goal is to prevent
+overflow and undefined behaviour.
+
+Fixes #224
+
+Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
+
+Upstream-Status: Backport
+CVE: CVE-2021-3782
+
+Reference to upstream patch:
+https://gitlab.freedesktop.org/wayland/wayland/-/commit/b19488c7154b902354cb26a27f11415d7799b0b2
+
+[DP: adjust context for wayland version 1.20.0]
+Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com>
+---
+ src/wayland-private.h | 1 +
+ src/wayland-util.c | 25 +++++++++++++++++++++++--
+ 2 files changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/src/wayland-private.h b/src/wayland-private.h
+index 9bf8cb7..35dc40e 100644
+--- a/src/wayland-private.h
++++ b/src/wayland-private.h
+@@ -45,6 +45,7 @@
+ #define WL_MAP_SERVER_SIDE 0
+ #define WL_MAP_CLIENT_SIDE 1
+ #define WL_SERVER_ID_START 0xff000000
++#define WL_MAP_MAX_OBJECTS 0x00f00000
+ #define WL_CLOSURE_MAX_ARGS 20
+
+ struct wl_object {
+diff --git a/src/wayland-util.c b/src/wayland-util.c
+index d5973bf..3e45d19 100644
+--- a/src/wayland-util.c
++++ b/src/wayland-util.c
+@@ -195,6 +195,7 @@ wl_map_insert_new(struct wl_map *map, uint32_t flags, void *data)
+ union map_entry *start, *entry;
+ struct wl_array *entries;
+ uint32_t base;
++ uint32_t count;
+
+ if (map->side == WL_MAP_CLIENT_SIDE) {
+ entries = &map->client_entries;
+@@ -215,10 +216,25 @@ wl_map_insert_new(struct wl_map *map, uint32_t flags, void *data)
+ start = entries->data;
+ }
+
++ /* wl_array only grows, so if we have too many objects at
++ * this point there's no way to clean up. We could be more
++ * pro-active about trying to avoid this allocation, but
++ * it doesn't really matter because at this point there is
++ * nothing to be done but disconnect the client and delete
++ * the whole array either way.
++ */
++ count = entry - start;
++ if (count > WL_MAP_MAX_OBJECTS) {
++ /* entry->data is freshly malloced garbage, so we'd
++ * better make it a NULL so wl_map_for_each doesn't
++ * dereference it later. */
++ entry->data = NULL;
++ return 0;
++ }
+ entry->data = data;
+ entry->next |= (flags & 0x1) << 1;
+
+- return (entry - start) + base;
++ return count + base;
+ }
+
+ int
+@@ -235,6 +251,9 @@ wl_map_insert_at(struct wl_map *map, uint32_t flags, uint32_t i, void *data)
+ i -= WL_SERVER_ID_START;
+ }
+
++ if (i > WL_MAP_MAX_OBJECTS)
++ return -1;
++
+ count = entries->size / sizeof *start;
+ if (count < i)
+ return -1;
+@@ -269,8 +288,10 @@ wl_map_reserve_new(struct wl_map *map, uint32_t i)
+ i -= WL_SERVER_ID_START;
+ }
+
+- count = entries->size / sizeof *start;
++ if (i > WL_MAP_MAX_OBJECTS)
++ return -1;
+
++ count = entries->size / sizeof *start;
+ if (count < i)
+ return -1;
+
+--
+2.37.3
diff --git a/meta/recipes-graphics/wayland/wayland_1.20.0.bb b/meta/recipes-graphics/wayland/wayland_1.20.0.bb
index bd437767b2..9351d2ed6a 100644
--- a/meta/recipes-graphics/wayland/wayland_1.20.0.bb
+++ b/meta/recipes-graphics/wayland/wayland_1.20.0.bb
@@ -16,7 +16,9 @@ SRC_URI = "https://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \
file://run-ptest \
file://0002-Do-not-hardcode-the-path-to-wayland-scanner.patch \
file://0001-build-Fix-strndup-detection-on-MinGW.patch \
+ file://CVE-2021-3782.patch \
"
+
SRC_URI[sha256sum] = "b8a034154c7059772e0fdbd27dbfcda6c732df29cae56a82274f6ec5d7cd8725"
UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 09/31] cve-update-db-native: add timeout to urlopen() calls
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (7 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 08/31] wayland: fix CVE-2021-3782 Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 10/31] vim: Upgrade 9.0.0598 -> 9.0.0614 Steve Sakoman
` (21 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Frank de Brabander <debrabander@gmail.com>
The urlopen() call can block indefinitely under some circumstances.
This can result in the bitbake process to run endlessly because of
the 'do_fetch' task of cve-update-bb-native to remain active.
This adds a default timeout of 60 seconds to avoid this hang, while
being large enough to minimize the risk of unwanted timeouts.
Signed-off-by: Frank de Brabander <debrabander@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e5f6652854f544106b40d860de2946954de642f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/meta/cve-update-db-native.bb | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 944243fce9..9b9dbbd75f 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -18,6 +18,9 @@ NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
# Use a negative value to skip the update
CVE_DB_UPDATE_INTERVAL ?= "86400"
+# Timeout for blocking socket operations, such as the connection attempt.
+CVE_SOCKET_TIMEOUT ?= "60"
+
python () {
if not bb.data.inherits_class("cve-check", d):
raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
@@ -39,6 +42,8 @@ python do_fetch() {
db_file = d.getVar("CVE_CHECK_DB_FILE")
db_dir = os.path.dirname(db_file)
+ cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT"))
+
if os.path.exists("{0}-journal".format(db_file)):
# If a journal is present the last update might have been interrupted. In that case,
# just wipe any leftovers and force the DB to be recreated.
@@ -79,7 +84,7 @@ python do_fetch() {
# Retrieve meta last modified date
try:
- response = urllib.request.urlopen(meta_url)
+ response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout)
except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
bb.warn("Failed to fetch CVE data (%s)" % e.reason)
@@ -107,7 +112,7 @@ python do_fetch() {
# Update db with current year json file
try:
- response = urllib.request.urlopen(json_url)
+ response = urllib.request.urlopen(json_url, timeout=cve_socket_timeout)
if response:
update_db(conn, gzip.decompress(response.read()).decode('utf-8'))
conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close()
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 10/31] vim: Upgrade 9.0.0598 -> 9.0.0614
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (8 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 09/31] cve-update-db-native: add timeout to urlopen() calls Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 11/31] vim: upgrade 9.0.0614 -> 9.0.0820 Steve Sakoman
` (20 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Teoh Jay Shen <jay.shen.teoh@intel.com>
Include fixes for CVE-2022-3352.
Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 8aa707f80ae1cfe89d5e20ec1f1632a65149aed4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index cbc370100b..0710f6afbf 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
-PV .= ".0598"
-SRCREV = "8279af514ca7e5fd3c31cf13b0864163d1a0bfeb"
+PV .= ".0614"
+SRCREV = "ef976323e770315b5fca544efb6b2faa25674d15"
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 11/31] vim: upgrade 9.0.0614 -> 9.0.0820
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (9 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 10/31] vim: Upgrade 9.0.0598 -> 9.0.0614 Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 12/31] ifupdown: upgrade 0.8.37 -> 0.8.39 Steve Sakoman
` (19 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Tim Orling <ticotimo@gmail.com>
Includes fixes for CVE-2022-3705
https://nvd.nist.gov/vuln/detail/CVE-2022-3705
For a short list of important changes, see:
https://www.arp242.net/vimlog/
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f6d917bd0f8810b5ed8d403ad25d59cda2fc9574)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 0710f6afbf..298a111853 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
-PV .= ".0614"
-SRCREV = "ef976323e770315b5fca544efb6b2faa25674d15"
+PV .= ".0820"
+SRCREV = "03d6e6f42b0deeb02d52c8a48c14abe431370c1c"
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 12/31] ifupdown: upgrade 0.8.37 -> 0.8.39
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (10 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 11/31] vim: upgrade 9.0.0614 -> 9.0.0820 Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 13/31] scripts/oe-check-sstate: cleanup Steve Sakoman
` (18 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: wangmy <wangmy@fujitsu.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f0462e3336c7134aeeb2684692732c187971b330)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ifupdown/{ifupdown_0.8.37.bb => ifupdown_0.8.39.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-core/ifupdown/{ifupdown_0.8.37.bb => ifupdown_0.8.39.bb} (97%)
diff --git a/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb b/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb
similarity index 97%
rename from meta/recipes-core/ifupdown/ifupdown_0.8.37.bb
rename to meta/recipes-core/ifupdown/ifupdown_0.8.39.bb
index 57d4152a39..7096bc94d7 100644
--- a/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb
+++ b/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb
@@ -16,7 +16,7 @@ SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https;branch=mast
file://0001-ifupdown-skip-wrong-test-case.patch \
${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'file://tweak-ptest-script.patch', '', d)} \
"
-SRCREV = "2b4138f36ce3ba37186aa01b502273e0c39ab518"
+SRCREV = "be91dd267b4a8db502a6bbf5758563f7048b8078"
S = "${WORKDIR}/git"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 13/31] scripts/oe-check-sstate: cleanup
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (11 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 12/31] ifupdown: upgrade 0.8.37 -> 0.8.39 Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 14/31] scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot Steve Sakoman
` (17 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
The scriptutils import isn't used, there's no need to run bitbake
in a shell environment, and invoke bitbake as a list instead of a
string.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 663aa284adf312eb5c8a471e5dbff2634e87897d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/oe-check-sstate | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/scripts/oe-check-sstate b/scripts/oe-check-sstate
index f4cc5869de..7f9f835da4 100755
--- a/scripts/oe-check-sstate
+++ b/scripts/oe-check-sstate
@@ -18,7 +18,6 @@ import re
scripts_path = os.path.dirname(os.path.realpath(__file__))
lib_path = scripts_path + '/lib'
sys.path = sys.path + [lib_path]
-import scriptutils
import scriptpath
scriptpath.add_bitbake_lib_path()
import argparse_oe
@@ -51,11 +50,8 @@ def check(args):
env['TMPDIR:forcevariable'] = tmpdir
try:
- output = subprocess.check_output(
- 'bitbake -n %s' % ' '.join(args.target),
- stderr=subprocess.STDOUT,
- env=env,
- shell=True)
+ cmd = ['bitbake', '--dry-run'] + args.target
+ output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, env=env)
task_re = re.compile('NOTE: Running setscene task [0-9]+ of [0-9]+ \(([^)]+)\)')
tasks = []
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 14/31] scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (12 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 13/31] scripts/oe-check-sstate: cleanup Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 15/31] psplash: add psplash-default in rdepends Steve Sakoman
` (16 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Since the commit "populate_sdk_base/images: Drop use of 'meta' class and
hence do_build dependencies"[1], builds of images or SDKs don't
recursively depend on the top-level do_build target. This is typically
a good thing: images just depend on the packages themselves and those
dependencies already exist, but they don't need each recipes sysroot to
be populated.
However, eSDK generation is partly done via the script oe-check-sstate,
which does a 'dry-run' build of the target and collates all of the
sstate that is used. With this commit the sstate that is used is a
fraction of what would be needed in the SDK, specifically there are no
sysroots populated during the build, so there are no sysroots in the
SDK.
This is obviously a problem, as the entire point of an eSDK is to
contain a sysroot. Resolve this problem by forcing bitbake to run the
build task for all targets, so that all potentially needed sstate is
collated.
[YOCTO #14626]
[1] https://github.com/openembedded/openembedded-core/commit/41d7f1aa2cc9ef5dba4db38435402d4c9c0a63e1
Tested-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1b62344f919b5122f048b6409d09386d7d6dd3cd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/oe-check-sstate | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/oe-check-sstate b/scripts/oe-check-sstate
index 7f9f835da4..4187e77458 100755
--- a/scripts/oe-check-sstate
+++ b/scripts/oe-check-sstate
@@ -50,7 +50,7 @@ def check(args):
env['TMPDIR:forcevariable'] = tmpdir
try:
- cmd = ['bitbake', '--dry-run'] + args.target
+ cmd = ['bitbake', '--dry-run', '--runall=build'] + args.target
output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, env=env)
task_re = re.compile('NOTE: Running setscene task [0-9]+ of [0-9]+ \(([^)]+)\)')
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 15/31] psplash: add psplash-default in rdepends
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (13 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 14/31] scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 16/31] opkg-utils: use a git clone, not a dynamic snapshot Steve Sakoman
` (15 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Thomas Perrot <thomas.perrot@bootlin.com>
Otherwise when the installation of recommended packages is prevented
(NO_RECOMMENDATIONS = "1"), then splash screen will not be cast.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2a0928532b8303858980d6df6271669dbb69e224)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/psplash/psplash_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/psplash/psplash_git.bb b/meta/recipes-core/psplash/psplash_git.bb
index edc0ac1d89..9532ed1534 100644
--- a/meta/recipes-core/psplash/psplash_git.bb
+++ b/meta/recipes-core/psplash/psplash_git.bb
@@ -58,7 +58,7 @@ python __anonymous() {
d.setVarFlag("ALTERNATIVE_TARGET_%s" % ep, 'psplash', '${bindir}/%s' % p)
d.appendVar("RDEPENDS:%s" % ep, " %s" % pn)
if p == "psplash-default":
- d.appendVar("RRECOMMENDS:%s" % pn, " %s" % ep)
+ d.appendVar("RDEPENDS:%s" % pn, " %s" % ep)
}
S = "${WORKDIR}/git"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 16/31] opkg-utils: use a git clone, not a dynamic snapshot
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (14 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 15/31] psplash: add psplash-default in rdepends Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 17/31] insane.bbclass: Allow hashlib version that only accepts on parameter Steve Sakoman
` (14 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
opkg-utils fetches using a cgit snapshot of a tag, which is not
reproducible as the tag could move, not reliable as a future dynamic
snapshot could have a different checksum, and a waste of CPU load as
these tarballs are built on demand.
Switch opkg-utils to use a proper git clone of the relevant SHA.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dafd2631a20ffd94e6f21c46938a010e92b57da4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb b/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb
index e72c171b92..b27e3ded33 100644
--- a/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb
+++ b/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb
@@ -7,12 +7,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
file://opkg.py;beginline=2;endline=18;md5=ffa11ff3c15eb31c6a7ceaa00cc9f986"
PROVIDES += "${@bb.utils.contains('PACKAGECONFIG', 'update-alternatives', 'virtual/update-alternatives', '', d)}"
-SRC_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/${BPN}/snapshot/${BPN}-${PV}.tar.gz \
+SRC_URI = "git://git.yoctoproject.org/opkg-utils;protocol=https;branch=master \
file://0001-update-alternatives-correctly-match-priority.patch \
"
-UPSTREAM_CHECK_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/opkg-utils/refs/"
+SRCREV = "9239541f14a2529b9d01c0a253ab11afa2822dab"
-SRC_URI[sha256sum] = "55733c0f8ffde2bb4f9593cfd66a1f68e6a2f814e8e62f6fd78472911c818c32"
+S = "${WORKDIR}/git"
TARGET_CC_ARCH += "${LDFLAGS}"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 17/31] insane.bbclass: Allow hashlib version that only accepts on parameter
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (15 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 16/31] opkg-utils: use a git clone, not a dynamic snapshot Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 18/31] oe/packagemanager/rpm: don't leak file objects Steve Sakoman
` (13 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Mark Hatle <mark.hatle@kernel.crashing.org>
Some versions of hashlib don't appear to implement the second FIPS
related argument. Detect this and support both versions.
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2bbabed51e3aca138486d3feef640f5d3249be40)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/insane.bbclass | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index 0d93d50e58..dfda70bad6 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -552,7 +552,10 @@ python populate_lic_qa_checksum() {
import hashlib
lineno = 0
license = []
- m = hashlib.new('MD5', usedforsecurity=False)
+ try:
+ m = hashlib.new('MD5', usedforsecurity=False)
+ except TypeError:
+ m = hashlib.new('MD5')
for line in f:
lineno += 1
if (lineno >= beginline):
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 18/31] oe/packagemanager/rpm: don't leak file objects
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (16 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 17/31] insane.bbclass: Allow hashlib version that only accepts on parameter Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 19/31] u-boot: Remove duplicate inherit of cml1 Steve Sakoman
` (12 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 28706c27680745c9f8df27713ce63ef5d611138c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oe/package_manager/rpm/__init__.py | 33 +++++++++++++--------
1 file changed, 21 insertions(+), 12 deletions(-)
diff --git a/meta/lib/oe/package_manager/rpm/__init__.py b/meta/lib/oe/package_manager/rpm/__init__.py
index b392581069..97ef387f3b 100644
--- a/meta/lib/oe/package_manager/rpm/__init__.py
+++ b/meta/lib/oe/package_manager/rpm/__init__.py
@@ -96,11 +96,15 @@ class RpmPM(PackageManager):
archs = ["sdk_provides_dummy_target"] + archs
confdir = "%s/%s" %(self.target_rootfs, "etc/dnf/vars/")
bb.utils.mkdirhier(confdir)
- open(confdir + "arch", 'w').write(":".join(archs))
+ with open(confdir + "arch", 'w') as f:
+ f.write(":".join(archs))
+
distro_codename = self.d.getVar('DISTRO_CODENAME')
- open(confdir + "releasever", 'w').write(distro_codename if distro_codename is not None else '')
+ with open(confdir + "releasever", 'w') as f:
+ f.write(distro_codename if distro_codename is not None else '')
- open(oe.path.join(self.target_rootfs, "etc/dnf/dnf.conf"), 'w').write("")
+ with open(oe.path.join(self.target_rootfs, "etc/dnf/dnf.conf"), 'w') as f:
+ f.write("")
def _configure_rpm(self):
@@ -110,14 +114,17 @@ class RpmPM(PackageManager):
platformconfdir = "%s/%s" %(self.target_rootfs, "etc/rpm/")
rpmrcconfdir = "%s/%s" %(self.target_rootfs, "etc/")
bb.utils.mkdirhier(platformconfdir)
- open(platformconfdir + "platform", 'w').write("%s-pc-linux" % self.primary_arch)
+ with open(platformconfdir + "platform", 'w') as f:
+ f.write("%s-pc-linux" % self.primary_arch)
with open(rpmrcconfdir + "rpmrc", 'w') as f:
f.write("arch_compat: %s: %s\n" % (self.primary_arch, self.archs if len(self.archs) > 0 else self.primary_arch))
f.write("buildarch_compat: %s: noarch\n" % self.primary_arch)
- open(platformconfdir + "macros", 'w').write("%_transaction_color 7\n")
+ with open(platformconfdir + "macros", 'w') as f:
+ f.write("%_transaction_color 7\n")
if self.d.getVar('RPM_PREFER_ELF_ARCH'):
- open(platformconfdir + "macros", 'a').write("%%_prefer_color %s" % (self.d.getVar('RPM_PREFER_ELF_ARCH')))
+ with open(platformconfdir + "macros", 'a') as f:
+ f.write("%%_prefer_color %s" % (self.d.getVar('RPM_PREFER_ELF_ARCH')))
if self.d.getVar('RPM_SIGN_PACKAGES') == '1':
signer = get_signer(self.d, self.d.getVar('RPM_GPG_BACKEND'))
@@ -164,13 +171,13 @@ class RpmPM(PackageManager):
repo_uri = uri + "/" + arch
repo_id = "oe-remote-repo" + "-".join(urlparse(repo_uri).path.split("/"))
repo_name = "OE Remote Repo:" + " ".join(urlparse(repo_uri).path.split("/"))
- open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'a').write(
- "[%s]\nname=%s\nbaseurl=%s\n%s\n" % (repo_id, repo_name, repo_uri, gpg_opts))
+ with open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'a') as f:
+ f.write("[%s]\nname=%s\nbaseurl=%s\n%s\n" % (repo_id, repo_name, repo_uri, gpg_opts))
else:
repo_name = "OE Remote Repo:" + " ".join(urlparse(uri).path.split("/"))
repo_uri = uri
- open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'w').write(
- "[%s]\nname=%s\nbaseurl=%s\n%s" % (repo_base, repo_name, repo_uri, gpg_opts))
+ with open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'w') as f:
+ f.write("[%s]\nname=%s\nbaseurl=%s\n%s" % (repo_base, repo_name, repo_uri, gpg_opts))
def _prepare_pkg_transaction(self):
os.environ['D'] = self.target_rootfs
@@ -329,7 +336,8 @@ class RpmPM(PackageManager):
return e.output.decode("utf-8")
def dump_install_solution(self, pkgs):
- open(self.solution_manifest, 'w').write(" ".join(pkgs))
+ with open(self.solution_manifest, 'w') as f:
+ f.write(" ".join(pkgs))
return pkgs
def load_old_install_solution(self):
@@ -363,7 +371,8 @@ class RpmPM(PackageManager):
bb.utils.mkdirhier(target_path)
num = self._script_num_prefix(target_path)
saved_script_name = oe.path.join(target_path, "%d-%s" % (num, pkg))
- open(saved_script_name, 'w').write(output)
+ with open(saved_script_name, 'w') as f:
+ f.write(output)
os.chmod(saved_script_name, 0o755)
def _handle_intercept_failure(self, registered_pkgs):
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 19/31] u-boot: Remove duplicate inherit of cml1
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (17 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 18/31] oe/packagemanager/rpm: don't leak file objects Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 20/31] bluez5: add dbus to RDEPENDS Steve Sakoman
` (11 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Alex Kiernan <alex.kiernan@gmail.com>
Splitting u-boot-configure.inc out of the base left duplicate
cml1.bbclass in the base include.
Fixes: fc9a17ad386c ("u-boot: Split do_configure logic into separate file")
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 286f91f7659307bcdf0ba541b8d6b56db5604ceb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-bsp/u-boot/u-boot.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc
index f022aed732..b2f33e3826 100644
--- a/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/meta/recipes-bsp/u-boot/u-boot.inc
@@ -5,7 +5,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
DEPENDS += "${@bb.utils.contains('UBOOT_ENV_SUFFIX', 'scr', 'u-boot-mkimage-native', '', d)}"
-inherit uboot-config uboot-extlinux-config uboot-sign deploy cml1 python3native kernel-arch
+inherit uboot-config uboot-extlinux-config uboot-sign deploy python3native kernel-arch
DEPENDS += "swig-native"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 20/31] bluez5: add dbus to RDEPENDS
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (18 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 19/31] u-boot: Remove duplicate inherit of cml1 Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 21/31] glib-2.0: fix rare GFileInfo test case failure Steve Sakoman
` (10 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Unless we're using systemd, dbus is not pulled into the system
automatically. Bluez5 will not work without dbus so add it to RDEPENDS
explicitly.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 377ef7009a8638efe688b6b61f67ae399eb1f23d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 79d4645ca8..f07e318897 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
file://src/main.c;beginline=1;endline=24;md5=0ad83ca0dc37ab08af448777c581e7ac"
DEPENDS = "dbus glib-2.0"
+RDEPENDS:${PN} += "dbus"
PROVIDES += "bluez-hcidump"
RPROVIDES:${PN} += "bluez-hcidump"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 21/31] glib-2.0: fix rare GFileInfo test case failure
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (19 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 20/31] bluez5: add dbus to RDEPENDS Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 22/31] gnutls: Unified package names to lower-case Steve Sakoman
` (9 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
If a access or creation timestamp has 0 microseconds, then the test
fails as it doesn't expect this to be a valid value. Expand a previous
fix for modification times to cover these timestamps too.
[ YOCTO #14373 ]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 15715e6ad81c97cd50e288f3745615eb19be90d1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...-info-don-t-assume-million-in-one-ev.patch | 51 +++++++++++++++++++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 1 +
2 files changed, 52 insertions(+)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-g-file-info-don-t-assume-million-in-one-ev.patch
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-g-file-info-don-t-assume-million-in-one-ev.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-g-file-info-don-t-assume-million-in-one-ev.patch
new file mode 100644
index 0000000000..c33fa88a76
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-g-file-info-don-t-assume-million-in-one-ev.patch
@@ -0,0 +1,51 @@
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2990]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 14838522a706ebdcc3cdab661d4c368099fe3a4e Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Tue, 6 Jul 2021 19:26:03 +0100
+Subject: [PATCH] gio/tests/g-file-info: don't assume million-in-one events
+ don't happen
+
+The access and creation time tests create a file, gets the time in
+seconds, then gets the time in microseconds and assumes that the
+difference between the two has to be above 0.
+
+As rare as this may be, it can happen:
+
+$ stat g-file-info-test-50A450 -c %y
+2021-07-06 18:24:56.000000767 +0100
+
+Change the test to simply assert that the difference not negative to
+handle this case.
+
+This is the same fix as 289f8b, but that was just modification time.
+---
+ gio/tests/g-file-info.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gio/tests/g-file-info.c b/gio/tests/g-file-info.c
+index 59411c3a8..a213e4b92 100644
+--- a/gio/tests/g-file-info.c
++++ b/gio/tests/g-file-info.c
+@@ -239,7 +239,7 @@ test_g_file_info_access_time (void)
+ g_assert_nonnull (dt_usecs);
+
+ ts = g_date_time_difference (dt_usecs, dt);
+- g_assert_cmpint (ts, >, 0);
++ g_assert_cmpint (ts, >=, 0);
+ g_assert_cmpint (ts, <, G_USEC_PER_SEC);
+
+ /* Try round-tripping the access time. */
+@@ -316,7 +316,7 @@ test_g_file_info_creation_time (void)
+ g_assert_nonnull (dt_usecs);
+
+ ts = g_date_time_difference (dt_usecs, dt);
+- g_assert_cmpint (ts, >, 0);
++ g_assert_cmpint (ts, >=, 0);
+ g_assert_cmpint (ts, <, G_USEC_PER_SEC);
+
+ /* Try round-tripping the creation time. */
+--
+2.34.1
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
index dd1ea508d2..b5ab6502a3 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
@@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
file://0001-meson-Run-atomics-test-on-clang-as-well.patch \
file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
+ file://0001-gio-tests-g-file-info-don-t-assume-million-in-one-ev.patch \
"
SRC_URI:append:class-native = " file://relocate-modules.patch"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 22/31] gnutls: Unified package names to lower-case
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (20 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 21/31] glib-2.0: fix rare GFileInfo test case failure Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 23/31] meson: make wrapper options sub-command specific Steve Sakoman
` (8 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Keiya Nobuta <nobuta.keiya@fujitsu.com>
create-spdx can't detect the license properly if the case doesn't
match, so fix it.
Signed-off-by: Keiya Nobuta <nobuta.keiya@fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9c87828493784d996910d742006268a626ef0130)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/gnutls/gnutls_3.7.4.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/meta/recipes-support/gnutls/gnutls_3.7.4.bb
index 94e7f0d58e..fb06337efb 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb
@@ -8,7 +8,7 @@ LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later"
LICENSE:${PN} = "LGPL-2.1-or-later"
LICENSE:${PN}-xx = "LGPL-2.1-or-later"
LICENSE:${PN}-bin = "GPL-3.0-or-later"
-LICENSE:${PN}-OpenSSL = "GPL-3.0-or-later"
+LICENSE:${PN}-openssl = "GPL-3.0-or-later"
LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \
file://doc/COPYING;md5=c678957b0c8e964aa6c70fd77641a71e \
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 23/31] meson: make wrapper options sub-command specific
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (21 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 22/31] gnutls: Unified package names to lower-case Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:00 ` [OE-core][kirkstone 24/31] buildtools-tarball: export certificates to python and curl Steve Sakoman
` (7 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Liam Beguin <liambeguin@gmail.com>
The meson-wrapper adds setup options to facilitate cross-compilation.
The current options are exclusive to the setup sub-command and might
cause issues with other sub-commands.
Update the wrapper to make options sub-command specific.
Signed-off-by: Liam Beguin <liambeguin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7bcda141f2019862b4fb5d8dec7956cd8344b420)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../meson/meson/meson-wrapper | 21 +++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-devtools/meson/meson/meson-wrapper b/meta/recipes-devtools/meson/meson/meson-wrapper
index 8fafaad975..b65ba8e803 100755
--- a/meta/recipes-devtools/meson/meson/meson-wrapper
+++ b/meta/recipes-devtools/meson/meson/meson-wrapper
@@ -5,7 +5,7 @@ if [ -z "$OECORE_NATIVE_SYSROOT" ]; then
fi
if [ -z "$SSL_CERT_DIR" ]; then
- export SSL_CERT_DIR="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/"
+ export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/etc/ssl/certs/"
fi
# If these are set to a cross-compile path, meson will get confused and try to
@@ -13,7 +13,20 @@ fi
# config is already in meson.cross.
unset CC CXX CPP LD AR NM STRIP
+for arg in "$@"; do
+ case "$arg" in
+ -*) continue ;;
+ *) SUBCMD="$arg"; break ;;
+ esac
+done
+
+if [ "$SUBCMD" = "setup" ] || [ -d "$SUBCMD" ]; then
+ MESON_SUB_OPTS=" \
+ --cross-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/${TARGET_PREFIX}meson.cross" \
+ --native-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/meson.native" \
+ "
+fi
+
exec "$OECORE_NATIVE_SYSROOT/usr/bin/meson.real" \
- --cross-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/${TARGET_PREFIX}meson.cross" \
- --native-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/meson.native" \
- "$@"
+ "$@" \
+ $MESON_SUB_OPTS
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 24/31] buildtools-tarball: export certificates to python and curl
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (22 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 23/31] meson: make wrapper options sub-command specific Steve Sakoman
@ 2022-11-04 3:00 ` Steve Sakoman
2022-11-04 3:01 ` [OE-core][kirkstone 25/31] qemu-native: Add PACKAGECONFIG option for jack Steve Sakoman
` (6 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:00 UTC (permalink / raw)
To: openembedded-core
From: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
The custom path of the ca-certificates.crt within the buildtools-tarball requires more
environment variables to be exported. Namely REQUESTS_CA_BUNDLE for the python requests library
and CURL_CA_BUNDLE for curl.
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 5c249db9de8ad8cfe0996ff4fee4c575a5ff1e34)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/meta/buildtools-tarball.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb
index 6b59e4934d..de399173ba 100644
--- a/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/meta/recipes-core/meta/buildtools-tarball.bb
@@ -72,6 +72,8 @@ create_sdk_files:append () {
if [ -e "${SDK_OUTPUT}${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt" ]; then
echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
+ echo 'export REQUESTS_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
+ echo 'export CURL_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
fi
toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS}
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 25/31] qemu-native: Add PACKAGECONFIG option for jack
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (23 preceding siblings ...)
2022-11-04 3:00 ` [OE-core][kirkstone 24/31] buildtools-tarball: export certificates to python and curl Steve Sakoman
@ 2022-11-04 3:01 ` Steve Sakoman
2022-11-04 3:01 ` [OE-core][kirkstone 26/31] runqemu: Do not perturb script environment Steve Sakoman
` (5 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:01 UTC (permalink / raw)
To: openembedded-core
From: Jeremy Puhlman <jpuhlman@mvista.com>
With libjack-devel or jack-audio-connection-kit-devel, qemu-native
detects the library/header and tries to build with it. Since its
missing from the sysroot, it fails to build.
-O2 -fPIE -D_REENTRANT -Wno-undef -MD -MQ libcommon.fa.p/audio_jackaudio.c.o
-MF libcommon.fa.p/audio_jackaudio.c.o.d -o libcommon.fa.p/audio_jackaudio.c.o
-c ../qemu-6.2.0/audio/jackaudio.c
| ../qemu-6.2.0/audio/jackaudio.c:34:10: fatal error: jack/jack.h: No such file
or directory
| 34 | #include <jack/jack.h>
| | ^~~~~~~~~~~~~
| compilation terminated.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 27260be388f7f9f324ff405e7d8e254925b4ae90)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 14feb4f1e0..19431ee6dd 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -261,6 +261,7 @@ PACKAGECONFIG[rdma] = "--enable-rdma,--disable-rdma"
PACKAGECONFIG[vde] = "--enable-vde,--disable-vde"
PACKAGECONFIG[slirp] = "--enable-slirp=internal,--disable-slirp"
PACKAGECONFIG[brlapi] = "--enable-brlapi,--disable-brlapi"
+PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack,"
INSANE_SKIP:${PN} = "arch"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 26/31] runqemu: Do not perturb script environment
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (24 preceding siblings ...)
2022-11-04 3:01 ` [OE-core][kirkstone 25/31] qemu-native: Add PACKAGECONFIG option for jack Steve Sakoman
@ 2022-11-04 3:01 ` Steve Sakoman
2022-11-04 3:01 ` [OE-core][kirkstone 27/31] runqemu: Fix gl-es argument from causing other arguments to be ignored Steve Sakoman
` (4 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:01 UTC (permalink / raw)
To: openembedded-core
From: Joshua Watt <JPEWhacker@gmail.com>
Instead of changing the script environment to affect the child
processes, make a copy of the environment with modifications and pass
that to subprocess.
Specifically, when dri rendering is enabled, LD_PRELOAD was being passed
to all processes created by the script which resulted in other commands
(e.g. stty) exiting with a failure like:
/bin/sh: symbol lookup error: sysroots-uninative/x86_64-linux/lib/librt.so.1: undefined symbol: __libc_unwind_link_get, version GLIBC_PRIVATE
Making a copy of the environment fixes this because the LD_PRELOAD is
now only passed to qemu itself.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2232599d330bd5f2a9e206b490196569ad855de8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/runqemu | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/scripts/runqemu b/scripts/runqemu
index 1525081ad5..1d63281382 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -210,6 +210,7 @@ class BaseConfig(object):
self.mac_tap = "52:54:00:12:34:"
self.mac_slirp = "52:54:00:12:35:"
# pid of the actual qemu process
+ self.qemu_environ = os.environ.copy()
self.qemupid = None
# avoid cleanup twice
self.cleaned = False
@@ -449,18 +450,19 @@ class BaseConfig(object):
# As runqemu can be run within bitbake (when using testimage, for example),
# we need to ensure that we run host pkg-config, and that it does not
# get mis-directed to native build paths set by bitbake.
+ env = os.environ.copy()
try:
- del os.environ['PKG_CONFIG_PATH']
- del os.environ['PKG_CONFIG_DIR']
- del os.environ['PKG_CONFIG_LIBDIR']
- del os.environ['PKG_CONFIG_SYSROOT_DIR']
+ del env['PKG_CONFIG_PATH']
+ del env['PKG_CONFIG_DIR']
+ del env['PKG_CONFIG_LIBDIR']
+ del env['PKG_CONFIG_SYSROOT_DIR']
except KeyError:
pass
try:
- dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True)
+ dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True, env=env)
except subprocess.CalledProcessError as e:
raise RunQemuError("Could not determine the path to dri drivers on the host via pkg-config.\nPlease install Mesa development files (particularly, dri.pc) on the host machine.")
- os.environ['LIBGL_DRIVERS_PATH'] = dripath.decode('utf-8').strip()
+ self.qemu_environ['LIBGL_DRIVERS_PATH'] = dripath.decode('utf-8').strip()
# This preloads uninative libc pieces and therefore ensures that RPATH/RUNPATH
# in host mesa drivers doesn't trick uninative into loading host libc.
@@ -468,7 +470,7 @@ class BaseConfig(object):
uninative_path = os.path.dirname(self.get("UNINATIVE_LOADER"))
if os.path.exists(uninative_path):
preload_paths = [os.path.join(uninative_path, i) for i in preload_items]
- os.environ['LD_PRELOAD'] = " ".join(preload_paths)
+ self.qemu_environ['LD_PRELOAD'] = " ".join(preload_paths)
def check_args(self):
for debug in ("-d", "--debug"):
@@ -482,8 +484,8 @@ class BaseConfig(object):
sys.argv.remove(quiet)
if 'gl' not in sys.argv[1:] and 'gl-es' not in sys.argv[1:]:
- os.environ['SDL_RENDER_DRIVER'] = 'software'
- os.environ['SDL_FRAMEBUFFER_ACCELERATION'] = 'false'
+ self.qemu_environ['SDL_RENDER_DRIVER'] = 'software'
+ self.qemu_environ['SDL_FRAMEBUFFER_ACCELERATION'] = 'false'
unknown_arg = ""
for arg in sys.argv[1:]:
@@ -1369,7 +1371,7 @@ class BaseConfig(object):
# need our font setup and show-cusor below so we need to see what qemu --help says
# is supported so we can pass our correct config in.
if not self.nographic and not self.sdl and not self.gtk and not self.publicvnc and not self.egl_headless == True:
- output = subprocess.check_output([self.qemu_bin, "--help"], universal_newlines=True)
+ output = subprocess.check_output([self.qemu_bin, "--help"], universal_newlines=True, env=self.qemu_environ)
if "-display gtk" in output:
self.gtk = True
elif "-display sdl" in output:
@@ -1393,7 +1395,7 @@ class BaseConfig(object):
if self.sdl == True:
self.qemu_opt += 'sdl,'
elif self.gtk == True:
- os.environ['FONTCONFIG_PATH'] = '/etc/fonts'
+ self.qemu_environ['FONTCONFIG_PATH'] = '/etc/fonts'
self.qemu_opt += 'gtk,'
if self.gl == True:
@@ -1509,7 +1511,7 @@ class BaseConfig(object):
if len(self.portlocks):
for descriptor in self.portlocks.values():
pass_fds.append(descriptor.fileno())
- process = subprocess.Popen(cmds, stderr=subprocess.PIPE, pass_fds=pass_fds)
+ process = subprocess.Popen(cmds, stderr=subprocess.PIPE, pass_fds=pass_fds, env=self.qemu_environ)
self.qemupid = process.pid
retcode = process.wait()
if retcode:
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 27/31] runqemu: Fix gl-es argument from causing other arguments to be ignored
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (25 preceding siblings ...)
2022-11-04 3:01 ` [OE-core][kirkstone 26/31] runqemu: Do not perturb script environment Steve Sakoman
@ 2022-11-04 3:01 ` Steve Sakoman
2022-11-04 3:01 ` [OE-core][kirkstone 28/31] overlayfs: Allow not used mount points Steve Sakoman
` (3 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:01 UTC (permalink / raw)
To: openembedded-core
From: Joshua Watt <JPEWhacker@gmail.com>
The code to parse arguments was inadvertently skipping all arguments in
the elif block after gl-es if it was specified on the command line.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 718bb8d56f6a24c86e67830a7d13af54df2ebb4e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit dd1dcfada1fa46ecb8227c2852769b35026875d3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/runqemu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/runqemu b/scripts/runqemu
index 1d63281382..0cce8bb96a 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -499,7 +499,7 @@ class BaseConfig(object):
self.gtk = True
elif arg == 'gl':
self.gl = True
- elif 'gl-es' in sys.argv[1:]:
+ elif arg == 'gl-es':
self.gl_es = True
elif arg == 'egl-headless':
self.egl_headless = True
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 28/31] overlayfs: Allow not used mount points
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (26 preceding siblings ...)
2022-11-04 3:01 ` [OE-core][kirkstone 27/31] runqemu: Fix gl-es argument from causing other arguments to be ignored Steve Sakoman
@ 2022-11-04 3:01 ` Steve Sakoman
2022-11-04 3:01 ` [OE-core][kirkstone 29/31] cmake-native: Fix host tool contamination (Bug: 14951) Steve Sakoman
` (2 subsequent siblings)
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:01 UTC (permalink / raw)
To: openembedded-core
From: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com>
When machine configuration defines a mount point, which is not used in
any recipe, allow to fall through and only report a note in the logs.
This can be expected behavior, when a mount point is defined for several
machines, but not used in all of them
Signed-off-by: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit a9c604b5e0d943b5b5f7c8bdd5be730c2abcf866)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit c7c6b273656a3e2b8b959004b996e56d4086ce5e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/overlayfs.bbclass | 6 +++++-
meta/lib/oe/overlayfs.py | 6 +++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/meta/classes/overlayfs.bbclass b/meta/classes/overlayfs.bbclass
index f7069edd41..c3564b6ec1 100644
--- a/meta/classes/overlayfs.bbclass
+++ b/meta/classes/overlayfs.bbclass
@@ -96,7 +96,11 @@ python do_create_overlayfs_units() {
overlayMountPoints = d.getVarFlags("OVERLAYFS_MOUNT_POINT")
for mountPoint in overlayMountPoints:
bb.debug(1, "Process variable flag %s" % mountPoint)
- for lower in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split():
+ lowerList = d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint)
+ if not lowerList:
+ bb.note("No mount points defined for %s flag, skipping" % (mountPoint))
+ continue
+ for lower in lowerList.split():
bb.debug(1, "Prepare mount unit for %s with data mount point %s" %
(lower, d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint)))
prepareUnits(d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint), lower)
diff --git a/meta/lib/oe/overlayfs.py b/meta/lib/oe/overlayfs.py
index b5d5e88e80..590c0de58a 100644
--- a/meta/lib/oe/overlayfs.py
+++ b/meta/lib/oe/overlayfs.py
@@ -38,7 +38,11 @@ def unitFileList(d):
bb.fatal("Missing required mount point for OVERLAYFS_MOUNT_POINT[%s] in your MACHINE configuration" % mountPoint)
for mountPoint in overlayMountPoints:
- for path in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split():
+ mountPointList = d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint)
+ if not mountPointList:
+ bb.debug(1, "No mount points defined for %s flag, don't add to file list", mountPoint)
+ continue
+ for path in mountPointList.split():
fileList.append(mountUnitName(path))
fileList.append(helperUnitName(path))
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 29/31] cmake-native: Fix host tool contamination (Bug: 14951)
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (27 preceding siblings ...)
2022-11-04 3:01 ` [OE-core][kirkstone 28/31] overlayfs: Allow not used mount points Steve Sakoman
@ 2022-11-04 3:01 ` Steve Sakoman
2022-11-04 3:01 ` [OE-core][kirkstone 30/31] ltp: backport clock_gettime04 fix from upstream Steve Sakoman
2022-11-04 3:01 ` [OE-core][kirkstone 31/31] perf: Depend on native setuptools3 Steve Sakoman
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:01 UTC (permalink / raw)
To: openembedded-core
From: Bernhard Rosenkränzer <bero@baylibre.com>
Trying to build cmake-native on a host system where curl was built with cmake
(resulting in CURLConfig.cmake and friends, which do not use the same naming
schemes expected by cmake-native's build process, being installed to a system
wide cmake directory like /usr/lib64/cmake/CURL) results in undefined
references to all libcurl symbols.
The problem is that cmake-native sees and uses the system wide
/usr/lib64/cmake/CURL/CURLConfig.cmake, which defines CURL::libcurl and
CURL::curl as opposed to setting ${CURL_LIBRARIES} as expected by
cmake-native.
find_package(CURL) (cmake-native's CMakeLists.txt, line 478) succeeds, but
incorrectly uses the system wide CURLConfig.cmake, resulting
CMAKE_CURL_LIBRARIES to be set to an empty string (cmake-native's
CMakeLists.txt, line 484), causing the cmake-native build to miss -lcurl.
The simplest fix is to let cmake know the right value for
CURL_LIBRARIES. Making it -lcurl should always work with libcurl-native
in recipe-sysroot-native.
Signed-off-by: Bernhard Rosenkränzer <bero@baylibre.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/cmake/cmake-native_3.22.3.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/cmake/cmake-native_3.22.3.bb b/meta/recipes-devtools/cmake/cmake-native_3.22.3.bb
index ee1f7761c4..45ea78ae00 100644
--- a/meta/recipes-devtools/cmake/cmake-native_3.22.3.bb
+++ b/meta/recipes-devtools/cmake/cmake-native_3.22.3.bb
@@ -32,6 +32,7 @@ CMAKE_EXTRACONF = "\
-DCMAKE_USE_SYSTEM_LIBRARY_EXPAT=0 \
-DENABLE_ACL=0 -DHAVE_ACL_LIBACL_H=0 \
-DHAVE_SYS_ACL_H=0 \
+ -DCURL_LIBRARIES=-lcurl \
"
do_configure () {
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 30/31] ltp: backport clock_gettime04 fix from upstream
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (28 preceding siblings ...)
2022-11-04 3:01 ` [OE-core][kirkstone 29/31] cmake-native: Fix host tool contamination (Bug: 14951) Steve Sakoman
@ 2022-11-04 3:01 ` Steve Sakoman
2022-11-04 3:01 ` [OE-core][kirkstone 31/31] perf: Depend on native setuptools3 Steve Sakoman
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:01 UTC (permalink / raw)
To: openembedded-core
From: Xiangyu Chen <xiangyu.chen@windriver.com>
This is to get rid of the intermittent failures in clock_gettime04,
which are likely caused by different clock tick rates on platforms.
Here give two thresholds (in milliseconds) for comparison, one for
COARSE clock and one for the rest.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...set-threshold-based-on-the-clock-res.patch | 89 +++++++++++++++++++
meta/recipes-extended/ltp/ltp_20220121.bb | 1 +
2 files changed, 90 insertions(+)
create mode 100644 meta/recipes-extended/ltp/ltp/0001-clock_gettime04-set-threshold-based-on-the-clock-res.patch
diff --git a/meta/recipes-extended/ltp/ltp/0001-clock_gettime04-set-threshold-based-on-the-clock-res.patch b/meta/recipes-extended/ltp/ltp/0001-clock_gettime04-set-threshold-based-on-the-clock-res.patch
new file mode 100644
index 0000000000..b4879221ad
--- /dev/null
+++ b/meta/recipes-extended/ltp/ltp/0001-clock_gettime04-set-threshold-based-on-the-clock-res.patch
@@ -0,0 +1,89 @@
+From 9851deb86ef257a98d7433280161d8ca685aa669 Mon Sep 17 00:00:00 2001
+From: Li Wang <liwang@redhat.com>
+Date: Tue, 29 Mar 2022 13:03:51 +0800
+Subject: [PATCH] clock_gettime04: set threshold based on the clock resolution
+
+This is to get rid of the intermittent failures in clock_gettime04,
+which are likely caused by different clock tick rates on platforms.
+Here give two thresholds (in milliseconds) for comparison, one for
+COARSE clock and one for the rest.
+
+Error log:
+ clock_gettime04.c:163: TFAIL: CLOCK_REALTIME_COARSE(syscall with old kernel spec):
+ Difference between successive readings greater than 5 ms (1): 10
+ clock_gettime04.c:163: TFAIL: CLOCK_MONOTONIC_COARSE(vDSO with old kernel spec):
+ Difference between successive readings greater than 5 ms (2): 10
+
+From Waiman Long:
+ That failure happens for CLOCK_REALTIME_COARSE which is a faster but less
+ precise version of CLOCK_REALTIME. The time resolution is actually a clock
+ tick. Since arm64 has a HZ rate of 100. That means each tick is 10ms. So a
+ CLOCK_REALTIME_COARSE threshold of 5ms is probably not enough. I would say
+ in the case of CLOCK_REALTIME_COARSE, we have to increase the threshold based
+ on the clock tick rate of the system. This is more a test failure than is
+ an inherent problem in the kernel.
+
+Fixes #898
+
+Upstream-Status: Backport
+[https://github.com/linux-test-project/ltp/commit/9851deb86ef257a98d7433280161d8ca685aa669]
+
+Reported-by: Eirik Fuller <efuller@redhat.com>
+Signed-off-by: Li Wang <liwang@redhat.com>
+Cc: Waiman Long <llong@redhat.com>
+Cc: Viresh Kumar <viresh.kumar@linaro.org>
+Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
+Acked-by: Waiman Long <longman@redhat.com>
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ .../syscalls/clock_gettime/clock_gettime04.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/testcases/kernel/syscalls/clock_gettime/clock_gettime04.c b/testcases/kernel/syscalls/clock_gettime/clock_gettime04.c
+index a8d2c5b38..c279da79e 100644
+--- a/testcases/kernel/syscalls/clock_gettime/clock_gettime04.c
++++ b/testcases/kernel/syscalls/clock_gettime/clock_gettime04.c
+@@ -35,7 +35,7 @@ clockid_t clks[] = {
+ };
+
+ static gettime_t ptr_vdso_gettime, ptr_vdso_gettime64;
+-static long long delta = 5;
++static long long delta, precise_delta, coarse_delta;
+
+ static inline int do_vdso_gettime(gettime_t vdso, clockid_t clk_id, void *ts)
+ {
+@@ -92,9 +92,18 @@ static struct time64_variants variants[] = {
+
+ static void setup(void)
+ {
++ struct timespec res;
++
++ clock_getres(CLOCK_REALTIME, &res);
++ precise_delta = 5 + res.tv_nsec / 1000000;
++
++ clock_getres(CLOCK_REALTIME_COARSE, &res);
++ coarse_delta = 5 + res.tv_nsec / 1000000;
++
+ if (tst_is_virt(VIRT_ANY)) {
+ tst_res(TINFO, "Running in a virtual machine, multiply the delta by 10.");
+- delta *= 10;
++ precise_delta *= 10;
++ coarse_delta *= 10;
+ }
+
+ find_clock_gettime_vdso(&ptr_vdso_gettime, &ptr_vdso_gettime64);
+@@ -108,6 +117,11 @@ static void run(unsigned int i)
+ int count = 10000, ret;
+ unsigned int j;
+
++ if (clks[i] == CLOCK_REALTIME_COARSE || clks[i] == CLOCK_MONOTONIC_COARSE)
++ delta = coarse_delta;
++ else
++ delta = precise_delta;
++
+ do {
+ for (j = 0; j < ARRAY_SIZE(variants); j++) {
+ /* Refresh time in start */
+--
+2.34.1
+
diff --git a/meta/recipes-extended/ltp/ltp_20220121.bb b/meta/recipes-extended/ltp/ltp_20220121.bb
index 4ae54492f3..51e8db4f1e 100644
--- a/meta/recipes-extended/ltp/ltp_20220121.bb
+++ b/meta/recipes-extended/ltp/ltp_20220121.bb
@@ -29,6 +29,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git;branch=master;protocol=ht
file://0001-metadata-parse.sh-sort-filelist-for-reproducibility.patch \
file://disable_hanging_tests.patch \
file://0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch \
+ file://0001-clock_gettime04-set-threshold-based-on-the-clock-res.patch \
"
S = "${WORKDIR}/git"
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread* [OE-core][kirkstone 31/31] perf: Depend on native setuptools3
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
` (29 preceding siblings ...)
2022-11-04 3:01 ` [OE-core][kirkstone 30/31] ltp: backport clock_gettime04 fix from upstream Steve Sakoman
@ 2022-11-04 3:01 ` Steve Sakoman
30 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-11-04 3:01 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
perf has need for python setuptools when scripting is enabled
from 6.0.0 onwards it seems to throw an explicit error
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit da3d00178809bbf7cc453401e0c5937796ebc2c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/perf/perf.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb
index 772bc2dea1..a4ce3169d3 100644
--- a/meta/recipes-kernel/perf/perf.bb
+++ b/meta/recipes-kernel/perf/perf.bb
@@ -13,7 +13,7 @@ PR = "r9"
PACKAGECONFIG ??= "scripting tui libunwind"
PACKAGECONFIG[dwarf] = ",NO_DWARF=1"
-PACKAGECONFIG[scripting] = ",NO_LIBPERL=1 NO_LIBPYTHON=1,perl python3"
+PACKAGECONFIG[scripting] = ",NO_LIBPERL=1 NO_LIBPYTHON=1,perl python3 python3-setuptools-native"
# gui support was added with kernel 3.6.35
# since 3.10 libnewt was replaced by slang
# to cover a wide range of kernel we add both dependencies
--
2.25.1
^ permalink raw reply related [flat|nested] 37+ messages in thread