[dunfell,6/6] libtiff: Fix for CVE-2023-6228

Message ID	ff66998ef81dbc35465e30eec96ee9be51f5da80.1705546122.git.steve@sakoman.com
State	Accepted, archived
Commit	ff66998ef81dbc35465e30eec96ee9be51f5da80
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.170, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 6/6] libtiff: Fix for CVE-2023-6228 Date: Wed, 17 Jan 2024 16:51:38 -1000 Message-Id: <ff66998ef81dbc35465e30eec96ee9be51f5da80.1705546122.git.steve@sakoman.com> In-Reply-To: <cover.1705546122.git.steve@sakoman.com> References: <cover.1705546122.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[dunfell,1/6] go: Backport fix for CVE-2023-45287 \| expand [dunfell,1/6] go: Backport fix for CVE-2023-45287 [dunfell,2/6] xserver-xorg: Fix for CVE-2023-6377 and CVE-2023-6478 [dunfell,3/6] libxml2: Fix for CVE-2023-45322 [dunfell,4/6] zlib: ignore CVE-2023-6992 [dunfell,5/6] qemu: Backport fix for CVE-2023-2861 [dunfell,6/6] libtiff: Fix for CVE-2023-6228

Message ID

ff66998ef81dbc35465e30eec96ee9be51f5da80.1705546122.git.steve@sakoman.com

State

Accepted, archived

Commit

ff66998ef81dbc35465e30eec96ee9be51f5da80

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 6/6] libtiff: Fix for CVE-2023-6228
Date: Wed, 17 Jan 2024 16:51:38 -1000
Message-Id: 
 <ff66998ef81dbc35465e30eec96ee9be51f5da80.1705546122.git.steve@sakoman.com>
In-Reply-To: <cover.1705546122.git.steve@sakoman.com>
References: <cover.1705546122.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[dunfell,1/6] go: Backport fix for CVE-2023-45287 | expand

Commit Message

Steve Sakoman Jan. 18, 2024, 2:51 a.m. UTC

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libtiff/files/CVE-2023-6228.patch         | 30 +++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch
new file mode 100644
index 0000000000..a777dea9b0
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch
@@ -0,0 +1,30 @@ 
+From 1e7d217a323eac701b134afc4ae39b6bdfdbc96a Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 9 Sep 2023 15:45:47 +0200
+Subject: [PATCH] Check also if codec of input image is available,
+ independently from codec check of output image and return with error if not.
+ Fixes #606.
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a]
+CVE: CVE-2023-6228
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tools/tiffcp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 007bd05..d2f7b66 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -628,6 +628,8 @@ tiffcp(TIFF* in, TIFF* out)
+ 	else
+ 		CopyField(TIFFTAG_COMPRESSION, compression);
+ 	TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression);
++	if (!TIFFIsCODECConfigured(input_compression))
++	    return FALSE;
+ 	TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric);
+ 	if (input_compression == COMPRESSION_JPEG) {
+ 		/* Force conversion to RGB */
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index 8b130826e3..c739f3a7fa 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -48,6 +48,7 @@  SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2023-40745.patch \
            file://CVE-2023-41175.patch \
            file://CVE-2022-40090.patch \
+           file://CVE-2023-6228.patch \
           "
 SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
 SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"

[dunfell,6/6] libtiff: Fix for CVE-2023-6228

Commit Message

Patch