mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00

Author	SHA1	Message	Date
Yogita Urade	2f480a8669	tiff: ignore CVE-2025-8961 This CVE is for the tool which is removed in v4.6.0 via [1] and re-introduced again in v4.7.0 via [2]. [1] `eab89a627f` [2] `9ab54a8580` (From OE-Core rev: 1ff4b39374a5b328069a928e7234c3397769dc6f) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-11-03 07:17:02 -08:00
Peter Marko	ac57f3b9d2	tiff: ignore 5 CVEs These CVEs are for tools which were removed in v4.6.0 via [1] and re-introduced again in v4.7.0 via [2]. [1] `eab89a627f` [2] `9ab54a8580` (From OE-Core rev: faf1e12ae0f9de56402830460315e5be0d13f4a5) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-10-13 12:42:58 -07:00
Yogita Urade	2ce56bd707	tiff: fix CVE-2025-9900 A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.[EOL][EOL]By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-9900 Upstream patch: `3e0dcf0ec6` (From OE-Core rev: c1303b8eb4e85a031a175867361876a256bfb763) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-10-09 12:16:45 -07:00
Niko Mauno	a439b55e5c	tiff: Fix LICENSE The contents of the LICENSE.md file included in the current source code package match those of libtiff license, which seems to have been the case since 1999 commit `0ef31e1f62` where it was added with filename COPYRIGHT and was then changed to LICENSE.md in 2022 commit `fa1d6d787f` (From OE-Core rev: 71d8e8b03349ab18dca558055c2b3a3687785ddf) (From OE-Core rev: 5495cf45ce74e79be3b8d9b1195f65e253c62828) Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-09-19 05:11:35 -07:00
Siddharth Doshi	c58add8ab8	Tiff: Security fix for CVE-2024-7006 Upstream-Status: Backport from [`818fb8ce88`] CVE's Fixed: CVE-2024-7006 libtiff: NULL pointer dereference in tif_dirinfo.c (From OE-Core rev: 7fd3c7e9742a4efa0fbebc1d0ed1da8f6d960175) Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5313b4b233a486e8a1483757ad9c9aed3a213aae) Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-08-26 05:18:43 -07:00
Simone Weiß	2bcd651a08	meta: Update CVE_STATUS for incorrect cpes Set CVE_STATUS as none of the issues apply against the versions used in the recipes. (From OE-Core rev: cea8c8bf73e84133f566d1c2ca0637494f2d7afe) Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2024-02-24 16:10:23 +00:00
Yogita Urade	eba805ace4	tiff: fix CVE-2023-52355 and CVE-2023-52356 CVE-2023-52355: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. Issue fixed by providing a documentation update. CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. References: https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://security-tracker.debian.org/tracker/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://gitlab.com/libtiff/libtiff/-/merge_requests/553 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 (From OE-Core rev: 831d7a2fffb3dec94571289292f0940bc7ecd70a) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2024-02-08 10:53:13 +00:00
Yogita Urade	fcc39f3e04	tiff: fix CVE-2023-6228 CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. References: https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://gitlab.com/libtiff/libtiff/-/issues/606 (From OE-Core rev: 55735e0d75820d59e569a630679f9ac403c7fdbe) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2024-01-21 12:27:12 +00:00
Khem Raj	2b32e0fd6e	tiff: Backport fixes for CVE-2023-6277 (From OE-Core rev: d115e17ad7775cf5bbfd402e98e61f362ac96efa) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-12-06 22:55:50 +00:00
Alexander Kanavin	8c5dd21254	tiff: upgrade 4.5.1 -> 4.6.0 (From OE-Core rev: 9e80f93ada4eae638350d86b8aa514203f757d43) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-09-26 10:35:27 +01:00
Yogita Urade	558f2e49a5	tiff: fix CVE-2023-41175 libtiff: potential integer overflow in raw2tiff.c References: https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://security-tracker.debian.org/tracker/CVE-2023-41175 https://gitlab.com/libtiff/libtiff/-/issues/592 (From OE-Core rev: 4ee806cbc12fbc830b09ba6222e96b1e5f24539f) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-09-20 08:57:26 +01:00
Yogita Urade	1843db6ae3	tiff: fix CVE-2023-40745 libtiff: integer overflow in tiffcp.c References: https://security-tracker.debian.org/tracker/CVE-2023-40745 https://gitlab.com/libtiff/libtiff/-/issues/591 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 (From OE-Core rev: c3d4fbeb51278a04a6800c894c681733ad2259ca) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-09-20 08:57:26 +01:00
Andrej Valek	c15e506a46	cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS - Try to add convert and apply statuses for old CVEs - Drop some obsolete ignores, while they are not relevant for current version (From OE-Core rev: 1634ed4048cf56788cd5c2c1bdc979b70afcdcd7) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Reviewed-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-07-21 11:52:26 +01:00
Ross Burton	238b4ff55e	tiff: upgrade to 4.5.1 Also remove old CVE_CHECK_IGNOREs which are no longer needed due to CPE updates. (From OE-Core rev: 2200fde7011c4206382150c2602b2eb17423d45e) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-07-10 11:36:34 +01:00
Natasha Bailey	a4bd1f7282	tiff: backport a fix for CVE-2023-26965 Fixes a bug where a buffer was used after a potential reallocation. (From OE-Core rev: 48b8945fa570edcdf1e19ed4a4ca81c4416f1a6a) Signed-off-by: Natasha Bailey <nat.bailey@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-06-27 16:23:40 +01:00
Natasha Bailey	2f56bdb289	tiff: backport a fix for CVE-2023-2731 This patch fixes an issue in libtiff's LZWDecode function which could cause a null pointer dereference. (From OE-Core rev: 7da5abf23232f61bf8009b4b8e97632768867e07) Signed-off-by: Natasha Bailey <nat.bailey@windriver.com> Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-06-01 08:05:11 +01:00
nikhil	ddf68ab675	tiff: Remove unused patch from tiff Remove 0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch file from tiff as it was removed while upgrading tiff from 4.4.0 -> 4.5.0 (From OE-Core rev: c53abdb5ce9cdbfb0f9e48b64b800c45549d18a6) Signed-off-by: Nikhil R <nikhilar2410@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-05-11 09:15:00 +01:00
Pawan Badganchi	2c9488e5d2	tiff: Add fix for CVE-2022-4645 Below patch fixes the CVE-2022-4645 as well. 0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch Link: https://nvd.nist.gov/vuln/detail/CVE-2022-4645 (From OE-Core rev: 312393edf0aa5b2c515c08245d1c289ba79bad55) Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-04-13 11:56:07 +01:00
Ross Burton	1e9b6bf803	tiff: backport fix for CVE-2022-48281 (From OE-Core rev: bf0cf66c10c95ddada595dd5a84b45235c09ebab) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-02-24 11:04:27 +00:00
Markus Volk	4360f7e2c1	libtiff: add PACKAGECONFIG for libdeflate and zstd The main reason for this is an issue with latest libtiff update that causes gtk4-native configure to fail in finding libtiff (while it just builds fine for target). By comparing libtiff-4.pc for native and target it turned out, that it links for native with zstd and libdeflate. Probably because those libs were found on my host system. Adding PACKAGECONFIGS for the libs prevents us from taking them from the host. (From OE-Core rev: ca2e2035b9d81a230a1a63f51b1300418e9b9ca6) Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-31 17:11:06 +00:00
Khem Raj	a51c87b6b4	tiff: Add packageconfig knob for webp tiff-native otherwise falsely detects webp if its installed on build host. This ensures deterministic behavior regardless of host. (From OE-Core rev: 718c44f282310b2ca85877fed706460ccc1eebea) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-09 14:20:14 +00:00
Alexander Kanavin	eba274f60f	tiff: update 4.4.0 -> 4.5.0 Drop all CVE backports. License-Update: formatting (From OE-Core rev: 9a255a3b114686b04bf54560c7485552ec3b438c) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-06 12:08:33 +00:00
Qiu, Zheng	0b5e0e521a	tiff: Security fix for CVE-2022-3970 This patch contains a fix for CVE-2022-3970 Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security-tracker.debian.org/tracker/CVE-2022-3970 Patch generated from : `227500897d` (From OE-Core rev: 668ff495ac44e5b6d9e1af15d3861b5c2b4dfcd1) Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-11-27 23:54:51 +00:00
Qiu, Zheng	5c86008856	tiff: fix a typo for CVE-2022-2953.patch The CVE number in the patch is a typo. CVE-2022-2053 is not related to libtiff. So fix it. (From OE-Core rev: c9f76ef859b0b4edb83ac098816b625f52c78173) Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-10-28 15:46:32 +01:00
Ross Burton	38be41a6f8	tiff: fix a number of CVEs Backport fixes from upstream for the following CVEs: - CVE-2022-3599 - CVE-2022-3597 - CVE-2022-3626 - CVE-2022-3627 - CVE-2022-3570 - CVE-2022-3598 (From OE-Core rev: 722bbb88777cc3c7d1c8273f1279fc18ba33e87c) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-10-28 09:44:52 +01:00
Ross Burton	c8d04cde0f	tiff: backport fix for CVE-2022-2953 (From OE-Core rev: aa018b5bec49c06e64a493a413f42558a17947cf) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-08 14:59:39 +01:00
Khem Raj	96bd1c0f64	tiff: Backport a patch for CVE-2022-34526 (From OE-Core rev: ade918f1e904ecab2c74358ca874c6b9594de2f0) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-16 14:57:58 +01:00
Ross Burton	5b03086c91	tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058 (From OE-Core rev: a84538dbe760fed94cfe22a39b0a6f95c61c307d) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-07-12 12:52:52 +01:00
Alexander Kanavin	5709914874	tiff: update 4.3.0 -> 4.4.0 Drop all CVE backports. (From OE-Core rev: ec3897659a046e7e3f652cabd04e98bb56f1b261) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-06-07 21:21:54 +01:00
Richard Purdie	f3046bd853	tiff: Add jbig PACKAGECONFIG and clarify CVE-2022-1210 We never depended upon libjbig so this was never present. Add the PACKAGECONFIG to make this explict. CVE-2022-1210 is an issue in libjbig so we don't have a problem there, mark as such. (From OE-Core rev: 34e6a19f2430ee2fd0fec4bec1891e898a0d9766) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-28 18:38:02 +01:00
Ross Burton	70c2ad9bca	tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid These issues only affect libtiff post-4.3.0 but before 4.4.0, caused by 3079627e and fixed by b4e79bfa. (From OE-Core rev: 49e93892a37d1a2af2b0a155117441e978385e4c) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-28 10:33:49 +01:00
Richard Purdie	45afc335d3	tiff: Add marker for CVE-2022-1056 being fixed As far as I can tell, the patches being applied also fix CVE-2022-1056 so mark as such. (From OE-Core rev: 256d212fd1eb9b6d4b87c2c84b1ea2a3afdeb843) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-13 16:52:24 +01:00
Ross Burton	a2b1bfd957	tiff: backport CVE fixes: Backport fixes for the following CVEs: - CVE-2022-0865 - CVE-2022-0891 - CVE-2022-0907 - CVE-2022-0908 - CVE-2022-0909 - CVE-2022-0924 (From OE-Core rev: 2fe35de73cfa8de444d7ffb24246e8f87c36ee8d) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-03-23 12:13:50 +00:00
Richard Purdie	71ef319193	meta/scripts: Automated conversion of OE renamed variables (From OE-Core rev: aa52af4518604b5bf13f3c5e885113bf868d6c81) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-21 23:37:27 +00:00
Richard Purdie	e600227b13	tiff: Add backports for two CVEs from upstream (From OE-Core rev: 6ae14b4ff7a655b48c6d99ac565d12bf8825414f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-21 07:52:04 +00:00
Ross Burton	0e1d27b69d	tiff: backport fix for CVE-2022-22844 (From OE-Core rev: daf2880b7431aa641e02ebba8cbca40d81389088) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-01-26 06:27:00 +00:00
Richard Purdie	bb6ddc3691	Convert to new override syntax This is the result of automated script conversion: scripts/contrib/convert-overrides.py <oe-core directory> converting the metadata to use ":" as the override character instead of "_". (From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-02 15:44:10 +01:00
Richard Purdie	2d5c161021	tiff: Exclude CVE-2015-7313 from cve-check Some fix upstream addresses the issue, it isn't clear which change this was. Our current version doesn't have issues with the test image though so we can exclude. (From OE-Core rev: 3874da694ae1d9de06dd003bd80705205e2b033b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-05-12 23:06:05 +01:00
wangmy	fa1208406e	tiff: upgrade 4.2.0 -> 4.3.0 (From OE-Core rev: 702c5c7973c77c51d5ce8de11e73c708c55927a3) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-04-23 10:12:10 +01:00
Meh Mbeh Ida Delphine	0020bef146	recipes-multimedia: Add missing HOMEPAGE and DESCRIPTION for recipes. Fixes: [YOCTO #13471] (From OE-Core rev: 312994268bb68a012a61c99e1c3697e8de60a2ce) Signed-off-by: Ida Delphine <idadelm@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-03-02 20:39:36 +00:00
Wang Mingyu	55bf36bf4e	tiff: upgrade 4.1.0 -> 4.2.0 (From OE-Core rev: 9c2c01607929f9aed8d606ef4e049a435d8fe6f2) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-01-10 12:34:40 +00:00
Christian Eggers	d3984cd771	tiff: Extend for nativesdk Doxygen in meta-oe has recently been extended for nativesdk. Doxygen is often used together with mscgen which in turn depends indirectly on tiff (via gd library). (From OE-Core rev: 929cf038ec0f49e86d9ab0ec7e012320598ceb81) Signed-off-by: Christian Eggers <ceggers@arri.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2020-06-04 13:27:32 +01:00
Alexander Kanavin	f931a332d1	tiff: update to 4.1.0 Drop backported patches. (From OE-Core rev: e5ecf2604e5b8c957eb3bae21fb3c9b2b1b7e12f) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-21 23:08:19 +00:00
Joe Slater	6df6e5d3ba	libtiff: fix CVE-2019-17546 Apply unmodified patch from upstream. (From OE-Core rev: 844e7aa217f5ecf46766a07d46f9d7f083668e8e) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-31 16:09:35 +00:00
Trevor Gamblin	c855f55a7d	tiff: fix CVE-2019-14973 CVE reference: https://nvd.nist.gov/vuln/detail/CVE-2019-14973 Upstream merge: https://gitlab.com/libtiff/libtiff/commit/2218055c (From OE-Core rev: b57304c1afb73a698a1c40a017d433e4d81a8df2) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-02 10:09:47 +01:00
Ross Burton	8e63ec13b4	tiff: fix CVE-2019-7663 (From OE-Core rev: d06d6910d1ec9374bb15e02809e64e81198731b6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-16 13:53:17 +01:00
Ross Burton	d3e9a9b2a0	tiff: fix CVE-2019-6128 (From OE-Core rev: 7293e417dd9bdd04fe0fec177a76c9286234ed46) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-16 13:53:16 +01:00
Ross Burton	63731c5d5f	tiff: remove redundant patch The patching to make the new libtool work (from 2008) is no longer needed. (From OE-Core rev: 4210fafa851d011023f5a58ed3887148168f861c) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-16 13:53:16 +01:00
Alexander Kanavin	691e306994	tiff: update to 4.0.10 (From OE-Core rev: 92a2e6dc73085ccb5482986c6b61d40992fb4f50) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-11-23 23:35:18 +00:00
Joe Slater	205d75ddb3	libtiff: fix CVE-2017-17095 Backport fix from gitlab.com/libtiff/libtiff. nvd.nist.gov does not yet reference this patch. (From OE-Core rev: f72c8af3f2c1ec9e4d9ffcf0cc6e7fdf572b21b9) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-10-04 14:21:41 +01:00

1 2 3

113 Commits