mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-03-25 01:02:22 +01:00

Author	SHA1	Message	Date
Alexander Kanavin	8c5dd21254	tiff: upgrade 4.5.1 -> 4.6.0 (From OE-Core rev: 9e80f93ada4eae638350d86b8aa514203f757d43) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-09-26 10:35:27 +01:00
Yogita Urade	558f2e49a5	tiff: fix CVE-2023-41175 libtiff: potential integer overflow in raw2tiff.c References: https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://security-tracker.debian.org/tracker/CVE-2023-41175 https://gitlab.com/libtiff/libtiff/-/issues/592 (From OE-Core rev: 4ee806cbc12fbc830b09ba6222e96b1e5f24539f) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-09-20 08:57:26 +01:00
Yogita Urade	1843db6ae3	tiff: fix CVE-2023-40745 libtiff: integer overflow in tiffcp.c References: https://security-tracker.debian.org/tracker/CVE-2023-40745 https://gitlab.com/libtiff/libtiff/-/issues/591 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 (From OE-Core rev: c3d4fbeb51278a04a6800c894c681733ad2259ca) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-09-20 08:57:26 +01:00
Andrej Valek	c15e506a46	cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS - Try to add convert and apply statuses for old CVEs - Drop some obsolete ignores, while they are not relevant for current version (From OE-Core rev: 1634ed4048cf56788cd5c2c1bdc979b70afcdcd7) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Reviewed-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-07-21 11:52:26 +01:00
Ross Burton	238b4ff55e	tiff: upgrade to 4.5.1 Also remove old CVE_CHECK_IGNOREs which are no longer needed due to CPE updates. (From OE-Core rev: 2200fde7011c4206382150c2602b2eb17423d45e) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-07-10 11:36:34 +01:00
Natasha Bailey	a4bd1f7282	tiff: backport a fix for CVE-2023-26965 Fixes a bug where a buffer was used after a potential reallocation. (From OE-Core rev: 48b8945fa570edcdf1e19ed4a4ca81c4416f1a6a) Signed-off-by: Natasha Bailey <nat.bailey@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-06-27 16:23:40 +01:00
Natasha Bailey	2f56bdb289	tiff: backport a fix for CVE-2023-2731 This patch fixes an issue in libtiff's LZWDecode function which could cause a null pointer dereference. (From OE-Core rev: 7da5abf23232f61bf8009b4b8e97632768867e07) Signed-off-by: Natasha Bailey <nat.bailey@windriver.com> Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-06-01 08:05:11 +01:00
nikhil	ddf68ab675	tiff: Remove unused patch from tiff Remove 0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch file from tiff as it was removed while upgrading tiff from 4.4.0 -> 4.5.0 (From OE-Core rev: c53abdb5ce9cdbfb0f9e48b64b800c45549d18a6) Signed-off-by: Nikhil R <nikhilar2410@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-05-11 09:15:00 +01:00
Pawan Badganchi	2c9488e5d2	tiff: Add fix for CVE-2022-4645 Below patch fixes the CVE-2022-4645 as well. 0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch Link: https://nvd.nist.gov/vuln/detail/CVE-2022-4645 (From OE-Core rev: 312393edf0aa5b2c515c08245d1c289ba79bad55) Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-04-13 11:56:07 +01:00
Ross Burton	1e9b6bf803	tiff: backport fix for CVE-2022-48281 (From OE-Core rev: bf0cf66c10c95ddada595dd5a84b45235c09ebab) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-02-24 11:04:27 +00:00
Markus Volk	4360f7e2c1	libtiff: add PACKAGECONFIG for libdeflate and zstd The main reason for this is an issue with latest libtiff update that causes gtk4-native configure to fail in finding libtiff (while it just builds fine for target). By comparing libtiff-4.pc for native and target it turned out, that it links for native with zstd and libdeflate. Probably because those libs were found on my host system. Adding PACKAGECONFIGS for the libs prevents us from taking them from the host. (From OE-Core rev: ca2e2035b9d81a230a1a63f51b1300418e9b9ca6) Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-31 17:11:06 +00:00
Khem Raj	a51c87b6b4	tiff: Add packageconfig knob for webp tiff-native otherwise falsely detects webp if its installed on build host. This ensures deterministic behavior regardless of host. (From OE-Core rev: 718c44f282310b2ca85877fed706460ccc1eebea) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-09 14:20:14 +00:00
Alexander Kanavin	eba274f60f	tiff: update 4.4.0 -> 4.5.0 Drop all CVE backports. License-Update: formatting (From OE-Core rev: 9a255a3b114686b04bf54560c7485552ec3b438c) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-06 12:08:33 +00:00
Qiu, Zheng	0b5e0e521a	tiff: Security fix for CVE-2022-3970 This patch contains a fix for CVE-2022-3970 Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security-tracker.debian.org/tracker/CVE-2022-3970 Patch generated from : `227500897d` (From OE-Core rev: 668ff495ac44e5b6d9e1af15d3861b5c2b4dfcd1) Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-11-27 23:54:51 +00:00
Qiu, Zheng	5c86008856	tiff: fix a typo for CVE-2022-2953.patch The CVE number in the patch is a typo. CVE-2022-2053 is not related to libtiff. So fix it. (From OE-Core rev: c9f76ef859b0b4edb83ac098816b625f52c78173) Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-10-28 15:46:32 +01:00
Ross Burton	38be41a6f8	tiff: fix a number of CVEs Backport fixes from upstream for the following CVEs: - CVE-2022-3599 - CVE-2022-3597 - CVE-2022-3626 - CVE-2022-3627 - CVE-2022-3570 - CVE-2022-3598 (From OE-Core rev: 722bbb88777cc3c7d1c8273f1279fc18ba33e87c) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-10-28 09:44:52 +01:00
Ross Burton	c8d04cde0f	tiff: backport fix for CVE-2022-2953 (From OE-Core rev: aa018b5bec49c06e64a493a413f42558a17947cf) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-08 14:59:39 +01:00
Khem Raj	96bd1c0f64	tiff: Backport a patch for CVE-2022-34526 (From OE-Core rev: ade918f1e904ecab2c74358ca874c6b9594de2f0) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-16 14:57:58 +01:00
Ross Burton	5b03086c91	tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058 (From OE-Core rev: a84538dbe760fed94cfe22a39b0a6f95c61c307d) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-07-12 12:52:52 +01:00
Alexander Kanavin	5709914874	tiff: update 4.3.0 -> 4.4.0 Drop all CVE backports. (From OE-Core rev: ec3897659a046e7e3f652cabd04e98bb56f1b261) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-06-07 21:21:54 +01:00
Richard Purdie	f3046bd853	tiff: Add jbig PACKAGECONFIG and clarify CVE-2022-1210 We never depended upon libjbig so this was never present. Add the PACKAGECONFIG to make this explict. CVE-2022-1210 is an issue in libjbig so we don't have a problem there, mark as such. (From OE-Core rev: 34e6a19f2430ee2fd0fec4bec1891e898a0d9766) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-28 18:38:02 +01:00
Ross Burton	70c2ad9bca	tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid These issues only affect libtiff post-4.3.0 but before 4.4.0, caused by 3079627e and fixed by b4e79bfa. (From OE-Core rev: 49e93892a37d1a2af2b0a155117441e978385e4c) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-28 10:33:49 +01:00
Richard Purdie	45afc335d3	tiff: Add marker for CVE-2022-1056 being fixed As far as I can tell, the patches being applied also fix CVE-2022-1056 so mark as such. (From OE-Core rev: 256d212fd1eb9b6d4b87c2c84b1ea2a3afdeb843) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-13 16:52:24 +01:00
Ross Burton	a2b1bfd957	tiff: backport CVE fixes: Backport fixes for the following CVEs: - CVE-2022-0865 - CVE-2022-0891 - CVE-2022-0907 - CVE-2022-0908 - CVE-2022-0909 - CVE-2022-0924 (From OE-Core rev: 2fe35de73cfa8de444d7ffb24246e8f87c36ee8d) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-03-23 12:13:50 +00:00
Richard Purdie	71ef319193	meta/scripts: Automated conversion of OE renamed variables (From OE-Core rev: aa52af4518604b5bf13f3c5e885113bf868d6c81) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-21 23:37:27 +00:00
Richard Purdie	e600227b13	tiff: Add backports for two CVEs from upstream (From OE-Core rev: 6ae14b4ff7a655b48c6d99ac565d12bf8825414f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-21 07:52:04 +00:00
Ross Burton	0e1d27b69d	tiff: backport fix for CVE-2022-22844 (From OE-Core rev: daf2880b7431aa641e02ebba8cbca40d81389088) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-01-26 06:27:00 +00:00
Richard Purdie	bb6ddc3691	Convert to new override syntax This is the result of automated script conversion: scripts/contrib/convert-overrides.py <oe-core directory> converting the metadata to use ":" as the override character instead of "_". (From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-02 15:44:10 +01:00
Richard Purdie	2d5c161021	tiff: Exclude CVE-2015-7313 from cve-check Some fix upstream addresses the issue, it isn't clear which change this was. Our current version doesn't have issues with the test image though so we can exclude. (From OE-Core rev: 3874da694ae1d9de06dd003bd80705205e2b033b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-05-12 23:06:05 +01:00
wangmy	fa1208406e	tiff: upgrade 4.2.0 -> 4.3.0 (From OE-Core rev: 702c5c7973c77c51d5ce8de11e73c708c55927a3) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-04-23 10:12:10 +01:00
Meh Mbeh Ida Delphine	0020bef146	recipes-multimedia: Add missing HOMEPAGE and DESCRIPTION for recipes. Fixes: [YOCTO #13471] (From OE-Core rev: 312994268bb68a012a61c99e1c3697e8de60a2ce) Signed-off-by: Ida Delphine <idadelm@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-03-02 20:39:36 +00:00
Wang Mingyu	55bf36bf4e	tiff: upgrade 4.1.0 -> 4.2.0 (From OE-Core rev: 9c2c01607929f9aed8d606ef4e049a435d8fe6f2) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-01-10 12:34:40 +00:00
Christian Eggers	d3984cd771	tiff: Extend for nativesdk Doxygen in meta-oe has recently been extended for nativesdk. Doxygen is often used together with mscgen which in turn depends indirectly on tiff (via gd library). (From OE-Core rev: 929cf038ec0f49e86d9ab0ec7e012320598ceb81) Signed-off-by: Christian Eggers <ceggers@arri.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2020-06-04 13:27:32 +01:00
Alexander Kanavin	f931a332d1	tiff: update to 4.1.0 Drop backported patches. (From OE-Core rev: e5ecf2604e5b8c957eb3bae21fb3c9b2b1b7e12f) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-21 23:08:19 +00:00
Joe Slater	6df6e5d3ba	libtiff: fix CVE-2019-17546 Apply unmodified patch from upstream. (From OE-Core rev: 844e7aa217f5ecf46766a07d46f9d7f083668e8e) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-31 16:09:35 +00:00
Trevor Gamblin	c855f55a7d	tiff: fix CVE-2019-14973 CVE reference: https://nvd.nist.gov/vuln/detail/CVE-2019-14973 Upstream merge: https://gitlab.com/libtiff/libtiff/commit/2218055c (From OE-Core rev: b57304c1afb73a698a1c40a017d433e4d81a8df2) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-02 10:09:47 +01:00
Ross Burton	8e63ec13b4	tiff: fix CVE-2019-7663 (From OE-Core rev: d06d6910d1ec9374bb15e02809e64e81198731b6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-16 13:53:17 +01:00
Ross Burton	d3e9a9b2a0	tiff: fix CVE-2019-6128 (From OE-Core rev: 7293e417dd9bdd04fe0fec177a76c9286234ed46) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-16 13:53:16 +01:00
Ross Burton	63731c5d5f	tiff: remove redundant patch The patching to make the new libtool work (from 2008) is no longer needed. (From OE-Core rev: 4210fafa851d011023f5a58ed3887148168f861c) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-16 13:53:16 +01:00
Alexander Kanavin	691e306994	tiff: update to 4.0.10 (From OE-Core rev: 92a2e6dc73085ccb5482986c6b61d40992fb4f50) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-11-23 23:35:18 +00:00
Joe Slater	205d75ddb3	libtiff: fix CVE-2017-17095 Backport fix from gitlab.com/libtiff/libtiff. nvd.nist.gov does not yet reference this patch. (From OE-Core rev: f72c8af3f2c1ec9e4d9ffcf0cc6e7fdf572b21b9) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-10-04 14:21:41 +01:00
Joe Slater	8a2b440f87	tiff: security fix CVE-2018-7456 NULL pointer use as described at nvd.nist.gov/vuln/detail/CVE-2018-7456. (From OE-Core rev: 122da5cec495fc8ddfd880327e7c3ed0dc70e04f) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-07-26 13:16:40 +01:00
Joe Slater	d85feee51c	tiff: security fix CVE-2018-8905 Buffer overflow described at nvd.nits.gov/vuln/detail/CVE-2018-8905. (From OE-Core rev: 3f6f2a0619b4e243e6a9e52cee2cdd625ebf6769) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-07-26 13:16:40 +01:00
Joe Slater	90a06269df	tiff: security fix CVE-2018-10963 Denial of service described at https://nvd.nist.gov/vuln/detail/CVE-2018-10963. (From OE-Core rev: d19a9b41d3b2dcba3b102a8289b7787b4b131e96) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-07-18 10:18:42 +01:00
Yi Zhao	7a80996355	tiff: Security fixes Fix CVE-2017-99935, CVE-2017-18013, CVE-2018-5784 References: https://nvd.nist.gov/vuln/detail/CVE-2017-9935 https://nvd.nist.gov/vuln/detail/CVE-2017-18013 https://nvd.nist.gov/vuln/detail/CVE-2018-5784 Patches from: CVE-2017-9935: `3dd8f6a357` CVE-2017-18013: `c6f41df7b5` CVE-2018-5784: `473851d211` (From OE-Core rev: 798b6b4b3ce370264d036e555185a99ce3aa97b7) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-03-25 09:40:41 +01:00
Zhang Xiao	5ae4806529	tiff: Fix multilib header conflict - tiffconf.h Header file conflict between 32-bit and 64-bit versions. (From OE-Core rev: 53f320797765b5f184a83cd065f9b5e454ee14e3) Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-03-15 06:27:19 -07:00
Ross Burton	1caae443ee	libtiff: refresh patches The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: 8d4dd42cf39ac33e2479cb4f9f833701d68cea62) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-03-11 06:27:01 -07:00
Ross Burton	e53eebb49d	libtiff: refresh patches The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: 65155f3719051aae2a2e716c719b78ee7ca1bb29) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-03-09 09:17:02 -08:00
Huang Qiyu	975591a8d6	tiff: 4.0.8 -> 4.0.9 1.Upgrade tiff from 4.0.8 to 4.0.9. 2.Delete CVE-2017-10688.patch, CVE-2017-11335.patch, CVE-2017-13726.patch, CVE-2017-13727.patch, CVE-2017-9147.patch, CVE-2017-9936.patch, since it is integrated upstream. (From OE-Core rev: df894b523d74f8fd723d1c8fb03f55e46c6af0f5) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-01-19 12:37:14 +00:00
Yi Zhao	89c81eedca	tiff: Security fix CVE-2017-13726 and CVE-2017-13727 References: https://nvd.nist.gov/vuln/detail/CVE-2017-13726 https://nvd.nist.gov/vuln/detail/CVE-2017-13727 Patches from: CVE-2017-13726: `f91ca83a21` CVE-2017-13727: `b6af137bf9` (From OE-Core rev: 8dc9d74b7e6816f59eb61dcda6a93c0753a5e4ab) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2017-09-22 17:15:30 +01:00

1 2 3

104 Commits