mirror of
https://git.yoctoproject.org/poky
synced 2026-03-29 05:02:22 +02:00
fc1c036d4a
While this does not happen with the tiff 4.3.0 release, it does happen with the series of patches we have, so backport the two simple changes that restrict the tiffcrop options to avoid the vulnerability. CVE-2022-2953.patch was taken from upstream, and a small typo was fixed for the CVE number. The other patch is included in tiff 4.4.0 but not 4.3.0, so add it as well. (From OE-Core rev: cd94ed01214251027d1076b67cf65c3058f51dad) Signed-off-by: Randy MacLeod <randy.macleod@windriver.com> Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>