mirror of
https://git.yoctoproject.org/poky
synced 2026-04-04 23:02:22 +02:00
f6f3a08371
Add fix for tiffcrop tool CVE-2023-1916 [1]. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. The tool is no longer part of newer libtiff distributions, hence the fix is rejected by upstream in [2]. The backport is still applicable to older versions of libtiff, pick the CVE fix from ubuntu 20.04 [3]. [1] https://nvd.nist.gov/vuln/detail/CVE-2023-1916 [2] https://gitlab.com/libtiff/libtiff/-/merge_requests/535 [3] https://packages.ubuntu.com/source/focal-updates/tiff (From OE-Core rev: 28ad0fdd30f490612aca6cc96ee503e5f92360a8) Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>
QEMU Emulation Targets ====================== To simplify development, the build system supports building images to work with the QEMU emulator in system emulation mode. Several architectures are currently supported in 32 and 64 bit variants: * ARM (qemuarm + qemuarm64) * x86 (qemux86 + qemux86-64) * PowerPC (qemuppc only) * MIPS (qemumips + qemumips64) Use of the QEMU images is covered in the Yocto Project Reference Manual. The appropriate MACHINE variable value corresponding to the target is given in brackets.