| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-7674 Heap overflow with a gif file in gdk-pixbuf < 2.32.1
(From OE-Core master rev: f2b16d0f9c3ad67fdf63e9e41f42a6d54f1043e4)
(From OE-Core rev: 50602eebe1150819c320b6b611dcd792573eb55a)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pixops: Be more careful about integer overflow
Integer overflow in the make_filter_table function in pixops/pixops.c
in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and
Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other
products, allows remote attackers to execute arbitrary code or cause a
denial of service (heap-based buffer overflow and application crash) via
crafted bitmap dimensions that are mishandled during scaling.
(From OE-Core master rev: e27f367d08becce9486f2890cb7382f3c8448246)
(From OE-Core rev: 8e6da2d34ed6e3352e235c1723d6b4f425bd5932)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Drop tests-check.patch as it has been merged into this release.
License checksums updated as the FSF address was changed.
(From OE-Core rev: 99b91a43962e4f40d9593053f252603d5a7ae842)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
So that gdk-pixbuf-query-loader failures can be identified as such (and executed
later, or run on the target) add a magic environment variable return loader
failures from main().
(From OE-Core rev: 8995c2cbb7a08c569d3e554b65f2bc3cc1682e2a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: b78d9b2f059f3f87c474bba8eb6258bb7299cabc)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
There's a configure option for GIO sniffing so don't use a patch to disable it.
Instead use a PACKAGECONFIG for this and default to off, as using GIO for
sniffing means a hard dependency on shared-mime-info.
(From OE-Core rev: 624e79deb58c08bcc32053e792df140f527d20b1)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Something along the lines of pngversion.patch was merged upstream, so drop that
patch.
Also use the new trim_version() function for a future-proof SRC_URI.
(From OE-Core rev: 30b32addd189e7acce73965c9176227d5f392ab9)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|