summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libtiff
Commit message (Collapse)AuthorAgeFilesLines
* libtiff: fix CVE-2013-1961Muzaffar Mahmood2014-08-272-0/+787
| | | | | | | | | | | | | | | | | Integrate community fix for the issue CVE-2013-1961 and migrated to version 4.0.3. Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. (From OE-Core rev: f24e3456c60951d2985d7c23bdcc1f8c15d6c167) Signed-off-by: Priyanka Shobhan <priyanka_shobhan@mentor.com> Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Muzaffar Mahmood <muzaffar_mahmood@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: Security Advisory - CVE-2012-4564Yue Tao2014-06-172-1/+101
| | | | | | | | | | | | | | | | | | | | v2 changes: * update format for commit log * add Upstream-Status for patch ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4564 (From OE-Core rev: 9f02922d44de483ef4d02ce95b55efe79a8b09a2) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix for Security Advisory CVE-2013-4231Yue Tao2014-05-212-1/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231 (From OE-Core rev: 19e6d05161ef9f4e5f7277f6eb35eb5d94ecf629) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: fix CVE-2013-4244Baogen Shang2014-03-302-1/+21
| | | | | | | | | | | | | | | cve description: The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4244 (From OE-Core rev: 4eec8fae3f972a27bfb986066f5b3603599ebc25) Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: flesh out PACKAGECONFIGChristopher Larson2014-01-281-1/+23
| | | | | | | | | | | | | | Adds packageconfigs for all appropriate configure arguments (other than jpeg 8/12 bit mode support, where I wasn't clear on the deps, and which I doubt we care about). jpeg, zlib, and xz dependencies can now be controlled. (From OE-Core rev: 314b07181a3c7ef6d8f002f555a68ed6feaf99bb) Signed-off-by: Christopher Larson <kergoth@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Replace one-line DESCRIPTION with SUMMARYPaul Eggleton2014-01-021-1/+1
| | | | | | | | | | | | | | A lot of our recipes had short one-line DESCRIPTION values and no SUMMARY value set. In this case it's much better to just set SUMMARY since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY is at least useful. I also took the opportunity to fix up a lot of the new SUMMARY values, making them concisely explain the function of the recipe / package where possible. (From OE-Core rev: b8feee3cf21f70ba4ec3b822d2f596d4fc02a292) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: CVE-2013-4243Baogen Shang2013-12-102-1/+42
| | | | | | | | | | | | | | | | | cve description: Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4243 (From OE-Core rev: 47388363f69bfbf5ed1816a9367627182ee10e88) Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: CVE-2013-4232Baogen Shang2013-12-102-1/+17
| | | | | | | | | | | | | | | | | cve description: Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted TIFF image. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4232 (From OE-Core rev: bd4a878815e7033b1114940e2a5a16568322655b) Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: fix CVE-2013-1960Ming Liu2013-12-102-1/+153
| | | | | | | | | | | | | | | Heap-based buffer overflow in the tp_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1960 (From OE-Core rev: 9db7a897d216a8293152c1a3b96c72b699d469c7) Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Remove PR = r0 from all recipesRichard Purdie2013-10-301-1/+0
| | | | | | | | | | | | | Remove all PR = "r0" from all .bb files in oe-core. This was done with the command sed -e '/^PR.*=.*r0\"/d' recipes*/*/*.bb -i We've switching to the PR server, PR bumps are no longer needed and this saves people either accidentally bumping them or forgetting to remove the lines (r0 is the default anyway). (From OE-Core rev: 58ae94f1b06d0e6234413dbf9869bde85f154c85) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Update to 4.0.3Saul Wold2012-11-211-2/+2
| | | | | | | (From OE-Core rev: 90ad57fbd72edf44336d0ad2c2e3ec861a641fb3) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: Upgrade to 4.0.2Saul Wold2012-06-251-3/+3
| | | | | | | (From OE-Core rev: 2ee374c5c1dfef2c2a480a11b4ae81802e447e7d) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: import native support from meta-oeMartin Jansa2012-04-261-0/+2
| | | | | | | (From OE-Core rev: fef8ef18e4aa441739137769d753dc882281e8fc) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Make builds deterministicRichard Purdie2012-03-281-2/+2
| | | | | | | | | | | | | | libtiff now depends on lzma which can be obtained from xz and doesn't use lzo. Previously, libtiff would detect and use lzma if it was present leading to a number of race conditions including failures in things linking to libtiff such as ghostscript since lzma could be removed while being rebuild leading to failures in linking. This patch corrects the dependency. (From OE-Core rev: b6369ed4ea03fb5410f94c1ee646d488bf981987) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Update to version 3.9.5Saul Wold2012-02-281-3/+5
| | | | | | | | | | Ensure that OpenGL and friends are disable with the setting of ax_cv_check_gl_libgl = no. (From OE-Core rev: 69e67ac74bda6de1243e35643ee4af8a25a5f32f) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: bump PR to rebuild .la files without libz.laMartin Jansa2012-02-211-1/+1
| | | | | | | (From OE-Core rev: 1da6a2dbd5e7aeea6cd45ca05590bdd50b67bf89) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* zlib: Upgrade 1.2.5 -> 1.2.6Khem Raj2012-02-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Dont use autotools, it really not so autoconf like. the configure script gets updated with every release of zlib and we overwrite that. Instead use the upstream provided configure copyright year was changed in zlib.h which caused change in LIC_FILE_CHECKSUM fix.inverted.LFS.logic.patch is already applied upstream so drop it Drop the configure.ac and Makefile.am scripts since we do not autoreconf anymore and do not inherit autotools anymore Bump PR for depending recipes so a rebuild it ensues so that they dont depend on .la anymore and add missing dependencies discovered during incremental build (From OE-Core rev: 50ad5230ea9e0982cdfda23fb9fcfccf89d28f29) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: refactor packages for staticdevSaul Wold2012-01-241-3/+4
| | | | | | | (From OE-Core rev: 93135c19b9574d952aaf8a4b97425640b847847a) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* OECore license fixes: meta/*Elizabeth Flanagan2011-12-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a quick audit of only the most obviously wrong licenses found within OECore. These fixes fall into four areas: - LICENSE field had incorrect format so that the parser choked - LICENSE field has a license with no version - LICENSE field was actually incorrect - LICENSE field has an imaginary license that didn't exist This fixes most of the LICENSE warnings thrown, along with my prior commit adding additional licenses to common-licenses and additional SPDXLICENSEMAP entries. HOWEVER..... there is much to be done on the license front. For a list of recipes with licenses that need obvious fixing see: https://wiki.yoctoproject.org/wiki/License_Audit That said, I would suggest another license audit as I've found enough inconsistencies. A good suggestion is when in doubt, look at how openSuse or Gentoo or Debian license the package. (From OE-Core rev: 3083dd70b3a9fa01fcc3cf00373b05502505996e) Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: Update to 3.9.5Saul Wold2011-10-142-13/+11
| | | | | | | (From OE-Core rev: 7a6218b05eb4ec23e6378a1738ac2f6809fe5c08) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Delete patch=1, its default and replace pnum with striplevelKhem Raj2011-08-231-1/+1
| | | | | | | | | | Some place pnum=1 is used which is removed as well since striplevel=1 is default (From OE-Core rev: 4e108857e0d40105f7ecbc55e99bd6c367bb7386) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Upstream-Status: Add Upstream-Status for some missing patchesDongxiao Xu2011-07-261-0/+2
| | | | | | | (From OE-Core rev: 66ec3774f99229ca6c25c047372f45ccd834d77a) Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* SRC_URI Checksums AdditionalsSaul Wold2010-12-091-0/+3
| | | | Signed-off-by: Saul Wold <sgw@linux.intel.com>
* tiff: update license infoQing He2010-12-011-0/+1
| | | | Signed-off-by: Qing He <qing.he@intel.com>
* Major layout change to the packages directoryRichard Purdie2010-08-272-0/+36
Having one monolithic packages directory makes it hard to find things and is generally overwhelming. This commit splits it into several logical sections roughly based on function, recipes.txt gives more information about the classifications used. The opportunity is also used to switch from "packages" to "recipes" as used in OpenEmbedded as the term "packages" can be confusing to people and has many different meanings. Not all recipes have been classified yet, this is just a first pass at separating things out. Some packages are moved to meta-extras as they're no longer actively used or maintained. Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>