Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=python3 2016-04-29T06:41:43+00:00 2016-04-29T06:41:43+00:00 Armin Kuster akuster@mvista.com 2016-04-26T00:29:41+00:00 urn:sha1:3f75a6478b6b6a62ddd9e086770efc84f8666928 same fix for both CVE's tiff <= 4.0.6 (From OE-Core rev: b7a38a45bf404b8f9b419bf7c054102d68cf2673) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-12-28T09:25:15+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2015-12-17T14:29:29+00:00 urn:sha1:f7a7796b3769864a52982294711948463c77442d (From OE-Core rev: 88a2a8f2f03faa19c1400a9badf16845ba217861) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-12-08T10:20:52+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2015-11-16T14:34:03+00:00 urn:sha1:74bfa62f85433991f007ae1e029e76db05b3a380 (From OE-Core rev: 1eb9e190ef3bb1170b3eaabd9f7900e7ce176624) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-06-27T21:42:56+00:00 Randy MacLeod Randy.MacLeod@windriver.com 2015-06-26T20:27:51+00:00 urn:sha1:e3b35f56a80d3adbe997950702dd5eba243d1bbc Update tiff to latest version. None of the local CVE patches are needed based on reviewing the ChangeLog so remove them. (From OE-Core rev: 5c5d7c2ab0d32faca43ba360d5d42ecd2822c730) Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-04-13T21:33:22+00:00 Robert Yang liezhi.yang@windriver.com 2015-04-10T09:30:07+00:00 urn:sha1:23a88e24f07608d53726a3ed37ad356a088d8c77 There should be only one dev and dbg package (From OE-Core rev: dd65ee47d04f3f8e51a7abec02d564b9e46626ae) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-08-27T11:12:32+00:00 Muzaffar Mahmood muzaffar_mahmood@mentor.com 2014-08-25T11:51:06+00:00 urn:sha1:07ad83ed024a7aa1dff4b6d9b8830c0144b83ea3 Integrate community fix for the issue CVE-2013-1961 and migrated to version 4.0.3. Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. (From OE-Core rev: f24e3456c60951d2985d7c23bdcc1f8c15d6c167) Signed-off-by: Priyanka Shobhan <priyanka_shobhan@mentor.com> Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Muzaffar Mahmood <muzaffar_mahmood@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-06-17T09:23:53+00:00 Yue Tao Yue.Tao@windriver.com 2014-06-17T08:25:20+00:00 urn:sha1:c44d7b5cdedf5cd32f3223da50909351465a8afe v2 changes: * update format for commit log * add Upstream-Status for patch ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4564 (From OE-Core rev: 9f02922d44de483ef4d02ce95b55efe79a8b09a2) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-05-21T08:09:01+00:00 Yue Tao Yue.Tao@windriver.com 2014-05-19T06:32:13+00:00 urn:sha1:7719f580b61ba36c0449eddb28aff06e61cd5122 Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231 (From OE-Core rev: 19e6d05161ef9f4e5f7277f6eb35eb5d94ecf629) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-03-30T09:10:32+00:00 Baogen Shang baogen.shang@windriver.com 2014-03-28T09:43:36+00:00 urn:sha1:c4c31eb76170ee4d7cb436954b35b27971a46e84 cve description: The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4244 (From OE-Core rev: 4eec8fae3f972a27bfb986066f5b3603599ebc25) Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-01-28T00:52:36+00:00 Christopher Larson kergoth@gmail.com 2014-01-24T17:26:24+00:00 urn:sha1:2f4bddc0f2abbef87f8fd2a188d041b2c0ed8257 Adds packageconfigs for all appropriate configure arguments (other than jpeg 8/12 bit mode support, where I wasn't clear on the deps, and which I doubt we care about). jpeg, zlib, and xz dependencies can now be controlled. (From OE-Core rev: 314b07181a3c7ef6d8f002f555a68ed6feaf99bb) Signed-off-by: Christopher Larson <kergoth@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>