| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | tiff: refresh with devtool | Martin Jansa | 2022-12-07 | 1 | -15/+15 |
| | | | | | | | | | | | | | | * so that they can be easily and cleanly applied with "git am" * manually fix CVE-2022-2953.patch commit message not to use UTF-8 quotes and replace it with human readable text from original commit: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf (From OE-Core rev: 535c814259ec63916debb17a326fa328c4f6237b) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||||
| * | tiff: fix CVE-2022-2953 | Zheng Qiu | 2022-11-04 | 1 | -0/+87 |
| While this does not happen with the tiff 4.3.0 release, it does happen with the series of patches we have, so backport the two simple changes that restrict the tiffcrop options to avoid the vulnerability. CVE-2022-2953.patch was taken from upstream, and a small typo was fixed for the CVE number. The other patch is included in tiff 4.4.0 but not 4.3.0, so add it as well. (From OE-Core rev: cd94ed01214251027d1076b67cf65c3058f51dad) Signed-off-by: Randy MacLeod <randy.macleod@windriver.com> Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | |||||
 |
index : linux/poky.git | |
| Mirror of git.yoctoproject.org/poky | N/A |
| summaryrefslogtreecommitdiffstats |