summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libtiff
Commit message (Collapse)AuthorAgeFilesLines
* The poky repository master branch is no longer being updated.Richard Purdie2025-11-071-65/+0
| | | | | | | | | | | | | | | | | | | | | You can either: a) switch to individual clones of bitbake, openembedded-core, meta-yocto and yocto-docs b) use the new bitbake-setup You can find information about either approach in our documentation: https://docs.yoctoproject.org/ Note that "poky" the distro setting is still available in meta-yocto as before and we continue to use and maintain that. Long live Poky! Some further information on the background of this change can be found in: https://lists.openembedded.org/g/openembedded-architecture/message/2179 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: ignore CVE-2025-8851Peter Marko2025-10-011-0/+1
| | | | | | | | | | | This is fixed in v4.7.0, however cve_check cannot match it as NVD says "Up to (excluding) 2024-08-11". (From OE-Core rev: 66349865ac048ae8e5a81b29c50c68503053f74e) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: upgrade 4.7.0 -> 4.7.1Peter Marko2025-10-019-380/+3
| | | | | | | | | | | | | | Removed patches included in this new release License-Update: BSD license added based on [1] [1] https://gitlab.com/libtiff/libtiff/-/commit/a0b623c7809ea2aa4978d5d7b7bd10e519294c78 (From OE-Core rev: 9161c31aa37341f758fd8f3d095177e8b6de1448) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Add PACKAGECONFIG for liblercZoltán Böszörményi2025-09-081-0/+1
| | | | | | | | | | | | | | | | | | | | | tiff-native may pick up liblerc from the host using the .so symlink, in which case it's added as a private requirement in libtiff-4.pc. That in turn causes a build error in gtk4-native in Yocto because Lerc.pc does not exist. This was observed on Fedora 42 with gdk-pixbuf2-devel installed on the host where libtiff is a dependency of gdk-pixbuf2 and libtiff 4.7.0 is built with liblerc enabled. Add a new PACKAGECONFIG setting for liblerc but keep it disabled since liblerc does not exist in Yocto at the moment. (From OE-Core rev: c95048a1a78522fa5a8fb128dfe6fe2442cd61d2) Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> Backport-to: walnascar Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix CVE-2025-8534Yogita Urade2025-09-082-0/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used." Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-8534 Upstream patch: https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b (From OE-Core rev: 7eb475c8c58c70dbb123de7c94af59c7f67521c9) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2024-13978, CVE-2025-8176, CVE-2025-8177Siddharth Doshi2025-08-258-1/+316
| | | | | | | | | | | | | | | Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/7be20ccaab97455f192de0ac561ceda7cd9e12d1, https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4, https://gitlab.com/libtiff/libtiff/-/commit/3994cf3b3bc6b54c32f240ca5a412cffa11633fa, https://gitlab.com/libtiff/libtiff/-/commit/ce46f002eca4148497363f80fab33f9396bcbeda, https://gitlab.com/libtiff/libtiff/-/commit/ecc4ddbf1f0fed7957d1e20361e37f01907898e0, https://gitlab.com/libtiff/libtiff/-/commit/75d8eca6f106c01aadf76b8500a7d062b12f2d82, https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22] CVE's Fixed: CVE-2024-13978 libtiff: LibTIFF Null Pointer Dereference CVE-2025-8176 libtiff: LibTIFF Use-After-Free Vulnerability CVE-2025-8177 libtiff: LibTIFF Buffer Overflow (From OE-Core rev: 16d8a873c57b174e4d6581b58d890f2157aa2f2c) Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: set status for CVEs firx in 4.7.0Peter Marko2024-12-091-0/+3
| | | | | | | | | | | | | | NDV DB tracks these CVEs as version-less. So these re-appered in CVE reports after patch files were removed during last upgrade although the CVEs are fixed. This seems to be a current trend with RedHat CVEs since due due to current NVD CVE annotation situation, version-less CVEs are no longer getting fixed-in added version when available. (From OE-Core rev: 56cbd53cffc39ff5067f6ed1412af36005a82fcc) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: remove status for CVE-2023-3164Peter Marko2024-12-091-1/+0
| | | | | | | | | | We have reached higher version than what NVD marks for fix. So this explicit status setting is no longer needed. (From OE-Core rev: 53584c5f37f551d8fcee83496627ea0b0e7c883d) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: update 4.6.0 -> 4.7.0Alexander Kanavin2024-12-059-648/+3
| | | | | | | | | | Drop all CVE backports. (From OE-Core rev: 1c227185c7a89df04f81c08881fd5e28aa185a21) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Fix LICENSENiko Mauno2024-09-051-1/+1
| | | | | | | | | | | | | | | The contents of the LICENSE.md file included in the current source code package match those of libtiff license, which seems to have been the case since 1999 commit https://gitlab.com/libtiff/libtiff/-/commit/0ef31e1f62aa7a8b1c488a59c4930775ee0046e4 where it was added with filename COPYRIGHT and was then changed to LICENSE.md in 2022 commit https://gitlab.com/libtiff/libtiff/-/commit/fa1d6d787fc67a1eeb3abccb790b5bee969d424b (From OE-Core rev: 71d8e8b03349ab18dca558055c2b3a3687785ddf) Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Tiff: Security fix for CVE-2024-7006Siddharth Doshi2024-08-152-0/+66
| | | | | | | | | | | | | Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/818fb8ce881cf839fbc710f6690aadb992aa0f9e] CVE's Fixed: CVE-2024-7006 libtiff: NULL pointer dereference in tif_dirinfo.c (From OE-Core rev: 5313b4b233a486e8a1483757ad9c9aed3a213aae) Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Update CVE_STATUS for incorrect cpesSimone Weiß2024-02-241-0/+1
| | | | | | | | | | Set CVE_STATUS as none of the issues apply against the versions used in the recipes. (From OE-Core rev: cea8c8bf73e84133f566d1c2ca0637494f2d7afe) Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix CVE-2023-52355 and CVE-2023-52356Yogita Urade2024-02-084-0/+318
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2023-52355: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. Issue fixed by providing a documentation update. CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. References: https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://security-tracker.debian.org/tracker/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://gitlab.com/libtiff/libtiff/-/merge_requests/553 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 (From OE-Core rev: 831d7a2fffb3dec94571289292f0940bc7ecd70a) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix CVE-2023-6228Yogita Urade2024-01-212-0/+32
| | | | | | | | | | | | | | | | | | CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. References: https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://gitlab.com/libtiff/libtiff/-/issues/606 (From OE-Core rev: 55735e0d75820d59e569a630679f9ac403c7fdbe) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Backport fixes for CVE-2023-6277Khem Raj2023-12-064-0/+228
| | | | | | | | (From OE-Core rev: d115e17ad7775cf5bbfd402e98e61f362ac96efa) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: upgrade 4.5.1 -> 4.6.0Alexander Kanavin2023-09-263-101/+1
| | | | | | | | (From OE-Core rev: 9e80f93ada4eae638350d86b8aa514203f757d43) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix CVE-2023-41175Yogita Urade2023-09-202-0/+64
| | | | | | | | | | | | | | libtiff: potential integer overflow in raw2tiff.c References: https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://security-tracker.debian.org/tracker/CVE-2023-41175 https://gitlab.com/libtiff/libtiff/-/issues/592 (From OE-Core rev: 4ee806cbc12fbc830b09ba6222e96b1e5f24539f) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix CVE-2023-40745Yogita Urade2023-09-202-1/+38
| | | | | | | | | | | | | | libtiff: integer overflow in tiffcp.c References: https://security-tracker.debian.org/tracker/CVE-2023-40745 https://gitlab.com/libtiff/libtiff/-/issues/591 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 (From OE-Core rev: c3d4fbeb51278a04a6800c894c681733ad2259ca) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve_check: convert CVE_CHECK_IGNORE to CVE_STATUSAndrej Valek2023-07-211-3/+1
| | | | | | | | | | | | | - Try to add convert and apply statuses for old CVEs - Drop some obsolete ignores, while they are not relevant for current version (From OE-Core rev: 1634ed4048cf56788cd5c2c1bdc979b70afcdcd7) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Reviewed-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: upgrade to 4.5.1Ross Burton2023-07-104-178/+2
| | | | | | | | | | Also remove old CVE_CHECK_IGNOREs which are no longer needed due to CPE updates. (From OE-Core rev: 2200fde7011c4206382150c2602b2eb17423d45e) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: backport a fix for CVE-2023-26965Natasha Bailey2023-06-272-0/+100
| | | | | | | | | | Fixes a bug where a buffer was used after a potential reallocation. (From OE-Core rev: 48b8945fa570edcdf1e19ed4a4ca81c4416f1a6a) Signed-off-by: Natasha Bailey <nat.bailey@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: backport a fix for CVE-2023-2731Natasha Bailey2023-06-012-1/+42
| | | | | | | | | | | This patch fixes an issue in libtiff's LZWDecode function which could cause a null pointer dereference. (From OE-Core rev: 7da5abf23232f61bf8009b4b8e97632768867e07) Signed-off-by: Natasha Bailey <nat.bailey@windriver.com> Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Remove unused patch from tiffnikhil2023-05-111-267/+0
| | | | | | | | | | | Remove 0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch file from tiff as it was removed while upgrading tiff from 4.4.0 -> 4.5.0 (From OE-Core rev: c53abdb5ce9cdbfb0f9e48b64b800c45549d18a6) Signed-off-by: Nikhil R <nikhilar2410@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Add fix for CVE-2022-4645Pawan Badganchi2023-04-131-0/+267
| | | | | | | | | | | | | | Below patch fixes the CVE-2022-4645 as well. 0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch Link: https://nvd.nist.gov/vuln/detail/CVE-2022-4645 (From OE-Core rev: 312393edf0aa5b2c515c08245d1c289ba79bad55) Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: backport fix for CVE-2022-48281Ross Burton2023-02-242-1/+31
| | | | | | | | (From OE-Core rev: bf0cf66c10c95ddada595dd5a84b45235c09ebab) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: add PACKAGECONFIG for libdeflate and zstdMarkus Volk2023-01-311-0/+2
| | | | | | | | | | | | | | | | | The main reason for this is an issue with latest libtiff update that causes gtk4-native configure to fail in finding libtiff (while it just builds fine for target). By comparing libtiff-4.pc for native and target it turned out, that it links for native with zstd and libdeflate. Probably because those libs were found on my host system. Adding PACKAGECONFIGS for the libs prevents us from taking them from the host. (From OE-Core rev: ca2e2035b9d81a230a1a63f51b1300418e9b9ca6) Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Add packageconfig knob for webpKhem Raj2023-01-091-0/+1
| | | | | | | | | | tiff-native otherwise falsely detects webp if its installed on build host. This ensures deterministic behavior regardless of host. (From OE-Core rev: 718c44f282310b2ca85877fed706460ccc1eebea) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: update 4.4.0 -> 4.5.0Alexander Kanavin2023-01-069-1368/+4
| | | | | | | | | | | | Drop all CVE backports. License-Update: formatting (From OE-Core rev: 9a255a3b114686b04bf54560c7485552ec3b438c) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2022-3970Qiu, Zheng2022-11-272-0/+40
| | | | | | | | | | | | | | | | | This patch contains a fix for CVE-2022-3970 Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security-tracker.debian.org/tracker/CVE-2022-3970 Patch generated from : https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be (From OE-Core rev: 668ff495ac44e5b6d9e1af15d3861b5c2b4dfcd1) Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix a typo for CVE-2022-2953.patchQiu, Zheng2022-10-281-1/+1
| | | | | | | | | | The CVE number in the patch is a typo. CVE-2022-2053 is not related to libtiff. So fix it. (From OE-Core rev: c9f76ef859b0b4edb83ac098816b625f52c78173) Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix a number of CVEsRoss Burton2022-10-285-1/+1018
| | | | | | | | | | | | | | | | Backport fixes from upstream for the following CVEs: - CVE-2022-3599 - CVE-2022-3597 - CVE-2022-3626 - CVE-2022-3627 - CVE-2022-3570 - CVE-2022-3598 (From OE-Core rev: 722bbb88777cc3c7d1c8273f1279fc18ba33e87c) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: backport fix for CVE-2022-2953Ross Burton2022-09-082-0/+87
| | | | | | | | (From OE-Core rev: aa018b5bec49c06e64a493a413f42558a17947cf) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Backport a patch for CVE-2022-34526Khem Raj2022-08-162-1/+35
| | | | | | | (From OE-Core rev: ade918f1e904ecab2c74358ca874c6b9594de2f0) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058Ross Burton2022-07-122-1/+186
| | | | | | | (From OE-Core rev: a84538dbe760fed94cfe22a39b0a6f95c61c307d) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: update 4.3.0 -> 4.4.0Alexander Kanavin2022-06-0710-594/+3
| | | | | | | | | | Drop all CVE backports. (From OE-Core rev: ec3897659a046e7e3f652cabd04e98bb56f1b261) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Add jbig PACKAGECONFIG and clarify CVE-2022-1210Richard Purdie2022-05-281-0/+4
| | | | | | | | | | | | We never depended upon libjbig so this was never present. Add the PACKAGECONFIG to make this explict. CVE-2022-1210 is an issue in libjbig so we don't have a problem there, mark as such. (From OE-Core rev: 34e6a19f2430ee2fd0fec4bec1891e898a0d9766) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalidRoss Burton2022-05-281-0/+3
| | | | | | | | | | These issues only affect libtiff post-4.3.0 but before 4.4.0, caused by 3079627e and fixed by b4e79bfa. (From OE-Core rev: 49e93892a37d1a2af2b0a155117441e978385e4c) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Add marker for CVE-2022-1056 being fixedRichard Purdie2022-04-131-0/+1
| | | | | | | | | As far as I can tell, the patches being applied also fix CVE-2022-1056 so mark as such. (From OE-Core rev: 256d212fd1eb9b6d4b87c2c84b1ea2a3afdeb843) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: backport CVE fixes:Ross Burton2022-03-237-1/+483
| | | | | | | | | | | | | | | | Backport fixes for the following CVEs: - CVE-2022-0865 - CVE-2022-0891 - CVE-2022-0907 - CVE-2022-0908 - CVE-2022-0909 - CVE-2022-0924 (From OE-Core rev: 2fe35de73cfa8de444d7ffb24246e8f87c36ee8d) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta/scripts: Automated conversion of OE renamed variablesRichard Purdie2022-02-211-1/+1
| | | | | | (From OE-Core rev: aa52af4518604b5bf13f3c5e885113bf868d6c81) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Add backports for two CVEs from upstreamRichard Purdie2022-02-214-1/+65
| | | | | | (From OE-Core rev: 6ae14b4ff7a655b48c6d99ac565d12bf8825414f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: backport fix for CVE-2022-22844Ross Burton2022-01-262-1/+45
| | | | | | | (From OE-Core rev: daf2880b7431aa641e02ebba8cbca40d81389088) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Convert to new override syntaxRichard Purdie2021-08-021-3/+3
| | | | | | | | | | | | This is the result of automated script conversion: scripts/contrib/convert-overrides.py <oe-core directory> converting the metadata to use ":" as the override character instead of "_". (From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Exclude CVE-2015-7313 from cve-checkRichard Purdie2021-05-121-0/+4
| | | | | | | | | Some fix upstream addresses the issue, it isn't clear which change this was. Our current version doesn't have issues with the test image though so we can exclude. (From OE-Core rev: 3874da694ae1d9de06dd003bd80705205e2b033b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: upgrade 4.2.0 -> 4.3.0wangmy2021-04-231-1/+1
| | | | | | | (From OE-Core rev: 702c5c7973c77c51d5ce8de11e73c708c55927a3) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes-multimedia: Add missing HOMEPAGE and DESCRIPTION for recipes.Meh Mbeh Ida Delphine2021-03-021-0/+4
| | | | | | | | | Fixes: [YOCTO #13471] (From OE-Core rev: 312994268bb68a012a61c99e1c3697e8de60a2ce) Signed-off-by: Ida Delphine <idadelm@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: upgrade 4.1.0 -> 4.2.0Wang Mingyu2021-01-101-2/+1
| | | | | | | (From OE-Core rev: 9c2c01607929f9aed8d606ef4e049a435d8fe6f2) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Extend for nativesdkChristian Eggers2020-06-041-1/+1
| | | | | | | | | | | Doxygen in meta-oe has recently been extended for nativesdk. Doxygen is often used together with mscgen which in turn depends indirectly on tiff (via gd library). (From OE-Core rev: 929cf038ec0f49e86d9ab0ec7e012320598ceb81) Signed-off-by: Christian Eggers <ceggers@arri.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: update to 4.1.0Alexander Kanavin2019-11-215-654/+3
| | | | | | | | | Drop backported patches. (From OE-Core rev: e5ecf2604e5b8c957eb3bae21fb3c9b2b1b7e12f) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: fix CVE-2019-17546Joe Slater2019-10-312-0/+104
| | | | | | | | | | Apply unmodified patch from upstream. (From OE-Core rev: 844e7aa217f5ecf46766a07d46f9d7f083668e8e) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-05-30 11:22:09 +0000