mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 01:19:52 +00:00
Code Issues Projects Releases Wiki Activity
40,201 Commits 38 Branches 624 Tags
krogoth
Commit Graph

28 Commits

Author SHA1 Message Date
Mingli Yu 863bfa81af tiff: Security fix CVE-2016-9538 
* tools/tiffcrop.c: fix read of undefined buffer in
readContigStripsIntoBuffer() due to uint16 overflow.

External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9538

Patch from:
https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f

(From OE-Core rev: 9af5d5ea882c853e4cb15006f990d3814eeea9ae)

(From OE-Core rev: 33cad1173f6d1b803b794a2ec57fe8a9ef19fb44)

(From OE-Core rev: 5597998cf8b852bfe9b794d83314090a148bf78b)

Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:14:21 +01:00
Mingli Yu 014af27dcb tiff: Security fix CVE-2016-9535 
* libtiff/tif_predict.h, libtiff/tif_predict.c:
Replace assertions by runtime checks to avoid assertions in debug mode,
or buffer overflows in release mode. Can happen when dealing with
unusual tile size like YCbCr with subsampling.

External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9535

Patch from:
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33

(From OE-Core rev: 61d3feb9cad9f61f6551b43f4f19bfa33cadd275)

(From OE-Core rev: d55b4470c20f4a4b73b1e6f148a45d94649dfdb5)

(From OE-Core rev: 3f22e42b981319b1aaa15871a90753060817c911)

Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:14:21 +01:00
Zhixiong Chi ca4703b6cf tiff: Security fix CVE-2016-9539 
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in
readContigTilesIntoBuffer(). Reported as MSVR 35092.

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9539

Patch from:
https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53

(From OE-Core rev: 58bf0a237ca28459eb8c3afa030c0054f5bc1f16)

(From OE-Core rev: 0933a11707a369c8eaefebd31e8eea634084d66e)

(From OE-Core rev: d80b6e399e2c14b99c629b4548c7ec38e35fe93e)

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:14:21 +01:00
Zhixiong Chi 98e368e4b6 tiff: Security fix CVE-2016-9540 
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled
images with odd tile width versus image width. Reported as MSVR 35103,
aka "cpStripToTile heap-buffer-overflow."

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9540

Patch from:
https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3

(From OE-Core rev: cc97dc66006c7892473e3b4790d05e12445bb927)

(From OE-Core rev: ad2c4710ef15c35f6dd4e7642efbceb2cbf81736)

(From OE-Core rev: 6f58c18016258c0a49b4d0ef50d170a1bbb671f4)

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:14:21 +01:00
Yi Zhao 3c61ee2f68 tiff: Security fix CVE-2016-3632 
CVE-2016-3632 libtiff: The _TIFFVGetField function in tif_dirinfo.c in
LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of
service (out-of-bounds write) or execute arbitrary code via a crafted
TIFF image.

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3632
http://bugzilla.maptools.org/show_bug.cgi?id=2549
https://bugzilla.redhat.com/show_bug.cgi?id=1325095

The patch is from RHEL7.

(From OE-Core rev: 9206c86239717718be840a32724fd1c190929370)

(From OE-Core rev: 0c6928f4129e5b1e24fa2d42279353e9d15d39f0)

(From OE-Core rev: f10cef0119c3bcf5b23a142f131a2d452ef2b837)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:14:21 +01:00
Zhixiong Chi ec00137169 tiff: Security fix CVE-2016-3658 
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool
allows remote attackers to cause a denial of service (out-of-bounds read) via vectors
involving the ma variable.

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3658
http://bugzilla.maptools.org/show_bug.cgi?id=2546

Patch from:
https://github.com/vadz/libtiff/commit/45c68450bef8ad876f310b495165c513cad8b67d

(From OE-Core rev: c060e91d2838f976774d074ef07c9e7cf709f70a)

(From OE-Core rev: cc266584158c8dfc8583d21534665b6152a4f7ee)

(From OE-Core rev: 7ba456a35e0e75e0e8b3d8f9530aab312775672d)

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:14:21 +01:00
Yi Zhao 0ed07f2658 tiff: Security fix CVE-2016-3622 
CVE-2016-3622 libtiff: The fpAcc function in tif_predict.c in the
tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to
cause a denial of service (divide-by-zero error) via a crafted TIFF
image.

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3622
http://www.openwall.com/lists/oss-security/2016/04/07/4

Patch from:
https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286

(From OE-Core rev: 0af0466f0381a72b560f4f2852e1d19be7b6a7fb)

(From OE-Core rev: 928eadf8442cf87fb2d4159602bd732336d74bb7)

(From OE-Core rev: e2eeb68f33e671d9520afda149f5aea27ab546bd)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:14:21 +01:00
Yi Zhao c33bac8883 tiff: Security fix CVE-2016-3623 
CVE-2016-3623 libtiff: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier
allows remote attackers to cause a denial of service (divide-by-zero) by
setting the (1) v or (2) h parameter to 0.

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3623
http://bugzilla.maptools.org/show_bug.cgi?id=2569

Patch from:
https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b

(From OE-Core rev: d66824eee47b7513b919ea04bdf41dc48a9d85e9)

(From OE-Core rev: f0e77ffa6bbc3adc61a2abd5dbc9228e830c055d)

(From OE-Core rev: 4cb329454fec849ca0ea6106d78d1240c760bd11)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:14:21 +01:00
Yi Zhao c76d565ce2 tiff: Security fix CVE-2016-3991 
CVE-2016-3991 libtiff: Heap-based buffer overflow in the loadImage
function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote
attackers to cause a denial of service (out-of-bounds write) or execute
arbitrary code via a crafted TIFF image with zero tiles.

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3991
http://bugzilla.maptools.org/show_bug.cgi?id=2543

Patch from:
https://github.com/vadz/libtiff/commit/e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba

(From OE-Core rev: d31267438a654ecb396aefced201f52164171055)

(From OE-Core rev: cf58711f12425fc1c29ed1e3bf3919b3452aa2b2)

(From OE-Core rev: a0115f89df6c082949796a75551ea43b35c39ccd)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:14:21 +01:00
Yi Zhao 04f04d0d17 tiff: Security fix CVE-2016-3990 
CVE-2016-3990 libtiff: Heap-based buffer overflow in the
horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and
earlier allows remote attackers to cause a denial of service (crash) or
execute arbitrary code via a crafted TIFF image to tiffcp.

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3990
http://bugzilla.maptools.org/show_bug.cgi?id=2544

Patch from:
https://github.com/vadz/libtiff/commit/6a4dbb07ccf92836bb4adac7be4575672d0ac5f1

(From OE-Core rev: c6492563037bcdf7f9cc50c8639f7b6ace261e62)

(From OE-Core rev: d7165cd738ac181fb29d2425e360f2734b0d1107)

(From OE-Core rev: 5e87d1d9e2861521b52216625a68649a44748ce3)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:14:20 +01:00
Yi Zhao d8cbc618cc tiff: Security fix CVE-2016-3945 
CVE-2016-3945 libtiff: Multiple integer overflows in the (1)
cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in
LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote
attackers to cause a denial of service (crash) or execute arbitrary code
via a crafted TIFF image, which triggers an out-of-bounds write.

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3945
http://bugzilla.maptools.org/show_bug.cgi?id=2545

Patch from:
https://github.com/vadz/libtiff/commit/7c39352ccd9060d311d3dc9a1f1bc00133a160e6

(From OE-Core rev: 04b9405c7e980d7655c2fd601aeeae89c0d83131)

(From OE-Core rev: 3a4d2618c50aed282af335ef213c5bc0c9f0534e)

(From OE-Core rev: 0add1a3b19c4807afdfcd1c2ea6f4a382466adf7)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:14:20 +01:00
Yi Zhao b9e99832b9 tiff: Security fix CVE-2016-5323 
CVE-2016-5323 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command

External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5323
http://bugzilla.maptools.org/show_bug.cgi?id=2559

Patch from:
https://github.com/vadz/libtiff/commit/2f79856097f423eb33796a15fcf700d2ea41bf31

(From OE-Core rev: 4ad1220e0a7f9ca9096860f4f9ae7017b36e29e4)

(From OE-Core rev: e066ba81ac7aecd3d9dfa1cb5d89acb6dc073e8f)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-09-23 15:27:04 +01:00
Yi Zhao 440e3cd2c2 tiff: Security fix CVE-2016-5321 
CVE-2016-5321 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command

External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5321
http://bugzilla.maptools.org/show_bug.cgi?id=2558

Patch from:
https://github.com/vadz/libtiff/commit/d9783e4a1476b6787a51c5ae9e9b3156527589f0

(From OE-Core rev: 4a167cfb6ad79bbe2a2ff7f7b43c4a162ca42a4d)

(From OE-Core rev: ff5d0abf31394d332c5db06a2d3ef337b1f8db9d)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-09-23 15:27:04 +01:00
Yi Zhao 977dd47c69 tiff: Security fix CVE-2016-3186 
CVE-2016-3186 libtiff: buffer overflow in the readextension function in
gif2tiff.c allows remote attackers to cause a denial of service via a
crafted GIF file

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186
https://bugzilla.redhat.com/show_bug.cgi?id=1319503

Patch from:
https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff

(From OE-Core rev: 3d818fc862b1d85252443fefa2222262542a10ae)

(From OE-Core rev: bebb2683ddeda2bef25eca3077c366c93c0a81b4)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-09-23 15:27:04 +01:00
Armin Kuster 2b029e56f9 tiff: Security fix CVE-2015-8784 
CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()

External Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8784

(From OE-Core rev: 36097da9679ab2ce3c4044cd8ed64e5577e3f63e)

(From OE-Core rev: a1839427c5626367beb6bf59d900904dedb6bf03)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-09-23 15:27:04 +01:00
Armin Kuster b6f4d24fbc tiff: Security fix CVE-2015-8781 
CVE-2015-8781 libtiff: out-of-bounds writes for invalid images

External Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8781

(From OE-Core rev: 9e97ff5582fab9f157ecd970c7c3559265210131)

(From OE-Core rev: 18d8f81c16cbf165183f5deda71fef0763386a21)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-09-23 15:27:04 +01:00
Armin Kuster 3f75a6478b tiff: Security fixes CVE-2015-8665 and CVE-2015-8683 
same fix for both CVE's

tiff <= 4.0.6

(From OE-Core rev: b7a38a45bf404b8f9b419bf7c054102d68cf2673)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-04-29 07:41:43 +01:00
Randy MacLeod e3b35f56a8 tiff: Update to 4.0.4 
Update tiff to latest version. None of the local CVE patches
are needed based on reviewing the ChangeLog so remove them.

(From OE-Core rev: 5c5d7c2ab0d32faca43ba360d5d42ecd2822c730)

Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2015-06-27 22:42:56 +01:00
Muzaffar Mahmood 07ad83ed02 libtiff: fix CVE-2013-1961 
Integrate community fix for the issue CVE-2013-1961
and migrated to version 4.0.3.

Stack-based buffer overflow in the t2p_write_pdf_page function
in tiff2pdf in libtiff before 4.0.3 allows remote attackers to
cause a denial of service (application crash) via a crafted
image length and resolution in a TIFF image file.

(From OE-Core rev: f24e3456c60951d2985d7c23bdcc1f8c15d6c167)

Signed-off-by: Priyanka Shobhan <priyanka_shobhan@mentor.com>
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Muzaffar Mahmood <muzaffar_mahmood@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2014-08-27 12:12:32 +01:00
Yue Tao c44d7b5cde libtiff: Security Advisory - CVE-2012-4564 
v2 changes:
* update format for commit log
* add Upstream-Status for patch

ppm2tiff does not check the return value of the TIFFScanlineSize
function, which allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted PPM image that
triggers an integer overflow, a zero-memory allocation, and a heap-based
buffer overflow.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4564

(From OE-Core rev: 9f02922d44de483ef4d02ce95b55efe79a8b09a2)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2014-06-17 10:23:53 +01:00
Yue Tao 7719f580b6 tiff: fix for Security Advisory CVE-2013-4231 
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers
to cause a denial of service (out-of-bounds write) via a crafted (1)
extension block in a GIF image or (2) GIF raster image to
tools/gif2tiff.c or (3) a long filename for a TIFF image to
tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which
states that the input cannot exceed the allocated buffer size.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple
buffer overflows in libtiff before 4.0.3 allow remote attackers to cause
a denial of service (out-of-bounds write) via a crafted (1) extension
block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3)
a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1
and 3 are disputed by Red Hat, which states that the input cannot exceed
the allocated buffer size.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231

(From OE-Core rev: 19e6d05161ef9f4e5f7277f6eb35eb5d94ecf629)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2014-05-21 09:09:01 +01:00
Baogen Shang c4c31eb761 libtiff: fix CVE-2013-4244 
cve description:
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier
allows context-dependent attackers to cause a denial of service
(out-of-bounds write and crash) or possibly execute arbitrary code via
a crafted GIF image.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4244
(From OE-Core rev: 4eec8fae3f972a27bfb986066f5b3603599ebc25)

Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2014-03-30 10:10:32 +01:00
Baogen Shang d1cb9ec1c2 libtiff: CVE-2013-4243 
cve description:
Heap-based buffer overflow in the readgifimage function in the gif2tiff
tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a crafted height
and width values in a GIF image.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4243

(From OE-Core rev: 47388363f69bfbf5ed1816a9367627182ee10e88)

Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2013-12-10 17:42:45 +00:00
Baogen Shang 3e46414bf9 libtiff: CVE-2013-4232 
cve description:
Use-after-free vulnerability in the t2p_readwrite_pdf_image function
in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause
a denial of service (crash) or possible execute arbitrary code via a
crafted TIFF image.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4232

(From OE-Core rev: bd4a878815e7033b1114940e2a5a16568322655b)

Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2013-12-10 17:42:44 +00:00
Ming Liu 6e89d269e5 libtiff: fix CVE-2013-1960 
Heap-based buffer overflow in the tp_process_jpeg_strip function in tiff2pdf
in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a crafted TIFF image
file.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1960

(From OE-Core rev: 9db7a897d216a8293152c1a3b96c72b699d469c7)

Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2013-12-10 17:42:44 +00:00
Saul Wold 4467ef6398 libtiff: Update to 3.9.5 
(From OE-Core rev: 7a6218b05eb4ec23e6378a1738ac2f6809fe5c08)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2011-10-14 13:18:17 +01:00
Dongxiao Xu ac3c03b997 Upstream-Status: Add Upstream-Status for some missing patches 
(From OE-Core rev: 66ec3774f99229ca6c25c047372f45ccd834d77a)

Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2011-07-26 15:48:08 +01:00
Richard Purdie 29d6678fd5 Major layout change to the packages directory 
Having one monolithic packages directory makes it hard to find things
and is generally overwhelming. This commit splits it into several
logical sections roughly based on function, recipes.txt gives more
information about the classifications used.

The opportunity is also used to switch from "packages" to "recipes"
as used in OpenEmbedded as the term "packages" can be confusing to
people and has many different meanings.

Not all recipes have been classified yet, this is just a first pass
at separating things out. Some packages are moved to meta-extras as
they're no longer actively used or maintained.

Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
 2010-08-27 15:29:45 +01:00