openembedded-core.git/meta/recipes-multimedia, branch dylan Mirror of openembedded-core libtiff: CVE-2013-4243 2013-12-12T17:24:47+00:00 Baogen Shang baogen.shang@windriver.com 2013-10-21T03:03:41+00:00 95f9889ac7e2731e3fb67f4b9db4bb634dd2a894 cve description: Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4243 (From OE-Core dora rev: a2a200a3951cecd7dd43dee360e0260051c97416) Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
cve description:
Heap-based buffer overflow in the readgifimage function in the gif2tiff
tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a crafted height
and width values in a GIF image.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4243

(From OE-Core dora rev: a2a200a3951cecd7dd43dee360e0260051c97416)

Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libtiff: CVE-2013-4232 2013-12-12T17:24:47+00:00 Baogen Shang baogen.shang@windriver.com 2013-10-21T03:00:05+00:00 96ae9c1b9a0baab55d00aaaafb1df8ca8c928314 cve description: Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted TIFF image. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4232 (From OE-Core dora rev: 60482e45677c467f55950ce0f825d6cb9c121c9c) Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
cve description:
Use-after-free vulnerability in the t2p_readwrite_pdf_image function
in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause
a denial of service (crash) or possible execute arbitrary code via a
crafted TIFF image.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4232

(From OE-Core dora rev: 60482e45677c467f55950ce0f825d6cb9c121c9c)

Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libtiff: fix CVE-2013-1960 2013-12-12T17:24:47+00:00 Ming Liu ming.liu@windriver.com 2013-11-21T07:05:04+00:00 70f37e59b9d2c5e5ebb67283363acb02c76504a8 Heap-based buffer overflow in the tp_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1960 (From OE-Core dora rev: 66387677cbd85ba4a76a254942377621acd68249) Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Heap-based buffer overflow in the tp_process_jpeg_strip function in tiff2pdf
in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a crafted TIFF image
file.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1960

(From OE-Core dora rev: 66387677cbd85ba4a76a254942377621acd68249)

Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gst-ffmpeg: fix CVE-2013-3674 2013-12-12T17:24:47+00:00 Ming Liu ming.liu@windriver.com 2013-11-21T07:05:05+00:00 23f323b80cbef122a4ed0897dfff54bb1b0b8ec0 The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3674 (From OE-Core master rev: f1721553a873b242bc26ad3e4d618aea39dfd507) Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before
1.2.1 does not validate the presence of non-header data in a buffer, which
allows remote attackers to cause a denial of service (out-of-bounds array
access and application crash) via crafted CD Graphics Video data.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3674

(From OE-Core master rev: f1721553a873b242bc26ad3e4d618aea39dfd507)

Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gst-plugins-good: add PACKAGECONFIG for jpeg, wavpack, gdkpixbuf, v4l, bzip2, orc 2013-08-16T09:39:49+00:00 Martin Jansa Martin.Jansa@gmail.com 2013-07-21T14:55:26+00:00 d53a78dda428e872d97da88b79454d86f172fd3d (From OE-Core master rev: eb3a2553ed3b627cb25001b552624690b4959069) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
(From OE-Core master rev: eb3a2553ed3b627cb25001b552624690b4959069)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gst-plugins-bad: add few more PACKAGECONFIGs 2013-08-16T09:39:45+00:00 Martin Jansa Martin.Jansa@gmail.com 2013-07-13T15:32:02+00:00 f9441ae21de7955f222309d1cee2afbb6a2f8bbd (From OE-Core master rev: cdf6172830bf052ca3a53d439f05ee40574e3968) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
(From OE-Core master rev: cdf6172830bf052ca3a53d439f05ee40574e3968)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gst-plugins-bad: element selection rationalisation 2013-08-16T09:39:45+00:00 Ross Burton ross.burton@intel.com 2013-06-24T10:26:28+00:00 4b2a41e8c28e4f05f1623d1d36eb4de26e1c7fa4 Using --with-plugins means you only get the elements you enable, so we were dropping vast numbers of useful plugins such as the MPEG muxers. Instead, follow gst-plugins-base by using PACKAGECONFIG to enable/disable plugins with optional dependencies. (From OE-Core master rev: 7722fd48995d5d430d58b94ecf69a6ad9f1c741b) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Using --with-plugins means you only get the elements you enable, so we were
dropping vast numbers of useful plugins such as the MPEG muxers.

Instead, follow gst-plugins-base by using PACKAGECONFIG to enable/disable
plugins with optional dependencies.

(From OE-Core master rev: 7722fd48995d5d430d58b94ecf69a6ad9f1c741b)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gst-plugins-base: add missing dependency on glib-2.0-native 2013-08-16T09:39:43+00:00 Martin Jansa Martin.Jansa@gmail.com 2013-07-04T08:03:54+00:00 51f38d088107c28bca6604deb688b31b0799d09b * glib-genmarshal is needed during do_compile: | /bin/bash: line 1: glib-genmarshal: command not found (From OE-Core master rev: 50fdebe819e4d51bc8ba011a0d4a090a8ded64b8) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
* glib-genmarshal is needed during do_compile:
  | /bin/bash: line 1: glib-genmarshal: command not found

(From OE-Core master rev: 50fdebe819e4d51bc8ba011a0d4a090a8ded64b8)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gst-plugins-bad: inherit gsettings 2013-08-16T09:39:42+00:00 Martin Jansa Martin.Jansa@gmail.com 2013-07-04T08:01:24+00:00 9ad60f1b5ecbe716f14e7d43b16c532383c8a8f8 * do_configure fails without native glib-compile-schemas: | checking for glib-compile-schemas... no | configure: error: glib-compile-schemas not found. (From OE-Core master rev: c8ba0ab9ba2a13eab3fdc6aed148c5ee3b53e253) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
* do_configure fails without native glib-compile-schemas:
  | checking for glib-compile-schemas... no
  | configure: error: glib-compile-schemas not found.

(From OE-Core master rev: c8ba0ab9ba2a13eab3fdc6aed148c5ee3b53e253)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gst-plugins-gl: add explicit dependency on libpng 2013-08-16T09:39:42+00:00 Eric Nelson eric.nelson@boundarydevices.com 2013-07-30T21:01:07+00:00 ae8f56fbc6f40a42c357f95611b4dad04025e786 (From OE-Core master rev: 2cd01fdc26ee4f444635ad8e9d3956b9e764dc82) Signed-off-by: Eric Nelson <eric.nelson@boundarydevices.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
(From OE-Core master rev: 2cd01fdc26ee4f444635ad8e9d3956b9e764dc82)

Signed-off-by: Eric Nelson <eric.nelson@boundarydevices.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>