summaryrefslogtreecommitdiff
path: root/meta/recipes-multimedia/libtiff
AgeCommit message (Collapse)AuthorFiles
2016-04-29tiff: Security fixes CVE-2015-8665 and CVE-2015-8683Armin Kuster2
same fix for both CVE's tiff <= 4.0.6 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-12-27tiff: update to 4.0.6Alexander Kanavin1
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
2015-12-08package_regex.inc: split entries which blacklist specific versions to their ↵Alexander Kanavin1
recipes Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-06-27tiff: Update to 4.0.4Randy MacLeod8
Update tiff to latest version. None of the local CVE patches are needed based on reviewing the ChangeLog so remove them. Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-13tiff: remove extra dev and dbg from PACKAGESRobert Yang1
There should be only one dev and dbg package Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-08-27libtiff: fix CVE-2013-1961Muzaffar Mahmood2
Integrate community fix for the issue CVE-2013-1961 and migrated to version 4.0.3. Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. Signed-off-by: Priyanka Shobhan <priyanka_shobhan@mentor.com> Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Muzaffar Mahmood <muzaffar_mahmood@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-06-17libtiff: Security Advisory - CVE-2012-4564Yue Tao2
v2 changes: * update format for commit log * add Upstream-Status for patch ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4564 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-21tiff: fix for Security Advisory CVE-2013-4231Yue Tao2
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-03-28libtiff: fix CVE-2013-4244Baogen Shang2
cve description: The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4244 Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-01-28tiff: flesh out PACKAGECONFIGChristopher Larson1
Adds packageconfigs for all appropriate configure arguments (other than jpeg 8/12 bit mode support, where I wasn't clear on the deps, and which I doubt we care about). jpeg, zlib, and xz dependencies can now be controlled. Signed-off-by: Christopher Larson <kergoth@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-01-02Replace one-line DESCRIPTION with SUMMARYPaul Eggleton1
A lot of our recipes had short one-line DESCRIPTION values and no SUMMARY value set. In this case it's much better to just set SUMMARY since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY is at least useful. I also took the opportunity to fix up a lot of the new SUMMARY values, making them concisely explain the function of the recipe / package where possible. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2013-12-10libtiff: CVE-2013-4243Baogen Shang2
cve description: Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4243 Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-12-10libtiff: CVE-2013-4232Baogen Shang2
cve description: Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted TIFF image. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4232 Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-12-10libtiff: fix CVE-2013-1960Ming Liu2
Heap-based buffer overflow in the tp_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1960 Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-10-30recipes: Remove PR = r0 from all recipesRichard Purdie1
Remove all PR = "r0" from all .bb files in oe-core. This was done with the command sed -e '/^PR.*=.*r0\"/d' recipes*/*/*.bb -i We've switching to the PR server, PR bumps are no longer needed and this saves people either accidentally bumping them or forgetting to remove the lines (r0 is the default anyway). Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-11-21tiff: Update to 4.0.3Saul Wold1
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-06-25libtiff: Upgrade to 4.0.2Saul Wold1
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-04-24tiff: import native support from meta-oeMartin Jansa1
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-03-28tiff: Make builds deterministicRichard Purdie1
libtiff now depends on lzma which can be obtained from xz and doesn't use lzo. Previously, libtiff would detect and use lzma if it was present leading to a number of race conditions including failures in things linking to libtiff such as ghostscript since lzma could be removed while being rebuild leading to failures in linking. This patch corrects the dependency. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-02-28tiff: Update to version 3.9.5Saul Wold1
Ensure that OpenGL and friends are disable with the setting of ax_cv_check_gl_libgl = no. Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-02-21recipes: bump PR to rebuild .la files without libz.laMartin Jansa1
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-02-10zlib: Upgrade 1.2.5 -> 1.2.6Khem Raj1
Dont use autotools, it really not so autoconf like. the configure script gets updated with every release of zlib and we overwrite that. Instead use the upstream provided configure copyright year was changed in zlib.h which caused change in LIC_FILE_CHECKSUM fix.inverted.LFS.logic.patch is already applied upstream so drop it Drop the configure.ac and Makefile.am scripts since we do not autoreconf anymore and do not inherit autotools anymore Bump PR for depending recipes so a rebuild it ensues so that they dont depend on .la anymore and add missing dependencies discovered during incremental build Signed-off-by: Khem Raj <raj.khem@gmail.com>
2012-01-24tiff: refactor packages for staticdevSaul Wold1
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2011-12-08OECore license fixes: meta/*Elizabeth Flanagan1
This is a quick audit of only the most obviously wrong licenses found within OECore. These fixes fall into four areas: - LICENSE field had incorrect format so that the parser choked - LICENSE field has a license with no version - LICENSE field was actually incorrect - LICENSE field has an imaginary license that didn't exist This fixes most of the LICENSE warnings thrown, along with my prior commit adding additional licenses to common-licenses and additional SPDXLICENSEMAP entries. HOWEVER..... there is much to be done on the license front. For a list of recipes with licenses that need obvious fixing see: https://wiki.yoctoproject.org/wiki/License_Audit That said, I would suggest another license audit as I've found enough inconsistencies. A good suggestion is when in doubt, look at how openSuse or Gentoo or Debian license the package. Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
2011-10-14libtiff: Update to 3.9.5Saul Wold2
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2011-08-23recipes: Delete patch=1, its default and replace pnum with striplevelKhem Raj1
Some place pnum=1 is used which is removed as well since striplevel=1 is default Signed-off-by: Khem Raj <raj.khem@gmail.com>
2011-07-26Upstream-Status: Add Upstream-Status for some missing patchesDongxiao Xu1
Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2010-12-09SRC_URI Checksums AdditionalsSaul Wold1
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2010-12-01tiff: update license infoQing He1
Signed-off-by: Qing He <qing.he@intel.com>
2010-08-27Major layout change to the packages directoryRichard Purdie2
Having one monolithic packages directory makes it hard to find things and is generally overwhelming. This commit splits it into several logical sections roughly based on function, recipes.txt gives more information about the classifications used. The opportunity is also used to switch from "packages" to "recipes" as used in OpenEmbedded as the term "packages" can be confusing to people and has many different meanings. Not all recipes have been classified yet, this is just a first pass at separating things out. Some packages are moved to meta-extras as they're no longer actively used or maintained. Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>