From: Randy MacLeod <randy.macleod@windriver.com>
To: Saul Wold <sgw@linux.intel.com>
Cc: Patches and discussions about the oe-core layer
<openembedded-core@lists.openembedded.org>
Subject: I'll upgrade libtiff to 4.0.4
Date: Thu, 25 Jun 2015 16:27:24 -0400 [thread overview]
Message-ID: <558C642C.9050101@windriver.com> (raw)
Saul,
I'd like to work on upreving libtiff to 4.0.4:
http://www.remotesensing.org/libtiff/v4.0.4.html
From the ChangeLog:
2015-06-21
* libtiff 4.0.4 released.
You seem to be the owner:
http://recipes.yoctoproject.org/rrs/recipedetail/743/
The upgrade will let us drop a bunch of CVE patches
as shown below.
Okay with you?
Is there a recipe lock mechanism to ensure that only
one person works on a recipe at a time? :)
../Randy
$ ls meta/recipes-multimedia/libtiff/files/ | \
grep CVE| sed -e 's/.*tiff-//g' | sed -e 's/.patch//g' >
/tmp/tiff
$ cd .../tiff/tiff-4.0.4
$ for i in `cat ~/tmp/tiff`; do \
echo $i": "; grep $i ChangeLog; \
done
CVE-2013-1960:
stomp all over memory when given bogus input. Fixes CVE-2013-1960.
CVE-2013-1961:
particular to CVE-2013-1961 concerning overflow in tiff2pdf.c's
CVE-2013-4231:
hostile input files (#2450, CVE-2013-4231)
CVE-2013-4232:
ycbcr buffer (bug #2449, CVE-2013-4232)
CVE-2013-4243:
* tools/gif2tif.c: apply patch for CVE-2013-4243 (#2451)
CVE-2013-4244:
* tools/gif2tiff.c: fix possible OOB write (#2452, CVE-2013-4244)
CVE-2012-4564:
* tools/ppm2tiff.c: Improve previous patch for CVE-2012-4564:
CVE-2012-4564 - Thanks to Huzaifa Sidhpurwala of the
--
# Randy MacLeod. SMTS, Linux, Wind River
Direct: 613.963.1350 | 350 Terry Fox Drive, Suite 200, Ottawa, ON,
Canada, K2K 2W5
next reply other threads:[~2015-06-25 20:27 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-25 20:27 Randy MacLeod [this message]
2015-06-25 20:34 ` I'll upgrade libtiff to 4.0.4 Saul Wold
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=558C642C.9050101@windriver.com \
--to=randy.macleod@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=sgw@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox