* I'll upgrade libtiff to 4.0.4
@ 2015-06-25 20:27 Randy MacLeod
2015-06-25 20:34 ` Saul Wold
0 siblings, 1 reply; 2+ messages in thread
From: Randy MacLeod @ 2015-06-25 20:27 UTC (permalink / raw)
To: Saul Wold; +Cc: Patches and discussions about the oe-core layer
Saul,
I'd like to work on upreving libtiff to 4.0.4:
http://www.remotesensing.org/libtiff/v4.0.4.html
From the ChangeLog:
2015-06-21
* libtiff 4.0.4 released.
You seem to be the owner:
http://recipes.yoctoproject.org/rrs/recipedetail/743/
The upgrade will let us drop a bunch of CVE patches
as shown below.
Okay with you?
Is there a recipe lock mechanism to ensure that only
one person works on a recipe at a time? :)
../Randy
$ ls meta/recipes-multimedia/libtiff/files/ | \
grep CVE| sed -e 's/.*tiff-//g' | sed -e 's/.patch//g' >
/tmp/tiff
$ cd .../tiff/tiff-4.0.4
$ for i in `cat ~/tmp/tiff`; do \
echo $i": "; grep $i ChangeLog; \
done
CVE-2013-1960:
stomp all over memory when given bogus input. Fixes CVE-2013-1960.
CVE-2013-1961:
particular to CVE-2013-1961 concerning overflow in tiff2pdf.c's
CVE-2013-4231:
hostile input files (#2450, CVE-2013-4231)
CVE-2013-4232:
ycbcr buffer (bug #2449, CVE-2013-4232)
CVE-2013-4243:
* tools/gif2tif.c: apply patch for CVE-2013-4243 (#2451)
CVE-2013-4244:
* tools/gif2tiff.c: fix possible OOB write (#2452, CVE-2013-4244)
CVE-2012-4564:
* tools/ppm2tiff.c: Improve previous patch for CVE-2012-4564:
CVE-2012-4564 - Thanks to Huzaifa Sidhpurwala of the
--
# Randy MacLeod. SMTS, Linux, Wind River
Direct: 613.963.1350 | 350 Terry Fox Drive, Suite 200, Ottawa, ON,
Canada, K2K 2W5
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: I'll upgrade libtiff to 4.0.4
2015-06-25 20:27 I'll upgrade libtiff to 4.0.4 Randy MacLeod
@ 2015-06-25 20:34 ` Saul Wold
0 siblings, 0 replies; 2+ messages in thread
From: Saul Wold @ 2015-06-25 20:34 UTC (permalink / raw)
To: Randy MacLeod; +Cc: Patches and discussions about the oe-core layer
On 06/25/2015 01:27 PM, Randy MacLeod wrote:
> Saul,
>
> I'd like to work on upreving libtiff to 4.0.4:
> http://www.remotesensing.org/libtiff/v4.0.4.html
> From the ChangeLog:
> 2015-06-21
> * libtiff 4.0.4 released.
>
> You seem to be the owner:
> http://recipes.yoctoproject.org/rrs/recipedetail/743/
>
> The upgrade will let us drop a bunch of CVE patches
> as shown below.
>
> Okay with you?
>
Go for it!
> Is there a recipe lock mechanism to ensure that only
> one person works on a recipe at a time? :)
>
Verbal, or sometimes not we have had 2 people send updates very close to
each other!
Sau!
> ../Randy
>
>
> $ ls meta/recipes-multimedia/libtiff/files/ | \
> grep CVE| sed -e 's/.*tiff-//g' | sed -e 's/.patch//g' >
> /tmp/tiff
>
> $ cd .../tiff/tiff-4.0.4
> $ for i in `cat ~/tmp/tiff`; do \
> echo $i": "; grep $i ChangeLog; \
> done
> CVE-2013-1960:
> stomp all over memory when given bogus input. Fixes CVE-2013-1960.
> CVE-2013-1961:
> particular to CVE-2013-1961 concerning overflow in tiff2pdf.c's
> CVE-2013-4231:
> hostile input files (#2450, CVE-2013-4231)
> CVE-2013-4232:
> ycbcr buffer (bug #2449, CVE-2013-4232)
> CVE-2013-4243:
> * tools/gif2tif.c: apply patch for CVE-2013-4243 (#2451)
> CVE-2013-4244:
> * tools/gif2tiff.c: fix possible OOB write (#2452, CVE-2013-4244)
> CVE-2012-4564:
> * tools/ppm2tiff.c: Improve previous patch for CVE-2012-4564:
> CVE-2012-4564 - Thanks to Huzaifa Sidhpurwala of the
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-06-25 20:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-06-25 20:27 I'll upgrade libtiff to 4.0.4 Randy MacLeod
2015-06-25 20:34 ` Saul Wold
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox