| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
| |
fixes #8710
|
| |
|
|
| |
Fixes #8464
|
| |
|
|
| |
fixes #8148
|
| | |
|
| |
|
|
| |
may not have tabs
|
| |
|
|
|
|
|
| |
CVE-2017-7592, CVE-2017-7593, CVE-2017-7594, CVE-2017-7595, CVE-2017-7596,
CVE-2017-7598, CVE-2017-7601, CVE-2017-7602
CVE-2017-7597, CVE-2017-7599, CVE-2017-7600 are already included in upstream release
|
| |
|
|
| |
CVE-2017-5225: Heap-buffer overflow in tools/tiffcp via crafted BitsPerSample value
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
CVE-2016-9273: heap-buffer-overflow in cpStrips
CVE-2016-9297: segfault in _TIFFPrintField
CVE-2016-9448: Invalid read of size 1 in TIFFFetchNormalTag
CVE-2016-9453: out-of-bounds Write Caused by memcpy and no bound check in tiff2pdf
CVE-2016-3186: Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
CVE-2016-3621: Out-of-bounds Read in the bmp2tiff tool
CVE-2016-3622: Divide By Zero in the tiff2rgba tool
CVE-2016-3623, CVE-2016-3624: Divide By Zero in the rgb2ycbcr tool
CVE-2016-3625: Out-of-bounds Read in the tiff2bw tool
CVE-2016-3658, CVE-2014-8127: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c
CVE-2016-5314, CVE-2016-5315, CVE-2016-5316, CVE-2016-5317: PixarLogDecode() out-of-bound writes
CVE-2016-5320, CVE-2016-5875: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c
bugzilla suppose that CVE-2016-5320 is a duplicate of CVE-2016-5314 (https://bugs.alpinelinux.org/issues/6661) which was fixed in tiff 4.0.7 (http://bugzilla.maptools.org/show_bug.cgi?id=2554#c1)
CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode() function
CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function
CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow
TODO:
CVE-2016-5318: Memory corruption in _TIFFVGetField (thumbnail)
remains unfixed still (http://bugzilla.maptools.org/show_bug.cgi?id=2561)
because of that #6661 could not be marked as fixed
Comments:
4.0.7 contains lots of fixes:
http://libtiff.maptools.org/v4.0.7.html
https://fossies.org/diffs/tiff/4.0.6_vs_4.0.7/ChangeLog-diff.html
There is only one major change mentioned: The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution. These tools were written in the late 1980s and early 1990s for test and demonstration purposes. In some cases the tools were never updated to support updates to the file format, or the file formats are now rarely used. In all cases these tools increased the libtiff security and maintenance exposure beyond the value offered by the tool.
http://libtiff.maptools.org/v4.0.7.html
Patches: CVE-2015-7554.patch, CVE-2015-8665.patch, CVE-2015-8668.patch, CVE-2015-8781-8782-8783.patch, CVE-2015-8784.patch, CVE-2016-3632.patch, CVE-2016-3945.patch, CVE-2016-3990.patch, CVE-2016-3991.patch
are not needed anymore, because these issues were fixed in 4.0.7
|
| |
|
|
|
| |
CVE-2015-7554, CVE-2015-8668, CVE-2016-3945,
CVE-2016-3632, CVE-2016-3990, CVE-2016-3991
|
| |
|
|
|
|
|
|
|
|
| |
CVE-2015-8665
CVE-2015-8683
CVE-2015-8781
CVE-2015-8782
CVE-2015-8784
(cherry picked from commit 7f2845dc97725af0dc4230433d9cb42a76c552db)
|
| | |
|
| | |
|
| |
|
|
|
| |
Since abuild v2.22.0, these are removed automatically unless 'libtool'
option has been specified.
|
| |
|
|
| |
ref #3081
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
(CVE-2012-4447,CVE-2012-4564,CVE-2013-1960,CVE-2013-1961)
ref #2203
fixes #2204
|
| | |
|
| |
|
|
| |
fixes #1501
|
| | |
|
| | |
|
| |
|
|
| |
fixes #1325
|
| |
|
|
| |
fixes #1325
|
| |
|
|
| |
fixes #1245
|
| | |
|
| | |
|
| |
|
|
| |
and clean up the APKBUILD
|
| |
|
|
| |
this is needed for apk-tools-2.1 migration
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|
|
and fixed misc build issues
|
