NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34,215 Commits 5 Branches 387 Tags 143 MiB
Makefile 63.3%
Python 16.3%
C 9.1%
Shell 5.9%
PHP 2.7%
Other 2.3%
89300b0097
Go to file
Peter Korsgaard 89300b0097 tiff: add upstream security fixes 
Add upstream post-4.0.7 commits (except for ChangeLog modifications) fixing
the following security issues:

CVE-2016-10266 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_read.c:351:22.

CVE-2016-10267 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_ojpeg.c:816:8.

CVE-2016-10269 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 512" and
libtiff/tif_unix.c:340:2.

CVE-2016-10270 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 8" and
libtiff/tif_read.c:523:22.

CVE-2017-5225 - LibTIFF version 4.0.7 is vulnerable to a heap buffer
overflow in the tools/tiffcp resulting in DoS or code execution via a
crafted BitsPerSample value.

CVE-2017-7592 - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7
has a left-shift undefined behavior issue, which might allow remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image.

CVE-2017-7593 - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata
is properly initialized, which might allow remote attackers to obtain
sensitive information from process memory via a crafted image.

CVE-2017-7594 - The OJPEGReadHeaderInfoSecTablesDcTable function in
tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (memory leak) via a crafted image.

CVE-2017-7595 - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7
allows remote attackers to cause a denial of service (divide-by-zero error
and application crash) via a crafted image.

CVE-2017-7598 - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers
to cause a denial of service (divide-by-zero error and application crash)
via a crafted image.

CVE-2017-7601 - LibTIFF 4.0.7 has a "shift exponent too large for 64-bit
type long" undefined behavior issue, which might allow remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted image.

CVE-2017-7602 - LibTIFF 4.0.7 has a signed integer overflow, which might
allow remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted image.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 030fe340af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:33:20 +02:00
arch arch: add OpenRISC architecture support 2017-01-25 22:53:53 +01:00
board board/atmel/readme.txt: fix typos 2017-02-24 11:58:30 +01:00
boot uboot: fix target uboot defconfig warning 2017-04-24 17:50:14 +02:00
configs configs/mx25pdk: Bump U-Boot and kernel versions 2017-02-09 22:22:21 +01:00
docs Update for 2017.02 2017-02-28 22:00:23 +01:00
fs fs/iso9660: doesn't support (grub2) EFI 2017-03-02 08:20:38 +01:00
linux linux: bump default to version 4.9.13 2017-02-26 15:13:21 +01:00
package tiff: add upstream security fixes 2017-04-28 14:33:20 +02:00
support core/br2-external: properly report unexpected errors 2017-03-31 09:09:46 +02:00
system system: do not overwrite /bin/sh Busybox symlink 2017-03-31 09:12:23 +02:00
toolchain toolchain: remove no longer relevant comment 2017-03-13 23:58:43 +01:00
.defconfig arch: remove support for sh64 2016-09-08 22:15:15 +02:00
.gitignore
CHANGES Update for 2017.02.1 2017-04-05 17:18:54 +02:00
Config.in package: add generic support for lz archives 2017-02-15 22:11:11 +01:00
Config.in.legacy perl-db-file: remove this package 2016-12-27 18:00:50 +01:00
COPYING
DEVELOPERS DEVELOPERS: adopt freerdp 2017-02-18 22:08:53 +01:00
Makefile Update for 2017.02.1 2017-04-05 17:18:54 +02:00
Makefile.legacy Remove BR2_DEPRECATED 2016-10-15 23:14:45 +02:00
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on Freenode IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches