summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/exiv2
Commit message (Collapse)AuthorAgeFilesLines
* exiv2: fix SRC_URIMartin Jansa2023-03-051-1/+1
| | | | | | | | | * https://exiv2.org/releases returns 404 now, use github releases * it's already fixed in master with upgrade to 0.27.6 in: https://git.openembedded.org/meta-openembedded/commit/?id=00a7d4b284c1afccfa26021111384d2184b82e5b Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Update LICENSE variable to use SPDX license identifiersKhem Raj2022-03-041-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* exiv2: Fix CVE-2021-29473wangmy2021-05-192-0/+22
| | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1587/commits/e6a0982f7cd9282052b6e3485a458d60629ffa0b] CVE: CVE-2021-29473 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* exiv2: Fix CVE-2021-29470wangmy2021-05-192-0/+33
| | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1581/commits/6628a69c036df2aa036290e6cd71767c159c79ed] CVE: CVE-2021-29470 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* exiv2: Fix CVE-2021-29464wangmy2021-05-192-0/+73
| | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464 The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54] CVE: CVE-2021-29464 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* exiv2: Fix CVE-2021-3482wangmy2021-05-192-1/+56
| | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482 Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1523/commits/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da] CVE: CVE-2021-3482 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* exiv2: Fix CVE-2021-29463wangmy2021-05-192-1/+122
| | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b] CVE: CVE-2021-29463 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* exiv2: Fix CVE-2021-29458wangmy2021-05-192-1/+39
| | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458 The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1536/commits/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d] CVE: CVE-2021-29458 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* exiv2: Fix CVE-2021-29457wangmy2021-05-192-1/+28
| | | | | | | | | | | | | | | References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457 The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/0230620e6ea5e2da0911318e07ce6e66d1ebdf22] CVE: CVE-2021-29457 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* exiv2: upgrade 0.27.1 -> 0.27.3Andreas Müller2020-07-312-2/+45
| | | | | Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* exiv2: initial add 0.27.1Andreas Müller2019-10-131-0/+13
* exiv2 lives in meta-luneos and meta-qt5-extra currently. Soon meta-gnome will require it for nautilus -> gexiv2 => move it up in layer hierarchy * This recipe was taken from meta-qt5-extra * There is a version 0.27.2 but from my experience as soon as upstream will create a successor of 0.27.2 they move tarballs from builds [1] -> archive [2] To avoid missing sources let's stick on 0.27.1. [1] https://exiv2.org/builds/ [2] https://www.exiv2.org/archive.html Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-07 18:04:53 +0000