The following defect(s) have been fixed in this cumulative patch for the Wind River libtiff:
WIND00266146 Security Advisory - LibTIFF - CVE-2011-1167
WIND00277729 Security Advisory - LibTIFF - CVE-2010-4665
WIND00374012 Security Advisory - libtiff - CVE-2012-3401
----------------------------------------------------------------------------------------
Change List:
/layers/wrll-wrlinux/dist/libtiff/Makefile
/layers/wrll-wrlinux/dist/libtiff/libtiff.spec
/layers/wrll-wrlinux/dist/libtiff/patches/libtiff-3.8.2-CVE-2010-4665.patch
/layers/wrll-wrlinux/dist/libtiff/patches/libtiff-3.8.2-CVE-2011-1167.patch
/layers/wrll-wrlinux/dist/libtiff/patches/libtiff-CVE-2012-3401.patch
Requires Wind River Linux Secure 1.0 to be installed
1. Unzip this patch under [install_dir]/updates
2. From the [install_dir]/updates directory, run the command "../maintenance/wrInstaller/x86-linux2/wrInstaller"
3. Follow the instructions for installing the point patch.
4. This is a source only patch so you will have to rebuild the libtiff package. This can be done by executing the command "make -C build libtiff.distclean" followed by "make -C build libtiff.rebuild"
5. Run "make fs" next
6. Upload the kernel and rootfs into the target and boot it up.
DATE: 27 Nov 2012
REVISION: file WRLS_1_0-base-tgt-libtiff-20120215-spin1.zip replaced with WRLS_1_0-base-tgt-libtiff-20121118-spin1.zip and includes fix to defect WIND00374012
DATE: 06 Mar 2012
REVISION: Add file WRLS_1_0-base-tgt-libtiff-20120215-spin1.zip and includes fix to defect WIND00266146 WIND00277729
