summaryrefslogtreecommitdiff
path: root/poky/meta/recipes-multimedia
diff options
context:
space:
mode:
authorPatrick Williams <patrick@stwcx.xyz>2022-04-21 22:36:50 +0300
committerPatrick Williams <patrick@stwcx.xyz>2022-04-21 22:37:46 +0300
commita515de07dfa9eda7a303af296666e2572e581df7 (patch)
treee2a372f00be0586f0f420f06913c7bba48199dd9 /poky/meta/recipes-multimedia
parent5ffb1169cb6b3ed547d1b882cd9340cc7b7b6f07 (diff)
downloadopenbmc-a515de07dfa9eda7a303af296666e2572e581df7.tar.xz
subtree updates
meta-openembedded: c05ae80ba6..9a0caf5b09: Armin Kuster (1): pw-am.sh: update to new patcwork system Changqing Li (1): zabbix: Fix sereval CVEs Christian Eggers (2): ebtables: remove perl from RDEPENDS graphviz: native: create /usr/lib/graphviz/config6 in populate_sysroot Jeremy A. Puhlman (1): cdrkit: remove ${PN} from ${PN}-dev RDEPENDS Kartikey Rameshbhai Parmar (1): imagemagick: update SRC_URI branch to main Martin Jansa (1): htop: switch branch from master to main Ovidiu Panait (1): syslog-ng: adjust control socket location Peter Kjellerstedt (2): libsrtp: Switch branch from master to main net-snmp: Avoid running `make clean` as it may fail Thomas Perrot (1): breakpad: fix branch for gtest in SRC_URI Trevor Gamblin (3): python3-django: upgrade 2.2.24 -> 2.2.27 python3-django: upgrade 3.2.10 -> 3.2.12 python3-lxml: upgrade 4.6.3 -> 4.6.5 Yi Zhao (1): apache2: upgrade 2.4.52 -> 2.4.53 poky: e0ab08bb6a..eff78b3802: Alexander Kanavin (5): ruby: update 3.0.2 -> 3.0.3 libarchive: upgrade 3.5.1 -> 3.5.2 devtool: explicitly set main or master branches in upgrades when available util-linux: update 2.37.2 -> 2.37.3 util-linux: upgrade 2.37.3 -> 2.37.4 Anuj Mittal (3): poky.conf: bump version for 3.4.3 honister release documentation: prepare for 3.4.3 release crate-fetch: fix setscene failures Bill Pittman (1): wic: Use custom kernel path if provided Bruce Ashfield (13): linux-yocto/5.10: update to v5.10.96 linux-yocto/5.10: update to v5.10.99 linux-yocto/5.10: ppc/riscv: fix build with binutils 2.3.8 linux-yocto/5.10: fix dssall build error with binutils 2.3.8 linux-yocto/5.10: features/zram: remove CONFIG_ZRAM_DEF_COMP linux-yocto/5.10: update to v5.10.101 linux-yocto/5.10: Fix ramoops/ftrace linux-yocto/5.10: update to v5.10.103 linux-yocto: nohz_full boot arg fix linux-yocto/5.10: split vtpm for more granular inclusion linux-yocto/5.10: cfg/debug: add configs for kcsan linux-yocto-rt/5.10: update to -rt61 linux-yocto/5.10: update to v5.10.107 Chee Yang Lee (3): ghostscript: fix CVE-2021-3781 go: update to 1.16.15 webkitgtk: update to 2.32.4 Christian Eggers (3): mc: fix build if ncurses have been configured without wide characters sdk: fix search for dynamic loader gcsections: add nativesdk-cairo to exclude list Daniel Gomez (1): bitbake: contrib: Fix hash server Dockerfile dependencies Daniel Müller (1): scripts/runqemu-ifdown: Don't treat the last iptables command as special Daniel Wagenknecht (1): bitbake: fetch2: ssh: username and password are optional Florian Amstutz (1): devtool: deploy-target: Remove stripped binaries in pseudo context Joe Slater (3): virglrenderer: fix CVE-2022-0135 and -0175 zip: modify when match.S is built libxml2: fix CVE-2022-23308 regression Jose Quaresma (13): gstreamer1.0: 1.18.5 -> 1.18.6 gstreamer1.0-plugins-base: 1.18.5 -> 1.18.6 gstreamer1.0-plugins-good: 1.18.5 -> 1.18.6 gstreamer1.0-plugins-bad: 1.18.5 -> 1.18.6 gstreamer1.0-plugins-ugly: 1.18.5 -> 1.18.6 gstreamer1.0-vaapi: 1.18.5 -> 1.18.6 gstreamer1.0-libav: 1.18.5 -> 1.18.6 gstreamer1.0-omx: 1.18.5 -> 1.18.6 gstreamer1.0-rtsp-server: 1.18.5 -> 1.18.6 gstreamer1.0-python: 1.18.5 -> 1.18.6 gst-devtools: 1.18.5 -> 1.18.6 gst-examples: 1.18.5 -> 1.18.6 sstate: inside the threadedpool don't write to the shared localdata Justin Bronder (1): initramfs-framework: unmount automounts before switch_root Lee Chee Yang (2): libarchive : update to 3.5.3 ghostscript: fix CVE-2021-45949 Michael Halstead (3): releases: update to include 3.4.2 uninative: Upgrade to 3.5 releases: update to include 3.3.5 Michael Opdenacker (3): documentation: conf.py: update for 3.4.2 docs: fix hardcoded link warning messages conf/machine: fix QEMU x86 sound options Minjae Kim (2): gnu-config: update SRC_URI virglrenderer: update SRC_URI Oleksandr Ocheretnyi (1): kernel-devsrc: do not copy Module.symvers file during install Oleksandr Suvorov (1): depmodwrapper-cross: add config directory option Pavel Zhukov (1): patch.py: Prevent git repo reinitialization Peter Kjellerstedt (2): selftest: recipetool: Correct the URI for socat oe-pkgdata-util: Adapt to the new variable override syntax Ralph Siemsen (2): libxml2: move to gitlab.gnome.org libxml2: update to 2.9.13 Richard Purdie (26): bitbake: tests/fetch: Handle upstream master -> main branch change vim: Upgrade 4269 -> 4134 binutils: Add fix for CVE-2021-45078 default-distrovars.inc: Switch connectivity check to a yoctoproject.org page oeqa/buildtools: Switch to our webserver instead of example.com expat: Upgrade 2.4.4 -> 2.4.5 vim: Upgrade 8.2.4314 -> 8.2.4424 tiff: Add backports for two CVEs from upstream expat: Upgrade 2.4.5 -> 2.4.6 perl: Improve and update module RPDEPENDS libxml-parser-perl: Add missing RDEPENDS expat: Upgrade 2.4.6 -> 2.4.7 bitbake: data_smart: Fix overrides file/line message additions bitbake: cooker: Improve parsing failure from handled exception usability bitbake: utils: Ensure shell function failure in python logging is correct vim: Update to 8.2.4524 for further CVE fixes build-appliance-image: Update to honister head revision bitbake: build: Tweak exception handling for setscene tasks build-appliance-image: Update to honister head revision toaster: Fix broken overrides usage bitbake: server/xmlrpcserver: Add missing xmlrpcclient import bitbake: toaster: Fix IMAGE_INSTALL issues with _append vs :append pseudo: Add patch to workaround paths with crazy lengths sanity: Add warning for local hasheqiv server with remote sstate mirrors bitbake: server/process: Disable gc around critical section conf.py/poky.yaml: Move version information to poky.yaml and read in conf.py Robert Yang (2): quilt: Disable external sendmail for deterministic build cups: Add --with-dbusdir to EXTRA_OECONF for deterministic build Ross Burton (9): coreutils: remove obsolete ignored CVE list cve-check: get_cve_info should open the database read-only Revert "cve-check: add lockfile to task" asciidoc: update git repository devupstream: fix handling of SRC_URI tiff: backport CVE fixes: grub: ignore CVE-2021-46705 oeqa/selftest/devtool: ensure Git username is set before upgrade tests zlib: backport the fix for CVE-2018-25032 Sakib Sajal (1): go: upgrade 1.16.13 -> 1.16.14 Saul Wold (1): recipetool: Fix circular reference in SRC_URI Sean Anderson (1): libpcap: Disable DPDK explicitly Stefan Herbrechtsmeier (2): cve-check: create directory of CVE_CHECK_MANIFEST before copy gcc-target: fix glob to remove gcc-<version> binary Tamizharasan Kumar (1): linux-yocto/5.10: update genericx86* machines to v5.10.99 Tean Cunningham (1): rootfs-postcommands: amend systemd_create_users add user to group check Tim Orling (1): bitbake: toaster: fixtures replace gatesgarth Zoltán Böszörményi (1): qemuboot: Fix build error if UNINATIVE_LOADER is unset pgowda (1): gcc : Fix CVE-2021-46195 wangmy (4): linux-firmware: upgrade 20211216 -> 20220209 harfbuzz: upgrade 2.9.0 -> 2.9.1 wireless-regdb: upgrade 2021.08.28 -> 2022.02.18 linux-firmware: upgrade 20220209 -> 20220310 meta-raspberrypi: 1584bddcf3..378d4b6e7b: Devendra Tewari (1): linux-raspberrypi: Upgrade to 5.10.83 Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: I7e76d58ee794d7a2965816d096a757b6f7ddbc74
Diffstat (limited to 'poky/meta/recipes-multimedia')
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.6.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.5.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gst-examples_1.18.6.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gst-examples_1.18.5.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.6.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.5.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.6.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.5.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.6.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.5.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.6.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.5.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.6.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.5.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.6.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.5.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.6.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.5.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.6.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.5.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.6.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.5.bb)2
-rw-r--r--poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.6.bb (renamed from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.5.bb)2
-rw-r--r--poky/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch38
-rw-r--r--poky/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch (renamed from poky/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch)0
-rw-r--r--poky/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch218
-rw-r--r--poky/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch93
-rw-r--r--poky/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch33
-rw-r--r--poky/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch36
-rw-r--r--poky/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch57
-rw-r--r--poky/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch30
-rw-r--r--poky/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch32
-rw-r--r--poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb11
22 files changed, 559 insertions, 13 deletions
diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.5.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.6.bb
index 1b46b89cb9..4f4ded8d24 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.6.bb
@@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV}
file://0001-connect-has-a-different-signature-on-musl.patch \
"
-SRC_URI[sha256sum] = "fecffc86447daf5c2a06843c757a991d745caa2069446a0d746e99b13f7cb079"
+SRC_URI[sha256sum] = "3725622c740a635452e54b79d065f963ab7706ca2403de6c43072ae7610a0de4"
DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
RRECOMMENDS:${PN} = "git"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.18.5.bb b/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.18.6.bb
index a720bb73ff..2a7a3c3111 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.18.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.18.6.bb
@@ -12,7 +12,7 @@ SRC_URI = "git://gitlab.freedesktop.org/gstreamer/gst-examples.git;protocol=http
file://gst-player.desktop \
"
-SRCREV = "fe9a365dc0f1ff632abcfe3322ac5527a2cf30a0"
+SRCREV = "70e4fcf4fc8ae19641aa990de5f37d758cdfcea4"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.6.bb
index a77ec62759..d46342285d 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.6.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6762ed442b3822387a51c92d928ead0d \
"
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz"
-SRC_URI[sha256sum] = "822e008a910e9dd13aedbdd8dc63fedef4040c0ee2e927bab3112e9de693a548"
+SRC_URI[sha256sum] = "e4e50dcd5a29441ae34de60d2221057e8064ed824bb6ca4dc0fd9ee88fbe9b81"
S = "${WORKDIR}/gst-libav-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.6.bb
index b2c1eb3ea0..a220d677aa 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.6.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
-SRC_URI[sha256sum] = "2cd457c1e8deb1a9b39608048fb36a44f6c9a864a6b6115b1453a32e7be93b42"
+SRC_URI[sha256sum] = "b5281c938e959fd2418e989cfb6065fdd9fe5f6f87ee86236c9427166e708163"
S = "${WORKDIR}/gst-omx-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.6.bb
index 6209a62712..df148c0aff 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.6.bb
@@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad
file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \
file://0005-msdk-fix-includedir-path.patch \
"
-SRC_URI[sha256sum] = "a164923b94f0d08578a6fcaeaac6e0c05da788a46903a1086870e9ca45ad678e"
+SRC_URI[sha256sum] = "0b1b50ac6311f0c510248b6cd64d6d3c94369344828baa602db85ded5bc70ec9"
S = "${WORKDIR}/gst-plugins-bad-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.6.bb
index 5e2cca3864..e20145ea8d 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.6.bb
@@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
file://0004-glimagesink-Downrank-to-marginal.patch \
"
-SRC_URI[sha256sum] = "960b7af4585700db0fdd5b843554e11e2564fed9e061f591fae88a7be6446fa3"
+SRC_URI[sha256sum] = "56a9ff2fe9e6603b9e658cf6897d412a173d2180829fe01e92568549c6bd0f5b"
S = "${WORKDIR}/gst-plugins-base-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.6.bb
index ade935df9e..a43b8095c5 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.6.bb
@@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
"
-SRC_URI[sha256sum] = "3aaeeea7765fbf8801acce4a503a9b05f73f04e8a35352e9d00232cfd555796b"
+SRC_URI[sha256sum] = "26723ac01fcb360ade1f41d168c7c322d8af4ceb7e55c8c12ed2690d06a76eed"
S = "${WORKDIR}/gst-plugins-good-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.6.bb
index 9777aaee19..5b31627141 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.6.bb
@@ -13,7 +13,7 @@ LICENSE_FLAGS = "commercial"
SRC_URI = " \
https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
"
-SRC_URI[sha256sum] = "df32803e98f8a9979373fa2ca7e05e62f977b1097576d3a80619d9f5c69f66d9"
+SRC_URI[sha256sum] = "4969c409cb6a88317d2108b8577108e18623b2333d7b587ae3f39459c70e3a7f"
S = "${WORKDIR}/gst-plugins-ugly-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.6.bb
index 74dd15b3eb..c80c3928eb 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.6.bb
@@ -8,7 +8,7 @@ LICENSE = "LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "533685871305959d6db89507f3b3aa6c765c2f2b0dacdc32c5a6543e72e5bc52"
+SRC_URI[sha256sum] = "bdc0ea22fbd7335ad9decc151561aacc53c51206a9735b81eac700ce5b0bbd4a"
DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.6.bb
index 50426ad46d..f105713f33 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.6.bb
@@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server"
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "04d63bf48816c6f41c73f6de0f912a7cef0aab39c44162a7bcece1923dfc9d1f"
+SRC_URI[sha256sum] = "826f32afbcf94b823541efcac4a0dacdb62f6145ef58f363095749f440262be9"
S = "${WORKDIR}/${PNREAL}-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.6.bb
index 9a68a3fadf..f3255e5554 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.6.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c"
SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "4a460fb95559f41444eb24864ad2d9e37922b6eea941510310319fc3e0ba727b"
+SRC_URI[sha256sum] = "ab6270f1e5e4546fbe6f5ea246d86ca3d196282eb863d46e6cdcc96f867449e0"
S = "${WORKDIR}/${REALPN}-${PV}"
DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.6.bb
index 0d82dd338c..4bf89ed109 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.6.bb
@@ -25,7 +25,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x
file://0006-tests-use-a-dictionaries-for-environment.patch \
file://0007-tests-install-the-environment-for-installed_tests.patch \
"
-SRC_URI[sha256sum] = "55862232a63459bbf56abebde3085ca9aec211b478e891dacea4d6df8cafe80a"
+SRC_URI[sha256sum] = "4ec816010dd4d3a93cf470ad0a6f25315f52b204eb1d71dfa70ab8a1c3bd06e6"
PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
check \
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch b/poky/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch
new file mode 100644
index 0000000000..f1a4ab4251
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch
@@ -0,0 +1,38 @@
+CVE: CVE-2022-0865
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 88da11ae3c4db527cb870fb1017456cc8fbac2e7 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Thu, 24 Feb 2022 22:26:02 +0100
+Subject: [PATCH 1/6] tif_jbig.c: fix crash when reading a file with multiple
+ IFD in memory-mapped mode and when bit reversal is needed (fixes #385)
+
+---
+ libtiff/tif_jbig.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
+index 74086338..8bfa4cef 100644
+--- a/libtiff/tif_jbig.c
++++ b/libtiff/tif_jbig.c
+@@ -209,6 +209,16 @@ int TIFFInitJBIG(TIFF* tif, int scheme)
+ */
+ tif->tif_flags |= TIFF_NOBITREV;
+ tif->tif_flags &= ~TIFF_MAPPED;
++ /* We may have read from a previous IFD and thus set TIFF_BUFFERMMAP and
++ * cleared TIFF_MYBUFFER. It is necessary to restore them to their initial
++ * value to be consistent with the state of a non-memory mapped file.
++ */
++ if (tif->tif_flags&TIFF_BUFFERMMAP) {
++ tif->tif_rawdata = NULL;
++ tif->tif_rawdatasize = 0;
++ tif->tif_flags &= ~TIFF_BUFFERMMAP;
++ tif->tif_flags |= TIFF_MYBUFFER;
++ }
+
+ /* Setup the function pointers for encode, decode, and cleanup. */
+ tif->tif_setupdecode = JBIGSetupDecode;
+--
+2.25.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch b/poky/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
index 72776f09ba..72776f09ba 100644
--- a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch b/poky/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
new file mode 100644
index 0000000000..d31e9650d1
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
@@ -0,0 +1,218 @@
+CVE: CVE-2022-0891
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From e46b49e60fddb2e924302fb1751f79eb9cfb2253 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Tue, 8 Mar 2022 17:02:44 +0000
+Subject: [PATCH 2/6] tiffcrop: fix issue #380 and #382 heap buffer overflow in
+ extractImageSection
+
+---
+ tools/tiffcrop.c | 92 +++++++++++++++++++-----------------------------
+ 1 file changed, 36 insertions(+), 56 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index b85c2ce7..302a7e91 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -105,8 +105,8 @@
+ * of messages to monitor progress without enabling dump logs.
+ */
+
+-static char tiffcrop_version_id[] = "2.4";
+-static char tiffcrop_rev_date[] = "12-13-2010";
++static char tiffcrop_version_id[] = "2.4.1";
++static char tiffcrop_rev_date[] = "03-03-2010";
+
+ #include "tif_config.h"
+ #include "libport.h"
+@@ -6710,10 +6710,10 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #ifdef DEVELMODE
+ uint32_t img_length;
+ #endif
+- uint32_t j, shift1, shift2, trailing_bits;
++ uint32_t j, shift1, trailing_bits;
+ uint32_t row, first_row, last_row, first_col, last_col;
+ uint32_t src_offset, dst_offset, row_offset, col_offset;
+- uint32_t offset1, offset2, full_bytes;
++ uint32_t offset1, full_bytes;
+ uint32_t sect_width;
+ #ifdef DEVELMODE
+ uint32_t sect_length;
+@@ -6723,7 +6723,6 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #ifdef DEVELMODE
+ int k;
+ unsigned char bitset;
+- static char *bitarray = NULL;
+ #endif
+
+ img_width = image->width;
+@@ -6741,17 +6740,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ dst_offset = 0;
+
+ #ifdef DEVELMODE
+- if (bitarray == NULL)
+- {
+- if ((bitarray = (char *)malloc(img_width)) == NULL)
+- {
+- TIFFError ("", "DEBUG: Unable to allocate debugging bitarray");
+- return (-1);
+- }
+- }
++ char bitarray[39];
+ #endif
+
+- /* rows, columns, width, length are expressed in pixels */
++ /* rows, columns, width, length are expressed in pixels
++ * first_row, last_row, .. are index into image array starting at 0 to width-1,
++ * last_col shall be also extracted. */
+ first_row = section->y1;
+ last_row = section->y2;
+ first_col = section->x1;
+@@ -6761,9 +6755,14 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #ifdef DEVELMODE
+ sect_length = last_row - first_row + 1;
+ #endif
+- img_rowsize = ((img_width * bps + 7) / 8) * spp;
+- full_bytes = (sect_width * spp * bps) / 8; /* number of COMPLETE bytes per row in section */
+- trailing_bits = (sect_width * bps) % 8;
++ /* The read function loadImage() used copy separate plane data into a buffer as interleaved
++ * samples rather than separate planes so the same logic works to extract regions
++ * regardless of the way the data are organized in the input file.
++ * Furthermore, bytes and bits are arranged in buffer according to COMPRESSION=1 and FILLORDER=1
++ */
++ img_rowsize = (((img_width * spp * bps) + 7) / 8); /* row size in full bytes of source image */
++ full_bytes = (sect_width * spp * bps) / 8; /* number of COMPLETE bytes per row in section */
++ trailing_bits = (sect_width * spp * bps) % 8; /* trailing bits within the last byte of destination buffer */
+
+ #ifdef DEVELMODE
+ TIFFError ("", "First row: %"PRIu32", last row: %"PRIu32", First col: %"PRIu32", last col: %"PRIu32"\n",
+@@ -6776,10 +6775,9 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+
+ if ((bps % 8) == 0)
+ {
+- col_offset = first_col * spp * bps / 8;
++ col_offset = (first_col * spp * bps) / 8;
+ for (row = first_row; row <= last_row; row++)
+ {
+- /* row_offset = row * img_width * spp * bps / 8; */
+ row_offset = row * img_rowsize;
+ src_offset = row_offset + col_offset;
+
+@@ -6792,14 +6790,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ }
+ else
+ { /* bps != 8 */
+- shift1 = spp * ((first_col * bps) % 8);
+- shift2 = spp * ((last_col * bps) % 8);
++ shift1 = ((first_col * spp * bps) % 8); /* shift1 = bits to skip in the first byte of source buffer*/
+ for (row = first_row; row <= last_row; row++)
+ {
+ /* pull out the first byte */
+ row_offset = row * img_rowsize;
+- offset1 = row_offset + (first_col * bps / 8);
+- offset2 = row_offset + (last_col * bps / 8);
++ offset1 = row_offset + ((first_col * spp * bps) / 8); /* offset1 = offset into source of byte with first bits to be extracted */
+
+ #ifdef DEVELMODE
+ for (j = 0, k = 7; j < 8; j++, k--)
+@@ -6811,12 +6807,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ sprintf(&bitarray[9], " ");
+ for (j = 10, k = 7; j < 18; j++, k--)
+ {
+- bitset = *(src_buff + offset2) & (((unsigned char)1 << k)) ? 1 : 0;
++ bitset = *(src_buff + offset1 + full_bytes) & (((unsigned char)1 << k)) ? 1 : 0;
+ sprintf(&bitarray[j], (bitset) ? "1" : "0");
+ }
+ bitarray[18] = '\0';
+- TIFFError ("", "Row: %3d Offset1: %"PRIu32", Shift1: %"PRIu32", Offset2: %"PRIu32", Shift2: %"PRIu32"\n",
+- row, offset1, shift1, offset2, shift2);
++ TIFFError ("", "Row: %3d Offset1: %"PRIu32", Shift1: %"PRIu32", Offset2: %"PRIu32", Trailing_bits: %"PRIu32"\n",
++ row, offset1, shift1, offset1+full_bytes, trailing_bits);
+ #endif
+
+ bytebuff1 = bytebuff2 = 0;
+@@ -6840,11 +6836,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+
+ if (trailing_bits != 0)
+ {
+- bytebuff2 = src_buff[offset2] & ((unsigned char)255 << (7 - shift2));
++ /* Only copy higher bits of samples and mask lower bits of not wanted column samples to zero */
++ bytebuff2 = src_buff[offset1 + full_bytes] & ((unsigned char)255 << (8 - trailing_bits));
+ sect_buff[dst_offset] = bytebuff2;
+ #ifdef DEVELMODE
+ TIFFError ("", " Trailing bits src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n",
+- offset2, dst_offset);
++ offset1 + full_bytes, dst_offset);
+ for (j = 30, k = 7; j < 38; j++, k--)
+ {
+ bitset = *(sect_buff + dst_offset) & (((unsigned char)1 << k)) ? 1 : 0;
+@@ -6863,8 +6860,10 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #endif
+ for (j = 0; j <= full_bytes; j++)
+ {
+- bytebuff1 = src_buff[offset1 + j] & ((unsigned char)255 >> shift1);
+- bytebuff2 = src_buff[offset1 + j + 1] & ((unsigned char)255 << (7 - shift1));
++ /* Skip the first shift1 bits and shift the source up by shift1 bits before save to destination.*/
++ /* Attention: src_buff size needs to be some bytes larger than image size, because could read behind image here. */
++ bytebuff1 = src_buff[offset1 + j] & ((unsigned char)255 >> shift1);
++ bytebuff2 = src_buff[offset1 + j + 1] & ((unsigned char)255 << (8 - shift1));
+ sect_buff[dst_offset + j] = (bytebuff1 << shift1) | (bytebuff2 >> (8 - shift1));
+ }
+ #ifdef DEVELMODE
+@@ -6880,36 +6879,17 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #endif
+ dst_offset += full_bytes;
+
++ /* Copy the trailing_bits for the last byte in the destination buffer.
++ Could come from one ore two bytes of the source buffer. */
+ if (trailing_bits != 0)
+ {
+ #ifdef DEVELMODE
+- TIFFError ("", " Trailing bits src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", offset1 + full_bytes, dst_offset);
+-#endif
+- if (shift2 > shift1)
+- {
+- bytebuff1 = src_buff[offset1 + full_bytes] & ((unsigned char)255 << (7 - shift2));
+- bytebuff2 = bytebuff1 & ((unsigned char)255 << shift1);
+- sect_buff[dst_offset] = bytebuff2;
+-#ifdef DEVELMODE
+- TIFFError ("", " Shift2 > Shift1\n");
++ TIFFError("", " Trailing bits %4"PRIu32" src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", trailing_bits, offset1 + full_bytes, dst_offset);
+ #endif
++ /* More than necessary bits are already copied into last destination buffer,
++ * only masking of last byte in destination buffer is necessary.*/
++ sect_buff[dst_offset] &= ((uint8_t)0xFF << (8 - trailing_bits));
+ }
+- else
+- {
+- if (shift2 < shift1)
+- {
+- bytebuff2 = ((unsigned char)255 << (shift1 - shift2 - 1));
+- sect_buff[dst_offset] &= bytebuff2;
+-#ifdef DEVELMODE
+- TIFFError ("", " Shift2 < Shift1\n");
+-#endif
+- }
+-#ifdef DEVELMODE
+- else
+- TIFFError ("", " Shift2 == Shift1\n");
+-#endif
+- }
+- }
+ #ifdef DEVELMODE
+ sprintf(&bitarray[28], " ");
+ sprintf(&bitarray[29], " ");
+@@ -7062,7 +7042,7 @@ writeImageSections(TIFF *in, TIFF *out, struct image_data *image,
+ width = sections[i].x2 - sections[i].x1 + 1;
+ length = sections[i].y2 - sections[i].y1 + 1;
+ sectsize = (uint32_t)
+- ceil((width * image->bps + 7) / (double)8) * image->spp * length;
++ ceil((width * image->bps * image->spp + 7) / (double)8) * length;
+ /* allocate a buffer if we don't have one already */
+ if (createImageSection(sectsize, sect_buff_ptr))
+ {
+--
+2.25.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch b/poky/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch
new file mode 100644
index 0000000000..a0b856b9e1
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch
@@ -0,0 +1,93 @@
+CVE: CVE-2022-0907
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From a139191cc86f4dc44c74a0f22928e0fb38ed2485 Mon Sep 17 00:00:00 2001
+From: Augustus <wangdw.augustus@qq.com>
+Date: Mon, 7 Mar 2022 18:21:49 +0800
+Subject: [PATCH 3/6] add checks for return value of limitMalloc (#392)
+
+---
+ tools/tiffcrop.c | 33 +++++++++++++++++++++------------
+ 1 file changed, 21 insertions(+), 12 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 302a7e91..e407bf51 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -7357,7 +7357,11 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
+ if (!sect_buff)
+ {
+ sect_buff = (unsigned char *)limitMalloc(sectsize);
+- *sect_buff_ptr = sect_buff;
++ if (!sect_buff)
++ {
++ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
++ return (-1);
++ }
+ _TIFFmemset(sect_buff, 0, sectsize);
+ }
+ else
+@@ -7373,15 +7377,15 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
+ else
+ sect_buff = new_buff;
+
++ if (!sect_buff)
++ {
++ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
++ return (-1);
++ }
+ _TIFFmemset(sect_buff, 0, sectsize);
+ }
+ }
+
+- if (!sect_buff)
+- {
+- TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
+- return (-1);
+- }
+ prev_sectsize = sectsize;
+ *sect_buff_ptr = sect_buff;
+
+@@ -7648,7 +7652,11 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ if (!crop_buff)
+ {
+ crop_buff = (unsigned char *)limitMalloc(cropsize);
+- *crop_buff_ptr = crop_buff;
++ if (!crop_buff)
++ {
++ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
++ return (-1);
++ }
+ _TIFFmemset(crop_buff, 0, cropsize);
+ prev_cropsize = cropsize;
+ }
+@@ -7664,15 +7672,15 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ }
+ else
+ crop_buff = new_buff;
++ if (!crop_buff)
++ {
++ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
++ return (-1);
++ }
+ _TIFFmemset(crop_buff, 0, cropsize);
+ }
+ }
+
+- if (!crop_buff)
+- {
+- TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
+- return (-1);
+- }
+ *crop_buff_ptr = crop_buff;
+
+ if (crop->crop_mode & CROP_INVERT)
+@@ -9231,3 +9239,4 @@ invertImage(uint16_t photometric, uint16_t spp, uint16_t bps, uint32_t width, ui
+ * fill-column: 78
+ * End:
+ */
++
+--
+2.25.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch b/poky/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch
new file mode 100644
index 0000000000..719dabaecc
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch
@@ -0,0 +1,33 @@
+CVE: CVE-2022-0908
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From ef5a0bf271823df168642444d051528a68205cb0 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Thu, 17 Feb 2022 15:28:43 +0100
+Subject: [PATCH 4/6] TIFFFetchNormalTag(): avoid calling memcpy() with a null
+ source pointer and size of zero (fixes #383)
+
+---
+ libtiff/tif_dirread.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index d84147a0..4e8ce729 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -5079,7 +5079,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
+ _TIFFfree(data);
+ return(0);
+ }
+- _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count);
++ if (dp->tdir_count > 0 )
++ {
++ _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count);
++ }
+ o[(uint32_t)dp->tdir_count]=0;
+ if (data!=0)
+ _TIFFfree(data);
+--
+2.25.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch b/poky/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch
new file mode 100644
index 0000000000..64dbe9ef92
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch
@@ -0,0 +1,36 @@
+CVE: CVE-2022-0909
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 4768355a074d562177e0a8b551c561d1af7eb74a Mon Sep 17 00:00:00 2001
+From: 4ugustus <wangdw.augustus@qq.com>
+Date: Tue, 8 Mar 2022 16:22:04 +0000
+Subject: [PATCH 5/6] fix the FPE in tiffcrop (#393)
+
+---
+ libtiff/tif_dir.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index a6c254fc..77da6ea4 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -335,13 +335,13 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap)
+ break;
+ case TIFFTAG_XRESOLUTION:
+ dblval = va_arg(ap, double);
+- if( dblval < 0 )
++ if( dblval != dblval || dblval < 0 )
+ goto badvaluedouble;
+ td->td_xresolution = _TIFFClampDoubleToFloat( dblval );
+ break;
+ case TIFFTAG_YRESOLUTION:
+ dblval = va_arg(ap, double);
+- if( dblval < 0 )
++ if( dblval != dblval || dblval < 0 )
+ goto badvaluedouble;
+ td->td_yresolution = _TIFFClampDoubleToFloat( dblval );
+ break;
+--
+2.25.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch b/poky/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch
new file mode 100644
index 0000000000..afd5e59960
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch
@@ -0,0 +1,57 @@
+CVE: CVE-2022-0924
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 1074b9691322b1e3671cd8ea0b6b3509d08978fb Mon Sep 17 00:00:00 2001
+From: 4ugustus <wangdw.augustus@qq.com>
+Date: Thu, 10 Mar 2022 08:48:00 +0000
+Subject: [PATCH 6/6] fix heap buffer overflow in tiffcp (#278)
+
+---
+ tools/tiffcp.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 1f889516..552d8fad 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -1661,12 +1661,27 @@ DECLAREwriteFunc(writeBufferToSeparateStrips)
+ tdata_t obuf;
+ tstrip_t strip = 0;
+ tsample_t s;
++ uint16_t bps = 0, bytes_per_sample;
+
+ obuf = limitMalloc(stripsize);
+ if (obuf == NULL)
+ return (0);
+ _TIFFmemset(obuf, 0, stripsize);
+ (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
++ (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
++ if( bps == 0 )
++ {
++ TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
++ _TIFFfree(obuf);
++ return 0;
++ }
++ if( (bps % 8) != 0 )
++ {
++ TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8");
++ _TIFFfree(obuf);
++ return 0;
++ }
++ bytes_per_sample = bps/8;
+ for (s = 0; s < spp; s++) {
+ uint32_t row;
+ for (row = 0; row < imagelength; row += rowsperstrip) {
+@@ -1676,7 +1691,7 @@ DECLAREwriteFunc(writeBufferToSeparateStrips)
+
+ cpContigBufToSeparateBuf(
+ obuf, (uint8_t*) buf + row * rowsize + s,
+- nrows, imagewidth, 0, 0, spp, 1);
++ nrows, imagewidth, 0, 0, spp, bytes_per_sample);
+ if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) {
+ TIFFError(TIFFFileName(out),
+ "Error, can't write strip %"PRIu32,
+--
+2.25.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch b/poky/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch
new file mode 100644
index 0000000000..0b41dde606
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch
@@ -0,0 +1,30 @@
+From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 5 Feb 2022 20:36:41 +0100
+Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null
+ source pointer and size of zero (fixes #362)
+
+Upstream-Status: Backport
+CVE: CVE-2022-0562
+
+---
+ libtiff/tif_dirread.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 2bbc4585..23194ced 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -4177,7 +4177,8 @@ TIFFReadDirectory(TIFF* tif)
+ goto bad;
+ }
+
+- memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t));
++ if (old_extrasamples > 0)
++ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t));
+ _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
+ _TIFFfree(new_sampleinfo);
+ }
+--
+GitLab
+
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch b/poky/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
new file mode 100644
index 0000000000..74f9649fdf
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
@@ -0,0 +1,32 @@
+From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 6 Feb 2022 13:08:38 +0100
+Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null
+ source pointer and size of zero (fixes #362)
+
+Upstream-Status: Backport
+CVE: CVE-2022-0561
+
+---
+ libtiff/tif_dirread.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 23194ced..50ebf8ac 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -5777,8 +5777,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l
+ _TIFFfree(data);
+ return(0);
+ }
+- _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
+- _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
++ if( dir->tdir_count )
++ _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
++ _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
+ _TIFFfree(data);
+ data=resizeddata;
+ }
+--
+GitLab
+
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index ef8e8460fb..0a82f0d780 100644
--- a/poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -9,7 +9,16 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=34da3db46fab7501992f9615d7e158cf"
CVE_PRODUCT = "libtiff"
SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
- file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch"
+ file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch \
+ file://561599c99f987dc32ae110370cfdd7df7975586b.patch \
+ file://eecb0712f4c3a5b449f70c57988260a667ddbdef.patch \
+ file://0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch \
+ file://0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch \
+ file://0003-add-checks-for-return-value-of-limitMalloc-392.patch \
+ file://0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch \
+ file://0005-fix-the-FPE-in-tiffcrop-393.patch \
+ file://0006-fix-heap-buffer-overflow-in-tiffcp-278.patch \
+ "
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"