Peter Korsgaard [Mon, 30 Apr 2018 12:04:59 +0000 (14:04 +0200)]
sdl2_image: security bump to version 2.0.3
Fixes the following security issues:
CVE-2017-12122: An exploitable code execution vulnerability exists in the
ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted
ILBM image can cause a heap overflow resulting in code execution. An
attacker can display a specially crafted image to trigger this
vulnerability.
CVE-2017-14440: An exploitable code execution vulnerability exists in the
ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted
ILBM image can cause a stack overflow resulting in code execution. An
attacker can display a specially crafted image to trigger this
vulnerability.
CVE-2017-14441: An exploitable code execution vulnerability exists in the
ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted
ICO image can cause an integer overflow, cascading to a heap overflow
resulting in code execution. An attacker can display a specially crafted
image to trigger this vulnerability.
CVE-2017-14442: An exploitable code execution vulnerability exists in the
BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted
BMP image can cause a stack overflow resulting in code execution. An
attacker can display a specially crafted image to trigger this
vulnerability.
CVE-2017-14448: An exploitable code execution vulnerability exists in the
XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted
XCF image can cause a heap overflow resulting in code execution. An
attacker can display a specially crafted image to trigger this
vulnerability.
CVE-2017-14449: A double-Free vulnerability exists in the XCF image
rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image
can cause a Double-Free situation to occur. An attacker can display a
specially crafted image to trigger this vulnerability.
CVE-2017-14450: A buffer overflow vulnerability exists in the GIF image
parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image
can lead to a buffer overflow on a global section. An attacker can display
an image to trigger this vulnerability.
By default, CMake assumes that the project is using both C and C++. By
explicitly passing 'C' as argument of the project() macro, we tell
CMake that only C is used, which prevents CMake from checking if a C++
compiler exists.
Patch sent upstream: https://github.com/lipnitsk/libcue/pull/17
libtomcrypt installs its headers by default in /usr/local/include under
the staging sysroot. This path is not in the default search patch of
some toolchains. This breaks the build of dropbear. Set the PREFIX make
variable to fix that.
While at it, split the long install command for better readability.
Thomas Petazzoni [Sun, 29 Apr 2018 11:59:48 +0000 (13:59 +0200)]
speex: remove useless BUILD_CMDS
SPEEX_BUILD_CMDS is useless, because it's exactly defined to the
default value of <pkg>_BUILDS_CMDS for autotools packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Sun, 29 Apr 2018 08:00:16 +0000 (10:00 +0200)]
python-daemonize: fix check-package warnings
Fixes:
package/python-daemonize/Config.in:2: should be indented with one tab (http://nightly.buildroot.org/#_config_files)
package/python-daemonize/Config.in:3: should be indented with one tab (http://nightly.buildroot.org/#_config_files)
package/python-daemonize/Config.in:4: should be indented with one tab (http://nightly.buildroot.org/#_config_files)
package/python-daemonize/Config.in:5: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
package/python-daemonize/Config.in:6: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Eric Le Bihan [Sat, 28 Apr 2018 22:14:13 +0000 (00:14 +0200)]
support/testing: set $USER in rust tests
When the run-time tests to build rust and rust-bin packages are run via Docker,
the $USER environment variable is not set, which makes cargo fail when
initializing the test project.
So add it to make cargo happy.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stefan Fröberg [Tue, 16 Jan 2018 23:15:58 +0000 (01:15 +0200)]
vte: new package
The VTE package contains a termcap file implementation for
terminal emulators.
Signed-off-by: Stefan Fröberg <stefan.froberg@petroprogram.com>
[Thomas: fix encoding of license name.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- guid.cpp and guid.h have been renamed Guid.cpp and Guid.hpp (they
will be renamed back to guid.cpp and guid.hpp in next release)
- Continue to use package-generic infrastructure as cmake doesn't work
properly with this version. Commit such as
https://github.com/graeme-hill/crossguid/commit/974def4e0ad62b8fea17d6dee7c4f9b0d65eaa2c
is needed. Migration on cmake should be done in next package
release.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Update site to github
- Add hash for license file
- Add patch to disable documentation (sent upstream:
https://github.com/hyperrealm/libconfig/pull/116)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
David Barbion [Fri, 27 Apr 2018 11:51:43 +0000 (13:51 +0200)]
linux-firmware: add amdgpu firmware blobs
Add support for Volcanic Islands (VI), Sea Islands (CI) and Southern
Islands (SI) cards.
This firmware files will be needed if linux kernel is compiled with
amdgpu enabled.
Signed-off-by: David Barbion <davidb@230ruedubac.fr>
[Thomas: add hash for LICENSE.amdgpu] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Note that we are using the latest commit from git master branch
instead of the latest version tag v1.2.0 which is almost a year old
and is 64 commits behind master.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[Thomas:
- simplify the comments in the "depends on"
- move the Config.in comment below the hcitop option to let
menuconfig properly indent the hcitop option under bluez-alsa] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas: use BUILD_SHARED, BUILD_STATIC and INSTALL_STATIC options.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jeremy Rosen [Tue, 24 Apr 2018 09:28:22 +0000 (11:28 +0200)]
package/bash-completion: new package
Signed-off-by: Jeremy Rosen <jeremy.rosen@smile.fr> Signed-off-by: Romain Naour <romain.naour@smile.fr>
[Thomas: transfer the explanation from the commit log into the
Config.in help text, after rewording it.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sat, 28 Apr 2018 15:31:43 +0000 (17:31 +0200)]
dropbear: fix build with non-SSP capable toolchain
By default, Dropbear's configure script enables hardening
flags. Unfortunately, the check for SSP only uses AC_COMPILE_IFELSE(),
and therefore doesn't properly test for the availability of libssp,
visible only at link time.
In addition, Buildroot passes its own hardening flags, depending on
various global options. So, we simply disable hardening flags in
Dropbear.
This fixes a build failure with non-SSP capable toolchains happening
since the bump to 2018.76.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Wed, 28 Mar 2018 08:38:26 +0000 (10:38 +0200)]
dropbear: bump to version 2018.76
with this new version:
- "configure --enable-static" should now be used instead of
"make STATIC=1"
- any customised options should be put in localoptions.h
Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>