kumquat-buildroot/package/sdl2_image/sdl2_image.mk

59 lines
1.3 KiB
Makefile
Raw Normal View History

################################################################################
#
# sdl2_image
#
################################################################################
sdl2_image: security bump to version 2.0.3 Fixes the following security issues: CVE-2017-12122: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14440: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14441: An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14442: An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14448: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14449: A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14450: A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. For details, see the announcement: https://discourse.libsdl.org/t/sdl-image-2-0-3-released/23958 Also add a hash for the license file while we're at it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 14:04:59 +02:00
SDL2_IMAGE_VERSION = 2.0.3
SDL2_IMAGE_SOURCE = SDL2_image-$(SDL2_IMAGE_VERSION).tar.gz
SDL2_IMAGE_SITE = http://www.libsdl.org/projects/SDL_image/release
SDL2_IMAGE_INSTALL_STAGING = YES
SDL2_IMAGE_LICENSE = Zlib
SDL2_IMAGE_LICENSE_FILES = COPYING.txt
# Unconditionally enable support for image formats that don't require
# any dependency.
SDL2_IMAGE_CONF_OPTS = \
--disable-sdltest \
--enable-bmp \
--enable-gif \
--enable-lbm \
--enable-pcx \
--enable-pnm \
--enable-tga \
--enable-xcf \
--enable-xpm \
--enable-xv
SDL2_IMAGE_DEPENDENCIES = sdl2 host-pkgconf
ifeq ($(BR2_PACKAGE_JPEG),y)
SDL2_IMAGE_CONF_OPTS += --enable-jpg
SDL2_IMAGE_DEPENDENCIES += jpeg
else
SDL2_IMAGE_CONF_OPTS += --disable-jpg
endif
ifeq ($(BR2_PACKAGE_LIBPNG),y)
SDL2_IMAGE_CONF_OPTS += --enable-png
SDL2_IMAGE_DEPENDENCIES += libpng
else
SDL2_IMAGE_CONF_OPTS += --disable-png
endif
ifeq ($(BR2_PACKAGE_TIFF),y)
SDL2_IMAGE_CONF_OPTS += --enable-tif
SDL2_IMAGE_DEPENDENCIES += tiff
else
SDL2_IMAGE_CONF_OPTS += --disable-tif
endif
ifeq ($(BR2_PACKAGE_WEBP),y)
SDL2_IMAGE_CONF_OPTS += --enable-webp
SDL2_IMAGE_DEPENDENCIES += webp
else
SDL2_IMAGE_CONF_OPTS += --disable-webp
endif
$(eval $(autotools-package))