Commit Graph

35460 Commits

Author SHA1 Message Date
Bernd Kuhls
b556a9e06a package/kodi: optimise libva/libvdpau dependencies
Suggested by Thomas:
http://lists.busybox.net/pipermail/buildroot/2017-April/190703.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 14:42:52 +02:00
Andy Shevchenko
85b8a8ab98 package/uclibc: enable wordexp functionality
Wordexp support is needed by more and more packages, recently
bluez5_utils. It adds only ~16 KB to uClibc, so let's add it by default
to keep things simple.

Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Waldemar Brodkorb <wbx@openadk.org>
[Thomas: rework commit message.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 14:25:33 +02:00
Baruch Siach
f80fce90b7 ola: mark as broken
Build with current protobuf is broken. Mark as broken until upstream resolves
this issue.

https://github.com/OpenLightingProject/ola/issues/1192

Fixes:
http://autobuild.buildroot.net/results/d9a/d9a24f7b715100be1580a568a5e3ff72b0389165/
http://autobuild.buildroot.net/results/b31/b314811dedce04ebdc779df67de6cb59a1880cac/
http://autobuild.buildroot.net/results/587/5877b2301b7da43c50127a4c5f648acd3b0264cc/

Cc: Dave Skok <blanco.ether@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 13:57:50 +02:00
Martin Kepplinger
86bc189c23 x11r7: xdriver_xf86-input-tslib: update to 0.0.7
The patches are removed as they are part of this release. 0.0.7 is a
bugfix and compatibility release to keep this usable for on newer systems.

Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 13:57:00 +02:00
Martin Kepplinger
2ae6acd3c1 x11r7: xdriver_xf86-input-tslib: new upstream location
This switches upstream to the Github project where xf86-input-tslib is
currently maintained - in cooperation with Pengutronix, who had hosted
the tarball release up until now.

Signed-off-by: Martin Kepplinger <martink@posteo.de>
[Thomas: fix XDRIVER_XF86_INPUT_TSLIB_SITE value.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 13:56:42 +02:00
Bernd Kuhls
ff45194b3c package/kodi: add optional support for pulseaudio
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 13:47:45 +02:00
Bernd Kuhls
a29a0c9619 package/kodi-visualisation-goom: bump version
This bump fixes a compile error on powerpc.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 13:46:14 +02:00
Bernd Kuhls
374e39df81 package/libsquish: bump version to 1.15
Added md5 hash provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 12:12:38 +02:00
Bernd Kuhls
a237d97042 package/libsquish: Remove Kodi-specific patch
Kodi 17 does not depend on libsquish anymore:
ed03f828be

We can therefore remove the patch which was needed for Kodi <= 16.x.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 12:07:09 +02:00
Bernd Kuhls
802d2527b1 package/kodi: add optional support for lcms2
Support was added by https://github.com/xbmc/xbmc/pull/11846

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 12:06:28 +02:00
Bernd Kuhls
8ac0b448b9 package/kodi: add optional support for event clients
For details read
https://github.com/xbmc/xbmc/blob/master/tools/EventClients/README.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 12:06:10 +02:00
Bernd Kuhls
bf9bfd065b package/kodi: libxslt is an optional package
After this commit
bad3902b4a
libxslt, together with libxml2, are an optional package.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 12:03:39 +02:00
Bernd Kuhls
43122d64e0 package/kodi: add optional support for bluez5
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: add missing dependency on BR2_TOOLCHAIN_HAS_SYNC_4 from
bluez5_utils.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 12:02:09 +02:00
Bernd Kuhls
6c4fe5188d package/kodi-visualisation-shadertoy: bump version
Rebased patch 0001.

Upstream removed the optional dependency to libglew:
11371c4e85

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 12:00:32 +02:00
Bernd Kuhls
47a8c5473a package/kodi-visualisation-waveforhue: bump version
Changed upstream repo as per:
https://github.com/notspiff/visualization.waveforhue/pull/3#issuecomment-221105720

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 12:00:09 +02:00
Bernd Kuhls
49f5f813b2 package/kodi-visualisation-*: mass version bump
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 12:00:03 +02:00
Bernd Kuhls
6a3a730ad8 package/kodi-screensaver-rsxs: bump version
ac_cv_type__Bool=yes is needed to fix compilation with gcc >= 5.
Added patch to fix X.org includes.
Added dependency for libpng previously provided by Kodi.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:59:55 +02:00
Bernd Kuhls
4b085746c8 package/kodi-screensaver-*: mass version bump
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:59:30 +02:00
Bernd Kuhls
781af1dbaa package/kodi-audiodecoder-timidity: bump version
kodi-platform is not a dependency anymore:
b7ae86ad86

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:59:14 +02:00
Bernd Kuhls
60bb443012 package/kodi-audiodecoder-*: mass version bump
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:59:04 +02:00
Bernd Kuhls
dd6e9576ef package/kodi-audioencoder-*: mass version bump
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:58:52 +02:00
Bernd Kuhls
2a5cf81c05 package/kodi-adsp-freesurround: bump version
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:58:13 +02:00
Bernd Kuhls
f4594a277c package/kodi-adsp-basic: bump version
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:57:51 +02:00
Bernd Kuhls
12d4cc4ccc package/kodi-pvr-nextpvr: bump version to 2.4.11
Removed patch applied upstream:
9e042807f1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:57:41 +02:00
Bernd Kuhls
7bf4ff23e0 package/kodi-pvr-mythtv: bump version to 4.15.0
Upstream repo was changed:
cf93c8be63

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:57:32 +02:00
Bernd Kuhls
6ecfbe31ab package/kodi-pvr-*: mass version bump
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:56:31 +02:00
Bernd Kuhls
24a07d58af package/kodi: bump to version 17.1-Krypton
Removed unneeded patches
- 0001-Fixup-include-path.patch (not needed after CMake switch)
- 0005-native-TexturePacker-fix-compilation-with-gcc-4.6.patch
  (applied upstream)
- 0006-ffmpeg30.patch (was backported from 17.0-Krypton to 16.0-Jarvis)
- 0007-exif-Fix-for-out-of-memory-errors-with-large-numbers.patch
  (was backported from 17.0-Krypton to 16.0-Jarvis)
- 0008-Fix-nullpadding-issue-when-reading-certain-id3v1-tag.patch
  (was backported from 17.0-Krypton to 16.0-Jarvis)
- 0009-lib-cximage-6.0-fix-compilation-with-gcc6.patch
  (cximage was removed in bump from 16.x to 17.0)
- 0010-curl-support-version-7.5.0-and-upwards.patch
  (applied upstream)
- 0011-xbmc_pvr_types.h-Fix-compilation-with-gcc6.patch
  (applied upstream)
- 0012-Fix_includes_in_amcodec.patch
  (was backported from 17.0-Krypton to 16.0-Jarvis)

Rebased patches
- 0004-kodi-config.cmake-use-CMAKE_FIND_ROOT_PATH-to-fix-cr.patch
  also renamed to 0001-...

Removed dependencies not needed anymore:
- boost
  41ae93f091
- giflib
  d44338baf1
- jasper/tiff
  00724eb109
- jpeg
  7d5bdfb9a0
- libdcadec
  378eb2687c
- libglew
  03ff0d5ea0
- libgcrypt
  was already an optional dependency in Kodi 16, not part of the CMake
  buildsystem anymore
- libmpeg2
  d22c829d67
- libogg/libvorbis
  4c60969177
- libpng
  be6b50c6c3
- librtmp, the new rtmp inputstream addon will be added later
  d04f43a4eb
- libsquish
  ed03f828be
- xlib_libXmu
- xlib_libXt

Switched to CMake, autoconf was deprecated:
https://github.com/xbmc/xbmc/pull/10797

The dependency for egl/gles on arm, formerly enforced by the automake
build system, was not ported to CMake.

Bumped BR2_TOOLCHAIN_GCC_AT_LEAST to 4.8 to fix build errors with
gcc-4.7 found while testing
http://autobuild.buildroot.net/toolchains/configs/sourcery-x86.config
For details please read
http://lists.busybox.net/pipermail/buildroot/2017-April/190195.html

Added hard-dependency for libegl, needed after
0ac305f7cf

Libva support depends on X11
https://github.com/xbmc/xbmc/blob/Krypton/project/cmake/modules/FindVAAPI.cmake#L42
and OpenGL/EGL
https://github.com/xbmc/xbmc/blob/Krypton/xbmc/cores/VideoPlayer/DVDCodecs/Video/VAAPI.h#L23

Libvdpau support depends on X11
https://github.com/xbmc/xbmc/blob/Krypton/project/cmake/modules/FindVDPAU.cmake#L21
and OpenGL/EGL
https://github.com/xbmc/xbmc/blob/Krypton/xbmc/cores/VideoPlayer/DVDCodecs/Video/VDPAU.h#L43

Updated clean-up hook and added host-xmlstarlet as dependency to
manipulate the list of default system addons in addon-manifest.xml.

Added dependency to BR2_ENABLE_LOCALE, needs iconv_open:
https://github.com/xbmc/xbmc/blob/Krypton/xbmc/utils/CharsetConverter.cpp#L200

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: minor tweaks.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:48:27 +02:00
Bernd Kuhls
e81839aff1 package/kodi-texturepacker: new host package
Needed for upcoming kodi version bump to 17.1-Krypton which will also
switch the kodi build system to CMake.

"-std=c++0x" is needed to maintain compatability with host-gcc 4.6.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: move texturepacker patch from Kodi package, use SPDX license
code, minor tweaks.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:36:04 +02:00
Bernd Kuhls
1dd318805e package/kodi-jsonschemabuilder: new host package
Needed for upcoming kodi version bump to 17.1-Krypton which will also
switch the kodi build system to CMake.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: do not add texturepacker patch in this commit, use SPDX license
code.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:32:48 +02:00
Bernd Kuhls
43198b0758 package/xmlstarlet: add host variant
Needed for the Kodi skin package to control the default skin setup.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:26:01 +02:00
Bernd Kuhls
ca958aa13c package/libcec: bump version to 4.0.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:25:51 +02:00
Bernd Kuhls
b62fbde744 package/kodi-platform: bump version
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:25:41 +02:00
Bernd Kuhls
3fc9704dca package/libplatform: bump version
Replaced patch 0001 with an alternate solution.

Updated license info after
a1e5905874

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:25:33 +02:00
Bernd Kuhls
d393690fb4 package/kodi-visualisation-fountain: remove package
Remove broken package:
https://github.com/notspiff/visualization.fountain/issues/1#issuecomment-166156021

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:24:58 +02:00
Bernd Kuhls
b3d8ac2aa7 package/libsodium: bump version to 1.0.12
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:24:09 +02:00
Bernd Kuhls
b9f87e86d9 package/pure-ftpd: bump version to 1.0.46
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 11:23:55 +02:00
Peter Korsgaard
874becfd01 ghostscript: add upstream security fixes for CVE-2017-8291
CVE-2017-8291 - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
and remote command execution via a "/OutputFile (%pipe%" substring in a
crafted .eps document that is an input to the gs program, as exploited in
the wild in April 2017.

For more details, see https://bugzilla.suse.com/show_bug.cgi?id=1036453

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:15:32 +02:00
Abhimanyu Vishwakarma
051e9851f4 Add defconfig for MIPS Creator ci40
Signed-off-by: Abhimanyu Vishwakarma <Abhimanyu.V@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 22:58:54 +02:00
Abhimanyu Vishwakarma
e73cf8a228 genimage.sh: fix calling from BR2_ROOTFS_POST_IMAGE_SCRIPT
When called from BR2_ROOTFS_POST_IMAGE_SCRIPT, this script
ends up with following error:

Error: Missing argument

This is because, an extra positional argument is also passed
along with BR2_ROOTFS_POST_SCRIPT_ARGS. genimage.sh didn't
have support to parse positional and optional arguments
together.

Signed-off-by: Abhimanyu Vishwakarma <Abhimanyu.V@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 22:55:52 +02:00
Ricardo Martincoski
bb1c63763d docs/manual: PEP8 coding style for Python scripts
The advantages of using a pre-existing coding style instead of creating
our own are:
- documenting on the manual takes a single sentence;
- there are automatic tools to help during development/review.

So document that PEP8 recommendation should be followed.

Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 21:37:50 +02:00
Peter Korsgaard
3a66a81b7a python-django: security bump to version 1.10.7
Fixes the following security issues:

Since 1.10.3:

CVE-2016-9013 - User with hardcoded password created when running tests on
Oracle

Marti Raudsepp reported that a user with a hardcoded password is created
when running tests with an Oracle database.

CVE-2016-9014 - DNS rebinding vulnerability when DEBUG=True

Aymeric Augustin discovered that Django does not properly validate the Host
header against settings.ALLOWED_HOSTS when the debug setting is enabled.  A
remote attacker can take advantage of this flaw to perform DNS rebinding
attacks.

Since 1.10.7:

CVE-2017-7233 - Open redirect and possible XSS attack via user-supplied
numeric redirect URLs

It was discovered that is_safe_url() does not properly handle certain
numeric URLs as safe.  A remote attacker can take advantage of this flaw to
perform XSS attacks or to use a Django server as an open redirect.

CVE-2017-7234 - Open redirect vulnerability in django.views.static.serve()

Phithon from Chaitin Tech discovered an open redirect vulnerability in the
django.views.static.serve() view.  Note that this view is not intended for
production use.

Cc: Oli Vogt <oli.vogt.pub01@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 21:27:27 +02:00
Bernd Kuhls
833082fdb4 package/live555: bump version to 2017.04.26
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 17:28:00 +02:00
Vicente Olivert Riera
6f24afad92 linux: bump default version to 4.10.13
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 17:03:36 +02:00
Vicente Olivert Riera
431bd936a1 linux-headers: bump 4.{4,9,10}.x series
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 17:03:21 +02:00
Matt Weber
2ef966fb30 package/libqmi: bump version to 1.18.0
udev support was added with this bump, however
the support was disabled, as Buildroot currently
doesn't support the gudev package.  libqmi is
looking for the Gobject bindings provided by
that package to access libudev.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 15:27:51 +02:00
Baruch Siach
dc1287ee8a aircrack-ng: don't build SSE code for non SSE target
Fixes:
http://autobuild.buildroot.net/results/763/7631470016f923e8f4a7696e65437c71b8668b6e/
http://autobuild.buildroot.net/results/621/621588651b5cf54726bbf5361399a2dc301b8a29/
http://autobuild.buildroot.net/results/628/628a66ef766308fba699f1faa942306e600e5575/

Cc: Laurent Cans <laurent.cans@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 14:16:41 +02:00
Baruch Siach
5efbd573c0 libnl: add upstream security fix
CVE-2017-0553: An elevation of privilege vulnerability in libnl could enable a
local malicious application to execute arbitrary code within the context of
the Wi-Fi service

https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1511855.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 14:12:32 +02:00
Peter Korsgaard
030fe340af tiff: add upstream security fixes
Add upstream post-4.0.7 commits (except for ChangeLog modifications) fixing
the following security issues:

CVE-2016-10266 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_read.c:351:22.

CVE-2016-10267 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_ojpeg.c:816:8.

CVE-2016-10269 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 512" and
libtiff/tif_unix.c:340:2.

CVE-2016-10270 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 8" and
libtiff/tif_read.c:523:22.

CVE-2017-5225 - LibTIFF version 4.0.7 is vulnerable to a heap buffer
overflow in the tools/tiffcp resulting in DoS or code execution via a
crafted BitsPerSample value.

CVE-2017-7592 - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7
has a left-shift undefined behavior issue, which might allow remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image.

CVE-2017-7593 - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata
is properly initialized, which might allow remote attackers to obtain
sensitive information from process memory via a crafted image.

CVE-2017-7594 - The OJPEGReadHeaderInfoSecTablesDcTable function in
tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (memory leak) via a crafted image.

CVE-2017-7595 - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7
allows remote attackers to cause a denial of service (divide-by-zero error
and application crash) via a crafted image.

CVE-2017-7598 - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers
to cause a denial of service (divide-by-zero error and application crash)
via a crafted image.

CVE-2017-7601 - LibTIFF 4.0.7 has a "shift exponent too large for 64-bit
type long" undefined behavior issue, which might allow remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted image.

CVE-2017-7602 - LibTIFF 4.0.7 has a signed integer overflow, which might
allow remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted image.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 14:12:24 +02:00
Peter Korsgaard
0135204868 icu: add upstream security fix for utf-8 handling
Fixes:

CVE-2017-7867 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_setNativeIndex* function.

CVE-2017-7868 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_moveIndex32* function.

Upstream: http://bugs.icu-project.org/trac/changeset/39671

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 14:12:16 +02:00
Martin Kepplinger
4d97748129 tslib: speed up the build by skipping autoreconf
We are not carrying any patches modifying auto* files, so autoreconf isn't
needed.

[Peter: extend commit message]
Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 11:30:21 +02:00