Gustavo Zacarias
61e069e164
jasper: add security patches
...
Fixes:
CVE-2016-2116 - Memory leak in jas_iccprof_createfrombuf causing
memory consumption.
CVE-2016-1577 - Double free vulnerability in jas_iccattrval_destroy.
CVE-2016-1867 - out-of-bounds read in the jpc_pi_nextcprl() function.
CVE-2015-5221 - Use-after-free and double-free flaws in Jasper
JPEG-2000 library.
CVE-2015-5203 - double free in jasper_image_stop_load()
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-08-17 08:39:36 +02:00
Gustavo Zacarias
1a4bf69188
jasper: add hash file
...
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
2015-07-16 22:36:36 +02:00
Max Filippov
71d9b0c1f0
jasper: Disable debugging when building for xtensa
...
xtensa gcc is not able to generate correct code when compiling with -O0
enabled by --enable-debug. Instead of disabling package build it with
--disable-debug.
Fixes:
http://autobuild.buildroot.net/results/5d17055027055ffd33fcd28b208130afb26343c9/
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-05-19 21:36:18 +02:00
Max Filippov
4dcf9d14b5
jasper: Don't overwrite CFLAGS when configured with --enable-debug
...
This drops architecture-specific ABI flags, which may be important.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-05-19 21:36:05 +02:00
Gustavo Zacarias
ddfce0448d
jasper: add security fixes for CVE-2014-8157/8158
...
Fixes:
CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot()
CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-26 23:13:44 +01:00
Gustavo Zacarias
b6e4e9de41
jasper: add patches to fix CVE-2014-8137 and CVE-2014-8138
...
Fixes:
CVE-2014-8137 - double-free in jas_iccattrval_destroy()
CVE-2014-8138 - heap overflow in jp2_decode()
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-12-19 21:41:17 +01:00
Baruch Siach
421b4d0dde
jasper: add a patch fixing CVE-2014-9029
...
See http://www.ocert.org/advisories/ocert-2014-009.html for the details.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-10 21:24:04 +01:00
Peter Korsgaard
324ccec90d
jasper: autoreconf to fix rpath issue
...
The old version of autotools used gets confused and ends up looking in
/usr/lib for libjpeg when host == target..
Fixes http://autobuild.buildroot.net/results/307/307cac65287420252a5bb64715d9a1edd90e72fa/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-10 10:55:12 +02:00
Gustavo Zacarias
88f4a56080
Revert "packages: autoreconf non-vanilla libtool packages"
...
Now that we've got a cleaner/fuzzier libtool 1.5 static patch we can
discard the temporary workaround.
This reverts commit e573f5d326
.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-31 16:36:04 +02:00
Gustavo Zacarias
e573f5d326
packages: autoreconf non-vanilla libtool packages
...
Some packages no longer apply the libtool patch since commit
97703978ac
because they use a non-vanilla
version of libtool 1.5.x
Fixes many failures like:
http://autobuild.buildroot.net/results/34e/34e4898e2bdc08e5d34e16e556384b3086b76467/
http://autobuild.buildroot.net/results/ecf/ecf4e7d6812f972d05c95203fb665235856c0817/
http://autobuild.buildroot.net/results/5d9/5d9a05fb70e8a65f2399c4f38375aeafb9686ea4/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-31 08:26:33 +02:00
Jerzy Grzegorek
61e343970d
jasper: fix license typo
...
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-30 09:57:15 +01:00
Peter Korsgaard
1eac073b3a
jasper: fix file header comment
...
Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-13 09:20:36 +01:00
Maxime Hadjinlian
9f596dbdf5
jasper: new package
...
JPEG-2000 decoder.
This package was originally found at : https://github.com/huceke/buildroot-rbp
By gimli <ebsi4711@gmail.com>
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-12 19:23:45 +01:00