Commit Graph

83 Commits

Author SHA1 Message Date
Gustavo Zacarias
371e2f7f3c libpng: security bump to version 1.6.20
Fixes:
CVE-2015-8126 - incorrect implementation of png_set_PLTE() that uses
png_ptr not info_ptr, that left png_set_PLTE() open to this vuln.

(fix in previous release was incomplete)

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-12-04 21:46:34 +01:00
Gustavo Zacarias
e50c333c35 libpng: security bump to version 1.6.19
Fixes:
png_set_PLTE/png_get_PLTE functions failed to check for
an out-of-range palette when reading or writing PNG files with a bit_depth
less than 8.

CVE not yet assigned.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-11-13 22:35:06 +01:00
Gustavo Zacarias
effd4f1ae7 libpng: bump to version 1.6.18
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-02 16:02:39 +02:00
Danomi Manchego
70ad172e6e libpng: rebase ignore-symbol-prefix patch to apply cleanly
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-06-28 23:05:36 +02:00
Gustavo Zacarias
65b25d11df libpng: bump to version 1.6.17
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-06-04 23:06:55 +02:00
Gustavo Zacarias
5fd9ab402f libpng: security bump to version 1.6.16
Fixes a buffer overflow which may allow an attacker to gain write
access to memory.
CVE requested but not yet assigned.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-24 14:59:02 +01:00
Gustavo Zacarias
b89ce67523 libpng: security bump to version 1.6.15
Fixes an out-of-bounds memory access in png_user_version_check().

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-25 22:33:01 +01:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Gustavo Zacarias
074b3c7c30 libpng: bump to version 1.6.12
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-18 13:57:55 +02:00
Gustavo Zacarias
d9b463b291 libpng: security bump to version 1.6.10
Fixes CVE-2014-0333.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-03-17 22:28:40 +01:00
Peter Korsgaard
2a70fcb0ef Revert "libpng: fix download location"
This reverts commit 7e50574965.

Now that we've bumped the libpng version, we shouldn't look for it among the
older releases.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-02-28 14:50:23 +01:00
Peter Korsgaard
b108fdcb83 Merge branch 'next'
Conflicts:
	Makefile
	package/dmraid/Config.in
	package/gdb/Config.in.host
	package/linux-headers/linux-headers.mk
	package/python/python.mk
	package/python3/python3.mk
	package/rt-tests/Config.in
	package/sdl/sdl.mk
	package/systemd/systemd-01-fix-getty-unit.patch
	package/systemd/systemd-02-fix-page-size.patch
	package/systemd/systemd-03-uclibc-fix.patch
	package/udev/Config.in
	package/udisks/Config.in
	package/vlc/vlc.mk
	system/Config.in

Quite some merge conflicts, hopefully I didn't screw up anything.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-02-28 14:30:23 +01:00
Sven Neumann
c16bc1b12f libpng: bump to version 1.6.9
This also fixes the download URL as oudated versions have been
moved to the "older-releases" sub-folder.

Signed-off-by: Sven Neumann <neumann@teufel.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-02-25 21:09:26 +01:00
Sven Neumann
7e50574965 libpng: fix download location
Signed-off-by: Sven Neumann <neumann@teufel.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-02-25 20:53:47 +01:00
Sonic Zhang
46912f15c0 package: libpng: don't append prefix to symbol names in the version script file
Even if Blackfin GNU toolchain add prefix '_' to all symbols,
symbol prefix is not accepted in the link flag --version-script.
Don't append prefix in the symbols in the version script file.

Signed-off-by: Sonic Zhang <sonic.zhang@analog.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-14 23:01:33 +01:00
Gustavo Zacarias
6b5fd46de3 libpng: security bump to version 1.6.8
Fixes CVE-2013-6954.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-12-22 12:09:31 +01:00
Gustavo Zacarias
405af8c93f libpng: disable tools
They can fail on some odd toolchain configurations because of
buildsystem shortcomings and aren't expected to be used in normal
scenarios.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-28 17:02:43 +01:00
Gustavo Zacarias
2e5f5b3996 libpng: bump to version 1.6.6
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-26 11:07:42 +02:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Alexandre Belloni
f2c2f25cef Remove description and url from header
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:00 +02:00
Thomas Petazzoni
4d3f810aaf package: use <pkg>_CONFIG_SCRIPTS in packages that used special handling
The packages changed by this commit were not only changing prefix= and
exec_prefix= during their <foo>-config fixups, they were also changing
includedir= and/or libdir=. So, they could not be directly converted
to the new <pkg>_CONFIG_SCRIPTS infrastructure.

However, a careful analysis of their default <foo>-config shows that
includedir= and libdir= is defined relatively to either ${prefix} and
${exec_prefix}. Therefore, the manual fixing of includedir= and
libdir= is useless, and fixing prefix= and exec_prefix=, as done by
the <pkg>_CONFIG_SCRIPTS mechanism is sufficient.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Samuel Martin" <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-02-08 22:40:49 +01:00
Gustavo Zacarias
019a581f89 packages: switch to host-pkgconf
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-10-29 22:02:55 +01:00
Stefan Froberg
721f339053 freetype, libfuse, libpng, x11vnc, zlib: get rid of BR2_SOURCEFORGE_MIRROR
Signed-off-by: Stefan Froberg <stefan.froberg@petroprogram.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-08-24 23:31:33 +02:00
Danomi Manchego
7228355905 libpng: add license info
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-08-15 12:03:31 +02:00
Gustavo Zacarias
0d27d8cb46 libpng: security bump to version 1.4.12
Fixes CVE-2012-3386

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-30 19:19:09 +02:00
Arnout Vandecappelle (Essensium/Mind)
e1502ebc0c all packages: rename XXXTARGETS to xxx-package
Also remove the redundant $(call ...).

This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:23:05 +02:00
Arnout Vandecappelle (Essensium/Mind)
69e64c42b7 all packages: use new host-xxx-package macros
This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS,host))/$(eval $(host-generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS,host))/$(eval $(host-autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS,host))/$(eval $(host-cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:18:03 +02:00
Gustavo Zacarias
56ece03c81 libpng: security bump to version 1.4.11
Fixes CVE-2011-3048

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-04-03 16:54:30 +02:00
Gustavo Zacarias
b41fb1507f libpng: bump to version 1.4.10
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-04-02 23:13:31 +02:00
Gustavo Zacarias
dcb7f907a9 libpng: security bump to version 1.4.9
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-02-24 15:27:56 +01:00
Arnout Vandecappelle (Essensium/Mind)
cfd73405e0 libpng: removed redundant HOST_FOO_DEPENDENCIES
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-01-17 23:32:33 +01:00
Thomas Petazzoni
300f9c9c9d package: remove useless arguments from AUTOTARGETS
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.

[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-29 23:12:27 +02:00
Peter Korsgaard
33cddbb867 libpng: bump version
Security fix.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-07-14 09:08:30 +02:00
Gustavo Zacarias
8b695c4484 libpng: bump to version 1.4.7
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-04-21 23:33:56 +02:00
Thomas Petazzoni
ac7dbcf925 libpng: remove libpng*-config scripts from TARGET_DIR
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2011-03-07 22:22:31 +01:00
Gustavo Zacarias
b47a4d1073 libpng: bump to version 1.4.5
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-02-02 22:59:44 +01:00
Martin Banky
968ebae9de libpng: bump to 1.4.4
Signed-off-by: Martin Banky <Martin.Banky@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-10-05 22:25:06 +02:00
Thomas Petazzoni
20528a8449 libpng: convert old-style hook to new-style hook
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-09-12 19:26:49 +02:00
Gustavo Zacarias
a7c24b6395 libpng: bump to 1.2.44 [CVE-2010-1205]
Closes #2166

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-07-12 12:13:14 +02:00
Thomas Petazzoni
593c18c0bb packages: remove useless HOST_*_LIBTOOL_PATCH
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-05-02 23:26:27 +02:00
Peter Korsgaard
8c57332bb8 libpng: bump version
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-03-18 16:42:21 +01:00
Thomas Petazzoni
988b4d8d1c libpng: enable compilation on the host
libpng is needed on the host to build ace_of_penguins.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-02-23 20:33:42 +01:00
Thomas Petazzoni
6dc336b293 host-pkgconfig is now host-pkg-config
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2009-12-15 19:57:31 +01:00
Peter Korsgaard
9e76714747 package: get rid of redundant malloc related configure presets
Those are already in TARGET_CONFIGURE_ARGS. Also get rid of unused
BR2_AC_CV_FUNC_MALLOC_0_NONNULL variable.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-12-06 19:58:45 +01:00
Will Newton
422ce6536b package: Remove unnecessary dependencies on uclibc.
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.

Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-09-03 20:22:38 +02:00
Peter Korsgaard
0adeeddb25 libpng: bump version
Fixes an unitialized-memory-read bug.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-07-22 09:37:13 +02:00
Peter Korsgaard
77754571b2 pkgconfig: add pkgconfig package for target
The host versions shouldn't be visible in Kconfig, so remove the
reference to BR2_PACKAGE_PKGCONFIG everywhere and prefix the host targets
with host-.

At the same time add pkgconfig for the target (E.G. for development) and
let BR2_PACKAGE_PKGCONFIG control that package.

Notice: all defconfigs in the tree have been updated, but make sure to
disable the pkgconfig package (unless you want it) if you use an external
config, otherwise you'll end up with pkgconfig and glib2 in the target.
2009-03-18 19:19:10 +00:00
Peter Korsgaard
64007a9e6a libpng: bump version
Fixes unitialized data bug (CVE-2009-0040).

Patch by Soef Qued <souf_oued@yahoo.fr>
2009-02-27 14:59:17 +00:00
Peter Korsgaard
5804c6d9fe libpng: bump version
Fixes memory leak and double-free vulnerability
2009-02-12 12:17:12 +00:00
Daniel Laird
729cf4f6c3 package/libpng/libpng.mk: Remove the unnecessary --without-x option
Signed-off-by: Daniel Laird <daniel.j.laird@nxp.com>
2009-01-12 12:45:48 +00:00