Fixes:
CVE-2015-8126 - incorrect implementation of png_set_PLTE() that uses
png_ptr not info_ptr, that left png_set_PLTE() open to this vuln.
(fix in previous release was incomplete)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
png_set_PLTE/png_get_PLTE functions failed to check for
an out-of-range palette when reading or writing PNG files with a bit_depth
less than 8.
CVE not yet assigned.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a buffer overflow which may allow an attacker to gain write
access to memory.
CVE requested but not yet assigned.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes an out-of-bounds memory access in png_user_version_check().
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 7e50574965.
Now that we've bumped the libpng version, we shouldn't look for it among the
older releases.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This also fixes the download URL as oudated versions have been
moved to the "older-releases" sub-folder.
Signed-off-by: Sven Neumann <neumann@teufel.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even if Blackfin GNU toolchain add prefix '_' to all symbols,
symbol prefix is not accepted in the link flag --version-script.
Don't append prefix in the symbols in the version script file.
Signed-off-by: Sonic Zhang <sonic.zhang@analog.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
They can fail on some odd toolchain configurations because of
buildsystem shortcomings and aren't expected to be used in normal
scenarios.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The packages changed by this commit were not only changing prefix= and
exec_prefix= during their <foo>-config fixups, they were also changing
includedir= and/or libdir=. So, they could not be directly converted
to the new <pkg>_CONFIG_SCRIPTS infrastructure.
However, a careful analysis of their default <foo>-config shows that
includedir= and libdir= is defined relatively to either ${prefix} and
${exec_prefix}. Therefore, the manual fixing of includedir= and
libdir= is useless, and fixing prefix= and exec_prefix=, as done by
the <pkg>_CONFIG_SCRIPTS mechanism is sufficient.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Samuel Martin" <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.
[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Those are already in TARGET_CONFIGURE_ARGS. Also get rid of unused
BR2_AC_CV_FUNC_MALLOC_0_NONNULL variable.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.
Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The host versions shouldn't be visible in Kconfig, so remove the
reference to BR2_PACKAGE_PKGCONFIG everywhere and prefix the host targets
with host-.
At the same time add pkgconfig for the target (E.G. for development) and
let BR2_PACKAGE_PKGCONFIG control that package.
Notice: all defconfigs in the tree have been updated, but make sure to
disable the pkgconfig package (unless you want it) if you use an external
config, otherwise you'll end up with pkgconfig and glib2 in the target.