NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
45,307 Commits 5 Branches 387 Tags 141 MiB
Makefile 64%
Python 15.3%
C 9.2%
Shell 6%
PHP 2.8%
Other 2.4%
132bbb36c8
Go to file
Peter Korsgaard 132bbb36c8 package/gd: add post-2.2.5 security fixes from upstream 
Fixes the following security vulnerablities:

- CVE-2018-1000222: Libgd version 2.2.5 contains a Double Free Vulnerability
  vulnerability in gdImageBmpPtr Function that can result in Remote Code
  Execution .  This attack appear to be exploitable via Specially Crafted
  Jpeg Image can trigger double free

- CVE-2018-5711: gd_gif_in.c in the GD Graphics Library (aka libgd), as used
  in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x
  before 7.2.1, has an integer signedness error that leads to an infinite
  loop via a crafted GIF file, as demonstrated by a call to the
  imagecreatefromgif or imagecreatefromstring PHP function

- CVE-2019-11038: When using the gdImageCreateFromXbm() function in the GD
  Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP
  versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it
  is possible to supply data that will cause the function to use the value
  of uninitialized variable.  This may lead to disclosing contents of the
  stack that has been left there by previous code

- CVE-2019-6978: The GD Graphics Library (aka LibGD) 2.2.5 has a double free
  in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 505a70edbe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-30 13:28:26 +01:00
arch arch: Add support for Westmere targets 2019-06-23 23:09:07 +02:00
board board/qemu: ensure root is available before mounting it 2019-07-07 00:09:02 +02:00
boot boot/arm-trusted-firmware: licensing info is only valid for v1.4 2019-08-04 19:23:31 +02:00
configs configs/beaglebone_defconfig: use default console device 2019-10-01 11:44:43 +02:00
docs docs/manual: fix Config.in option that cargo packages must depend on 2019-10-28 17:38:30 +01:00
fs fs/common.mk: do not store original names and timestamps when creating gzipped rootfs 2019-08-04 19:10:13 +02:00
linux {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.3.x series 2019-10-30 10:11:26 +01:00
package package/gd: add post-2.2.5 security fixes from upstream 2019-10-30 13:28:26 +01:00
support support/testing: provide entropy to lua tests 2019-10-16 14:09:58 +02:00
system system: allow selecting merged /usr along with custom rootfs skeleton 2019-02-06 17:11:38 +01:00
toolchain toolchain: introduce BR2_TOOLCHAIN_HAS_GCC_BUG_68485 2019-10-04 21:02:12 +02:00
utils utils/test-pkg: ensure to exit with an error upon failure 2019-10-28 17:34:04 +01:00
.defconfig arch: remove support for sh64 2016-09-08 22:15:15 +02:00
.flake8 .flake8: ignore utils/diffconfig 2018-03-13 22:37:54 +01:00
.gitignore
.gitlab-ci.yml configs/zynq_zybo: remove defconfig 2019-02-22 22:19:19 +01:00
.gitlab-ci.yml.in .gitlab-ci.yml: use "extends" keyword 2019-02-06 11:40:28 +01:00
CHANGES Update for 2019.02.6 2019-10-03 17:10:38 +02:00
Config.in infra: add force build flag for host dependencies 2019-02-04 15:52:44 +01:00
Config.in.legacy package/gst-plugins-bad: remove apexsink support 2019-03-19 21:33:07 +01:00
COPYING
DEVELOPERS DEVELOPERS: remove myself from asterisk 2019-10-30 13:26:22 +01:00
Makefile Update for 2019.02.6 2019-10-03 17:10:38 +02:00
Makefile.legacy Remove BR2_DEPRECATED 2016-10-15 23:14:45 +02:00
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on Freenode IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches