kumquat-buildroot

NetCube-Systems-Austria/kumquat-buildroot

Go to file

Peter Korsgaard 2ca9ecd206 ffmpeg: security bump to version 3.2.7 Fixes the following security issues (https://ffmpeg.org/security.html): 3.2.4: CVE-2017-5024 - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. CVE-2017-5025 - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. 3.2.5: CVE-2017-9991 - Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. CVE-2017-9992 - Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. CVE-2017-9994 - libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. CVE-2017-9996 - The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. 3.2.6: CVE-2017-9608 - NULL pointer exception. CVE-2017-9993 - FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. 3.2.7: CVE-2017-11399 - Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. CVE-2017-11665 - The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. CVE-2017-11719 - The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>		2017-09-04 23:07:17 +02:00
arch	arch/arm: fix -mcpu default values for AArch64	2017-07-20 07:37:58 +02:00
board	board/atmel/readme.txt: fix typos	2017-02-24 11:58:30 +01:00
boot	boot/syslinux: disable syslinux legacy-BIOS for broken toolchains	2017-07-19 23:15:19 +02:00
configs	configs/mx25pdk: Bump U-Boot and kernel versions	2017-02-09 22:22:21 +01:00
docs	manual: patches are not applied for SITE_METHOD = local	2017-07-20 00:04:22 +02:00
fs	fs/iso9660: doesn't support (grub2) EFI	2017-03-02 08:20:38 +01:00
linux	linux: fix name of config variable	2017-06-08 16:50:39 +02:00
package	ffmpeg: security bump to version 3.2.7	2017-09-04 23:07:17 +02:00
support	setlocalversion: fix detection of hg revision for untagged versions	2017-07-04 17:36:02 +02:00
system	system: do not overwrite /bin/sh Busybox symlink	2017-03-31 09:12:23 +02:00
toolchain	toolchain: CodeSourcery AMD64 affected by PR19615	2017-07-19 23:15:11 +02:00
.defconfig	arch: remove support for sh64	2016-09-08 22:15:15 +02:00
.gitignore	update gitignore	2013-05-04 12:41:55 +02:00
CHANGES	Update for 2017.02.5	2017-07-26 23:33:09 +02:00
Config.in	Config.in: add BR2_HOST_GCC_AT_LEAST_7	2017-07-05 16:49:58 +02:00
Config.in.legacy	gst1-plugins-bad: fix webrtc option	2017-07-04 17:47:05 +02:00
COPYING	COPYING: add exception about patch licensing	2016-02-26 19:50:13 +01:00
DEVELOPERS	DEVELOPERS: adopt freerdp	2017-02-18 22:08:53 +01:00
Makefile	Update for 2017.02.5	2017-07-26 23:33:09 +02:00
Makefile.legacy	Remove BR2_DEPRECATED	2016-10-15 23:14:45 +02:00
README	README: add reference to submitting-patches	2016-02-01 19:16:08 +01:00

README

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on Freenode IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches