buildroot/package/sdl2_image, branch 2019.02-op-build

sdl2_image: security bump to version 2.0.3

2018-04-30T15:38:32+00:00

Fixes the following security issues: CVE-2017-12122: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14440: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14441: An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14442: An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14448: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14449: A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14450: A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. For details, see the announcement: https://discourse.libsdl.org/t/sdl-image-2-0-3-released/23958 Also add a hash for the license file while we're at it. Signed-off-by: Peter Korsgaard Signed-off-by: Thomas Petazzoni

packages: use SPDX short identifier for zlib license

2017-04-01T13:35:02+00:00

We want to use SPDX identifier for license string as much as possible. SPDX short identifier for zlib license is Zlib. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/zlib( )?(license)?/Zlib/g' Signed-off-by: Rahul Bedarkar Signed-off-by: Thomas Petazzoni

sdl2_{gfx,image,ttf}: use lower-case package prompt in Config.in

2016-07-15T14:39:30+00:00

Signed-off-by: Thomas Petazzoni

sdl2_image: new package

2016-07-15T14:14:51+00:00

Signed-off-by: Peter Thompson [Thomas: - remove all sub-options to select the various image formats. Between no formats enabled and all formats enabled, the size difference of the library is ~30 KB, so it really isn't worth having all those sub-options: -rwxr-xr-x 1 thomas thomas 22444 juil. 15 15:51 libSDL2_image-2.0.so.0.0.1 -rwxr-xr-x 1 thomas thomas 59216 juil. 15 15:52 libSDL2_image-2.0.so.0.0.1 consequently, we simply enable unconditionally all image formats that don't have any dependency, and use "automatic" dependencies for the 4 formats that require an external library - remove the host package variant, as it isn't used anywhere. - remove --with-sdl2-prefix and --with-sdl2-exec-prefix, and instead add a dependency on host-pkgconf so that pkg-config is used - remove --disable-static, this is handled by the autotools-package infrastructure already - point _LICENSE_FILES to an existing file.] Signed-off-by: Thomas Petazzoni