godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-05 14:09:53 +03:00
Code Issues Packages Projects Releases Wiki Activity
34,925 Commits 28 Branches 277 Tags
2017.02.x
Commit Graph

4 Commits

Author SHA1 Message Date
Olivier Schonken
4a944b6a2d openjpeg: security bump to version 2.2.0 
Fixes the following security issues:

CVE-2016-10504: Heap-based buffer overflow vulnerability in the
opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote
attackers to cause a denial of service (application crash) via a crafted bmp
file.

CVE-2016-10505: NULL pointer dereference vulnerabilities in the imagetopnm
function in convert.c, sycc444_to_rgb function in color.c,
color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in
color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of
service (application crash) via crafted j2k files.

CVE-2016-10506: Division-by-zero vulnerabilities in the functions
opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG
before 2.2.0 allow remote attackers to cause a denial of service
(application crash) via crafted j2k files.

CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function
in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a
denial of service (heap-based buffer over-read and application crash) via a
crafted bmp file.

[Peter: extend commit message with security fixes info]
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 37b2fe73cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-09-07 15:10:40 +02:00
Baruch Siach
eac8c9ee24 openjpeg: security bump to version 2.1.2 
See CHANGELOG.md for the full list of fixes, including security issues.

See CVE number lists at [1] and [2].

[1] http://advisories.mageia.org/MGASA-2016-0362.html
[2] https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-11-14 22:33:56 +01:00
Angelo Compagnucci
1d5bc00df2 package/openjpeg: bump to version 2.1 
This patch:
* bumps openjpeg to version 2.1
* changes download location to github
* converts the package to use cmake

Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-06-10 00:36:33 +02:00
Olivier Schonken
a779097412 package/openjpeg: New package openjpeg 1.5.2 
This package is needed by Poppler.

[Thomas:
 - fix download location, which was incorrect.
 - add dependency on host-pkgconf, since the configure.ac script uses
   PKG_CHECK_MODULES and we're doing an autoreconf.
 - add optional dependencies on libpng, tiff and lcms2, so that they
   are explicit instead of automatically detected.]

Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-04-04 11:10:22 +02:00