[PATCH 1/2] libvpx: avoid CVE-2015-1258

[PATCH 1/2] libvpx: avoid CVE-2015-1258

[Andreas Müller]

[1] https://security-tracker.debian.org/tracker/CVE-2015-1258
[2] http://pkgs.fedoraproject.org/cgit/libvpx.git/commit/?id=4257ff5f4ac22a3fe7b34f441e6425b2a8b690ae

Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
---
 meta-oe/recipes-multimedia/webm/libvpx_1.4.0.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-oe/recipes-multimedia/webm/libvpx_1.4.0.bb b/meta-oe/recipes-multimedia/webm/libvpx_1.4.0.bb
index 4d9d2fd..5d049bb 100644
--- a/meta-oe/recipes-multimedia/webm/libvpx_1.4.0.bb
+++ b/meta-oe/recipes-multimedia/webm/libvpx_1.4.0.bb
@@ -37,6 +37,7 @@ CONFIGUREOPTS = " \
     --enable-shared \
     --prefix=${prefix} \
     --libdir=${libdir} \
+    --size-limit=16384x16384 \
 "
 
 do_configure() {
-- 
2.1.0

[PATCH 2/2] libsdl2-image: Initial add 2.0.0

[Andreas Müller]

Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
---
 .../libsdl-image/libsdl2-image_2.0.0.bb            | 31 ++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 meta-oe/recipes-multimedia/libsdl-image/libsdl2-image_2.0.0.bb

diff --git a/meta-oe/recipes-multimedia/libsdl-image/libsdl2-image_2.0.0.bb b/meta-oe/recipes-multimedia/libsdl-image/libsdl2-image_2.0.0.bb
new file mode 100644
index 0000000..a6885da
--- /dev/null
+++ b/meta-oe/recipes-multimedia/libsdl-image/libsdl2-image_2.0.0.bb
@@ -0,0 +1,31 @@
+SUMMARY = "Simple DirectMedia Layer image library v2"
+SECTION = "libs"
+
+LICENSE = "Zlib"
+LIC_FILES_CHKSUM = "file://COPYING.txt;md5=8f66a2e45aa301ea73b5ab275aeb0702"
+
+DEPENDS = "tiff zlib libpng jpeg virtual/libsdl2 libwebp"
+
+SRC_URI = "http://www.libsdl.org/projects/SDL_image/release/SDL2_image-${PV}.tar.gz"
+SRC_URI[md5sum] = "fb399c8386fb3248f1b33cfe81bdf92b"
+SRC_URI[sha256sum] = "b29815c73b17633baca9f07113e8ac476ae66412dec0d29a5045825c27a47234"
+
+S = "${WORKDIR}/SDL2_image-${PV}"
+
+inherit autotools pkgconfig
+
+# Disable the run-time loading of the libs and bring back the soname dependencies.
+EXTRA_OECONF += "--disable-jpg-shared --disable-png-shared -disable-tif-shared"
+
+do_configure_prepend() {
+    # make autoreconf happy
+    touch ${S}/NEWS ${S}/README ${S}/AUTHORS ${S}/ChangeLog
+    # Removing these files fixes a libtool version mismatch.
+    rm -f ${S}/acinclude/libtool.m4
+    rm -f ${S}/acinclude/sdl2.m4
+    rm -f ${S}/acinclude/pkg.m4
+    rm -f ${S}/acinclude/lt~obsolete.m4
+    rm -f ${S}/acinclude/ltoptions.m4
+    rm -f ${S}/acinclude/ltsugar.m4
+    rm -f ${S}/acinclude/ltversion.m4
+}
-- 
2.1.0

Re: [PATCH 1/2] libvpx: avoid CVE-2015-1258

[akuster808]

same version in fido and dizzy.

will add to queue.

- armin

On 10/21/2015 12:40 PM, Andreas Müller wrote:
> [1] https://security-tracker.debian.org/tracker/CVE-2015-1258
> [2] http://pkgs.fedoraproject.org/cgit/libvpx.git/commit/?id=4257ff5f4ac22a3fe7b34f441e6425b2a8b690ae
> 
> Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
> ---
>  meta-oe/recipes-multimedia/webm/libvpx_1.4.0.bb | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/meta-oe/recipes-multimedia/webm/libvpx_1.4.0.bb b/meta-oe/recipes-multimedia/webm/libvpx_1.4.0.bb
> index 4d9d2fd..5d049bb 100644
> --- a/meta-oe/recipes-multimedia/webm/libvpx_1.4.0.bb
> +++ b/meta-oe/recipes-multimedia/webm/libvpx_1.4.0.bb
> @@ -37,6 +37,7 @@ CONFIGUREOPTS = " \
>      --enable-shared \
>      --prefix=${prefix} \
>      --libdir=${libdir} \
> +    --size-limit=16384x16384 \
>  "
>  
>  do_configure() {
>