package/upx: security bump to version 3.96

- Switch site to github to get latest release - Fix CVE-2019-20805: p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment. - Fix CERT-FI Case 829767 UPX command line tools segfaults. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 0f57837f6a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-06-06 21:20:33 +02:00 · 2020-06-06 21:20:33 +02:00 · 4794e9ff85
commit 4794e9ff85
parent a20806812e
2 changed files with 4 additions and 4 deletions
--- a/package/upx/upx.hash
+++ b/package/upx/upx.hash
@ -1,3 +1,3 @@
 # Locally computed:
-sha256  527ce757429841f51675352b1f9f6fc8ad97b18002080d7bf8672c466d8c6a3c  upx-3.91-src.tar.bz2
+sha256  47774df5c958f2868ef550fb258b97c73272cb1f44fe776b798e393465993714  upx-3.96-src.tar.xz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
--- a/package/upx/upx.mk
+++ b/package/upx/upx.mk
@ -4,9 +4,9 @@
 #
 ################################################################################

-UPX_VERSION = 3.91
-UPX_SITE = http://upx.sourceforge.net/download
-UPX_SOURCE = upx-$(UPX_VERSION)-src.tar.bz2
+UPX_VERSION = 3.96
+UPX_SITE = https://github.com/upx/upx/releases/download/v$(UPX_VERSION)
+UPX_SOURCE = upx-$(UPX_VERSION)-src.tar.xz
 UPX_LICENSE = GPL-2.0+
 UPX_LICENSE_FILES = COPYING