From b5e36f80a6629ef5701d4751d7fc6f7dd6a98476 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Mon, 17 Jan 2022 23:30:26 +0100 Subject: [PATCH] package/libjpeg: security bump to version 9e rdgif.c, cderror.h: add sanity check for GIF image dimensions. Thank to Casper Sun for cjpeg potential vulnerability report. - Update hash of README (changes not related to license) - Update indentation in hash file (two spaces) https://jpegclub.org/reference/reference-sources/ Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni --- package/libjpeg/libjpeg.hash | 4 ++-- package/libjpeg/libjpeg.mk | 8 ++------ 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/package/libjpeg/libjpeg.hash b/package/libjpeg/libjpeg.hash index 4f0a677d04..1a2e82caef 100644 --- a/package/libjpeg/libjpeg.hash +++ b/package/libjpeg/libjpeg.hash @@ -1,3 +1,3 @@ # locally computed hash -sha256 99cb50e48a4556bc571dadd27931955ff458aae32f68c4d9c39d624693f69c32 jpegsrc.v9d.tar.gz -sha256 3dc4e4a145c907a96bd6a0e40be3f722fecf061951909143cdff5365cba9c78c README +sha256 4077d6a6a75aeb01884f708919d25934c93305e49f7e3f36db9129320e6f4f3d jpegsrc.v9e.tar.gz +sha256 50c1c5978d490c7f13062d91c4b89affc83774f87bc4568a714f748b62a5b216 README diff --git a/package/libjpeg/libjpeg.mk b/package/libjpeg/libjpeg.mk index 6b55aba7e5..caf7f05f44 100644 --- a/package/libjpeg/libjpeg.mk +++ b/package/libjpeg/libjpeg.mk @@ -4,12 +4,8 @@ # ################################################################################ -LIBJPEG_VERSION = 9d -# 9d was released 2020-01-12, but the tarball was replaced upstream circa -# 2021-03, causing hash mismatch. Until there is a new version released, -# use our cached copy from s.b.o. -#LIBJPEG_SITE = http://www.ijg.org/files -LIBJPEG_SITE = http://sources.buildroot.org/libjpeg +LIBJPEG_VERSION = 9e +LIBJPEG_SITE = http://www.ijg.org/files LIBJPEG_SOURCE = jpegsrc.v$(LIBJPEG_VERSION).tar.gz LIBJPEG_LICENSE = IJG LIBJPEG_LICENSE_FILES = README