Commit Graph

5 Commits

Author SHA1 Message Date
Gustavo Zacarias
7e014c1349 graphite2: bump to version 1.3.8
And upstream switches tarball name yet again, so adjust SOURCE.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-04-08 23:26:19 +02:00
Gustavo Zacarias
f6d3790bc6 graphite2: bump to version 1.3.6
Also change SOURCE since the tarball got renamed with the bump.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-03 09:49:33 +01:00
Gustavo Zacarias
f3fac0dcfd graphite2: switch homepage
Point to the official/proper one.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-02-16 21:50:42 +01:00
Gustavo Zacarias
36bdaa2e5d graphite2: security bump to version 1.3.5
Fixes:
CVE-2016-1521 - An exploitable out-of-bounds read vulnerability exists
in the opcode handling functionality of Libgraphite. A specially crafted
font can cause an out-of-bounds read resulting in arbitrary code
execution. An attacker can provide a malicious font to trigger this
vulnerability.
CVE-2016-1522 - An exploitable NULL pointer dereference exists in the
bidirectional font handling functionality of Libgraphite. A specially
crafted font can cause a NULL pointer dereference resulting in a crash.
An attacker can provide a malicious font to trigger this vulnerability.
CVE-2016-1523 - An exploitable heap-based buffer overflow exists in the
context item handling functionality of Libgraphite. A specially crafted
font can cause a buffer overflow resulting in potential code execution.
An attacker can provide a malicious font to trigger this vulnerability.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-02-15 22:30:24 +01:00
Gustavo Zacarias
80a5956dc0 graphite2: new package
[Thomas:
 - tweak description of the patch
 - turn the doc/test removal hook as a post patch hook rather than a
   pre-configure hook.]

Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-09-27 23:13:52 +02:00