Fixes CVE-2020-15999, https://www.freetype.org/index.html#news
"This is an emergency release, fixing a severe vulnerability in embedded
PNG bitmap handling [...].
All users should update immediately."
Removed md5 hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream does not provide bz2 tarball anymore, switch to xz.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to [1]:
- fixes CVE-2018-6942: A NULL pointer dereference in the Ins_GETVARIATION()
function within ttinterp.c could lead to DoS via a crafted font file
- needs '--enable-freetype-config' for freetype-config installation
[1] https://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?id=86bc8a95056c97a810986434a3f268cbe67f2902
[Peter: also pass --enable-freetype-config for host variant]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog:
https://sourceforge.net/projects/freetype/files/freetype2/2.9/
Upstream changed its project URL to https in docs/FTL.TXT. We do the
same in Config.in and update the license hash for docs/FTL.TXT.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following check-package warning:
./package/freetype/freetype.hash:10: empty line at end of file
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In addition, add hashes for all three license files.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Switch to savannah download site since sourceforge is acting funny.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Bump to version 2.6.1.
- Update hash file.
- Remove includes hooks since they are no longed needed.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
