Commit Graph

4 Commits

Author SHA1 Message Date
Gustavo Zacarias
69a30b2817 imlib2: security bump to version 1.4.9
It already includes the fixes for CVE-2016-3994 and CVE-2011-5326 so
drop the patches, and additionally fixes:
CVE-2016-4024 - integer overflow in imlib2, which result in insufficient
heap allocation.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-05-01 22:34:30 +02:00
Gustavo Zacarias
779676f62d imlib2: security bump to version 1.4.8
Fixes:
CVE-2016-3994 - out of bound read in GIF loader
CVE-2011-5326 - divide by zero on 2x1 ellipse

Switch to sourceforge hashes.
And drop all previous patches, they're upstream, yay.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-04-14 22:51:10 +02:00
Fabio Porcedda
d8be6f7bbc imlib2: bump to version 1.4.6
Also add two upstream patch to fix a warning and a build failure of the
version 1.4.6.

Also add AUTORECONF because one patch change the file
"src/lib/Makefile.am".

Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-07 17:41:52 +01:00
Yann E. MORIN
2ced21f8f9 package: add hashes for SourceForge-hosted packages
Since SourceForge sometimes serves us faulty tarballs, we can tons of
autobuild failures:
    http://autobuild.buildroot.org/results/9fb/9fba5bf086a4e7a29e5f7156ec43847db7aacfc4/
    http://autobuild.buildroot.org/results/6c8/6c837b244c45ac3b3a887734a371cd6d226cf216/
    ...

Fix that by adding hash files for all SourceForge-hosted packages (thos
etht did not already have it).

We normally prefer to use hashes published by upstream, but hunting them
all one by one is a tedious task, so those hashes were all locally
computed with a script that searched for SF-hosted packages, downloades
the associated tarball, computed the hash, and stored it in the
corresponding .hash file.

Also, SF publishes sha1 hashes, while I used the stronger sha256, since
sha1 is now considered to be relatively weak.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Richard Braun <rbraun@sceen.net>
Cc: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-28 22:21:16 +01:00