Commit Graph

3 Commits

Author SHA1 Message Date
Gustavo Zacarias
c27ecf4930 expat: security bump to version 2.2.0
Fixes:

CVE-2016-4472 - Improve insufficient fix to CVE-2015-1283 /
CVE-2015-2716 introduced with Expat 2.1.1

CVE-2016-5300 - Use more entropy for hash initialization than the
original fix to CVE-2012-0876

CVE-2012-6702 - Resolve troublesome internal call to srand that was
introduced with Expat 2.1.0 when addressing CVE-2012-0876

Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-23 21:11:14 +02:00
Gustavo Zacarias
63b9681d64 expat: bump to version 2.1.1
Drop 0001-fix-CVE-2015-1283.patch since it's upstream.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-14 08:48:43 +01:00
Yann E. MORIN
2ced21f8f9 package: add hashes for SourceForge-hosted packages
Since SourceForge sometimes serves us faulty tarballs, we can tons of
autobuild failures:
    http://autobuild.buildroot.org/results/9fb/9fba5bf086a4e7a29e5f7156ec43847db7aacfc4/
    http://autobuild.buildroot.org/results/6c8/6c837b244c45ac3b3a887734a371cd6d226cf216/
    ...

Fix that by adding hash files for all SourceForge-hosted packages (thos
etht did not already have it).

We normally prefer to use hashes published by upstream, but hunting them
all one by one is a tedious task, so those hashes were all locally
computed with a script that searched for SF-hosted packages, downloades
the associated tarball, computed the hash, and stored it in the
corresponding .hash file.

Also, SF publishes sha1 hashes, while I used the stronger sha256, since
sha1 is now considered to be relatively weak.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Richard Braun <rbraun@sceen.net>
Cc: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-28 22:21:16 +01:00