| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Fixes a number of integer overflows and DoS issues.
[Peter: explain security impact]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop upstream patch.
Add an upstream patch fixing build without python.
Add two more patches (one of them upstream) fixing cross compile of the
python client library.
Enable devinput and uinput unconditionally to suppress non cross compile
compatible host checks.
Set DEVINPUT_HEADER to target header of input events to avoid use of
host header.
Add python3 as optional dependency.
Cc: Rhys Williams <github@wilberforce.co.nz>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed patch applied upstream, switched to cmake-package following
upstream removal of autoconf.
Short summary of changes:
version 1.0.1
- switched from autoconf to cmake
version 1.0.0:
- fixed CVE-2014-8242
- project moved to github
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
| |
Update to bugfix release 1.1.1, see
https://github.com/merge/xf86-input-tslib/releases
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
| |
As the SixXS project has ceased its operation on 2017-06-06,
the aiccu utility has been removed.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
| |
Drop unused configure environment.
Add license hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
| |
This reverts commit 7c0ecd4d7526dedce85a49172b031f45cde19a4b, as it is
in fact a duplicate of commit
bb95fef1e0bec4ebc0584001f337438b17c4744d.
Reported-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
| |
HASHLIB is only needed for Python 2.
While at this sort dependencies alphabetically.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
| |
Add optional dependency on libcap, which exists since this version
bump.
Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>
[Thomas: add explicit --with-libcap.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2017-11610 - The XML-RPC server in supervisor before 3.0.1, 3.1.x
before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote
authenticated users to execute arbitrary commands via a crafted XML-RPC
request, related to nested supervisord namespace lookups.
For more details, see
https://github.com/Supervisor/supervisor/issues/964
While we're at it, add hashes for the license files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We unfortunately cannot use the upstream patches directly as they are not in
'patch -p1' format, so convert them and include instead.
Fixes:
CVE-2017-0899 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications that include terminal escape
characters. Printing the gem specification would execute terminal escape
sequences.
CVE-2017-0900 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications to cause a denial of service attack
against RubyGems clients who have issued a `query` command.
CVE-2017-0901 - RubyGems version 2.6.12 and earlier fails to validate
specification names, allowing a maliciously crafted gem to potentially
overwrite any file on the filesystem.
CVE-2017-0902 - RubyGems version 2.6.12 and earlier is vulnerable to a DNS
hijacking vulnerability that allows a MITM attacker to force the RubyGems
client to download and install gems from a server that the attacker
controls.
For more details, see
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
https://sourceforge.net/p/enlightenment/mailman/message/36026490
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
https://www.enlightenment.org/news/efl-1.20.3
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes:
http://autobuild.buildroot.net/results/0f1/0f12919f59dc92a8d91e23d3b0c1120bc06720db
http://autobuild.buildroot.net/results/62e/62e96be61601347e92f9c115209af4962fe82492
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bind autoconf scripts look for lmdb.h in /usr/include (even when
cross-compiling). When liblmdb-dev is installed, this causes the
following error:
...
checking for lmdb library... yes
checking for library containing mdb_env_create... no
configure: error: found lmdb include but not library.
Fix this by disabling explicitly lmdb support.
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
| |
Drop upstream patch.
Add license hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
Added all hashes provided by upstream.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
Added sha512 hash provided by upstream.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
| |
strace moved to a new homepage as upstream commit 2bba131575878 (Update
homepage URL) indicates.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The local program_invocation_name declaration conflicts with the uClibc
one. Add a patch making this declaration depend on
!HAVE_PROGRAM_INVOCATION_NAME.
Fixes:
http://autobuild.buildroot.net/results/5f0/5f0852f3ffb46f8fb2b4c9318652c5ab3ab5e97d/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[Thomas: update patch status.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues (descriptions not public yet):
Fix buffer overflow vulnerabilities:
CVE-2017-11543 (SLIP)
CVE-2017-13011 (bittok2str_internal)
Fix infinite loop vulnerabilities:
CVE-2017-12989 (RESP)
CVE-2017-12990 (ISAKMP)
CVE-2017-12995 (DNS)
CVE-2017-12997 (LLDP)
Fix buffer over-read vulnerabilities:
CVE-2017-11541 (safeputs)
CVE-2017-11542 (PIMv1)
CVE-2017-12893 (SMB/CIFS)
CVE-2017-12894 (lookup_bytestring)
CVE-2017-12895 (ICMP)
CVE-2017-12896 (ISAKMP)
CVE-2017-12897 (ISO CLNS)
CVE-2017-12898 (NFS)
CVE-2017-12899 (DECnet)
CVE-2017-12900 (tok2strbuf)
CVE-2017-12901 (EIGRP)
CVE-2017-12902 (Zephyr)
CVE-2017-12985 (IPv6)
CVE-2017-12986 (IPv6 routing headers)
CVE-2017-12987 (IEEE 802.11)
CVE-2017-12988 (telnet)
CVE-2017-12991 (BGP)
CVE-2017-12992 (RIPng)
CVE-2017-12993 (Juniper)
CVE-2017-11542 (PIMv1)
CVE-2017-11541 (safeputs)
CVE-2017-12994 (BGP)
CVE-2017-12996 (PIMv2)
CVE-2017-12998 (ISO IS-IS)
CVE-2017-12999 (ISO IS-IS)
CVE-2017-13000 (IEEE 802.15.4)
CVE-2017-13001 (NFS)
CVE-2017-13002 (AODV)
CVE-2017-13003 (LMP)
CVE-2017-13004 (Juniper)
CVE-2017-13005 (NFS)
CVE-2017-13006 (L2TP)
CVE-2017-13007 (Apple PKTAP)
CVE-2017-13008 (IEEE 802.11)
CVE-2017-13009 (IPv6 mobility)
CVE-2017-13010 (BEEP)
CVE-2017-13012 (ICMP)
CVE-2017-13013 (ARP)
CVE-2017-13014 (White Board)
CVE-2017-13015 (EAP)
CVE-2017-11543 (SLIP)
CVE-2017-13016 (ISO ES-IS)
CVE-2017-13017 (DHCPv6)
CVE-2017-13018 (PGM)
CVE-2017-13019 (PGM)
CVE-2017-13020 (VTP)
CVE-2017-13021 (ICMPv6)
CVE-2017-13022 (IP)
CVE-2017-13023 (IPv6 mobility)
CVE-2017-13024 (IPv6 mobility)
CVE-2017-13025 (IPv6 mobility)
CVE-2017-13026 (ISO IS-IS)
CVE-2017-13027 (LLDP)
CVE-2017-13028 (BOOTP)
CVE-2017-13029 (PPP)
CVE-2017-13030 (PIM)
CVE-2017-13031 (IPv6 fragmentation header)
CVE-2017-13032 (RADIUS)
CVE-2017-13033 (VTP)
CVE-2017-13034 (PGM)
CVE-2017-13035 (ISO IS-IS)
CVE-2017-13036 (OSPFv3)
CVE-2017-13037 (IP)
CVE-2017-13038 (PPP)
CVE-2017-13039 (ISAKMP)
CVE-2017-13040 (MPTCP)
CVE-2017-13041 (ICMPv6)
CVE-2017-13042 (HNCP)
CVE-2017-13043 (BGP)
CVE-2017-13044 (HNCP)
CVE-2017-13045 (VQP)
CVE-2017-13046 (BGP)
CVE-2017-13047 (ISO ES-IS)
CVE-2017-13048 (RSVP)
CVE-2017-13049 (Rx)
CVE-2017-13050 (RPKI-Router)
CVE-2017-13051 (RSVP)
CVE-2017-13052 (CFM)
CVE-2017-13053 (BGP)
CVE-2017-13054 (LLDP)
CVE-2017-13055 (ISO IS-IS)
CVE-2017-13687 (Cisco HDLC)
CVE-2017-13688 (OLSR)
CVE-2017-13689 (IKEv1)
CVE-2017-13690 (IKEv2)
CVE-2017-13725 (IPv6 routing headers)
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
Disable tests compilation and documentation generation.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-8687: Stack-based buffer overflow in the safe_fprintf function
in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a
denial of service via a crafted non-printable multibyte character in a
filename.
CVE-2016-8688: The mtree bidder in libarchive 3.2.1 does not keep track
of line sizes when extending the read-ahead, which allows remote
attackers to cause a denial of service (crash) via a crafted file, which
triggers an invalid read in the (1) detect_form or (2) bid_entry
function in libarchive/archive_read_support_format_mtree.c.
CVE-2016-8689: The read_Header function in
archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote
attackers to cause a denial of service (out-of-bounds read) via multiple
EmptyStream attributes in a header in a 7zip archive.
CVE-2016-10209: The archive_wstring_append_from_mbs function in
archive_string.c in libarchive 3.2.2 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via a
crafted archive file.
CVE-2016-10349: The archive_le32dec function in archive_endian.h in
libarchive 3.2.2 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted file.
CVE-2016-10350: The archive_read_format_cab_read_header function in
archive_read_support_format_cab.c in libarchive 3.2.2 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted file.
CVE-2017-5601: An error in the lha_read_file_header_1() function
(archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote
attackers to trigger an out-of-bounds read memory access and
subsequently cause a crash via a specially crafted archive.
Add upstream patch fixing the following issue:
CVE-2017-14166: libarchive 3.3.2 allows remote attackers to cause a
denial of service (xml_data heap-based buffer over-read and application
crash) via a crafted xar archive, related to the mishandling of empty
strings in the atol8 function in archive_read_support_format_xar.c.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix build error when building using toolchain without threads support:
src/common/tv_filters/AtariNTSC.hxx:172:16: error: 'thread' is not a member of 'std'
unique_ptr<std::thread[]> myThreads;
^~~
Since version 5.0.2, Stella needs a toolchain with threads support.
Fixes:
http://autobuild.buildroot.net/results/bd30388ee24294158d0a373764408c8c846853d4
http://autobuild.buildroot.net/results/ad1571cecfc697650b436c147b5f3a1b4326091d
http://autobuild.buildroot.net/results/10b73362358f3af45534a0cd096672dd1460a7d0
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Sven Haardiek <sven.haardiek@greenbone.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
| |
Change setup type to setuptools.
Add a patch removing the pytest-runner dependency. The patch was sent
upstream.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Qt package currently fails to build on ARMv8 cores in 32-bit mode
(for example, if you select ARM and then Cortex-A53), because the ARM
atomic operation implementation in Qt checks if we're on ARMv7, then
on ARMv6, and otherwise falls back to an ARMv5 implementation. The
latter uses the swp instruction, which doesn't exist on ARMv8, causing
a build failure.
To solve this, we simply add a patch that uses the ARMv7 atomic
operations for ARMv8-A.
There is no autobuilder reference because we don't have any ARMv8
32-bit configuration in the autobuilders.
Cc: <ivychend@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
CVE-2017-12858: Double free vulnerability in the _zip_dirent_read function
in zip_dirent.c in libzip allows attackers to have unspecified impact via
unknown vectors.
CVE-2017-14107: The _zip_read_eocd64 function in zip_open.c in libzip before
1.3.0 mishandles EOCD records, which allows remote attackers to cause a
denial of service (memory allocation failure in _zip_cdir_grow in
zip_dirent.c) via a crafted ZIP archive.
For more details, see
https://blogs.gentoo.org/ago/2017/09/01/libzip-use-after-free-in-_zip_buffer_free-zip_buffer-c/
https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/
libzip-1.3.0 also adds optional bzip2 support, so handle that.
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
| |
http://openpowerlink.sourceforge.net/web/openPOWERLINK/Download/openPOWERLINK%202.6.html
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
CVE-2017-12938 - UnRAR before 5.5.7 allows remote attackers to bypass a
directory-traversal protection mechanism via vectors involving a symlink to
the . directory, a symlink to the .. directory, and a regular file.
CVE-2017-12940 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the EncodeFileName::Decode call within the Archive::ReadHeader15
function.
CVE-2017-12941 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the Unpack::Unpack20 function.
CVE-2017-12942 - libunrar.a in UnRAR before 5.5.7 has a buffer overflow in
the Unpack::LongLZ function.
For more details, see
http://www.openwall.com/lists/oss-security/2017/08/14/3
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2017-11185: The gmp plugin in strongSwan before 5.6.0 allows
remote attackers to cause a denial of service (NULL pointer dereference and
daemon crash) via a crafted RSA signature.
For more details, see
https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html
While we're at it, add hashes for the license files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding
For more details, see
https://bugzilla.gnome.org/show_bug.cgi?id=785774
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
CVE-2017-6362: Double-free in gdImagePngPtr()
CVE-2017-7890: Buffer over-read into uninitialized memory
Drop patches no more needed:
0001-gdlib-config.patch: @LIBICONV@ is nowadays correct AC_SUBST'ed by
configure
0002-gd_bmp-fix-build-with-uClibc.patch: upstream uses ceil() since
https://github.com/libgd/libgd/commit/6913dd3cd2a7c2914ad9622419f9343bfe956135
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
