buildroot/package/imlib2/imlib2.hash, branch 2016.08

imlib2: security bump to version 1.4.9

2016-05-01T20:34:30+00:00

It already includes the fixes for CVE-2016-3994 and CVE-2011-5326 so drop the patches, and additionally fixes: CVE-2016-4024 - integer overflow in imlib2, which result in insufficient heap allocation. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

imlib2: security bump to version 1.4.8

2016-04-14T20:51:10+00:00

Fixes: CVE-2016-3994 - out of bound read in GIF loader CVE-2011-5326 - divide by zero on 2x1 ellipse Switch to sourceforge hashes. And drop all previous patches, they're upstream, yay. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

imlib2: bump to version 1.4.6

2015-03-07T16:41:52+00:00

Also add two upstream patch to fix a warning and a build failure of the version 1.4.6. Also add AUTORECONF because one patch change the file "src/lib/Makefile.am". Signed-off-by: Fabio Porcedda Signed-off-by: Thomas Petazzoni

package: add hashes for SourceForge-hosted packages

2014-12-28T21:21:16+00:00

Since SourceForge sometimes serves us faulty tarballs, we can tons of autobuild failures: http://autobuild.buildroot.org/results/9fb/9fba5bf086a4e7a29e5f7156ec43847db7aacfc4/ http://autobuild.buildroot.org/results/6c8/6c837b244c45ac3b3a887734a371cd6d226cf216/ ... Fix that by adding hash files for all SourceForge-hosted packages (thos etht did not already have it). We normally prefer to use hashes published by upstream, but hunting them all one by one is a tedious task, so those hashes were all locally computed with a script that searched for SF-hosted packages, downloades the associated tarball, computed the hash, and stored it in the corresponding .hash file. Also, SF publishes sha1 hashes, while I used the stronger sha256, since sha1 is now considered to be relatively weak. Signed-off-by: "Yann E. MORIN" Cc: Peter Korsgaard Cc: Thomas Petazzoni Cc: Maxime Hadjinlian Cc: Richard Braun Cc: Nathaniel Roach Signed-off-by: Thomas Petazzoni