]> rtime.felk.cvut.cz Git - coffee/buildroot.git/commit
projects / coffee / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8afd878) | patch
gd: security bump to version 2.2.5
authorPeter Korsgaard <peter@korsgaard.com>
Thu, 7 Sep 2017 14:45:51 +0000 (16:45 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 18 Sep 2017 07:43:36 +0000 (09:43 +0200)
commitc128009659da38733c1c4f0ae93818c8bef06cc5
treec046c9cc035335546975e2194a5070aedb6416f6tree | snapshot
parent8afd8781feee7a53eaa3969006615631f626a560commit | diff
gd: security bump to version 2.2.5

Fixes the following security issues:

CVE-2017-6362: Double-free in gdImagePngPtr()
CVE-2017-7890: Buffer over-read into uninitialized memory

Drop patches no more needed:

0001-gdlib-config.patch: @LIBICONV@ is nowadays correct AC_SUBST'ed by
configure

0002-gd_bmp-fix-build-with-uClibc.patch: upstream uses ceil() since
https://github.com/libgd/libgd/commit/6913dd3cd2a7c2914ad9622419f9343bfe956135

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3b85d24c1d927590ed3a336794562e9a512fc216)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/gd/0001-gdlib-config.patch [deleted file] blob | history
package/gd/0002-gd_bmp-fix-build-with-uClibc.patch [deleted file] blob | history
package/gd/gd.hash diff | blob | history
package/gd/gd.mk diff | blob | history