From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] package/jbig2dec: security bump to version 0.18
Date: Fri, 1 May 2020 14:37:02 +0200 [thread overview]
Message-ID: <20200501123702.GV11346@scaer> (raw)
In-Reply-To: <20200501120507.2197851-1-fontaine.fabrice@gmail.com>
Fabrice, All,
On 2020-05-01 14:05 +0200, Fabrice Fontaine spake thusly:
> - Fix CVE-2020-12268: jbig2_image_compose in jbig2_image.c in Artifex
> jbig2dec before 0.18 has a heap-based buffer overflow.
> - Add JBIG2DEC_AUTORECONF=YES otherwise build will fail because
> install-sh has been removed from the tarball
> - Update indentation of hash file (two spaces)
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/jbig2dec/jbig2dec.hash | 6 +++---
> package/jbig2dec/jbig2dec.mk | 6 ++++--
> 2 files changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/package/jbig2dec/jbig2dec.hash b/package/jbig2dec/jbig2dec.hash
> index eb2b674443..86584b19a6 100644
> --- a/package/jbig2dec/jbig2dec.hash
> +++ b/package/jbig2dec/jbig2dec.hash
> @@ -1,7 +1,7 @@
> -# https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/MD5SUMS
> +# https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/MD5SUMS
> # and SHA512SUMS are missing the hashes for this file.
> # Locally computed:
> -sha256 a4f6bf15d217e7816aa61b92971597c801e81f0a63f9fe1daee60fb88e0f0602 jbig2dec-0.16.tar.gz
> +sha256 9e19775237350e299c422b7b91b0c045e90ffa4ba66abf28c8fb5eb005772f5e jbig2dec-0.18.tar.gz
>
> # Hash for license files:
> -sha256 1bf5258afe453934484fd0cea97508b72301633a6a78b0ae8a9ee44ac78f26d9 LICENSE
> +sha256 1bf5258afe453934484fd0cea97508b72301633a6a78b0ae8a9ee44ac78f26d9 LICENSE
> diff --git a/package/jbig2dec/jbig2dec.mk b/package/jbig2dec/jbig2dec.mk
> index 5ac5b87a72..08ef89bfcb 100644
> --- a/package/jbig2dec/jbig2dec.mk
> +++ b/package/jbig2dec/jbig2dec.mk
> @@ -4,10 +4,12 @@
> #
> ################################################################################
>
> -JBIG2DEC_VERSION = 0.16
> -JBIG2DEC_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927
> +JBIG2DEC_VERSION = 0.18
> +JBIG2DEC_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952
> JBIG2DEC_LICENSE = AGPL-3.0+
> JBIG2DEC_LICENSE_FILES = LICENSE
> JBIG2DEC_INSTALL_STAGING = YES
> +# tarball is missing install-sh, install.sh, or shtool
> +JBIG2DEC_AUTORECONF = YES
>
> $(eval $(autotools-package))
> --
> 2.26.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
prev parent reply other threads:[~2020-05-01 12:37 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-01 12:05 [Buildroot] [PATCH 1/1] package/jbig2dec: security bump to version 0.18 Fabrice Fontaine
2020-05-01 12:37 ` Yann E. MORIN [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200501123702.GV11346@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.