harfbuzz: security bump to version 1.4.4

Message ID	20170306145449.4627-1-gustavo@zacarias.com.ar
State	Accepted
Headers	show Return-Path: <buildroot-bounces@busybox.net> DMARC-Filter: OpenDMARC Filter v1.3.1 www.zacarias.com.ar v26Esoxe003728 From: Gustavo Zacarias <gustavo@zacarias.com.ar> To: buildroot@busybox.net Date: Mon, 6 Mar 2017 11:54:49 -0300 Message-Id: <20170306145449.4627-1-gustavo@zacarias.com.ar> Subject: [Buildroot] [PATCH] harfbuzz: security bump to version 1.4.4 Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" <buildroot-bounces@busybox.net>

Message ID

20170306145449.4627-1-gustavo@zacarias.com.ar

State

Accepted

Headers

DMARC-Filter: OpenDMARC Filter v1.3.1 www.zacarias.com.ar v26Esoxe003728
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
To: buildroot@busybox.net
Date: Mon,  6 Mar 2017 11:54:49 -0300
Message-Id: <20170306145449.4627-1-gustavo@zacarias.com.ar>
Subject: [Buildroot] [PATCH] harfbuzz: security bump to version 1.4.4
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Commit Message

Gustavo Zacarias March 6, 2017, 2:54 p.m. UTC

Fixes a buffer-overrun in Bengali.
Switch to https URL to avoid a small delay in protocol redirection.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/harfbuzz/harfbuzz.hash | 4 ++--
 package/harfbuzz/harfbuzz.mk   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

Comments

Thomas Petazzoni March 6, 2017, 4:46 p.m. UTC | #1

Hello,

On Mon,  6 Mar 2017 11:54:49 -0300, Gustavo Zacarias wrote:
> Fixes a buffer-overrun in Bengali.
> Switch to https URL to avoid a small delay in protocol redirection.
> 
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
>  package/harfbuzz/harfbuzz.hash | 4 ++--
>  package/harfbuzz/harfbuzz.mk   | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)

Applied to master, thanks. Peter: we want this one for LTS I guess.

Thomas

Peter Korsgaard March 7, 2017, 3:09 p.m. UTC | #2

>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@free-electrons.com> writes:

 > Hello,
 > On Mon,  6 Mar 2017 11:54:49 -0300, Gustavo Zacarias wrote:
 >> Fixes a buffer-overrun in Bengali.
 >> Switch to https URL to avoid a small delay in protocol redirection.
 >> 
 >> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
 >> ---
 >> package/harfbuzz/harfbuzz.hash | 4 ++--
 >> package/harfbuzz/harfbuzz.mk   | 4 ++--
 >> 2 files changed, 4 insertions(+), 4 deletions(-)

 > Applied to master, thanks. Peter: we want this one for LTS I guess.

Committed to 2017.02.x, thanks.

diff --git a/package/harfbuzz/harfbuzz.hash b/package/harfbuzz/harfbuzz.hash
index 6bf5bee..b7da64b 100644
--- a/package/harfbuzz/harfbuzz.hash
+++ b/package/harfbuzz/harfbuzz.hash
@@ -1,2 +1,2 @@ 
-# From http://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.2.tar.bz2.sha256
-sha256	8f234dcfab000fdec24d43674fffa2fdbdbd654eb176afbde30e8826339cb7b3	harfbuzz-1.4.2.tar.bz2
+# From https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-1.4.4.tar.bz2.sha256
+sha256	35d2f8ca476cbbec64ee824eca6b0209ff8db0334990b9f5af893b94f119d255	harfbuzz-1.4.4.tar.bz2
diff --git a/package/harfbuzz/harfbuzz.mk b/package/harfbuzz/harfbuzz.mk
index 458b072..6464480 100644
--- a/package/harfbuzz/harfbuzz.mk
+++ b/package/harfbuzz/harfbuzz.mk
@@ -4,8 +4,8 @@ 
 #
 ################################################################################
 
-HARFBUZZ_VERSION = 1.4.2
-HARFBUZZ_SITE = http://www.freedesktop.org/software/harfbuzz/release
+HARFBUZZ_VERSION = 1.4.4
+HARFBUZZ_SITE = https://www.freedesktop.org/software/harfbuzz/release
 HARFBUZZ_SOURCE = harfbuzz-$(HARFBUZZ_VERSION).tar.bz2
 HARFBUZZ_LICENSE = MIT, ISC (ucdn library)
 HARFBUZZ_LICENSE_FILES = COPYING src/hb-ucdn/COPYING

harfbuzz: security bump to version 1.4.4

Commit Message

Comments

Patch