| Message ID | 20220117223026.3567941-1-fontaine.fabrice@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/libjpeg: security bump to version 9e | expand |
On Mon, 17 Jan 2022 23:30:26 +0100 Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote: > rdgif.c, cderror.h: add sanity check for GIF image dimensions. > Thank to Casper Sun for cjpeg potential vulnerability report. > > - Update hash of README (changes not related to license) > - Update indentation in hash file (two spaces) > > https://jpegclub.org/reference/reference-sources/ > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > --- > package/libjpeg/libjpeg.hash | 4 ++-- > package/libjpeg/libjpeg.mk | 8 ++------ > 2 files changed, 4 insertions(+), 8 deletions(-) Applied to master, thanks. Thomas
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > rdgif.c, cderror.h: add sanity check for GIF image dimensions. > Thank to Casper Sun for cjpeg potential vulnerability report. > - Update hash of README (changes not related to license) > - Update indentation in hash file (two spaces) > https://jpegclub.org/reference/reference-sources/ > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2021.02.x and 2021.11.x, thanks.
diff --git a/package/libjpeg/libjpeg.hash b/package/libjpeg/libjpeg.hash index 4f0a677d04..1a2e82caef 100644 --- a/package/libjpeg/libjpeg.hash +++ b/package/libjpeg/libjpeg.hash @@ -1,3 +1,3 @@ # locally computed hash -sha256 99cb50e48a4556bc571dadd27931955ff458aae32f68c4d9c39d624693f69c32 jpegsrc.v9d.tar.gz -sha256 3dc4e4a145c907a96bd6a0e40be3f722fecf061951909143cdff5365cba9c78c README +sha256 4077d6a6a75aeb01884f708919d25934c93305e49f7e3f36db9129320e6f4f3d jpegsrc.v9e.tar.gz +sha256 50c1c5978d490c7f13062d91c4b89affc83774f87bc4568a714f748b62a5b216 README diff --git a/package/libjpeg/libjpeg.mk b/package/libjpeg/libjpeg.mk index 6b55aba7e5..caf7f05f44 100644 --- a/package/libjpeg/libjpeg.mk +++ b/package/libjpeg/libjpeg.mk @@ -4,12 +4,8 @@ # ################################################################################ -LIBJPEG_VERSION = 9d -# 9d was released 2020-01-12, but the tarball was replaced upstream circa -# 2021-03, causing hash mismatch. Until there is a new version released, -# use our cached copy from s.b.o. -#LIBJPEG_SITE = http://www.ijg.org/files -LIBJPEG_SITE = http://sources.buildroot.org/libjpeg +LIBJPEG_VERSION = 9e +LIBJPEG_SITE = http://www.ijg.org/files LIBJPEG_SOURCE = jpegsrc.v$(LIBJPEG_VERSION).tar.gz LIBJPEG_LICENSE = IJG LIBJPEG_LICENSE_FILES = README
rdgif.c, cderror.h: add sanity check for GIF image dimensions. Thank to Casper Sun for cjpeg potential vulnerability report. - Update hash of README (changes not related to license) - Update indentation in hash file (two spaces) https://jpegclub.org/reference/reference-sources/ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/libjpeg/libjpeg.hash | 4 ++-- package/libjpeg/libjpeg.mk | 8 ++------ 2 files changed, 4 insertions(+), 8 deletions(-)