* [Buildroot] [git commit] package/freetype: security bump version to 2.10.4
@ 2020-11-07 12:22 Thomas Petazzoni
0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni @ 2020-11-07 12:22 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=1ffe654c6d4e5428520378feb0f04dc1f8c951a0
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes CVE-2020-15999, https://www.freetype.org/index.html#news
"This is an emergency release, fixing a severe vulnerability in embedded
PNG bitmap handling [...].
All users should update immediately."
Removed md5 hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
package/freetype/freetype.hash | 7 +++----
package/freetype/freetype.mk | 2 +-
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/package/freetype/freetype.hash b/package/freetype/freetype.hash
index 7fc00f1c97..36571b51af 100644
--- a/package/freetype/freetype.hash
+++ b/package/freetype/freetype.hash
@@ -1,9 +1,8 @@
-# From https://sourceforge.net/projects/freetype/files/freetype2/2.10.2/
-md5 7c0d5a39f232d7eb9f9d7da76bf08074 freetype-2.10.2.tar.xz
-sha1 b074d5c34dc0e3cc150be6e7aa6b07c9ec4ed875 freetype-2.10.2.tar.xz
+# From https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/
+sha1 0181862673f7216ad2b5074f95fc131209e30b27 freetype-2.10.4.tar.xz
# Locally calculated
-sha256 1543d61025d2e6312e0a1c563652555f17378a204a61e99928c9fcef030a2d8b freetype-2.10.2.tar.xz
+sha256 86a854d8905b19698bbc8f23b860bc104246ce4854dcea8e3b0fb21284f75784 freetype-2.10.4.tar.xz
sha256 fd056de4196903a676208ef58cfddafc7d583d1f28fa2e44c309cf84a59e62fb docs/LICENSE.TXT
sha256 08c135755dd589039470f1fdbb400daaabaaa50d0b366d19cebff4d22986baa1 docs/FTL.TXT
sha256 c4120c6752c910c299e3bd9cb3a46ff262c268303ca2069b61f92f10a5656c18 docs/GPLv2.TXT
diff --git a/package/freetype/freetype.mk b/package/freetype/freetype.mk
index f4d71bedf7..e543aee0b2 100644
--- a/package/freetype/freetype.mk
+++ b/package/freetype/freetype.mk
@@ -4,7 +4,7 @@
#
################################################################################
-FREETYPE_VERSION = 2.10.2
+FREETYPE_VERSION = 2.10.4
FREETYPE_SOURCE = freetype-$(FREETYPE_VERSION).tar.xz
FREETYPE_SITE = http://download.savannah.gnu.org/releases/freetype
FREETYPE_INSTALL_STAGING = YES
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-11-07 12:22 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-07 12:22 [Buildroot] [git commit] package/freetype: security bump version to 2.10.4 Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.