buildroot

godotengine/buildroot

Fork 0

mirror of https://github.com/godotengine/buildroot.git synced 2026-01-04 06:10:16 +03:00

Commit Graph

Author	SHA1	Message	Date
Peter Korsgaard	143ba54758	libvncserver: security bump to version 0.9.11 Security related fixes: - Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 (CVE-2016-9941) - Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 (CVE-2016-9942) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2017-01-06 17:07:23 +01:00
Yann E. MORIN	2ced21f8f9	package: add hashes for SourceForge-hosted packages Since SourceForge sometimes serves us faulty tarballs, we can tons of autobuild failures: http://autobuild.buildroot.org/results/9fb/9fba5bf086a4e7a29e5f7156ec43847db7aacfc4/ http://autobuild.buildroot.org/results/6c8/6c837b244c45ac3b3a887734a371cd6d226cf216/ ... Fix that by adding hash files for all SourceForge-hosted packages (thos etht did not already have it). We normally prefer to use hashes published by upstream, but hunting them all one by one is a tedious task, so those hashes were all locally computed with a script that searched for SF-hosted packages, downloades the associated tarball, computed the hash, and stored it in the corresponding .hash file. Also, SF publishes sha1 hashes, while I used the stronger sha256, since sha1 is now considered to be relatively weak. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Peter Korsgaard <jacmet@uclibc.org> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Richard Braun <rbraun@sceen.net> Cc: Nathaniel Roach <nroach44@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2014-12-28 22:21:16 +01:00

Author

SHA1

Message

Date

Peter Korsgaard

143ba54758

libvncserver: security bump to version 0.9.11

Security related fixes:
- Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer
  before 0.9.11 (CVE-2016-9941)

- Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer
  before 0.9.11 (CVE-2016-9942)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2017-01-06 17:07:23 +01:00

Yann E. MORIN

2ced21f8f9

package: add hashes for SourceForge-hosted packages

Since SourceForge sometimes serves us faulty tarballs, we can tons of
autobuild failures:
    http://autobuild.buildroot.org/results/9fb/9fba5bf086a4e7a29e5f7156ec43847db7aacfc4/
    http://autobuild.buildroot.org/results/6c8/6c837b244c45ac3b3a887734a371cd6d226cf216/
    ...

Fix that by adding hash files for all SourceForge-hosted packages (thos
etht did not already have it).

We normally prefer to use hashes published by upstream, but hunting them
all one by one is a tedious task, so those hashes were all locally
computed with a script that searched for SF-hosted packages, downloades
the associated tarball, computed the hash, and stored it in the
corresponding .hash file.

Also, SF publishes sha1 hashes, while I used the stronger sha256, since
sha1 is now considered to be relatively weak.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Richard Braun <rbraun@sceen.net>
Cc: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

2014-12-28 22:21:16 +01:00

2 Commits