[Buildroot] [PATCH] faad2: security bump to version 2.8.1
Baruch Siach
baruch at tkos.co.il
Wed Aug 9 15:16:46 UTC 2017
Hi Arnout,
On Wed, Aug 09, 2017 at 02:42:36PM +0200, Arnout Vandecappelle wrote:
> On 09-08-17 07:02, Baruch Siach wrote:
> > Fixes: CVE-2017-9218, CVE-2017-9219, CVE-2017-9220, CVE-2017-9221,
> > CVE-2017-9222, CVE-2017-9223, CVE-2017-9253, CVE-2017-9254,
> > CVE-2017-9255, CVE-2017-9256, CVE-2017-9257
> >
> > http://seclists.org/fulldisclosure/2017/Jun/32
> [snip]
> > -FAAD2_VERSION = 2.7
> > -FAAD2_SITE = http://downloads.sourceforge.net/project/faac/faad2-src/faad2-$(FAAD2_VERSION)
> > +FAAD2_VERSION_MAJOR = 2.8
> > +FAAD2_VERSION = $(FAAD2_VERSION_MAJOR).1
>
> Hm, "security bumps" are typically only affecting the minor version number,
> this smells like a major bump... Or does faad have a slightly unconventional
> version numbering scheme?
It's only called _MAJOR here because I reuse that in the URL, in line with the
DRY principle.
Although version 2.8.0 (followed by 2.8.1 a week later) is the first release
since February 2009, it does not contain a lot of code changes. I guess that
the disclosed security issue were the main motivation of the release at this
point.
> > +FAAD2_SITE = http://downloads.sourceforge.net/project/faac/faad2-src/faad2-$(FAAD2_VERSION_MAJOR).0
> > +FAAD2_SOURCE = faad2-$(FAAD2_VERSION).tar.bz2
>
> Gah, what kind of stupid download URL is that :-)
Well, that's upstream.
> > FAAD2_LICENSE = GPL-2.0
> > FAAD2_LICENSE_FILES = COPYING
> > +# No configure script in upstream tarball
> > +FAAD2_AUTORECONF = YES
> > # frontend/faad calls frexp()
> > FAAD2_CONF_ENV = LIBS=-lm
> > FAAD2_INSTALL_STAGING = YES
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
More information about the buildroot
mailing list