package/gd: security bump to version 2.3.3
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Mon, 13 Sep 2021 20:44:24 +0000 (22:44 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 14 Sep 2021 06:11:42 +0000 (08:11 +0200)
commita052ecb5b8bb11a9e882b5a4df6a475877a9b75e
treec36d3dfb49f4bd79534917dd4f551dacc270d6b4
parent0e5a901d3141a3d7e477f0fb79e8f6a748f06449
package/gd: security bump to version 2.3.3

- Fix CVE-2021-40145: ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD
  Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE:
  the vendor's position is "The GD2 image format is a proprietary image
  format of libgd. It has to be regarded as being obsolete, and should
  only be used for development and testing purposes."
- Drop patch (already in version)
- Update hash of COPYING (duplicate merged and title added with
  https://github.com/libgd/libgd/commit/82d260950589563a1af9c56f4ce5fde843a695ae
  https://github.com/libgd/libgd/commit/6013c7bcf6eb795dba584f92d3824ebd3ae60202)

https://github.com/libgd/libgd/releases/tag/gd-2.3.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch [deleted file]
package/gd/gd.hash
package/gd/gd.mk