package/libraw: security bump to version 0.20.0
- Fix CVE-2020-15503: LibRaw before 0.20-RC1 lacks a thumbnail size
range check. This affects decoders/unpack_thumb.cpp,
postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example,
malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without
validating T.tlength.
- zlib is an optional dependency since
https://github.com/LibRaw/LibRaw/commit/
b63f017b063edb5e7091e3952ee20cb4d002edbe
Also update indentation in hash file (two spaces) as well as README.md
hash, no license changes:
- https://github.com/LibRaw/LibRaw/commit/
d1975cb0e055d2bfe58c9d845c9a3e57c346a2f9
- https://github.com/LibRaw/LibRaw/commit/
d38361b76e1a405a25b11165a1ee5495fc899246
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
projects / buildroot.git / commit