]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commitdiff
libbsd: Security fix and update 0.8.2
authorArmin Kuster <akuster@mvista.com>
Wed, 10 Feb 2016 22:18:24 +0000 (14:18 -0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 11 Feb 2016 22:32:17 +0000 (22:32 +0000)
This update includes:
CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd

libbsd 0.8.1 and earlier contains a buffer overflow in the function
fgetwln(). An if checks if it is necessary to reallocate memory in the
target buffer. However this check is off by one, therefore an out of
bounds write happens.

Upstream has released version 0.8.2 to fix this.

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-support/libbsd/libbsd_0.8.2.bb [moved from meta/recipes-support/libbsd/libbsd_0.8.1.bb with 91% similarity]

similarity index 91%
rename from meta/recipes-support/libbsd/libbsd_0.8.1.bb
rename to meta/recipes-support/libbsd/libbsd_0.8.2.bb
index 45420d55e6323162937e0fd99ba123d23cbc4d7c..3335386d8fda79a2fc8661f8ea7db9602b8a9fd8 100644 (file)
@@ -37,7 +37,7 @@ SRC_URI = " \
     http://libbsd.freedesktop.org/releases/${BPN}-${PV}.tar.xz \
 "
 
-SRC_URI[md5sum] = "f3daff0283af6e30f25d68be2deac4ef"
-SRC_URI[sha256sum] = "adbc8781ad720bce939b689f38a9f0247732a36792147a7c28027c393c2af9b0"
+SRC_URI[md5sum] = "cdee252ccff978b50ad2336278c506c9"
+SRC_URI[sha256sum] = "b2f644cae94a6e2fe109449c20ad79a0f6ee4faec2205b07eefa0020565e250a"
 
 inherit autotools pkgconfig