All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [git commit branch/2016.11.x] quagga: security bump to version 1.1.1
Date: Thu, 16 Feb 2017 09:08:05 +0100	[thread overview]
Message-ID: <20170216090645.96BF1818D2@busybox.osuosl.org> (raw)

commit: https://git.buildroot.net/buildroot/commit/?id=4b4b74b0562383a2eab4da8df284ae20055ca4f1
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2016.11.x

Fixes CVE-2017-5495: Telnet interface input buffer allocates unbounded amounts
of memory, leading to DoS.

Add optional dependency on protobuf-c.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ae73226476e5ca449cf0b312aa03a18dfe31d3a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/quagga/quagga.hash |  2 +-
 package/quagga/quagga.mk   | 12 +++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/package/quagga/quagga.hash b/package/quagga/quagga.hash
index 23a0a82..6da37cf 100644
--- a/package/quagga/quagga.hash
+++ b/package/quagga/quagga.hash
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	d284af5dd875dbba90ab875d40db5d68fdc9ede17a76f2af525f85344be56767	quagga-1.0.20160315.tar.xz
+sha256	b5a94e5bdad3062e04595a5692b8cc435f0a85102f75dfdca0a06d093b4ef63f	quagga-1.1.1.tar.gz
diff --git a/package/quagga/quagga.mk b/package/quagga/quagga.mk
index ad2aff4..c17ceaa 100644
--- a/package/quagga/quagga.mk
+++ b/package/quagga/quagga.mk
@@ -4,10 +4,9 @@
 #
 ################################################################################
 
-QUAGGA_VERSION = 1.0.20160315
-QUAGGA_SOURCE = quagga-$(QUAGGA_VERSION).tar.xz
+QUAGGA_VERSION = 1.1.1
 QUAGGA_SITE = http://download.savannah.gnu.org/releases/quagga
-QUAGGA_DEPENDENCIES = host-gawk
+QUAGGA_DEPENDENCIES = host-gawk host-pkgconf
 QUAGGA_LICENSE = GPLv2+
 QUAGGA_LICENSE_FILES = COPYING
 
@@ -29,6 +28,13 @@ else
 QUAGGA_CONF_OPTS += --disable-capabilities
 endif
 
+ifeq ($(BR2_PACKAGE_PROTOBUF_C),y)
+QUAGGA_CONF_OPTS += --enable-protobuf
+QUAGGA_DEPENDENCIES += protobuf-c
+else
+QUAGGA_CONF_OPTS += --disable-protobuf
+endif
+
 QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_ZEBRA),--enable-zebra,--disable-zebra)
 QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_BGPD),--enable-bgpd,--disable-bgpd)
 QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_RIPD),--enable-ripd,--disable-ripd)

                 reply	other threads:[~2017-02-16  8:08 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170216090645.96BF1818D2@busybox.osuosl.org \
    --to=peter@korsgaard.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.