* [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0
@ 2019-09-11 11:40 Peter Korsgaard
2019-09-11 11:40 ` [Buildroot] [PATCH 2/2] {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series Peter Korsgaard
2019-09-11 12:20 ` [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0 Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Peter Korsgaard @ 2019-09-11 11:40 UTC (permalink / raw)
To: buildroot
Fixes the following security vulnerabilities:
CVE-2019-5481: FTP-KRB double-free
https://curl.haxx.se/docs/CVE-2019-5481.html
CVE-2019-5482: TFTP small blocksize heap buffer overflow
https://curl.haxx.se/docs/CVE-2019-5482.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/libcurl/libcurl.hash | 4 ++--
package/libcurl/libcurl.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index 580a2e640a..8f2d0c058c 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-# https://curl.haxx.se/download/curl-7.65.3.tar.xz.asc
+# https://curl.haxx.se/download/curl-7.66.0.tar.xz.asc
# with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256 f2d98854813948d157f6a91236ae34ca4a1b4cb302617cebad263d79b0235fea curl-7.65.3.tar.xz
+sha256 dbb48088193016d079b97c5c3efde8efa56ada2ebf336e8a97d04eb8e2ed98c1 curl-7.66.0.tar.xz
sha256 8c8824f50e73a021f5dde1fccbf69685939247399a33a32abab1fa448c9ddabb COPYING
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index bab7c8e1be..8384210d48 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 7.65.3
+LIBCURL_VERSION = 7.66.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/2] {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series
2019-09-11 11:40 [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0 Peter Korsgaard
@ 2019-09-11 11:40 ` Peter Korsgaard
2019-09-15 7:15 ` Peter Korsgaard
2019-09-11 12:20 ` [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0 Peter Korsgaard
1 sibling, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2019-09-11 11:40 UTC (permalink / raw)
To: buildroot
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
linux/Config.in | 2 +-
linux/linux.hash | 10 +++++-----
| 10 +++++-----
3 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/linux/Config.in b/linux/Config.in
index 2bd2d859d5..b268ee8c99 100644
--- a/linux/Config.in
+++ b/linux/Config.in
@@ -122,7 +122,7 @@ endif
config BR2_LINUX_KERNEL_VERSION
string
- default "5.2.11" if BR2_LINUX_KERNEL_LATEST_VERSION
+ default "5.2.14" if BR2_LINUX_KERNEL_LATEST_VERSION
default "v4.19.65-cip8" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
if BR2_LINUX_KERNEL_CUSTOM_VERSION
diff --git a/linux/linux.hash b/linux/linux.hash
index 133a55377e..41dfd52296 100644
--- a/linux/linux.hash
+++ b/linux/linux.hash
@@ -1,8 +1,8 @@
# From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256 0c2a831f993dc8a8a8e1ca4186b467de72ff173c6f5855e2aab70f6f7fb033f9 linux-5.2.11.tar.xz
+sha256 c64d36477fee6a864a734ec417407768e60040a13f144c33208fa9622fd0ce8c linux-5.2.14.tar.xz
sha256 56495f82314f0dfb84a3fe7fad78e17be69c4fd36ef46f2452458b2fa1e341f6 linux-5.1.21.tar.xz
# From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
-sha256 c091760b520a4e4a4c7034a8329cc2689a0ea3f81a377b694ed196d623e2d987 linux-4.19.69.tar.xz
-sha256 0bb9f0812326ec4554de1bea02628840e03b6664b5abfd9d8510049e43203a17 linux-4.14.141.tar.xz
-sha256 fe8a1ca080a462de6832762ba8b71410b828f0e52c1e11d3c46d83e9ac1e0a16 linux-4.9.190.tar.xz
-sha256 fec8c8549a3775b922cecad74a6409b33520a669d451dc51ad47d69c2543c2e5 linux-4.4.190.tar.xz
+sha256 f9fcb6b3bd29115ac55fc154e300c3dce2044502732f6842ad6c25e6f9f51f6d linux-4.19.72.tar.xz
+sha256 2534f2f03cb937700a03dd85dcf1cb6e6f46fdd29d489580cc3183d6c0643d93 linux-4.14.143.tar.xz
+sha256 7a1a300cce70a4fd0d49b7fff7b1673159b61c4040c5a7c08ea333a7cb328d54 linux-4.9.192.tar.xz
+sha256 2fba918dd21e421b4e0fd57dac052ba65f9947320892d960f093419561988a3b linux-4.4.192.tar.xz
--git a/package/linux-headers/Config.in.host b/package/linux-headers/Config.in.host
index 00df32f740..ec951eef5d 100644
--- a/package/linux-headers/Config.in.host
+++ b/package/linux-headers/Config.in.host
@@ -305,12 +305,12 @@ endchoice
config BR2_DEFAULT_KERNEL_HEADERS
string
- default "4.4.190" if BR2_KERNEL_HEADERS_4_4
- default "4.9.190" if BR2_KERNEL_HEADERS_4_9
- default "4.14.141" if BR2_KERNEL_HEADERS_4_14
- default "4.19.69" if BR2_KERNEL_HEADERS_4_19
+ default "4.4.192" if BR2_KERNEL_HEADERS_4_4
+ default "4.9.192" if BR2_KERNEL_HEADERS_4_9
+ default "4.14.143" if BR2_KERNEL_HEADERS_4_14
+ default "4.19.72" if BR2_KERNEL_HEADERS_4_19
default "5.1.21" if BR2_KERNEL_HEADERS_5_1
- default "5.2.11" if BR2_KERNEL_HEADERS_5_2
+ default "5.2.14" if BR2_KERNEL_HEADERS_5_2
default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
default "custom" if BR2_KERNEL_HEADERS_CUSTOM_TARBALL
default BR2_KERNEL_HEADERS_CUSTOM_REPO_VERSION \
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0
2019-09-11 11:40 [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0 Peter Korsgaard
2019-09-11 11:40 ` [Buildroot] [PATCH 2/2] {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series Peter Korsgaard
@ 2019-09-11 12:20 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2019-09-11 12:20 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security vulnerabilities:
> CVE-2019-5481: FTP-KRB double-free
> https://curl.haxx.se/docs/CVE-2019-5481.html
> CVE-2019-5482: TFTP small blocksize heap buffer overflow
> https://curl.haxx.se/docs/CVE-2019-5482.html
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ehh, this should naturally not have been part of the same series as the
kernel bump, please ignore.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/2] {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series
2019-09-11 11:40 ` [Buildroot] [PATCH 2/2] {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series Peter Korsgaard
@ 2019-09-15 7:15 ` Peter Korsgaard
0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2019-09-15 7:15 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-09-15 7:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-11 11:40 [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0 Peter Korsgaard
2019-09-11 11:40 ` [Buildroot] [PATCH 2/2] {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series Peter Korsgaard
2019-09-15 7:15 ` Peter Korsgaard
2019-09-11 12:20 ` [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.