All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] package/linuxptp: security bump version to 3.1.1
@ 2021-07-06  9:15 Heiko Thiery
  2021-07-16 21:30 ` Thomas Petazzoni
  0 siblings, 1 reply; 3+ messages in thread
From: Heiko Thiery @ 2021-07-06  9:15 UTC (permalink / raw)
  To: buildroot

This fixes the following CVEs:
 - CVE-2021-3570 linuxptp: missing length check of forwarded messages
 - CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock

See mailing list post for details: https://sourceforge.net/p/linuxptp/mailman/message/37315519/

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
---
 package/linuxptp/linuxptp.hash | 8 ++++----
 package/linuxptp/linuxptp.mk   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/linuxptp/linuxptp.hash b/package/linuxptp/linuxptp.hash
index 4f8a1f89fc..a5479b0ebc 100644
--- a/package/linuxptp/linuxptp.hash
+++ b/package/linuxptp/linuxptp.hash
@@ -1,9 +1,9 @@
-# From https://sourceforge.net/projects/linuxptp/files/v3.0/
-sha1  9a3869dbd322252c9a6bc0dbdfe8941586810a7f  linuxptp-3.1.tgz
-md5  2264cb69c9af947028835c12c89a7572  linuxptp-3.1.tgz
+# From https://sourceforge.net/projects/linuxptp/files/v3.1.1/
+sha1  f905eabc6fd0f03c6a353f9c4ba188a3bd1b774c  linuxptp-3.1.1.tgz
+md5  3b79ab5e77c5b5cf06bc1c8350d405bb  linuxptp-3.1.1.tgz
 
 # Locally computed:
-sha256  f58f5b11cf14dc7c4f7c9efdfb27190e43d02cf20c3525f6639edac10528ce7d  linuxptp-3.1.tgz
+sha256  94d6855f9b7f2d8e9b0ca6d384e3fae6226ce6fc012dbad02608bdef3be1c0d9  linuxptp-3.1.1.tgz
 
 # Hash for license file:
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/linuxptp/linuxptp.mk b/package/linuxptp/linuxptp.mk
index f91be921af..da23631d20 100644
--- a/package/linuxptp/linuxptp.mk
+++ b/package/linuxptp/linuxptp.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LINUXPTP_VERSION = 3.1
+LINUXPTP_VERSION = 3.1.1
 LINUXPTP_SOURCE = linuxptp-$(LINUXPTP_VERSION).tgz
 LINUXPTP_SITE = http://downloads.sourceforge.net/linuxptp
 LINUXPTP_LICENSE = GPL-2.0+
-- 
2.30.0

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] package/linuxptp: security bump version to 3.1.1
  2021-07-06  9:15 [Buildroot] [PATCH] package/linuxptp: security bump version to 3.1.1 Heiko Thiery
@ 2021-07-16 21:30 ` Thomas Petazzoni
  2021-08-03 14:25   ` Peter Korsgaard
  0 siblings, 1 reply; 3+ messages in thread
From: Thomas Petazzoni @ 2021-07-16 21:30 UTC (permalink / raw)
  To: buildroot

On Tue,  6 Jul 2021 11:15:01 +0200
Heiko Thiery <heiko.thiery@gmail.com> wrote:

> This fixes the following CVEs:
>  - CVE-2021-3570 linuxptp: missing length check of forwarded messages
>  - CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock
> 
> See mailing list post for details: https://sourceforge.net/p/linuxptp/mailman/message/37315519/
> 
> Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
> ---
>  package/linuxptp/linuxptp.hash | 8 ++++----
>  package/linuxptp/linuxptp.mk   | 2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/linuxptp: security bump version to 3.1.1
  2021-07-16 21:30 ` Thomas Petazzoni
@ 2021-08-03 14:25   ` Peter Korsgaard
  0 siblings, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-08-03 14:25 UTC (permalink / raw)
  To: Thomas Petazzoni; +Cc: Heiko Thiery, buildroot, Petr Kulhavy

>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:

 > On Tue,  6 Jul 2021 11:15:01 +0200
 > Heiko Thiery <heiko.thiery@gmail.com> wrote:

 >> This fixes the following CVEs:
 >> - CVE-2021-3570 linuxptp: missing length check of forwarded messages
 >> - CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock
 >> 
 >> See mailing list post for details:
 >> https://sourceforge.net/p/linuxptp/mailman/message/37315519/
 >> 
 >> Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
 >> ---
 >> package/linuxptp/linuxptp.hash | 8 ++++----
 >> package/linuxptp/linuxptp.mk   | 2 +-
 >> 2 files changed, 5 insertions(+), 5 deletions(-)

Committed to 2021.02.x and 2021.05.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-08-03 14:25 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-06  9:15 [Buildroot] [PATCH] package/linuxptp: security bump version to 3.1.1 Heiko Thiery
2021-07-16 21:30 ` Thomas Petazzoni
2021-08-03 14:25   ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.