* [Buildroot] [PATCH] package/linuxptp: security bump version to 3.1.1
@ 2021-07-06 9:15 Heiko Thiery
2021-07-16 21:30 ` Thomas Petazzoni
0 siblings, 1 reply; 3+ messages in thread
From: Heiko Thiery @ 2021-07-06 9:15 UTC (permalink / raw)
To: buildroot
This fixes the following CVEs:
- CVE-2021-3570 linuxptp: missing length check of forwarded messages
- CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock
See mailing list post for details: https://sourceforge.net/p/linuxptp/mailman/message/37315519/
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
---
package/linuxptp/linuxptp.hash | 8 ++++----
package/linuxptp/linuxptp.mk | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/linuxptp/linuxptp.hash b/package/linuxptp/linuxptp.hash
index 4f8a1f89fc..a5479b0ebc 100644
--- a/package/linuxptp/linuxptp.hash
+++ b/package/linuxptp/linuxptp.hash
@@ -1,9 +1,9 @@
-# From https://sourceforge.net/projects/linuxptp/files/v3.0/
-sha1 9a3869dbd322252c9a6bc0dbdfe8941586810a7f linuxptp-3.1.tgz
-md5 2264cb69c9af947028835c12c89a7572 linuxptp-3.1.tgz
+# From https://sourceforge.net/projects/linuxptp/files/v3.1.1/
+sha1 f905eabc6fd0f03c6a353f9c4ba188a3bd1b774c linuxptp-3.1.1.tgz
+md5 3b79ab5e77c5b5cf06bc1c8350d405bb linuxptp-3.1.1.tgz
# Locally computed:
-sha256 f58f5b11cf14dc7c4f7c9efdfb27190e43d02cf20c3525f6639edac10528ce7d linuxptp-3.1.tgz
+sha256 94d6855f9b7f2d8e9b0ca6d384e3fae6226ce6fc012dbad02608bdef3be1c0d9 linuxptp-3.1.1.tgz
# Hash for license file:
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/package/linuxptp/linuxptp.mk b/package/linuxptp/linuxptp.mk
index f91be921af..da23631d20 100644
--- a/package/linuxptp/linuxptp.mk
+++ b/package/linuxptp/linuxptp.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LINUXPTP_VERSION = 3.1
+LINUXPTP_VERSION = 3.1.1
LINUXPTP_SOURCE = linuxptp-$(LINUXPTP_VERSION).tgz
LINUXPTP_SITE = http://downloads.sourceforge.net/linuxptp
LINUXPTP_LICENSE = GPL-2.0+
--
2.30.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] package/linuxptp: security bump version to 3.1.1
2021-07-06 9:15 [Buildroot] [PATCH] package/linuxptp: security bump version to 3.1.1 Heiko Thiery
@ 2021-07-16 21:30 ` Thomas Petazzoni
2021-08-03 14:25 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Thomas Petazzoni @ 2021-07-16 21:30 UTC (permalink / raw)
To: buildroot
On Tue, 6 Jul 2021 11:15:01 +0200
Heiko Thiery <heiko.thiery@gmail.com> wrote:
> This fixes the following CVEs:
> - CVE-2021-3570 linuxptp: missing length check of forwarded messages
> - CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock
>
> See mailing list post for details: https://sourceforge.net/p/linuxptp/mailman/message/37315519/
>
> Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
> ---
> package/linuxptp/linuxptp.hash | 8 ++++----
> package/linuxptp/linuxptp.mk | 2 +-
> 2 files changed, 5 insertions(+), 5 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/linuxptp: security bump version to 3.1.1
2021-07-16 21:30 ` Thomas Petazzoni
@ 2021-08-03 14:25 ` Peter Korsgaard
0 siblings, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-08-03 14:25 UTC (permalink / raw)
To: Thomas Petazzoni; +Cc: Heiko Thiery, buildroot, Petr Kulhavy
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:
> On Tue, 6 Jul 2021 11:15:01 +0200
> Heiko Thiery <heiko.thiery@gmail.com> wrote:
>> This fixes the following CVEs:
>> - CVE-2021-3570 linuxptp: missing length check of forwarded messages
>> - CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock
>>
>> See mailing list post for details:
>> https://sourceforge.net/p/linuxptp/mailman/message/37315519/
>>
>> Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
>> ---
>> package/linuxptp/linuxptp.hash | 8 ++++----
>> package/linuxptp/linuxptp.mk | 2 +-
>> 2 files changed, 5 insertions(+), 5 deletions(-)
Committed to 2021.02.x and 2021.05.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-08-03 14:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-06 9:15 [Buildroot] [PATCH] package/linuxptp: security bump version to 3.1.1 Heiko Thiery
2021-07-16 21:30 ` Thomas Petazzoni
2021-08-03 14:25 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.