From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Subject: [Buildroot] [git commit branch/2021.05.x] package/atftp: security bump to version 0.7.5
Date: Wed, 6 Oct 2021 17:27:52 +0200 [thread overview]
Message-ID: <20211006152839.F184A923D2@busybox.osuosl.org> (raw)
commit: https://git.buildroot.net/buildroot/commit/?id=c68ddb4f0a9c025648db5e386ebddae0a729d225
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.05.x
- Fix CVE-2021-41054: tftpd_file.c in atftp through 0.7.4 has a buffer
overflow because buffer-size handling does not properly consider the
combination of data, OACK, and other options.
- Update hash of license file (license replaced with current version of
the GPL text:
https://sourceforge.net/p/atftp/code/ci/bf22ccaef34f5dcdbd48de8b0bea3ef97b9d3545)
https://sourceforge.net/p/atftp/code/ci/v0.7.5/tree/Changelog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f39ae602acb834fffe6cd1d7062f898e55056fb0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/atftp/atftp.hash | 4 ++--
package/atftp/atftp.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/atftp/atftp.hash b/package/atftp/atftp.hash
index 158e9e3b33..6b0d9a5879 100644
--- a/package/atftp/atftp.hash
+++ b/package/atftp/atftp.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 d3c9cd0d971dfc786d7a5f4055c35d4e66aafc8102ac03473ef225bdf7edb26a atftp-0.7.4.tar.gz
-sha256 32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670 LICENSE
+sha256 93c87a4fb18218414e008e01c995dadd231ba4c752d0f894b34416d1e6d3038a atftp-0.7.5.tar.gz
+sha256 86dc744860e6dfacfeba2f33fea908db03fe67c7e37a878285b7aae8e4596735 LICENSE
diff --git a/package/atftp/atftp.mk b/package/atftp/atftp.mk
index a2df4af056..96eaeda6cf 100644
--- a/package/atftp/atftp.mk
+++ b/package/atftp/atftp.mk
@@ -4,7 +4,7 @@
#
################################################################################
-ATFTP_VERSION = 0.7.4
+ATFTP_VERSION = 0.7.5
ATFTP_SITE = http://sourceforge.net/projects/atftp/files
ATFTP_LICENSE = GPL-2.0+
ATFTP_LICENSE_FILES = LICENSE
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
reply other threads:[~2021-10-06 15:32 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211006152839.F184A923D2@busybox.osuosl.org \
--to=peter@korsgaard.com \
--cc=buildroot@buildroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.