* [Buildroot] [git commit branch/2021.08.x] package/atftp: security bump to version 0.7.5
@ 2021-10-06 15:27 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2021-10-06 15:27 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=8179cf620387068c4ecae7556de1740357646b50
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.08.x
- Fix CVE-2021-41054: tftpd_file.c in atftp through 0.7.4 has a buffer
overflow because buffer-size handling does not properly consider the
combination of data, OACK, and other options.
- Update hash of license file (license replaced with current version of
the GPL text:
https://sourceforge.net/p/atftp/code/ci/bf22ccaef34f5dcdbd48de8b0bea3ef97b9d3545)
https://sourceforge.net/p/atftp/code/ci/v0.7.5/tree/Changelog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f39ae602acb834fffe6cd1d7062f898e55056fb0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/atftp/atftp.hash | 4 ++--
package/atftp/atftp.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/atftp/atftp.hash b/package/atftp/atftp.hash
index 158e9e3b33..6b0d9a5879 100644
--- a/package/atftp/atftp.hash
+++ b/package/atftp/atftp.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 d3c9cd0d971dfc786d7a5f4055c35d4e66aafc8102ac03473ef225bdf7edb26a atftp-0.7.4.tar.gz
-sha256 32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670 LICENSE
+sha256 93c87a4fb18218414e008e01c995dadd231ba4c752d0f894b34416d1e6d3038a atftp-0.7.5.tar.gz
+sha256 86dc744860e6dfacfeba2f33fea908db03fe67c7e37a878285b7aae8e4596735 LICENSE
diff --git a/package/atftp/atftp.mk b/package/atftp/atftp.mk
index 3db966c169..70ef4c0fae 100644
--- a/package/atftp/atftp.mk
+++ b/package/atftp/atftp.mk
@@ -4,7 +4,7 @@
#
################################################################################
-ATFTP_VERSION = 0.7.4
+ATFTP_VERSION = 0.7.5
ATFTP_SITE = http://sourceforge.net/projects/atftp/files
ATFTP_LICENSE = GPL-2.0+
ATFTP_LICENSE_FILES = LICENSE
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-10-06 15:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-06 15:27 [Buildroot] [git commit branch/2021.08.x] package/atftp: security bump to version 0.7.5 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.