All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/atftp: security bump to version 0.7.5
@ 2021-09-27 21:18 Fabrice Fontaine
  2021-10-05 19:37 ` Arnout Vandecappelle
  2021-10-06 15:28 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2021-09-27 21:18 UTC (permalink / raw)
  To: buildroot; +Cc: Giulio Benetti, Fabrice Fontaine, Ryan Barnett

- Fix CVE-2021-41054: tftpd_file.c in atftp through 0.7.4 has a buffer
  overflow because buffer-size handling does not properly consider the
  combination of data, OACK, and other options.
- Update hash of license file (license replaced with current version:
  https://sourceforge.net/p/atftp/code/ci/bf22ccaef34f5dcdbd48de8b0bea3ef97b9d3545)

https://sourceforge.net/p/atftp/code/ci/v0.7.5/tree/Changelog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/atftp/atftp.hash | 4 ++--
 package/atftp/atftp.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/atftp/atftp.hash b/package/atftp/atftp.hash
index 158e9e3b33..6b0d9a5879 100644
--- a/package/atftp/atftp.hash
+++ b/package/atftp/atftp.hash
@@ -1,3 +1,3 @@
 # Locally computed
-sha256  d3c9cd0d971dfc786d7a5f4055c35d4e66aafc8102ac03473ef225bdf7edb26a  atftp-0.7.4.tar.gz
-sha256  32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670  LICENSE
+sha256  93c87a4fb18218414e008e01c995dadd231ba4c752d0f894b34416d1e6d3038a  atftp-0.7.5.tar.gz
+sha256  86dc744860e6dfacfeba2f33fea908db03fe67c7e37a878285b7aae8e4596735  LICENSE
diff --git a/package/atftp/atftp.mk b/package/atftp/atftp.mk
index 3db966c169..70ef4c0fae 100644
--- a/package/atftp/atftp.mk
+++ b/package/atftp/atftp.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ATFTP_VERSION = 0.7.4
+ATFTP_VERSION = 0.7.5
 ATFTP_SITE = http://sourceforge.net/projects/atftp/files
 ATFTP_LICENSE = GPL-2.0+
 ATFTP_LICENSE_FILES = LICENSE
-- 
2.33.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/atftp: security bump to version 0.7.5
  2021-09-27 21:18 [Buildroot] [PATCH 1/1] package/atftp: security bump to version 0.7.5 Fabrice Fontaine
@ 2021-10-05 19:37 ` Arnout Vandecappelle
  2021-10-06 15:28 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Arnout Vandecappelle @ 2021-10-05 19:37 UTC (permalink / raw)
  To: Fabrice Fontaine, buildroot; +Cc: Giulio Benetti, Ryan Barnett



On 27/09/2021 23:18, Fabrice Fontaine wrote:
> - Fix CVE-2021-41054: tftpd_file.c in atftp through 0.7.4 has a buffer
>    overflow because buffer-size handling does not properly consider the
>    combination of data, OACK, and other options.
> - Update hash of license file (license replaced with current version:

  I didn't grok this sentence so after investigation I replaced it with "license 
replaced with current version of the GPL text".

  Applied to master, thanks.

  Regards,
  Arnout



>    https://sourceforge.net/p/atftp/code/ci/bf22ccaef34f5dcdbd48de8b0bea3ef97b9d3545)
> 
> https://sourceforge.net/p/atftp/code/ci/v0.7.5/tree/Changelog
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>   package/atftp/atftp.hash | 4 ++--
>   package/atftp/atftp.mk   | 2 +-
>   2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/atftp/atftp.hash b/package/atftp/atftp.hash
> index 158e9e3b33..6b0d9a5879 100644
> --- a/package/atftp/atftp.hash
> +++ b/package/atftp/atftp.hash
> @@ -1,3 +1,3 @@
>   # Locally computed
> -sha256  d3c9cd0d971dfc786d7a5f4055c35d4e66aafc8102ac03473ef225bdf7edb26a  atftp-0.7.4.tar.gz
> -sha256  32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670  LICENSE
> +sha256  93c87a4fb18218414e008e01c995dadd231ba4c752d0f894b34416d1e6d3038a  atftp-0.7.5.tar.gz
> +sha256  86dc744860e6dfacfeba2f33fea908db03fe67c7e37a878285b7aae8e4596735  LICENSE
> diff --git a/package/atftp/atftp.mk b/package/atftp/atftp.mk
> index 3db966c169..70ef4c0fae 100644
> --- a/package/atftp/atftp.mk
> +++ b/package/atftp/atftp.mk
> @@ -4,7 +4,7 @@
>   #
>   ################################################################################
>   
> -ATFTP_VERSION = 0.7.4
> +ATFTP_VERSION = 0.7.5
>   ATFTP_SITE = http://sourceforge.net/projects/atftp/files
>   ATFTP_LICENSE = GPL-2.0+
>   ATFTP_LICENSE_FILES = LICENSE
> 
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/atftp: security bump to version 0.7.5
  2021-09-27 21:18 [Buildroot] [PATCH 1/1] package/atftp: security bump to version 0.7.5 Fabrice Fontaine
  2021-10-05 19:37 ` Arnout Vandecappelle
@ 2021-10-06 15:28 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-10-06 15:28 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Giulio Benetti, Ryan Barnett, buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Fix CVE-2021-41054: tftpd_file.c in atftp through 0.7.4 has a buffer
 >   overflow because buffer-size handling does not properly consider the
 >   combination of data, OACK, and other options.
 > - Update hash of license file (license replaced with current version:
 >   https://sourceforge.net/p/atftp/code/ci/bf22ccaef34f5dcdbd48de8b0bea3ef97b9d3545)

 > https://sourceforge.net/p/atftp/code/ci/v0.7.5/tree/Changelog

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-10-06 15:28 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-27 21:18 [Buildroot] [PATCH 1/1] package/atftp: security bump to version 0.7.5 Fabrice Fontaine
2021-10-05 19:37 ` Arnout Vandecappelle
2021-10-06 15:28 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.