[Buildroot] [PATCH] libidn: security bump to version 1.33
Gustavo Zacarias
gustavo at zacarias.com.ar
Fri Jul 22 23:38:34 UTC 2016
Fixes:
CVE-2015-8948 - out-of-bounds read in CLI tool.
CVE-2016-6261 - out-of-bounds stack read in idna_to_ascii_4i.
CVE-2016-6262 - followup fix to CVE-2015-8948.
CVE-2016-6263 - stringprep_utf8_nfkc_normalize reject invalid UTF-8.
Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
---
package/libidn/libidn.hash | 6 ++++--
package/libidn/libidn.mk | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/package/libidn/libidn.hash b/package/libidn/libidn.hash
index 20c844e..4658a3e 100644
--- a/package/libidn/libidn.hash
+++ b/package/libidn/libidn.hash
@@ -1,2 +1,4 @@
-# From http://lists.nongnu.org/archive/html/help-libidn/2015-08/msg00001.html
-sha1 ddd018611b98af7c67d434aa42d15d39f45129f5 libidn-1.32.tar.gz
+# From http://lists.nongnu.org/archive/html/help-libidn/2016-07/msg00009.html
+sha1 57872fdc665dcc585e16f4ac0bb35374b1103f7e libidn-1.33.tar.gz
+# Calculated based on the hash above
+sha256 44a7aab635bb721ceef6beecc4d49dfd19478325e1b47f3196f7d2acc4930e19 libidn-1.33.tar.gz
diff --git a/package/libidn/libidn.mk b/package/libidn/libidn.mk
index ab43949..99c9e2c 100644
--- a/package/libidn/libidn.mk
+++ b/package/libidn/libidn.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBIDN_VERSION = 1.32
+LIBIDN_VERSION = 1.33
LIBIDN_SITE = $(BR2_GNU_MIRROR)/libidn
LIBIDN_INSTALL_STAGING = YES
LIBIDN_CONF_ENV = EMACS="no"
--
2.7.3
More information about the buildroot
mailing list