[Buildroot] [PATCH] libidn: security bump to version 1.33

Gustavo Zacarias gustavo at zacarias.com.ar
Fri Jul 22 23:38:34 UTC 2016


Fixes:
CVE-2015-8948 - out-of-bounds read in CLI tool.
CVE-2016-6261 - out-of-bounds stack read in idna_to_ascii_4i.
CVE-2016-6262 - followup fix to CVE-2015-8948.
CVE-2016-6263 - stringprep_utf8_nfkc_normalize reject invalid UTF-8.

Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
---
 package/libidn/libidn.hash | 6 ++++--
 package/libidn/libidn.mk   | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/package/libidn/libidn.hash b/package/libidn/libidn.hash
index 20c844e..4658a3e 100644
--- a/package/libidn/libidn.hash
+++ b/package/libidn/libidn.hash
@@ -1,2 +1,4 @@
-# From http://lists.nongnu.org/archive/html/help-libidn/2015-08/msg00001.html
-sha1	ddd018611b98af7c67d434aa42d15d39f45129f5	libidn-1.32.tar.gz
+# From http://lists.nongnu.org/archive/html/help-libidn/2016-07/msg00009.html
+sha1	57872fdc665dcc585e16f4ac0bb35374b1103f7e	libidn-1.33.tar.gz
+# Calculated based on the hash above
+sha256	44a7aab635bb721ceef6beecc4d49dfd19478325e1b47f3196f7d2acc4930e19	libidn-1.33.tar.gz
diff --git a/package/libidn/libidn.mk b/package/libidn/libidn.mk
index ab43949..99c9e2c 100644
--- a/package/libidn/libidn.mk
+++ b/package/libidn/libidn.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBIDN_VERSION = 1.32
+LIBIDN_VERSION = 1.33
 LIBIDN_SITE = $(BR2_GNU_MIRROR)/libidn
 LIBIDN_INSTALL_STAGING = YES
 LIBIDN_CONF_ENV = EMACS="no"
-- 
2.7.3



More information about the buildroot mailing list