[Buildroot] [PATCH 1/3] package/libupnp18: security bump to version 1.14.0

Fabrice Fontaine fontaine.fabrice at gmail.com
Fri Aug 21 20:41:37 UTC 2020


Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848

Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
 package/libupnp18/libupnp18.hash | 6 +++---
 package/libupnp18/libupnp18.mk   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/libupnp18/libupnp18.hash b/package/libupnp18/libupnp18.hash
index ba9ce1bcdf..cd693ef0eb 100644
--- a/package/libupnp18/libupnp18.hash
+++ b/package/libupnp18/libupnp18.hash
@@ -1,5 +1,5 @@
-# From https://sourceforge.net/projects/pupnp/files/pupnp/libupnp-1.8.7/libupnp-1.8.7.tar.bz2.sha1
-sha1  2ea3011180c58b0584f0cb73cc8e685a0a1c4ec8  libupnp-1.8.7.tar.bz2
+# From https://sourceforge.net/projects/pupnp/files/pupnp/libupnp-1.14.0/libupnp-1.14.0.tar.bz2.sha1
+sha1  b14cff9ddd7cfe7f0e4bf552387122a31770f51f  libupnp-1.14.0.tar.bz2
 # Locally computed:
-sha256  e38c69b2b67322e67cd53680db9b02c7c1f720a47a3cd626fd89d57d2dca93b8  libupnp-1.8.7.tar.bz2
+sha256  ecb23d4291968c8a7bdd4eb16fc2250dbacc16b354345a13342d67f571d35ceb  libupnp-1.14.0.tar.bz2
 sha256  c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3  COPYING
diff --git a/package/libupnp18/libupnp18.mk b/package/libupnp18/libupnp18.mk
index f17a1a720d..fb6c548c47 100644
--- a/package/libupnp18/libupnp18.mk
+++ b/package/libupnp18/libupnp18.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBUPNP18_VERSION = 1.8.7
+LIBUPNP18_VERSION = 1.14.0
 LIBUPNP18_SOURCE = libupnp-$(LIBUPNP18_VERSION).tar.bz2
 LIBUPNP18_SITE = http://downloads.sourceforge.net/project/pupnp/pupnp/libupnp-$(LIBUPNP18_VERSION)
 LIBUPNP18_CONF_ENV = ac_cv_lib_compat_ftime=no
-- 
2.28.0



More information about the buildroot mailing list