* [Buildroot] [PATCH 1/1] package/libtirpc: security bump to version 1.3.3
@ 2022-08-26 21:14 Fabrice Fontaine
2022-08-27 5:27 ` Petr Vorel
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Fabrice Fontaine @ 2022-08-26 21:14 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine, Thomas Petazzoni
Fix CVE-2021-46828: In libtirpc before 1.3.3rc1, remote attackers could
exhaust the file descriptors of a process that uses libtirpc because
idle TCP connections are mishandled. This can, in turn, lead to an
svc_run infinite loop without accepting new connections.
https://sourceforge.net/projects/libtirpc/files/libtirpc/1.3.3/Release-1.3.3.txt/download
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/libtirpc/libtirpc.hash | 4 ++--
package/libtirpc/libtirpc.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/libtirpc/libtirpc.hash b/package/libtirpc/libtirpc.hash
index 56c1d9de3f..1efc3e47e2 100644
--- a/package/libtirpc/libtirpc.hash
+++ b/package/libtirpc/libtirpc.hash
@@ -1,5 +1,5 @@
# From sourceforge's info on download page:
-sha1 51d75be0e5acc094a888f40042b23e128d163cb5 libtirpc-1.3.2.tar.bz2
+sha1 6e52c39148494e4836e2d5d4f28b11ddfa65394b libtirpc-1.3.3.tar.bz2
# Locally computed
-sha256 e24eb88b8ce7db3b7ca6eb80115dd1284abc5ec32a8deccfed2224fc2532b9fd libtirpc-1.3.2.tar.bz2
+sha256 6474e98851d9f6f33871957ddee9714fdcd9d8a5ee9abb5a98d63ea2e60e12f3 libtirpc-1.3.3.tar.bz2
sha256 17cf6098f95bdbb269f0bbc68e76c88fe20487ca7ec53f454923ab4256ecd2e7 COPYING
diff --git a/package/libtirpc/libtirpc.mk b/package/libtirpc/libtirpc.mk
index 9d3c4b5a94..179adc97d0 100644
--- a/package/libtirpc/libtirpc.mk
+++ b/package/libtirpc/libtirpc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBTIRPC_VERSION = 1.3.2
+LIBTIRPC_VERSION = 1.3.3
LIBTIRPC_SOURCE = libtirpc-$(LIBTIRPC_VERSION).tar.bz2
LIBTIRPC_SITE = http://downloads.sourceforge.net/project/libtirpc/libtirpc/$(LIBTIRPC_VERSION)
LIBTIRPC_LICENSE = BSD-3-Clause
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libtirpc: security bump to version 1.3.3
2022-08-26 21:14 [Buildroot] [PATCH 1/1] package/libtirpc: security bump to version 1.3.3 Fabrice Fontaine
@ 2022-08-27 5:27 ` Petr Vorel
2022-08-27 7:56 ` Yann E. MORIN
2022-08-27 7:54 ` Yann E. MORIN
2022-09-17 15:40 ` Peter Korsgaard
2 siblings, 1 reply; 5+ messages in thread
From: Petr Vorel @ 2022-08-27 5:27 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Olivier Van den Eede, Thomas Petazzoni, buildroot
[-- Attachment #1.1: Type: text/plain, Size: 266 bytes --]
Hi Fabrice, all,
thanks!
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
FYI Olivier Van den Eede has also sent valid patch for this but it haven't
reached patchwork not even ML.
I guess he's not subscribed, thus only people in Cc got the mail.
Kind regards,
Petr
[-- Attachment #1.2: Type: text/html, Size: 451 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libtirpc: security bump to version 1.3.3
2022-08-26 21:14 [Buildroot] [PATCH 1/1] package/libtirpc: security bump to version 1.3.3 Fabrice Fontaine
2022-08-27 5:27 ` Petr Vorel
@ 2022-08-27 7:54 ` Yann E. MORIN
2022-09-17 15:40 ` Peter Korsgaard
2 siblings, 0 replies; 5+ messages in thread
From: Yann E. MORIN @ 2022-08-27 7:54 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Thomas Petazzoni, buildroot
Fabrice, All,
On 2022-08-26 23:14 +0200, Fabrice Fontaine spake thusly:
> Fix CVE-2021-46828: In libtirpc before 1.3.3rc1, remote attackers could
> exhaust the file descriptors of a process that uses libtirpc because
> idle TCP connections are mishandled. This can, in turn, lead to an
> svc_run infinite loop without accepting new connections.
>
> https://sourceforge.net/projects/libtirpc/files/libtirpc/1.3.3/Release-1.3.3.txt/download
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/libtirpc/libtirpc.hash | 4 ++--
> package/libtirpc/libtirpc.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/libtirpc/libtirpc.hash b/package/libtirpc/libtirpc.hash
> index 56c1d9de3f..1efc3e47e2 100644
> --- a/package/libtirpc/libtirpc.hash
> +++ b/package/libtirpc/libtirpc.hash
> @@ -1,5 +1,5 @@
> # From sourceforge's info on download page:
> -sha1 51d75be0e5acc094a888f40042b23e128d163cb5 libtirpc-1.3.2.tar.bz2
> +sha1 6e52c39148494e4836e2d5d4f28b11ddfa65394b libtirpc-1.3.3.tar.bz2
> # Locally computed
> -sha256 e24eb88b8ce7db3b7ca6eb80115dd1284abc5ec32a8deccfed2224fc2532b9fd libtirpc-1.3.2.tar.bz2
> +sha256 6474e98851d9f6f33871957ddee9714fdcd9d8a5ee9abb5a98d63ea2e60e12f3 libtirpc-1.3.3.tar.bz2
> sha256 17cf6098f95bdbb269f0bbc68e76c88fe20487ca7ec53f454923ab4256ecd2e7 COPYING
> diff --git a/package/libtirpc/libtirpc.mk b/package/libtirpc/libtirpc.mk
> index 9d3c4b5a94..179adc97d0 100644
> --- a/package/libtirpc/libtirpc.mk
> +++ b/package/libtirpc/libtirpc.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LIBTIRPC_VERSION = 1.3.2
> +LIBTIRPC_VERSION = 1.3.3
> LIBTIRPC_SOURCE = libtirpc-$(LIBTIRPC_VERSION).tar.bz2
> LIBTIRPC_SITE = http://downloads.sourceforge.net/project/libtirpc/libtirpc/$(LIBTIRPC_VERSION)
> LIBTIRPC_LICENSE = BSD-3-Clause
> --
> 2.35.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libtirpc: security bump to version 1.3.3
2022-08-27 5:27 ` Petr Vorel
@ 2022-08-27 7:56 ` Yann E. MORIN
0 siblings, 0 replies; 5+ messages in thread
From: Yann E. MORIN @ 2022-08-27 7:56 UTC (permalink / raw)
To: Petr Vorel
Cc: Olivier Van den Eede, Fabrice Fontaine, Thomas Petazzoni,
buildroot
Petr, Olivier, All,
On 2022-08-27 07:27 +0200, Petr Vorel spake thusly:
> Hi Fabrice, all,
> thanks!
> Reviewed-by: Petr Vorel < [1]petr.vorel@gmail.com>
> FYI Olivier Van den Eede has also sent valid patch for this but it haven't reached patchwork not even ML.
> I guess he's not subscribed, thus only people in Cc got the mail.
I had seen your previous reply, but I too did not get Olivier's patch,
so I ended up applying Fabrice's instead.
Olivier, thanks for your patch, but indeed, you need to be subscribed to
the list to post messages.
Regards,
Yann E. MORIN.
> Kind regards,
> Petr
>
> Links:
> 1. mailto:petr.vorel@gmail.com
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libtirpc: security bump to version 1.3.3
2022-08-26 21:14 [Buildroot] [PATCH 1/1] package/libtirpc: security bump to version 1.3.3 Fabrice Fontaine
2022-08-27 5:27 ` Petr Vorel
2022-08-27 7:54 ` Yann E. MORIN
@ 2022-09-17 15:40 ` Peter Korsgaard
2 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2022-09-17 15:40 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Thomas Petazzoni, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix CVE-2021-46828: In libtirpc before 1.3.3rc1, remote attackers could
> exhaust the file descriptors of a process that uses libtirpc because
> idle TCP connections are mishandled. This can, in turn, lead to an
> svc_run infinite loop without accepting new connections.
> https://sourceforge.net/projects/libtirpc/files/libtirpc/1.3.3/Release-1.3.3.txt/download
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2022.05.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-09-17 15:40 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-26 21:14 [Buildroot] [PATCH 1/1] package/libtirpc: security bump to version 1.3.3 Fabrice Fontaine
2022-08-27 5:27 ` Petr Vorel
2022-08-27 7:56 ` Yann E. MORIN
2022-08-27 7:54 ` Yann E. MORIN
2022-09-17 15:40 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.