[Buildroot] [PATCH] lzo: security bump to version 2.07

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH] lzo: security bump to version 2.07
@ 2014-06-27  4:32 Baruch Siach
  2014-06-27 11:07 ` Peter Korsgaard
  0 siblings, 1 reply; 5+ messages in thread
From: Baruch Siach @ 2014-06-27  4:32 UTC (permalink / raw)
  To: buildroot

Fixes CVE-2014-4607.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 package/lzo/lzo.mk | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/package/lzo/lzo.mk b/package/lzo/lzo.mk
index 10107fea3be3..bf85e84e9a71 100644
--- a/package/lzo/lzo.mk
+++ b/package/lzo/lzo.mk
@@ -4,11 +4,13 @@
 #
 ################################################################################
 
-LZO_VERSION = 2.06
+LZO_VERSION = 2.07
 LZO_SITE = http://www.oberhumer.com/opensource/lzo/download
 LZO_LICENSE = GPLv2+
 LZO_LICENSE_FILES = COPYING
 LZO_INSTALL_STAGING = YES
+# Make libtool patch apply
+LZO_AUTORECONF = YES
 
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))
-- 
2.0.0

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [Buildroot] [PATCH] lzo: security bump to version 2.07
  2014-06-27  4:32 [Buildroot] [PATCH] lzo: security bump to version 2.07 Baruch Siach
@ 2014-06-27 11:07 ` Peter Korsgaard
  2014-06-27 11:26   ` Baruch Siach
  0 siblings, 1 reply; 5+ messages in thread
From: Peter Korsgaard @ 2014-06-27 11:07 UTC (permalink / raw)
  To: buildroot

>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:

 > Fixes CVE-2014-4607.
 > Signed-off-by: Baruch Siach <baruch@tkos.co.il>
 > ---
 >  package/lzo/lzo.mk | 4 +++-
 >  1 file changed, 3 insertions(+), 1 deletion(-)

 > diff --git a/package/lzo/lzo.mk b/package/lzo/lzo.mk
 > index 10107fea3be3..bf85e84e9a71 100644
 > --- a/package/lzo/lzo.mk
 > +++ b/package/lzo/lzo.mk
 > @@ -4,11 +4,13 @@
 >  #
 >  ################################################################################
 
 > -LZO_VERSION = 2.06
 > +LZO_VERSION = 2.07
 >  LZO_SITE = http://www.oberhumer.com/opensource/lzo/download
 >  LZO_LICENSE = GPLv2+
 >  LZO_LICENSE_FILES = COPYING
 >  LZO_INSTALL_STAGING = YES
 > +# Make libtool patch apply
 > +LZO_AUTORECONF = YES

Why? Please explain.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Buildroot] [PATCH] lzo: security bump to version 2.07
  2014-06-27 11:07 ` Peter Korsgaard
@ 2014-06-27 11:26   ` Baruch Siach
  2014-06-27 14:08     ` Peter Korsgaard
  0 siblings, 1 reply; 5+ messages in thread
From: Baruch Siach @ 2014-06-27 11:26 UTC (permalink / raw)
  To: buildroot

Hi Peter,

On Fri, Jun 27, 2014 at 01:07:47PM +0200, Peter Korsgaard wrote:
> >>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> 
>  > Fixes CVE-2014-4607.
>  > Signed-off-by: Baruch Siach <baruch@tkos.co.il>
>  > ---
>  >  package/lzo/lzo.mk | 4 +++-
>  >  1 file changed, 3 insertions(+), 1 deletion(-)
> 
>  > diff --git a/package/lzo/lzo.mk b/package/lzo/lzo.mk
>  > index 10107fea3be3..bf85e84e9a71 100644
>  > --- a/package/lzo/lzo.mk
>  > +++ b/package/lzo/lzo.mk
>  > @@ -4,11 +4,13 @@
>  >  #
>  >  ################################################################################
>  
>  > -LZO_VERSION = 2.06
>  > +LZO_VERSION = 2.07
>  >  LZO_SITE = http://www.oberhumer.com/opensource/lzo/download
>  >  LZO_LICENSE = GPLv2+
>  >  LZO_LICENSE_FILES = COPYING
>  >  LZO_INSTALL_STAGING = YES
>  > +# Make libtool patch apply
>  > +LZO_AUTORECONF = YES
> 
> Why? Please explain.

Otherwise libtool patching fails:

>>> lzo 2.07 Patching libtool

Applying buildroot-libtool-v2.4.patch using patch: patching file ltmain.sh
Hunk #1 FAILED at 1416.
Hunk #2 FAILED at 2962.
Hunk #3 succeeded at 7964 with fuzz 2 (offset 1281 lines).
Hunk #4 succeeded at 10554 (offset 1297 lines).
2 out of 4 hunks FAILED -- saving rejects to file ltmain.sh.rej
Patch failed!  Please fix buildroot-libtool-v2.4.patch!

Should I rephrase the comment?

baruch

-- 
     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Buildroot] [PATCH] lzo: security bump to version 2.07
  2014-06-27 11:26   ` Baruch Siach
@ 2014-06-27 14:08     ` Peter Korsgaard
  2014-06-27 18:36       ` Thomas Petazzoni
  0 siblings, 1 reply; 5+ messages in thread
From: Peter Korsgaard @ 2014-06-27 14:08 UTC (permalink / raw)
  To: buildroot

>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:

 >> > +# Make libtool patch apply
 >> > +LZO_AUTORECONF = YES
 >> 
 >> Why? Please explain.

 > Otherwise libtool patching fails:

 >>>> lzo 2.07 Patching libtool

 > Applying buildroot-libtool-v2.4.patch using patch: patching file ltmain.sh
 > Hunk #1 FAILED at 1416.
 > Hunk #2 FAILED at 2962.
 > Hunk #3 succeeded at 7964 with fuzz 2 (offset 1281 lines).
 > Hunk #4 succeeded at 10554 (offset 1297 lines).
 > 2 out of 4 hunks FAILED -- saving rejects to file ltmain.sh.rej
 > Patch failed!  Please fix buildroot-libtool-v2.4.patch!

 > Should I rephrase the comment?

Yes, please. I guess it is because it uses a too new libtool version?

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Buildroot] [PATCH] lzo: security bump to version 2.07
  2014-06-27 14:08     ` Peter Korsgaard
@ 2014-06-27 18:36       ` Thomas Petazzoni
  0 siblings, 0 replies; 5+ messages in thread
From: Thomas Petazzoni @ 2014-06-27 18:36 UTC (permalink / raw)
  To: buildroot

Dear Peter Korsgaard,

On Fri, 27 Jun 2014 16:08:53 +0200, Peter Korsgaard wrote:

>  >>>> lzo 2.07 Patching libtool
> 
>  > Applying buildroot-libtool-v2.4.patch using patch: patching file ltmain.sh
>  > Hunk #1 FAILED at 1416.
>  > Hunk #2 FAILED at 2962.
>  > Hunk #3 succeeded at 7964 with fuzz 2 (offset 1281 lines).
>  > Hunk #4 succeeded at 10554 (offset 1297 lines).
>  > 2 out of 4 hunks FAILED -- saving rejects to file ltmain.sh.rej
>  > Patch failed!  Please fix buildroot-libtool-v2.4.patch!
> 
>  > Should I rephrase the comment?
> 
> Yes, please. I guess it is because it uses a too new libtool version?

The libtool script bundled with this package uses "libtool 2.4.2.418",
which we have identified (with Hadrien) as requiring a different patch
that other libtool versions, including libtool 2.4.2. That's something
we will try to work out with Hadrien.

Thanks,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-06-27 18:36 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-27  4:32 [Buildroot] [PATCH] lzo: security bump to version 2.07 Baruch Siach
2014-06-27 11:07 ` Peter Korsgaard
2014-06-27 11:26   ` Baruch Siach
2014-06-27 14:08     ` Peter Korsgaard
2014-06-27 18:36       ` Thomas Petazzoni

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox