* [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0
@ 2019-09-11 11:40 Peter Korsgaard
2019-09-11 11:40 ` [Buildroot] [PATCH 2/2] {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series Peter Korsgaard
2019-09-11 12:20 ` [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0 Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Peter Korsgaard @ 2019-09-11 11:40 UTC (permalink / raw)
To: buildroot
Fixes the following security vulnerabilities:
CVE-2019-5481: FTP-KRB double-free
https://curl.haxx.se/docs/CVE-2019-5481.html
CVE-2019-5482: TFTP small blocksize heap buffer overflow
https://curl.haxx.se/docs/CVE-2019-5482.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/libcurl/libcurl.hash | 4 ++--
package/libcurl/libcurl.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index 580a2e640a..8f2d0c058c 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-# https://curl.haxx.se/download/curl-7.65.3.tar.xz.asc
+# https://curl.haxx.se/download/curl-7.66.0.tar.xz.asc
# with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256 f2d98854813948d157f6a91236ae34ca4a1b4cb302617cebad263d79b0235fea curl-7.65.3.tar.xz
+sha256 dbb48088193016d079b97c5c3efde8efa56ada2ebf336e8a97d04eb8e2ed98c1 curl-7.66.0.tar.xz
sha256 8c8824f50e73a021f5dde1fccbf69685939247399a33a32abab1fa448c9ddabb COPYING
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index bab7c8e1be..8384210d48 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 7.65.3
+LIBCURL_VERSION = 7.66.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/2] {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series
2019-09-11 11:40 [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0 Peter Korsgaard
@ 2019-09-11 11:40 ` Peter Korsgaard
2019-09-15 7:15 ` Peter Korsgaard
2019-09-11 12:20 ` [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0 Peter Korsgaard
1 sibling, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2019-09-11 11:40 UTC (permalink / raw)
To: buildroot
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
linux/Config.in | 2 +-
linux/linux.hash | 10 +++++-----
| 10 +++++-----
3 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/linux/Config.in b/linux/Config.in
index 2bd2d859d5..b268ee8c99 100644
--- a/linux/Config.in
+++ b/linux/Config.in
@@ -122,7 +122,7 @@ endif
config BR2_LINUX_KERNEL_VERSION
string
- default "5.2.11" if BR2_LINUX_KERNEL_LATEST_VERSION
+ default "5.2.14" if BR2_LINUX_KERNEL_LATEST_VERSION
default "v4.19.65-cip8" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
if BR2_LINUX_KERNEL_CUSTOM_VERSION
diff --git a/linux/linux.hash b/linux/linux.hash
index 133a55377e..41dfd52296 100644
--- a/linux/linux.hash
+++ b/linux/linux.hash
@@ -1,8 +1,8 @@
# From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256 0c2a831f993dc8a8a8e1ca4186b467de72ff173c6f5855e2aab70f6f7fb033f9 linux-5.2.11.tar.xz
+sha256 c64d36477fee6a864a734ec417407768e60040a13f144c33208fa9622fd0ce8c linux-5.2.14.tar.xz
sha256 56495f82314f0dfb84a3fe7fad78e17be69c4fd36ef46f2452458b2fa1e341f6 linux-5.1.21.tar.xz
# From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
-sha256 c091760b520a4e4a4c7034a8329cc2689a0ea3f81a377b694ed196d623e2d987 linux-4.19.69.tar.xz
-sha256 0bb9f0812326ec4554de1bea02628840e03b6664b5abfd9d8510049e43203a17 linux-4.14.141.tar.xz
-sha256 fe8a1ca080a462de6832762ba8b71410b828f0e52c1e11d3c46d83e9ac1e0a16 linux-4.9.190.tar.xz
-sha256 fec8c8549a3775b922cecad74a6409b33520a669d451dc51ad47d69c2543c2e5 linux-4.4.190.tar.xz
+sha256 f9fcb6b3bd29115ac55fc154e300c3dce2044502732f6842ad6c25e6f9f51f6d linux-4.19.72.tar.xz
+sha256 2534f2f03cb937700a03dd85dcf1cb6e6f46fdd29d489580cc3183d6c0643d93 linux-4.14.143.tar.xz
+sha256 7a1a300cce70a4fd0d49b7fff7b1673159b61c4040c5a7c08ea333a7cb328d54 linux-4.9.192.tar.xz
+sha256 2fba918dd21e421b4e0fd57dac052ba65f9947320892d960f093419561988a3b linux-4.4.192.tar.xz
--git a/package/linux-headers/Config.in.host b/package/linux-headers/Config.in.host
index 00df32f740..ec951eef5d 100644
--- a/package/linux-headers/Config.in.host
+++ b/package/linux-headers/Config.in.host
@@ -305,12 +305,12 @@ endchoice
config BR2_DEFAULT_KERNEL_HEADERS
string
- default "4.4.190" if BR2_KERNEL_HEADERS_4_4
- default "4.9.190" if BR2_KERNEL_HEADERS_4_9
- default "4.14.141" if BR2_KERNEL_HEADERS_4_14
- default "4.19.69" if BR2_KERNEL_HEADERS_4_19
+ default "4.4.192" if BR2_KERNEL_HEADERS_4_4
+ default "4.9.192" if BR2_KERNEL_HEADERS_4_9
+ default "4.14.143" if BR2_KERNEL_HEADERS_4_14
+ default "4.19.72" if BR2_KERNEL_HEADERS_4_19
default "5.1.21" if BR2_KERNEL_HEADERS_5_1
- default "5.2.11" if BR2_KERNEL_HEADERS_5_2
+ default "5.2.14" if BR2_KERNEL_HEADERS_5_2
default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
default "custom" if BR2_KERNEL_HEADERS_CUSTOM_TARBALL
default BR2_KERNEL_HEADERS_CUSTOM_REPO_VERSION \
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0
2019-09-11 11:40 [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0 Peter Korsgaard
2019-09-11 11:40 ` [Buildroot] [PATCH 2/2] {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series Peter Korsgaard
@ 2019-09-11 12:20 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2019-09-11 12:20 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security vulnerabilities:
> CVE-2019-5481: FTP-KRB double-free
> https://curl.haxx.se/docs/CVE-2019-5481.html
> CVE-2019-5482: TFTP small blocksize heap buffer overflow
> https://curl.haxx.se/docs/CVE-2019-5482.html
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ehh, this should naturally not have been part of the same series as the
kernel bump, please ignore.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/2] {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series
2019-09-11 11:40 ` [Buildroot] [PATCH 2/2] {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series Peter Korsgaard
@ 2019-09-15 7:15 ` Peter Korsgaard
0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2019-09-15 7:15 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-09-15 7:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-11 11:40 [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0 Peter Korsgaard
2019-09-11 11:40 ` [Buildroot] [PATCH 2/2] {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series Peter Korsgaard
2019-09-15 7:15 ` Peter Korsgaard
2019-09-11 12:20 ` [Buildroot] [PATCH 1/2] package/libcurl: security bump to version 7.66.0 Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox