[Buildroot] [PATCH 1/1] package/hwlock: security bump to version 2.9.3

[Buildroot] [PATCH 1/1] package/hwlock: security bump to version 2.9.3

[Fabrice Fontaine]

Fix CVE-2022-47022: An issue was discovered in open-mpi hwloc 2.1.0
allows attackers to cause a denial of service or other unspecified
impacts via glibc-cpuset in topology-linux.c.

https://github.com/open-mpi/hwloc/blob/hwloc-2.9.3/NEWS
https://github.com/open-mpi/hwloc/compare/hwloc-2.9.2...hwloc-2.9.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/hwloc/hwloc.hash | 4 ++--
 package/hwloc/hwloc.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/hwloc/hwloc.hash b/package/hwloc/hwloc.hash
index d40315a3af..8010b857f0 100644
--- a/package/hwloc/hwloc.hash
+++ b/package/hwloc/hwloc.hash
@@ -1,5 +1,5 @@
 # From https://www.open-mpi.org/software/hwloc/v2.9/
-sha1  be2a4f299c0da7670d39724986268bfa3fac6aee  hwloc-2.9.2.tar.bz2
-sha256  0a87fdf677f8b00b567d229b6320bf6b25c693edaa43e0b85268d999d6b060cf  hwloc-2.9.2.tar.bz2
+sha1  76b49087619b46d71e18bd1131d35a5ccf5de791  hwloc-2.9.3.tar.bz2
+sha256  5c4062ce556f6d3451fc177ffb8673a2120f81df6835dea6a21a90fbdfff0dec  hwloc-2.9.3.tar.bz2
 # Locally computed
 sha256  d79a936a42f3c6cb7c8375a023d43f4435f4664d3a5a2ea6b4623cff83c7fc06  COPYING
diff --git a/package/hwloc/hwloc.mk b/package/hwloc/hwloc.mk
index f6cf5433c4..0524ec17fd 100644
--- a/package/hwloc/hwloc.mk
+++ b/package/hwloc/hwloc.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 HWLOC_VERSION_MAJOR = 2.9
-HWLOC_VERSION = $(HWLOC_VERSION_MAJOR).2
+HWLOC_VERSION = $(HWLOC_VERSION_MAJOR).3
 HWLOC_SOURCE = hwloc-$(HWLOC_VERSION).tar.bz2
 HWLOC_SITE = https://download.open-mpi.org/release/hwloc/v$(HWLOC_VERSION_MAJOR)
 HWLOC_LICENSE = BSD-3-Clause
-- 
2.40.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/hwlock: security bump to version 2.9.3

[Yann E. MORIN]

Fabrice, All,

On 2023-09-15 19:04 +0200, Fabrice Fontaine spake thusly:
> Fix CVE-2022-47022: An issue was discovered in open-mpi hwloc 2.1.0
> allows attackers to cause a denial of service or other unspecified
> impacts via glibc-cpuset in topology-linux.c.
> 
> https://github.com/open-mpi/hwloc/blob/hwloc-2.9.3/NEWS
> https://github.com/open-mpi/hwloc/compare/hwloc-2.9.2...hwloc-2.9.3
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/hwloc/hwloc.hash | 4 ++--
>  package/hwloc/hwloc.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/hwloc/hwloc.hash b/package/hwloc/hwloc.hash
> index d40315a3af..8010b857f0 100644
> --- a/package/hwloc/hwloc.hash
> +++ b/package/hwloc/hwloc.hash
> @@ -1,5 +1,5 @@
>  # From https://www.open-mpi.org/software/hwloc/v2.9/
> -sha1  be2a4f299c0da7670d39724986268bfa3fac6aee  hwloc-2.9.2.tar.bz2
> -sha256  0a87fdf677f8b00b567d229b6320bf6b25c693edaa43e0b85268d999d6b060cf  hwloc-2.9.2.tar.bz2
> +sha1  76b49087619b46d71e18bd1131d35a5ccf5de791  hwloc-2.9.3.tar.bz2
> +sha256  5c4062ce556f6d3451fc177ffb8673a2120f81df6835dea6a21a90fbdfff0dec  hwloc-2.9.3.tar.bz2
>  # Locally computed
>  sha256  d79a936a42f3c6cb7c8375a023d43f4435f4664d3a5a2ea6b4623cff83c7fc06  COPYING
> diff --git a/package/hwloc/hwloc.mk b/package/hwloc/hwloc.mk
> index f6cf5433c4..0524ec17fd 100644
> --- a/package/hwloc/hwloc.mk
> +++ b/package/hwloc/hwloc.mk
> @@ -5,7 +5,7 @@
>  ################################################################################
>  
>  HWLOC_VERSION_MAJOR = 2.9
> -HWLOC_VERSION = $(HWLOC_VERSION_MAJOR).2
> +HWLOC_VERSION = $(HWLOC_VERSION_MAJOR).3
>  HWLOC_SOURCE = hwloc-$(HWLOC_VERSION).tar.bz2
>  HWLOC_SITE = https://download.open-mpi.org/release/hwloc/v$(HWLOC_VERSION_MAJOR)
>  HWLOC_LICENSE = BSD-3-Clause
> -- 
> 2.40.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/hwlock: security bump to version 2.9.3

[Peter Korsgaard]

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2022-47022: An issue was discovered in open-mpi hwloc 2.1.0
 > allows attackers to cause a denial of service or other unspecified
 > impacts via glibc-cpuset in topology-linux.c.

 > https://github.com/open-mpi/hwloc/blob/hwloc-2.9.3/NEWS
 > https://github.com/open-mpi/hwloc/compare/hwloc-2.9.2...hwloc-2.9.3

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2023.02.x, 2023.05.x and 2023.08.x after fixing the
subject, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot