[meta-oe][PATCH] serf: update to 1.3.8 including CVE-2014-3504

Openembedded Core Discussions
 help / color / mirror / Atom feed

* [meta-oe][PATCH] serf: update to 1.3.8 including CVE-2014-3504
@ 2014-11-17 15:32 Armin Kuster
  2014-11-17 15:34 ` akuster
  0 siblings, 1 reply; 2+ messages in thread
From: Armin Kuster @ 2014-11-17 15:32 UTC (permalink / raw)
  To: openembedded-core

Serf 1.3.8 [2014-10-20, from /tags/1.3.8, rxxxx]
Fix issue #152: CRC calculation error for gzipped http reponses > 4GB.
Fix issue #153: SSPI CredHandle not freed when APR pool is destroyed.
Fix issue #154: Disable SSLv2 and SSLv3 as both or broken.

Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411]
Includes security fix:
Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399)
- CVE-2014-3504: (Closes: #757965)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.8.bb} | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.8.bb} (74%)

diff --git a/meta/recipes-support/serf/serf_1.3.6.bb b/meta/recipes-support/serf/serf_1.3.8.bb
similarity index 74%
rename from meta/recipes-support/serf/serf_1.3.6.bb
rename to meta/recipes-support/serf/serf_1.3.8.bb
index 08b04d3..10db122 100644
--- a/meta/recipes-support/serf/serf_1.3.6.bb
+++ b/meta/recipes-support/serf/serf_1.3.8.bb
@@ -1,8 +1,8 @@
 
-SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-1.3.6.tar.bz2 \
+SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-${PV}.tar.bz2 \
            file://norpath.patch"
-SRC_URI[md5sum] = "7fe38fa6eab078e0beabf291d8e4995d"
-SRC_URI[sha256sum] = "ca637beb0399797d4fc7ffa85e801733cd9c876997fac4a4fd12e9afe86563f2"
+SRC_URI[md5sum] = "2e4efe57ff28cb3202a112e90f0c2889"
+SRC_URI[sha256sum] = "e0500be065dbbce490449837bb2ab624e46d64fc0b090474d9acaa87c82b2590"
 
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
-- 
1.9.1



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [meta-oe][PATCH] serf: update to 1.3.8 including CVE-2014-3504
  2014-11-17 15:32 [meta-oe][PATCH] serf: update to 1.3.8 including CVE-2014-3504 Armin Kuster
@ 2014-11-17 15:34 ` akuster
  0 siblings, 0 replies; 2+ messages in thread
From: akuster @ 2014-11-17 15:34 UTC (permalink / raw)
  To: Armin Kuster, openembedded-core

Just noticed another post.

drop this.

- armin

On 11/17/2014 07:32 AM, Armin Kuster wrote:
> Serf 1.3.8 [2014-10-20, from /tags/1.3.8, rxxxx]
> Fix issue #152: CRC calculation error for gzipped http reponses > 4GB.
> Fix issue #153: SSPI CredHandle not freed when APR pool is destroyed.
> Fix issue #154: Disable SSLv2 and SSLv3 as both or broken.
>
> Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411]
> Includes security fix:
> Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399)
> - CVE-2014-3504: (Closes: #757965)
>
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
>   meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.8.bb} | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
>   rename meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.8.bb} (74%)
>
> diff --git a/meta/recipes-support/serf/serf_1.3.6.bb b/meta/recipes-support/serf/serf_1.3.8.bb
> similarity index 74%
> rename from meta/recipes-support/serf/serf_1.3.6.bb
> rename to meta/recipes-support/serf/serf_1.3.8.bb
> index 08b04d3..10db122 100644
> --- a/meta/recipes-support/serf/serf_1.3.6.bb
> +++ b/meta/recipes-support/serf/serf_1.3.8.bb
> @@ -1,8 +1,8 @@
>
> -SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-1.3.6.tar.bz2 \
> +SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-${PV}.tar.bz2 \
>              file://norpath.patch"
> -SRC_URI[md5sum] = "7fe38fa6eab078e0beabf291d8e4995d"
> -SRC_URI[sha256sum] = "ca637beb0399797d4fc7ffa85e801733cd9c876997fac4a4fd12e9afe86563f2"
> +SRC_URI[md5sum] = "2e4efe57ff28cb3202a112e90f0c2889"
> +SRC_URI[sha256sum] = "e0500be065dbbce490449837bb2ab624e46d64fc0b090474d9acaa87c82b2590"
>
>   LICENSE = "Apache-2.0"
>   LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
>


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-11-17 15:34 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-17 15:32 [meta-oe][PATCH] serf: update to 1.3.8 including CVE-2014-3504 Armin Kuster
2014-11-17 15:34 ` akuster

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox