dpkg: upgrade to 1.17.25

upgrade to fix two CVE defects: CVE-2014-8625 and CVE-2015-0840 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8625 Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0840 The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Roy Li <rongqing.li@windriver.com> 2015-04-29 16:09:38 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-04-30 23:01:28 +0100
commit: 079445990f51f98c8d4f9397dec0ed91ca2490c3 (patch)
tree: d70b2a8f9ed964c74996ff2234183ed2f0eb468d /meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
parent: 3c58712465494e441c4036a7cf21d2e6d343efab (diff)
download: openembedded-core-079445990f51f98c8d4f9397dec0ed91ca2490c3.tar.gz
1 files changed, 20 insertions, 0 deletions
diff --git a/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb b/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
new file mode 100644
index 0000000000..74b1dd000f
--- /dev/null
+++ b/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
@@ -0,0 +1,20 @@
+require dpkg.inc
+LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
+
+SRC_URI += "file://noman.patch \
+            file://check_snprintf.patch \
+            file://check_version.patch \
+            file://preinst.patch \
+            file://fix-timestamps.patch \
+            file://remove-tar-no-timestamp.patch \
+            file://fix-abs-redefine.patch \
+            file://arch_pm.patch \
+            file://dpkg-configure.service \
+            file://glibc2.5-sync_file_range.patch \
+            file://no-vla-warning.patch \
+            file://add_armeb_triplet_entry.patch \
+           "
+
+SRC_URI[md5sum] = "e48fcfdb2162e77d72c2a83432d537ca"
+SRC_URI[sha256sum] = "07019d38ae98fb107c79dbb3690cfadff877f153b8c4970e3a30d2e59aa66baa"
+
author	Roy Li <rongqing.li@windriver.com>	2015-04-29 16:09:38 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-04-30 23:01:28 +0100
commit	079445990f51f98c8d4f9397dec0ed91ca2490c3 (patch)
tree	d70b2a8f9ed964c74996ff2234183ed2f0eb468d /meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
parent	3c58712465494e441c4036a7cf21d2e6d343efab (diff)
download	openembedded-core-079445990f51f98c8d4f9397dec0ed91ca2490c3.tar.gz