From 29053ff82bf28da45eef9d7e85d6d3ce7060daf6 Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Wed, 10 Feb 2016 14:18:24 -0800 Subject: libbsd: Security fix and update 0.8.2 This update includes: CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd libbsd 0.8.1 and earlier contains a buffer overflow in the function fgetwln(). An if checks if it is necessary to reallocate memory in the target buffer. However this check is off by one, therefore an out of bounds write happens. Upstream has released version 0.8.2 to fix this. Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- meta/recipes-support/libbsd/libbsd_0.8.1.bb | 43 ----------------------------- meta/recipes-support/libbsd/libbsd_0.8.2.bb | 43 +++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 43 deletions(-) delete mode 100644 meta/recipes-support/libbsd/libbsd_0.8.1.bb create mode 100644 meta/recipes-support/libbsd/libbsd_0.8.2.bb diff --git a/meta/recipes-support/libbsd/libbsd_0.8.1.bb b/meta/recipes-support/libbsd/libbsd_0.8.1.bb deleted file mode 100644 index 45420d55e6..0000000000 --- a/meta/recipes-support/libbsd/libbsd_0.8.1.bb +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright (C) 2013 Khem Raj -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMMARY = "Library of utility functions from BSD systems" -DESCRIPTION = "This library provides useful functions commonly found on BSD systems, \ - and lacking on others like GNU systems, thus making it easier to port \ - projects with strong BSD origins, without needing to embed the same \ - code over and over again on each project." - -HOMEPAGE = "http://libbsd.freedesktop.org/wiki/" -# There seems to be more licenses used in the code, I don't think we want to list them all here, complete list: -# OE @ ~/projects/libbsd $ grep ^License: COPYING | sort -# License: BSD-2-clause -# License: BSD-2-clause -# License: BSD-2-clause-NetBSD -# License: BSD-2-clause-author -# License: BSD-2-clause-verbatim -# License: BSD-3-clause -# License: BSD-3-clause -# License: BSD-3-clause -# License: BSD-3-clause-Peter-Wemm -# License: BSD-3-clause-Regents -# License: BSD-4-clause-Christopher-G-Demetriou -# License: BSD-4-clause-Niels-Provos -# License: BSD-5-clause-Peter-Wemm -# License: Beerware -# License: Expat -# License: ISC -# License: ISC-Original -# License: public-domain -# License: public-domain-Colin-Plumb -LICENSE = "BSD-4-Clause & ISC & PD" -LIC_FILES_CHKSUM = "file://COPYING;md5=145ec05a217d8f879f29cfc5f83084be" -SECTION = "libs" - -SRC_URI = " \ - http://libbsd.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ -" - -SRC_URI[md5sum] = "f3daff0283af6e30f25d68be2deac4ef" -SRC_URI[sha256sum] = "adbc8781ad720bce939b689f38a9f0247732a36792147a7c28027c393c2af9b0" - -inherit autotools pkgconfig diff --git a/meta/recipes-support/libbsd/libbsd_0.8.2.bb b/meta/recipes-support/libbsd/libbsd_0.8.2.bb new file mode 100644 index 0000000000..3335386d8f --- /dev/null +++ b/meta/recipes-support/libbsd/libbsd_0.8.2.bb @@ -0,0 +1,43 @@ +# Copyright (C) 2013 Khem Raj +# Released under the MIT license (see COPYING.MIT for the terms) + +SUMMARY = "Library of utility functions from BSD systems" +DESCRIPTION = "This library provides useful functions commonly found on BSD systems, \ + and lacking on others like GNU systems, thus making it easier to port \ + projects with strong BSD origins, without needing to embed the same \ + code over and over again on each project." + +HOMEPAGE = "http://libbsd.freedesktop.org/wiki/" +# There seems to be more licenses used in the code, I don't think we want to list them all here, complete list: +# OE @ ~/projects/libbsd $ grep ^License: COPYING | sort +# License: BSD-2-clause +# License: BSD-2-clause +# License: BSD-2-clause-NetBSD +# License: BSD-2-clause-author +# License: BSD-2-clause-verbatim +# License: BSD-3-clause +# License: BSD-3-clause +# License: BSD-3-clause +# License: BSD-3-clause-Peter-Wemm +# License: BSD-3-clause-Regents +# License: BSD-4-clause-Christopher-G-Demetriou +# License: BSD-4-clause-Niels-Provos +# License: BSD-5-clause-Peter-Wemm +# License: Beerware +# License: Expat +# License: ISC +# License: ISC-Original +# License: public-domain +# License: public-domain-Colin-Plumb +LICENSE = "BSD-4-Clause & ISC & PD" +LIC_FILES_CHKSUM = "file://COPYING;md5=145ec05a217d8f879f29cfc5f83084be" +SECTION = "libs" + +SRC_URI = " \ + http://libbsd.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ +" + +SRC_URI[md5sum] = "cdee252ccff978b50ad2336278c506c9" +SRC_URI[sha256sum] = "b2f644cae94a6e2fe109449c20ad79a0f6ee4faec2205b07eefa0020565e250a" + +inherit autotools pkgconfig -- cgit 1.2.3-korg