From 72c6b6257fd98cf8f6a37e9f14b98a3a3844e5da Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Wed, 10 Feb 2016 14:18:24 -0800 Subject: [PATCH] libbsd: Security fix and update 0.8.2 This update includes: CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd libbsd 0.8.1 and earlier contains a buffer overflow in the function fgetwln(). An if checks if it is necessary to reallocate memory in the target buffer. However this check is off by one, therefore an out of bounds write happens. Upstream has released version 0.8.2 to fix this. (From OE-Core rev: 29053ff82bf28da45eef9d7e85d6d3ce7060daf6) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- .../libbsd/{libbsd_0.8.1.bb => libbsd_0.8.2.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-support/libbsd/{libbsd_0.8.1.bb => libbsd_0.8.2.bb} (91%) diff --git a/meta/recipes-support/libbsd/libbsd_0.8.1.bb b/meta/recipes-support/libbsd/libbsd_0.8.2.bb similarity index 91% rename from meta/recipes-support/libbsd/libbsd_0.8.1.bb rename to meta/recipes-support/libbsd/libbsd_0.8.2.bb index 45420d55e6..3335386d8f 100644 --- a/meta/recipes-support/libbsd/libbsd_0.8.1.bb +++ b/meta/recipes-support/libbsd/libbsd_0.8.2.bb @@ -37,7 +37,7 @@ SRC_URI = " \ http://libbsd.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ " -SRC_URI[md5sum] = "f3daff0283af6e30f25d68be2deac4ef" -SRC_URI[sha256sum] = "adbc8781ad720bce939b689f38a9f0247732a36792147a7c28027c393c2af9b0" +SRC_URI[md5sum] = "cdee252ccff978b50ad2336278c506c9" +SRC_URI[sha256sum] = "b2f644cae94a6e2fe109449c20ad79a0f6ee4faec2205b07eefa0020565e250a" inherit autotools pkgconfig