ed: security bump to version 1.14.1

Fixes CVE-2017-5357: crash with some malformed commands.

Upstream now provides .tar.lz archive. Add the necessary extract command.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/ed/ed.hash b/package/ed/ed.hash
index 7871fb11bf531e849baeb5417e00077549ca3ba0..22c1e671dc1485a202c5c56ee0eb7376a8447ef5 100644 (file)
--- a/package/ed/ed.hash
+++ b/package/ed/ed.hash
@@ -1,2 +1,4 @@
-# From http://lists.gnu.org/archive/html/bug-ed/2013-06/msg00001.html
-md5    565b6d1d5a9a8816b9b304fc4ed9405d        ed-1.9.tar.gz
+# From http://lists.gnu.org/archive/html/bug-ed/2017-01/msg00002.html
+sha1   a91f785f7e16dc68e1c9c86d532ebd9698171ba0        ed-1.14.1.tar.lz
+# Locally computed
+sha256 ffb97eb8f2a2b5a71a9b97e3872adce953aa1b8958e04c5b7bf11d556f32552a        ed-1.14.1.tar.lz

diff --git a/package/ed/ed.mk b/package/ed/ed.mk
index 36f2f2ed299df2840caee2ac6968cf945258b1e0..50adeb4ec5b4a6235ab37310952303d8ebea2788 100644 (file)
--- a/package/ed/ed.mk
+++ b/package/ed/ed.mk
@@ -4,14 +4,21 @@
 #
 ################################################################################
 
-ED_VERSION = 1.9
+ED_VERSION = 1.14.1
 ED_SITE = $(BR2_GNU_MIRROR)/ed
+ED_SOURCE = ed-$(ED_VERSION).tar.lz
 ED_CONF_OPTS = \
        CC="$(TARGET_CC)" CFLAGS="$(TARGET_CFLAGS)" \
        LDFLAGS="$(TARGET_LDFLAGS)"
+ED_DEPENDENCIES = host-lzip
 ED_LICENSE = GPLv3+
 ED_LICENSE_FILES = COPYING
 
+define ED_EXTRACT_CMDS
+       $(HOST_DIR)/usr/bin/lzip -d -c $(DL_DIR)/$(ED_SOURCE) | \
+               tar --strip-components=1 -C $(@D) $(TAR_OPTIONS) -
+endef
+
 define ED_CONFIGURE_CMDS
        (cd $(@D); \
                $(TARGET_MAKE_ENV) ./configure \