dhcpcd: security bump to version 6.11.0

Fixes CVE-2014-7913: The print_option function in dhcp-common.c in dhcpcd
through 6.10.2 misinterprets the return value of the snprintf function, which
allows remote DHCP servers to execute arbitrary code or cause a denial of
service (memory corruption) via a crafted message.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/dhcpcd/dhcpcd.hash b/package/dhcpcd/dhcpcd.hash
index ea05f86812cf3075efffe15c713fab4d420f84b5..7d01ab8babae586545695f9b5ec34589c1b05ca1 100644 (file)
--- a/package/dhcpcd/dhcpcd.hash
+++ b/package/dhcpcd/dhcpcd.hash
@@ -1,2 +1,2 @@
 # Locally calculated from download (no sig, hash)
-sha256 284abf8c3be0580bbac5eaca95359346ab0d78d4072317b6ce87cc68f2e8ae7b        dhcpcd-6.10.1.tar.xz
+sha256 31c2cd327657f11c427fe5044f74c5b942e70450fa43ceabf4b25f3fd4999959        dhcpcd-6.11.0.tar.xz

diff --git a/package/dhcpcd/dhcpcd.mk b/package/dhcpcd/dhcpcd.mk
index 5d1388d5a7dd5c1aab9505a3883108be46e1491b..0cb911809d7375a6395dc63cafb02f7578dea494 100644 (file)
--- a/package/dhcpcd/dhcpcd.mk
+++ b/package/dhcpcd/dhcpcd.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DHCPCD_VERSION = 6.10.1
+DHCPCD_VERSION = 6.11.0
 DHCPCD_SOURCE = dhcpcd-$(DHCPCD_VERSION).tar.xz
 DHCPCD_SITE = http://roy.marples.name/downloads/dhcpcd
 DHCPCD_DEPENDENCIES = host-pkgconf