dhcpcd: security bump to version 6.10.0

Fixes:
CVE-2016-1503 - heap overflow via malformed dhcp responses later in
print_option (via dhcp_envoption1) due to incorrect option length
values.
CVE-2016-1504 - invalid read/crash via malformed dhcp responses.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/dhcpcd/dhcpcd.hash b/package/dhcpcd/dhcpcd.hash
index 94ab89eae3aecaca1352b49e56efa19a88a8dbc6..18ffaed4d1e7807673ed0e6fe1afe43c73534f0a 100644 (file)
--- a/package/dhcpcd/dhcpcd.hash
+++ b/package/dhcpcd/dhcpcd.hash
@@ -1,2 +1,2 @@
 # Locally calculated from download (no sig, hash)
-sha256 c3f3ff7473ef158a1e71db9aea7424df2c3477ad064e2b542f27948a5abc9ba0        dhcpcd-6.9.4.tar.xz
+sha256 ab56af9b2e86913c55a965cb0f835e87749df78318564acf90d5d698f413ad35        dhcpcd-6.10.0.tar.xz

diff --git a/package/dhcpcd/dhcpcd.mk b/package/dhcpcd/dhcpcd.mk
index 2d0cb0cd360572fb5f6d083396a244056873b29c..27e06665023f16da93da8690eac428d05a3c9479 100644 (file)
--- a/package/dhcpcd/dhcpcd.mk
+++ b/package/dhcpcd/dhcpcd.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DHCPCD_VERSION = 6.9.4
+DHCPCD_VERSION = 6.10.0
 DHCPCD_SOURCE = dhcpcd-$(DHCPCD_VERSION).tar.xz
 DHCPCD_SITE = http://roy.marples.name/downloads/dhcpcd
 DHCPCD_DEPENDENCIES = host-pkgconf