package/rdesktop: security bump to version 1.8.6

- Fix CVE-2019-15682: RDesktop version 1.8.4 contains multiple
  out-of-bound access read vulnerabilities in its code, which results in
  a denial of service (DoS) condition. This attack appear to be
  exploitable via network connectivity. These issues have been fixed in
  version 1.8.5
- Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

diff --git a/package/rdesktop/rdesktop.hash b/package/rdesktop/rdesktop.hash
index a43fab76fae10007944d3ba677a181f33f4e9186..d42ab59be18bff39a24b8c63c9971b6706b61410 100644 (file)
--- a/package/rdesktop/rdesktop.hash
+++ b/package/rdesktop/rdesktop.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256 516f04df92f16eba04c96bbf9aeb05b9da686689c2bb5c107e0941583e09f933        rdesktop-1.8.4.tar.gz
-sha256 fc82ca8b6fdb18d4e3e85cfd8ab58d1bcd3f1b29abe782895abd91d64763f8e7        COPYING
+sha256  ffb9f8e2f0b7a06e383e550698bdc9734ae33eb3ec971b0a094078434a4bba6d  rdesktop-1.8.6.tar.gz
+sha256  fc82ca8b6fdb18d4e3e85cfd8ab58d1bcd3f1b29abe782895abd91d64763f8e7  COPYING

diff --git a/package/rdesktop/rdesktop.mk b/package/rdesktop/rdesktop.mk
index d97422cf13d152259af342acb11b5dd42cbf05a1..491fd60407eab3b018f908e89570abcdea1927f1 100644 (file)
--- a/package/rdesktop/rdesktop.mk
+++ b/package/rdesktop/rdesktop.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-RDESKTOP_VERSION = 1.8.4
+RDESKTOP_VERSION = 1.8.6
 RDESKTOP_SITE = $(call github,rdesktop,rdesktop,v$(RDESKTOP_VERSION))
 RDESKTOP_DEPENDENCIES = host-pkgconf openssl xlib_libX11 xlib_libXt \
        $(if $(BR2_PACKAGE_ALSA_LIB_PCM),alsa-lib) \