From: Baruch Siach Date: Tue, 12 Mar 2019 12:12:30 +0000 (+0200) Subject: package/file: security bump to version 5.36 X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=14d6e6df7bcfd7d46811a812610ec87b0b249088;p=buildroot.git package/file: security bump to version 5.36 CVE-2019-8906: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. CVE-2019-8904: do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. Update license files hashes; removal of trailing white spaces. Signed-off-by: Baruch Siach Signed-off-by: Peter Korsgaard --- diff --git a/package/file/file.hash b/package/file/file.hash index c279dff6e1..7948e856ee 100644 --- a/package/file/file.hash +++ b/package/file/file.hash @@ -1,5 +1,7 @@ -# Locally calculated -sha256 f15a50dbbfa83fec0bd1161e8e191b092ec832720e30cd14536e044ac623b20a file-5.34.tar.gz -sha256 3c0ad13c36f891a9b4f951e59eb2fc108065a46f849697cc6fd3cdb41cc23a3d COPYING -sha256 d98ee4d8d95e7d021a5dfc41f137ecc3b624a7b98e8bd793130202d12a21ed57 src/mygetopt.h -sha256 85e358d575ad4ac5b38b623a25b24246ccff3c7e680d930c0a9ff5228fe434b6 src/vasprintf.c +# Locally calculated after verifying signature +# ftp://ftp.astron.com/pub/file/file-5.36.tar.gz.asc +# using key BE04995BA8F90ED0C0C176C471112AB16CB33B3A +sha256 fb608290c0fd2405a8f63e5717abf6d03e22e183fb21884413d1edd918184379 file-5.36.tar.gz +sha256 0bfa856a9930bddadbef95d1be1cf4e163c0be618e76ea3275caaf255283e274 COPYING +sha256 4ccb60d623884ef637af4a5bc16b2cb350163e2135e967655837336019a64462 src/mygetopt.h +sha256 7ac061e1a1c840c4dfa0573aec6f3497676c9295b5ec4190d3576646eb1646bf src/vasprintf.c diff --git a/package/file/file.mk b/package/file/file.mk index b5b12978bc..1a835015a7 100644 --- a/package/file/file.mk +++ b/package/file/file.mk @@ -4,7 +4,7 @@ # ################################################################################ -FILE_VERSION = 5.34 +FILE_VERSION = 5.36 FILE_SITE = ftp://ftp.astron.com/pub/file FILE_DEPENDENCIES = host-file zlib HOST_FILE_DEPENDENCIES = host-zlib