From: Gustavo Zacarias Date: Fri, 22 Jul 2016 23:38:34 +0000 (-0300) Subject: libidn: security bump to version 1.33 X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=153827c901c7e393a2ddd76977d89b28fdcef29d;p=buildroot.git libidn: security bump to version 1.33 Fixes: CVE-2015-8948 - out-of-bounds read in CLI tool. CVE-2016-6261 - out-of-bounds stack read in idna_to_ascii_4i. CVE-2016-6262 - followup fix to CVE-2015-8948. CVE-2016-6263 - stringprep_utf8_nfkc_normalize reject invalid UTF-8. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni --- diff --git a/package/libidn/libidn.hash b/package/libidn/libidn.hash index 20c844e121..4658a3e857 100644 --- a/package/libidn/libidn.hash +++ b/package/libidn/libidn.hash @@ -1,2 +1,4 @@ -# From http://lists.nongnu.org/archive/html/help-libidn/2015-08/msg00001.html -sha1 ddd018611b98af7c67d434aa42d15d39f45129f5 libidn-1.32.tar.gz +# From http://lists.nongnu.org/archive/html/help-libidn/2016-07/msg00009.html +sha1 57872fdc665dcc585e16f4ac0bb35374b1103f7e libidn-1.33.tar.gz +# Calculated based on the hash above +sha256 44a7aab635bb721ceef6beecc4d49dfd19478325e1b47f3196f7d2acc4930e19 libidn-1.33.tar.gz diff --git a/package/libidn/libidn.mk b/package/libidn/libidn.mk index ab43949355..99c9e2cb80 100644 --- a/package/libidn/libidn.mk +++ b/package/libidn/libidn.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBIDN_VERSION = 1.32 +LIBIDN_VERSION = 1.33 LIBIDN_SITE = $(BR2_GNU_MIRROR)/libidn LIBIDN_INSTALL_STAGING = YES LIBIDN_CONF_ENV = EMACS="no"