From: Gustavo Zacarias Date: Tue, 11 Nov 2014 20:29:15 +0000 (-0300) Subject: zeromq: security bump to version 4.0.5 X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=4cefe929fa2a978b8335844ef3a89bde19c65434;p=buildroot.git zeromq: security bump to version 4.0.5 Fixes: CVE-2014-7202 - stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. CVE-2014-7203 - libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard --- diff --git a/package/zeromq/0001-tests-disable-test_fork-if-fork-is-not-available.patch b/package/zeromq/0001-tests-disable-test_fork-if-fork-is-not-available.patch new file mode 100644 index 0000000000..1eefdc341b --- /dev/null +++ b/package/zeromq/0001-tests-disable-test_fork-if-fork-is-not-available.patch @@ -0,0 +1,52 @@ +From b50912f2eecec1ea7accc155f8132116f8702075 Mon Sep 17 00:00:00 2001 +From: Samuel Martin +Date: Sat, 3 May 2014 12:22:38 +0200 +Subject: [PATCH] tests: disable test_fork if fork() is not available + +Signed-off-by: Samuel Martin +--- + configure.ac | 1 + + tests/Makefile.am | 8 ++++++-- + tests/Makefile.in | 8 ++++---- + 3 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 0c41604..8f8521c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -431,6 +431,7 @@ AM_CONDITIONAL(BUILD_PGM, test "x$libzmq_pgm_ext" = "xyes") + AM_CONDITIONAL(ON_MINGW, test "x$libzmq_on_mingw32" = "xyes") + AM_CONDITIONAL(ON_ANDROID, test "x$libzmq_on_android" = "xyes") + AM_CONDITIONAL(ON_LINUX, test "x$libzmq_on_linux" = "xyes") ++AM_CONDITIONAL(HAVE_FORK, test "x$ac_cv_func_fork" = "xyes") + + # Checks for library functions. + AC_TYPE_SIGNAL +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 0cfe4e8..2a1e257 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -46,8 +46,10 @@ if !ON_MINGW + noinst_PROGRAMS += test_shutdown_stress \ + test_pair_ipc \ + test_reqrep_ipc \ +- test_timeo \ +- test_fork ++ test_timeo ++if HAVE_FORK ++noinst_PROGRAMS += test_fork ++endif + endif + + test_system_SOURCES = test_system.cpp +@@ -93,8 +95,10 @@ test_shutdown_stress_SOURCES = test_shutdown_stress.cpp + test_pair_ipc_SOURCES = test_pair_ipc.cpp testutil.hpp + test_reqrep_ipc_SOURCES = test_reqrep_ipc.cpp testutil.hpp + test_timeo_SOURCES = test_timeo.cpp ++if HAVE_FORK + test_fork_SOURCES = test_fork.cpp + endif ++endif + + # Run the test cases + TESTS = $(noinst_PROGRAMS) diff --git a/package/zeromq/zeromq-0001-tests-disable-test_fork-if-fork-is-not-available.patch b/package/zeromq/zeromq-0001-tests-disable-test_fork-if-fork-is-not-available.patch deleted file mode 100644 index 1eefdc341b..0000000000 --- a/package/zeromq/zeromq-0001-tests-disable-test_fork-if-fork-is-not-available.patch +++ /dev/null @@ -1,52 +0,0 @@ -From b50912f2eecec1ea7accc155f8132116f8702075 Mon Sep 17 00:00:00 2001 -From: Samuel Martin -Date: Sat, 3 May 2014 12:22:38 +0200 -Subject: [PATCH] tests: disable test_fork if fork() is not available - -Signed-off-by: Samuel Martin ---- - configure.ac | 1 + - tests/Makefile.am | 8 ++++++-- - tests/Makefile.in | 8 ++++---- - 3 files changed, 11 insertions(+), 6 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 0c41604..8f8521c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -431,6 +431,7 @@ AM_CONDITIONAL(BUILD_PGM, test "x$libzmq_pgm_ext" = "xyes") - AM_CONDITIONAL(ON_MINGW, test "x$libzmq_on_mingw32" = "xyes") - AM_CONDITIONAL(ON_ANDROID, test "x$libzmq_on_android" = "xyes") - AM_CONDITIONAL(ON_LINUX, test "x$libzmq_on_linux" = "xyes") -+AM_CONDITIONAL(HAVE_FORK, test "x$ac_cv_func_fork" = "xyes") - - # Checks for library functions. - AC_TYPE_SIGNAL -diff --git a/tests/Makefile.am b/tests/Makefile.am -index 0cfe4e8..2a1e257 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -46,8 +46,10 @@ if !ON_MINGW - noinst_PROGRAMS += test_shutdown_stress \ - test_pair_ipc \ - test_reqrep_ipc \ -- test_timeo \ -- test_fork -+ test_timeo -+if HAVE_FORK -+noinst_PROGRAMS += test_fork -+endif - endif - - test_system_SOURCES = test_system.cpp -@@ -93,8 +95,10 @@ test_shutdown_stress_SOURCES = test_shutdown_stress.cpp - test_pair_ipc_SOURCES = test_pair_ipc.cpp testutil.hpp - test_reqrep_ipc_SOURCES = test_reqrep_ipc.cpp testutil.hpp - test_timeo_SOURCES = test_timeo.cpp -+if HAVE_FORK - test_fork_SOURCES = test_fork.cpp - endif -+endif - - # Run the test cases - TESTS = $(noinst_PROGRAMS) diff --git a/package/zeromq/zeromq.hash b/package/zeromq/zeromq.hash new file mode 100644 index 0000000000..729e7ea752 --- /dev/null +++ b/package/zeromq/zeromq.hash @@ -0,0 +1,2 @@ +# Locally calculated from download (no sig, hash) +sha256 3bc93c5f67370341428364ce007d448f4bb58a0eaabd0a60697d8086bc43342b zeromq-4.0.5.tar.gz diff --git a/package/zeromq/zeromq.mk b/package/zeromq/zeromq.mk index 59d276e89c..987c65be35 100644 --- a/package/zeromq/zeromq.mk +++ b/package/zeromq/zeromq.mk @@ -4,12 +4,13 @@ # ################################################################################ -ZEROMQ_VERSION = 4.0.4 +ZEROMQ_VERSION = 4.0.5 ZEROMQ_SITE = http://download.zeromq.org ZEROMQ_INSTALL_STAGING = YES ZEROMQ_DEPENDENCIES = util-linux ZEROMQ_LICENSE = LGPLv3+ with exceptions ZEROMQ_LICENSE_FILES = COPYING COPYING.LESSER +# For 0001-tests-disable-test_fork-if-fork-is-not-available.patch ZEROMQ_AUTORECONF = YES # Only tools/curve_keygen.c needs this, but it doesn't hurt to pass it