From: Fabrice Fontaine Date: Sat, 20 Mar 2021 09:05:25 +0000 (+0100) Subject: package/zstd: security bump to version 1.4.9 X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=74ed1b5ca09ac02a354245dc662d4cd8d11727e8;p=buildroot.git package/zstd: security bump to version 1.4.9 Fix CVE-2021-24032: Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. https://github.com/facebook/zstd/releases/tag/v1.4.9 Signed-off-by: Fabrice Fontaine Signed-off-by: Yann E. MORIN --- diff --git a/package/zstd/zstd.hash b/package/zstd/zstd.hash index c370bf8c46..a979501e5f 100644 --- a/package/zstd/zstd.hash +++ b/package/zstd/zstd.hash @@ -1,5 +1,5 @@ -# From https://github.com/facebook/zstd/releases/download/v1.4.8/zstd-1.4.8.tar.gz.sha256 -sha256 32478297ca1500211008d596276f5367c54198495cf677e9439f4791a4c69f24 zstd-1.4.8.tar.gz +# From https://github.com/facebook/zstd/releases/download/v1.4.9/zstd-1.4.9.tar.gz.sha256 +sha256 29ac74e19ea28659017361976240c4b5c5c24db3b89338731a6feb97c038d293 zstd-1.4.9.tar.gz # License files (locally computed) sha256 2c1a7fa704df8f3a606f6fc010b8b5aaebf403f3aeec339a12048f1ba7331a0b LICENSE diff --git a/package/zstd/zstd.mk b/package/zstd/zstd.mk index dba76b0909..63ea8b1b35 100644 --- a/package/zstd/zstd.mk +++ b/package/zstd/zstd.mk @@ -4,7 +4,7 @@ # ################################################################################ -ZSTD_VERSION = 1.4.8 +ZSTD_VERSION = 1.4.9 ZSTD_SITE = https://github.com/facebook/zstd/releases/download/v$(ZSTD_VERSION) ZSTD_INSTALL_STAGING = YES ZSTD_LICENSE = BSD-3-Clause or GPL-2.0