From 1d3c611dee82090d9456730e24af368b51dcb4a9 Mon Sep 17 00:00:00 2001 From: Baruch Siach Date: Mon, 30 Oct 2017 21:11:02 +0200 Subject: [PATCH] apr-util: security bump to version 1.6.1 Fixes CVE-2017-12618: Out-of-bounds access in corrupted SDBM database. Switch to bz2 compressed tarball. Use upstream provided SHA256 hash. Add license hash. Signed-off-by: Baruch Siach Signed-off-by: Thomas Petazzoni --- package/apr-util/apr-util.hash | 6 ++++-- package/apr-util/apr-util.mk | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/package/apr-util/apr-util.hash b/package/apr-util/apr-util.hash index 3db4396058..82ad475619 100644 --- a/package/apr-util/apr-util.hash +++ b/package/apr-util/apr-util.hash @@ -1,2 +1,4 @@ -# From http://archive.apache.org/dist/apr/apr-util-1.5.4.tar.gz.sha1 -sha1 72cc3ac693b52fb831063d5c0de18723bc8e0095 apr-util-1.5.4.tar.gz +# From http://www.apache.org/dist/apr/apr-util-1.6.1.tar.bz2.sha256 +sha256 d3e12f7b6ad12687572a3a39475545a072608f4ba03a6ce8a3778f607dd0035b apr-util-1.6.1.tar.bz2 +# Locally calculated +sha256 ef5609d18601645ad6fe22c6c122094be40e976725c1d0490778abacc836e7a2 LICENSE diff --git a/package/apr-util/apr-util.mk b/package/apr-util/apr-util.mk index bc0572e110..c44cef009f 100644 --- a/package/apr-util/apr-util.mk +++ b/package/apr-util/apr-util.mk @@ -4,7 +4,8 @@ # ################################################################################ -APR_UTIL_VERSION = 1.5.4 +APR_UTIL_VERSION = 1.6.1 +APR_UTIL_SOURCE = apr-util-$(APR_UTIL_VERSION).tar.bz2 APR_UTIL_SITE = http://archive.apache.org/dist/apr APR_UTIL_LICENSE = Apache-2.0 APR_UTIL_LICENSE_FILES = LICENSE -- 2.30.2