From patchwork Tue Nov  1 22:59:30 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gustavo Zacarias <gustavo@zacarias.com.ar>
X-Patchwork-Id: 690215
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3t7mrw49HZz9t17
	for <incoming@patchwork.ozlabs.org>;
	Wed,  2 Nov 2016 09:59:44 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=zacarias.com.ar header.i=@zacarias.com.ar
	header.b=rZxnRqde; dkim-atps=neutral
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 93EDB91F19;
	Tue,  1 Nov 2016 22:59:42 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id odhgXBfP7hxU; Tue,  1 Nov 2016 22:59:40 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by whitealder.osuosl.org (Postfix) with ESMTP id 0111D91EF8;
	Tue,  1 Nov 2016 22:59:40 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id 013311C2C3A
	for <buildroot@lists.busybox.net>;
	Tue,  1 Nov 2016 22:59:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id F135891EFF
	for <buildroot@lists.busybox.net>;
	Tue,  1 Nov 2016 22:59:38 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 7W4Drcv24TcP for <buildroot@lists.busybox.net>;
	Tue,  1 Nov 2016 22:59:38 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from www.zacarias.com.ar (www.zacarias.com.ar [176.9.42.171])
	by whitealder.osuosl.org (Postfix) with ESMTPS id 03A2691EF9
	for <buildroot@busybox.net>; Tue,  1 Nov 2016 22:59:37 +0000 (UTC)
Received: from asgard (cpe-190-55-196-87.telecentro-reversos.com.ar
	[190.55.196.87] (may be forged)) (authenticated bits=0)
	by www.zacarias.com.ar (8.15.2/8.15.2) with ESMTPSA id uA1MxU8o005254
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
	Tue, 1 Nov 2016 22:59:33 GMT
DMARC-Filter: OpenDMARC Filter v1.3.1 www.zacarias.com.ar uA1MxU8o005254
Authentication-Results: zacarias.com.ar;
	dmarc=fail header.from=zacarias.com.ar
Authentication-Results: zacarias.com.ar;
	spf=pass smtp.mailfrom=gustavo@zacarias.com.ar
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=zacarias.com.ar;
	s=dkey; t=1478041175;
	bh=XXYIkr3gm5nCoyAbGzTxLZUXBcI+W1Z7Qk0LzYWtyKE=;
	h=From:To:Cc:Subject:Date;
	b=rZxnRqdeyarzpP2AI0V0pPgdtUWiBV7AEEUrrKmXrQZ6jPJ2iwqC+dChzwY2caKTM
	h1B9k9rrtwDIN/AwMNkOCISJ4+QzRo/pduNnDAqQEdliP87kFN4tV25nnVmCBC8iFi
	EEMkNUUqEADnR3gqF2jhj6rANRkT696CLhvta2Ug=
Received: by asgard (sSMTP sendmail emulation);
	Tue, 01 Nov 2016 19:59:30 -0300
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
To: buildroot@busybox.net
Date: Tue,  1 Nov 2016 19:59:30 -0300
Message-Id: <1478041170-5083-1-git-send-email-gustavo@zacarias.com.ar>
X-Mailer: git-send-email 2.7.3
X-Virus-Scanned: clamav-milter 0.99 at www
X-Virus-Status: Clean
Subject: [Buildroot] [PATCH] memcached: security bump to version 1.4.33
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Fixes:
CVE-2016-8704 - server append/prepend remote code execution
vulnerability.
CVE-2016-8705 - server update remote code execution vulnerability.
CVE-2016-8706 - server SASL authentication remote code execution
vulnerability.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/memcached/memcached.hash | 6 +++---
 package/memcached/memcached.mk   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/memcached/memcached.hash b/package/memcached/memcached.hash
index dbc0c0d..256442a 100644
--- a/package/memcached/memcached.hash
+++ b/package/memcached/memcached.hash
@@ -1,4 +1,4 @@
-# From http://www.memcached.org/files/memcached-1.4.32.tar.gz.sha1
-sha1	cbec6b533fe037b5ad5c54d111e0d30bc9db4424	memcached-1.4.32.tar.gz
+# From http://www.memcached.org/files/memcached-1.4.33.tar.gz.sha1
+sha1	e343530c55946ccbdd78c488355b02eaf90b3b46	memcached-1.4.33.tar.gz
 # Calculated based on the hash above
-sha256	54bb9acd5fbbb73cd1fbfa67cbc6b301009a2835a26c8a4c3dba634a0c3d875d	memcached-1.4.32.tar.gz
+sha256	83726c8d68258c56712373072abb25a449c257398075a39ec0867fd8ba69771d	memcached-1.4.33.tar.gz
diff --git a/package/memcached/memcached.mk b/package/memcached/memcached.mk
index 2d84574..74cf6b8 100644
--- a/package/memcached/memcached.mk
+++ b/package/memcached/memcached.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MEMCACHED_VERSION = 1.4.32
+MEMCACHED_VERSION = 1.4.33
 MEMCACHED_SITE = http://www.memcached.org/files
 MEMCACHED_DEPENDENCIES = libevent
 MEMCACHED_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'