From patchwork Tue Oct 27 18:33:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabrice Fontaine X-Patchwork-Id: 1388867 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=DOTBO/zg; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CLL1n5ZJQz9sVw for ; Wed, 28 Oct 2020 05:33:32 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 3E6E48734C; Tue, 27 Oct 2020 18:33:27 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wyWw2CvUhHYl; Tue, 27 Oct 2020 18:33:25 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 1D2078734D; Tue, 27 Oct 2020 18:33:25 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id EDC691BF82D for ; Tue, 27 Oct 2020 18:33:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id EAC618695F for ; Tue, 27 Oct 2020 18:33:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YIQovIwax0ms for ; Tue, 27 Oct 2020 18:33:23 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) by whitealder.osuosl.org (Postfix) with ESMTPS id 027FF86739 for ; Tue, 27 Oct 2020 18:33:22 +0000 (UTC) Received: by mail-wr1-f67.google.com with SMTP id e17so3008341wru.12 for ; Tue, 27 Oct 2020 11:33:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=C4TX87wj2Yq3yBrTOnPIy+6rJJmo5zTeugmPvDmtCn0=; b=DOTBO/zglXRr9XmyKudiIhaLz7QsyBmJ1KIQifmWduiAjOpcHidiv3qbulLjB3Um7A LcsmZHvT+9qyMYL8Bjcj69YDBJ7kTcmfNnFVFaBED10ExKOl+bEujdwscD2qPQym74EG RdVkiKU0JqKkea89oqh8H4Zt9qPvWDlO4BXOONedPFsnDpgCZbzZPZL/adRRanxboySG GzHu+VSHSYB8GOd9wmVVrENs2giewGkYrvSaZWxZhVwPvEtCbOSSrdN3NXLbiXANaD0q NQCGvRYIlB2P3lLpiG6ClByUDqd78iPWegqc/VA9f2OZL5IOz797jBx4k4sdLBZKmQKa lO3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=C4TX87wj2Yq3yBrTOnPIy+6rJJmo5zTeugmPvDmtCn0=; b=dasx01CXDr43848xPsBilvD2SF9PO/M13qbCBjgSOgNwshJrBWKlaz4Ip3/HXbkVT/ bKJl74psWUTgql3QAUaLjE96ZPdTHnVI01Mi2jt6Jn107wFMAiI4yofWOI+Of4P7UBYO F+uGibV4sgUdGJSkV9E3VQqWLE4B5QuydYDthK/op2RirTCtSi04OgjrxNpyILry/46q xQE3j9MHcBjGa9QykRENzfw3scc1O+DJsKVa1yOeYr7jjTVHxy8/YOZ+DLkdgnG3t3Tf bEsuzxCAOh+DovgPvBToocNzF8OBbWIGC9e1ZEG6jJwfPFS2nbIIvbGf4UhTeLZb31KB SMGg== X-Gm-Message-State: AOAM5315WexCgXZjVACssDCGyQFaP4t99lfnyZenOzPRAVqbCxkLZM4k jq8FpkyIKeRCz/2bYaCkKe/Xcdd3Cphn+w== X-Google-Smtp-Source: ABdhPJyz2IirDajPk9L+7zL/SXsbA9e2bmcwRC0zBqL7wESzEeQWWUuiR6eeS7RfstBxWC/WSSkVXA== X-Received: by 2002:a5d:480b:: with SMTP id l11mr4454535wrq.225.1603823601250; Tue, 27 Oct 2020 11:33:21 -0700 (PDT) Received: from kali.home (2a01cb0881b76d00c2afd0dfa851d2b9.ipv6.abo.wanadoo.fr. [2a01:cb08:81b7:6d00:c2af:d0df:a851:d2b9]) by smtp.gmail.com with ESMTPSA id e2sm1153117wrr.85.2020.10.27.11.33.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Oct 2020 11:33:20 -0700 (PDT) From: Fabrice Fontaine To: buildroot@buildroot.org Date: Tue, 27 Oct 2020 19:33:08 +0100 Message-Id: <20201027183308.458232-1-fontaine.fabrice@gmail.com> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/memcached: security bump to version 1.6.8 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Fabrice Fontaine Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Small security related release. A remote crash is possible if UDP is enabled. The remediation is to upgrade or disable UDP. The crash was introduced in the 1.6 series. https://github.com/memcached/memcached/wiki/ReleaseNotes168 Signed-off-by: Fabrice Fontaine --- package/memcached/memcached.hash | 6 +++--- package/memcached/memcached.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/memcached/memcached.hash b/package/memcached/memcached.hash index d616c856b1..1330f6521c 100644 --- a/package/memcached/memcached.hash +++ b/package/memcached/memcached.hash @@ -1,6 +1,6 @@ -# From http://www.memcached.org/files/memcached-1.6.7.tar.gz.sha1 -sha1 49336bb0a4b7ad296422b08148581ed54edf32d0 memcached-1.6.7.tar.gz +# From http://www.memcached.org/files/memcached-1.6.8.tar.gz.sha1 +sha1 8f3efd851efc5b822bd991b93d06a271b2fac052 memcached-1.6.8.tar.gz # Locally computed -sha256 7bbdac9b031d8cfca4a1207f28df598b90ee2e9b44667f7eabd0fe1a59ca5173 memcached-1.6.7.tar.gz +sha256 e23b3a11f6ff52ac04ae5ea2e287052ce58fd1eadd394622eb65c3598fcd7939 memcached-1.6.8.tar.gz sha256 bc887c4ad8051fe690ace9528fe37a2e0bb362e6d963331d82e845ca9b585a0c COPYING diff --git a/package/memcached/memcached.mk b/package/memcached/memcached.mk index cc5227abf0..378f57a276 100644 --- a/package/memcached/memcached.mk +++ b/package/memcached/memcached.mk @@ -4,7 +4,7 @@ # ################################################################################ -MEMCACHED_VERSION = 1.6.7 +MEMCACHED_VERSION = 1.6.8 MEMCACHED_SITE = http://www.memcached.org/files MEMCACHED_DEPENDENCIES = libevent MEMCACHED_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'