[2/2] package/v4l2loopback: security bump to version 0.12.7

Message ID	20220826213447.47029-2-fontaine.fabrice@gmail.com
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> From: Fabrice Fontaine <fontaine.fabrice@gmail.com> To: buildroot@buildroot.org Date: Fri, 26 Aug 2022 23:34:47 +0200 Message-Id: <20220826213447.47029-2-fontaine.fabrice@gmail.com> In-Reply-To: <20220826213447.47029-1-fontaine.fabrice@gmail.com> References: <20220826213447.47029-1-fontaine.fabrice@gmail.com> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=xh2d31hNpXfcMfTgrERYOsT4isLPhxZ170zPgXYOTEE=; b=D5hwIOGAHexcMld598F97azSqWC88Gnqse7wLuHxznmfSljZA2JBICEP3jzsZzw+4k yCyC1rvdQK6LGUxv+puS7C15NNBGlB9YxMDSCOnB9dz8FAn7RM5XtX88RK+Tn/ktuX59 J+F3PISDwHY0VZ0J7NSoaUqXY8eWAQsMfB3JTC8o/Fgr0dPxtYdglCwfA+g4zsvqfHAY D+I8yRq4frm9q6XGilAXP2rRSWti36ojyC2iigcUL76XuffpfQZjRhaZ7HQcdBAeLiWK cV/1SEQxb/0rY5TvZcYBlbelsagVgzSPinBmgW8J+Aviw1SFfN1yonvDrFOnNenHYYb5 +c9Q== X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=D5hwIOGA Subject: [Buildroot] [PATCH 2/2] package/v4l2loopback: security bump to version 0.12.7 Precedence: list Cc: Alexandre Esse <alexandre.esse.dev@gmail.com>, Fabrice Fontaine <fontaine.fabrice@gmail.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	[1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR \| expand [1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR [2/2] package/v4l2loopback: security bump to version 0.12.7

Message ID

20220826213447.47029-2-fontaine.fabrice@gmail.com

State

Accepted

Headers

From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Date: Fri, 26 Aug 2022 23:34:47 +0200
Message-Id: <20220826213447.47029-2-fontaine.fabrice@gmail.com>
In-Reply-To: <20220826213447.47029-1-fontaine.fabrice@gmail.com>
References: <20220826213447.47029-1-fontaine.fabrice@gmail.com>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp1.osuosl.org;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.a=rsa-sha256 header.s=20210112 header.b=D5hwIOGA
Subject: [Buildroot] [PATCH 2/2] package/v4l2loopback: security bump to
 version 0.12.7
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
Cc: Alexandre Esse <alexandre.esse.dev@gmail.com>,
 Fabrice Fontaine <fontaine.fabrice@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

[1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR | expand

Commit Message

Fabrice Fontaine Aug. 26, 2022, 9:34 p.m. UTC

Fix CVE-2022-2652: Depending on the way the format strings in the card
label are crafted it's possible to leak kernel stack memory. There is
also the possibility for DoS due to the v4l2loopback kernel module
crashing when providing the card label on request (reproduce e.g. with
many %s modifiers in a row).

https://github.com/umlaeute/v4l2loopback/blob/v0.12.7/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/v4l2loopback/v4l2loopback.hash | 2 +-
 package/v4l2loopback/v4l2loopback.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Comments

Peter Korsgaard Sept. 17, 2022, 3:50 p.m. UTC | #1

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2022-2652: Depending on the way the format strings in the card
 > label are crafted it's possible to leak kernel stack memory. There is
 > also the possibility for DoS due to the v4l2loopback kernel module
 > crashing when providing the card label on request (reproduce e.g. with
 > many %s modifiers in a row).

 > https://github.com/umlaeute/v4l2loopback/blob/v0.12.7/ChangeLog

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2022.05.x and 2022.02.x, thanks.

diff --git a/package/v4l2loopback/v4l2loopback.hash b/package/v4l2loopback/v4l2loopback.hash
index f4491e02d0..d897fd48ff 100644
--- a/package/v4l2loopback/v4l2loopback.hash
+++ b/package/v4l2loopback/v4l2loopback.hash
@@ -1,3 +1,3 @@ 
 # Locally calculated
-sha256  e152cd6df6a8add172fb74aca3a9188264823efa5a2317fe960d45880b9406ae  v4l2loopback-0.12.5.tar.gz
+sha256  e0782b8abe8f2235e2734f725dc1533a0729e674c4b7834921ade43b9f04939b  v4l2loopback-0.12.7.tar.gz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/v4l2loopback/v4l2loopback.mk b/package/v4l2loopback/v4l2loopback.mk
index 6ee4b69ef9..84e1927ce3 100644
--- a/package/v4l2loopback/v4l2loopback.mk
+++ b/package/v4l2loopback/v4l2loopback.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-V4L2LOOPBACK_VERSION = 0.12.5
+V4L2LOOPBACK_VERSION = 0.12.7
 V4L2LOOPBACK_SITE = $(call github,umlaeute,v4l2loopback,v$(V4L2LOOPBACK_VERSION))
 V4L2LOOPBACK_LICENSE = GPL-2.0+
 V4L2LOOPBACK_LICENSE_FILES = COPYING

[2/2] package/v4l2loopback: security bump to version 0.12.7

Commit Message

Comments

Patch