[1/1] package/hwlock: security bump to version 2.9.3

Message ID	20230915170412.855864-1-fontaine.fabrice@gmail.com
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> From: Fabrice Fontaine <fontaine.fabrice@gmail.com> To: buildroot@buildroot.org Date: Fri, 15 Sep 2023 19:04:12 +0200 Message-Id: <20230915170412.855864-1-fontaine.fabrice@gmail.com> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1694797458; x=1695402258; darn=buildroot.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=oNUN5XthK5JL2M6IK/2F/4zA5JezWTelmoWJ7VfilTA=; b=LtpZdjCshk+gIQ39+RhSlRrIj4zS+WK442uU0Q1hiB+E/jhMeYBItnJ60fXVn1f/3C h0822JvZrkaRaf+1r4wzHfWL6z7dWunEdEXVj/kp1T1wdCxL0oDeLAZq8Je8Ot4O9MwM vzwqsqGdHlcN9J5MhIWuwBbA3firpHOCSv57vGnVV6wX6yHerxgIar8OzcWJ3w4x81UA nDlCD2Tpd2c4BEbG/Av6QnTLvYWMYvX6N+BKQgm6gwKmmtJatILI3tcio/vX+Qzgxiuk 4CsPv1tEu+CxycNbsElw723+WyMB490MI7xvmRNwp0yhJpurRMHJbrPOHcz/4Hz7vDCH a0LQ== X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=LtpZdjCs Subject: [Buildroot] [PATCH 1/1] package/hwlock: security bump to version 2.9.3 Precedence: list Cc: Steven Noonan <steven@uplinklabs.net>, Fabrice Fontaine <fontaine.fabrice@gmail.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	[1/1] package/hwlock: security bump to version 2.9.3 \| expand [1/1] package/hwlock: security bump to version 2.9.3

Message ID

20230915170412.855864-1-fontaine.fabrice@gmail.com

State

Accepted

Headers

From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Date: Fri, 15 Sep 2023 19:04:12 +0200
Message-Id: <20230915170412.855864-1-fontaine.fabrice@gmail.com>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp3.osuosl.org;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.a=rsa-sha256 header.s=20230601 header.b=LtpZdjCs
Subject: [Buildroot] [PATCH 1/1] package/hwlock: security bump to version
 2.9.3
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
Cc: Steven Noonan <steven@uplinklabs.net>,
 Fabrice Fontaine <fontaine.fabrice@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

[1/1] package/hwlock: security bump to version 2.9.3 | expand

Commit Message

Fabrice Fontaine Sept. 15, 2023, 5:04 p.m. UTC

Fix CVE-2022-47022: An issue was discovered in open-mpi hwloc 2.1.0
allows attackers to cause a denial of service or other unspecified
impacts via glibc-cpuset in topology-linux.c.

https://github.com/open-mpi/hwloc/blob/hwloc-2.9.3/NEWS
https://github.com/open-mpi/hwloc/compare/hwloc-2.9.2...hwloc-2.9.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/hwloc/hwloc.hash | 4 ++--
 package/hwloc/hwloc.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

Comments

Yann E. MORIN Sept. 15, 2023, 9:24 p.m. UTC | #1

Fabrice, All,

On 2023-09-15 19:04 +0200, Fabrice Fontaine spake thusly:
> Fix CVE-2022-47022: An issue was discovered in open-mpi hwloc 2.1.0
> allows attackers to cause a denial of service or other unspecified
> impacts via glibc-cpuset in topology-linux.c.
> 
> https://github.com/open-mpi/hwloc/blob/hwloc-2.9.3/NEWS
> https://github.com/open-mpi/hwloc/compare/hwloc-2.9.2...hwloc-2.9.3
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/hwloc/hwloc.hash | 4 ++--
>  package/hwloc/hwloc.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/hwloc/hwloc.hash b/package/hwloc/hwloc.hash
> index d40315a3af..8010b857f0 100644
> --- a/package/hwloc/hwloc.hash
> +++ b/package/hwloc/hwloc.hash
> @@ -1,5 +1,5 @@
>  # From https://www.open-mpi.org/software/hwloc/v2.9/
> -sha1  be2a4f299c0da7670d39724986268bfa3fac6aee  hwloc-2.9.2.tar.bz2
> -sha256  0a87fdf677f8b00b567d229b6320bf6b25c693edaa43e0b85268d999d6b060cf  hwloc-2.9.2.tar.bz2
> +sha1  76b49087619b46d71e18bd1131d35a5ccf5de791  hwloc-2.9.3.tar.bz2
> +sha256  5c4062ce556f6d3451fc177ffb8673a2120f81df6835dea6a21a90fbdfff0dec  hwloc-2.9.3.tar.bz2
>  # Locally computed
>  sha256  d79a936a42f3c6cb7c8375a023d43f4435f4664d3a5a2ea6b4623cff83c7fc06  COPYING
> diff --git a/package/hwloc/hwloc.mk b/package/hwloc/hwloc.mk
> index f6cf5433c4..0524ec17fd 100644
> --- a/package/hwloc/hwloc.mk
> +++ b/package/hwloc/hwloc.mk
> @@ -5,7 +5,7 @@
>  ################################################################################
>  
>  HWLOC_VERSION_MAJOR = 2.9
> -HWLOC_VERSION = $(HWLOC_VERSION_MAJOR).2
> +HWLOC_VERSION = $(HWLOC_VERSION_MAJOR).3
>  HWLOC_SOURCE = hwloc-$(HWLOC_VERSION).tar.bz2
>  HWLOC_SITE = https://download.open-mpi.org/release/hwloc/v$(HWLOC_VERSION_MAJOR)
>  HWLOC_LICENSE = BSD-3-Clause
> -- 
> 2.40.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

Peter Korsgaard Sept. 24, 2023, 6:57 p.m. UTC | #2

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2022-47022: An issue was discovered in open-mpi hwloc 2.1.0
 > allows attackers to cause a denial of service or other unspecified
 > impacts via glibc-cpuset in topology-linux.c.

 > https://github.com/open-mpi/hwloc/blob/hwloc-2.9.3/NEWS
 > https://github.com/open-mpi/hwloc/compare/hwloc-2.9.2...hwloc-2.9.3

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2023.02.x, 2023.05.x and 2023.08.x after fixing the
subject, thanks.

diff --git a/package/hwloc/hwloc.hash b/package/hwloc/hwloc.hash
index d40315a3af..8010b857f0 100644
--- a/package/hwloc/hwloc.hash
+++ b/package/hwloc/hwloc.hash
@@ -1,5 +1,5 @@ 
 # From https://www.open-mpi.org/software/hwloc/v2.9/
-sha1  be2a4f299c0da7670d39724986268bfa3fac6aee  hwloc-2.9.2.tar.bz2
-sha256  0a87fdf677f8b00b567d229b6320bf6b25c693edaa43e0b85268d999d6b060cf  hwloc-2.9.2.tar.bz2
+sha1  76b49087619b46d71e18bd1131d35a5ccf5de791  hwloc-2.9.3.tar.bz2
+sha256  5c4062ce556f6d3451fc177ffb8673a2120f81df6835dea6a21a90fbdfff0dec  hwloc-2.9.3.tar.bz2
 # Locally computed
 sha256  d79a936a42f3c6cb7c8375a023d43f4435f4664d3a5a2ea6b4623cff83c7fc06  COPYING
diff --git a/package/hwloc/hwloc.mk b/package/hwloc/hwloc.mk
index f6cf5433c4..0524ec17fd 100644
--- a/package/hwloc/hwloc.mk
+++ b/package/hwloc/hwloc.mk
@@ -5,7 +5,7 @@ 
 ################################################################################
 
 HWLOC_VERSION_MAJOR = 2.9
-HWLOC_VERSION = $(HWLOC_VERSION_MAJOR).2
+HWLOC_VERSION = $(HWLOC_VERSION_MAJOR).3
 HWLOC_SOURCE = hwloc-$(HWLOC_VERSION).tar.bz2
 HWLOC_SITE = https://download.open-mpi.org/release/hwloc/v$(HWLOC_VERSION_MAJOR)
 HWLOC_LICENSE = BSD-3-Clause

[1/1] package/hwlock: security bump to version 2.9.3

Commit Message

Comments

Patch