Message ID | 20230915170412.855864-1-fontaine.fabrice@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/hwlock: security bump to version 2.9.3 | expand |
Fabrice, All, On 2023-09-15 19:04 +0200, Fabrice Fontaine spake thusly: > Fix CVE-2022-47022: An issue was discovered in open-mpi hwloc 2.1.0 > allows attackers to cause a denial of service or other unspecified > impacts via glibc-cpuset in topology-linux.c. > > https://github.com/open-mpi/hwloc/blob/hwloc-2.9.3/NEWS > https://github.com/open-mpi/hwloc/compare/hwloc-2.9.2...hwloc-2.9.3 > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Applied to master, thanks. Regards, Yann E. MORIN. > --- > package/hwloc/hwloc.hash | 4 ++-- > package/hwloc/hwloc.mk | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/package/hwloc/hwloc.hash b/package/hwloc/hwloc.hash > index d40315a3af..8010b857f0 100644 > --- a/package/hwloc/hwloc.hash > +++ b/package/hwloc/hwloc.hash > @@ -1,5 +1,5 @@ > # From https://www.open-mpi.org/software/hwloc/v2.9/ > -sha1 be2a4f299c0da7670d39724986268bfa3fac6aee hwloc-2.9.2.tar.bz2 > -sha256 0a87fdf677f8b00b567d229b6320bf6b25c693edaa43e0b85268d999d6b060cf hwloc-2.9.2.tar.bz2 > +sha1 76b49087619b46d71e18bd1131d35a5ccf5de791 hwloc-2.9.3.tar.bz2 > +sha256 5c4062ce556f6d3451fc177ffb8673a2120f81df6835dea6a21a90fbdfff0dec hwloc-2.9.3.tar.bz2 > # Locally computed > sha256 d79a936a42f3c6cb7c8375a023d43f4435f4664d3a5a2ea6b4623cff83c7fc06 COPYING > diff --git a/package/hwloc/hwloc.mk b/package/hwloc/hwloc.mk > index f6cf5433c4..0524ec17fd 100644 > --- a/package/hwloc/hwloc.mk > +++ b/package/hwloc/hwloc.mk > @@ -5,7 +5,7 @@ > ################################################################################ > > HWLOC_VERSION_MAJOR = 2.9 > -HWLOC_VERSION = $(HWLOC_VERSION_MAJOR).2 > +HWLOC_VERSION = $(HWLOC_VERSION_MAJOR).3 > HWLOC_SOURCE = hwloc-$(HWLOC_VERSION).tar.bz2 > HWLOC_SITE = https://download.open-mpi.org/release/hwloc/v$(HWLOC_VERSION_MAJOR) > HWLOC_LICENSE = BSD-3-Clause > -- > 2.40.1 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2022-47022: An issue was discovered in open-mpi hwloc 2.1.0 > allows attackers to cause a denial of service or other unspecified > impacts via glibc-cpuset in topology-linux.c. > https://github.com/open-mpi/hwloc/blob/hwloc-2.9.3/NEWS > https://github.com/open-mpi/hwloc/compare/hwloc-2.9.2...hwloc-2.9.3 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2023.02.x, 2023.05.x and 2023.08.x after fixing the subject, thanks.
diff --git a/package/hwloc/hwloc.hash b/package/hwloc/hwloc.hash index d40315a3af..8010b857f0 100644 --- a/package/hwloc/hwloc.hash +++ b/package/hwloc/hwloc.hash @@ -1,5 +1,5 @@ # From https://www.open-mpi.org/software/hwloc/v2.9/ -sha1 be2a4f299c0da7670d39724986268bfa3fac6aee hwloc-2.9.2.tar.bz2 -sha256 0a87fdf677f8b00b567d229b6320bf6b25c693edaa43e0b85268d999d6b060cf hwloc-2.9.2.tar.bz2 +sha1 76b49087619b46d71e18bd1131d35a5ccf5de791 hwloc-2.9.3.tar.bz2 +sha256 5c4062ce556f6d3451fc177ffb8673a2120f81df6835dea6a21a90fbdfff0dec hwloc-2.9.3.tar.bz2 # Locally computed sha256 d79a936a42f3c6cb7c8375a023d43f4435f4664d3a5a2ea6b4623cff83c7fc06 COPYING diff --git a/package/hwloc/hwloc.mk b/package/hwloc/hwloc.mk index f6cf5433c4..0524ec17fd 100644 --- a/package/hwloc/hwloc.mk +++ b/package/hwloc/hwloc.mk @@ -5,7 +5,7 @@ ################################################################################ HWLOC_VERSION_MAJOR = 2.9 -HWLOC_VERSION = $(HWLOC_VERSION_MAJOR).2 +HWLOC_VERSION = $(HWLOC_VERSION_MAJOR).3 HWLOC_SOURCE = hwloc-$(HWLOC_VERSION).tar.bz2 HWLOC_SITE = https://download.open-mpi.org/release/hwloc/v$(HWLOC_VERSION_MAJOR) HWLOC_LICENSE = BSD-3-Clause
Fix CVE-2022-47022: An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. https://github.com/open-mpi/hwloc/blob/hwloc-2.9.3/NEWS https://github.com/open-mpi/hwloc/compare/hwloc-2.9.2...hwloc-2.9.3 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/hwloc/hwloc.hash | 4 ++-- package/hwloc/hwloc.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)