From patchwork Mon Dec  2 17:55:47 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fabrice Fontaine <fontaine.fabrice@gmail.com>
X-Patchwork-Id: 1203240
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=busybox.net (client-ip=140.211.166.133;
	helo=hemlock.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="RyLXbPoN"; dkim-atps=neutral
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 47RXp43Z1gz9sPT
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Tue,  3 Dec 2019 04:55:24 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id 1CF8388521;
	Mon,  2 Dec 2019 17:55:22 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id LM3fOsfEkcQ3; Mon,  2 Dec 2019 17:55:21 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id 139AD885BB;
	Mon,  2 Dec 2019 17:55:21 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	by ash.osuosl.org (Postfix) with ESMTP id 8B4E91BF395
	for <buildroot@lists.busybox.net>;
	Mon,  2 Dec 2019 17:55:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 80C4420494
	for <buildroot@lists.busybox.net>;
	Mon,  2 Dec 2019 17:55:19 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id rzD8irmo3Wo4 for <buildroot@lists.busybox.net>;
	Mon,  2 Dec 2019 17:55:18 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com
	[209.85.221.45])
	by silver.osuosl.org (Postfix) with ESMTPS id 9A18420347
	for <buildroot@buildroot.org>; Mon,  2 Dec 2019 17:55:18 +0000 (UTC)
Received: by mail-wr1-f45.google.com with SMTP id g17so281619wro.2
	for <buildroot@buildroot.org>; Mon, 02 Dec 2019 09:55:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=BM2YjQp6RWzzmoCFTJN4fQhybRcAioog8lskUH0EiPQ=;
	b=RyLXbPoNUmLkOZoOWYxat6mJf2l8hKl7Zs8Na/O0lCaV6YQBiBjddprWYFbjIWqXC1
	/c93gmuUaJ1ub2Zhg+YEFD1HlETke5FrWhaa5emumpKPy3p1+lY9926E9zN0eUcIxFz6
	Vdy2W6MysI1l4JTqu5CriSSFe3uGKIcFgdWoAxvONsSCCAIi3Dcl5T5fOCgbWF3QULVt
	ayYwytTLTP1DmLQoJrml0RHacn+x8bI0gSZVqIrEToD1IGzmHZL9Ow+aNiL3dJBCkfr4
	NfbxTQ8Qa1cl6ErSuAgMtJfmRwGZQZ1a2VSOlOiNUkMCFS5ygLev8+cdx0xWvVl/yobz
	PgvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=BM2YjQp6RWzzmoCFTJN4fQhybRcAioog8lskUH0EiPQ=;
	b=LX1rUWQ6/Sx4FNNwuDRVmvJt5QGuMGcId8+AaVJZX+MKtSf2o4oI19645SUqVPCCmU
	9Hhh9dxSj6/sjItNXhQ8tum8klitFRjcotU6lR8yhMa3sM5vJho+1NHAFFApFPJN00Gn
	c1+81ZkqKUphEitoyfPggCp6Kzvvz+lJgHb3lumHHlhbnCJow6aJl46RDHync0DfG52l
	KqVU9ad2YEHShWISXsw2BiNEFg1gVkPAT7vxJXjrUdvkNuw4wL176O07wO4R0hjVA/9w
	jFPRN5vyRl+CyoRrijEjVnoXnGqb2VewX2uzCSKX1meTCn4aNmvoPvj0K8Z/FSqLhc+P
	GI+w==
X-Gm-Message-State: APjAAAVEVKzSzC7jL5htqG9YM/mt3pS4eCzBRZs1MIwO3vqOnwWwVnT2
	JJCv8t4dN3Ob+uMhugt90Bp8zC/3
X-Google-Smtp-Source: 
 APXvYqwPPVnEw6Oy40I04jLu+cpYlmcWcOZWRhfxs1boeywPHIm2LfIbMpx6KdNjAG3yMRC4A9WA4g==
X-Received: by 2002:a5d:4d0e:: with SMTP id z14mr147135wrt.208.1575309316556;
	Mon, 02 Dec 2019 09:55:16 -0800 (PST)
Received: from kali.home (lfbn-ren-1-602-70.w81-53.abo.wanadoo.fr.
	[81.53.179.70]) by smtp.gmail.com with ESMTPSA id
	d9sm173981wrj.10.2019.12.02.09.55.15
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Mon, 02 Dec 2019 09:55:15 -0800 (PST)
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Date: Mon,  2 Dec 2019 18:55:47 +0100
Message-Id: <20191202175547.1306922-1-fontaine.fabrice@gmail.com>
X-Mailer: git-send-email 2.24.0
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 1/1] package/rabbitmq-c: security bump to
	version 0.10.0
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>,
	Joris Lijssens <joris.lijssens@gmail.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Add additional input validation to prevent integer overflow when parsing
a frame header. This addresses CVE-2019-18609.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/rabbitmq-c/rabbitmq-c.hash | 2 +-
 package/rabbitmq-c/rabbitmq-c.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/rabbitmq-c/rabbitmq-c.hash b/package/rabbitmq-c/rabbitmq-c.hash
index 19fd1cf064..eb57626518 100644
--- a/package/rabbitmq-c/rabbitmq-c.hash
+++ b/package/rabbitmq-c/rabbitmq-c.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256 316c0d156452b488124806911a62e0c2aa8a546d38fc8324719cd29aaa493024 rabbitmq-c-0.9.0.tar.gz
+sha256 6455efbaebad8891c59f274a852b75b5cc51f4d669dfc78d2ae7e6cc97fcd8c0 rabbitmq-c-0.10.0.tar.gz
 sha256 94a12c906acb31a66c2c8a6c1b6e46cab52bc5694c5ada2a06d86b05d3d3f422 LICENSE-MIT
diff --git a/package/rabbitmq-c/rabbitmq-c.mk b/package/rabbitmq-c/rabbitmq-c.mk
index 63e05099d9..e059ff706c 100644
--- a/package/rabbitmq-c/rabbitmq-c.mk
+++ b/package/rabbitmq-c/rabbitmq-c.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-RABBITMQ_C_VERSION = 0.9.0
+RABBITMQ_C_VERSION = 0.10.0
 RABBITMQ_C_SITE = $(call github,alanxz,rabbitmq-c,v$(RABBITMQ_C_VERSION))
 RABBITMQ_C_LICENSE = MIT
 RABBITMQ_C_LICENSE_FILES = LICENSE-MIT