From patchwork Thu May 27 07:04:23 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fabrice Fontaine <fontaine.fabrice@gmail.com>
X-Patchwork-Id: 1484446
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net
 (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org;
 envelope-from=buildroot-bounces@busybox.net; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=I5QRiqmk;
	dkim-atps=neutral
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4FrJj31M5Lz9sTD
	for <incoming-buildroot@patchwork.ozlabs.org>;
 Thu, 27 May 2021 17:04:38 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp2.osuosl.org (Postfix) with ESMTP id 702744023D;
	Thu, 27 May 2021 07:04:36 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
	by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id CsQOrMgedREW; Thu, 27 May 2021 07:04:35 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by smtp2.osuosl.org (Postfix) with ESMTP id D813B4026E;
	Thu, 27 May 2021 07:04:34 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
 by ash.osuosl.org (Postfix) with ESMTP id A2A3F1BF471
 for <buildroot@lists.busybox.net>; Thu, 27 May 2021 07:04:33 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id 9225740261
 for <buildroot@lists.busybox.net>; Thu, 27 May 2021 07:04:33 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id bYfQ03K4vv1P for <buildroot@lists.busybox.net>;
 Thu, 27 May 2021 07:04:32 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com
 [IPv6:2a00:1450:4864:20::32b])
 by smtp2.osuosl.org (Postfix) with ESMTPS id 37A5D4023D
 for <buildroot@buildroot.org>; Thu, 27 May 2021 07:04:32 +0000 (UTC)
Received: by mail-wm1-x32b.google.com with SMTP id
 l11-20020a05600c4f0bb029017a7cd488f5so1858764wmq.0
 for <buildroot@buildroot.org>; Thu, 27 May 2021 00:04:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=byqE+F8gu0AOKOl7fnsA7O9NNY+siCT2GIORaiyDRIU=;
 b=I5QRiqmkpC8E2nc8uMZVyZgBV0+e5bLSB/nd63d64Ud/mm47lXt7Cps0P3UFDhic10
 Jwx4t+DgbwdoEj8PMb+7WlcSlqidMYlNHxsQqBSVuz4Egfhg+CR2uuWnaPWzn9v1Ehd6
 Y9i2lAzdewliQIIGRCKDD4hfXzeSbIqQT6NnVtIh3lDGCBTYN2+QIRLG9xVz9h94GlGb
 G6kSpSBPU8pNFGwXb4nbhi1GztnGK+iZ09g+5dsJGUL8c9XQbBGP21bXBGuwkcN21Ct5
 qtkcilyJV7GdbauZxeWA3RzpIbVDwfhs47n2t5rJKTmIAOPJ+C95OCou7JIjFx3RKDi7
 YLyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=byqE+F8gu0AOKOl7fnsA7O9NNY+siCT2GIORaiyDRIU=;
 b=tMfl3Yop8GyswPG4HesjG0B9Nfs4ROAkAY6kr4rg8+wLsmllGOfP2WmF6Z8yOofV3+
 BTPmCiho4XIn9n18vpnc5i9smZFTshx6Ko87DjtBH2fhKWRVbEZ2VAg+RaeFXnuIv86U
 pjTmM4Kpdn4zP+7r1OwgZIQuVk0l+PFKULMNiOAxs602FYIdVKH7OpLwHq6jTRRQk7KS
 1umWB+AChLa6P9JK8/ob2GQaP2PhDlFgGZtI5EkigkJ3pe//HCYYl1cmLzL661n6MVCM
 I8nmIHv0YZ6XIGiD2pww4q064AD2WBj/MWuPrEMBQAzg+ZrlyifNncB2TFRS8OBY9NTB
 v2Yg==
X-Gm-Message-State: AOAM532ej2w1Mn9gqQr6cBhiNWAEq0Qn6TU3XynNNwfDAcfFeXHO+wHn
 NZvITFS6r4znGFgHx1ZrSen/vLlrMWCEaZfc
X-Google-Smtp-Source: 
 ABdhPJwJS7OCdRW9IkrhyJ5cJsJZ/ZTfv/TYacjjyVYgRKUrnwEbTTNw6bCGaqjOY877kxL9CvQFrA==
X-Received: by 2002:a1c:cc17:: with SMTP id h23mr1827916wmb.129.1622099069970;
 Thu, 27 May 2021 00:04:29 -0700 (PDT)
Received: from kali.home (lfbn-ren-1-1383-171.w86-229.abo.wanadoo.fr.
 [86.229.230.171])
 by smtp.gmail.com with ESMTPSA id q19sm8941460wmc.44.2021.05.27.00.04.29
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 27 May 2021 00:04:29 -0700 (PDT)
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Date: Thu, 27 May 2021 09:04:23 +0200
Message-Id: <20210527070423.720341-1-fontaine.fabrice@gmail.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 1/1] package/mpv: security bump to version 0.33.1
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Mahyar Koshkouei <mahyar.koshkouei@gmail.com>,
 Fabrice Fontaine <fontaine.fabrice@gmail.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Fix CVE-2021-30145: A format string vulnerability in mpv through 0.33.0
allows user-assisted remote attackers to achieve code execution via a
crafted m3u playlist file.

https://github.com/mpv-player/mpv/releases/tag/v0.33.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/mpv/mpv.hash | 2 +-
 package/mpv/mpv.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/mpv/mpv.hash b/package/mpv/mpv.hash
index 548a0f0159..0c7eb5f8a5 100644
--- a/package/mpv/mpv.hash
+++ b/package/mpv/mpv.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  f1b9baf5dc2eeaf376597c28a6281facf6ed98ff3d567e3955c95bf2459520b4  mpv-0.33.0.tar.gz
+sha256  100a116b9f23bdcda3a596e9f26be3a69f166a4f1d00910d1789b6571c46f3a9  mpv-0.33.1.tar.gz
 sha256  a99d7b0625a0566271aad6de694e52eafd566db024f9516720d526c680d3ee30  LICENSE.GPL
diff --git a/package/mpv/mpv.mk b/package/mpv/mpv.mk
index ca3b8c878a..5713b98e8e 100644
--- a/package/mpv/mpv.mk
+++ b/package/mpv/mpv.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MPV_VERSION = 0.33.0
+MPV_VERSION = 0.33.1
 MPV_SITE = $(call github,mpv-player,mpv,v$(MPV_VERSION))
 MPV_DEPENDENCIES = \
 	host-pkgconf ffmpeg libass zlib \