summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-09-14 14:34:38 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-09-23 15:26:30 +0100
commit5ebac39d1d6dcf041e05002c0b8bf18bfb38e6d3 (patch)
tree75ac0e80ee128240fa9c49cf65c82831edaa4bfb
parentf4ea85d9c33a18f9e18e789a3399cf2d5c4f8164 (diff)
downloadopenembedded-core-contrib-5ebac39d1d6dcf041e05002c0b8bf18bfb38e6d3.tar.gz
openembedded-core-contrib-5ebac39d1d6dcf041e05002c0b8bf18bfb38e6d3.tar.bz2
openembedded-core-contrib-5ebac39d1d6dcf041e05002c0b8bf18bfb38e6d3.zip
dropbear: upgrade to 2016.72
The upgrade addresses CVE-2016-3116: - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116 References: https://matt.ucc.asn.au/dropbear/CHANGES https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3116 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta/recipes-core/dropbear/dropbear_2015.71.bb5
-rw-r--r--meta/recipes-core/dropbear/dropbear_2016.72.bb4
2 files changed, 4 insertions, 5 deletions
diff --git a/meta/recipes-core/dropbear/dropbear_2015.71.bb b/meta/recipes-core/dropbear/dropbear_2015.71.bb
deleted file mode 100644
index 6332579e77..0000000000
--- a/meta/recipes-core/dropbear/dropbear_2015.71.bb
+++ /dev/null
@@ -1,5 +0,0 @@
-require dropbear.inc
-
-SRC_URI[md5sum] = "2ccc0a2f3e37ca221db12c5af6a88137"
-SRC_URI[sha256sum] = "376214169c0e187ee9f48ae1a99b3f835016ad5b98ede4bfd1cf581deba783af"
-
diff --git a/meta/recipes-core/dropbear/dropbear_2016.72.bb b/meta/recipes-core/dropbear/dropbear_2016.72.bb
new file mode 100644
index 0000000000..1385efd0aa
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear_2016.72.bb
@@ -0,0 +1,4 @@
+require dropbear.inc
+
+SRC_URI[md5sum] = "96226b82725a8cbecad9fc738930d1d2"
+SRC_URI[sha256sum] = "9323766d3257699fd7d6e7b282c5a65790864ab32fd09ac73ea3d46c9ca2d681"