From 150fe3720309367185afd96f7e9931566bbb3516 Mon Sep 17 00:00:00 2001
From: Roy Li <rongqing.li@windriver.com>
Date: Wed, 29 Apr 2015 16:09:38 +0800
Subject: dpkg: upgrade to 1.17.25

upgrade to fix two CVE defects: CVE-2014-8625 and CVE-2015-0840

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8625

Multiple format string vulnerabilities in the parse_error_msg
function in parsehelp.c in dpkg before 1.17.22 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via format string specifiers in the (1) package or (2)
architecture name.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before
1.17.25 allows remote attackers to bypass signature verification
via a crafted Debian source control file (.dsc).

(From OE-Core rev: 079445990f51f98c8d4f9397dec0ed91ca2490c3)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-devtools/dpkg/dpkg_1.17.21.bb | 20 --------------------
 meta/recipes-devtools/dpkg/dpkg_1.17.25.bb | 20 ++++++++++++++++++++
 2 files changed, 20 insertions(+), 20 deletions(-)
 delete mode 100644 meta/recipes-devtools/dpkg/dpkg_1.17.21.bb
 create mode 100644 meta/recipes-devtools/dpkg/dpkg_1.17.25.bb

(limited to 'meta/recipes-devtools/dpkg')

diff --git a/meta/recipes-devtools/dpkg/dpkg_1.17.21.bb b/meta/recipes-devtools/dpkg/dpkg_1.17.21.bb
deleted file mode 100644
index ebb8671473..0000000000
--- a/meta/recipes-devtools/dpkg/dpkg_1.17.21.bb
+++ /dev/null
@@ -1,20 +0,0 @@
-require dpkg.inc
-LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
-
-SRC_URI += "file://noman.patch \
-            file://check_snprintf.patch \
-            file://check_version.patch \
-            file://preinst.patch \
-            file://fix-timestamps.patch \
-            file://remove-tar-no-timestamp.patch \
-            file://fix-abs-redefine.patch \
-            file://arch_pm.patch \
-            file://dpkg-configure.service \
-            file://glibc2.5-sync_file_range.patch \
-            file://no-vla-warning.patch \
-            file://add_armeb_triplet_entry.patch \
-           "
-
-SRC_URI[md5sum] = "765a96fd0180196613bbfa3c4aef0775"
-SRC_URI[sha256sum] = "3ed776627181cb9c1c9ba33f94a6319084be2e9ec9c23dd61ce784c4f602cf05"
-
diff --git a/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb b/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
new file mode 100644
index 0000000000..74b1dd000f
--- /dev/null
+++ b/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
@@ -0,0 +1,20 @@
+require dpkg.inc
+LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
+
+SRC_URI += "file://noman.patch \
+            file://check_snprintf.patch \
+            file://check_version.patch \
+            file://preinst.patch \
+            file://fix-timestamps.patch \
+            file://remove-tar-no-timestamp.patch \
+            file://fix-abs-redefine.patch \
+            file://arch_pm.patch \
+            file://dpkg-configure.service \
+            file://glibc2.5-sync_file_range.patch \
+            file://no-vla-warning.patch \
+            file://add_armeb_triplet_entry.patch \
+           "
+
+SRC_URI[md5sum] = "e48fcfdb2162e77d72c2a83432d537ca"
+SRC_URI[sha256sum] = "07019d38ae98fb107c79dbb3690cfadff877f153b8c4970e3a30d2e59aa66baa"
+
-- 
cgit 1.2.3-korg