[oe-commits] Holger Hans Peter Freyther : dpkg: Upgrade to 1.14. 29 to address a flaw in dpkg-source
git version control
git at git.openembedded.org
Thu Mar 18 10:32:02 UTC 2010
Module: openembedded.git
Branch: org.openembedded.dev
Commit: 0331fa55449e686d0ecba81fdd9d3a1248461a41
URL: http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=0331fa55449e686d0ecba81fdd9d3a1248461a41
Author: Holger Hans Peter Freyther <zecke at selfish.org>
Date: Thu Mar 18 16:02:01 2010 +0800
dpkg: Upgrade to 1.14.29 to address a flaw in dpkg-source
Addresses CVE-2010-0396.
---
conf/checksums.ini | 12 ------------
.../ignore_extra_fields.patch | 0
recipes/dpkg/dpkg-native_1.14.25.bb | 3 ---
recipes/dpkg/dpkg-native_1.14.29.bb | 6 ++++++
recipes/dpkg/dpkg.inc | 2 +-
recipes/dpkg/{dpkg_1.14.25.bb => dpkg_1.14.29.bb} | 2 ++
6 files changed, 9 insertions(+), 16 deletions(-)
diff --git a/conf/checksums.ini b/conf/checksums.ini
index e8ee8c2..059b219 100644
--- a/conf/checksums.ini
+++ b/conf/checksums.ini
@@ -5718,18 +5718,6 @@ sha256=5287e943265b9efe5bd59cd1f3145d3fbf9e266df28938ad78e2107fde3c1587
md5=9c1744d32ceed71cbe1db863f64d329d
sha256=7d27f2389e05b8727c6a7126c0b65d67749c170ba143e648912a88f2fe707bca
-[ftp://ftp.debian.org/debian/pool/main/d/dpkg/dpkg_1.14.25.tar.gz]
-md5=6bf3504b07d8fe2175a5d794391280de
-sha256=545ce9830f0cf649e3b1b40d25d13989c23302623bf9b50f4c24402f63c82184
-
-[ftp://ftp.pl.debian.org/pub/debian/pool/main/d/dpkg/dpkg_1.14.25.tar.gz]
-md5=6bf3504b07d8fe2175a5d794391280de
-sha256=545ce9830f0cf649e3b1b40d25d13989c23302623bf9b50f4c24402f63c82184
-
-[ftp://ftp.us.debian.org/debian/pool/main/d/dpkg/dpkg_1.14.25.tar.gz]
-md5=6bf3504b07d8fe2175a5d794391280de
-sha256=545ce9830f0cf649e3b1b40d25d13989c23302623bf9b50f4c24402f63c82184
-
[http://xorg.freedesktop.org/releases/individual/proto/dri2proto-1.1.tar.bz2]
md5=1d70f0653b0b3a837853262dc5d34da4
sha256=69def6d1f64b3699ec9c729596d8b096623a62bdda6bbea78ed690421d174c11
diff --git a/recipes/dpkg/dpkg-1.14.25/ignore_extra_fields.patch b/recipes/dpkg/dpkg-1.14.29/ignore_extra_fields.patch
similarity index 100%
rename from recipes/dpkg/dpkg-1.14.25/ignore_extra_fields.patch
rename to recipes/dpkg/dpkg-1.14.29/ignore_extra_fields.patch
diff --git a/recipes/dpkg/dpkg-native_1.14.25.bb b/recipes/dpkg/dpkg-native_1.14.25.bb
deleted file mode 100644
index 47c0342..0000000
--- a/recipes/dpkg/dpkg-native_1.14.25.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require dpkg-native.inc
-
-PR = "r1"
diff --git a/recipes/dpkg/dpkg-native_1.14.29.bb b/recipes/dpkg/dpkg-native_1.14.29.bb
new file mode 100644
index 0000000..f04662c
--- /dev/null
+++ b/recipes/dpkg/dpkg-native_1.14.29.bb
@@ -0,0 +1,6 @@
+require dpkg-native.inc
+
+SRC_URI[src.md5sum] = "4326172a959b5b6484b4bc126e9f628d"
+SRC_URI[src.sha256sum] = "ea7ec1c861af43ba534a0d7997774a5f1fd4e25a7eea4ff229c9c7bf89aed633"
+
+PR = "r1"
diff --git a/recipes/dpkg/dpkg.inc b/recipes/dpkg/dpkg.inc
index b15a636..f665b4b 100644
--- a/recipes/dpkg/dpkg.inc
+++ b/recipes/dpkg/dpkg.inc
@@ -2,7 +2,7 @@ DESCRIPTION = "Package maintenance system for Debian."
LICENSE = "GPL"
SECTION = "base"
-SRC_URI = "${DEBIAN_MIRROR}/main/d/dpkg/dpkg_${PV}.tar.gz \
+SRC_URI = "${DEBIAN_MIRROR}/main/d/dpkg/dpkg_${PV}.tar.gz;name=src \
file://ignore_extra_fields.patch;patch=1 \
file://noupdalt.patch;patch=1"
diff --git a/recipes/dpkg/dpkg_1.14.25.bb b/recipes/dpkg/dpkg_1.14.29.bb
similarity index 66%
rename from recipes/dpkg/dpkg_1.14.25.bb
rename to recipes/dpkg/dpkg_1.14.29.bb
index 0377ce1..a5016e7 100644
--- a/recipes/dpkg/dpkg_1.14.25.bb
+++ b/recipes/dpkg/dpkg_1.14.29.bb
@@ -3,6 +3,8 @@ PR = "r1"
DEPENDS += "zlib bzip2"
#RDEPENDS_${PN} = "${VIRTUAL-RUNTIME_update-alternatives}"
SRC_URI += "file://noman.patch;patch=1"
+SRC_URI[src.md5sum] = "4326172a959b5b6484b4bc126e9f628d"
+SRC_URI[src.sha256sum] = "ea7ec1c861af43ba534a0d7997774a5f1fd4e25a7eea4ff229c9c7bf89aed633"
EXTRA_OECONF = "--without-static-progs \
--without-dselect \
More information about the Openembedded-commits
mailing list