[OE-core] [meta-oe][PATCH] serf: update to 1.3.8 including CVE-2014-3504
Armin Kuster
akuster808 at gmail.com
Mon Nov 17 15:32:28 UTC 2014
Serf 1.3.8 [2014-10-20, from /tags/1.3.8, rxxxx]
Fix issue #152: CRC calculation error for gzipped http reponses > 4GB.
Fix issue #153: SSPI CredHandle not freed when APR pool is destroyed.
Fix issue #154: Disable SSLv2 and SSLv3 as both or broken.
Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411]
Includes security fix:
Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399)
- CVE-2014-3504: (Closes: #757965)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.8.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.8.bb} (74%)
diff --git a/meta/recipes-support/serf/serf_1.3.6.bb b/meta/recipes-support/serf/serf_1.3.8.bb
similarity index 74%
rename from meta/recipes-support/serf/serf_1.3.6.bb
rename to meta/recipes-support/serf/serf_1.3.8.bb
index 08b04d3..10db122 100644
--- a/meta/recipes-support/serf/serf_1.3.6.bb
+++ b/meta/recipes-support/serf/serf_1.3.8.bb
@@ -1,8 +1,8 @@
-SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-1.3.6.tar.bz2 \
+SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-${PV}.tar.bz2 \
file://norpath.patch"
-SRC_URI[md5sum] = "7fe38fa6eab078e0beabf291d8e4995d"
-SRC_URI[sha256sum] = "ca637beb0399797d4fc7ffa85e801733cd9c876997fac4a4fd12e9afe86563f2"
+SRC_URI[md5sum] = "2e4efe57ff28cb3202a112e90f0c2889"
+SRC_URI[sha256sum] = "e0500be065dbbce490449837bb2ab624e46d64fc0b090474d9acaa87c82b2590"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
--
1.9.1
More information about the Openembedded-core
mailing list