[OE-core] [meta-oe][PATCH] serf: update to 1.3.8 including CVE-2014-3504
akuster
akuster at mvista.com
Mon Nov 17 15:34:21 UTC 2014
Just noticed another post.
drop this.
- armin
On 11/17/2014 07:32 AM, Armin Kuster wrote:
> Serf 1.3.8 [2014-10-20, from /tags/1.3.8, rxxxx]
> Fix issue #152: CRC calculation error for gzipped http reponses > 4GB.
> Fix issue #153: SSPI CredHandle not freed when APR pool is destroyed.
> Fix issue #154: Disable SSLv2 and SSLv3 as both or broken.
>
> Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411]
> Includes security fix:
> Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399)
> - CVE-2014-3504: (Closes: #757965)
>
> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> ---
> meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.8.bb} | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
> rename meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.8.bb} (74%)
>
> diff --git a/meta/recipes-support/serf/serf_1.3.6.bb b/meta/recipes-support/serf/serf_1.3.8.bb
> similarity index 74%
> rename from meta/recipes-support/serf/serf_1.3.6.bb
> rename to meta/recipes-support/serf/serf_1.3.8.bb
> index 08b04d3..10db122 100644
> --- a/meta/recipes-support/serf/serf_1.3.6.bb
> +++ b/meta/recipes-support/serf/serf_1.3.8.bb
> @@ -1,8 +1,8 @@
>
> -SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-1.3.6.tar.bz2 \
> +SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-${PV}.tar.bz2 \
> file://norpath.patch"
> -SRC_URI[md5sum] = "7fe38fa6eab078e0beabf291d8e4995d"
> -SRC_URI[sha256sum] = "ca637beb0399797d4fc7ffa85e801733cd9c876997fac4a4fd12e9afe86563f2"
> +SRC_URI[md5sum] = "2e4efe57ff28cb3202a112e90f0c2889"
> +SRC_URI[sha256sum] = "e0500be065dbbce490449837bb2ab624e46d64fc0b090474d9acaa87c82b2590"
>
> LICENSE = "Apache-2.0"
> LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
>
More information about the Openembedded-core
mailing list