From 799512e14935af57c6e685c45fa5e99b04274b4f Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Wed, 27 Sep 2023 22:51:00 +0200
Subject: [PATCH] package/libyang: security bump to version 2.1.111

- Fix CVE-2023-26916: libyang from v2.0.164 to v2.1.30 was discovered to
  contain a NULL pointer dereference via the function lys_parse_mem at
  lys_parse_mem.c.
- Fix CVE-2023-26917: libyang from v2.0.164 to v2.1.30 was discovered to
  contain a NULL pointer dereference via the function
  lysp_stmt_validate_value at lys_parse_mem.c.

https://github.com/CESNET/libyang/releases/tag/v2.1.55
https://github.com/CESNET/libyang/releases/tag/v2.1.80
https://github.com/CESNET/libyang/releases/tag/v2.1.111

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/libyang/libyang.hash | 2 +-
 package/libyang/libyang.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libyang/libyang.hash b/package/libyang/libyang.hash
index 26a28d6eed..3658b20e4e 100644
--- a/package/libyang/libyang.hash
+++ b/package/libyang/libyang.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  761cfd959342b147f6a43a84c931c7fde68dd3a1ad540a0e5302288b204f073d  libyang-2.1.30.tar.gz
+sha256  3e52b922fcf371933ad7de1686ad83504e3358236e7817b5af795b0db52fa221  libyang-2.1.111.tar.gz
 sha256  0b7ec43747d211a1e49c53588b0822062947bab6bdcc95238578beab34cba5bb  LICENSE
diff --git a/package/libyang/libyang.mk b/package/libyang/libyang.mk
index f160035c09..5533c7c68e 100644
--- a/package/libyang/libyang.mk
+++ b/package/libyang/libyang.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBYANG_VERSION = 2.1.30
+LIBYANG_VERSION = 2.1.111
 LIBYANG_SITE = $(call github,CESNET,libyang,v$(LIBYANG_VERSION))
 LIBYANG_LICENSE = BSD-3-Clause
 LIBYANG_LICENSE_FILES = LICENSE