From 907c08271f6ae348c09a1a3a74e23f90aa39b210 Mon Sep 17 00:00:00 2001 From: Akhilesh Nema Date: Sun, 22 Sep 2024 13:57:44 -0700 Subject: [PATCH] package/libpcap: security bump version to 1.10.5 Fixes the following security issues: CVE-2023-7256: Clean up sock_initaddress() and its callers to avoid double frees in some cases. CVE-2024-8006: Fix pcap_findalldevs_ex() not to crash if passed a file:// URL with a path to a directory that cannot be opened. Changelog: https://github.com/the-tcpdump-group/libpcap/blob/bbcbc9174df3298a854daee2b3e666a4b6e5383a/CHANGES Signed-off-by: Akhilesh Nema Signed-off-by: Yann E. MORIN (cherry picked from commit 0982498c6735a2d90b5540370d17e48c31c962bc) [Peter: mark as security bump] Signed-off-by: Peter Korsgaard --- package/libpcap/libpcap.hash | 4 ++-- package/libpcap/libpcap.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/libpcap/libpcap.hash b/package/libpcap/libpcap.hash index 34339c1261..7f53b99b8c 100644 --- a/package/libpcap/libpcap.hash +++ b/package/libpcap/libpcap.hash @@ -1,6 +1,6 @@ # Locally calculated after checking pgp signature -# https://www.tcpdump.org/release/libpcap-1.10.4.tar.gz.sig -sha256 ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f libpcap-1.10.4.tar.gz +# https://www.tcpdump.org/release/libpcap-1.10.5.tar.gz.sig +sha256 37ced90a19a302a7f32e458224a00c365c117905c2cd35ac544b6880a81488f0 libpcap-1.10.5.tar.gz # Hash for license file: sha256 8a54594d257e14a5260ac770f1633516cb51e3fc28c40136ce2697014eda7afd LICENSE diff --git a/package/libpcap/libpcap.mk b/package/libpcap/libpcap.mk index 3d05590da3..67adb0a978 100644 --- a/package/libpcap/libpcap.mk +++ b/package/libpcap/libpcap.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBPCAP_VERSION = 1.10.4 +LIBPCAP_VERSION = 1.10.5 LIBPCAP_SITE = https://www.tcpdump.org/release LIBPCAP_LICENSE = BSD-3-Clause LIBPCAP_LICENSE_FILES = LICENSE