package/netatalk: security bump to version 3.1.19

Fixes the following security issues: CVE-2024-38439: Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. https://github.com/advisories/GHSA-pcmr-ff73-xcj5 CVE-2024-38440: Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. https://github.com/advisories/GHSA-52mm-rqxx-gfq6 CVE-2024-38441: Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afp/directory.c. https://github.com/advisories/GHSA-j764-4v6h-pqp7 Release notes: https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-1-19 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 9ab704699ea70b12478eac87313ec7d1ff902c7a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-12-16 14:46:30 +01:00 · 2024-12-16 14:46:30 +01:00 · 9749b6fbc9
commit 9749b6fbc9
parent c7288d19b9
2 changed files with 5 additions and 5 deletions
--- a/package/netatalk/netatalk.hash
+++ b/package/netatalk/netatalk.hash
@ -1,7 +1,7 @@
-# From http://sourceforge.net/projects/netatalk/files/netatalk/3.1.18/
-md5  b1caff4e1da534d8ca57d688c7fa3ce1  netatalk-3.1.18.tar.xz
-sha1  cbd92c95d04cfd4a9f49977970501a623310c2d9  netatalk-3.1.18.tar.xz
+# From http://sourceforge.net/projects/netatalk/files/netatalk/3.1.19/
+md5  4861f0c2450ac7a6094e51090e6fdc75  netatalk-3.1.19.tar.xz
+sha1  16900b3b14da9c2f40e1267ecb3e68021cc794b0  netatalk-3.1.19.tar.xz
 # Locally computed
-sha256  3941effcc2c4e0dceecabc763fbb8478a2f2fbe0af4a6314983cfea452df8d47  netatalk-3.1.18.tar.xz
+sha256  433fa87ac23bc18a9acb0769b4f7f4047eeb14e02e0607ecd3a051c31859164f  netatalk-3.1.19.tar.xz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
 sha256  7599ae145e53be03a08f8b558b2f2e0c828e1630f1843cc04f41981b8cefcd65  COPYRIGHT
--- a/package/netatalk/netatalk.mk
+++ b/package/netatalk/netatalk.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-NETATALK_VERSION = 3.1.18
+NETATALK_VERSION = 3.1.19
 NETATALK_SITE = http://downloads.sourceforge.net/project/netatalk/netatalk-$(subst .,-,$(NETATALK_VERSION))
 NETATALK_SOURCE = netatalk-$(NETATALK_VERSION).tar.xz
 NETATALK_CONFIG_SCRIPTS = netatalk-config