[Buildroot] [PATCH] zeromq: security bump to version 4.0.5
Gustavo Zacarias
gustavo at zacarias.com.ar
Tue Nov 11 20:29:15 UTC 2014
Fixes:
CVE-2014-7202 - stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5
before 4.0.5 allows man-in-the-middle attackers to conduct downgrade
attacks via a crafted connection request.
CVE-2014-7203 - libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not
ensure that nonces are unique, which allows man-in-the-middle attackers
to conduct replay attacks via unspecified vectors.
Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
---
...tch => 0001-tests-disable-test_fork-if-fork-is-not-available.patch} | 0
package/zeromq/zeromq.hash | 2 ++
package/zeromq/zeromq.mk | 3 ++-
3 files changed, 4 insertions(+), 1 deletion(-)
rename package/zeromq/{zeromq-0001-tests-disable-test_fork-if-fork-is-not-available.patch => 0001-tests-disable-test_fork-if-fork-is-not-available.patch} (100%)
create mode 100644 package/zeromq/zeromq.hash
diff --git a/package/zeromq/zeromq-0001-tests-disable-test_fork-if-fork-is-not-available.patch b/package/zeromq/0001-tests-disable-test_fork-if-fork-is-not-available.patch
similarity index 100%
rename from package/zeromq/zeromq-0001-tests-disable-test_fork-if-fork-is-not-available.patch
rename to package/zeromq/0001-tests-disable-test_fork-if-fork-is-not-available.patch
diff --git a/package/zeromq/zeromq.hash b/package/zeromq/zeromq.hash
new file mode 100644
index 0000000..729e7ea
--- /dev/null
+++ b/package/zeromq/zeromq.hash
@@ -0,0 +1,2 @@
+# Locally calculated from download (no sig, hash)
+sha256 3bc93c5f67370341428364ce007d448f4bb58a0eaabd0a60697d8086bc43342b zeromq-4.0.5.tar.gz
diff --git a/package/zeromq/zeromq.mk b/package/zeromq/zeromq.mk
index 59d276e..987c65b 100644
--- a/package/zeromq/zeromq.mk
+++ b/package/zeromq/zeromq.mk
@@ -4,12 +4,13 @@
#
################################################################################
-ZEROMQ_VERSION = 4.0.4
+ZEROMQ_VERSION = 4.0.5
ZEROMQ_SITE = http://download.zeromq.org
ZEROMQ_INSTALL_STAGING = YES
ZEROMQ_DEPENDENCIES = util-linux
ZEROMQ_LICENSE = LGPLv3+ with exceptions
ZEROMQ_LICENSE_FILES = COPYING COPYING.LESSER
+# For 0001-tests-disable-test_fork-if-fork-is-not-available.patch
ZEROMQ_AUTORECONF = YES
# Only tools/curve_keygen.c needs this, but it doesn't hurt to pass it
--
2.0.4
More information about the buildroot
mailing list