Message ID | 20241222182026.1231497-1-ju.o@free.fr |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/acpica: security bump to version 20241212 | expand |
>>>>> "Julien" == Julien Olivain <ju.o@free.fr> writes: > For change log since 20240927, see: > https://github.com/user-attachments/files/18117996/changes.txt > Note: the change log mention "Fix 2 critical CVE addressing memory > leaks" without providing actual CVE numbers. For reference, the > upstream commits for those security fixes are [1] and [2]. From the log > of those commits, it seems those memory leaks can only happen in old > Kernels <= 4.9 (which is end-of-life since January 2023). Technically > those leaks could happen in any program embedding the apcica code > files. The impact seems very low, if any, on the acpica standalone > tools. > [1] https://github.com/acpica/acpica/commit/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 > [2] https://github.com/acpica/acpica/commit/8829e70e1360c81e7a5a901b5d4f48330e021ea5 > Signed-off-by: Julien Olivain <ju.o@free.fr> > --- > Patch tested in: > https://gitlab.com/jolivain/buildroot/-/jobs/8707592086 Committed, thanks.
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: >>>>> "Julien" == Julien Olivain <ju.o@free.fr> writes: >> For change log since 20240927, see: >> https://github.com/user-attachments/files/18117996/changes.txt >> Note: the change log mention "Fix 2 critical CVE addressing memory >> leaks" without providing actual CVE numbers. For reference, the >> upstream commits for those security fixes are [1] and [2]. From the log >> of those commits, it seems those memory leaks can only happen in old >> Kernels <= 4.9 (which is end-of-life since January 2023). Technically >> those leaks could happen in any program embedding the apcica code >> files. The impact seems very low, if any, on the acpica standalone >> tools. >> [1] https://github.com/acpica/acpica/commit/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 >> [2] https://github.com/acpica/acpica/commit/8829e70e1360c81e7a5a901b5d4f48330e021ea5 >> Signed-off-by: Julien Olivain <ju.o@free.fr> >> --- >> Patch tested in: >> https://gitlab.com/jolivain/buildroot/-/jobs/8707592086 > Committed, thanks. Committed to 2024.02.x and 2024.11.x, thanks.
diff --git a/package/acpica/acpica.hash b/package/acpica/acpica.hash index c3e7fda340..9972e34b3b 100644 --- a/package/acpica/acpica.hash +++ b/package/acpica/acpica.hash @@ -1,3 +1,3 @@ # locally computed hash -sha256 57988fb55541e694dfa3323bd19db74b65d37e942bebef559ed51e8cd9348b43 acpica-unix-20240927.tar.gz +sha256 9dca83cfee390b710485fbdf787048370049c05723b10cc220cfef6e13c31961 acpica-unix-20241212.tar.gz sha256 b28f54dc421531bbe269afd8c28bf6fdfd6affbe50c2831464f777ec1766d4a5 source/include/acpi.h diff --git a/package/acpica/acpica.mk b/package/acpica/acpica.mk index a2abcf7558..2c97c04367 100644 --- a/package/acpica/acpica.mk +++ b/package/acpica/acpica.mk @@ -4,9 +4,9 @@ # ################################################################################ -ACPICA_VERSION = 20240927 +ACPICA_VERSION = 20241212 ACPICA_SOURCE = acpica-unix-$(ACPICA_VERSION).tar.gz -ACPICA_SITE = https://github.com/user-attachments/files/17171019 +ACPICA_SITE = https://github.com/user-attachments/files/18117992 ACPICA_LICENSE = BSD-3-Clause or GPL-2.0 ACPICA_LICENSE_FILES = source/include/acpi.h ACPICA_DEPENDENCIES = host-bison host-flex
For change log since 20240927, see: https://github.com/user-attachments/files/18117996/changes.txt Note: the change log mention "Fix 2 critical CVE addressing memory leaks" without providing actual CVE numbers. For reference, the upstream commits for those security fixes are [1] and [2]. From the log of those commits, it seems those memory leaks can only happen in old Kernels <= 4.9 (which is end-of-life since January 2023). Technically those leaks could happen in any program embedding the apcica code files. The impact seems very low, if any, on the acpica standalone tools. [1] https://github.com/acpica/acpica/commit/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 [2] https://github.com/acpica/acpica/commit/8829e70e1360c81e7a5a901b5d4f48330e021ea5 Signed-off-by: Julien Olivain <ju.o@free.fr> --- Patch tested in: https://gitlab.com/jolivain/buildroot/-/jobs/8707592086 --- package/acpica/acpica.hash | 2 +- package/acpica/acpica.mk | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)