diff mbox series

[1/1] package/acpica: security bump to version 20241212

Message ID 20241222182026.1231497-1-ju.o@free.fr
State Accepted
Headers show
Series [1/1] package/acpica: security bump to version 20241212 | expand

Commit Message

Julien Olivain Dec. 22, 2024, 6:20 p.m. UTC
For change log since 20240927, see:
https://github.com/user-attachments/files/18117996/changes.txt

Note: the change log mention "Fix 2 critical CVE addressing memory
leaks" without providing actual CVE numbers. For reference, the
upstream commits for those security fixes are [1] and [2]. From the log
of those commits, it seems those memory leaks can only happen in old
Kernels <= 4.9 (which is end-of-life since January 2023). Technically
those leaks could happen in any program embedding the apcica code
files. The impact seems very low, if any, on the acpica standalone
tools.

[1] https://github.com/acpica/acpica/commit/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732
[2] https://github.com/acpica/acpica/commit/8829e70e1360c81e7a5a901b5d4f48330e021ea5

Signed-off-by: Julien Olivain <ju.o@free.fr>
---
Patch tested in:
https://gitlab.com/jolivain/buildroot/-/jobs/8707592086
---
 package/acpica/acpica.hash | 2 +-
 package/acpica/acpica.mk   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

Comments

Peter Korsgaard Jan. 26, 2025, 8:07 p.m. UTC | #1
>>>>> "Julien" == Julien Olivain <ju.o@free.fr> writes:

 > For change log since 20240927, see:
 > https://github.com/user-attachments/files/18117996/changes.txt

 > Note: the change log mention "Fix 2 critical CVE addressing memory
 > leaks" without providing actual CVE numbers. For reference, the
 > upstream commits for those security fixes are [1] and [2]. From the log
 > of those commits, it seems those memory leaks can only happen in old
 > Kernels <= 4.9 (which is end-of-life since January 2023). Technically
 > those leaks could happen in any program embedding the apcica code
 > files. The impact seems very low, if any, on the acpica standalone
 > tools.

 > [1] https://github.com/acpica/acpica/commit/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732
 > [2] https://github.com/acpica/acpica/commit/8829e70e1360c81e7a5a901b5d4f48330e021ea5

 > Signed-off-by: Julien Olivain <ju.o@free.fr>
 > ---
 > Patch tested in:
 > https://gitlab.com/jolivain/buildroot/-/jobs/8707592086

Committed, thanks.
Peter Korsgaard Feb. 1, 2025, 11:53 a.m. UTC | #2
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

>>>>> "Julien" == Julien Olivain <ju.o@free.fr> writes:
 >> For change log since 20240927, see:
 >> https://github.com/user-attachments/files/18117996/changes.txt

 >> Note: the change log mention "Fix 2 critical CVE addressing memory
 >> leaks" without providing actual CVE numbers. For reference, the
 >> upstream commits for those security fixes are [1] and [2]. From the log
 >> of those commits, it seems those memory leaks can only happen in old
 >> Kernels <= 4.9 (which is end-of-life since January 2023). Technically
 >> those leaks could happen in any program embedding the apcica code
 >> files. The impact seems very low, if any, on the acpica standalone
 >> tools.

 >> [1] https://github.com/acpica/acpica/commit/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732
 >> [2] https://github.com/acpica/acpica/commit/8829e70e1360c81e7a5a901b5d4f48330e021ea5

 >> Signed-off-by: Julien Olivain <ju.o@free.fr>
 >> ---
 >> Patch tested in:
 >> https://gitlab.com/jolivain/buildroot/-/jobs/8707592086

 > Committed, thanks.

Committed to 2024.02.x and 2024.11.x, thanks.
diff mbox series

Patch

diff --git a/package/acpica/acpica.hash b/package/acpica/acpica.hash
index c3e7fda340..9972e34b3b 100644
--- a/package/acpica/acpica.hash
+++ b/package/acpica/acpica.hash
@@ -1,3 +1,3 @@ 
 # locally computed hash
-sha256  57988fb55541e694dfa3323bd19db74b65d37e942bebef559ed51e8cd9348b43  acpica-unix-20240927.tar.gz
+sha256  9dca83cfee390b710485fbdf787048370049c05723b10cc220cfef6e13c31961  acpica-unix-20241212.tar.gz
 sha256  b28f54dc421531bbe269afd8c28bf6fdfd6affbe50c2831464f777ec1766d4a5  source/include/acpi.h
diff --git a/package/acpica/acpica.mk b/package/acpica/acpica.mk
index a2abcf7558..2c97c04367 100644
--- a/package/acpica/acpica.mk
+++ b/package/acpica/acpica.mk
@@ -4,9 +4,9 @@ 
 #
 ################################################################################
 
-ACPICA_VERSION = 20240927
+ACPICA_VERSION = 20241212
 ACPICA_SOURCE = acpica-unix-$(ACPICA_VERSION).tar.gz
-ACPICA_SITE = https://github.com/user-attachments/files/17171019
+ACPICA_SITE = https://github.com/user-attachments/files/18117992
 ACPICA_LICENSE = BSD-3-Clause or GPL-2.0
 ACPICA_LICENSE_FILES = source/include/acpi.h
 ACPICA_DEPENDENCIES = host-bison host-flex