From 832aa4c5a7989636dae3068f508ab2bff8b4ab23 Mon Sep 17 00:00:00 2001 From: Wenzong Fan Date: Fri, 21 Nov 2014 01:02:05 -0500 Subject: [PATCH] serf: uprev to 1.3.7 for fixing CVE-2014-3504 The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_- ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in- the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504 Signed-off-by: Wenzong Fan Signed-off-by: Richard Purdie --- meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.7.bb} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.7.bb} (82%) diff --git a/meta/recipes-support/serf/serf_1.3.6.bb b/meta/recipes-support/serf/serf_1.3.7.bb similarity index 82% rename from meta/recipes-support/serf/serf_1.3.6.bb rename to meta/recipes-support/serf/serf_1.3.7.bb index 08b04d3ca6..5230ef7387 100644 --- a/meta/recipes-support/serf/serf_1.3.6.bb +++ b/meta/recipes-support/serf/serf_1.3.7.bb @@ -1,8 +1,8 @@ -SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-1.3.6.tar.bz2 \ +SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-1.3.7.tar.bz2 \ file://norpath.patch" -SRC_URI[md5sum] = "7fe38fa6eab078e0beabf291d8e4995d" -SRC_URI[sha256sum] = "ca637beb0399797d4fc7ffa85e801733cd9c876997fac4a4fd12e9afe86563f2" +SRC_URI[md5sum] = "0a6fa745df4517dd8f79c75c538919bc" +SRC_URI[sha256sum] = "ecccb74e665e6ea7539271e126a21d0f7eeddfeaa8ce090adb3aec6682f9f0ae" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" -- 2.40.1