package/zstd: security bump to version 1.4.9

Fix CVE-2021-24032: Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. https://github.com/facebook/zstd/releases/tag/v1.4.9 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-11-27 15:33:28 +08:00 · 2021-03-20 10:05:25 +01:00 · 2021-03-20 10:05:25 +01:00 · 74ed1b5ca0
commit 74ed1b5ca0
parent b70ce56651
2 changed files with 3 additions and 3 deletions
--- a/package/zstd/zstd.hash
+++ b/package/zstd/zstd.hash
@ -1,5 +1,5 @@
-# From https://github.com/facebook/zstd/releases/download/v1.4.8/zstd-1.4.8.tar.gz.sha256
-sha256  32478297ca1500211008d596276f5367c54198495cf677e9439f4791a4c69f24  zstd-1.4.8.tar.gz
+# From https://github.com/facebook/zstd/releases/download/v1.4.9/zstd-1.4.9.tar.gz.sha256
+sha256  29ac74e19ea28659017361976240c4b5c5c24db3b89338731a6feb97c038d293  zstd-1.4.9.tar.gz

 # License files (locally computed)
 sha256  2c1a7fa704df8f3a606f6fc010b8b5aaebf403f3aeec339a12048f1ba7331a0b  LICENSE
--- a/package/zstd/zstd.mk
+++ b/package/zstd/zstd.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-ZSTD_VERSION = 1.4.8
+ZSTD_VERSION = 1.4.9
 ZSTD_SITE = https://github.com/facebook/zstd/releases/download/v$(ZSTD_VERSION)
 ZSTD_INSTALL_STAGING = YES
 ZSTD_LICENSE = BSD-3-Clause or GPL-2.0