summaryrefslogtreecommitdiffstats
path: root/package/qt/0013-src-corelib-arch-qatomic_arm.h-fix-build-on-ARMv8-32.patch
diff options
context:
space:
mode:
authorPeter Korsgaard <peter@korsgaard.com>2017-09-07 23:21:33 +0200
committerPeter Korsgaard <peter@korsgaard.com>2017-09-08 11:16:56 +0200
commitf77fb7b585b76b9c544b21fc3bf080660a54cb7b (patch)
tree0d51ae7f154f89bfc7986abc54748580187144b9 /package/qt/0013-src-corelib-arch-qatomic_arm.h-fix-build-on-ARMv8-32.patch
parent0e19178c53f6f9fd886d02f4be19c73743ad30a5 (diff)
downloadbuildroot-f77fb7b585b76b9c544b21fc3bf080660a54cb7b.tar.gz
buildroot-f77fb7b585b76b9c544b21fc3bf080660a54cb7b.zip
libzip: security bump to version 1.3.0
Fixes the following security issues: CVE-2017-12858: Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. CVE-2017-14107: The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. For more details, see https://blogs.gentoo.org/ago/2017/09/01/libzip-use-after-free-in-_zip_buffer_free-zip_buffer-c/ https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/ libzip-1.3.0 also adds optional bzip2 support, so handle that. While we're at it, add a hash for the license file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/qt/0013-src-corelib-arch-qatomic_arm.h-fix-build-on-ARMv8-32.patch')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud