<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot, branch 2016.11.1</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2016.11.1</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2016.11.1'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2016-12-29T20:54:33+00:00</updated>
<entry>
<title>Update for 2016.11.1</title>
<updated>2016-12-29T20:54:33+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2016-12-29T20:54:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=a0690cc883c4d4051e8cd18ab14130c0f59740eb'/>
<id>urn:sha1:a0690cc883c4d4051e8cd18ab14130c0f59740eb</id>
<content type='text'>
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>CHANGES: update for 2016.11.1</title>
<updated>2016-12-29T20:41:23+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2016-12-29T20:41:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=bf8fdcc2fa06c18cf4c4381a1d80f4b89699ec82'/>
<id>urn:sha1:bf8fdcc2fa06c18cf4c4381a1d80f4b89699ec82</id>
<content type='text'>
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>cryptopp: fixup DOS newlines in CVE-2016-9939 patch</title>
<updated>2016-12-29T20:34:53+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2016-12-28T23:01:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=65d7b45bdd929f118894172b4094d3b53384f549'/>
<id>urn:sha1:65d7b45bdd929f118894172b4094d3b53384f549</id>
<content type='text'>
The patch did contain the correct newlines, but they got stripped by
patchwork so now the patch no longer applies.

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 9f57959147377e5ee13451a9d5fe6ba002aa20a5)
</content>
</entry>
<entry>
<title>cryptopp: add upstream security fix for CVE-2016-9939</title>
<updated>2016-12-29T20:34:46+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2016-12-27T22:07:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=0f8f5a7711a986f5f9c15dbca09c532e4ea10de0'/>
<id>urn:sha1:0f8f5a7711a986f5f9c15dbca09c532e4ea10de0</id>
<content type='text'>
Fixes security issue (DoS) in Crypto++ ASN1 decoder:

https://github.com/weidai11/cryptopp/issues/346

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 222808a4b678aca0da01cc96f543079f06613554)
</content>
</entry>
<entry>
<title>exim: security bump to 4.87.1</title>
<updated>2016-12-28T22:58:58+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2016-12-25T22:38:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=03f286cd85f1ad186cc254e63fcaaaf54ddee453'/>
<id>urn:sha1:03f286cd85f1ad186cc254e63fcaaaf54ddee453</id>
<content type='text'>
No features are added or removed. This release contains
just a fix for CVE-2016-9963

    - Fix CVE-2016-9963 - Info leak from DKIM.  When signing DKIM, if
      either LMTP or PRDR was used for delivery, the key could appear in
      logs.  Additionally, if the experimental feature "DSN_INFO" was used,
      it could appear in DSN messages (and be sent offsite).

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 62f0195119187449e6f037b3d0f753de855752ae)
</content>
</entry>
<entry>
<title>libcurl: security bump to 7.52.1</title>
<updated>2016-12-23T21:57:06+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2016-12-23T10:16:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=5f691d11d45bbd5340e1c903a7d4184769411347'/>
<id>urn:sha1:5f691d11d45bbd5340e1c903a7d4184769411347</id>
<content type='text'>
Fixes CVE-2016-9594 - Unitilized random

Libcurl's (new) internal function that returns a good 32bit random value was
implemented poorly and overwrote the pointer instead of writing the value
into the buffer the pointer pointed to.

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 72b6bf8f57569c14238d223bb6cc6fec7fd3af4d)
</content>
</entry>
<entry>
<title>package/python: security bump version to 2.7.13</title>
<updated>2016-12-23T21:56:51+00:00</updated>
<author>
<name>Bernd Kuhls</name>
<email>bernd.kuhls@t-online.de</email>
</author>
<published>2016-12-22T06:46:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=04cc75c6223f45db59777fa8fc929e14b209d995'/>
<id>urn:sha1:04cc75c6223f45db59777fa8fc929e14b209d995</id>
<content type='text'>
Rebased patches 004 &amp; 010.

Changelog:
https://hg.python.org/cpython/raw-file/v2.7.13/Misc/NEWS

Fixes CVE-2016-2183 &amp; CVE-2016-1000110.

This bump also fixes the host build with openssl 1.1.0,
http://patchwork.ozlabs.org/patch/696139/ is not needed anymore.

Signed-off-by: Bernd Kuhls &lt;bernd.kuhls@t-online.de&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 5df0bfa9a0f36c6533e95621363d004bd36785fa)
</content>
</entry>
<entry>
<title>package/apache: security bump version to 2.4.25</title>
<updated>2016-12-23T21:56:37+00:00</updated>
<author>
<name>Bernd Kuhls</name>
<email>bernd.kuhls@t-online.de</email>
</author>
<published>2016-12-22T06:02:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=d1bd3e4104cddf1940fe5523ffda86e2081e03fe'/>
<id>urn:sha1:d1bd3e4104cddf1940fe5523ffda86e2081e03fe</id>
<content type='text'>
Changelog:
http://www.apache.org/dist/httpd/CHANGES_2.4.25

Fixes CVE-2016-8740, CVE-2016-5387, CVE-2016-2161, CVE-2016-0736,
CVE-2016-8743.

Signed-off-by: Bernd Kuhls &lt;bernd.kuhls@t-online.de&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 68af1dc2575888863ae0015b09555a5e42a5d56c)
</content>
</entry>
<entry>
<title>libcurl: security bump to 7.52.0</title>
<updated>2016-12-23T21:56:26+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2016-12-21T07:48:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=d12c6df2fc69f4f7c8a79547dcee12cb7beb8290'/>
<id>urn:sha1:d12c6df2fc69f4f7c8a79547dcee12cb7beb8290</id>
<content type='text'>
Fixes CVE-2016-9586 - printf floating point buffer overflow

For details, see:
https://curl.haxx.se/docs/adv_20161221A.html

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 0c5beb6501707dd5cb80484562bf2b0cbe2b4423)
</content>
</entry>
<entry>
<title>package/monit: security bump to version 5.20.0</title>
<updated>2016-12-23T21:56:17+00:00</updated>
<author>
<name>Jörg Krause</name>
<email>joerg.krause@embedded.rocks</email>
</author>
<published>2016-12-21T16:01:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=b1cd530b3cfe5b505be410d6b81dc0cd3e1776e2'/>
<id>urn:sha1:b1cd530b3cfe5b505be410d6b81dc0cd3e1776e2</id>
<content type='text'>
Fixes CVE-2016-7067.

Note that since version 5.20.0 monit optionally depends on zlib.

Signed-off-by: Jörg Krause &lt;joerg.krause@embedded.rocks&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 0bf7c74e1551a64ab3164f374304154b21bc5045)
</content>
</entry>
</feed>
