OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.08 2016-07-03T06:48:05+00:00 2016-07-03T06:48:05+00:00 Julien Floret julien.floret@6wind.com 2016-07-02T22:20:40+00:00 urn:sha1:3aa12cc0dadaaeba6d3ed15c85422d96a86973fe Signed-off-by: Julien Floret <julien.floret@6wind.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-06-23T19:11:14+00:00 Gustavo Zacarias gustavo.zacarias@free-electrons.com 2016-06-23T00:56:01+00:00 urn:sha1:c27ecf49304a4b95d438d5496a98ae8d52abbcb2 Fixes: CVE-2016-4472 - Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1 CVE-2016-5300 - Use more entropy for hash initialization than the original fix to CVE-2012-0876 CVE-2012-6702 - Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-05-22T21:06:41+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-05-19T12:33:54+00:00 urn:sha1:f53b54ad115013261f8435cf005166c6b8698706 Fixes: CVE-2016-0718 - The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-03-14T07:48:43+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-03-14T01:46:10+00:00 urn:sha1:63b9681d64fc00414b3bf28306d4059239daf7db Drop 0001-fix-CVE-2015-1283.patch since it's upstream. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-09-01T19:56:34+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-09-01T18:42:29+00:00 urn:sha1:67d6276c1bd050b362b11658ae0c7b4da73e227e Fixes: CVE-2015-1283 - Multiple integer overflows in the XML_GetBuffer function. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2014-12-28T21:21:16+00:00 Yann E. MORIN yann.morin.1998@free.fr 2014-12-28T12:19:29+00:00 urn:sha1:2ced21f8f982ef199b99ccc1f35dff6611b90c89 Since SourceForge sometimes serves us faulty tarballs, we can tons of autobuild failures: http://autobuild.buildroot.org/results/9fb/9fba5bf086a4e7a29e5f7156ec43847db7aacfc4/ http://autobuild.buildroot.org/results/6c8/6c837b244c45ac3b3a887734a371cd6d226cf216/ ... Fix that by adding hash files for all SourceForge-hosted packages (thos etht did not already have it). We normally prefer to use hashes published by upstream, but hunting them all one by one is a tedious task, so those hashes were all locally computed with a script that searched for SF-hosted packages, downloades the associated tarball, computed the hash, and stored it in the corresponding .hash file. Also, SF publishes sha1 hashes, while I used the stronger sha256, since sha1 is now considered to be relatively weak. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Peter Korsgaard <jacmet@uclibc.org> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Richard Braun <rbraun@sceen.net> Cc: Nathaniel Roach <nroach44@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-10-04T16:49:36+00:00 Thomas De Schampheleire patrickdepinguin@gmail.com 2014-09-27T19:32:41+00:00 urn:sha1:d6c32da8816fb7c520ccf6d5780eca96d0556183 To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_INSTALL_STAGING_OPT. Sed command used: find * -type f | xargs sed -i 's#_INSTALL_STAGING_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-10-04T16:48:33+00:00 Thomas De Schampheleire patrickdepinguin@gmail.com 2014-09-27T19:32:40+00:00 urn:sha1:57f2b8d2558ca47ffad01f3eadd245dd893e8154 To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_INSTALL_TARGET_OPT. Sed command used: find * -type f | xargs sed -i 's#_INSTALL_TARGET_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2013-07-19T21:44:09+00:00 Thomas De Schampheleire patrickdepinguin+buildroot@gmail.com 2013-07-19T12:01:32+00:00 urn:sha1:53f74fb5229e52f0939c9624fd17f5ef5f7a1e75 In early buildroot, it apparently was customary to have following style in Config.in files: bool"expat" Nowadays, only two packages remain with this style: diffutils and expat. This trivial patch lines them up with the style: bool "expat" Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk> 2013-06-06T20:30:24+00:00 Alexandre Belloni alexandre.belloni@free-electrons.com 2013-06-05T23:53:30+00:00 urn:sha1:8dfd59d1144b3a1a230da7a81743f145363e0708 Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>