OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build 2019-03-25T16:34:01+00:00 2019-03-25T16:34:01+00:00 Baruch Siach baruch@tkos.co.il 2019-03-12T12:12:30+00:00 urn:sha1:85c408fcc02834b1830e63928aaca995db390fff CVE-2019-8906: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. CVE-2019-8904: do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. Update license files hashes; removal of trailing white spaces. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 14d6e6df7bcfd7d46811a812610ec87b0b249088) Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2018-10-09T06:53:00+00:00 Peter Korsgaard peter@korsgaard.com 2018-10-08T20:28:34+00:00 urn:sha1:a609f83296a27f7677ba53ba40d60c9da21237a9 Fixes: http://autobuild.buildroot.net/results/8a2/8a2ea2e4426416447705492237f526fc84b595d7/ http://autobuild.buildroot.net/results/a1f/a1f2369d31c2387efdec908877e0bcaa728b5aeb/ file-5.33 added optional seccomp support, but the filters did not cover all needed syscalls, leading to errors when the freshly built host-file is executed as part of the build on distributions with seccomp support (E.G. Arch Linux): checking for seccomp_init in -lseccomp... yes .. ../src/file -C -m magic make[3]: *** [Makefile:764: magic.mgc] Bad system call This has been fixed in file-5.34, but it anyway makes sense to explicitly disable libseccomp support for consistency as we do not need it for the host build. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-09-10T15:07:11+00:00 Fabrice Fontaine fontaine.fabrice@gmail.com 2018-09-09T20:52:08+00:00 urn:sha1:30b058cb20aaf5bbd6252fb7e7f25f1eaf298f6f Remove patch (already in version) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-06-15T08:02:24+00:00 Baruch Siach baruch@tkos.co.il 2018-06-15T03:56:48+00:00 urn:sha1:89be4c7b0ea4cb650aeaff78b9cf7265a89ba43f Fixes CVE-2018-10360: The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2018-06-13T20:25:19+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2018-06-13T17:16:14+00:00 urn:sha1:eacca09a8a219fdcd94f39ccab329a4d6a63092b Added license hashes, added optional dependency to libseccomp provided by upstream in this version bump. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2017-09-06T19:50:19+00:00 Peter Korsgaard peter@korsgaard.com 2017-09-06T14:00:37+00:00 urn:sha1:89a38e6397fb316792da19fbde4bfa4f9c43fb52 Fixes CVE-2017-1000249 - Stack buffer overflow with a specially crafted .notes section in an ELF binary file. For more details, see: http://www.openwall.com/lists/oss-security/2017/09/05/3 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-26T13:15:20+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2017-05-25T09:33:24+00:00 urn:sha1:e173bbe958ef7ef51400fe0c0d9b2deb7d89f7aa Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-04-01T13:27:17+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:40+00:00 urn:sha1:ceeef317679f4e70f0836103e88c23d9deb71eae We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-4c is BSD-4-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-4c/BSD-4-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-04-01T13:27:05+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:39+00:00 urn:sha1:96e9480fbc71a39d473be5d4f73b4d15b5029a8f We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-2c is BSD-2-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-2c/BSD-2-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-04-01T13:26:57+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:38+00:00 urn:sha1:9f59b378a36ae81db2672b417a68c7358b41ccc3 We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-3c is BSD-3-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>