OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build 2018-02-08T21:11:44+00:00 2018-02-08T21:11:44+00:00 Baruch Siach baruch@tkos.co.il 2018-02-08T18:46:45+00:00 urn:sha1:9ac75335bfaa84f12cea4836602a9764403d0a7a CVE-2017-10790: NULL pointer dereference and crash when reading crafted input CVE-2018-6003: Stack exhaustion due to indefinite recursion during BER decoding Add license files hashes. Cc: Stefan Fröberg <stefan.froberg@petroprogram.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2017-05-30T07:03:20+00:00 Peter Korsgaard peter@korsgaard.com 2017-05-29T21:54:48+00:00 urn:sha1:2fb7cbeb743e343fcc4aa37d6015b0a523c8b16f Fixes CVE-2017-7650: Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. For more details, see: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/ Or the 1.4.11 release mail (no mail about 1.4.12, but identical to 1.4.11 + a soname fix): https://lists.gnu.org/archive/html/help-libtasn1/2017-05/msg00003.html Remove 0001-configure-don-t-add-Werror-to-build-flags.patch and autoreconf as that patch is now upstream. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-04-01T13:18:10+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:34+00:00 urn:sha1:30a3e8d108d46bbd2622b8139c996d52e48a4e10 We want to use SPDX identifier for license string as much as possible. SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-04-01T13:17:59+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:33+00:00 urn:sha1:337aa51f3fd531ac676d4fc64075781129c9414a We want to use SPDX identifier for license string as much as possible. SPDX short identifier for GPLv3/GPLv3+ is GPL-3.0/GPL-3.0+. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv3\>/GPL-3.0/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-02-06T17:59:18+00:00 Brian Redbeard redbeard@coreos.com 2017-02-06T16:48:52+00:00 urn:sha1:9ec6172671ef7eff3972cd1b5c8dcdb066bb8fa6 Replacing ftpmirror.gnu.org with BR2_GNU_MIRROR variable Signed-off-by: Brian 'redbeard' Harrington <redbeard@coreos.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-10-22T14:45:06+00:00 Gustavo Zacarias gustavo.zacarias@free-electrons.com 2016-09-29T01:13:58+00:00 urn:sha1:731b3c51aa6d4715f8a96801ebb78992e14294c2 The library is LGPLv2.1+, the tests and tools are GPLv3+ so clarify to avoid confusion. Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Reviewed-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-08-10T22:03:45+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-08-10T02:31:04+00:00 urn:sha1:1e5ec4683a120d6b062acf3e4edb2c4210837a62 Add upstream patch to fix build failure with gcc warnings on. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-04-13T19:40:02+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-04-11T11:25:46+00:00 urn:sha1:1c05e4b0df668911484cfb8bb637fe0457ed26e1 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-12-15T21:04:23+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-12-14T13:11:12+00:00 urn:sha1:756b0b7b1a5774fb1a15404c9fa730bdfe84b2d4 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-09-13T10:07:22+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-09-11T22:24:29+00:00 urn:sha1:38f6f0fa33302761243affd8046c2b3ebd72f84c Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>