<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/libzip/libzip.mk, branch 2017.11.2</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2017.11.2</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2017.11.2'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2017-09-08T09:16:56+00:00</updated>
<entry>
<title>libzip: security bump to version 1.3.0</title>
<updated>2017-09-08T09:16:56+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-09-07T21:21:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=f77fb7b585b76b9c544b21fc3bf080660a54cb7b'/>
<id>urn:sha1:f77fb7b585b76b9c544b21fc3bf080660a54cb7b</id>
<content type='text'>
Fixes the following security issues:

CVE-2017-12858: Double free vulnerability in the _zip_dirent_read function
in zip_dirent.c in libzip allows attackers to have unspecified impact via
unknown vectors.

CVE-2017-14107: The _zip_read_eocd64 function in zip_open.c in libzip before
1.3.0 mishandles EOCD records, which allows remote attackers to cause a
denial of service (memory allocation failure in _zip_cdir_grow in
zip_dirent.c) via a crafted ZIP archive.

For more details, see
https://blogs.gentoo.org/ago/2017/09/01/libzip-use-after-free-in-_zip_buffer_free-zip_buffer-c/
https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/

libzip-1.3.0 also adds optional bzip2 support, so handle that.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libzip: bump version to 1.2.0</title>
<updated>2017-07-01T22:43:31+00:00</updated>
<author>
<name>Bartosz Golaszewski</name>
<email>brgl@bgdev.pl</email>
</author>
<published>2017-06-26T10:50:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=7b846fc07fbcc3b537a091cb7271164fb2c08a3e'/>
<id>urn:sha1:7b846fc07fbcc3b537a091cb7271164fb2c08a3e</id>
<content type='text'>
It's a major release, but the API seems to be mostly
backwards-compatible. The only package depending on this library in
buildroot is libsigrok and it builds fine.

Signed-off-by: Bartosz Golaszewski &lt;brgl@bgdev.pl&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>boot, package: use SPDX short identifier for BSD-3c</title>
<updated>2017-04-01T13:26:57+00:00</updated>
<author>
<name>Rahul Bedarkar</name>
<email>rahulbedarkar89@gmail.com</email>
</author>
<published>2017-03-30T13:43:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=9f59b378a36ae81db2672b417a68c7358b41ccc3'/>
<id>urn:sha1:9f59b378a36ae81db2672b417a68c7358b41ccc3</id>
<content type='text'>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-3c is BSD-3-Clause.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g'

Signed-off-by: Rahul Bedarkar &lt;rahulbedarkar89@gmail.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>Remove trailing slash from all package site URLs</title>
<updated>2015-03-10T19:40:08+00:00</updated>
<author>
<name>Luca Ceresoli</name>
<email>luca@lucaceresoli.net</email>
</author>
<published>2015-03-09T22:14:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=b0b9606530dfc6de40300b6031bb70ea2eac1b44'/>
<id>urn:sha1:b0b9606530dfc6de40300b6031bb70ea2eac1b44</id>
<content type='text'>
The recommended form is without the trailing slash. Buildroot will add a slash
between FOO_SITE and FOO_SOURCE as appropriate.

Reported-by: Arnout Vandecappelle &lt;arnout@mind.be&gt;
Signed-off-by: Luca Ceresoli &lt;luca@lucaceresoli.net&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libzip: new package</title>
<updated>2015-01-31T23:21:10+00:00</updated>
<author>
<name>Bartosz Golaszewski</name>
<email>bgolaszewski@baylibre.com</email>
</author>
<published>2015-01-29T11:35:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=083f853801afab95aee8e4e9a30c57c69f7f379a'/>
<id>urn:sha1:083f853801afab95aee8e4e9a30c57c69f7f379a</id>
<content type='text'>
[Peter: license is BSD-3c]
Signed-off-by: Bartosz Golaszewski &lt;bgolaszewski@baylibre.com&gt;
Acked-by: Arnout Vandecappelle (Essensium/Mind) &lt;arnout@mind.be&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
</feed>
