buildroot/package/pcre, branch 2019.02-op-build OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build 2018-06-23T20:42:24+00:00 package/pcre: bump version to 8.42 2018-06-23T20:42:24+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2018-06-23T18:56:44+00:00 urn:sha1:63e7fea0bdbc122c7d146079a3653dc64f594fb7 Updated license hash after upstream commit https://vcs.pcre.org/pcre/code/tags/pcre-8.42/LICENCE?r1=1674&r2=1726 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> package/pcre: add license hash 2017-11-05T16:45:07+00:00 Samuel Martin s.martin49@gmail.com 2017-11-03T10:36:59+00:00 urn:sha1:dca59a2dadc9b6bc3cfdfdf49f85401ecc062d99 Signed-off-by: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> package/pcre: security bump to version 8.41 2017-07-13T20:13:56+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2017-07-13T19:39:28+00:00 urn:sha1:bc6a84bb3d05e0d752ecf59bb35ac827e9b76185 Removed patches 0003 & 0004, applied upstream. Fixes the following security issues: CVE-2017-7244 - The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. CVE-2017-7245 - Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. CVE-2017-7246 - Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. [Peter: add CVE info] Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> boot, package: use SPDX short identifier for BSD-3c 2017-04-01T13:26:57+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:38+00:00 urn:sha1:9f59b378a36ae81db2672b417a68c7358b41ccc3 We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-3c is BSD-3-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> pcre: add upstream security fixes 2017-03-31T11:26:03+00:00 Baruch Siach baruch@tkos.co.il 2017-03-31T11:09:36+00:00 urn:sha1:3143910eec12a5b23e853b3177bf316ac186b87a Take Debian adapted patches of upstream. Fixes: CVE-2017-6004: crafted regular expression may cause denial of service CVE-2017-7186: invalid Unicode property lookup may cause denial of service Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> pcre: change download location 2017-03-06T20:19:48+00:00 Oleg Kitain okitain@ya.ru 2017-03-06T00:02:02+00:00 urn:sha1:6d7644df7043706e455b06817abbe24da5613210 The location at ftp.csx.cam.ac.uk only stores 2 latest versions of PCRE. This results in old (2015.11 and older currently) buildroot versions timing out on wget several times and having to retrieve the package from sources.buildroot.org afterwards. Signed-off-by: Oleg Kitain <okitain@ya.ru> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> pcre: bump to version 8.40 2017-01-13T15:06:45+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2017-01-13T13:27:19+00:00 urn:sha1:5652b0e0c619f0a87bb5f75ab628703775d72eee Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> pcre: bump to version 8.39 2016-06-15T07:42:41+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-06-14T23:39:41+00:00 urn:sha1:92c06ae4775596bb2c9e5345c91fcb303aff6cb2 Drop upstream patches and giterize/rebase the other ones. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> pcre: add security patches 2016-06-09T08:36:41+00:00 Gustavo Zacarias gustavo.zacarias@free-electrons.com 2016-06-09T02:14:21+00:00 urn:sha1:875cb976581f03e43e57b6c58a11b1c5e6e3906d They address: CVE-2016-1283 - Heap Buffer Overflow Vulnerability. CVE-2016-3191 - workspace overflow for (*ACCEPT) with deeply nested parentheses. Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> pcre: enable unicode properties for host variant 2016-03-22T22:03:27+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-03-22T21:38:00+00:00 urn:sha1:592581b827899fcbe1a6978ffcd7c968f47f74cf They're required for host-libglib2 and using system pcre is the default/recommended with newer versions. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>