OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2018.02 2017-11-12T16:52:28+00:00 2017-11-12T16:52:28+00:00 Peter Korsgaard peter@korsgaard.com 2017-11-12T13:43:11+00:00 urn:sha1:f2c353054111b0398399ba1933a47d34441c875e Fixed the following security issues: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode CVE-2017-14064: Heap exposure in generating JSON For more details, see the release notes: https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/ Drop now upstreamed rubygems patches and add hashes for the license files while we're at it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-03-22T22:12:29+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2017-03-22T15:25:40+00:00 urn:sha1:81de172d11d95a27eac5bc7ad24303cc0cff0b73 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-01-13T15:19:02+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2017-01-09T17:14:03+00:00 urn:sha1:ca06126066b16cc65a9971e7e0f0eaeeadc37980 The problem addressed by 0001 patch has been fixed upstream and is that fix is included in this release: https://github.com/ruby/ruby/commit/aa107497cd379b713eba8cecdb9a882bb1e0dd89 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-11-21T20:14:36+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-11-21T13:43:06+00:00 urn:sha1:0085734dc92d5e9024f1b511c32c4eab536f6a73 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-11-15T21:48:46+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-11-15T15:25:48+00:00 urn:sha1:cbe981184cc1b4909b3f18d653109075d21458cb Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-04-27T20:15:30+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-04-27T10:38:48+00:00 urn:sha1:22001b26323bc2e41eef4c31a8c2fff60de48023 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-01-08T19:28:50+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-01-08T18:48:36+00:00 urn:sha1:7f61488649a6360d350aef5fc8f6d2c401d236da Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-12-17T11:56:25+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-12-17T10:58:58+00:00 urn:sha1:3ce39dd0489ebb066bb8d53ff1649a596052bb21 Fixes: CVE-2015-7551 - Unsafe tainted string usage in Fiddle and DL Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-09-01T11:11:57+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-09-01T10:25:55+00:00 urn:sha1:ed5c939dfb2dc76fd0b824d2f0eacc232ffddc21 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-04-14T08:06:35+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-04-13T20:54:29+00:00 urn:sha1:2c06a807ccf1e240e42b153c7a904a8c43e0e04e Fixes: CVE-2015-1855 - OpenSSL extension’s hostname verification vulnerability. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>