OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2017.02 2017-01-30T13:13:49+00:00 2017-01-30T13:13:49+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2017-01-30T12:59:18+00:00 urn:sha1:545100159113c5b432511266018ab21e2dea864d Fixes: * Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-12-18T20:24:41+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-12-18T13:42:53+00:00 urn:sha1:d9ef4c1f794978928d32304198765026737d810d Fixes: CVE-2016-10002: http://www.squid-cache.org/Advisories/SQUID-2016_11.txt CVE-2016-10003: http://www.squid-cache.org/Advisories/SQUID-2016_10.txt [Peter: add CVE references] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-10-14T14:51:47+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-10-10T15:50:10+00:00 urn:sha1:9d391ed8b7a4751a3efe9453e81de373ae85a745 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-10-14T14:51:31+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-10-10T15:50:09+00:00 urn:sha1:c355ee5bd8bf5026b10e46e0a878ccc4a36c4295 It has been broken for several releases, fixes: http://autobuild.buildroot.net/results/d6c/d6cf725e88bc0a4afd0b7e1ae58a8e5a649ae6c3/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-09-09T15:04:14+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-09-09T14:36:30+00:00 urn:sha1:5a5c001d29cdb92004945f220f559259f09a042d Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-07-05T15:21:06+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-07-05T14:12:00+00:00 urn:sha1:0e685431956600444d6cfc8c1c37c5f0f076fb10 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-05-10T13:46:14+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-05-09T21:24:14+00:00 urn:sha1:2a99fce5ab47a7d714397bad3fde12717f7435bd Fixes regression introduced in 3.5.18 (via CVE-2016-4554 patch/fix). Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-05-08T13:32:19+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-05-08T13:14:28+00:00 urn:sha1:ad16dcb7b08f011b65f9fa4ef22e67562953f26e Fixes: CVE-2016-4553 - Cache Poisoning issue in HTTP Request handling CVE-2016-4554 - Header Smuggling issue in HTTP Request processing CVE-2016-4555 - Multiple Denial of Service issues in ESI Response processing (client_side_request.cc) CVE-2016-4556 - Multiple Denial of Service issues in ESI Response processing (Esi.cc) Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-04-20T18:45:11+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-04-20T18:38:10+00:00 urn:sha1:b157124a32efa995d05254f987acf9238f0d430e Fixes: SQUID-2016:5 (CVE-2016-4051) - Buffer overflow in cachemgr.cgi SQUID-2016:6 (CVE-2016-4052) - Multiple issues in ESI processing. CVE-2016-4053 & CVE-2016-4054 which are part of SQUID-2016:6. Switch to xz-compressed tarball as well. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-04-05T20:20:56+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-04-04T09:31:04+00:00 urn:sha1:6c7d37023340488845385d45c6048b95da6368e9 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>