OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build 2018-12-30T16:10:13+00:00 2018-12-30T16:10:13+00:00 Baruch Siach baruch@tkos.co.il 2018-12-28T06:04:20+00:00 urn:sha1:8fe075d9d9ba9b76e10ce092fdd60ca8cbb4656a Default to pcre2 to mimic upstream configure.ac. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-12-30T16:09:27+00:00 Baruch Siach baruch@tkos.co.il 2018-12-28T06:04:19+00:00 urn:sha1:5201daf40fa0ed9111a51e41f8f41c5e2b2cb355 Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-07-08T10:22:14+00:00 Yann E. MORIN yann.morin.1998@free.fr 2018-07-08T09:45:28+00:00 urn:sha1:0e3240ddcc6e884fcda952c9a1b1d2da961c163a Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> 2018-06-02T09:21:20+00:00 Peter Korsgaard peter@korsgaard.com 2018-06-02T09:21:20+00:00 urn:sha1:8b0fd3cb49566854fc038213e093e3c325618399 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2018-05-20T14:10:53+00:00 Fabrice Fontaine fontaine.fabrice@gmail.com 2018-05-01T20:40:34+00:00 urn:sha1:4d71ef3cf658b2bb3400938bb1e6b0ddd4f28dbd Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-05-13T20:27:05+00:00 Baruch Siach baruch@tkos.co.il 2018-05-08T15:43:02+00:00 urn:sha1:cc39457fb9e1f569ca4958374046d5d99fcc50cf Fixes CVE-2018-0494: cookie injection vulnerability. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-02-08T21:04:53+00:00 Baruch Siach baruch@tkos.co.il 2018-02-08T19:36:17+00:00 urn:sha1:56057835f6b92f9a547892478ea2bf0165006602 Update license hash; s/http/https/ of in-text URLs. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2017-10-28T07:10:11+00:00 Peter Korsgaard peter@korsgaard.com 2017-10-27T12:18:58+00:00 urn:sha1:aff7673602d21b599470227edf323e72831dd3eb Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-10-28T07:10:05+00:00 Peter Korsgaard peter@korsgaard.com 2017-10-27T12:02:08+00:00 urn:sha1:86eb94636e0dcfaf332ba808eeee04a61b13af60 Fixes the following security issues: CVE-2017-13089: The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. CVE-2017-13090: The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. Drop now upstreamed patch and change to .tar.lz as .tar.xz is no longer available. Also add a hash for the license file while we're at it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-04-01T13:17:59+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:33+00:00 urn:sha1:337aa51f3fd531ac676d4fc64075781129c9414a We want to use SPDX identifier for license string as much as possible. SPDX short identifier for GPLv3/GPLv3+ is GPL-3.0/GPL-3.0+. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv3\>/GPL-3.0/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>