Commit Graph

37708 Commits

Author SHA1 Message Date
Yegor Yefremov
dc5892d49c python-xmltodict: new package
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:39:40 +02:00
Yegor Yefremov
cce0cc2bbd python-iso8601: new package
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:38:47 +02:00
Aleksander Morgado
4906abf943 libmbim: add COPYING.LIB to LICENSE_FILES
mbimcli and mbim-network are GPLv2+ (COPYING file applies) and
libmbim-glib is LGPLv2.1+ (COPYING.LIB file applies).

Also, setup hashes of the license files, for a correct
"make legal-info".

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:38:13 +02:00
Aleksander Morgado
277d6354e0 libqmi: add COPYING.LIB to LICENSE_FILES
qmicli, qmi-network and qmi-firmware-update are GPLv2+ (COPYING file
applies) and libqmi-glib is LGPLv2.1+ (COPYING.LIB file applies).

Also, setup hashes of the license files, for a correct
"make legal-info".

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:37:19 +02:00
Aleksander Morgado
b9c46b3669 modem-manager: add COPYING.LIB to LICENSE_FILES
ModemManager and mmcli are GPLv2+ (COPYING file applies) and
libmm-glib is LGPLv2.1+ (COPYING.LIB file applies).

Also, setup hashes of the license files, for a correct
"make legal-info".

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:37:10 +02:00
Petr Kulhavy
04a22cf1b5 download/git: force gzip compression level 6
Force gzip compression level 6 when calculating hash of a downloaded GIT repo.
To make sure the tar->gzip->checksum chain always provides consistent result.`

The script was relying on the default compression level, which must not be
necessarily consistent among different gzip versions. The level 6 is gzip's
current default compression level.

Signed-off-by: Petr Kulhavy <brain@jikos.cz>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:36:13 +02:00
Peter Korsgaard
81bf606d16 fscryptctl: new package
fscryptctl is a low-level tool written in C that handles raw keys and
manages policies for Linux filesystem encryption.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:34:42 +02:00
Bernd Kuhls
ac5cb4106f package/libsodium: bump version to 1.0.13
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:33:30 +02:00
Bernd Kuhls
fa03d958b3 package/zeromq: bump version to 4.1.6
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:31:30 +02:00
Bernd Kuhls
826daee611 package/fwup: bump version to 0.15.4
Removed patch applied upstream:
0301cb4ffb (diff-ce18c9a5ee5a2f36921fbc12b00cc0dd)

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:30:01 +02:00
Eric Le Bihan
2543544e8d jemalloc: bump version to 5.0.1
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:28:55 +02:00
Fabio Estevam
76b22c47cf configs/mx53loco: Bump U-Boot and kernel versions
Bump U-Boot to 2017.09 and kernel to 4.12.12 version.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:28:45 +02:00
Eric Le Bihan
f81b6695f2 s6-linux-init: bump version to 0.3.1.1
Fixes:

- http://autobuild.buildroot.net/results/7208b2630832c3293db39affd7886691691770b4
- http://autobuild.buildroot.net/results/c10548ffde2d83b6298759793ef99a5142309678
- http://autobuild.buildroot.net/results/a0da44d547670bc46479980ac1b29e7e2421b378
- http://autobuild.buildroot.net/results/df7ec3facb183b7caf1a6eaff4f89a65961681fb
- http://autobuild.buildroot.net/results/fe7a32fbec5d64c359ad0326a01764a631dcc6f6
- http://autobuild.buildroot.net/results/79029d736910ca32567bc8a82ac6982c3ac1e1fb
- http://autobuild.buildroot.net/results/20091ae932385bd7ba4205626bce174e385da221
- http://autobuild.buildroot.net/results/c1cd69444abb32e77928e7d7363f5cdfea79dcf5

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 22:20:09 +02:00
Fabio Estevam
081f6826e8 uboot: bump to version 2017.09
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 22:10:56 +02:00
Max Filippov
4fecb16cef package/gcc: fix ICE on xtensa, PR target/82181
Memory references to DI mode objects could incorrectly be created at
offsets that are not supported by instructions l32i/s32i, resulting in
ICE at a stage when access to the object is split into access to its
subwords:
  drivers/staging/rtl8188eu/core/rtw_ap.c:445:1:
     internal compiler error: in change_address_1, at emit-rtl.c:2126

Fixes: https://lkml.org/lkml/2017/9/10/151
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 22:09:42 +02:00
Bernd Kuhls
71bd3f97b4 package/ffmpeg: security bump to version 3.3.4
Fixes a number of integer overflows and DoS issues.

[Peter: explain security impact]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 22:06:06 +02:00
Francois Perrad
c2040372a9 olimex_imx233_olinuxino: bump versions
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 22:02:23 +02:00
Francois Perrad
70dc012b24 olimex_a20_olinuxino_lime: bump versions
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 22:02:02 +02:00
Baruch Siach
64043653cb lirc-tools: bump to version 0.10.1
Drop upstream patch.

Add an upstream patch fixing build without python.

Add two more patches (one of them upstream) fixing cross compile of the
python client library.

Enable devinput and uinput unconditionally to suppress non cross compile
compatible host checks.

Set DEVINPUT_HEADER to target header of input events to avoid use of
host header.

Add python3 as optional dependency.

Cc: Rhys Williams <github@wilberforce.co.nz>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 21:51:03 +02:00
Bernd Kuhls
b860bd83b2 package/librsync: security bump to version 2.0.0
Removed patch applied upstream, switched to cmake-package following
upstream removal of autoconf.

Short summary of changes:

version 1.0.1
- switched from autoconf to cmake

version 1.0.0:
- fixed CVE-2014-8242
- project moved to github

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 21:32:13 +02:00
Martin Kepplinger
268c52865b x11r7: xdriver_xf86-input-tslib: update to version 1.1.1
Update to bugfix release 1.1.1, see

    https://github.com/merge/xf86-input-tslib/releases

Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-11 11:27:47 +02:00
Alexander Mukhin
fca70389f2 aiccu: remove package
As the SixXS project has ceased its operation on 2017-06-06,
the aiccu utility has been removed.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-11 11:27:11 +02:00
Eric Le Bihan
87530ef9e1 smack: bump version to 1.3.1
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-10 23:56:23 +02:00
Baruch Siach
e30bf17f70 iperf: bump to version 2.0.10
Drop unused configure environment.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-10 23:55:38 +02:00
Thomas Petazzoni
6b268180c1 Revert "bind: fix compilation when lmdb.h is present on host"
This reverts commit 7c0ecd4d75, as it is
in fact a duplicate of commit
bb95fef1e0.

Reported-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-10 17:16:15 +02:00
Bernd Kuhls
3cb9b4c42b linux: bump default to version 4.13.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-10 09:29:49 +02:00
Bernd Kuhls
2aae8765fd linux-headers: bump 4.{9, 12, 13}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-10 09:29:45 +02:00
Yegor Yefremov
bbcc673b3a python-cryptography: add missing dependency on BR2_PACKAGE_PYTHON_HASHLIB
HASHLIB is only needed for Python 2.

While at this sort dependencies alphabetically.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 23:11:37 +02:00
Aleksander Morgado
670a5ebe46 DEVELOPERS: add myself for modem-manager related packages
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 23:10:07 +02:00
Thomas Faivre
5b5ef4bbee smcroute: bump to version 2.3.1
Add optional dependency on libcap, which exists since this version
bump.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>
[Thomas: add explicit --with-libcap.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 23:04:06 +02:00
Peter Korsgaard
38a1c4821a supervisor: security bump to version 3.1.4
Fixes CVE-2017-11610 - The XML-RPC server in supervisor before 3.0.1, 3.1.x
before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote
authenticated users to execute arbitrary commands via a crafted XML-RPC
request, related to nested supervisord namespace lookups.

For more details, see
https://github.com/Supervisor/supervisor/issues/964

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:49:12 +02:00
Peter Korsgaard
0e5448af50 ruby: add upstream security patches bumping rubygems to 2.6.13
We unfortunately cannot use the upstream patches directly as they are not in
'patch -p1' format, so convert them and include instead.

Fixes:

CVE-2017-0899 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications that include terminal escape
characters.  Printing the gem specification would execute terminal escape
sequences.

CVE-2017-0900 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications to cause a denial of service attack
against RubyGems clients who have issued a `query` command.

CVE-2017-0901 - RubyGems version 2.6.12 and earlier fails to validate
specification names, allowing a maliciously crafted gem to potentially
overwrite any file on the filesystem.

CVE-2017-0902 - RubyGems version 2.6.12 and earlier is vulnerable to a DNS
hijacking vulnerability that allows a MITM attacker to force the RubyGems
client to download and install gems from a server that the attacker
controls.

For more details, see
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:44:00 +02:00
Romain Naour
a834b86ee0 package/terminology: bump to v1.1.1
https://sourceforge.net/p/enlightenment/mailman/message/36026490

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:42:17 +02:00
Romain Naour
c99a891eae package/efl: bump to 1.20.3
https://www.enlightenment.org/news/efl-1.20.3

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:42:12 +02:00
Romain Naour
f2ed9b2150 package/efl: fix build issue on big endian system
Fixes:
http://autobuild.buildroot.net/results/0f1/0f12919f59dc92a8d91e23d3b0c1120bc06720db
http://autobuild.buildroot.net/results/62e/62e96be61601347e92f9c115209af4962fe82492

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:42:07 +02:00
Robin Jarry
7c0ecd4d75 bind: fix compilation when lmdb.h is present on host
Bind autoconf scripts look for lmdb.h in /usr/include (even when
cross-compiling). When liblmdb-dev is installed, this causes the
following error:

    ...
    checking for lmdb library... yes
    checking for library containing mdb_env_create... no
    configure: error: found lmdb include but not library.

Fix this by disabling explicitly lmdb support.

Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:25:02 +02:00
Baruch Siach
3f6c10df67 libcurl: bump to version 7.55.1
Drop upstream patch.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:18:10 +02:00
Bernd Kuhls
450e7c9824 package/x11r7/xdriver_xf86-video-ati: bump version to 7.10.0
Added all hashes provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:17:41 +02:00
Bernd Kuhls
3eb95e6311 package/x11r7/xdriver_xf86-video-amdgpu: bump version to 1.4.0
Added sha512 hash provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:17:36 +02:00
Baruch Siach
9cf784657a strace: update homepage link
strace moved to a new homepage as upstream commit 2bba131575878 (Update
homepage URL) indicates.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:17:11 +02:00
Baruch Siach
c374641e31 strace: fix program_invocation_name uClibc declaration mismatch
The local program_invocation_name declaration conflicts with the uClibc
one. Add a patch making this declaration depend on
!HAVE_PROGRAM_INVOCATION_NAME.

Fixes:
http://autobuild.buildroot.net/results/5f0/5f0852f3ffb46f8fb2b4c9318652c5ab3ab5e97d/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[Thomas: update patch status.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:15:39 +02:00
Peter Korsgaard
478ee139b2 tcpdump: security bump to version 4.9.2
Fixes the following security issues (descriptions not public yet):

    Fix buffer overflow vulnerabilities:
      CVE-2017-11543 (SLIP)
      CVE-2017-13011 (bittok2str_internal)
    Fix infinite loop vulnerabilities:
      CVE-2017-12989 (RESP)
      CVE-2017-12990 (ISAKMP)
      CVE-2017-12995 (DNS)
      CVE-2017-12997 (LLDP)
    Fix buffer over-read vulnerabilities:
      CVE-2017-11541 (safeputs)
      CVE-2017-11542 (PIMv1)
      CVE-2017-12893 (SMB/CIFS)
      CVE-2017-12894 (lookup_bytestring)
      CVE-2017-12895 (ICMP)
      CVE-2017-12896 (ISAKMP)
      CVE-2017-12897 (ISO CLNS)
      CVE-2017-12898 (NFS)
      CVE-2017-12899 (DECnet)
      CVE-2017-12900 (tok2strbuf)
      CVE-2017-12901 (EIGRP)
      CVE-2017-12902 (Zephyr)
      CVE-2017-12985 (IPv6)
      CVE-2017-12986 (IPv6 routing headers)
      CVE-2017-12987 (IEEE 802.11)
      CVE-2017-12988 (telnet)
      CVE-2017-12991 (BGP)
      CVE-2017-12992 (RIPng)
      CVE-2017-12993 (Juniper)
      CVE-2017-11542 (PIMv1)
      CVE-2017-11541 (safeputs)
      CVE-2017-12994 (BGP)
      CVE-2017-12996 (PIMv2)
      CVE-2017-12998 (ISO IS-IS)
      CVE-2017-12999 (ISO IS-IS)
      CVE-2017-13000 (IEEE 802.15.4)
      CVE-2017-13001 (NFS)
      CVE-2017-13002 (AODV)
      CVE-2017-13003 (LMP)
      CVE-2017-13004 (Juniper)
      CVE-2017-13005 (NFS)
      CVE-2017-13006 (L2TP)
      CVE-2017-13007 (Apple PKTAP)
      CVE-2017-13008 (IEEE 802.11)
      CVE-2017-13009 (IPv6 mobility)
      CVE-2017-13010 (BEEP)
      CVE-2017-13012 (ICMP)
      CVE-2017-13013 (ARP)
      CVE-2017-13014 (White Board)
      CVE-2017-13015 (EAP)
      CVE-2017-11543 (SLIP)
      CVE-2017-13016 (ISO ES-IS)
      CVE-2017-13017 (DHCPv6)
      CVE-2017-13018 (PGM)
      CVE-2017-13019 (PGM)
      CVE-2017-13020 (VTP)
      CVE-2017-13021 (ICMPv6)
      CVE-2017-13022 (IP)
      CVE-2017-13023 (IPv6 mobility)
      CVE-2017-13024 (IPv6 mobility)
      CVE-2017-13025 (IPv6 mobility)
      CVE-2017-13026 (ISO IS-IS)
      CVE-2017-13027 (LLDP)
      CVE-2017-13028 (BOOTP)
      CVE-2017-13029 (PPP)
      CVE-2017-13030 (PIM)
      CVE-2017-13031 (IPv6 fragmentation header)
      CVE-2017-13032 (RADIUS)
      CVE-2017-13033 (VTP)
      CVE-2017-13034 (PGM)
      CVE-2017-13035 (ISO IS-IS)
      CVE-2017-13036 (OSPFv3)
      CVE-2017-13037 (IP)
      CVE-2017-13038 (PPP)
      CVE-2017-13039 (ISAKMP)
      CVE-2017-13040 (MPTCP)
      CVE-2017-13041 (ICMPv6)
      CVE-2017-13042 (HNCP)
      CVE-2017-13043 (BGP)
      CVE-2017-13044 (HNCP)
      CVE-2017-13045 (VQP)
      CVE-2017-13046 (BGP)
      CVE-2017-13047 (ISO ES-IS)
      CVE-2017-13048 (RSVP)
      CVE-2017-13049 (Rx)
      CVE-2017-13050 (RPKI-Router)
      CVE-2017-13051 (RSVP)
      CVE-2017-13052 (CFM)
      CVE-2017-13053 (BGP)
      CVE-2017-13054 (LLDP)
      CVE-2017-13055 (ISO IS-IS)
      CVE-2017-13687 (Cisco HDLC)
      CVE-2017-13688 (OLSR)
      CVE-2017-13689 (IKEv1)
      CVE-2017-13690 (IKEv2)
      CVE-2017-13725 (IPv6 routing headers)

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:11:18 +02:00
Yegor Yefremov
26493c0f1b libmodbus: bump to version 3.1.4
Disable tests compilation and documentation generation.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:10:54 +02:00
Peter Korsgaard
c857673111 configs: nexbox_a95x_defconfig: bump to kernel 4.13
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:09:16 +02:00
Baruch Siach
f871b21c89 libarchive: security bump to version 3.3.2
CVE-2016-8687: Stack-based buffer overflow in the safe_fprintf function
in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a
denial of service via a crafted non-printable multibyte character in a
filename.

CVE-2016-8688: The mtree bidder in libarchive 3.2.1 does not keep track
of line sizes when extending the read-ahead, which allows remote
attackers to cause a denial of service (crash) via a crafted file, which
triggers an invalid read in the (1) detect_form or (2) bid_entry
function in libarchive/archive_read_support_format_mtree.c.

CVE-2016-8689: The read_Header function in
archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote
attackers to cause a denial of service (out-of-bounds read) via multiple
EmptyStream attributes in a header in a 7zip archive.

CVE-2016-10209: The archive_wstring_append_from_mbs function in
archive_string.c in libarchive 3.2.2 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via a
crafted archive file.

CVE-2016-10349: The archive_le32dec function in archive_endian.h in
libarchive 3.2.2 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted file.

CVE-2016-10350: The archive_read_format_cab_read_header function in
archive_read_support_format_cab.c in libarchive 3.2.2 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted file.

CVE-2017-5601: An error in the lha_read_file_header_1() function
(archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote
attackers to trigger an out-of-bounds read memory access and
subsequently cause a crash via a specially crafted archive.

Add upstream patch fixing the following issue:

CVE-2017-14166: libarchive 3.3.2 allows remote attackers to cause a
denial of service (xml_data heap-based buffer over-read and application
crash) via a crafted xar archive, related to the mishandling of empty
strings in the atol8 function in archive_read_support_format_xar.c.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:07:04 +02:00
Eric Le Bihan
db91484dde s6-linux-init: bump version to 0.3.1.0
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:55 +02:00
Eric Le Bihan
6d3069e381 s6-linux-utils: bump version to 2.4.0.1
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:53 +02:00
Eric Le Bihan
7edbba4505 s6-portable-utils: bump version to 2.2.1.1
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:52 +02:00
Eric Le Bihan
d7df2399c7 s6-rc: bump version to 0.2.1.2
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:50 +02:00
Eric Le Bihan
452706bb96 s6-networking: bump version to 2.3.0.2
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:48 +02:00