Fixes CVE-2017-11108/Fix bounds checking for STP
Changelog: http://www.tcpdump.org/tcpdump-changes.txt
[Peter: add signature link as suggested by Baruch]
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e588885714)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-7018 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7030 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7034 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7037 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7039 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7046 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7048 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7055 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7056 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7061 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7064 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
The issue involves the "WebKit" component. It allows attackers to bypass
intended memory-read restrictions via a crafted app.
For more details, see the announcement:
https://webkitgtk.org/2017/07/24/webkitgtk2.16.6-released.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Adrian Perez de Castro" <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b5582d54a4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The original url http://code.entropywave.com/orc is dead (server not found).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 036d235ade)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BIND 9.11.1-P3 addresses a TSIG regression introduced in the 9.11.1-P2
security bump:
https://lists.isc.org/pipermail/bind-announce/2017-July/001057.html
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c237f1d1c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes security bugs CVE-2017-11103 & CVE-2017-6594
Changed upstream tarball location as noted in the release notes:
http://www.h5l.org/releases.html?show=7.4.0
--with-db-type-preference= is needed to fix a build error:
CCLD otp
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_get_internal':
otp_db.c:(.text+0x32): undefined reference to `__roken_dbm_fetch'
otp_db.c:(.text+0xd9): undefined reference to `__roken_dbm_store'
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_db_open':
otp_db.c:(.text+0x1c9): undefined reference to `__roken_dbm_open'
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_db_close':
otp_db.c:(.text+0x205): undefined reference to `__roken_dbm_close'
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_delete':
otp_db.c:(.text+0x23e): undefined reference to `__roken_dbm_delete'
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_put':
otp_db.c:(.text+0x388): undefined reference to `__roken_dbm_store'
collect2: error: ld returned 1 exit status
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 02770ce47d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building host-aespipe fails on Debian stretch at linking stage:
/usr/bin/gcc -L/home/buildroot/br6/output/host/lib -L/home/buildroot/br6/output/host/usr/lib -Wl,-rpath,/home/buildroot/br6/output/host/usr/lib -o aespipe aespipe.o aes-amd64.o md5-amd64.o md5-2x-amd64.o aes-intel64.o sha512.o rmd160.o
/usr/bin/ld: aes-amd64.o: relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
The same problem apparently exists on recent Ubuntu and Gentoo.
Fix is also used in Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837393
[Peter: add comment explaining why]
[Arnout: use host-cc-option to discover if -no-pie is available;
cfr. 57b628a932]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 00ecd72c28)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This macro allows to test if HOSTCC supports a specific option. It is
needed to pass '-no-pie' on recent Debian, Ubuntu and Gentoo hosts.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 91a08ecc99)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that the build of efivar with gcc 7.x has been fixed by commit
0ca3017034 ("efivar: fix build with gcc
7"), efibootmgr fails similarly with gcc 7.x.
This commit backports an upstream patch that fixes this issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit cefdd65460)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ffmpeg always enables support for nvenc/cuda even if their support
libraries are not present:
External libraries providing hardware acceleration:
cuda cuvid nvenc
[...]
Enabled hwaccels:
h264_cuvid mjpeg_cuvid mpeg2_cuvid vc1_cuvid vp9_cuvid
hevc_cuvid mpeg1_cuvid mpeg4_cuvid vp8_cuvid
This leads to a crash in freeswitch git master when transcoding video
streams on a system without nvidia hardware:
2017-07-22 15:06:27.306760 [INFO] avcodec.c:1077 initializing encoder 352x288
2017-07-22 15:06:27.306760 [NOTICE] avcodec.c:828 NVENC HW CODEC ENABLED
This patch disables the support of nvidia hardware acceleration support
for now until the needed packages are added to buildroot. For details
about this please refer to https://developer.nvidia.com/ffmpeg
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3b6fa452f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add patch to fix following error:
| ../../libtirpc-1.0.1/src/xdr_sizeof.c:93:13: error: 'uintptr_t' undeclared (first use in this function); did you mean '__intptr_t'?
| if (len < (uintptr_t)xdrs->x_base) {
| ^~~~~~~~~
This error occurs with the latest glibc master version (during the testing I had
glibc commit 92bd70fb85bce57ac47ba5d8af008736832c955a), but doesn't occur with
version 2.25.
Patch includes stdint.h to provide uintptr_t.
It has been submitted upstream:
https://sourceforge.net/p/libtirpc/mailman/message/35850276/
Signed-off-by: Dmitrii Kolesnichenko <dmitrii@synopsys.com>
[Thomas: reformat as Git formatted patch.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b3998dc00f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a patch to the libmemcached package that fixes the
build with gcc 7.x. Since libmemcached is barely maintained upstream,
the patch comes from the Fedora packages.
Fixes:
http://autobuild.buildroot.net/results/872b8e0e6a24cbc96e3ad9e0b8b47acdf6160ce0/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8786ac2805)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 2.16.5 of WebKitGTK+ already includes the fix added by the
removed patch, which is now unneeded.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6b2804f396)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Source files license headers include the GPL "or ... any later version" language.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b1b962274b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We have to specify the -mcpu value, even in 64-bit mode.
For AArch64, +fp and +simd are the default, so they are totally useless.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9d06e91df8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d558ca1713)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2016-10324 - In libosip2 in GNU oSIP 4.1.0, a malformed SIP
message can lead to a heap buffer overflow in the osip_clrncpy() function
defined in osipparser2/osip_port.c.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d8a806e2b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The pulseaudio configure script autodetects the presence of
bluez 4.x and 5.x packages on the system and will exclude the
bluetooth-related modules in their absence.
This commit ensures that bluez5_utils, if selected, are installed
before pulseaudio. The same already happens for bluez_utils (4.x).
Signed-off-by: Calin Crisan <ccrisan at gmail dot com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9e03dd1cef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libsanitizer in gcc fails to build on PowerPC with gcc versions 4.9
and 5.x used in conjunction with glibc 2.25, with the following error:
../../../../gcc-host/libsanitizer/asan/asan_linux.cc: In function 'bool __asan::AsanInterceptsSignal(int)':
../../../../gcc-host/libsanitizer/asan/asan_linux.cc:222:20: error: 'SIGSEGV' was not declared in this scope
return signum == SIGSEGV && common_flags()->handle_segv;
This commit adds a patch that has been submitted to upstream gcc
(https://patchwork.ozlabs.org/patch/725596/) but not merged. The patch
is no longer needed with gcc 6.x and later because the code has been
reworked.
Fixes Buildroot bug #10061
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: rework commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5c90f6a7b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The vcdbg utility is linked to a few libraries, which so far were all
provided by the rpi-userland package.
But a not-so-recent bump of rpi-firmware pulled in a vcdbg that is
linked to an additional library, which is not privided by rpi-userland,
so we must install it.
Reported-by: cluelessperson on #buildroot
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a3da7980eb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-10688 - n LibTIFF 4.0.8, there is a assertion abort in the
TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A
crafted input will lead to a remote denial of service attack.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 544ac6bca0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch 0001 already included in this release:
438274f938
Patch 0002 already included in this release:
43bc256d8a
Patch 0003 already included in this release:
1044b43637
Patch 0004 already included in this release:
9a72a69e03
Patch 0005 already included in this release:
5c080298d5
Patch 0006 already included in this release:
48780b4fcc
Patch 0007 already included in this release:
d60332057b
Patch 0008 already included in this release:
2ea32f7372
Patch 0009 already included in this release:
8283e4d1b7
Patch 0010 already included in this release:
47f2fb61a3
Patch 0011 already included in this release:
3cfd62d77c
Patch 0012 already included in this release:
0a76a8c765
Patch 0013 already included in this release:
66e7bd5952
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3301fbb516)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-7506 - Possible buffer overflow via invalid monitor
configurations.
For more details, see:
https://marc.info/?l=oss-security&m=150001782924095
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 31bd29fe09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-11103:
All versions of Samba from 4.0.0 onwards using embedded Heimdal
Kerberos are vulnerable to a man-in-the-middle attack impersonating
a trusted server, who may gain elevated access to the domain by
returning malicious replication or authorization data.
Samba binaries built against MIT Kerberos are not vulnerable.
https://www.samba.org/samba/history/samba-4.5.12.html
[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f97510659f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed patches 0003 & 0004, applied upstream.
Fixes the following security issues:
CVE-2017-7244 - The _pcre32_xclass function in pcre_xclass.c in libpcre1 in
PCRE 8.40 allows remote attackers to cause a denial of service (invalid
memory read) via a crafted file.
CVE-2017-7245 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 4) or possibly have unspecified
other impact via a crafted file.
CVE-2017-7246 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 268) or possibly have unspecified
other impact via a crafted file.
[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bc6a84bb3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is copyright information in the top level README file. Use this
file as the license file which will be included by the `legal-info`
build rule.
Signed-off-by: Ben Leinweber <bleinweber@spaceflight.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 730da52edc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-9788 - Uninitialized memory reflection in mod_auth_digest
The value placeholder in [Proxy-]Authorization headers of type 'Digest' was
not initialized or reset before or between successive key=value assignments.
by mod_auth_digest.
Providing an initial key with no '=' assignment could reflect the stale
value of uninitialized pool memory used by the prior request, leading to
leakage of potentially confidential information, and a segfault.
CVE-2017-9789 - Read after free in mod_http2
When under stress, closing many connections, the HTTP/2 handling code would
sometimes access memory after it has been freed, resulting in potentially
erratic behaviour.
Announcement: http://www.apache.org/dist/httpd/Announcement2.4.html
Release notes: http://www.apache.org/dist/httpd/CHANGES_2.4.27
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cf9b7cedac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the release notes:
- Extend pow tables for layer III to properly handle files with i-stereo and
5-bit scalefactors. Never observed them for real, just as fuzzed input to
trigger the read overflow. Note: This one goes on record as CVE-2017-11126,
calling remote denial of service. While the accesses are out of bounds for
the pow tables, they still are safely within libmpg123's memory (other
static tables). Just wrong values are used for computation, no actual crash
unless you use something like GCC's AddressSanitizer, nor any information
disclosure.
- Avoid left-shifts of negative integers in layer I decoding.
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 474daa20f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Libgrcrypt is a direct dependency of WebKitGTK+, and as such it
should be selected.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: add missing dependency on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b61c805fca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This simply updates to the latest stable release. WebKitGTK+ versions
in the 2.1x series avoid bumping the dependencies in order to allow
distributions to provide updates, therefore no new dependencies are
needed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 23c0872442)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-7890 - Buffer over-read into uninitialized memory. The GIF
decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be
reached with a call to the imagecreatefromstring() function) uses
constant-sized color tables of size 3 * 256, but does not zero-out these
arrays before use.
CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229 -
Out-of-bonds access in oniguruma regexp library.
CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, the openssl extension PEM sealing code did not check the return value
of the OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative number in
ext/openssl/openssl.c, and an OpenSSL documentation omission.
CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, lack of a bounds check in the date extension's timelib_meridian
parsing code could be used by attackers able to supply date strings to leak
information from the interpreter, related to an ext/date/lib/parse_date.c
out-of-bounds read affecting the php_parse_date function.
CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x
through 7.1.7, lack of bounds checks in the date extension's
timelib_meridian parsing code could be used by attackers able to supply date
strings to leak information from the interpreter, related to
ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date
function. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2017-11145.
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 91f4c9d412)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As per LICENSE file, php uses PHP license version 3.01.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e066bfa664)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7.1.2 is a bugfix release, fixing a number of issues:
http://www.php.net/ChangeLog-7.php#7.1.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 34d19a23ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream patches fixing the following security issues:
CVE-2017-10971:
The endianess handling for X Events assumed a fixed size of X Event structures and
had a specific 32 byte stack buffer for that.
However "GenericEvents" can have any size, so if the events were sent in the wrong
endianess, this stack buffer could be overflowed easily.
So authenticated X users could overflow the stack in the X Server and with the X
server usually running as root gaining root prileveges.
CVE-2017-10972:
An information leak out of the X server due to an uninitialized stack area when swapping
event endianess.
For more details, see the advisory:
http://www.openwall.com/lists/oss-security/2017/07/06/6
[Apply 1.19.x patches to 1.19.1 instead of 1.19.3]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2015d83dd5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
