Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/811185/?format=api
{ "id": 811185, "url": "http://patchwork.ozlabs.org/api/patches/811185/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20170907212133.10036-1-peter@korsgaard.com/", "project": { "id": 27, "url": "http://patchwork.ozlabs.org/api/projects/27/?format=api", "name": "Buildroot development", "link_name": "buildroot", "list_id": "buildroot.buildroot.org", "list_email": "buildroot@buildroot.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20170907212133.10036-1-peter@korsgaard.com>", "list_archive_url": null, "date": "2017-09-07T21:21:33", "name": "libzip: security bump to version 1.3.0", "commit_ref": "f77fb7b585b76b9c544b21fc3bf080660a54cb7b", "pull_url": null, "state": "accepted", "archived": false, "hash": "bce96767ecad48a88cd75bddb81593be892693fc", "submitter": { "id": 42365, "url": "http://patchwork.ozlabs.org/api/people/42365/?format=api", "name": "Peter Korsgaard", "email": "peter@korsgaard.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20170907212133.10036-1-peter@korsgaard.com/mbox/", "series": [ { "id": 2068, "url": "http://patchwork.ozlabs.org/api/series/2068/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=2068", "date": "2017-09-07T21:21:33", "name": "libzip: security bump to version 1.3.0", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/2068/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/811185/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/811185/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<buildroot-bounces@busybox.net>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "buildroot@lists.busybox.net" ], "Delivered-To": [ "patchwork-incoming@bilbo.ozlabs.org", "buildroot@osuosl.org" ], "Authentication-Results": [ "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.136; helo=silver.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=<UNKNOWN>)", "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"VBfhx8p1\"; dkim-atps=neutral" ], "Received": [ "from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xpD0n397cz9s81\n\tfor <incoming@patchwork.ozlabs.org>;\n\tFri, 8 Sep 2017 07:21:44 +1000 (AEST)", "from localhost (localhost [127.0.0.1])\n\tby silver.osuosl.org (Postfix) with ESMTP id A11F726B51;\n\tThu, 7 Sep 2017 21:21:41 +0000 (UTC)", "from silver.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id n-c8934SuJJF; Thu, 7 Sep 2017 21:21:41 +0000 (UTC)", "from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby silver.osuosl.org (Postfix) with ESMTP id 011DF26D8E;\n\tThu, 7 Sep 2017 21:21:41 +0000 (UTC)", "from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])\n\tby ash.osuosl.org (Postfix) with ESMTP id 6F59C1C25A5\n\tfor <buildroot@lists.busybox.net>;\n\tThu, 7 Sep 2017 21:21:39 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n\tby silver.osuosl.org (Postfix) with ESMTP id 66EE626D8E\n\tfor <buildroot@lists.busybox.net>;\n\tThu, 7 Sep 2017 21:21:39 +0000 (UTC)", "from silver.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id g9ch+Xj50cm7 for <buildroot@lists.busybox.net>;\n\tThu, 7 Sep 2017 21:21:38 +0000 (UTC)", "from mail-wm0-f67.google.com (mail-wm0-f67.google.com\n\t[74.125.82.67])\n\tby silver.osuosl.org (Postfix) with ESMTPS id 72DB526B51\n\tfor <buildroot@buildroot.org>; Thu, 7 Sep 2017 21:21:38 +0000 (UTC)", "by mail-wm0-f67.google.com with SMTP id x17so489330wmd.5\n\tfor <buildroot@buildroot.org>; Thu, 07 Sep 2017 14:21:38 -0700 (PDT)", "from dell.be.48ers.dk (d51a5bc31.access.telenet.be.\n\t[81.165.188.49]) by smtp.gmail.com with ESMTPSA id\n\tr14sm91914edd.56.2017.09.07.14.21.35\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tThu, 07 Sep 2017 14:21:35 -0700 (PDT)", "from peko by dell.be.48ers.dk with local (Exim 4.88)\n\t(envelope-from <peko@dell.be.48ers.dk>)\n\tid 1dq4Ew-0002ca-8A; Thu, 07 Sep 2017 23:21:34 +0200" ], "X-Virus-Scanned": [ "amavisd-new at osuosl.org", "amavisd-new at osuosl.org" ], "X-Greylist": "domain auto-whitelisted by SQLgrey-1.7.6", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=sender:from:to:cc:subject:date:message-id;\n\tbh=RXUe8olHLD6FYoaJ+Wk9Mq4mmuP4QtagdXJyObuSGlA=;\n\tb=VBfhx8p14dtra8sElSdpYEPIsvSPI+87T5B4ZrxBynbiDe9B9yP9jNsexFzWJZP9GK\n\tNjW/d6XxVoS2l07UX6ebZxT+fsU7Vy6fH7ekh97mgX8X1i6yKhw6/NNzwfuWLrBsUKNn\n\tVHBXvGJOMemmELqTpKTxJe/R4+NIrUCvXBuYW1fOrYv1a7hZYoftzCkh25WMwt7DgqpQ\n\tO917tNaHejprbbLNdqZ5Ly/i7l8b6ltOATUlOyf9PSBxDT8mIOmR9gb8HJDSyUMsS2BA\n\taBo+gzW4V1K7bNKzwQRuDGBiRH6dHnX4OfEEOwFK3MseSyx/5yS4FDlbe52XiN8bCI8o\n\ttS6A==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:sender:from:to:cc:subject:date:message-id;\n\tbh=RXUe8olHLD6FYoaJ+Wk9Mq4mmuP4QtagdXJyObuSGlA=;\n\tb=Zlo76NBgnY5ZkcIZrZC7vAbH7A2aLuKyAYD/2nyQP/vMh8Bi6gLJlz7V/oU7hir1Ma\n\tdZC5bM8LDcnkZJ/HjCzuEu1Ehtxd1QXPZ5KRgHNfknr8NbNA5fNvbyITSNKZh1WuoIWH\n\tOw9TOTxUlKuMk3W8x9Kq977oNGaEQqkLPfCmz8h7ilVP7Y+chWsy/Z29byCLrdHOhD3y\n\tADqpupqsjHLBfquG4v0Z7c2WmdOrd3gpE10fEeqRX6VHCCOYn3ar9q2Oe/njM6tcXbQ1\n\t5pcZtOr29Y9qMYoPb8RlGUa3oy0bxbCPMMvpVnOMJGSN1HUFyZye6mqC569zXJ01kZUH\n\tk5zw==", "X-Gm-Message-State": "AHPjjUgKaBQJINlhrGmenXutskH2CWfia+g9dyrJvddGdHCJvcppFXqb\n\tfztnmm/QutJbH7LoVBI=", "X-Google-Smtp-Source": "ADKCNb4OOLAzoudxEQ7E+hdyksJ/J+UDL1RfB36rdaVhhgw1zXKd0P0V/YYd49Ug8bivn4v7hjEm/g==", "X-Received": "by 10.80.180.17 with SMTP id b17mr439419edh.130.1504819296454;\n\tThu, 07 Sep 2017 14:21:36 -0700 (PDT)", "From": "Peter Korsgaard <peter@korsgaard.com>", "To": "buildroot@buildroot.org", "Date": "Thu, 7 Sep 2017 23:21:33 +0200", "Message-Id": "<20170907212133.10036-1-peter@korsgaard.com>", "X-Mailer": "git-send-email 2.11.0", "Subject": "[Buildroot] [PATCH] libzip: security bump to version 1.3.0", "X-BeenThere": "buildroot@busybox.net", "X-Mailman-Version": "2.1.18-1", "Precedence": "list", "List-Id": "Discussion and development of buildroot <buildroot.busybox.net>", "List-Unsubscribe": "<http://lists.busybox.net/mailman/options/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=unsubscribe>", "List-Archive": "<http://lists.busybox.net/pipermail/buildroot/>", "List-Post": "<mailto:buildroot@busybox.net>", "List-Help": "<mailto:buildroot-request@busybox.net?subject=help>", "List-Subscribe": "<http://lists.busybox.net/mailman/listinfo/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=subscribe>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "buildroot-bounces@busybox.net", "Sender": "\"buildroot\" <buildroot-bounces@busybox.net>" }, "content": "Fixes the following security issues:\n\nCVE-2017-12858: Double free vulnerability in the _zip_dirent_read function\nin zip_dirent.c in libzip allows attackers to have unspecified impact via\nunknown vectors.\n\nCVE-2017-14107: The _zip_read_eocd64 function in zip_open.c in libzip before\n1.3.0 mishandles EOCD records, which allows remote attackers to cause a\ndenial of service (memory allocation failure in _zip_cdir_grow in\nzip_dirent.c) via a crafted ZIP archive.\n\nFor more details, see\nhttps://blogs.gentoo.org/ago/2017/09/01/libzip-use-after-free-in-_zip_buffer_free-zip_buffer-c/\nhttps://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/\n\nlibzip-1.3.0 also adds optional bzip2 support, so handle that.\n\nWhile we're at it, add a hash for the license file.\n\nSigned-off-by: Peter Korsgaard <peter@korsgaard.com>\n---\n package/libzip/libzip.hash | 3 ++-\n package/libzip/libzip.mk | 9 ++++++++-\n 2 files changed, 10 insertions(+), 2 deletions(-)", "diff": "diff --git a/package/libzip/libzip.hash b/package/libzip/libzip.hash\nindex 103c7619e2..d100982bc6 100644\n--- a/package/libzip/libzip.hash\n+++ b/package/libzip/libzip.hash\n@@ -1,2 +1,3 @@\n # Locally calculated\n-sha256\tffc0764395fba3d45dc5a6e32282788854618b9e9838337f8218b596007f1376\tlibzip-1.2.0.tar.xz\n+sha256\taa936efe34911be7acac2ab07fb5c8efa53ed9bb4d44ad1fe8bff19630e0d373 libzip-1.3.0.tar.xz\n+sha256 d159ae325ca0b8236c44dfd980ca99810dbcfc057b077c50dbbda1131cbd263a LICENSE\ndiff --git a/package/libzip/libzip.mk b/package/libzip/libzip.mk\nindex a4012dd1e3..5ffa1cac00 100644\n--- a/package/libzip/libzip.mk\n+++ b/package/libzip/libzip.mk\n@@ -4,7 +4,7 @@\n #\n ################################################################################\n \n-LIBZIP_VERSION = 1.2.0\n+LIBZIP_VERSION = 1.3.0\n LIBZIP_SITE = http://www.nih.at/libzip\n LIBZIP_SOURCE = libzip-$(LIBZIP_VERSION).tar.xz\n LIBZIP_LICENSE = BSD-3-Clause\n@@ -12,4 +12,11 @@ LIBZIP_LICENSE_FILES = LICENSE\n LIBZIP_INSTALL_STAGING = YES\n LIBZIP_DEPENDENCIES = zlib\n \n+ifeq ($(BR2_PACKAGE_BZIP2),y)\n+LIBZIP_CONF_OPTS += --with-bzip2\n+LIBZIP_DEPENDENCIES += bzip2\n+else\n+LIBZIP_CONF_OPTS += --without-bzip2\n+endif\n+\n $(eval $(autotools-package))\n", "prefixes": [] }