From patchwork Sat Jun 12 22:27:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Seiderer X-Patchwork-Id: 1491350 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.a=rsa-sha256 header.s=badeba3b8450 header.b=G3qb8OYI; dkim-atps=neutral Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G2XRP2YmSz9sWF for ; Sun, 13 Jun 2021 08:28:15 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id DD6D86005E; Sat, 12 Jun 2021 22:28:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sU388rjP4lHB; Sat, 12 Jun 2021 22:28:12 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp3.osuosl.org (Postfix) with ESMTP id 4192C605B2; Sat, 12 Jun 2021 22:28:11 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 1BE9F1BF2A9 for ; Sat, 12 Jun 2021 22:28:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 0B7FA40197 for ; Sat, 12 Jun 2021 22:28:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O8Xw5s0lo6Ux for ; Sat, 12 Jun 2021 22:28:08 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by smtp2.osuosl.org (Postfix) with ESMTPS id 9BD2A40003 for ; Sat, 12 Jun 2021 22:28:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1623536871; bh=c+I20Uh72JIwhxG3yhebk3gv6Trbevi05ZO5Cr1CGxw=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date; b=G3qb8OYIetiwJFlVRKii8C9w44TJfnFhQeGBKbiJsLFB8jYmxVRr4K0uwDSpU8Qbf 0lclwpWXIj/2RCka6TdazACiINGgDcF+0zk8V3ZRcEsWZQhX1RBifDdOiNGj3XLGFA mkTrYODBEV2QQSoQcQwHRna3QZ6brme64BC3stNw= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from localhost.fritz.box ([62.216.208.96]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1Mi2Jt-1lNF4h46u9-00e1DF; Sun, 13 Jun 2021 00:27:51 +0200 From: Peter Seiderer To: buildroot@buildroot.org Date: Sun, 13 Jun 2021 00:27:48 +0200 Message-Id: <20210612222749.25669-1-ps.report@gmx.net> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-Provags-ID: V03:K1:f0FdcUtK3EwGSpcFajiEytCLmQ+nK4kXzWLN+Cj9iU62i1S3mni 9prsKex1sgggVZMU9iJaySAlvGo5jrVw4ww2f7qAXXHoF0hI3SY3RReTNwfWg/iqkHHbko4 SijTQ4XEWiXhE5ndWlN8tR5hoXBO4QSRIW54hNvTNHYa1E2f1N1wORmNi8rCyZuljgdagMv 2w4k444zaMORmqW8dKl8w== X-UI-Out-Filterresults: notjunk:1;V03:K0:03cPu9ikkZY=:oeDb3Q1JfEVqtosLjMirzq O9M01NeeUoWju4DJStkZcbiYWHmWnvvpWmaI05DurMXiRa1l9O/dE6t5zLfBf8j2K9t/yAFuF YxM6+f3CGYwqwqeCF4RmHNTbyrqSrmdVw+NCRSfVVNlhN1mh5CXns79T51rR5sUIM1mbAf1e1 6ciqQ/9bhIxr4CCE5NUnLOyVva3nzbj5K8WN7C18m7BUQy7QT0jkUYmPu3sZa5BEKf6J08GpA my0Oz0aHLbYHXNcH2mAPVfqhNGVmLbx13P7NFgmr09mwdHwzBrevjb880Ncx859Gep18WT+NQ FQPpWuWHCm3iLO79gFqu18MDWem/bWqbat1G9IWax7nmP43zI7f91pWodzZ8cw4hEqTpbcK7k bjcIdbDbVqlJX2K483EB59/LrmdB4hAguB8zudj4x6r01QWSSomVkYJSdwYXnRDPdnSmIjsi8 fhRZ9J2UybMgXX2bHzAXamUVweF8iBNyy4AmSviMcsaoMzjIpUSt1z9diceroUAPu0uaGPVm4 hSR5OuBm9lf8he6WI7GyuZ3xHhmTN2O+AcfzUopJf1DgDFoXTra7ML6jlUvjt3zPzfq8iAgdx Pga0wPsE3wrgQWLHseojfCwFTSx62XKb5zu25Z/cRJtKTHBL7rzeSK8SOEEv66oZSTjBriQfj ro3CqshFFTi72vAlENXYEHEb4F4auqORPgi79ENDM3rkxm8zY9TprRXqKW4i1M2F2K20iKmhi rbqNvOVR6ii85QuWtgf3t7snVBu3gTPGKl+bc5AAgeywt4GZE4jPxh5UzWWeJLDBv6C5FEvSa XR8AB+h0zzC+fKCgTqLuAxOanJEZyxvYFSP2aeDSdjNp3LT3+OG8X5gdK7VFDFwNBbvk2twmz m22LYdJZGZewSGpOeD9gxrp2BCvxzUjz+I0W81eE17f9TR69+m/4gmh31+5KOW960NBI4wFdn bu5/Imfn8BZaZS1M8VVOmHWWk6vSasEUqhgd4Rro5ogEtnr7HhjsBCZ7oga0K5YjQuL4groHK 0ZRUBDnoSx0KxgPe2gRODmbKmYHmSs7U4h/ejAXeTd5RonVLXLgc1XisnFrr+bckUjgpZvnqT TYALTjPP1ixmGZnGQdjAA+rp/tdcWhLj9NK Subject: [Buildroot] [PATCH v1 1/2] package/mpg123: bump version to 1.25.15 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marek Kraus Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Peter Korsgaard Bugfix release. From the release notes: Some backports of important fixes to the 1.25 series, for very conservative people. libmpg123: Backport bit reservoir CRC fix from 1.26 libmpg123: Backport part2_3_length regression fix (bug 312). Signed-off-by: Peter Korsgaard --- package/mpg123/mpg123.hash | 8 ++++---- package/mpg123/mpg123.mk | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package/mpg123/mpg123.hash b/package/mpg123/mpg123.hash index 02c40ad086..e5fb09b46a 100644 --- a/package/mpg123/mpg123.hash +++ b/package/mpg123/mpg123.hash @@ -1,7 +1,7 @@ -# From https://sourceforge.net/projects/mpg123/files/mpg123/1.25.13/ -sha1 2b6428dc563c56fb1374191d1244c8ac928e4d89 mpg123-1.25.13.tar.bz2 -md5 294a6c30546504ec3d0deac2b2ea22be mpg123-1.25.13.tar.bz2 +# From https://sourceforge.net/projects/mpg123/files/mpg123/1.25.15/ +sha1 286fcb83afad3ecbfea60434d3ee1b6d7f41bb7c mpg123-1.25.15.tar.bz2 +md5 9a050d4b3573661c606f8095a3f34ca3 mpg123-1.25.15.tar.bz2 # Locally calculated -sha256 90306848359c793fd43b9906e52201df18775742dc3c81c06ab67a806509890a mpg123-1.25.13.tar.bz2 +sha256 503a76d82d97f1a6513bbeb284e460a99fb17ef80f23a661d8fc026ce6adcbbc mpg123-1.25.15.tar.bz2 # License file sha256 f40e0dd86b27b52e429b693a87b3ca63ae0a98a4d142e77207aa6bdf1db7a295 COPYING diff --git a/package/mpg123/mpg123.mk b/package/mpg123/mpg123.mk index 588a4ffc32..9aa9cd1c10 100644 --- a/package/mpg123/mpg123.mk +++ b/package/mpg123/mpg123.mk @@ -4,7 +4,7 @@ # ################################################################################ -MPG123_VERSION = 1.25.13 +MPG123_VERSION = 1.25.15 MPG123_SOURCE = mpg123-$(MPG123_VERSION).tar.bz2 MPG123_SITE = http://downloads.sourceforge.net/project/mpg123/mpg123/$(MPG123_VERSION) MPG123_CONF_OPTS = --disable-lfs-alias From patchwork Sat Jun 12 22:27:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Seiderer X-Patchwork-Id: 1491351 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.a=rsa-sha256 header.s=badeba3b8450 header.b=No/PYd2v; dkim-atps=neutral Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G2XRb6z6Lz9sWF for ; Sun, 13 Jun 2021 08:28:27 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 82B1C605B2; Sat, 12 Jun 2021 22:28:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aSXXs5aq4lu4; Sat, 12 Jun 2021 22:28:24 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp3.osuosl.org (Postfix) with ESMTP id C48B6606A6; Sat, 12 Jun 2021 22:28:23 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 250721BF94D for ; Sat, 12 Jun 2021 22:28:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 14F9C605B2 for ; Sat, 12 Jun 2021 22:28:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zf4auc4yWdhb for ; Sat, 12 Jun 2021 22:28:07 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by smtp3.osuosl.org (Postfix) with ESMTPS id 53C216005E for ; Sat, 12 Jun 2021 22:28:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1623536871; bh=xKpzcIsWyt/km8Fs7WbscmoAcmCM2/f7SPYt9vk3YPI=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=No/PYd2vN8wugMhvjQXwfTuV86L1RVj5QOF6p8zAtbu1M2agBHkU3xvOj3NoBUj6W I4gM4V1ls5nF+j7PZ7vPpws0cdOnUUHop3P49g4aGmq/Kj+HwpY40ODprjz5fLdMCd gIJy1I/AwDEBYOx5HG9A7i0yia/3cLWXolDderAc= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from localhost.fritz.box ([62.216.208.96]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MysW2-1l6XP32GuI-00vxpy; Sun, 13 Jun 2021 00:27:51 +0200 From: Peter Seiderer To: buildroot@buildroot.org Date: Sun, 13 Jun 2021 00:27:49 +0200 Message-Id: <20210612222749.25669-2-ps.report@gmx.net> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210612222749.25669-1-ps.report@gmx.net> References: <20210612222749.25669-1-ps.report@gmx.net> MIME-Version: 1.0 X-Provags-ID: V03:K1:StVFpK3Ldbmsd/pH4ZpmLRoitUgmjijaOpitjkvlNhMlkZN+GM1 xfJPIeLNNYHUJbpy3Rjem9bi2ZGJYNMovGxsDRPR7GYSvwU9YKGdohZppqSURY1mBW539YD O1dc+GatM7r0qDbNqrk88gQPSXyGq4gC/F02mMs7m3nVX4uWn6MkeKsgXLFONsaHSbOyNib zT7H3nTAGQEeApUPXFp4w== X-UI-Out-Filterresults: notjunk:1;V03:K0:YX3vEA4JFtM=:2LT+6bizCw1tTR4/l//Yxt xY1epY94BUpONelZNVvDPXV0XGpbKc49zFX4+gvvaEcZXkl28Mx0/9crvRgtqFom4CHreNNgs IDhcqymZCKp1mXqy6xzmRM7M4DxsVg2FQ7mOn1HofJPf5ENGnv6vtlwrAF49ksF4zUPd++3sL A9x/JsaAirn5rhoXnD/kMMYkpZ4Qd9hXUbuTG3GojeeuQ6i09D7B32+Fr8rQWjowdGYvyWm46 keQxKgekVaJGu0L8sXSSwysOSbbU8wSaEKpznBXl/CjJPeBfNemgmLVfA3gfWaFyRKYMSJ10d PDiKmGh7yhcpi9JTV2Ix9me0YPyapqOo4oXPHhlFlD8ECEedsj+nsXQwhTIFsY1OY4mXRqu5n A+xDLsFVRIOKpxnnp8SQMCYoUhpSv4Cn5jGo3mTy0PGiL7GBMQbE/VS9dnCzM4PtqwMEbDU22 UofMFcMi8qg61zJo9qAFb3SC+bXETGrqnRG3J3dP1iZULkJhM03hauR74JrbtGYtcqlcS6Nne PKr7730afihqlv2T+RNGIKIIeHco9jHXp9LX7CO7hgGj0aKVYPLbpsbVmKFM5wrpBsB7UpGhN 1Jb27zR6GC2i+0OEbdVRVG4VJ41hvbJLdnret2N8kAcM/V1PglENbZjhT8dBdQsxhvcz7OJmM ARgf182Swo1qnk0p0vUtGXwz2c28OYIV3SQt2FB9/y3g4YCIa3AYUDkcldvBXb/wTz/eRaSut +uFlY1qsn6pquKak/ir+V/pkqsm3FceNb/H5sVAuu74kh+9HP0wtqhLiY6Bc6cM4mk7CFNipC negClx3CmRXtYvR6vcVJWWja5YWufKSNXLrergbDcUGf3wxggdtgRk4XjqLMhqw45GCMLFVpy ycQZwD4syRElFKu/WXzKrjJbg/sKV978uSYcxFDbeItKvo35VpjnuEwAEOGvR2vka4MSZGwvk 24XMGkswX/l7ee+K0iozx01CW1/2qryslZ1JdBC58BNf0hOIAdjmDeVEnNIE49OEib9nI+5A8 H1hZ2blvMSZE8JbCU6AVRsTj2Q2BQagVMAqSmf/U9bpx0i7ZPZbi2vllCclGRJZM0X1Y944D4 8vFkWKuxynvPwSi1gzYTurEer54aMcA18/7 Subject: [Buildroot] [PATCH v1 2/2] package/squid: security bump to version 4.15 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marek Kraus Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Peter Korsgaard Fixes the following security issues: - CVE-2021-28651: Denial of Service in URN processing Due to a buffer management bug Squid is vulnerable to a Denial of service attack against the server it is operating on. This attack is limited to proxies which attempt to resolve a "urn:" resource identifier. Support for this resolving is enabled by default in all Squid. https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4 - CVE-2021-28652: Denial of Service issue in Cache Manager Due to an incorrect parser validation bug Squid is vulnerable to a Denial of Service attack against the Cache Manager API. https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447 - CVE-2021-28662: Denial of Service in HTTP Response Processing Due to an input validation bug Squid is vulnerable to a Denial of Service against all clients using the proxy. https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h - CVE-2021-31806, CVE-2021-31807, CVE-2021-31808: Multiple Issues in HTTP Range header Due to an incorrect input validation bug Squid is vulnerable to a Denial of Service attack against all clients using the proxy. https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf - CVE-2021-33620: Denial of Service in HTTP Response processing Due to an input validation bug Squid is vulnerable to a Denial of Service against all clients using the proxy. https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f Signed-off-by: Peter Korsgaard --- package/squid/squid.hash | 8 ++++---- package/squid/squid.mk | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package/squid/squid.hash b/package/squid/squid.hash index a2aaba5fd5..12a9e5d293 100644 --- a/package/squid/squid.hash +++ b/package/squid/squid.hash @@ -1,6 +1,6 @@ -# From http://www.squid-cache.org/Versions/v4/squid-4.14.tar.xz.asc -md5 7d9ba82703cd770b2ede169a0c1de94a squid-4.14.tar.xz -sha1 71ae13a845a6a7ffc69ce11086ea3e427625bc08 squid-4.14.tar.xz +# From http://www.squid-cache.org/Versions/v4/squid-4.15.tar.xz.asc +md5 a593de9dc888dfeca4f1f7db2cd7d3b9 squid-4.15.tar.xz +sha1 60bda34ba39657e2d870c8c1d2acece8a69c3075 squid-4.15.tar.xz # Locally calculated -sha256 f1097daa6434897c159bc100978b51347c0339041610845d0afa128151729ffc squid-4.14.tar.xz +sha256 b693a4e5ab2811a8a854f60de0a62afbbf3a952bb1d047952c9ae01321f84a25 squid-4.15.tar.xz sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/squid/squid.mk b/package/squid/squid.mk index 7e6865f8ed..b23a8d26ed 100644 --- a/package/squid/squid.mk +++ b/package/squid/squid.mk @@ -4,7 +4,7 @@ # ################################################################################ -SQUID_VERSION = 4.14 +SQUID_VERSION = 4.15 SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz SQUID_SITE = http://www.squid-cache.org/Versions/v4 SQUID_LICENSE = GPL-2.0+