From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [git commit] procps-ng: security bump to version 3.3.15
Date: Thu, 24 May 2018 23:10:48 +0200 [thread overview]
Message-ID: <20180524211314.EB56782616@busybox.osuosl.org> (raw)
commit: https://git.buildroot.net/buildroot/commit/?id=fe07577181e178381a4aaf526da3a7c3fb4d8f6c
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Drop upstream patch.
This release fixes the issues listed below.
CVE-2018-1122: Local privilege escalation in top
CVE-2018-1123: Denial of service in ps
CVE-2018-1124: Local privilege escalation in libprocps
CVE-2018-1125: Stack buffer overflow in pgrep
CVE-2018-1126: Integer overflow in proc/alloc
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
.../0001-proc-sig-fix-build-for-sparc.patch | 43 ----------------------
package/procps-ng/procps-ng.hash | 8 ++--
package/procps-ng/procps-ng.mk | 2 +-
3 files changed, 5 insertions(+), 48 deletions(-)
diff --git a/package/procps-ng/0001-proc-sig-fix-build-for-sparc.patch b/package/procps-ng/0001-proc-sig-fix-build-for-sparc.patch
deleted file mode 100644
index 74f822aea3..0000000000
--- a/package/procps-ng/0001-proc-sig-fix-build-for-sparc.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 070feb7c5ebd0f2ca721ca5d75bdd3fd8cffe961 Mon Sep 17 00:00:00 2001
-From: Baruch Siach <baruch@tkos.co.il>
-Date: Fri, 27 Apr 2018 07:34:57 +0300
-Subject: [PATCH] proc/sig: fix build for sparc
-
-The code undefines SIGLOST which breaks references to SIGPWR.
-
-Taken from a patch suggested in upstream bug report #93.
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-Upstream status: https://gitlab.com/procps-ng/procps/issues/93
----
- proc/sig.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/proc/sig.c b/proc/sig.c
-index b883185fc28a..6ca9512cc70c 100644
---- a/proc/sig.c
-+++ b/proc/sig.c
-@@ -52,10 +52,6 @@
- # undef SIGSTKFLT
- #endif
-
--#if !defined(__GNU__) && defined(SIGLOST)
--# undef SIGLOST
--#endif
--
- #ifndef SIGRTMIN
- # warning Standards require that <signal.h> define SIGRTMIN; assuming 32
- # define SIGRTMIN 32
-@@ -87,7 +83,7 @@ static const mapstruct sigtable[] = {
- {"ILL", SIGILL},
- {"INT", SIGINT},
- {"KILL", SIGKILL},
--#ifdef SIGLOST
-+#if defined(__GNU__)
- {"LOST", SIGLOST}, /* Hurd-specific */
- #endif
- {"PIPE", SIGPIPE},
---
-2.17.0
-
diff --git a/package/procps-ng/procps-ng.hash b/package/procps-ng/procps-ng.hash
index 9488af2d9f..123db992ef 100644
--- a/package/procps-ng/procps-ng.hash
+++ b/package/procps-ng/procps-ng.hash
@@ -1,8 +1,8 @@
# From http://sourceforge.net/projects/procps-ng/files/Production/
-md5 fce371ccc1c15a67af9d85e4057e559d procps-ng-3.3.14.tar.xz
-sha1 fcc4631b1185f7250daecee2fcebe15efbbe0d65 procps-ng-3.3.14.tar.xz
+md5 2b0717a7cb474b3d6dfdeedfbad2eccc procps-ng-3.3.15.tar.xz
+sha1 2929bc64f0cf7b2db997eef79b7187658e47230d procps-ng-3.3.15.tar.xz
# Locally calculated after checking signature
-# http://downloads.sourceforge.net/project/procps-ng/Production/procps-ng-3.3.14.tar.xz.asc
-sha256 5eda0253999b7d786e690edfa73301b3113c7a67058478866e98e9ff6736726c procps-ng-3.3.14.tar.xz
+# http://downloads.sourceforge.net/project/procps-ng/Production/procps-ng-3.3.15.tar.xz.asc
+sha256 10bd744ffcb3de2d591d2f6acf1a54a7ba070fdcc432a855931a5057149f0465 procps-ng-3.3.15.tar.xz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
sha256 681e386e44a19d7d0674b4320272c90e66b6610b741e7e6305f8219c42e85366 COPYING.LIB
diff --git a/package/procps-ng/procps-ng.mk b/package/procps-ng/procps-ng.mk
index 0d5ce9ddf0..e1fddea32c 100644
--- a/package/procps-ng/procps-ng.mk
+++ b/package/procps-ng/procps-ng.mk
@@ -4,7 +4,7 @@
#
################################################################################
-PROCPS_NG_VERSION = 3.3.14
+PROCPS_NG_VERSION = 3.3.15
PROCPS_NG_SOURCE = procps-ng-$(PROCPS_NG_VERSION).tar.xz
PROCPS_NG_SITE = http://downloads.sourceforge.net/project/procps-ng/Production
PROCPS_NG_LICENSE = GPL-2.0+, LGPL-2.0+ (libproc and libps)
reply other threads:[~2018-05-24 21:10 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180524211314.EB56782616@busybox.osuosl.org \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.