* [Buildroot] [git commit] procps-ng: security bump to version 3.3.15
@ 2018-05-24 21:10 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2018-05-24 21:10 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=fe07577181e178381a4aaf526da3a7c3fb4d8f6c
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Drop upstream patch.
This release fixes the issues listed below.
CVE-2018-1122: Local privilege escalation in top
CVE-2018-1123: Denial of service in ps
CVE-2018-1124: Local privilege escalation in libprocps
CVE-2018-1125: Stack buffer overflow in pgrep
CVE-2018-1126: Integer overflow in proc/alloc
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
.../0001-proc-sig-fix-build-for-sparc.patch | 43 ----------------------
package/procps-ng/procps-ng.hash | 8 ++--
package/procps-ng/procps-ng.mk | 2 +-
3 files changed, 5 insertions(+), 48 deletions(-)
diff --git a/package/procps-ng/0001-proc-sig-fix-build-for-sparc.patch b/package/procps-ng/0001-proc-sig-fix-build-for-sparc.patch
deleted file mode 100644
index 74f822aea3..0000000000
--- a/package/procps-ng/0001-proc-sig-fix-build-for-sparc.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 070feb7c5ebd0f2ca721ca5d75bdd3fd8cffe961 Mon Sep 17 00:00:00 2001
-From: Baruch Siach <baruch@tkos.co.il>
-Date: Fri, 27 Apr 2018 07:34:57 +0300
-Subject: [PATCH] proc/sig: fix build for sparc
-
-The code undefines SIGLOST which breaks references to SIGPWR.
-
-Taken from a patch suggested in upstream bug report #93.
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-Upstream status: https://gitlab.com/procps-ng/procps/issues/93
----
- proc/sig.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/proc/sig.c b/proc/sig.c
-index b883185fc28a..6ca9512cc70c 100644
---- a/proc/sig.c
-+++ b/proc/sig.c
-@@ -52,10 +52,6 @@
- # undef SIGSTKFLT
- #endif
-
--#if !defined(__GNU__) && defined(SIGLOST)
--# undef SIGLOST
--#endif
--
- #ifndef SIGRTMIN
- # warning Standards require that <signal.h> define SIGRTMIN; assuming 32
- # define SIGRTMIN 32
-@@ -87,7 +83,7 @@ static const mapstruct sigtable[] = {
- {"ILL", SIGILL},
- {"INT", SIGINT},
- {"KILL", SIGKILL},
--#ifdef SIGLOST
-+#if defined(__GNU__)
- {"LOST", SIGLOST}, /* Hurd-specific */
- #endif
- {"PIPE", SIGPIPE},
---
-2.17.0
-
diff --git a/package/procps-ng/procps-ng.hash b/package/procps-ng/procps-ng.hash
index 9488af2d9f..123db992ef 100644
--- a/package/procps-ng/procps-ng.hash
+++ b/package/procps-ng/procps-ng.hash
@@ -1,8 +1,8 @@
# From http://sourceforge.net/projects/procps-ng/files/Production/
-md5 fce371ccc1c15a67af9d85e4057e559d procps-ng-3.3.14.tar.xz
-sha1 fcc4631b1185f7250daecee2fcebe15efbbe0d65 procps-ng-3.3.14.tar.xz
+md5 2b0717a7cb474b3d6dfdeedfbad2eccc procps-ng-3.3.15.tar.xz
+sha1 2929bc64f0cf7b2db997eef79b7187658e47230d procps-ng-3.3.15.tar.xz
# Locally calculated after checking signature
-# http://downloads.sourceforge.net/project/procps-ng/Production/procps-ng-3.3.14.tar.xz.asc
-sha256 5eda0253999b7d786e690edfa73301b3113c7a67058478866e98e9ff6736726c procps-ng-3.3.14.tar.xz
+# http://downloads.sourceforge.net/project/procps-ng/Production/procps-ng-3.3.15.tar.xz.asc
+sha256 10bd744ffcb3de2d591d2f6acf1a54a7ba070fdcc432a855931a5057149f0465 procps-ng-3.3.15.tar.xz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
sha256 681e386e44a19d7d0674b4320272c90e66b6610b741e7e6305f8219c42e85366 COPYING.LIB
diff --git a/package/procps-ng/procps-ng.mk b/package/procps-ng/procps-ng.mk
index 0d5ce9ddf0..e1fddea32c 100644
--- a/package/procps-ng/procps-ng.mk
+++ b/package/procps-ng/procps-ng.mk
@@ -4,7 +4,7 @@
#
################################################################################
-PROCPS_NG_VERSION = 3.3.14
+PROCPS_NG_VERSION = 3.3.15
PROCPS_NG_SOURCE = procps-ng-$(PROCPS_NG_VERSION).tar.xz
PROCPS_NG_SITE = http://downloads.sourceforge.net/project/procps-ng/Production
PROCPS_NG_LICENSE = GPL-2.0+, LGPL-2.0+ (libproc and libps)
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2018-05-24 21:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-24 21:10 [Buildroot] [git commit] procps-ng: security bump to version 3.3.15 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.