[Buildroot] [PATCH v1 1/2] package/mpg123: bump version to 1.25.15

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH v1 1/2] package/mpg123: bump version to 1.25.15
@ 2021-06-12 22:27 Peter Seiderer
  2021-06-12 22:27 ` [Buildroot] [PATCH v1 2/2] package/squid: security bump to version 4.15 Peter Seiderer
  2021-06-12 22:32 ` [Buildroot] [PATCH v1 1/2] package/mpg123: bump version to 1.25.15 Peter Seiderer
  0 siblings, 2 replies; 4+ messages in thread
From: Peter Seiderer @ 2021-06-12 22:27 UTC (permalink / raw)
  To: buildroot

From: Peter Korsgaard <peter@korsgaard.com>

Bugfix release. From the release notes:

Some backports of important fixes to the 1.25 series, for very conservative
people.

libmpg123: Backport bit reservoir CRC fix from 1.26
libmpg123: Backport part2_3_length regression fix (bug 312).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/mpg123/mpg123.hash | 8 ++++----
 package/mpg123/mpg123.mk   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/mpg123/mpg123.hash b/package/mpg123/mpg123.hash
index 02c40ad086..e5fb09b46a 100644
--- a/package/mpg123/mpg123.hash
+++ b/package/mpg123/mpg123.hash
@@ -1,7 +1,7 @@
-# From https://sourceforge.net/projects/mpg123/files/mpg123/1.25.13/
-sha1 2b6428dc563c56fb1374191d1244c8ac928e4d89  mpg123-1.25.13.tar.bz2
-md5 294a6c30546504ec3d0deac2b2ea22be  mpg123-1.25.13.tar.bz2
+# From https://sourceforge.net/projects/mpg123/files/mpg123/1.25.15/
+sha1  286fcb83afad3ecbfea60434d3ee1b6d7f41bb7c  mpg123-1.25.15.tar.bz2
+md5  9a050d4b3573661c606f8095a3f34ca3  mpg123-1.25.15.tar.bz2
 # Locally calculated
-sha256 90306848359c793fd43b9906e52201df18775742dc3c81c06ab67a806509890a  mpg123-1.25.13.tar.bz2
+sha256  503a76d82d97f1a6513bbeb284e460a99fb17ef80f23a661d8fc026ce6adcbbc  mpg123-1.25.15.tar.bz2
 # License file
 sha256  f40e0dd86b27b52e429b693a87b3ca63ae0a98a4d142e77207aa6bdf1db7a295  COPYING
diff --git a/package/mpg123/mpg123.mk b/package/mpg123/mpg123.mk
index 588a4ffc32..9aa9cd1c10 100644
--- a/package/mpg123/mpg123.mk
+++ b/package/mpg123/mpg123.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MPG123_VERSION = 1.25.13
+MPG123_VERSION = 1.25.15
 MPG123_SOURCE = mpg123-$(MPG123_VERSION).tar.bz2
 MPG123_SITE = http://downloads.sourceforge.net/project/mpg123/mpg123/$(MPG123_VERSION)
 MPG123_CONF_OPTS = --disable-lfs-alias
-- 
2.31.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH v1 2/2] package/squid: security bump to version 4.15
  2021-06-12 22:27 [Buildroot] [PATCH v1 1/2] package/mpg123: bump version to 1.25.15 Peter Seiderer
@ 2021-06-12 22:27 ` Peter Seiderer
  2021-06-12 22:33   ` Peter Seiderer
  2021-06-12 22:32 ` [Buildroot] [PATCH v1 1/2] package/mpg123: bump version to 1.25.15 Peter Seiderer
  1 sibling, 1 reply; 4+ messages in thread
From: Peter Seiderer @ 2021-06-12 22:27 UTC (permalink / raw)
  To: buildroot

From: Peter Korsgaard <peter@korsgaard.com>

Fixes the following security issues:

- CVE-2021-28651: Denial of Service in URN processing
  Due to a buffer management bug Squid is vulnerable to a Denial of service
  attack against the server it is operating on.

  This attack is limited to proxies which attempt to resolve a "urn:"
  resource identifier.  Support for this resolving is enabled by default in
  all Squid.

  https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4

- CVE-2021-28652: Denial of Service issue in Cache Manager
  Due to an incorrect parser validation bug Squid is vulnerable to a Denial
  of Service attack against the Cache Manager API.

  https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447

- CVE-2021-28662: Denial of Service in HTTP Response Processing
  Due to an input validation bug Squid is vulnerable to a Denial of Service
  against all clients using the proxy.

  https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h

- CVE-2021-31806, CVE-2021-31807, CVE-2021-31808: Multiple Issues in HTTP
  Range header
  Due to an incorrect input validation bug Squid is vulnerable to
  a Denial of Service attack against all clients using the proxy.

  https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf

- CVE-2021-33620: Denial of Service in HTTP Response processing
  Due to an input validation bug Squid is vulnerable to a Denial of Service
  against all clients using the proxy.

  https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/squid/squid.hash | 8 ++++----
 package/squid/squid.mk   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/squid/squid.hash b/package/squid/squid.hash
index a2aaba5fd5..12a9e5d293 100644
--- a/package/squid/squid.hash
+++ b/package/squid/squid.hash
@@ -1,6 +1,6 @@
-# From http://www.squid-cache.org/Versions/v4/squid-4.14.tar.xz.asc
-md5  7d9ba82703cd770b2ede169a0c1de94a  squid-4.14.tar.xz
-sha1  71ae13a845a6a7ffc69ce11086ea3e427625bc08  squid-4.14.tar.xz
+# From http://www.squid-cache.org/Versions/v4/squid-4.15.tar.xz.asc
+md5  a593de9dc888dfeca4f1f7db2cd7d3b9  squid-4.15.tar.xz
+sha1  60bda34ba39657e2d870c8c1d2acece8a69c3075  squid-4.15.tar.xz
 # Locally calculated
-sha256  f1097daa6434897c159bc100978b51347c0339041610845d0afa128151729ffc  squid-4.14.tar.xz
+sha256  b693a4e5ab2811a8a854f60de0a62afbbf3a952bb1d047952c9ae01321f84a25  squid-4.15.tar.xz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/squid/squid.mk b/package/squid/squid.mk
index 7e6865f8ed..b23a8d26ed 100644
--- a/package/squid/squid.mk
+++ b/package/squid/squid.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SQUID_VERSION = 4.14
+SQUID_VERSION = 4.15
 SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
 SQUID_SITE = http://www.squid-cache.org/Versions/v4
 SQUID_LICENSE = GPL-2.0+
-- 
2.31.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH v1 1/2] package/mpg123: bump version to 1.25.15
  2021-06-12 22:27 [Buildroot] [PATCH v1 1/2] package/mpg123: bump version to 1.25.15 Peter Seiderer
  2021-06-12 22:27 ` [Buildroot] [PATCH v1 2/2] package/squid: security bump to version 4.15 Peter Seiderer
@ 2021-06-12 22:32 ` Peter Seiderer
  1 sibling, 0 replies; 4+ messages in thread
From: Peter Seiderer @ 2021-06-12 22:32 UTC (permalink / raw)
  To: buildroot

Forget this one (send by mistake - git format-patch master -2 vs.
git format patch -2), sorry for the noise...

Regards,
Peter

On Sun, 13 Jun 2021 00:27:48 +0200, Peter Seiderer <ps.report@gmx.net> wrote:

> From: Peter Korsgaard <peter@korsgaard.com>
>
> Bugfix release. From the release notes:
>
> Some backports of important fixes to the 1.25 series, for very conservative
> people.
>
> libmpg123: Backport bit reservoir CRC fix from 1.26
> libmpg123: Backport part2_3_length regression fix (bug 312).
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
>  package/mpg123/mpg123.hash | 8 ++++----
>  package/mpg123/mpg123.mk   | 2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/package/mpg123/mpg123.hash b/package/mpg123/mpg123.hash
> index 02c40ad086..e5fb09b46a 100644
> --- a/package/mpg123/mpg123.hash
> +++ b/package/mpg123/mpg123.hash
> @@ -1,7 +1,7 @@
> -# From https://sourceforge.net/projects/mpg123/files/mpg123/1.25.13/
> -sha1 2b6428dc563c56fb1374191d1244c8ac928e4d89  mpg123-1.25.13.tar.bz2
> -md5 294a6c30546504ec3d0deac2b2ea22be  mpg123-1.25.13.tar.bz2
> +# From https://sourceforge.net/projects/mpg123/files/mpg123/1.25.15/
> +sha1  286fcb83afad3ecbfea60434d3ee1b6d7f41bb7c  mpg123-1.25.15.tar.bz2
> +md5  9a050d4b3573661c606f8095a3f34ca3  mpg123-1.25.15.tar.bz2
>  # Locally calculated
> -sha256 90306848359c793fd43b9906e52201df18775742dc3c81c06ab67a806509890a  mpg123-1.25.13.tar.bz2
> +sha256  503a76d82d97f1a6513bbeb284e460a99fb17ef80f23a661d8fc026ce6adcbbc  mpg123-1.25.15.tar.bz2
>  # License file
>  sha256  f40e0dd86b27b52e429b693a87b3ca63ae0a98a4d142e77207aa6bdf1db7a295  COPYING
> diff --git a/package/mpg123/mpg123.mk b/package/mpg123/mpg123.mk
> index 588a4ffc32..9aa9cd1c10 100644
> --- a/package/mpg123/mpg123.mk
> +++ b/package/mpg123/mpg123.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>
> -MPG123_VERSION = 1.25.13
> +MPG123_VERSION = 1.25.15
>  MPG123_SOURCE = mpg123-$(MPG123_VERSION).tar.bz2
>  MPG123_SITE = http://downloads.sourceforge.net/project/mpg123/mpg123/$(MPG123_VERSION)
>  MPG123_CONF_OPTS = --disable-lfs-alias

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH v1 2/2] package/squid: security bump to version 4.15
  2021-06-12 22:27 ` [Buildroot] [PATCH v1 2/2] package/squid: security bump to version 4.15 Peter Seiderer
@ 2021-06-12 22:33   ` Peter Seiderer
  0 siblings, 0 replies; 4+ messages in thread
From: Peter Seiderer @ 2021-06-12 22:33 UTC (permalink / raw)
  To: buildroot

Forget this one (send by mistake - git format-patch master -2 vs.
git format patch -2), sorry for the noise...

Regards,
Peter

On Sun, 13 Jun 2021 00:27:49 +0200, Peter Seiderer <ps.report@gmx.net> wrote:

> From: Peter Korsgaard <peter@korsgaard.com>
>
> Fixes the following security issues:
>
> - CVE-2021-28651: Denial of Service in URN processing
>   Due to a buffer management bug Squid is vulnerable to a Denial of service
>   attack against the server it is operating on.
>
>   This attack is limited to proxies which attempt to resolve a "urn:"
>   resource identifier.  Support for this resolving is enabled by default in
>   all Squid.
>
>   https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4
>
> - CVE-2021-28652: Denial of Service issue in Cache Manager
>   Due to an incorrect parser validation bug Squid is vulnerable to a Denial
>   of Service attack against the Cache Manager API.
>
>   https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
>
> - CVE-2021-28662: Denial of Service in HTTP Response Processing
>   Due to an input validation bug Squid is vulnerable to a Denial of Service
>   against all clients using the proxy.
>
>   https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
>
> - CVE-2021-31806, CVE-2021-31807, CVE-2021-31808: Multiple Issues in HTTP
>   Range header
>   Due to an incorrect input validation bug Squid is vulnerable to
>   a Denial of Service attack against all clients using the proxy.
>
>   https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
>
> - CVE-2021-33620: Denial of Service in HTTP Response processing
>   Due to an input validation bug Squid is vulnerable to a Denial of Service
>   against all clients using the proxy.
>
>   https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
>  package/squid/squid.hash | 8 ++++----
>  package/squid/squid.mk   | 2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/package/squid/squid.hash b/package/squid/squid.hash
> index a2aaba5fd5..12a9e5d293 100644
> --- a/package/squid/squid.hash
> +++ b/package/squid/squid.hash
> @@ -1,6 +1,6 @@
> -# From http://www.squid-cache.org/Versions/v4/squid-4.14.tar.xz.asc
> -md5  7d9ba82703cd770b2ede169a0c1de94a  squid-4.14.tar.xz
> -sha1  71ae13a845a6a7ffc69ce11086ea3e427625bc08  squid-4.14.tar.xz
> +# From http://www.squid-cache.org/Versions/v4/squid-4.15.tar.xz.asc
> +md5  a593de9dc888dfeca4f1f7db2cd7d3b9  squid-4.15.tar.xz
> +sha1  60bda34ba39657e2d870c8c1d2acece8a69c3075  squid-4.15.tar.xz
>  # Locally calculated
> -sha256  f1097daa6434897c159bc100978b51347c0339041610845d0afa128151729ffc  squid-4.14.tar.xz
> +sha256  b693a4e5ab2811a8a854f60de0a62afbbf3a952bb1d047952c9ae01321f84a25  squid-4.15.tar.xz
>  sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
> diff --git a/package/squid/squid.mk b/package/squid/squid.mk
> index 7e6865f8ed..b23a8d26ed 100644
> --- a/package/squid/squid.mk
> +++ b/package/squid/squid.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>
> -SQUID_VERSION = 4.14
> +SQUID_VERSION = 4.15
>  SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
>  SQUID_SITE = http://www.squid-cache.org/Versions/v4
>  SQUID_LICENSE = GPL-2.0+

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-06-12 22:33 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-12 22:27 [Buildroot] [PATCH v1 1/2] package/mpg123: bump version to 1.25.15 Peter Seiderer
2021-06-12 22:27 ` [Buildroot] [PATCH v1 2/2] package/squid: security bump to version 4.15 Peter Seiderer
2021-06-12 22:33   ` Peter Seiderer
2021-06-12 22:32 ` [Buildroot] [PATCH v1 1/2] package/mpg123: bump version to 1.25.15 Peter Seiderer

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.