* [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.33
@ 2020-04-30 19:42 Fabrice Fontaine
2020-04-30 19:42 ` [Buildroot] [PATCH 2/2] package/suricata: security bump to version 4.1.8 Fabrice Fontaine
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Fabrice Fontaine @ 2020-04-30 19:42 UTC (permalink / raw)
To: buildroot
- ChangeLog:
- compression bomb protection
- memory handling issue found by Oss-Fuzz
- improve handling of anomalies in traffic
- Drop first patch (already in version)
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
.../0001-fix-build-without-GNU-libiconv.patch | 60 -------------------
...01-htp.pc.in-add-lz-to-Libs.private.patch} | 2 +-
package/libhtp/libhtp.hash | 4 +-
package/libhtp/libhtp.mk | 2 +-
4 files changed, 4 insertions(+), 64 deletions(-)
delete mode 100644 package/libhtp/0001-fix-build-without-GNU-libiconv.patch
rename package/libhtp/{0002-htp.pc.in-add-lz-to-Libs.private.patch => 0001-htp.pc.in-add-lz-to-Libs.private.patch} (93%)
diff --git a/package/libhtp/0001-fix-build-without-GNU-libiconv.patch b/package/libhtp/0001-fix-build-without-GNU-libiconv.patch
deleted file mode 100644
index 8f6cddf2da..0000000000
--- a/package/libhtp/0001-fix-build-without-GNU-libiconv.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 1531a8e9b91b567979a2a0d7fd6a4c2e9126b01c Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Wed, 6 Mar 2019 23:06:54 +0100
-Subject: [PATCH] fix build without GNU libiconv
-
-iconvctl is only defined in GNU libiconv so check for the availability
-of this function before using it
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/OISF/libhtp/pull/193]
----
- configure.ac | 18 ++++++++++++++++++
- htp/htp_transcoder.c | 2 +-
- 2 files changed, 19 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 7f0a58d..388ec7b 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -155,6 +155,24 @@ sinclude(m4/lib-link.m4)
- sinclude(m4/lib-prefix.m4)
- AM_ICONV
-
-+# iconvctl is not standard, it is defined only in GNU libiconv
-+AC_MSG_CHECKING(for iconvctl)
-+TMPLIBS="${LIBS}"
-+LIBS="${LIBS} ${LIBICONV}"
-+
-+AC_TRY_LINK([#include <stdlib.h>
-+ #include <iconv.h>],
-+ [int iconv_param = 0;
-+ iconv_t cd = iconv_open("","");
-+ iconvctl(cd, ICONV_SET_DISCARD_ILSEQ, &iconv_param);
-+ iconv_close(cd);],
-+ [ac_cv_func_iconvctl=yes])
-+AC_MSG_RESULT($ac_cv_func_iconvctl)
-+if test "$ac_cv_func_iconvctl" == yes; then
-+ AC_DEFINE(HAVE_ICONVCTL,1,"Define to 1 if you have the `iconvctl' function.")
-+fi
-+LIBS="${TMPLIBS}"
-+
- dnl -----------------------------------------------
- dnl Check and enable the GCC opts we want to use.
- dnl We may need to add more checks
-diff --git a/htp/htp_transcoder.c b/htp/htp_transcoder.c
-index 57ff74c..d8e8280 100644
---- a/htp/htp_transcoder.c
-+++ b/htp/htp_transcoder.c
-@@ -64,7 +64,7 @@ int htp_transcode_params(htp_connp_t *connp, htp_table_t **params, int destroy_o
- return HTP_ERROR;
- }
-
-- #if (_LIBICONV_VERSION >= 0x0108)
-+ #if (_LIBICONV_VERSION >= 0x0108 && HAVE_ICONVCTL)
- int iconv_param = 0;
- iconvctl(cd, ICONV_SET_TRANSLITERATE, &iconv_param);
- iconv_param = 1;
---
-2.14.1
-
diff --git a/package/libhtp/0002-htp.pc.in-add-lz-to-Libs.private.patch b/package/libhtp/0001-htp.pc.in-add-lz-to-Libs.private.patch
similarity index 93%
rename from package/libhtp/0002-htp.pc.in-add-lz-to-Libs.private.patch
rename to package/libhtp/0001-htp.pc.in-add-lz-to-Libs.private.patch
index f79a9ebb3a..b21ea6053a 100644
--- a/package/libhtp/0002-htp.pc.in-add-lz-to-Libs.private.patch
+++ b/package/libhtp/0001-htp.pc.in-add-lz-to-Libs.private.patch
@@ -7,7 +7,7 @@ zlib is a mandatory dependency so add it to Libs.private otherwise
static linking of packages linking with htp (e.g. suricata) will fail.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: not sent yet]
+[Upstream status: https://github.com/OISF/libhtp/pull/294]
---
htp.pc.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/libhtp/libhtp.hash b/package/libhtp/libhtp.hash
index b3775c3ad3..765acd5bf9 100644
--- a/package/libhtp/libhtp.hash
+++ b/package/libhtp/libhtp.hash
@@ -1,3 +1,3 @@
# Locally computed:
-sha256 a6a6f3b3f1fb6e8b8a1dae02db8a0090c438f0d057102dd8e52208224868c4e4 libhtp-0.5.32.tar.gz
-sha256 87c93904e5434c81622ea690c2b90097b9f162aaa92a96542649a157dbf98d15 LICENSE
+sha256 953651fdfe828805bb82dc1aa8b56187b0e2f80781727343e68ccf8afd6a9122 libhtp-0.5.33.tar.gz
+sha256 87c93904e5434c81622ea690c2b90097b9f162aaa92a96542649a157dbf98d15 LICENSE
diff --git a/package/libhtp/libhtp.mk b/package/libhtp/libhtp.mk
index 577b700953..b77d8715f9 100644
--- a/package/libhtp/libhtp.mk
+++ b/package/libhtp/libhtp.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBHTP_VERSION = 0.5.32
+LIBHTP_VERSION = 0.5.33
LIBHTP_SITE = $(call github,OISF,libhtp,$(LIBHTP_VERSION))
LIBHTP_LICENSE = BSD-3-Clause
LIBHTP_LICENSE_FILES = LICENSE
--
2.26.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 2/2] package/suricata: security bump to version 4.1.8
2020-04-30 19:42 [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.33 Fabrice Fontaine
@ 2020-04-30 19:42 ` Fabrice Fontaine
2020-05-10 18:27 ` Peter Korsgaard
2020-05-01 10:00 ` [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.33 Yann E. MORIN
2020-05-10 18:26 ` Peter Korsgaard
2 siblings, 1 reply; 5+ messages in thread
From: Fabrice Fontaine @ 2020-04-30 19:42 UTC (permalink / raw)
To: buildroot
- This is the first release after Suricata joined the Oss-Fuzz program,
leading to discovery of a number of (potential) security issues:
https://suricata-ids.org/2020/04/28/suricata-4-1-8-released
- Drop first, second and fourth patches (already in version)
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...figure.ac-fix-static-build-with-pcap.patch | 29 --------------
...re-proper-shabang-on-python-scripts.patch} | 0
.../0002-configure.ac-fix-disable-geoip.patch | 33 ---------------
...004-stream-reject-broken-ACK-packets.patch | 40 -------------------
package/suricata/suricata.hash | 6 +--
package/suricata/suricata.mk | 7 +---
6 files changed, 5 insertions(+), 110 deletions(-)
delete mode 100644 package/suricata/0001-configure.ac-fix-static-build-with-pcap.patch
rename package/suricata/{0003-python-ensure-proper-shabang-on-python-scripts.patch => 0001-python-ensure-proper-shabang-on-python-scripts.patch} (100%)
delete mode 100644 package/suricata/0002-configure.ac-fix-disable-geoip.patch
delete mode 100644 package/suricata/0004-stream-reject-broken-ACK-packets.patch
diff --git a/package/suricata/0001-configure.ac-fix-static-build-with-pcap.patch b/package/suricata/0001-configure.ac-fix-static-build-with-pcap.patch
deleted file mode 100644
index 3312550620..0000000000
--- a/package/suricata/0001-configure.ac-fix-static-build-with-pcap.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 2660123b0c16d7f6a49747711be676c4119561c9 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Wed, 24 Apr 2019 20:35:20 +0200
-Subject: [PATCH] configure.ac: fix static build with pcap
-
-pcap can depends on nl-3 so use pkg-config to find these dependencies
-otherwise all AC_CHECK_LIB calls will fail when building statically
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: not sent yet]
----
- configure.ac | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/configure.ac b/configure.ac
-index ee59c9d8e..5ec341231 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1331,6 +1331,7 @@
- AC_CHECK_HEADERS([pcap.h pcap/pcap.h pcap/bpf.h])
-
- LIBPCAP=""
-+ PKG_CHECK_MODULES([PCAP],libpcap,[CPPFLAGS="${CPPFLAGS} ${PCAP_CFLAGS}" LIBS="${LIBS} ${PCAP_LIBS}"],[])
- AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_open_live,, LIBPCAP="no")
- if test "$LIBPCAP" = "no"; then
- echo
---
-2.20.1
-
diff --git a/package/suricata/0003-python-ensure-proper-shabang-on-python-scripts.patch b/package/suricata/0001-python-ensure-proper-shabang-on-python-scripts.patch
similarity index 100%
rename from package/suricata/0003-python-ensure-proper-shabang-on-python-scripts.patch
rename to package/suricata/0001-python-ensure-proper-shabang-on-python-scripts.patch
diff --git a/package/suricata/0002-configure.ac-fix-disable-geoip.patch b/package/suricata/0002-configure.ac-fix-disable-geoip.patch
deleted file mode 100644
index 7dae57a875..0000000000
--- a/package/suricata/0002-configure.ac-fix-disable-geoip.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 4e8b006cdd30e43f3ab11296710170488fd5b5de Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Sun, 6 Oct 2019 09:53:23 +0200
-Subject: [PATCH] configure.ac: fix --disable-geoip
-
-$enableval should be used to know if the user has passed --enable-geoip
-or --disable-geoip
-
-Fixes:
- - http://autobuild.buildroot.org/results/a7a34f760ae5fe0922fdb720b8234dbcd85ed222
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Upstream status: https://github.com/OISF/suricata/pull/4278
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 3df576d54..fa671024d 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2143,7 +2143,7 @@
- # libmaxminddb
- AC_ARG_ENABLE(geoip,
- AS_HELP_STRING([--enable-geoip],[Enable GeoIP support]),
-- [ enable_geoip="yes"],
-+ [ enable_geoip="$enableval"],
- [ enable_geoip="no"])
- AC_ARG_ENABLE(libgeoip,
- AS_HELP_STRING([--disable-libgeoip], [Disable libgeoip support]),
---
-2.23.0
-
diff --git a/package/suricata/0004-stream-reject-broken-ACK-packets.patch b/package/suricata/0004-stream-reject-broken-ACK-packets.patch
deleted file mode 100644
index 9670d73158..0000000000
--- a/package/suricata/0004-stream-reject-broken-ACK-packets.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 1c63d3905852f746ccde7e2585600b2199cefb4b Mon Sep 17 00:00:00 2001
-From: Victor Julien <victor@inliniac.net>
-Date: Thu, 21 Nov 2019 16:10:21 +0100
-Subject: [PATCH] stream: reject broken ACK packets
-
-Fix evasion posibility by rejecting packets with a broken ACK field.
-These packets have a non-0 ACK field, but do not have a ACK flag set.
-
-Bug #3324.
-
-Reported-by: Nicolas Adba
-(cherry picked from commit fa692df37a796c3330c81988d15ef1a219afc006)
-[Retrieved from:
-https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- src/stream-tcp.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/stream-tcp.c b/src/stream-tcp.c
-index 35e489acba..8653d670c6 100644
---- a/src/stream-tcp.c
-+++ b/src/stream-tcp.c
-@@ -4759,6 +4759,7 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
- /* broken TCP http://ask.wireshark.org/questions/3183/acknowledgment-number-broken-tcp-the-acknowledge-field-is-nonzero-while-the-ack-flag-is-not-set */
- if (!(p->tcph->th_flags & TH_ACK) && TCP_GET_ACK(p) != 0) {
- StreamTcpSetEvent(p, STREAM_PKT_BROKEN_ACK);
-+ goto error;
- }
-
- /* If we are on IPS mode, and got a drop action triggered from
-@@ -6883,7 +6884,7 @@ static int StreamTcpTest10 (void)
-
- tcph.th_win = htons(5480);
- tcph.th_seq = htonl(10);
-- tcph.th_ack = htonl(11);
-+ tcph.th_ack = 0;
- tcph.th_flags = TH_SYN;
- p->tcph = &tcph;
-
diff --git a/package/suricata/suricata.hash b/package/suricata/suricata.hash
index dc52999a9d..05e3593c3b 100644
--- a/package/suricata/suricata.hash
+++ b/package/suricata/suricata.hash
@@ -1,6 +1,6 @@
# Locally computed:
-sha256 cee5f6535cd7fe63fddceab62eb3bc66a63fc464466c88ec7a41b7a1331ac74b suricata-4.1.5.tar.gz
+sha256 c8a83a05f57cedc0ef81d833ddcfdbbfdcdb6f459a91b1b15dc2d5671f1aecbb suricata-4.1.8.tar.gz
# Hash for license files:
-sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
-sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 LICENSE
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 LICENSE
diff --git a/package/suricata/suricata.mk b/package/suricata/suricata.mk
index 48a6205eed..8dd23bf2f5 100644
--- a/package/suricata/suricata.mk
+++ b/package/suricata/suricata.mk
@@ -4,16 +4,13 @@
#
################################################################################
-SURICATA_VERSION = 4.1.5
+SURICATA_VERSION = 4.1.8
SURICATA_SITE = https://www.openinfosecfoundation.org/download
SURICATA_LICENSE = GPL-2.0
SURICATA_LICENSE_FILES = COPYING LICENSE
-# We're patching configure.ac
+# We're patching python/Makefile.am
SURICATA_AUTORECONF = YES
-# 0004-stream-reject-broken-ACK-packets.patch
-SURICATA_IGNORE_CVES += CVE-2019-18792
-
SURICATA_DEPENDENCIES = \
host-pkgconf \
$(if $(BR2_PACKAGE_JANSSON),jansson) \
--
2.26.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.33
2020-04-30 19:42 [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.33 Fabrice Fontaine
2020-04-30 19:42 ` [Buildroot] [PATCH 2/2] package/suricata: security bump to version 4.1.8 Fabrice Fontaine
@ 2020-05-01 10:00 ` Yann E. MORIN
2020-05-10 18:26 ` Peter Korsgaard
2 siblings, 0 replies; 5+ messages in thread
From: Yann E. MORIN @ 2020-05-01 10:00 UTC (permalink / raw)
To: buildroot
Fabrice, All,
On 2020-04-30 21:42 +0200, Fabrice Fontaine spake thusly:
> - ChangeLog:
> - compression bomb protection
> - memory handling issue found by Oss-Fuzz
> - improve handling of anomalies in traffic
> - Drop first patch (already in version)
> - Update indentation of hash file (two spaces)
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Both patches applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> .../0001-fix-build-without-GNU-libiconv.patch | 60 -------------------
> ...01-htp.pc.in-add-lz-to-Libs.private.patch} | 2 +-
> package/libhtp/libhtp.hash | 4 +-
> package/libhtp/libhtp.mk | 2 +-
> 4 files changed, 4 insertions(+), 64 deletions(-)
> delete mode 100644 package/libhtp/0001-fix-build-without-GNU-libiconv.patch
> rename package/libhtp/{0002-htp.pc.in-add-lz-to-Libs.private.patch => 0001-htp.pc.in-add-lz-to-Libs.private.patch} (93%)
>
> diff --git a/package/libhtp/0001-fix-build-without-GNU-libiconv.patch b/package/libhtp/0001-fix-build-without-GNU-libiconv.patch
> deleted file mode 100644
> index 8f6cddf2da..0000000000
> --- a/package/libhtp/0001-fix-build-without-GNU-libiconv.patch
> +++ /dev/null
> @@ -1,60 +0,0 @@
> -From 1531a8e9b91b567979a2a0d7fd6a4c2e9126b01c Mon Sep 17 00:00:00 2001
> -From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> -Date: Wed, 6 Mar 2019 23:06:54 +0100
> -Subject: [PATCH] fix build without GNU libiconv
> -
> -iconvctl is only defined in GNU libiconv so check for the availability
> -of this function before using it
> -
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> -[Upstream status: https://github.com/OISF/libhtp/pull/193]
> ----
> - configure.ac | 18 ++++++++++++++++++
> - htp/htp_transcoder.c | 2 +-
> - 2 files changed, 19 insertions(+), 1 deletion(-)
> -
> -diff --git a/configure.ac b/configure.ac
> -index 7f0a58d..388ec7b 100644
> ---- a/configure.ac
> -+++ b/configure.ac
> -@@ -155,6 +155,24 @@ sinclude(m4/lib-link.m4)
> - sinclude(m4/lib-prefix.m4)
> - AM_ICONV
> -
> -+# iconvctl is not standard, it is defined only in GNU libiconv
> -+AC_MSG_CHECKING(for iconvctl)
> -+TMPLIBS="${LIBS}"
> -+LIBS="${LIBS} ${LIBICONV}"
> -+
> -+AC_TRY_LINK([#include <stdlib.h>
> -+ #include <iconv.h>],
> -+ [int iconv_param = 0;
> -+ iconv_t cd = iconv_open("","");
> -+ iconvctl(cd, ICONV_SET_DISCARD_ILSEQ, &iconv_param);
> -+ iconv_close(cd);],
> -+ [ac_cv_func_iconvctl=yes])
> -+AC_MSG_RESULT($ac_cv_func_iconvctl)
> -+if test "$ac_cv_func_iconvctl" == yes; then
> -+ AC_DEFINE(HAVE_ICONVCTL,1,"Define to 1 if you have the `iconvctl' function.")
> -+fi
> -+LIBS="${TMPLIBS}"
> -+
> - dnl -----------------------------------------------
> - dnl Check and enable the GCC opts we want to use.
> - dnl We may need to add more checks
> -diff --git a/htp/htp_transcoder.c b/htp/htp_transcoder.c
> -index 57ff74c..d8e8280 100644
> ---- a/htp/htp_transcoder.c
> -+++ b/htp/htp_transcoder.c
> -@@ -64,7 +64,7 @@ int htp_transcode_params(htp_connp_t *connp, htp_table_t **params, int destroy_o
> - return HTP_ERROR;
> - }
> -
> -- #if (_LIBICONV_VERSION >= 0x0108)
> -+ #if (_LIBICONV_VERSION >= 0x0108 && HAVE_ICONVCTL)
> - int iconv_param = 0;
> - iconvctl(cd, ICONV_SET_TRANSLITERATE, &iconv_param);
> - iconv_param = 1;
> ---
> -2.14.1
> -
> diff --git a/package/libhtp/0002-htp.pc.in-add-lz-to-Libs.private.patch b/package/libhtp/0001-htp.pc.in-add-lz-to-Libs.private.patch
> similarity index 93%
> rename from package/libhtp/0002-htp.pc.in-add-lz-to-Libs.private.patch
> rename to package/libhtp/0001-htp.pc.in-add-lz-to-Libs.private.patch
> index f79a9ebb3a..b21ea6053a 100644
> --- a/package/libhtp/0002-htp.pc.in-add-lz-to-Libs.private.patch
> +++ b/package/libhtp/0001-htp.pc.in-add-lz-to-Libs.private.patch
> @@ -7,7 +7,7 @@ zlib is a mandatory dependency so add it to Libs.private otherwise
> static linking of packages linking with htp (e.g. suricata) will fail.
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> -[Upstream status: not sent yet]
> +[Upstream status: https://github.com/OISF/libhtp/pull/294]
> ---
> htp.pc.in | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> diff --git a/package/libhtp/libhtp.hash b/package/libhtp/libhtp.hash
> index b3775c3ad3..765acd5bf9 100644
> --- a/package/libhtp/libhtp.hash
> +++ b/package/libhtp/libhtp.hash
> @@ -1,3 +1,3 @@
> # Locally computed:
> -sha256 a6a6f3b3f1fb6e8b8a1dae02db8a0090c438f0d057102dd8e52208224868c4e4 libhtp-0.5.32.tar.gz
> -sha256 87c93904e5434c81622ea690c2b90097b9f162aaa92a96542649a157dbf98d15 LICENSE
> +sha256 953651fdfe828805bb82dc1aa8b56187b0e2f80781727343e68ccf8afd6a9122 libhtp-0.5.33.tar.gz
> +sha256 87c93904e5434c81622ea690c2b90097b9f162aaa92a96542649a157dbf98d15 LICENSE
> diff --git a/package/libhtp/libhtp.mk b/package/libhtp/libhtp.mk
> index 577b700953..b77d8715f9 100644
> --- a/package/libhtp/libhtp.mk
> +++ b/package/libhtp/libhtp.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LIBHTP_VERSION = 0.5.32
> +LIBHTP_VERSION = 0.5.33
> LIBHTP_SITE = $(call github,OISF,libhtp,$(LIBHTP_VERSION))
> LIBHTP_LICENSE = BSD-3-Clause
> LIBHTP_LICENSE_FILES = LICENSE
> --
> 2.26.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.33
2020-04-30 19:42 [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.33 Fabrice Fontaine
2020-04-30 19:42 ` [Buildroot] [PATCH 2/2] package/suricata: security bump to version 4.1.8 Fabrice Fontaine
2020-05-01 10:00 ` [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.33 Yann E. MORIN
@ 2020-05-10 18:26 ` Peter Korsgaard
2 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2020-05-10 18:26 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - ChangeLog:
> - compression bomb protection
> - memory handling issue found by Oss-Fuzz
> - improve handling of anomalies in traffic
> - Drop first patch (already in version)
> - Update indentation of hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2020.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 2/2] package/suricata: security bump to version 4.1.8
2020-04-30 19:42 ` [Buildroot] [PATCH 2/2] package/suricata: security bump to version 4.1.8 Fabrice Fontaine
@ 2020-05-10 18:27 ` Peter Korsgaard
0 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2020-05-10 18:27 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - This is the first release after Suricata joined the Oss-Fuzz program,
> leading to discovery of a number of (potential) security issues:
> https://suricata-ids.org/2020/04/28/suricata-4-1-8-released
> - Drop first, second and fourth patches (already in version)
> - Update indentation of hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2020.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-05-10 18:27 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-30 19:42 [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.33 Fabrice Fontaine
2020-04-30 19:42 ` [Buildroot] [PATCH 2/2] package/suricata: security bump to version 4.1.8 Fabrice Fontaine
2020-05-10 18:27 ` Peter Korsgaard
2020-05-01 10:00 ` [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.33 Yann E. MORIN
2020-05-10 18:26 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.