projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dc66d2d) | patch
package/rpm: security bump to version 4.16.1.3
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Fri, 2 Apr 2021 19:33:43 +0000 (21:33 +0200)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sat, 3 Apr 2021 07:09:55 +0000 (09:09 +0200)
commit768152e2a61e629055f3f6e729782ad4d6e24397
tree4b90cd3aee7adc8e65048bb1869edd3abaf5aa83tree
parentdc66d2d2a8648821754190d2bb35c3f23af2ac5bcommit | diff
package/rpm: security bump to version 4.16.1.3

- Fix arbitrary data copied from signature header past signature
  checking (CVE-2021-3421)
- Fix signature check bypass with corrupted package (CVE-2021-20271)
- Fix missing bounds checks in headerImport() and headerCheck()
  (CVE-2021-20266)
- Fix missing sanity checks on header entry count and region data
  overlap
- Fix access past end of header if the last entry is string type
- Fix unsafe headerCopyLoad() still used in codebase

Drop all patches (already in version)

https://rpm.org/wiki/Releases/4.16.1.3.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/rpm/0001-lib-rpmdb-c-include-fcntl-h-for-O_.patch [deleted file] blob | history
package/rpm/0002-lib-rpmrc.c-include-fcntl.h-for-O_.patch [deleted file] blob | history
package/rpm/0003-Check-for-OpenMP-version-at-configure-time.patch [deleted file] blob | history
package/rpm/0004-configure-ac-fix-cross-compilation.patch [deleted file] blob | history
package/rpm/0005-Really-disable-OpenMP-if-too-old.patch [deleted file] blob | history
package/rpm/rpm.hash diff | blob | history
package/rpm/rpm.mk diff | blob | history