mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 02:16:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #590 from dm0-/glsa

Browse Source 
Fix GLSAs
This commit is contained in:
David Michael 2017-10-23 17:03:16 -07:00 committed by GitHub
commit 992fe6682f
13 changed files with 673 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sdk_container/src/third_party/portage-stable/dev-libs/libpcre/Manifest vendored
View File

@ -1,8 +1,2 @@
AUX libpcre-8.40-jit-else.patch 2149 SHA256 a6fb7e204a0a33c12c89983f57f8548998b52137f7964a809c5b6031e37d6829 SHA512 d1d8e7c689402bad4ac26785e1a642978a6e76f83f69d4df251fb7b88108106292f73a43c6f476c226a45ccfab008283f269128e3631930b0f5490b2f46e3b48 WHIRLPOOL 35a3593928463bc3fb8c3c51cb110547fbd55be894d968b0569afcac17a5f268d2347be187d267c58f302f60aa7a00df80d72524a99cb8c6b4491b0a7725e9c2
AUX libpcre-8.40-pcregrep-multiline-1.patch 2688 SHA256 6bc091de8df6715c9cdea6b65d3050112b032915e24e12d5d440434b11d4032a SHA512 c7095a8034db6896c1457e7950a15c00ffd7c08dc29f07ca83e46db63209d42c87e808f328bd2eaaaed0fe4038575629b8e64fa77b4c249ca938fc83415bbe28 WHIRLPOOL 87ae705b53a3227f297cec1036301be32687c02c8b44131b62994663fb2cf2cc0c92c1968627f1238f1985a92a660ccebacc0eda4e05ac315a4672c5b89ab3fa
AUX libpcre-8.40-pcregrep-multiline-2.patch 803 SHA256 01d27d72071e1fc5e90db5da2795b61b19e519097200b891979b02a63222b5ed SHA512 aae538dcf871618d00e9994ab1fd973f491075fc852c45aedd6e99ffd6726aabc9f93fff3e5aebbc1869fd2dd85d6d24f0eded075df857991b0457ca797a25fd WHIRLPOOL 7dc104231878dad7a51a2d0fd95711002780a6c6190af15facda78595ac93befeb0f63c02315a1c528dd2aac7ef17727a5fed0af0fe996f6a0158ea380ffd0e4
DIST pcre-8.40.tar.bz2 1560119 SHA256 00e27a29ead4267e3de8111fcaa59b132d0533cdfdbdddf4b0604279acbcf4f4 SHA512 b4c27eafbdf33bd7a1384655b1936f4be3bc6745c072347eb26e988896c52664bd85ac42444da1be78b6e20f45b6c7e5921f5f20f5b0741b5bd3d9844e5bd4e2 WHIRLPOOL 6711688972b3db4b98902d548b84e8b03b61c3a12d24a4e42fc49ddc5e2b4be51f98f91873166e550866e88b6cd55092ea27704a3b7e71d58a2af21148ad3340
EBUILD libpcre-8.40-r1.ebuild 2849 SHA256 71b6ae4b11f222072bf9776f4e701cd17e7819b82ce58d62c65a6380fa87f364 SHA512 b6969ee98be6c15c5e698a03c78956159f147a08fa9646711e75122ebae03df3e154d8a394a033a70ac2d5658b02b67626396433993639491b8753cc03fdd02f WHIRLPOOL 99012339d40a2857e83602e58b7b23f89d9385537df57a84b9ff38492ea443d48445d1151c9a442debee19e3fcfda14ae66ac11c50c702640ef18afc05dc8252
MISC ChangeLog 9358 SHA256 6d71cdef5ca28f5d0c3af958daa73122d374a64088bf960961f9eec235572595 SHA512 ad1c6ff26e6198bda9f8c5d31d03a5337b0bd7c620f564b31b98117982d12677426ec4d703325028c44ea371dc15c3b2530d0c91ccd9e8b40b5710761a2e7ef0 WHIRLPOOL c8f1726ad29d83ee380eeeaae0a385a7de8db1e99751357bbf59dcf0af751e4f6ddb8f88d836dda0d0d6e132ef4db126fa3e64610491ceadce550b3017b2ee5d
MISC ChangeLog-2015 35335 SHA256 dfdfc43bcff86898d74db532baf46e6d88c70a3e62e82ceab69c285934f802b5 SHA512 94411b185f75967d240777124272d04b13f3cb3e43de6f751baa9944e07086f9fa2972e4854514fb39f85d69422a07fd1ee1cc7fc587dacf54b777bdf68439ea WHIRLPOOL ec71b8c06e85b5ec0a4040def4447e6aa2589bbaf9bd4b5d7479a2b968357a2b5c4a30e7c2739bd1b4607e074cdc9d15e0f730ed1a69cb936d514056d53578e0
MISC metadata.xml 1112 SHA256 fa2a7f9e7f1ee1c432907cbc5cc0dd23f9636b5f4c51836dbcdbf24f72975c2a SHA512 eb7e2db9932c108442e69bd3ddf04d8d753dede44f7453b1fa33730ec9cda89e618f4444a0adf3f9e7d09baf8c97ff19831906ad7148a26674269f1efd427e6b WHIRLPOOL 7b675f34fbd1f58f42d7ad5c4e39e1d80922474624047165b30d85ecdbbffd1246d68b0dad4d7553c0d2fc900249e3425fc04f9b3821f189b30ebb2d2615dbad
DIST pcre-8.41.tar.bz2 1561874 SHA256 e62c7eac5ae7c0e7286db61ff82912e1c0b7a0c13706616e94a7dd729321b530 SHA512 cc9cdbeb98c010fe4f093a019bebfb91965dae4c6a48f8e49c38ec8df7d9da7f0d32c12fc58f22c51f1c2f010e72b65bcbf8bbf180060e93edf464fa9a7c3551 WHIRLPOOL 24d891c4f6580af20aa07a166038a2bacb52cdb305987f8b91b2fecae65e7b5277d3ef0b26ddbb3a33fd34794e6340e77df6a321e770b3aca4393d1ed144cf64

15
sdk_container/src/third_party/portage-stable/dev-libs/libpcre/files/libpcre-8.41-sljit_mips-label-statement-fix.patch vendored Normal file
View File

@ -0,0 +1,15 @@
diff -Naurp pcre-8.41.orig/sljit/sljitNativeMIPS_common.c pcre-8.41/sljit/sljitNativeMIPS_common.c
--- pcre-8.41.orig/sljit/sljitNativeMIPS_common.c 2017-05-07 11:32:25.000000000 -0400
+++ pcre-8.41/sljit/sljitNativeMIPS_common.c 2017-07-29 17:50:24.508909742 -0400
@@ -503,9 +503,11 @@ SLJIT_API_FUNC_ATTRIBUTE sljit_s32 sljit
#ifdef SLJIT_IS_FPU_AVAILABLE
return SLJIT_IS_FPU_AVAILABLE;
#elif defined(__GNUC__)
+ {
sljit_sw fir;
asm ("cfc1 %0, $0" : "=r"(fir));
return (fir >> 22) & 0x1;
+ }
#else
#error "FIR check is not implemented for this architecture"
#endif

103
sdk_container/src/third_party/portage-stable/dev-libs/libpcre/libpcre-8.41.ebuild vendored Normal file
View File

@ -0,0 +1,103 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=5
inherit eutils multilib libtool flag-o-matic toolchain-funcs multilib-minimal
DESCRIPTION="Perl-compatible regular expression library"
HOMEPAGE="http://www.pcre.org/"
MY_P="pcre-${PV/_rc/-RC}"
if [[ ${PV} != *_rc* ]] ; then
# Only the final releases are available here.
SRC_URI="mirror://sourceforge/pcre/${MY_P}.tar.bz2
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${MY_P}.tar.bz2"
else
SRC_URI="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Testing/${MY_P}.tar.bz2"
fi
LICENSE="BSD"
SLOT="3"
KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="bzip2 +cxx +jit libedit pcre16 pcre32 +readline +recursion-limit static-libs unicode zlib"
REQUIRED_USE="readline? ( !libedit )
libedit? ( !readline )"
RDEPEND="
bzip2? ( app-arch/bzip2 )
zlib? ( sys-libs/zlib )
libedit? ( dev-libs/libedit )
readline? ( sys-libs/readline:0= )
"
DEPEND="
${RDEPEND}
virtual/pkgconfig
"
RDEPEND="
${RDEPEND}
abi_x86_32? (
!<=app-emulation/emul-linux-x86-baselibs-20131008-r2
!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
)
"
S="${WORKDIR}/${MY_P}"
MULTILIB_CHOST_TOOLS=(
/usr/bin/pcre-config
)
PATCHES=(
"${FILESDIR}"/${PN}-8.41-sljit_mips-label-statement-fix.patch
)
src_prepare() {
epatch "${PATCHES[@]}"
sed -i -e "s:-lpcre ::" libpcrecpp.pc.in || die
elibtoolize
}
multilib_src_configure() {
local myeconfargs=(
--with-match-limit-recursion=$(usex recursion-limit 8192 MATCH_LIMIT)
$(multilib_native_use_enable bzip2 pcregrep-libbz2)
$(use_enable cxx cpp)
$(use_enable jit) $(use_enable jit pcregrep-jit)
$(use_enable pcre16)
$(use_enable pcre32)
$(multilib_native_use_enable libedit pcretest-libedit)
$(multilib_native_use_enable readline pcretest-libreadline)
$(use_enable static-libs static)
$(use_enable unicode utf) $(use_enable unicode unicode-properties)
$(multilib_native_use_enable zlib pcregrep-libz)
--enable-pcre8
--enable-shared
--htmldir="${EPREFIX}"/usr/share/doc/${PF}/html
--docdir="${EPREFIX}"/usr/share/doc/${PF}
)
ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
}
multilib_src_compile() {
emake V=1 $(multilib_is_native_abi || echo "bin_PROGRAMS=")
}
multilib_src_install() {
emake \
DESTDIR="${D}" \
$(multilib_is_native_abi || echo "bin_PROGRAMS= dist_html_DATA=") \
install
gen_usr_ldscript -a pcre
}
multilib_src_install_all() {
prune_libtool_files
}
pkg_preinst() {
preserve_old_lib /$(get_libdir)/libpcre.so.0
}
pkg_postinst() {
preserve_old_lib_notify /$(get_libdir)/libpcre.so.0
}

50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-21.xml vendored Normal file
View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201710-21">
<title>Kodi: Arbitrary code execution </title>
<synopsis>An integer overflow vulnerability in Kodi could result in remote
execution of arbitrary code.
</synopsis>
<product type="ebuild">kodi</product>
<announced>2017-10-22</announced>
<revised>2017-10-22: 1</revised>
<bug>622384</bug>
<access>remote</access>
<affected>
<package name="media-tv/kodi" auto="yes" arch="*">
<unaffected range="ge">17.3-r1</unaffected>
<vulnerable range="lt">17.3-r1</vulnerable>
</package>
</affected>
<background>
<p>Kodi is a free and open source media-center and entertainment hub
previously known as XBMC.
</p>
</background>
<description>
<p>Kodi is vulnerable due to shipping with an embedded version of UnRAR.
Please review the referenced CVE identifier for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by enticing a user to process a specifically crafted
RAR file, could execute arbitrary code.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Kodi users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-tv/kodi-17.3-r1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2012-6706">CVE-2012-6706</uri>
</references>
<metadata tag="requester" timestamp="2017-10-18T03:54:48Z">jmbailey</metadata>
<metadata tag="submitter" timestamp="2017-10-22T00:24:12Z">jmbailey</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-22.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201710-22">
<title>Adobe Flash Player: Remote execution of arbitrary code</title>
<synopsis>A vulnerability in Adobe Flash Player might allow remote attackers
to execute arbitrary code.
</synopsis>
<product type="ebuild">adobeflash</product>
<announced>2017-10-22</announced>
<revised>2017-10-22: 1</revised>
<bug>634456</bug>
<access>remote</access>
<affected>
<package name="www-plugins/adobe-flash" auto="yes" arch="*">
<unaffected range="ge">27.0.0.170</unaffected>
<vulnerable range="lt">27.0.0.170</vulnerable>
</package>
</affected>
<background>
<p>The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
</p>
</background>
<description>
<p>A critical type confusion vulnerability was discovered in Adobe Flash
Player.
</p>
</description>
<impact type="normal">
<p>A remote attacker could execute arbitrary code.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Adobe Flash Player users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-plugins/adobe-flash-27.0.0.170"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11292">
CVE-2017-11292
</uri>
</references>
<metadata tag="requester" timestamp="2017-10-16T21:42:03Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-10-22T00:27:40Z">b-man</metadata>
</glsa>

55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-23.xml vendored Normal file
View File

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201710-23">
<title>Go: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Go, the worst of which
may result in the execution of arbitrary commands.
</synopsis>
<product type="ebuild">go</product>
<announced>2017-10-23</announced>
<revised>2017-10-23: 1</revised>
<bug>632408</bug>
<access>remote</access>
<affected>
<package name="dev-lang/go" auto="yes" arch="*">
<unaffected range="ge">1.9.1</unaffected>
<vulnerable range="lt">1.9.1</vulnerable>
</package>
</affected>
<background>
<p>Go is an open source programming language that makes it easy to build
simple, reliable, and efficient software.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Go. Please review the
references below for details.
</p>
</description>
<impact type="normal">
<p>Remote attackers could execute arbitrary Go commands or conduct a man in
the middle attack.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Go users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/go-1.9.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15041">
CVE-2017-15041
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15042">
CVE-2017-15042
</uri>
</references>
<metadata tag="requester" timestamp="2017-10-16T22:06:50Z">chrisadr</metadata>
<metadata tag="submitter" timestamp="2017-10-23T01:03:41Z">b-man</metadata>
</glsa>

131
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-24.xml vendored Normal file
View File

@ -0,0 +1,131 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201710-24">
<title>Chromium, Google Chrome: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Chromium and Google
Chrome, the worst of which could result in the execution of arbitrary code.
</synopsis>
<product type="ebuild">chromium,chrome</product>
<announced>2017-10-23</announced>
<revised>2017-10-23: 1</revised>
<bug>634664</bug>
<access>remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">62.0.3202.62</unaffected>
<vulnerable range="lt">62.0.3202.62</vulnerable>
</package>
<package name="www-client/google-chrome" auto="yes" arch="*">
<unaffected range="ge">62.0.3202.62</unaffected>
<vulnerable range="lt">62.0.3202.62</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
</p>
<p>Google Chrome is one fast, simple, and secure browser for all your
devices
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the referenced CVE identifiers and Google Chrome
Releases for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, bypass
content security controls, or conduct URL spoofing.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/chromium-62.0.3202.62"
</code>
<p>All Google Chrome users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/google-chrome-62.0.3202.62"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15386">
CVE-2017-15386
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15387">
CVE-2017-15387
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15388">
CVE-2017-15388
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15389">
CVE-2017-15389
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15390">
CVE-2017-15390
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15391">
CVE-2017-15391
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15392">
CVE-2017-15392
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15393">
CVE-2017-15393
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15394">
CVE-2017-15394
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15395">
CVE-2017-15395
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5124">
CVE-2017-5124
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5125">
CVE-2017-5125
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5126">
CVE-2017-5126
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5127">
CVE-2017-5127
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5128">
CVE-2017-5128
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5129">
CVE-2017-5129
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5130">
CVE-2017-5130
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5131">
CVE-2017-5131
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5132">
CVE-2017-5132
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5133">
CVE-2017-5133
</uri>
<uri link="https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html">
Google Chrome Releases
</uri>
</references>
<metadata tag="requester" timestamp="2017-10-20T19:48:32Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-10-23T01:10:56Z">chrisadr</metadata>
</glsa>

69
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-25.xml vendored Normal file
View File

@ -0,0 +1,69 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201710-25">
<title>PCRE: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in the PCRE Library, the
worst of which may allow remote attackers to cause a Denial of Service
condition.
</synopsis>
<product type="ebuild">libpcre</product>
<announced>2017-10-23</announced>
<revised>2017-10-23: 1</revised>
<bug>614048</bug>
<bug>614052</bug>
<bug>614054</bug>
<access>remote</access>
<affected>
<package name="dev-libs/libpcre" auto="yes" arch="*">
<unaffected range="ge">8.41</unaffected>
<vulnerable range="lt">8.41</vulnerable>
</package>
</affected>
<background>
<p>The PCRE Library provides functions for Perl-compatible regular
expressions.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in The PCRE Library.
Please review the references below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly cause a Denial of Service condition or
other unspecified impacts via a specially crafted file.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All PCRE users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre-8.41"
</code>
<p>Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying some of these packages.
</p>
</resolution>
<references>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7186">
CVE-2017-7186
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7244">
CVE-2017-7244
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7245">
CVE-2017-7245
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7246">
CVE-2017-7246
</uri>
</references>
<metadata tag="requester" timestamp="2017-10-18T23:44:30Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-10-23T01:19:24Z">chrisadr</metadata>
</glsa>

114
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-26.xml vendored Normal file
View File

@ -0,0 +1,114 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201710-26">
<title>OpenJPEG: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in OpenJPEG, the worst of
which may allow remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">openjpeg</product>
<announced>2017-10-23</announced>
<revised>2017-10-23: 1</revised>
<bug>602180</bug>
<bug>606618</bug>
<bug>628504</bug>
<bug>629372</bug>
<bug>629668</bug>
<bug>630120</bug>
<access>remote</access>
<affected>
<package name="media-libs/openjpeg" auto="yes" arch="*">
<unaffected range="ge" slot="2">2.3.0</unaffected>
<vulnerable range="lt" slot="2">2.3.0</vulnerable>
</package>
</affected>
<background>
<p>OpenJPEG is an open-source JPEG 2000 library.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenJPEG. Please review
the references below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, via a crafted BMP, PDF, or j2k document, could
execute arbitrary code, cause a Denial of Service condition, or have
other unspecified impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenJPEG users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-libs/openjpeg-2.3.0:2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10504">
CVE-2016-10504
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10505">
CVE-2016-10505
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10506">
CVE-2016-10506
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10507">
CVE-2016-10507
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626">
CVE-2016-1626
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628">
CVE-2016-1628
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9112">
CVE-2016-9112
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9113">
CVE-2016-9113
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9114">
CVE-2016-9114
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9115">
CVE-2016-9115
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9116">
CVE-2016-9116
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9117">
CVE-2016-9117
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9118">
CVE-2016-9118
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9572">
CVE-2016-9572
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9573">
CVE-2016-9573
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9580">
CVE-2016-9580
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9581">
CVE-2016-9581
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12982">
CVE-2017-12982
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14039">
CVE-2017-14039
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14164">
CVE-2017-14164
</uri>
</references>
<metadata tag="requester" timestamp="2017-10-22T00:00:11Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-10-23T01:39:09Z">chrisadr</metadata>
</glsa>

68
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-27.xml vendored Normal file
View File

@ -0,0 +1,68 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201710-27">
<title>Dnsmasq: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Dnsmasq, the worst of
which may allow remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">dnsmasq</product>
<announced>2017-10-23</announced>
<revised>2017-10-23: 1</revised>
<bug>632692</bug>
<access>remote</access>
<affected>
<package name="net-dns/dnsmasq" auto="yes" arch="*">
<unaffected range="ge">2.78</unaffected>
<vulnerable range="lt">2.78</vulnerable>
</package>
</affected>
<background>
<p>Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP
server.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Dnsmasq. Please review
the references below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could execute arbitrary code or cause a Denial of
Service condition via crafted DNS, IPv6, or DHCPv6 packets.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Dnsmasq users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-dns/dnsmasq-2.78"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491">
CVE-2017-14491
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492">
CVE-2017-14492
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493">
CVE-2017-14493
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494">
CVE-2017-14494
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495">
CVE-2017-14495
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496">
CVE-2017-14496
</uri>
</references>
<metadata tag="requester" timestamp="2017-10-22T23:49:34Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-10-23T01:46:04Z">chrisadr</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Wed, 18 Oct 2017 18:39:05 +0000
Mon, 23 Oct 2017 17:39:28 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
8c9b32528b910251b1fe3992838c97ba223db5d7 1508289507 2017-10-18T01:18:27+00:00
3c64211d24fa5a633310d841c0bd5cddc991cc02 1508723227 2017-10-23T01:47:07+00:00

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/libpcre-8.41 vendored Normal file
View File

@ -0,0 +1,14 @@
DEFINED_PHASES=compile configure install postinst preinst prepare test
DEPEND=bzip2? ( app-arch/bzip2 ) zlib? ( sys-libs/zlib ) libedit? ( dev-libs/libedit ) readline? ( sys-libs/readline:0= ) virtual/pkgconfig >=app-portage/elt-patches-20170317
DESCRIPTION=Perl-compatible regular expression library
EAPI=5
HOMEPAGE=http://www.pcre.org/
IUSE=bzip2 +cxx +jit libedit pcre16 pcre32 +readline +recursion-limit static-libs unicode zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
KEYWORDS=alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris
LICENSE=BSD
RDEPEND=bzip2? ( app-arch/bzip2 ) zlib? ( sys-libs/zlib ) libedit? ( dev-libs/libedit ) readline? ( sys-libs/readline:0= ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20131008-r2 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )
REQUIRED_USE=readline? ( !libedit ) libedit? ( !readline )
SLOT=3
SRC_URI=mirror://sourceforge/pcre/pcre-8.41.tar.bz2 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.41.tar.bz2
_eclasses_=epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 9c113d6a64826c40154cad7be15d95ea flag-o-matic 61cad4fb5d800b29d484b27cb033f59b libtool e32ea84bf82cf8987965b574672dba93 ltprune 2770eed66a9b8ef944714cd0e968182e multibuild 72647e255187a1fadc81097b3657e5c3 multilib 97f470f374f2e94ccab04a2fb21d811e multilib-build eed53a6313267c9fbcd35fc384bd0087 multilib-minimal 9139c3a57e077cb8e0d0f73ceb080b89 toolchain-funcs 8fec6b1eb195836560e70b66d98fb163
_md5_=bde35f1dcc4a5e53f04a823647821fad