flatcar-scripts

mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 10:27:00 +02:00

History

Dongsu Park 9084674ac6 dev-util/bsdiff: sync with Gentoo Before applying Flatcar patches to bsdiff, sync with upstream Gentoo, so the ebuilds could make use of EAPI=7. Also drop third-party patches, to be able to start from scratch. Doing that we can fix [CVE-2014-9862](https://nvd.nist.gov/vuln/detail/CVE-2014-9862), integer signedness error in bspatch.c. With the vulnerability, remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file. Since Gentoo already has the third-party patch, we can simply make use of it. See also https://bugs.gentoo.org/701848 , https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4d7646f1d69 .	2020-12-04 14:21:52 +01:00
..
src/third_party/coreos-overlay	dev-util/bsdiff: sync with Gentoo	2020-12-04 14:21:52 +01:00

Dongsu Park 9084674ac6 dev-util/bsdiff: sync with Gentoo

Before applying Flatcar patches to bsdiff, sync with upstream Gentoo,
so the ebuilds could make use of EAPI=7.
Also drop third-party patches, to be able to start from scratch.

Doing that we can fix [CVE-2014-9862](https://nvd.nist.gov/vuln/detail/CVE-2014-9862),
integer signedness error in bspatch.c. With the vulnerability, remote
attackers to execute arbitrary code or cause a denial of service
(heap-based buffer overflow) via a crafted patch file.
Since Gentoo already has the third-party patch, we can simply make
use of it.

See also https://bugs.gentoo.org/701848 ,
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4d7646f1d69 .

2020-12-04 14:21:52 +01:00

src/third_party/coreos-overlay

dev-util/bsdiff: sync with Gentoo

2020-12-04 14:21:52 +01:00