summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2021-02-19[CVE-2020-8169] Remove information disclosure vulnerabilitytizen_6.5.m2_releasesubmit/tizen_base/20210222.013010submit/tizen_6.5_base/20211027.200501submit/tizen_6.5_base/20211027.183101submit/tizen_6.5_base/20211026.180901accepted/tizen/base/tool/20210302.233531accepted/tizen/6.5/base/tool/20211027.112339accepted/tizen/6.5/base/20230714.002437tizen_6.5_basesandbox/backup/cmake-3.16.4-20211013accepted/tizen_6.5_base_toolaccepted/tizen_6.5_baseJinWang An1-2/+4
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). Change-Id: I87a5d5ab358f3b42e9c85c4509f586e420ddfeba Signed-off-by: JinWang An <jinwang.an@samsung.com>
2021-02-19[CVE-2019-5482] Heap buffer overflow in the TFTP protocol handler in cURL ↵JinWang An1-3/+9
7.19.4 to 7.65.3 Change-Id: I42c50d480d494d23af5f6e3419744eb1028708de Signed-off-by: JinWang An <jinwang.an@samsung.com>
2021-02-19[CVE-2019-5481] Fix Double-free vulnerabilityJinWang An1-4/+2
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Change-Id: I99c27c62c1b7d15c2579102d2aac6d5a9a0a3d43 Signed-off-by: JinWang An <jinwang.an@samsung.com>
2021-02-17[CVE-2020-8284] CURLOPT_FTP_SKIP_PASV_IP by defaultsubmit/tizen_base/20210218.080159accepted/tizen/base/tool/20210221.221015JinWang An2-0/+2
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. Change-Id: Ifb923106339f8d3e64ec171ef22ebab3ac3c6d8d Signed-off-by: JinWang An <jinwang.an@samsung.com>
2021-02-16[CVE-2016-9843] Avoid pre-decrement of pointer in big-endian CRC calculation.submit/tizen_base/20210217.030734JinWang An1-3/+1
There was a small optimization for PowerPCs to pre-increment a pointer when accessing a word, instead of post-incrementing. This required prefacing the loop with a decrement of the pointer, possibly pointing before the object passed. This is not compliant with the C standard, for which decrementing a pointer before its allocated memory is undefined. When tested on a modern PowerPC with a modern compiler, the optimization no longer has any effect. Due to all that, and per the recommendation of a security audit of the zlib code by Trail of Bits and TrustInSoft, in support of the Mozilla Foundation, this "optimization" was removed, in order to avoid the possibility of undefined behavior. Change-Id: Ia4213734d317c5f05dad0eed86587a5683426a33 Signed-off-by: JinWang An <jinwang.an@samsung.com>
2021-02-16[CVE-2016-9840] Remove offset pointer optimization in inftrees.c.JinWang An1-10/+8
inftrees.c was subtracting an offset from a pointer to an array, in order to provide a pointer that allowed indexing starting at the offset. This is not compliant with the C standard, for which the behavior of a pointer decremented before its allocated memory is undefined. Per the recommendation of a security audit of the zlib code by Trail of Bits and TrustInSoft, in support of the Mozilla Foundation, this tiny optimization was removed, in order to avoid the possibility of undefined behavior. Change-Id: I610af44babc621c89300789e9a32d2b037dfe196 Signed-off-by: JinWang An <jinwang.an@samsung.com>
2021-02-16[CVE-2016-9841] Use post-increment only in inffast.c.submit/tizen_base/20210216.053949JinWang An1-47/+28
An old inffast.c optimization turns out to not be optimal anymore with modern compilers, and furthermore was not compliant with the C standard, for which decrementing a pointer before its allocated memory is undefined. Per the recommendation of a security audit of the zlib code by Trail of Bits and TrustInSoft, in support of the Mozilla Foundation, this "optimization" was removed, in order to avoid the possibility of undefined behavior. Change-Id: Ic12de92b938e9e3d8856e6ff0cf50d55cb9488ef Signed-off-by: JinWang An <jinwang.an@samsung.com>
2020-12-09Merge old patch: Removed curl dependency by using cmake internal curlsubmit/tizen_base/20210107.120246submit/tizen_base/20210107.110433submit/tizen_base/20210107.015133accepted/tizen/base/tool/20210118.220019sandbox/wangbiao/cmake_3164biao716.wang4-78/+79
New: Add dependece with zstd, actually there exist internal zstd in cmake.Y Change-Id: I72753531d4c77db3d93f66bdaefcb9bde2f1b737 Signed-off-by: biao716.wang <biao716.wang@samsung.com>
2020-03-27recover with macros.cmake with 3.16.4biao716.wang3-76/+76
Change-Id: Ib03ad3e3807077b43ec60721727db7d4cf054c69 Signed-off-by: biao716.wang <biao716.wang@samsung.com>
2020-03-22change back to use orignal macros.cmakebiao716.wang3-52/+100
Change-Id: Ic2d290f7f6d2b65070b6e37adb908994453e3d96 Signed-off-by: biao716.wang <biao716.wang@samsung.com>
2020-03-18fix build error with 3.16.4 versionbiao716.wang4-17/+144
Change-Id: Ic0e3032869993efdc7c773f147010f0e0cd6c6d7 Signed-off-by: biao716.wang <biao716.wang@samsung.com>
2020-03-19Imported Upstream version 3.16.4upstream/3.16.4biao716.wang8489-151645/+345539
Change-Id: Ic5262ea6c0872b353ea2dc35fe1e944063ae8409 Signed-off-by: biao716.wang <biao716.wang@samsung.com>
2020-01-08Add tinfo to link flagstizen_6.0.m2_releasesubmit/tizen_base/20200109.181300submit/tizen_base/20200109.180000submit/tizen_6.0_base_hotfix/20201102.162701submit/tizen_6.0_base_hotfix/20201030.192501submit/tizen_6.0_base/20201029.184801accepted/tizen/base/20200113.070339accepted/tizen/6.0/base/tool/hotfix/20201102.085847accepted/tizen/6.0/base/tool/hotfix/20201030.124717accepted/tizen/6.0/base/tool/20201029.111859accepted/tizen/6.0/base/20230713.142808accepted/tizen/6.0/base/20201029.110328tizen_6.0_base_hotfixtizen_6.0_baseaccepted/tizen_6.0_base_tool_hotfixaccepted/tizen_6.0_base_toolaccepted/tizen_6.0_baseSlava Barinov1-0/+1
Change-Id: I5cb374a9609323e2ac26ad8e95ab65ef2b8bb87b Signed-off-by: Slava Barinov <v.barinov@samsung.com>
2020-01-08Use 64bit file access functionsSlava Barinov1-1/+1
Change-Id: Iacdc98d9a843149acc3833367b44587df742ca15 Signed-off-by: Slava Barinov <v.barinov@samsung.com>
2018-04-18Quoting of compile definitions breaks string value definitionstizen_5.5.m2_releasesubmit/tizen_base/20180423.100001submit/tizen_5.5_base_wearable_hotfix/20201023.155601submit/tizen_5.5_base_mobile_hotfix/20201023.171501submit/tizen_5.5_base/20191030.000001submit/tizen_5.0_base/20181101.000001accepted/tizen/base/20180427.142230accepted/tizen/5.5/base/wearable/hotfix/20201023.081914accepted/tizen/5.5/base/mobile/hotfix/20201023.085751accepted/tizen/5.5/base/20191030.084207accepted/tizen/5.0/base/20181101.091150tizen_5.5_tvtizen_5.5_base_wearable_hotfixtizen_5.5_base_mobile_hotfixtizen_5.5_basetizen_5.0_baseaccepted/tizen_5.5_base_wearable_hotfixaccepted/tizen_5.5_base_mobile_hotfixaccepted/tizen_5.5_baseaccepted/tizen_5.0_basejijoong.moon1-1/+1
FindCUDA:Improve quoting of CUDA_NVCC_COMPILE_DEFINITIONS Improve FindCUDA in order to resolve nvcc fatal : Stray '"' character error FYI : https://gitlab.kitware.com/cmake/cmake/commit/c1f4f13dbfa7caf6bbf4d8b70a7f09f786c7eed6 Change-Id: I2c970dfe122d8578ed008cd3ab75062761a7aa49 Signed-off-by: jijoong.moon <jijoong.moon@samsung.com> Signed-off-by: Sangjung woo <sangjung.woo@samsung.com>
2017-10-11Bump to 3.9.4submit/tizen_base/20180404.081907submit/tizen_base/20180404.054409accepted/tizen/base/20180409.095938MyungJoo Ham2-4/+8
- Remove dependency on rhash, json-cpp, libuv, form Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>
2017-10-11Removed curl dependency by using cmake internal curlHyungGi Lee1-3/+3
Change-Id: I71a1e4e6516702e5bf28d6702b8e588eb3e4b202 Signed-off-by: HyungGi Lee <hyunggi.lee@samsung.com>
2017-10-11packaging: Bump to version 2.8.12.2Kévin THIERRY1-8/+8
Bug-Tizen: TC-2230 Change-Id: I30413dba248244c4b4c7e8544a4752e2f61555d4 Signed-off-by: Kévin THIERRY <kevin.thierry@open.eurogiciel.org> Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
2017-10-11update to 2.8.11.2Anas Nashif2-1/+5
2017-10-11resetting manifest requested domain to floorAlexandru Cornea2-0/+8
2017-10-11fixed changelogAnas Nashif1-5/+0
2017-10-11add new module for Tizen related directoriesAnas Nashif3-2/+44
2017-10-11do not require pkgconfig(ncurses)Anas Nashif2-1/+4
2017-10-11Update to 2.8.10.2Anas Nashif1-0/+3
2017-10-11Update to 2.8.10.2Anas Nashif1-37/+24
2017-10-11remove patchesAnas Nashif1-12/+0
2017-10-11packaging: Initial packagingAnas Nashif3-0/+116
Change-Id: I1e253912caf690c56d827a993e2b5bee18747cf6 Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
2017-10-11Imported Upstream version 3.9.4upstream/3.9.4MyungJoo Ham9836-382107/+564807
2014-12-23Imported Upstream version 2.8.12.2upstream/2.8.12.2sandbox/kevinthierry/upstreamKévin THIERRY1120-8363/+35911
2013-08-13Imported Upstream version 2.8.11.2upstream/2.8.11.2sandbox/pcoval/previous/upstreamAnas Nashif965-7245/+22091
2013-02-13Imported Upstream version 2.8.10.2upstream/2.8.10.2Anas Nashif1401-24188/+45757
2012-10-30Imported Upstream version 2.8.9upstream/2.8.9Anas Nashif3416-0/+782279