OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2017.05 2017-05-31T21:55:40+00:00 2017-05-31T21:55:40+00:00 Peter Korsgaard peter@korsgaard.com 2017-05-31T21:55:40+00:00 urn:sha1:dd2020aadf0bf9b157a6f42ec189318edc560d3b Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-05-31T20:36:15+00:00 Daniel Sabogal dsabogalcc@gmail.com 2017-05-23T17:19:31+00:00 urn:sha1:43552504c8aacda2a163c933203a3b77146409c1 Bash's malloc relies on sbrk which is implemented as a fail-only stub in musl. Presently, it is disabled when configured for static libs. Instead, default to using libc malloc. Fixes: # bash bash: xmalloc: locale.c:81: cannot allocate 18 bytes (0 bytes allocated) Signed-off-by: Daniel Sabogal <dsabogalcc@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-31T19:32:24+00:00 Romain Naour romain.naour@gmail.com 2017-05-31T19:12:49+00:00 urn:sha1:17aa47fa2cf1cd60809aa70500e8611b6f3abebf The top-level doesn't handle correctly the build dependencies between .o files. Since hans doesn't take too many time to build, just use MAKE1. Fixes: http://autobuild.buildroot.net/results/d14/d142f4a439d4d5fcc89865abde3e593c45ad5d96 http://autobuild.buildroot.net/results/28e/28ed230e40cc154db9274f9765085cd7f0eee85a http://autobuild.buildroot.net/results/900/9008c3be3bcf46f0fc21a34f48e3cf9da1397d9a Signed-off-by: Romain Naour <romain.naour@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-31T10:30:49+00:00 Peter Korsgaard peter@korsgaard.com 2017-05-31T06:47:18+00:00 urn:sha1:fddb760946a4f4ca366528a673989793be65a678 CVE-2017-1000367 - Potential overwrite of arbitrary files on Linux On Linux systems, sudo parses the /proc/[pid]/stat file to determine the device number of the process's tty (field 7). The fields in the file are space-delimited, but it is possible for the command name (field 2) to include spaces, which sudo does not account for. A user with sudo privileges can cause sudo to use a device number of the user's choosing by creating a symbolic link from the sudo binary to a name that contains a space, followed by a number. If SELinux is enabled on the system and sudo was built with SELinux support, a user with sudo privileges may be able to to overwrite an arbitrary file. This can be escalated to full root access by rewriting a trusted file such as /etc/shadow or even /etc/sudoers. For more details, see: https://www.sudo.ws/alerts/linux_tty.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-05-31T06:02:27+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2017-05-31T05:52:08+00:00 urn:sha1:8e0cb0c12dcbb0625b42481d7057b17d7bf4ad3d Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-05-30T21:37:26+00:00 Peter Korsgaard peter@korsgaard.com 2017-05-30T13:03:24+00:00 urn:sha1:e43efb9b654ae19e9e47ae5828d9e99b044f37c9 Fixes: CVE-2017-9022 - RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack. https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html CVE-2017-9023 - ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate. https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-30T21:29:20+00:00 Alistair Francis alistair.francis@xilinx.com 2017-05-30T17:26:13+00:00 urn:sha1:e1c2c432a914e1da9022f370906c06d139e41aee maekdev() is available from sys/types.h but only due to a bug in glibc. This is being fixed by printing an error when using makedev() from sys/types.h. To fix the issue we should include sys/sysmacros.h for makedev(). As this has already been fixed in upstream Xen we can backport the patch. Fixes: http://autobuild.buildroot.net/results/552/552e66d764885341b2fe208a0e4382b5fe05ea9d/ Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-30T21:22:09+00:00 Romain Naour romain.naour@gmail.com 2017-05-30T14:53:17+00:00 urn:sha1:2fcb07fbe3c2a861cd6c988d6d13d11be22a3683 madplay use a libtool script in version 1.5.2 but the libtool patch "buildroot-libtool-v1.5.patch.patch" doesn't apply. From [1]: "It's libtool dropping -static. That's because madplay has a weird version of libtool, on which our libtool patch doesn't apply so we have MADPLAY_LIBTOOL_PATCH = NO. Therefore, the hack we have that makes libtool -static behave like -all-static isn't applied, causing this build failure." Fixes: http://autobuild.buildroot.net/results/60def1b15ea61d3cb5f50e9de3f354dd2e17d270 [1] http://lists.busybox.net/pipermail/buildroot/2017-May/192959.html Signed-off-by: Romain Naour <romain.naour@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-30T21:20:22+00:00 Luca Ceresoli luca@lucaceresoli.net 2017-05-30T17:01:28+00:00 urn:sha1:6ff4293c94790e7f6bdb1a2c1263dc2a3998c3a6 Warning reported by check-package. Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-30T21:20:17+00:00 Luca Ceresoli luca@lucaceresoli.net 2017-05-30T17:01:27+00:00 urn:sha1:ae8704c7529e7c293f7f040412f199507939f61b Warning reported by check-package. Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>