OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2017.02 2017-02-08T08:46:13+00:00 2017-02-08T08:46:13+00:00 Peter Korsgaard peter@korsgaard.com 2017-02-08T08:12:03+00:00 urn:sha1:54a94951231ce624cf6a2e297c806c1677efdeb8 Fixes CVE-2017-5932 - Shell code execution on tab completion of specially crafted files. For details, see the report: https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf We unfortunately cannot easily download these because of the file names (not ending in patch) and patch format (p0), so convert to p1 format and include in package/bash with the following script: for i in 06 07 08 09 10 11 12; do cat > bash44-0$i.patch << EOF >From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i Signed-off-by: Peter Korsgaard <peter@korsgaard.com> EOF curl https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i | \ sed -e 's|^\*\*\* \.\./|*** |' -e 's|^--- |--- b/|' >> bash44-0$i.patch done Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-01-08T19:05:07+00:00 Peter Korsgaard peter@korsgaard.com 2017-01-08T08:24:50+00:00 urn:sha1:7841dd2dc21729f73aa250a1fc7462e0483b1061 We unfortunately cannot easily download these because of the file names (not ending in patch) and patch format (p0), so convert to p1 format and include in package/bash. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-11-30T11:02:19+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-11-29T12:24:04+00:00 urn:sha1:cde22e1fd340492f6f017c9f9a2d749391961887 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-07-04T14:12:38+00:00 Thomas Petazzoni thomas.petazzoni@free-electrons.com 2016-07-04T13:46:56+00:00 urn:sha1:1dbd7b991025a8bf39ab5d25c2fd97f47f084bac Having the BR2_PACKAGE_BUSYBOX_SHOW_OTHERS dependencies in package/Config.in is not very practical: it makes this file not very readable, and puts the dependency away from the package itself, which can sometimes be confusing. Therefore, this commit moves the dependency in each package Config.in file. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-06-29T20:07:48+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2016-06-29T18:49:31+00:00 urn:sha1:e63ea7faa26faa4464045c4def88de5df01f3ec5 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-03-12T22:55:06+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-03-11T18:27:51+00:00 urn:sha1:b9d61200f60d00c21c8190f4c1fe3ccabd7a70ba They don't seem to be causing any issues after bumping to the 4.3.x series and several tests. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-01-08T17:48:12+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-01-07T19:52:14+00:00 urn:sha1:4a37f3316ccf122ad9dd5cab812edd758b5031e8 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-09-04T14:45:42+00:00 James Knight james.knight@rockwellcollins.com 2015-09-03T15:00:09+00:00 urn:sha1:0610de14901e5ad0f6c9b4db488477db47d2ff57 When Bash attempts to find the current working directory, it uses a C library call `getcwd` to resolve it. When cross-compiling, the configuration process cannot determine if the target system's C library can support an "unfixed" path length. Therefore, Bash will fallback to a size of `PATH_MAX` for determining the current working directory. When using OverlayFS (and possible other file systems), this becomes an issue since file paths can commonly exceed standard `PATH_MAX` length. This typically results in the following error appearing: error retrieving current directory: [...] Common C library `getcwd` calls can default to a higher limit (usually the system's page size). The current configurable C libraries (as of at least 2015.08) support a zero (0) size buffer length. Most use the system's page size; musl, being an exception, which defaults to `PATH_MAX` (as Bash was doing). Since these C libraries support allocating buffer space with a zero (0) provided size, the following configuration change allows Bash to support getting a larger-length'ed working directory on target's that support it. Signed-off-by: James Knight <james.knight@rockwellcollins.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-03-18T13:39:28+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-03-18T13:29:42+00:00 urn:sha1:47df048f8d1191a0c79188afa44e20d17a239def Misc fixes. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-12-11T21:48:13+00:00 Thomas Petazzoni thomas.petazzoni@free-electrons.com 2014-12-03T21:41:29+00:00 urn:sha1:665e13c85e1fd216499cdd335a88a4d1c20f175f Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed from "prefer static libraries when possible" to "use only static libraries". The former semantic didn't make much sense, since the user had absolutely no control/idea of which package would use static libraries, and which packages would not. Therefore, for quite some time, we have been starting to enforce that BR2_PREFER_STATIC_LIB should really build everything with static libraries. As a consequence, this patch renames BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS, and adjust the Config.in option accordingly. This also helps preparing the addition of other options to select shared, shared+static or just static. Note that we have verified that this commit can be reproduced by simply doing a global rename of BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>