OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2017.02 2017-02-26T13:37:54+00:00 2017-02-26T13:37:54+00:00 Ignacy Gawędzki ignacy.gawedzki@green-communications.fr 2017-02-24T14:26:24+00:00 urn:sha1:92b770cd825915d56ea8d92d063aebdf7ef270a1 Since there's not much point in generating missing host keys when the init script is called with "stop", the call to ssh-keygen should not be done inconditionally, but in the start function instead. Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-02-20T21:16:01+00:00 Danomi Manchego danomimanchego123@gmail.com 2017-02-18T05:38:52+00:00 urn:sha1:a3a2dbc409a950823c3a1547392943d2067a8311 Make license type lists more uniform: * put content license applies to in parenthesis; ex: "GPLv2+ (programs)" * use commas to separate types listed without conjuction; ex: "GPLv2, LGPLv2" No attempt was made to validate the claimed licenses. This is just a tweak to increase uniformity of the _LICENSE variables. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> [Thomas: replace semi-colons by commas in LIBURCU_LICENSE.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-12-19T19:53:24+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-12-19T16:27:51+00:00 urn:sha1:ae58da71111c9a9825fa8dab1338831ff38dc320 Fixes: CVE-2016-10009 - ssh-agent(1): Will now refuse to load PKCS#11 modules from paths outside a trusted whitelist CVE-2016-10010 - sshd(8): When privilege separation is disabled, forwarded Unix-domain sockets would be created by sshd(8) with the privileges of 'root' CVE-2016-10011 - sshd(8): Avoid theoretical leak of host private key material to privilege-separated child processes via realloc() CVE-2016-10012 - sshd(8): The shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimising compilers http://seclists.org/oss-sec/2016/q4/708 Drop upstream patch. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-11-15T11:58:20+00:00 Baruch Siach baruch@tkos.co.il 2016-11-15T06:34:18+00:00 urn:sha1:aae80e71b6ce75bdf73cc9b84ec96c92ed13aa58 Fixes CVE-2016-8858: Memory exhaustion, up to 128MB, of unauthenticated peer. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-08-01T20:11:31+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-08-01T13:19:37+00:00 urn:sha1:b0e524be37856dc433b48103cf17ac6f8983445f Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-07-24T19:44:22+00:00 Waldemar Brodkorb wbx@openadk.org 2016-07-11T14:35:14+00:00 urn:sha1:3c93901bcd2f77232581ca82a3a5f741aa9e6345 uClibc-ng does not support PIE for some architectures as arc and m68k. It isn't implemented in the static linking case, too. With musl toolchains you might have static PIE support with little patching of gcc. Static linking for GNU libc isn't enabled in buildroot. Fixup any package using special treatment of PIE. (grep -ir pie package/*/*.mk) Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> [Thomas: use positive logic.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-03-10T19:49:57+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-03-10T18:34:28+00:00 urn:sha1:55a94ec8936571df586d4f53ffc1355c651a63d3 Fixes: CVE-2016-3115 - sanitise X11 authentication credentials to avoid xauth command injection when X11Forwarding is enabled. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-02-29T20:45:32+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-02-29T11:59:32+00:00 urn:sha1:0c62637bdd473236d50ec459c9074ad8a8834129 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-01-14T19:13:57+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-01-14T17:55:43+00:00 urn:sha1:2ff0e32e254e3ee6d96f6b13b7bf182b4e1def73 Fixes: CVE-2016-0777 - Client Information leak from use of roaming connection feature. CVE-2016-0778 - A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: James Knight <james.knight@rockwellcollins.com> Tested-by: James Knight <james.knight@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-10-03T22:56:41+00:00 Maxime Hadjinlian maxime.hadjinlian@gmail.com 2015-10-03T21:29:57+00:00 urn:sha1:0f75b2635ee564fbbdb9ea631cf39fa8731d6d6c 'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>