OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.02 2016-02-16T20:33:12+00:00 2016-02-16T20:33:12+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-02-16T16:02:38+00:00 urn:sha1:cd80d3c03185dfd0ef1c214c98da35e61f0737c5 Fixes: CVE-2016-0766 - privilege escalation issue for users of PL/Java. CVE-2016-0773 - issue with regular expression (regex) parsing. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering a backend crash. This issue is critical for PostgreSQL systems with untrusted users or which generate regexes based on user input. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-10-09T13:24:34+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-10-08T18:59:12+00:00 urn:sha1:4cab124a0b1b7504e50fd02357022cdad1a61865 Fixes: CVE-2015-5289: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. sparc build fix patch upstream so drop it. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-09-29T22:33:02+00:00 Baruch Siach baruch@tkos.co.il 2015-09-29T20:01:32+00:00 urn:sha1:468233a9b776a55dfd8ced7d5d67189f6bb76855 The 'ZIC=$$(ZIC)' assignment is seen as 'ZIC=$(ZIC)' by the shell, that interprets that as command substitution causing an error like: /bin/sh: ZIC: command not found Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-09-29T22:32:04+00:00 Baruch Siach baruch@tkos.co.il 2015-09-29T20:01:31+00:00 urn:sha1:b70f2f96d3c32c19761be6df57e16e9d5b6bdfef The linker -rpath option causes the linker to search for libraries in host directories. Should fix: http://autobuild.buildroot.net/results/2cc/2cca5f8d8a8cd1bf9bbbc8c955aec477839e059f/ http://autobuild.buildroot.net/results/da6/da61d30791f216033971d679c84704d0fc0c3de0/ Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-06-21T04:39:19+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2015-06-18T16:46:06+00:00 urn:sha1:0b9d184ddde036af7c1af786ff413387e221a2b0 - Bump to version 9.4.4 - Update hash file Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-06-09T20:43:17+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-06-08T18:43:25+00:00 urn:sha1:233862860cfd4474dcc2d298d54b1f058b624e8e Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-05-26T21:53:34+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-05-26T19:45:57+00:00 urn:sha1:dffd39168af7ee419f3fe86152d36db2d1dfcc5a Fixes: CVE-2015-3165 (denial of service) CVE-2015-3166 (information disclosure) CVE-2015-3167 (side-channel key exposure) Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-05-14T09:00:44+00:00 Baruch Siach baruch@tkos.co.il 2015-05-12T20:10:06+00:00 urn:sha1:3d3f70b567718ae308b5704ddd7d107c4849309e A few snprintf() compatibility tests in config/c-library.m4 use AC_TRY_RUN that doesn't work for cross compilation. As a result configure.in decides to build a bundled implementation of snprintf(). This implementation calls isnan(), but -lm is missing. This breaks link with libpq.so. Preseed the correct values to make the configure script happy, and fix rsyslog build. Fixes: http://autobuild.buildroot.net/results/e76/e769982e3131581b38698c109c9bc5215e3d5b11/ http://autobuild.buildroot.net/results/2b9/2b9d3edc8341675455bc3b74d1e84c8c0c24c521/ http://autobuild.buildroot.net/results/2a8/2a80357237ed7225823a008b5ff02bab01269814/ and many more. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Tested-by: Gergely Imreh <imrehg@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-05-06T19:36:55+00:00 Max Filippov jcmvbkbc@gmail.com 2015-03-23T17:23:30+00:00 urn:sha1:257a2393d0696ae6897f171e1e4ca66aee3892a9 PostgreSQL configure may not correctly determine flags for compiling and linking with pthreads support when compiler or linker give irrelevant warnings. Record default compiler and linker output and see if adding pthread option changes that, instead of assuming that linker and compiler are silent by default. Fixes: http://autobuild.buildroot.net/results/916487aae929c181d4e3f471c6c7508552f0b683/ http://autobuild.buildroot.net/results/921a94d1a489d81b362c5b6a403a156b4691effd/ http://autobuild.buildroot.net/results/dbcdc58ad32b7b811ea47b6fc0f926a477e30786/ http://autobuild.buildroot.net/results/68b582f4caec223a646f095487263353f273156d/ Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-04-22T21:06:35+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-04-19T12:40:00+00:00 urn:sha1:79ce08bbdc33d1725f5d950736c9f624814b5a03 Now that IPv6 is mandatory remove package dependencies and conditionals for it. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>