OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.02 2016-02-16T20:33:12+00:00 2016-02-16T20:33:12+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-02-16T16:02:38+00:00 urn:sha1:cd80d3c03185dfd0ef1c214c98da35e61f0737c5 Fixes: CVE-2016-0766 - privilege escalation issue for users of PL/Java. CVE-2016-0773 - issue with regular expression (regex) parsing. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering a backend crash. This issue is critical for PostgreSQL systems with untrusted users or which generate regexes based on user input. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-10-09T13:24:34+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-10-08T18:59:12+00:00 urn:sha1:4cab124a0b1b7504e50fd02357022cdad1a61865 Fixes: CVE-2015-5289: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. sparc build fix patch upstream so drop it. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-10-03T22:56:41+00:00 Maxime Hadjinlian maxime.hadjinlian@gmail.com 2015-10-03T21:29:57+00:00 urn:sha1:0f75b2635ee564fbbdb9ea631cf39fa8731d6d6c 'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-09-29T22:33:02+00:00 Baruch Siach baruch@tkos.co.il 2015-09-29T20:01:32+00:00 urn:sha1:468233a9b776a55dfd8ced7d5d67189f6bb76855 The 'ZIC=$$(ZIC)' assignment is seen as 'ZIC=$(ZIC)' by the shell, that interprets that as command substitution causing an error like: /bin/sh: ZIC: command not found Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-09-29T22:32:04+00:00 Baruch Siach baruch@tkos.co.il 2015-09-29T20:01:31+00:00 urn:sha1:b70f2f96d3c32c19761be6df57e16e9d5b6bdfef The linker -rpath option causes the linker to search for libraries in host directories. Should fix: http://autobuild.buildroot.net/results/2cc/2cca5f8d8a8cd1bf9bbbc8c955aec477839e059f/ http://autobuild.buildroot.net/results/da6/da61d30791f216033971d679c84704d0fc0c3de0/ Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-08-10T13:55:44+00:00 Waldemar Brodkorb wbx@openadk.org 2015-08-09T18:13:36+00:00 urn:sha1:b1c6801f1c5dfdf8610d16d8a4cd68d062b44e16 Fixes autobuilder compile error: http://autobuild.buildroot.net/results/f374d3535cf91f139ce80703cd2d0a2be5d3b2b1/ The predefines are wrong: ./output/host/usr/bin/sparc-buildroot-linux-uclibc-gcc -dM -E - </dev/null|grep sparc #define sparc 1 #define __sparc__ 1 #define __sparc 1 #define __sparc_v8__ 1 Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-07-11T07:27:38+00:00 Floris Bos bos@je-eigen-domein.nl 2015-05-25T17:20:26+00:00 urn:sha1:e7d515d00e5d36e1260da3768178d2364db1ef90 Adds "-w" option to init script to wait till the database server has fully started and accepts connections before continuing. Prevents other applications that depend on PostgreSQL from failing to start, if the database server is not ready yet. Times out after 60 seconds by default. Signed-off-by: Floris Bos <bos@je-eigen-domein.nl> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-06-21T04:39:19+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2015-06-18T16:46:06+00:00 urn:sha1:0b9d184ddde036af7c1af786ff413387e221a2b0 - Bump to version 9.4.4 - Update hash file Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-06-09T20:43:17+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-06-08T18:43:25+00:00 urn:sha1:233862860cfd4474dcc2d298d54b1f058b624e8e Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-05-26T21:53:34+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-05-26T19:45:57+00:00 urn:sha1:dffd39168af7ee419f3fe86152d36db2d1dfcc5a Fixes: CVE-2015-3165 (denial of service) CVE-2015-3166 (information disclosure) CVE-2015-3167 (side-channel key exposure) Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>