OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2017.02.2 2017-04-28T12:25:38+00:00 2017-04-28T12:25:38+00:00 Peter Korsgaard peter@korsgaard.com 2017-04-25T13:44:23+00:00 urn:sha1:32e514709f9955a29fea8f307b8907ec6f955ba9 CVE-2016-4806 - Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. CVE-2016-4807 - Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). CVE-2016-4808 - Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim. CVE-2016-10321 - web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit a534030c6e67ff0319f8af2b55fe977a06f17dfd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-11-24T18:43:50+00:00 Angelo Compagnucci angelo.compagnucci@gmail.com 2015-11-22T21:21:14+00:00 urn:sha1:2d5158fd62ae9ea2e608f43f2db445aed4613e67 This patch bumps web2py to the latest released version (2.12.3) and adds hash file. Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-11-22T13:10:20+00:00 Angelo Compagnucci angelo.compagnucci@gmail.com 2015-11-21T15:41:19+00:00 urn:sha1:d13d02556595fb0c63d4a269e51a80abe0dc555e This patch bumps web2py version to 2.11.3 Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-11-04T20:48:42+00:00 Noé Rubinstein noe.rubinstein@gmail.com 2015-11-04T18:46:07+00:00 urn:sha1:db89b0b983735cacc2e417f2e40cad2b265b4543 The PYTHON_WEB2PY_PERMISSIONS table was using the user and group names instead of the uid and gid, causing makedevs to retrieve the uid and gid from the host system. Signed-off-by: Noé Rubinstein <nrubinstein@aldebaran.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-10-03T22:56:41+00:00 Maxime Hadjinlian maxime.hadjinlian@gmail.com 2015-10-03T21:29:57+00:00 urn:sha1:0f75b2635ee564fbbdb9ea631cf39fa8731d6d6c 'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-07-26T16:34:03+00:00 Angelo Compagnucci angelo.compagnucci@gmail.com 2015-07-24T20:05:17+00:00 urn:sha1:8a0c5de068cbbd224702db19d1c3674919a7609e This patch bumps python-web2py to version R-2.11.2. Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-07-23T20:21:52+00:00 Angelo Compagnucci angelo.compagnucci@gmail.com 2015-04-14T15:05:04+00:00 urn:sha1:7c0fab65aae632fc820edbe570c40f93c765dd64 This patch adds web2py package. web2py is a free open source full-stack framework for rapid development of fast, scalable, secure and portable database-driven web-based applications. [Thomas: fixup symbolic link to the systemd service file.] Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>