OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2018.02 2018-01-18T21:08:39+00:00 2018-01-18T21:08:39+00:00 Ed Blake ed.blake@sondrel.com 2018-01-18T18:05:31+00:00 urn:sha1:5a9a95d0eb15c189f1361c12c105eb0ba8842c77 Commit 954509f added a security fix for CVE-2017-8779, involving pairing all svc_getargs() calls with svc_freeargs() to avoid a memory leak. However it also introduced a couple of issues: - The call to svc_freeargs() from rpcbproc_callit_com() may result in an attempt to free static memory, resulting in undefined behaviour. - A typo in the svc_freeargs() call from pmapproc_dump() causes NIS (aka ypbind) to fail. Backport upstream fixes for these issues to version 0.2.3. Signed-off-by: Ed Blake <ed.blake@sondrel.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-12-18T08:22:54+00:00 Thomas Petazzoni thomas.petazzoni@free-electrons.com 2017-12-18T08:21:05+00:00 urn:sha1:2277fdeca8c94f8ea8fe8afebcdbb176c6b1531d This commit fixes the warnings reported by check-package on the help text of all package Config.in files, related to the formatting of the help text: should start with a tab, then 2 spaces, then at most 62 characters. The vast majority of warnings fixed were caused by too long lines. A few warnings were related to spaces being used instead of a tab to indent the help text. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-08-24T21:12:40+00:00 Andrey Smirnov andrew.smirnov@gmail.com 2017-08-23T23:44:14+00:00 urn:sha1:3a41c96a25a267db77455a668dd4c673a2a6fc39 Do not mark .service and .socket files executable, otherwise systemd will give us a warning about it. Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-16T07:24:01+00:00 Peter Korsgaard peter@korsgaard.com 2017-05-15T21:01:24+00:00 urn:sha1:954509fb84cfbcf50a2f3020d817a118f7357d3a CVE-2017-8779: rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. For more details, see: https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ Backport upstream fix to version 0.2.3 and unconditionally include syslog.h to fix a build issue when RPCBIND_DEBUG is disabled (which it is in Buildroot). Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-02T12:36:19+00:00 Adam Duskett Aduskett@gmail.com 2017-04-22T17:18:04+00:00 urn:sha1:2db9d93282a3c198ddc908082a17f261a48aa7b3 The check-package script when ran gives warnings on ordering issues on all of these Config files. This patch cleans up all warnings related to the ordering in the Config files for packages starting with the letter r in the package directory. The appropriate ordering is: type, default, depends on, select, help See http://nightly.buildroot.org/#_config_files for more information. Signed-off-by: Adam Duskett <Adamduskett@outlook.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-04-06T20:40:33+00:00 Ricardo Martincoski ricardo.martincoski@gmail.com 2017-04-04T22:50:11+00:00 urn:sha1:6eb5cf144f0cabc399ada1e4963fc66bbb5a8c62 Occurrences were searched using [1]: check-package --include-only ConsecutiveEmptyLines $(find * -type f) and manually removed. [1] http://patchwork.ozlabs.org/patch/729666/ Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-04-01T13:26:57+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:38+00:00 urn:sha1:9f59b378a36ae81db2672b417a68c7358b41ccc3 We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-3c is BSD-3-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-08-19T09:33:44+00:00 Yann E. MORIN yann.morin.1998@free.fr 2016-08-18T21:50:14+00:00 urn:sha1:4cae57b4588e5ad6917559602d529c86be95db42 rpcbind uses the __P() macro defined in sys/cdefs.h but does not includes it explicitly, relying on the glibc behaviour to include it from its own headers. But this macro does nothing but expands as its argument. In the past, it did provide support for pre-ANSI compilers that did not support function prototypes. Those are now gone, and glibc provides this macro for legacy code. Patch out the use of __P() altogether. Fixes: http://autobuild.buildroot.org/results/346/346c5b562c244ddb039db2f86f71d670a01ed9ce/ http://autobuild.buildroot.org/results/d77/d77454265c45539178c008c5d92509c441447675/ and numerous such autobuild failures Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-11-25T11:10:26+00:00 Peter Rosin peda@axentia.se 2015-11-24T21:45:52+00:00 urn:sha1:c091f2333a97127a919a9e77ee09f5dea90a8dd4 Signed-off-by: Peter Rosin <peda@axentia.se> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-10-04T15:11:32+00:00 Maxime Hadjinlian maxime.hadjinlian@gmail.com 2015-10-03T19:50:26+00:00 urn:sha1:231fdc7c5448d1b79752bbaa849a2532b678f209 Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>