OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2017.08 2017-06-02T11:31:05+00:00 2017-06-02T11:31:05+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2017-06-02T10:26:54+00:00 urn:sha1:c97359266cd355ed19d4f2ddbb06f766d128d4f0 0001-fix-CVE-2017-1000367.patch already included in this release. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-06-01T20:28:14+00:00 Peter Korsgaard peter@korsgaard.com 2017-06-01T20:28:14+00:00 urn:sha1:11271540bfe6adafbc133caf6b5b902a816f5f02 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-05-31T10:30:49+00:00 Peter Korsgaard peter@korsgaard.com 2017-05-31T06:47:18+00:00 urn:sha1:fddb760946a4f4ca366528a673989793be65a678 CVE-2017-1000367 - Potential overwrite of arbitrary files on Linux On Linux systems, sudo parses the /proc/[pid]/stat file to determine the device number of the process's tty (field 7). The fields in the file are space-delimited, but it is possible for the command name (field 2) to include spaces, which sudo does not account for. A user with sudo privileges can cause sudo to use a device number of the user's choosing by creating a symbolic link from the sudo binary to a name that contains a space, followed by a number. If SELinux is enabled on the system and sudo was built with SELinux support, a user with sudo privileges may be able to to overwrite an arbitrary file. This can be escalated to full root access by rewriting a trusted file such as /etc/shadow or even /etc/sudoers. For more details, see: https://www.sudo.ws/alerts/linux_tty.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-05-11T19:19:00+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2017-05-11T09:36:02+00:00 urn:sha1:190731df61b9fa0083ae37cbb9c044d2773d0f29 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-11T15:47:37+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2017-05-11T13:00:40+00:00 urn:sha1:bf899e50d89439b1a1bdf22bc933075958ffc108 If we are building sudo statically and openldap was linked with openssl, then when we link sudo with openldap we need to specify the openssl libs, otherwise it will fail with "undefined reference" errors. Fixes: http://autobuild.buildroot.net/results/ebb/ebbb4c3138b5023a0c8bd938db1932a25ba5b6fb/ http://autobuild.buildroot.net/results/58e/58ee4fddea85f0c79b26582b04a573258e27eb47/ http://autobuild.buildroot.net/results/051/05151c4ef7f0b3702a6cd5e6df4888d826a37431/ http://autobuild.buildroot.net/results/b1d/b1dfae81985daee106700191fcb82387833c2e3f/ http://autobuild.buildroot.net/results/5b4/5b42e8505856156389d480d0da19f6982cf120d8/ http://autobuild.buildroot.net/results/30a/30a76190428f902f03bcf54ba9f1f4f4377c6fc9/ http://autobuild.buildroot.net/results/e8c/e8c6bdc314b9a8d5de303633a3abd7b7e44beb2e/ http://autobuild.buildroot.net/results/483/4830c69cc6a62080e1516f0d9009c2ba619c23c1/ Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-04-01T13:26:57+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:38+00:00 urn:sha1:9f59b378a36ae81db2672b417a68c7358b41ccc3 We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-3c is BSD-3-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-02-20T21:16:01+00:00 Danomi Manchego danomimanchego123@gmail.com 2017-02-18T05:38:52+00:00 urn:sha1:a3a2dbc409a950823c3a1547392943d2067a8311 Make license type lists more uniform: * put content license applies to in parenthesis; ex: "GPLv2+ (programs)" * use commas to separate types listed without conjuction; ex: "GPLv2, LGPLv2" No attempt was made to validate the claimed licenses. This is just a tweak to increase uniformity of the _LICENSE variables. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> [Thomas: replace semi-colons by commas in LIBURCU_LICENSE.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-02-06T18:40:40+00:00 Chris Frederick cdf123@cdf123.net 2016-10-24T15:34:23+00:00 urn:sha1:480bba27714c85ebaf7f7c20cffd376364398465 Automatically build sudo with ldap support when openldap is enabled. When sudo is built with ldap, /etc/sudoers is only read in for defaults, all rules need to be provided via ldap which is configured by the user in /etc/ldap.conf. Signed-off-by: Chris Frederick <cdf123@cdf123.net> Reviewed-by: Romain Naour <romain.naour@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-01-16T14:30:40+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2017-01-16T13:50:22+00:00 urn:sha1:99f7447df8ed74e20013b2ba736e32223d3bf901 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-12-21T14:12:37+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-12-21T13:10:25+00:00 urn:sha1:942dad3a531e1a594c4d63fbb714f237d06803ed Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>