| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
from buildroot tree
Note that DAHDI is only being removed due to poor packaging -- it does not require binary
firmware on some cards, but the buildroot packaging for it unconditionally pulls in binary-only
firmware regardless.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this restriction, symlinks are rewritten and corrupted.
Example without the restriction:
Input tree (valid):
package-githash/file1
package-githash/link -> ./file1
Output tree (broken):
package-githash/file1
package-githash/link -> package-githash/file1
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit b1e47be "libudev-monitor.c: fail to monitor udev if udev is not
started" causes an internal check to fail if /dev is mounted on
devtmpfs. Revert this change to have the udev monitor work again.
See https://github.com/gentoo/eudev/issues/172 for discussion.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
|
| |
|
|
|
|
|
|
| |
If the host's make is too old it will also fail in the configure step;
use host-make here as well.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Include upstream commit 193f1e8 "glob: Do not assume glibc glob
internals". Without this if building host-make glibc will fail with the
following error if using host-make:
>>> glibc glibc-2.28-69-g1e5c5303a522764d7e9d2302a60e4a32cdb902f1 Building
host-make/host/bin/host-make -j25 -C host-make/build/glibc-glibc-2.28-69-g1e5c5303a522764d7e9d2302a60e4a32cdb902f1/build
host-make/host/bin/host-make -r PARALLELMFLAGS="" -C host-make/build/glibc-glibc-2.28-69-g1e5c5303a522764d7e9d2302a60e4a32cdb902f1 objdir=`pwd` all
Segmentation fault (core dumped)
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
|
| |
|
|
|
|
|
|
| |
The localedef package builds from glibc-2.28 now so it also requires
make >= 4.0.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |\
| |
| |
| | |
Signed-off-by: Joel Stanley <joel@jms.id.au>
|
| | |
| |
| |
| | |
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 15cb98769e4 (release: remove manual build files from release
tarballs) tried to remove the temporary files from the manual build from the
release tarball, but manual-clean only removes build/docs/manual and leaves
build/docs in the tarball.
Instead use 'make clean' to completely remove the build directory from the
tarball.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c24faa81e859a773c72a84dca1eadffd1ddeffcf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Notice: 4.20.x is now EOL.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop 5.0.x bump]
(cherry picked from commit 198b4cff10aa7e25bac28b54721638119e8fd1f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes the following security vulnerabilities:
CVE-2019-6488: On x32, the size_t parameter may be passed in the lower
32 bits of a 64-bit register with with non-zero upper 32 bit. When it
happened, accessing the 32-bit size_t value as the full 64-bit register
in the assembly string/memory functions would cause a buffer overflow.
Reported by H.J. Lu.
CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check
size. For x86-64, memcmp on an object size larger than SSIZE_MAX
has undefined behavior. On x32, the size_t argument may be passed
in the lower 32 bits of the 64-bit RDX register with non-zero upper
32 bits. When it happened with the sign bit of RDX register set,
memcmp gave the wrong result since it treated the size argument as
zero. Reported by H.J. Lu.
CVE-2016-10739: The getaddrinfo function could successfully parse IPv4
addresses with arbitrary trailing characters, potentially leading to data
or command injection issues in applications.
CVE-2019-9169: Attempted case-insensitive regular-expression match
via proceed_next_node in posix/regexec.c leads to heap-based buffer
over-read. Reported by Hongxu Chen.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Switch site to github
- Remove second patch (already in version)
- Add hash for license file
- Fix memory corruption in process_bitmap_data - CVE-2018-8794
- Fix remote code execution in process_bitmap_data - CVE-2018-8795
- Fix remote code execution in process_plane - CVE-2018-8797
- Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
- Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
- Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
- Fix Denial of Service in sec_recv - CVE-2018-20176
- Fix minor information leak in rdpdr_process - CVE-2018-8791
- Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
- Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
- Fix Denial of Service in process_bitmap_data - CVE-2018-8796
- Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
- Fix Denial of Service in process_secondary_order - CVE-2018-8799
- Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
- Fix major information leak in ui_clip_handle_data - CVE-2018-20174
- Fix memory corruption in rdp_in_unistr - CVE-2018-20177
- Fix Denial of Service in process_demand_active - CVE-2018-20178
- Fix remote code execution in lspci_process - CVE-2018-20179
- Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
- Fix remote code execution in seamless_process - CVE-2018-20181
- Fix remote code execution in seamless_process_line - CVE-2018-20182
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 992e84c49ebfdef2fbe2fa3d475e0a388cf59218)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4f67a6c7d29ffb0bb2b8dcc190fdd71de5be84bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Contains a number of fixes for issues discovered post-7.64.0. For details,
see the list of changes:
https://curl.haxx.se/changes.html#7_64_1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 48da1bc9fdebeaa011648c9b208b17f28a0878e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
wavemon does not use pthread_mutexattr_setrobust since version 0.8.2 and
https://github.com/uoaerg/wavemon/commit/d271685e03bc896829d8cc01ca0de28cd7b6ba72
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8cefb9bb7fd87d3edbe62dcb4c490054f1396e5e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
kexec has fully support of ppc64 platform:
https://www.kernel.org/doc/Documentation/kdump/kdump.txt
Added BR2_powerpc64 platform support.
Signed-off-by: Artem Senichev <artemsen@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7c0a3f879582e3ddce6c4be2c6f2f387c384556d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Release notes:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
- Fixes for the following vulnerabilities affecting 0.101.1 and prior:
- CVE-2019-1787:
An out-of-bounds heap read condition may occur when scanning PDF
documents. The defect is a failure to correctly keep track of the number
of bytes remaining in a buffer when indexing file data.
- CVE-2019-1789:
An out-of-bounds heap read condition may occur when scanning PE files
(i.e. Windows EXE and DLL files) that have been packed using Aspack as a
result of inadequate bound-checking.
- CVE-2019-1788:
An out-of-bounds heap write condition may occur when scanning OLE2 files
such as Microsoft Office 97-2003 documents. The invalid write happens when
an invalid pointer is mistakenly used to initialize a 32bit integer to
zero. This is likely to crash the application.
- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:
- CVE-2019-1786:
An out-of-bounds heap read condition may occur when scanning malformed PDF
documents as a result of improper bounds-checking.
- CVE-2019-1785:
A path-traversal write condition may occur as a result of improper input
validation when scanning RAR archives. Issue reported by aCaB.
- CVE-2019-1798:
A use-after-free condition may occur as a result of improper error
handling when scanning nested RAR archives. Issue reported by David L.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4037c0a39717df45d8fbaeb7dcaebaaa5cd2facb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The lua_swupdate.so library was still built (without any object files)
and linked against swupdate even when HAVE_LUA was not set. This fails
in some static-only configurations.
Fixes:
- http://autobuild.buildroot.org/results/c11c4d26983e0347d96f3dda62e6d72b031967bb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b251f50c8d555bdbbd2f7bd378fdb3d3de7fe84d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
base64 reuses the uuencode logic, so only adds very little extra overhead,
is enabled by default upstream and is used more often than uuencode - So
enable it in the default busybox config.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 855a863ae9256045cf62edff9ddbfd33a3971891)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
/home/test/autobuild/run/instance-2/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libssl.a(ssl_cert.o): In function `CRYPTO_DOWN_REF':
/home/test/autobuild/run/instance-2/output/build/libopenssl-1.1.1a/include/internal/refcount.h:50: undefined reference to `__atomic_fetch_sub_4'
This is often for example the case on sparcv8 32 bit.
To fix this issue, use pkg-config to retrieve openssl dependencies
including atomic library, these dependencies must be passed to
LIB_4_CRYPTO IN GIT_MAKE_OPTS
Fixes:
- http://autobuild.buildroot.org/results/3093897d14a854a7252b25b2fa1f8fdcbb26c9b7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1ae9640a9fc11c315aeb989941d9555065da8b24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update second patch to fix shared build
Fixes:
- http://autobuild.buildroot.org/results/c27b9c82e68ade29b45dc84ecce5fe6653fbb7da
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3dc3b4c2798ff76666ba6b3b83ae5942b76e6091)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
openssl can have multiples dependencies such as libatomic on sparcv8
32 bits so drop first patch and add a new patch to use pkg-config
Fixes:
- http://autobuild.buildroot.org/results/58e5aa7c6ba8fe7474071d7a3cba6ed3a1b4cff4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3aa3a72b45238c4cf240b947531d253a53a46d35)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ftdi support has been added in version 3.1p2 and
https://github.com/owfs/owfs/commit/2982df8ca648bd9cec4d820151046b044ef504e0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0d060f855f7d9cd688fb9f64360a6538c711b409)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add libftdi1-config to LIBFTDI1_CONFIG_SCRIPTS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7eea3ae22453feaa4f40659927c3c9274e478528)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Patch is not needed since version 3.1p2 and
https://github.com/owfs/owfs/commit/2982df8ca648bd9cec4d820151046b044ef504e0
because localtime_r is now correctly checked
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ff75269b9aadb34bb7ba4737471a61b4858d726d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes:
- http://autobuild.buildroot.org/results/2b99fabd798db84a0fce26ad696c58e54c6ff626
- http://autobuild.buildroot.org/results/95e410e5ab34c6d4626a58f97c0d2d5e6829a300
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8795cb2082437e4d27fa24fae66fdad350439e67)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add patches fixing a number of build issues with uClibc. The issue fixed
in patch #2 has been reported upstream. Patch #3 has been suggested by
upstream but not applied yet.
Drop the _SUBDIR assignment. The configure script moved to top level
directory since upstream commit a947c49bec3 from 2014. This allows
AUTORECONF to find configure.ac.
Fixes:
http://autobuild.buildroot.net/results/801/801e2b2909363b5dcd9735362bb921e017569edc/
http://autobuild.buildroot.net/results/398/3984c6cdd3398645c8ad98bbe23af9090cf4bfcf/
http://autobuild.buildroot.net/results/632/632f93046f9cceffd9b604911542426c10967e0f/
Cc: Alexander Dahl <post@lespocky.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 35b72be8fea5c3b6426441a9efa18a2ad3c319a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add upstream patch fixing build when NO_GSSAPI is defined which is the
case on static builds.
Cc: Alexander Dahl <post@lespocky.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a6f73f3d26ce723657e764424b8a4f32cd6f53cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CVE-2019-9894: A remotely triggerable memory overwrite in RSA key
exchange can occur before host key verification.
CVE-2019-9895: A remotely triggerable buffer overflow exists in any kind
of server-to-client forwarding.
CVE-2019-9897: Multiple denial-of-service attacks that can be triggered
by writing to the terminal.
CVE-2019-9898: Potential recycling of random numbers used in
cryptography.
Disable static build for now. When building statically configure defines
NO_GSSAPI. Build with NO_GSSAPI is currently broken. The issue has been
reported upstream.
Cc: Alexander Dahl <post@lespocky.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b6f47c0a4327074c0aff80cc2b2e22e5c8eef692)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes:
- http://autobuild.buildroot.org/results/0121befb9b4ba6cffc47ce7f861ed81077fc900f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 735bedd0d32e18210c38d10ef74f69fc750114c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes CVE-2017-2625:
https://lists.x.org/archives/xorg-announce/2019-March/002974.html
Added all hashes provided by upstream and license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8a60253925c7730f3b9ca65edf38c729192b27b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes the following security issue:
AST-2019-001: Remote crash vulnerability with SDP protocol violation
When Asterisk makes an outgoing call, a very specific SDP protocol violation
by the remote party can cause Asterisk to crash (CVE-2019-7251)
https://downloads.asterisk.org/pub/security/AST-2019-001.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 391a1e5df7a57abfcebd1ca260b56c76c941e5ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes:
- http://autobuild.buildroot.org/results/c484079b2736eb3c21adff257f3e3ab1acc67f9a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8867e95a21e91f7a4b02ba6d5c1e8c688eb1a38f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In particular update to solve an issue where LVM would fail to
initialise LVM devices when asynchronous IO was not available and it
would fail to fall back to synchronous IO. [0][1]
[0] https://bugzilla.redhat.com/show_bug.cgi?id=1650652
[1] https://github.com/open-power/petitboot/issues/60
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ba9442dfe3dd2655a1b3e1cfe7e8a377bfbcf1c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumped the version of eigen to 3.3.7, which fixes issues when compiling with GCC7 (notably int-in-bool-context errors, fixed in 3.3.5), in addition to various other issues noted in the eigen change logs: http://eigen.tuxfamily.org/index.php?title=ChangeLog
Legal hashes are unchanged in 3.3.7
Signed-off-by: Reed Nightingale <reed.nightingale@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 06a1ff4fd320972f32726881944939908ba2e948)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
>From the advisory:
Jann Horn identified a problem in current versions of
libseccomp where the library did not correctly generate 64-bit syscall
argument comparisons using the arithmetic operators (LT, GT, LE, GE).
Jann has done a search using codesearch.debian.net and it would appear
that only systemd and Tor are using libseccomp in such a way as to
trigger the bad code. In the case of systemd this appears to affect
the socket address family and scheduling class filters. In the case
of Tor it appears that the bad filters could impact the memory
addresses passed to mprotect(2).
The libseccomp v2.4.0 release fixes this problem, and should be a
direct drop-in replacement for previous v2.x releases.
https://www.openwall.com/lists/oss-security/2019/03/15/1
v2.4.0 adds a new scmp_api_level utility, so update 0001-remove-static.patch
to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 02300786c2fcba2cf641a040a2d87c4022ddb7fc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bump the version to latest git to fix the following security issues:
CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
URL: https://www.libssh2.org/CVE-2019-3855.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
URL: https://www.libssh2.org/CVE-2019-3856.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
URL: https://www.libssh2.org/CVE-2019-3857.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
URL: https://www.libssh2.org/CVE-2019-3858.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
URL: https://www.libssh2.org/CVE-2019-3859.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
URL: https://www.libssh2.org/CVE-2019-3860.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
URL: https://www.libssh2.org/CVE-2019-3861.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
CVE-2019-3862
Out-of-bounds memory comparison
URL: https://www.libssh2.org/CVE-2019-3862.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
URL: https://www.libssh2.org/CVE-2019-3863.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt
Drop 0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch as that
is now upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f4f7dd9557cf139f6014ada77e947152d5a82fb3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Fix CVE-2015-8863 and CVE-2016-4074:
https://github.com/stedolan/jq/issues/1406
- Add hash for license file
- Disable oniguruma (enabled by default)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3a026d650ced90ee6de5b13daa3b93ba1ca0a1cc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Release notes:
https://mariadb.com/kb/en/library/mariadb-10313-release-notes/
Changelog:
https://mariadb.com/kb/en/mariadb-10313-changelog/
Fixes the following security vulnerabilities:
CVE-2019-2510 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and
prior and 8.0.13 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2019-2537 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.6.42
and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
Note that the hash for README.md changed due to Travis CI and Appveyor CI
updates.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f389df2334750194b0a19cb5dff86739f2bf7e2d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If libselinux is selected, explicitly set --enable-selinux in the
configure options and build the library first.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8f43ec6ce8d766d8954d4dd5366cef910c2b11b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We will need to build Image files for OpenSBI so allow that now.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a3a4d4d4d307fd21f19ae43e77ac21b85adad7f2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line
This is often for example the case on sparcv8 32 bit.
Fixes:
- http://autobuild.buildroot.org/results/b941a3deaa57cac79f1686d47ca6ababf2f0d5e4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3cb7546d95bbe227562040d6439b0ab4b62b7c9b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Combining musl and binutils 2.31.1 will produce static applications
that crash immediately. This commit picks up 3 upstream commits to
remedy this.
See https://sourceware.org/bugzilla/show_bug.cgi?id=23428
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0c34e138b597668a79fc7e71f339a556a6b695e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
aiohttp isn't a required dependency for aiojobs
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 53e3860a0e22fca5348a781a5b2e70c19403d172)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit c46afc37dc877f1e94ffde0d77585290711b27ec changed bluez5-utils
dependency by bluez5_utils-headers without replacing the test on
BR2_PACKAGE_BLUEZ5_UTILS by BR2_PACKAGE_BLUEZ5_UTILS_HEADERS
Fix this mistake and also add a select on
BR2_PACKAGE_BLUEZ5_UTILS_HEADERS if BR2_PACKAGE_BLUEZ5_UTILS is set
so the user does not have to do it
Fixes:
- http://autobuild.buildroot.org/results/c6828df1f3782564451ddd4187ff026679bf37d8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3033e83d1224c1710cb6f5e0691b80cd62b1c657)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The optional bluez_utils dependency of libpcap creates a circular
dependency:
$ make dbus-show-recursive-depends
Recursion detected for : systemd
which is a dependency of: dbus
which is a dependency of: bluez_utils
which is a dependency of: libpcap
which is a dependency of: iptables
which is a dependency of: systemd
make: *** [package/dbus/dbus.mk:121: dbus-show-recursive-depends] Error 1
Drop support for bluez_utils. For bluez5_utils, which also depends on
dbus, we only need the headers in the bluez5_utils-headers package. Use
that to break the circular dependency.
Fixes:
http://autobuild.buildroot.net/results/9c3/9c3ee798fa6bb501a20a7892c0b085d2b279b664/
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c46afc37dc877f1e94ffde0d77585290711b27ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
xlib_libXrender is enabled by default and has been added since version
1.3.4-1 and
https://github.com/fltk/fltk/commit/a6c4b29a184ce7708819f4706877eedcd99a30f5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 65895f36eea0139c3d590cd5982be5504b2de9ce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, when we tweak the .la files, we do so unconditionally on all
.la files, even those we already fixed in a previous run.
This has the nasty side effect that each .la file will be reported as
being touched by all packages that are installed after the package that
actually installed said .la file.
Since we can't easily know what files were installed by a package (that
is an instrumentation hook, and comes after the mangling), we use a
trick (like is done in libtool?): we do mangle all files, each into a
temporary location; if the result is identical to the input, we remove
the temporary, while if the result differs from the output, we move
the temporary to replace the input.
Reported-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8623cc5deb59747c91687ac5a25087ba694b45a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Starting X manually resulted in a symbol error:
| Xorg: symbol lookup error: /usr/lib/xorg/modules/drivers/fbdev_drv.so: undefined symbol: shadowUpdatePackedWeak
This bug was reported against the fbdev driver, which is fixed
upstream in 0.5.0:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900317
Signed-off-by: Michel Stempin <michel.stempin@wanadoo.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 904750363141935dc6b1143aaa1de21742df474a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
