- May 31, 2017
-
-
Peter Korsgaard authored
Signed-off-by:Peter Korsgaard <peter@korsgaard.com>
-
Daniel Sabogal authored
Bash's malloc relies on sbrk which is implemented as a fail-only stub in musl. Presently, it is disabled when configured for static libs. Instead, default to using libc malloc. Fixes: # bash bash: xmalloc: locale.c:81: cannot allocate 18 bytes (0 bytes allocated) Signed-off-by:
Daniel Sabogal <dsabogalcc@gmail.com> Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-
Romain Naour authored
The top-level doesn't handle correctly the build dependencies between .o files. Since hans doesn't take too many time to build, just use MAKE1. Fixes: http://autobuild.buildroot.net/results/d14/d142f4a439d4d5fcc89865abde3e593c45ad5d96 http://autobuild.buildroot.net/results/28e/28ed230e40cc154db9274f9765085cd7f0eee85a http://autobuild.buildroot.net/results/900/9008c3be3bcf46f0fc21a34f48e3cf9da1397d9a Signed-off-by:
Romain Naour <romain.naour@gmail.com> Signed-off-by:
-
Peter Korsgaard authored
CVE-2017-1000367 - Potential overwrite of arbitrary files on Linux On Linux systems, sudo parses the /proc/[pid]/stat file to determine the device number of the process's tty (field 7). The fields in the file are space-delimited, but it is possible for the command name (field 2) to include spaces, which sudo does not account for. A user with sudo privileges can cause sudo to use a device number of the user's choosing by creating a symbolic link from the sudo binary to a name that contains a space, followed by a number. If SELinux is enabled on the system and sudo was built with SELinux support, a user with sudo privileges may be able to to overwrite an arbitrary file. This can be escalated to full root access by rewriting a trusted file such as /etc/shadow or even /etc/sudoers. For more details, see: https://www.sudo.ws/alerts/linux_tty.html Signed-off-by:
-
Bernd Kuhls authored
Signed-off-by:
Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by:
-
- May 30, 2017
-
-
Peter Korsgaard authored
Fixes: CVE-2017-9022 - RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack. https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html CVE-2017-9023 - ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate. https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html Signed-off-by:
-
Alistair Francis authored
maekdev() is available from sys/types.h but only due to a bug in glibc. This is being fixed by printing an error when using makedev() from sys/types.h. To fix the issue we should include sys/sysmacros.h for makedev(). As this has already been fixed in upstream Xen we can backport the patch. Fixes: http://autobuild.buildroot.net/results/552/552e66d764885341b2fe208a0e4382b5fe05ea9d/ Signed-off-by:Alistair Francis <alistair.francis@xilinx.com> Signed-off-by:
-
Romain Naour authored
madplay use a libtool script in version 1.5.2 but the libtool patch "buildroot-libtool-v1.5.patch.patch" doesn't apply. From [1]: "It's libtool dropping -static. That's because madplay has a weird version of libtool, on which our libtool patch doesn't apply so we have MADPLAY_LIBTOOL_PATCH = NO. Therefore, the hack we have that makes libtool -static behave like -all-static isn't applied, causing this build failure." Fixes: http://autobuild.buildroot.net/results/60def1b15ea61d3cb5f50e9de3f354dd2e17d270 [1] http://lists.busybox.net/pipermail/buildroot/2017-May/192959.html Signed-off-by:
-
Luca Ceresoli authored
Warning reported by check-package. Signed-off-by:
Luca Ceresoli <luca@lucaceresoli.net> Signed-off-by:
-
Luca Ceresoli authored
Warning reported by check-package. Signed-off-by:
-
Luca Ceresoli authored
Warning reported by check-package. Signed-off-by:
-
Luca Ceresoli authored
Warning reported by check-package. Signed-off-by:
-
Luca Ceresoli authored
Warning reported by check-package. Signed-off-by:
-
Luca Ceresoli authored
Warning reported by check-package. Signed-off-by:
-
Thomas Petazzoni authored
The external toolchain code has some logic to calculate the correct name for the dynamic linker symbolic link that needs to be created when the musl C library is being used. There was already some handling for the mipsel+soft-float case, but not for the mips+soft-float case. Due to this, the symbolic link was incorrectly named, and programs were referencing an non-existing file. Reported-by:
Florent Jacquet <florent.jacquet@free-electrons.com> Signed-off-by:
-
Peter Korsgaard authored
Signed-off-by: -
Christian Stewart authored
The Docker engine can optionally log to systemd-journald. For this driver to work correctly, Docker needs to build against systemd-journald's client library. This patch conditionally adds a build-time dependency on systemd and enables compiling the journald driver in docker-engine if systemd is used as the Buildroot init process. Signed-off-by:
Christian Stewart <christian@paral.in> Signed-off-by:
-
Peter Korsgaard authored
Fixes CVE-2017-7650: Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. For more details, see: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/ Or the 1.4.11 release mail (no mail about 1.4.12, but identical to 1.4.11 + a soname fix): https://lists.gnu.org/archive/html/help-libtasn1/2017-05/msg00003.html Remove 0001-configure-don-t-add-Werror-to-build-flags.patch and autoreconf as that patch is now upstream. Signed-off-by:
-
Gonçalo Salazar authored
Added notes to the mosh package help to clarify some runtime issues related with it to ensure mosh will work properly after adding it. This includes adding a proper LOCALE and an extra flag when using mosh with dropbear. Signed-off-by:
Gonçalo Salazar <glbsalazar@gmail.com> Signed-off-by:
-
Peter Korsgaard authored
Fixes CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set their username/client id to ‘#’ or ‘+’. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. For more details, see: https://mosquitto.org/2017/05/security-advisory-cve-2017-7650/ Remove 0001-Remove-lanl-when-WITH_ADNS-is-unset.patch as that patch is now upstream. Signed-off-by:
-
- May 29, 2017
-
-
Baruch Siach authored
Fixes a number of security issues: CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613. Rebase patches, and convert to git format. Remove --disable-werror; unrecognized configure option. Use upstream provided hash. Cc: Stefan Fröberg <stefan.froberg@petroprogram.com> Signed-off-by:
Baruch Siach <baruch@tkos.co.il> Signed-off-by:
-
Alistair Francis authored
This commit adds a dependency on the host ACPICA package as Xen tools require iasl to build. Fixes: http://autobuild.buildroot.net/results/afa199864d6b546fe759bb582a9c10702ea7fa78/ Signed-off-by:
Erico Nunes <nunes.erico@gmail.com> [Thomas: tweak commit log, add autobuilder reference.] Signed-off-by:
-
Alistair Francis authored
Add support to build the ACPICA package for the host. This is useful for the iasl command which is required to build some packages, including Xen tools. This is a necessary requirement before changing the Xen package to address: http://autobuild.buildroot.net/results/afa199864d6b546fe759bb582a9c10702ea7fa78/ Signed-off-by:
-
Thomas Petazzoni authored
m68k coldfire causes ffmpeg to think atomic intrinsics are available, so ffmpeg doesn't use its fallback on pthreads based atomic operations. However, m68k coldfire doesn't provide properly working sync 4 atomics, causing a build failure. Since fixing ffmpeg on m68k coldfire is not really important (who wants to use ffmpeg on such platform?), we simply disallow the selection of ffmpeg on this platform. Alternate approaches have been proposed in the past: - Bernd Kuhls proposed in http://patchwork.ozlabs.org/patch/766909/ to add a dependency on BR2_TOOLCHAIN_HAS_SYNC_4, but this is wrong because other architectures that lack sync 4 atomics, such as Sparc, can build ffmpeg perfectly fine thanks to the pthreads based fallback code. - Waldemar Brodkorb proposed in https://patchwork.ozlabs.org/patch/756664/ to add an explicit option in ffmpeg configure to force the use of pthreads based atomics. However, we believe that running ffmpeg on m68k coldfire is such an unlikely use case that it isn't worth carrying a patch for this. Fixes: http://autobuild.buildroot.net/results/b3e/b3eaaf6d73cd49f5919143aeaa5cbb4d15a7ccc3/ Signed-off-by:
-
Bernd Kuhls authored
Fixes CVE-2017-7494: https://www.samba.org/samba/history/samba-4.5.10.html Signed-off-by:
-
Bernd Kuhls authored
The gnutils code uses __attribute__((constructor)) and __attribute__((destructor)) to call constructor/desctructor when a shared library is loaded. Constructor/desctructor are not used when a static library is used (except when if -Wl,--whole-archive -lgnutls -Wno-whole-archive is used, not tested). Even if gnutls initialization (_gnutls_global_init()) may be called manually, the gnutls maintainer said it's not supported [1]. "Note that static linking applications with gnutls is not something supported. gnutls relies on library constructors and destructors which are not loaded when linking statically." Now the gnutls script warns about static linking [2]. So disable gnutls statically by adding "depends on !BR2_STATIC_LIBS" at Kconfig level and --disable-static in GNUTLS_CONF_OPTS. Fixes: [taskd] http://autobuild.buildroot.net/results/c2d/c2dd5c1c9dc87d2943c15e58ee56e67d7375368c [ffmpeg] http://autobuild.buildroot.net/results/892/8926d319d6d1cd1ee72239ad7d9ca869d2355628 [sngrep] http://autobuild.buildroot.net/results/f7f/f7fb42d3742f6f01000a0d181e0c785640284405 [1] https://gitlab.com/gnutls/gnutls/issues/203 [2] https://gitlab.com/gnutls/gnutls/commit/6b748886799f88ddee9721dba4fc4d52854832ae Signed-off-by:
-
Romain Naour authored
As reported by Bernd [1], using POST_EXTRACT to copy linux_syscall_support.h break the legal-info target when google-breakpad package is selected: /usr/bin/install: cannot stat '/home/bernd/buildroot/buildroot/output/ost/usr/i586-buildroot-linux-uclibc/sysroot/usr/include/linux_syscall_support.h': No such file or directory This is because linux_syscall_support.h is installed by a dependency of google-breakpad, and dependencies are only guaranteed to be available for the configure step of a package. To fix this, we use a PRE_CONFIGURE hook instead of POST_EXTRACT hook. [1] http://lists.busybox.net/pipermail/buildroot/2017-May/192844.html Reported-by:
-
Romain Naour authored
firejail has been marked as broken since 3ad100fd Signed-off-by:
-
Bernd Kuhls authored
Also use bz2 tarball and provide md5 & sha256 hashes. Signed-off-by:
-
Bernd Kuhls authored
Signed-off-by:
-
Bernd Kuhls authored
Signed-off-by:
-
Bernd Kuhls authored
The project moved to github, the current download URL is broken: $ wget -q http://www.msweet.org/files/project3/mxml-2.10.tar.gz $ file mxml-2.10.tar.gz mxml-2.10.tar.gz: HTML document, UTF-8 Unicode text, with very long lines Signed-off-by:
-
Frank Hunleth authored
Signed-off-by:
Frank Hunleth <fhunleth@troodon-software.com> Signed-off-by:
-
Baruch Siach authored
ola does not build with current protobuf. Upstream bug report is still open. https://github.com/OpenLightingProject/ola/issues/1192 Cc: Dave Skok <blanco.ether@gmail.com> Signed-off-by:
-
Bernd Kuhls authored
For details refer to release notes: http://lists.gnu.org/archive/html/info-gnu/2017-05/msg00014.html Signed-off-by:
-
Bernd Kuhls authored
The project moved to github: http://stella.sourceforge.net/ Signed-off-by:
-
Thomas Petazzoni authored
His e-mail address is bouncing: <andrew.ruder@elecsyscorp.com>: host mx1-us1.ppe-hosted.com[67.231.154.162] said: 550 5.7.1 <andrew.ruder@elecsyscorp.com>: Recipient address rejected: User email address is marked as invalid. (in reply to RCPT TO command) Signed-off-by:
-
- May 28, 2017
-
-
Bernd Kuhls authored
Fixes http://autobuild.buildroot.net/results/7f1/7f1ecccbfdb6bd95824d9c884f1577e71e0e1e09/ http://autobuild.buildroot.net/results/c0b/c0b1bdcc5fbddf8b996b923015184d753882d4b8/ Signed-off-by:
-
Bernd Kuhls authored
Fixes buffer overflow: https://mail.coreboot.org/pipermail/flashrom/2016-March/014523.html Removed patch 0002-sys-io.h.patch, not needed anymore, hwaccess.h now contains a similar fix: elif defined(__linux__) || defined(__GLIBC__) Signed-off-by:
-
Bernd Kuhls authored
Release notes: https://kodi.tv/article/kodi-v173-minor-bug-fix-and-security-release "Fix possible security flaw which could abused .zip files which try to traverse to a parent directory" For details about the security bug refer to http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ Signed-off-by:
-
