Fixes the following security issues:
CVE-2018-16860: The checksum validation in the S4U2Self handler in the
embedded Heimdal KDC did not first confirm that the checksum was keyed,
allowing replacement of the requested target (client) principal.
For more details, see the advisory:
https://www.samba.org/samba/security/CVE-2018-16860.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7037a761ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In particular, the manual was incorrect when the user had selected an
out-of-tree build.
Signed-off-by: Charlie Turner <cturner@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 59c3a4ff73)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add TARGET_NLS_LIBS to LIBS to definitely fix linking with lintl instead
of calling autoreconf
Fixes:
- http://autobuild.buildroot.org/results/a1446b419f5f59f65fe80849182e38457de203b5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 653bf93837)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qt5enginio needs Qt5 with ssl support, a dependency could be added on
BR2_PACKAGE_QT5BASE_OPENSSL but this proposal was rejected in the first
iteration of this patch.
Qt5 has ssl support through libressl on Qt 5.6 or openssl in latest Qt
however we can't select libressl without adding a circular dependency as
some packages (such as sqlcipher) force openssl through
BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL.
Any solution at the Kconfig level that tries to select libressl will
lead to circular dependencies. Since Qt 5.6 is more or less deprecated
anyway, and since it is not tested in the autobuilders, solve this with
a comment. The comment is only shown for Qt 5.6, when libressl is not
selected. Note that it is also shown when qt5enginio is not selected.
Fixes:
- http://autobuild.buildroot.org/results/60678cab68ec9aa17184b8417b64b3b79adf428a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ac38d6ce9c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use the TARGET_NLS_DEPENDENCIES and TARGET_NLS_LIBS variables to
correctly handle BR2_SYSTEM_ENABLE_NLS=y configurations.
Fixes:
http://autobuild.buildroot.net/results/dda70b5b88c75d36c61fbf1cc5fca16ea8414582/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4292b23123)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add hint about which package needs to be installed to provide IA32 libs
support for the host when it is needed.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 28878798cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following commit fee29b05bb
("configs/pc_x86_64_efi: use a GPT partition table"),
board/pc/grub-efi.cfg is no longer used anywhere: the
post-image-efi-gpt.sh script generates the grub configuration.
Also, since post-image-efi-gpt.sh generates a grub configuration file
that uses the root filesystem partition UUID as the root= kernel
argument, the instructions in the readme.txt file to tweak root= from
/dev/sda2 to /dev/vda2 is no longer relevant. This was noted in the
commit log of fee29b05bb:
The root filesystem location is passed to the kernel by a partition
UUID, so it is possible to boot on QEMU, directly from the disk image,
or dump the image to a physical device.
Fixes: #11841
Cc: Pete Morici <pmorici@dev295.com>
Cc: Carlos A. M. dos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 79b8540d62)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2019-10129: Memory disclosure in partition routing
Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes
of server memory by executing a purpose-crafted INSERT statement to a
partitioned table.
CVE-2019-10130: Selectivity estimators bypass row security policies
PostgreSQL maintains statistics for tables by sampling data available in
columns; this data is consulted during the query planning process. Prior to
this release, a user able to execute SQL queries with permissions to read a
given column could craft a leaky operator that could read whatever data had
been sampled from that column. If this happened to include values from rows
that the user is forbidden to see by a row security policy, the user could
effectively bypass the policy. This is fixed by only allowing a
non-leakproof operator to use this data if there are no relevant row
security policies for the table.
For more details, see the release notes:
https://www.postgresql.org/about/news/1939/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5ea93e24cb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6606f6c6a1)
[Peter: drop 5.0.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 922b82bde9 added a dependency to
locale and updated comment text but forgot to add the !BR2_ENABLE_LOCALE
dependency to comment
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a62f9803ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2019-11365: An issue was discovered in atftpd in atftp 0.7.1. A remote
attacker may send a crafted packet triggering a stack-based buffer overflow
due to an insecurely implemented strncpy call. The vulnerability is
triggered by sending an error packet of 3 bytes or fewer. There are
multiple instances of this vulnerable strncpy pattern within the code base,
specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and
tftp_mtftp.c.
CVE-2019-11366: An issue was discovered in atftpd in atftp 0.7.1. It does
not lock the thread_list_mutex mutex before assigning the current thread
data structure. As a result, the daemon is vulnerable to a denial of
service attack due to a NULL pointer dereference. If thread_data is NULL
when assigned to current, and modified by another thread before a certain
tftpd_list.c check, there is a crash when dereferencing current->next.
For details, see
https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
Patch 0001-Makefile.am-link-against-libpthread-for-atftp.patch patches
Makefile.am, so add _AUTORECONF.
CFLAGS is now correctly handled since commit f9dbb96844167f (configure.ac:
fix hard setting of CFLAGS), so drop the workaround about passing
-fgnu89-inline in CPPFLAGS.
Add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 457837087d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ea6ed8bde9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace utf-8 NO-BREAK-SPACE (c2 a0) in comment line by simple
ascii space character.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 02614478cc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace utf-8 NO-BREAK-SPACE (c2 a0) in comment line by simple
ascii space character.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 80ff8f5ee8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7c3d8667fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 45cfcb5311)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a83dab1e3e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fc5a3d9d84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4089cc389c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f7cd28a1d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c7820cab4e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca5c5fe44c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2a72594448)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace utf-8 NO-BREAK-SPACE (c2 a0) in comment line by simple
ascii space character.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 91f03aefaa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace utf-8 NO-BREAK-SPACE (c2 a0) in comment line by simple
ascii space character.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 784d41bec7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace utf-8 NO-BREAK-SPACE (c2 a0) in comment line by simple
ascii space character.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5dd15ad1db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5006c86449)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f6522addda)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ad4a2b5e1c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Additional post-18.09.5 fixes:
Builder:
- Fixed COPY and ADD with multiple <src> to not invalidate cache if
DOCKER_BUILDKIT=1.moby/moby#38964
Networking:
- Cleaned up the cluster provider when the agent is closed. docker/libnetwork#2354
- Windows: Now selects a random host port if the user does not specify a
host port. docker/libnetwork#2369
- --service-cluster-ip-range is now configurable for UCP install.
docker/orca#10263
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c7e5f9cfc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Additional post-18.09.5 fixes:
Builder:
- Fixed COPY and ADD with multiple <src> to not invalidate cache if
DOCKER_BUILDKIT=1.moby/moby#38964
Networking:
- Cleaned up the cluster provider when the agent is closed. docker/libnetwork#2354
- Windows: Now selects a random host port if the user does not specify a
host port. docker/libnetwork#2369
- --service-cluster-ip-range is now configurable for UCP install.
docker/orca#10263
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d692ecb054)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In its default configuration, owserver opens a TCP socket on the 'lo'
interface. However, in some situations, the 'lo' interface may not yet
be up until S40network is started. This causes owserver not to start its
TCP socket, which makes it impossible for the owfs client to connect to
it.
In addition, owserver may have avahi integration.
Therefore, delay the start of owserver and owfs until after S40network
and S50avahi-daemon.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit efc6ccbddc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#11816
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 873fa4f01f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8a1fde4b3c)
[Peter: drop 5.0.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The removal of unnecessary files is currently broken by the fact that
the rm command is executed from the buildroot directory and not the
target directory.
This patch fixes the problem changing to target directory before
removing files.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a64c3a847d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC 9 is being stricter about passing null string pointers
to printf-like functions.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a5601a6416)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b08d4a9bfb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0a79bb4871)
[Peter: drop 5.0.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0e70d7c761)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ee6973e48b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bcf7f56f26)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 045df6a480)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
After upstream review, I found that the third patch is not needed, just
doing an autoreconf fix the linking issue with -lintl
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c6342736b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
