Fixes CVE-2016-7067.
Note that since version 5.20.0 monit optionally depends on zlib.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
And fix small CONF_OPTS assignment snafu.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a patch to <stdlib.h>, to fix a bug introduced in
uClibc-ng 1.0.20, and which was causing build failures for at least one
package in Buildroot: freeswitch.
Fixes:
http://autobuild.buildroot.net/results/12c246b058224f68494b84355a29dc4efb85df6d/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
"\r\n" sequences were not properly filtered when handling redirections.
This allowed an attacker to perform CRLF attacks such as HTTP header
injection:
https://github.com/bottlepy/bottle/issues/913
Python-bottle now uses setuptools instead of distutils.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2016-1254 - One byte past an allocated buffer read while parsing
hidden service descriptors:
https://blog.torproject.org/blog/tor-02812-released
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/dfe/dfec2c0626ab087325fd869bcbe0b9dc354d788c/
Busybox 1.26.0 gained separate config options for swapon / swapoff:
commit f417ffd88f194bbfd18605882ee242190c1bab34
Author: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon Nov 14 17:30:50 2016 +0100
Make swapon and swapoff individually selectable.
For example, without swapoff, code shrinks by 277 bytes.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
So adjust busybox.config and the logic to disable these applets for nommu
builds for the new names.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Added the pure-ftpwho config option. When selected, the --with-ftpwho
compiler option is passed which enabled the pure-ftpwho command.
Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
* Fix a NULL pointer dereference (#776026)
* Fix a memory leak (#776020)
* Avoid a buffer overrun in the qtif loader ($#775648)
* Fix a crash in the bmp loader (#775242)
* Fix crash opening pnm images with large dimensions (#775232)
* Prevent buffer overflow in the pixdata loader (#775693)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
These aren't supported upstream any more so remove the options and add
them to legacy.
Also switch the older deprecations that used 3.14.x to 3.12.x
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The option `BR2_LINUX_KERNEL_CUSTOM_LOCAL` no longer exists (see commit
e782cd5b1b [1]); removing the option. Note
that this legacy option has already been handled (Config.in.legacy) in
the mentioned commit.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The rsyslog package provides input and output plugins for journald which
are disabled by default. The following adds the option to include
`imjournal` and `omjournal` modules when building for a systemd target.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configuration flags `--enable-systemd` and `--disable-systemd` do
not exist in rsyslog (and may have never existed; most likely copy-paste
from other packages which have said options); removing the options.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix out-of-bound access in create_url_list()
If there is an invalid URL in URLS->buf after a valid one, uri_parse is
called with out pointing after the allocated memory. As uri_parse writes
to *out before returning an error the loop in create_url_list must be
stopped early to prevent an out-of-bound access.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
If there's no registered handler for a POST request, the default behaviour
is to write it to the filesystem. Several million deployed devices appear
to have this behaviour, making it possible to (at least) store arbitrary
data on them. Add a configure option that enables this behaviour, and change
the default to just drop POSTs that aren't directly handled.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add two new dependencies:
python-contstantly: runtime only
python-incremental: both runtime and build-time dependency
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When google-breakpad has been updated to the latest version, the C++11
dependency has been added for the target variant only.
The C++11 dependency is also required for the host variant.
Fixes:
http://autobuild.buildroot.org/results/dce/dcecb17116c0cf400c98f0052c9bf71f15d0d398
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix build with ancient glibces.
Fixes:
http://autobuild.buildroot.net/results/bce/bcecdbbce4a99eb1e9bfbf519857bf94d8952037/
[Peter: patches configure.ac, so add WESTON_AUTORECONF = YES]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-10009 - ssh-agent(1): Will now refuse to load PKCS#11 modules
from paths outside a trusted whitelist
CVE-2016-10010 - sshd(8): When privilege separation is disabled,
forwarded Unix-domain sockets would be created by sshd(8) with the
privileges of 'root'
CVE-2016-10011 - sshd(8): Avoid theoretical leak of host private key
material to privilege-separated child processes via realloc()
CVE-2016-10012 - sshd(8): The shared memory manager used by
pre-authentication compression support had a bounds checks that could be
elided by some optimising compilers
http://seclists.org/oss-sec/2016/q4/708
Drop upstream patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As described at:
4520524ba0
this commit continues a series of updates of ARC tools.
This time we're updating tools to arc-2016.09 release version.
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
xfsprogs now builds fine with Buildroot default uClibc configuration, so
there is no point in having a specific comment: we don't have this for
any other package, and it's basically impossible to maintain.
UCLIBC_SV4_DEPRECATED is still disabled in the Buildroot default uClibc
configuration, but xfsprogs builds fine without it.
UCLIBC_HAS_OBSOLETE_BSD_SIGNAL is now enabled in the Buildroot default
uClibc configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Switch to the new upstream site on kernel.org, and to a .tar.xz
tarball. The patches are simply refreshed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The first patch was Git formatted, but additional information at the top
made it unapplicable by Git, fix this.
The second patch was not Git formatted at all.
Since upstream uses Git, it makes sense to have Git formatted patches.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Allow installation of the x11 egl support required for the X11 ddx
driver. The BR2_PACKAGE_ODROID_MALI_X11 hidden option will be selected
by the X11 DDX driver.
Signed-off-by: Dagg Stompler <daggs@gmx.com>
[Thomas:
- select BR2_PACKAGE_LIBDRM,
BR2_PACKAGE_XLIB_{LIBX11,LIBXFIXES,LIBXEXT,LIBXDAMAGE} from
BR2_PACKAGE_ODROID_MALI_X11 in order to avoid numerous "if" in
Config.in
- Use a single assignment to ODROID_MALI_DEPENDENCIES to add the
dependencies for libdrm and the X11 libraries.
- Introduce ODROID_MALI_HEADERS_SUBDIR and ODROID_MALI_LIBS_SUBDIR to
clarify the location of the headers and libraries for the selected
architecture/display backend in the Mali tree.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
