TPACKET_V3 support issues fixed in 1.5.2/1.5.3 so the patch is no longer
necessary.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2014-0021: Amplification in chrony control protocol
In the chrony control protocol some replies are significantly larger than
their requests, which allows an attacker to use it in an amplification
attack. With hosts allowed by cmdallow (only localhost by default) the
maximum amplification factor is 9.2. Hosts that are not allowed receive a
small reply with error status, which allows amplification of up to 1.5.
To fix the problem, the protocol has been modified to require padding in the
request packet, so replies are never larger than their requests. Also,
chronyd no longer sends replies with error status to hosts that are not
allowed by cmdallow.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2014-2284 but not CVE-2014-2285 so add a patch for that one.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2014-0019.
Also rename patch according to policy.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The list of changes is too long to repeat here, but lots of fixes
and improvements, plus a brand new rewrite of the DVB handling code.
Refresh patches, except patch 4 which has now been upstreamed.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to latest changeset:
- fix for detecting monitor
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The firmwares to use for iwlwifi 3160/7260 are different, depending on which
version of the Linux kernel is being used:
- rev. 7 is for linux 3.10 through 3.12 (both included)
- rev. 8 is for linux 3.13 onward
Add a config choice to select the appropriate version.
(See cset a0a6eeb in the linux-firmware repository for the details.)
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A bunch of new WiFi firmwares has been added, some have been updated.
Not limited to WiFi, but other firmwares are of less interest to
Buildroot for now (eg. radeon, myri10ge...).
Fixups in WHENCE file (the all-licenses file).
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 0644378b51, because
the PRE_BUILD_HOOKS support has not been merged yet.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2014-01
The NFS dissector could crash. Discovered by Moshe Kaplan.
([2]Bug 9672)
Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
[3]CVE-2014-2281
* [4]wnpa-sec-2014-02
The M3UA dissector could crash. Discovered by Laurent
Butti. ([5]Bug 9699)
Versions affected: 1.10.0 to 1.10.5
[6]CVE-2014-2282
* [7]wnpa-sec-2014-03
The RLC dissector could crash. ([8]Bug 9730)
Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
[9]CVE-2014-2283
* [10]wnpa-sec-2014-04
The MPEG file parser could overflow a buffer. Discovered by
Wesley Neelen. ([11]Bug 9843)
Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
[12]CVE-2014-2299
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since commit 2a5cf5e (check kernel headers version), we also need to
specify the series of the custom kernel headers version.
The defconfigs file that define such a custom kernel headers version
now fail to build.
Add the required _AT_LEAST_X_Y options to those config files. Done with
this (convoluted but very fast, uch faster ythan manual editing!) rule:
for f in $( git grep -l BR2_DEFAULT_KERNEL_VERSION=\"3 ); do
grep -E '^BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_' "${f}" >/dev/null && continue
sed -r -e '/^(BR2_DEFAULT_KERNEL_VERSION="3\.([[:digit:]]+).*")$/s//\1\nBR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_\2=y/' "${f}"
done
Only kernels >= 3.0 need those options in the defconfig, since the
default for 2.6.x kernels is correct (selects _AT_LEAST_2_6), and
the default is not saved in a defconfig.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: use github download helper, small improvements to Config.in]
Signed-off-by: Wojciech M. Zabolotny <wzab01@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The incoming host-tzdump package requires the tzfile header,
so we isntall it.
[Thomas: remove mkdir -p, unneeded because of the use of install -D,
and change install to $(INSTALL), like we do in all other packages.]
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
[yann.morin.1998@free.fr: split zic header-install to its own cset]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The make_hash host tool, should be built during a PRE_BUILD_HOOKS and
not a POST_CONFIGURE_HOOKS.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tweak the config to deal with b155f5a5ab
fallout.
And bump to the latest kernel versions.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tweak the config to deal with b155f5a5ab
fallout.
And bump to the latest kernel versions.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tweak the config to deal with b155f5a5ab
fallout.
And bump to the latest kernel versions.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tweak the configs to deal with b155f5a5ab
fallout.
And bump to the latest kernel versions.
As of this commit the microblaze qemu targets seem broken, probably
because of commit 14e527eb66 or some qemu
limitation.
SPARC seems to have issues as well, the kernel seems to go down with an
unhandled exception with qemu 1.7.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Move ljsyscall install destination to /usr/share/lua/$(abiver}, to
match what the luarocks install would naturally do. This also
reflects the value of INSTALL_LMOD in the luajit.pc file.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Tested-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Similar to the "fs/initramfs: fix initramfs support" commit the same
problem applies to iso9660 in a different way. By adding iso9660 to
TARGETS it gets called before target-finalize with obvious consequences.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
On commit a24877586a TARGETS_ROOTFS was
introduced, however fs/initramfs/initramfs.mk was never updated, hence a
show-targets would be rootfs-initramfs with rootfs-cpio afterwards hence
never rebuilding the kernel with a proper cpio archive since TARGETS is
always before rootfs-* as stated in the commit description.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
On x86, the symbolic link ld-musl-<ARCH>.so.1 to libc.so must be
ld-musl-i386.so.1 in all cases, but $(ARCH) in Buildroot might be
i386, i486, i586, i686, etc. depending on the specific x86 variants
being selected.
This commit fixes that by creating a MUSL_ARCH variable set to i386 on
x86, and to $(ARCH) on other architectures.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The "dirs" dependency is redundant because now the "generic-package"
infrastructure add automatically the "dirs" dependency so just remove
the redundant references.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As stated in the Buildroot user manual add one space before and after
a = sign.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Because now the toolchain dependency is automatically added by the
package infrastructure the BASE_TARGETS variable is useless so just
remove it.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Because mmu dependency was not propagated move it to
BR2_PACKAGE_WEBKIT_ARCH_SUPPORTS to automatically propagate it.
It can ben moved to BR2_PACKAGE_WEBKIT_ARCH_SUPPORTS because like
target architecture dependencies it doesn't modify the comment string.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch updates the commit message template provided in the manual.
The new template emphasizes the importance of providing a description of the
problem, the root cause, and the solution, and the fact that all this should
be wrapped at 72 characters.
Suggested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>