Fixes CVE-2016-1254 - One byte past an allocated buffer read while parsing
hidden service descriptors:
https://blog.torproject.org/blog/tor-02812-released
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/dfe/dfec2c0626ab087325fd869bcbe0b9dc354d788c/
Busybox 1.26.0 gained separate config options for swapon / swapoff:
commit f417ffd88f194bbfd18605882ee242190c1bab34
Author: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon Nov 14 17:30:50 2016 +0100
Make swapon and swapoff individually selectable.
For example, without swapoff, code shrinks by 277 bytes.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
So adjust busybox.config and the logic to disable these applets for nommu
builds for the new names.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Added the pure-ftpwho config option. When selected, the --with-ftpwho
compiler option is passed which enabled the pure-ftpwho command.
Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
* Fix a NULL pointer dereference (#776026)
* Fix a memory leak (#776020)
* Avoid a buffer overrun in the qtif loader ($#775648)
* Fix a crash in the bmp loader (#775242)
* Fix crash opening pnm images with large dimensions (#775232)
* Prevent buffer overflow in the pixdata loader (#775693)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
These aren't supported upstream any more so remove the options and add
them to legacy.
Also switch the older deprecations that used 3.14.x to 3.12.x
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The option `BR2_LINUX_KERNEL_CUSTOM_LOCAL` no longer exists (see commit
e782cd5b1b [1]); removing the option. Note
that this legacy option has already been handled (Config.in.legacy) in
the mentioned commit.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The option `BR2_LINUX_KERNEL_CUSTOM_LOCAL` no longer exists (see commit
e782cd5b1b [1]); removing the option. Note
that this legacy option has already been handled (Config.in.legacy) in
the mentioned commit.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The rsyslog package provides input and output plugins for journald which
are disabled by default. The following adds the option to include
`imjournal` and `omjournal` modules when building for a systemd target.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configuration flags `--enable-systemd` and `--disable-systemd` do
not exist in rsyslog (and may have never existed; most likely copy-paste
from other packages which have said options); removing the options.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 3e3fef39e7 added new and improved
patch handling, with BR2_TARGET_UBOOT_PATCH. This was in addition to
the existing BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR option, that only
handled directories.
Later, commit 21b25d28fc moved the old
BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR to legacy options. But on the way,
bad things happened:
* The original option was a string, while the one added to Config.in.legacy
is a bool. This results in a warning from defconfigs that actually define
the old BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR (because a string is not a valid
value for a bool), but it does not result in the legacy option being
selected. Consequently, BR2_LEGACY is not selected either.
* The advice at the top of Config.in.legacy to add a hidden WRAP option
to select BR2_LEGACY was not heeded.
* The advice at the top of Config.in.legacy to use the old string
option as the default for the new string option was not heeded. In
this case, the variable was not just renamed, as the old option
supported directories only, while the new one supports files too.
But since the old option is a subset of the new option, it can still
be used to set a useful default.
So, this mod turns the legacy option back to a string, adds a hidden
bool WRAP option to set BR2_LEGACY when the string is non emoty, and
uses the legacy option to set the default for the new option.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The "command-line editing support was updated" does not indicate
the package name, unlike the other legacy options. This commit
adds "sqlite", to be nicer.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix out-of-bound access in create_url_list()
If there is an invalid URL in URLS->buf after a valid one, uri_parse is
called with out pointing after the allocated memory. As uri_parse writes
to *out before returning an error the loop in create_url_list must be
stopped early to prevent an out-of-bound access.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
If there's no registered handler for a POST request, the default behaviour
is to write it to the filesystem. Several million deployed devices appear
to have this behaviour, making it possible to (at least) store arbitrary
data on them. Add a configure option that enables this behaviour, and change
the default to just drop POSTs that aren't directly handled.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add two new dependencies:
python-contstantly: runtime only
python-incremental: both runtime and build-time dependency
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When google-breakpad has been updated to the latest version, the C++11
dependency has been added for the target variant only.
The C++11 dependency is also required for the host variant.
Fixes:
http://autobuild.buildroot.org/results/dce/dcecb17116c0cf400c98f0052c9bf71f15d0d398
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix build with ancient glibces.
Fixes:
http://autobuild.buildroot.net/results/bce/bcecdbbce4a99eb1e9bfbf519857bf94d8952037/
[Peter: patches configure.ac, so add WESTON_AUTORECONF = YES]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-10009 - ssh-agent(1): Will now refuse to load PKCS#11 modules
from paths outside a trusted whitelist
CVE-2016-10010 - sshd(8): When privilege separation is disabled,
forwarded Unix-domain sockets would be created by sshd(8) with the
privileges of 'root'
CVE-2016-10011 - sshd(8): Avoid theoretical leak of host private key
material to privilege-separated child processes via realloc()
CVE-2016-10012 - sshd(8): The shared memory manager used by
pre-authentication compression support had a bounds checks that could be
elided by some optimising compilers
http://seclists.org/oss-sec/2016/q4/708
Drop upstream patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As described at:
4520524ba0
this commit continues a series of updates of ARC tools.
This time we're updating tools to arc-2016.09 release version.
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This configuration provides a basic setup for using Buildroot
to create a sd-card image a BeagleBoard X15 board.
[Peter: use 512M ext4 partition, linux 4.9 and u-boot 2016.11]
Signed-off-by: Theo Debrouwere <Theo.Debrouwere@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
xfsprogs now builds fine with Buildroot default uClibc configuration, so
there is no point in having a specific comment: we don't have this for
any other package, and it's basically impossible to maintain.
UCLIBC_SV4_DEPRECATED is still disabled in the Buildroot default uClibc
configuration, but xfsprogs builds fine without it.
UCLIBC_HAS_OBSOLETE_BSD_SIGNAL is now enabled in the Buildroot default
uClibc configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Switch to the new upstream site on kernel.org, and to a .tar.xz
tarball. The patches are simply refreshed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The first patch was Git formatted, but additional information at the top
made it unapplicable by Git, fix this.
The second patch was not Git formatted at all.
Since upstream uses Git, it makes sense to have Git formatted patches.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Allow installation of the x11 egl support required for the X11 ddx
driver. The BR2_PACKAGE_ODROID_MALI_X11 hidden option will be selected
by the X11 DDX driver.
Signed-off-by: Dagg Stompler <daggs@gmx.com>
[Thomas:
- select BR2_PACKAGE_LIBDRM,
BR2_PACKAGE_XLIB_{LIBX11,LIBXFIXES,LIBXEXT,LIBXDAMAGE} from
BR2_PACKAGE_ODROID_MALI_X11 in order to avoid numerous "if" in
Config.in
- Use a single assignment to ODROID_MALI_DEPENDENCIES to add the
dependencies for libdrm and the X11 libraries.
- Introduce ODROID_MALI_HEADERS_SUBDIR and ODROID_MALI_LIBS_SUBDIR to
clarify the location of the headers and libraries for the selected
architecture/display backend in the Mali tree.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When systemd is selected, xorg-server must have config-udev-kms
enabled in order to build correctly, but it won't be the case if
BR2_PACKAGE_XPROTO_DRI2PROTO is not part of the build.
Add BR2_PACKAGE_XPROTO_DRI2PROTO as a dependency of xorg-xserver
only when systemd is part of the build.
Fixes bug #9486.
Signed-off-by: Fabien Parent <fparent@baylibre.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
