NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,786 Commits 5 Branches 387 Tags 143 MiB
Makefile 63.3%
Python 16.3%
C 9.1%
Shell 5.9%
PHP 2.7%
Other 2.3%
0578c94559
Go to file
Fabrice Fontaine 0578c94559 package/libopenssl: security bump to version 1.1.1p 
The c_rehash script allows command injection (CVE-2022-2068)
============================================================

Severity: Moderate

In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.

When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the
shell.

This script is distributed by some operating systems in a manner where
it is automatically executed.  On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.

Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.

https://www.openssl.org/news/secadv/20220621.txt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 026f35d9e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-22 09:50:25 +02:00
arch arch/Config.in: armeb no-MMU is not supported 2022-06-19 14:59:15 +02:00
board board/qemu/ppc-bamboo: use path to vmlinux image for copy and paste users 2022-06-07 11:40:53 +02:00
boot boot/at91dataflashboot: disable on armeb 2022-06-09 22:49:09 +02:00
configs configs/zynqmp_zcu106_defconfig: uboot dp pll patch 2022-05-28 11:09:18 +02:00
docs docs/manual: fix configurations listing command 2022-07-19 23:43:45 +02:00
fs fs/oci: entrypoint and command are space-separated lists 2022-05-29 10:33:32 +02:00
linux linux: update cip/cip-rt kernels to latest versions 2022-06-09 22:46:08 +02:00
package package/libopenssl: security bump to version 1.1.1p 2022-07-22 09:50:25 +02:00
support support/scripts/gen-bootlin-toolchains: drop "mips64" architecture variant 2022-07-11 19:13:58 +02:00
system
toolchain toolchain/toolchain-external: add BR2_TOOLCHAIN_EXTERNAL_HAS_NO_GDBSERVER option 2022-07-11 19:11:59 +02:00
utils arch: drop support for SH2A 2022-05-26 11:19:03 +02:00
.clang-format
.defconfig
.flake8
.gitignore
.gitlab-ci.yml
CHANGES Update for 2022.02.3 2022-06-19 12:19:18 +02:00
Config.in
Config.in.legacy package/php: remove wddx extension 2022-07-18 09:12:01 +02:00
COPYING
DEVELOPERS DEVELOPERS: drop Gaël Portay 2022-07-22 09:46:47 +02:00
Makefile Update for 2022.02.3 2022-06-19 12:19:18 +02:00
Makefile.legacy
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on OFTC IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches