NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
54,389 Commits 5 Branches 387 Tags 143 MiB
Makefile 63.3%
Python 16.3%
C 9.1%
Shell 5.9%
PHP 2.7%
Other 2.3%
163334a707
Go to file
Peter Korsgaard 163334a707 package/mariadb: security bump to version 10.3.27 
Fixes the following security issues:

- CVE-2020-15180: during SST a joiner sends an sst method name to the donor.
  Donor then appends it to the "wsrep_sst_" string to get the name of the
  sst script to use, e.g.  wsrep_sst_rsync.  There is no validation or
  filtering here, so if the malicious joiner sends, for example, "rsync `rm
  -rf /`" the donor will execute that too.

- CVE-2020-14812: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: Server: Locking).  Supported versions that are affected are
  5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior.  Easily
  exploitable vulnerability allows high privileged attacker with network
  access via multiple protocols to compromise MySQL Server.  Successful
  attacks of this vulnerability can result in unauthorized ability to cause
  a hang or frequently repeatable crash (complete DOS) of MySQL Server.

- CVE-2020-14765: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: Server: FTS).  Supported versions that are affected are 5.6.49
  and prior, 5.7.31 and prior and 8.0.21 and prior.  Easily exploitable
  vulnerability allows low privileged attacker with network access via
  multiple protocols to compromise MySQL Server.  Successful attacks of this
  vulnerability can result in unauthorized ability to cause a hang or
  frequently repeatable crash (complete DOS) of MySQL Server.

- CVE-2020-14776: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: InnoDB).  Supported versions that are affected are 5.7.31 and
  prior and 8.0.21 and prior.  Easily exploitable vulnerability allows high
  privileged attacker with network access via multiple protocols to
  compromise MySQL Server.  Successful attacks of this vulnerability can
  result in unauthorized ability to cause a hang or frequently repeatable
  crash (complete DOS) of MySQL Server.

- CVE-2020-14789: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: Server: FTS).  Supported versions that are affected are 5.7.31
  and prior and 8.0.21 and prior.  Easily exploitable vulnerability allows
  high privileged attacker with network access via multiple protocols to
  compromise MySQL Server.  Successful attacks of this vulnerability can
  result in unauthorized ability to cause a hang or frequently repeatable
  crash (complete DOS) of MySQL Server.

- CVE-2020-28912:
  https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-bui.pdf
  describes a named pipe privilege vulnerability, specifically for MySQL,
  where an unprivileged user, located on the same machine as the server, can
  act as man-in-the-middle between server and client.

Additionally, 10.3.27 fixes a regression added in 10.3.26.

Drop weak md5/sha1 checksums.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-11-29 22:19:29 +01:00
arch arch/Config.in.s390x: drop redundant depends on BR2_s390x 2020-09-30 21:36:07 +02:00
board configs/rock64_defconfig: remove defconfig 2020-11-12 23:11:13 +01:00
boot boot/uboot: fix custom repo error message 2020-11-16 21:30:56 +01:00
configs configs/rock64_defconfig: remove defconfig 2020-11-12 23:11:13 +01:00
docs Update for 2020.11-rc3 2020-11-28 11:10:01 +01:00
fs fs/jffs2: copy xattrs 2020-10-08 21:48:03 +02:00
linux {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 9}.x series 2020-11-26 17:00:44 +01:00
package package/mariadb: security bump to version 10.3.27 2020-11-29 22:19:29 +01:00
support support/dependencies: clarify intended use of host bison/flex 2020-11-22 15:24:12 +01:00
system system: support br2-external init systems 2020-10-14 22:48:42 +02:00
toolchain toolchain/toolchain-external/toolchain-external-arm-arm: add dependency on NEON 2020-11-14 14:20:12 +01:00
utils utils/getdeveloperlib.py: fix issue with hasfile() 2020-11-17 23:47:01 +01:00
.defconfig
.flake8
.gitignore
.gitlab-ci.yml gitlab-ci: update the image version 2020-08-15 09:47:00 +02:00
CHANGES Update for 2020.11-rc3 2020-11-28 11:10:01 +01:00
Config.in Config.in: update BR2_OPTIMIZE_FAST prompt and help text 2020-07-18 16:05:01 +02:00
Config.in.legacy package/opencv: drop package 2020-11-01 10:03:36 +01:00
COPYING
DEVELOPERS DEVELOPERS: update email address for Pierre-Jean Texier 2020-11-17 23:51:24 +01:00
Makefile Update for 2020.11-rc3 2020-11-28 11:10:01 +01:00
Makefile.legacy
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on Freenode IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches