NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36,579 Commits 5 Branches 387 Tags 141 MiB
Makefile 64%
Python 15.3%
C 9.2%
Shell 6%
PHP 2.8%
Other 2.4%
2015d83dd5
Go to file
Peter Korsgaard 2015d83dd5 xserver_xorg-server: add upstream security fixes for CVE-2017-10971 / 10972 
Add upstream patches fixing the following security issues:

CVE-2017-10971:
	The endianess handling for X Events assumed a fixed size of X Event structures and
	had a specific 32 byte stack buffer for that.

	However "GenericEvents" can have any size, so if the events were sent in the wrong
	endianess, this stack buffer could be overflowed easily.

	So authenticated X users could overflow the stack in the X Server and with the X
	server usually running as root gaining root prileveges.

CVE-2017-10972:
	An information leak out of the X server due to an uninitialized stack area when swapping
	event endianess.

For more details, see the advisory:

http://www.openwall.com/lists/oss-security/2017/07/06/6

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 21:30:37 +02:00
arch arch/arm: fix -mcpu default values for AArch64 2017-07-10 18:04:16 +02:00
board configs/qemu-xtensa: use overlay from the github repository 2017-07-09 16:58:30 +02:00
boot uboot: apply xtensa overlay 2017-07-09 17:03:45 +02:00
configs configs/qemu-xtensa: use overlay from the github repository 2017-07-09 16:58:30 +02:00
docs manual: patches are not applied for SITE_METHOD = local 2017-07-09 17:25:48 +02:00
fs
linux linux: apply xtensa overlay 2017-07-09 17:03:37 +02:00
package xserver_xorg-server: add upstream security fixes for CVE-2017-10971 / 10972 2017-07-11 21:30:37 +02:00
support support/testing: unbreak run-tests -l 2017-07-10 23:51:33 +02:00
system
toolchain toolchain-external: default BR2_TOOLCHAIN_EXTERNAL_PATH to empty 2017-07-10 18:03:13 +02:00
utils
.defconfig
.gitignore
.gitlab-ci.yml
.gitlab-ci.yml.in
CHANGES
Config.in
Config.in.legacy arch/xtensa: allow specifying path to tarball file 2017-07-09 15:41:51 +02:00
COPYING
DEVELOPERS pcre2: new package 2017-07-09 18:13:39 +02:00
Makefile Makefile: properly create $(HOST_DIR)/usr compatibility symlink 2017-07-10 17:45:57 +02:00
Makefile.legacy
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on Freenode IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches