NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,863 Commits 5 Branches 387 Tags 141 MiB
Makefile 64%
Python 15.3%
C 9.2%
Shell 6%
PHP 2.8%
Other 2.4%
7291360fd8
Go to file
Jörg Krause 7291360fd8 package/mpg123: security bump to version 1.25.11 
>From https://www.mpg123.de/cgi-bin/news.cgi:

Fixes a number of bugs found by OSS-Fuzz:
 * Fix out-of-bounds reads in ID3 parser for unsynced frames.
   (oss-fuzz-bug 15852)
 * Fix out-of-bounds read for RVA2 frames with non-delimited identifier.
   (oss-fuzz-bug 15852)
 * Fix implementation-defined parsing of RVA2 values.
   (oss-fuzz-bug 15862)
 * Fix undefined parsing of APE header for skipping. Also prevent endless loop
   on premature end of supposed APE header. (oss-fuzz-bug 15864)
 * Fix some syntax to make pedantic compiler happy.

The serious bugs trigger Denial of Service either via the nasty endless loop in
supposed APE tags or by crashes if the invalid reads hit a diagnostic by the OS
or, more likely, a security mechanism like the sanitizer instrumentation that
enabled finding the bugs.

I do not have CVE numbers for these bugs. I rather fix the bugs than name them.
Just update, will you?

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-11 14:17:28 +02:00
arch ARC: Add support for ARC HS48 v3.1 processor 2019-08-03 17:30:52 +02:00
board board/raspberrypi: add support for the new pi4 2019-08-03 11:06:44 +02:00
boot boot/uboot: use proper spelling of "U-Boot" 2019-08-04 18:46:47 +02:00
configs configs/bananapi_m64: needs host-openssl 2019-08-10 14:55:50 +02:00
docs Update for 2019.08-rc1 2019-08-09 09:04:28 +02:00
fs fs/common.mk: enable multithreaded xz compression 2019-08-03 19:29:47 +02:00
linux {linux, linux-headers}: bump 4.{14, 19}.x / 5.2.x series 2019-08-02 19:46:55 +02:00
package package/mpg123: security bump to version 1.25.11 2019-08-11 14:17:28 +02:00
support support/testing: provide entropy to perl tests 2019-08-11 14:17:28 +02:00
system system/Config.in: add new init - openrc 2019-05-18 23:16:04 +02:00
toolchain core: allow br2-external trees to provide pre-configured toolchains 2019-08-04 00:13:37 +02:00
utils utils/genrandconfig: only do reproducible builds with diffoscope 2019-08-07 16:34:44 +02:00
.defconfig
.flake8 .flake8: fix check for 80/132 columns 2019-04-10 12:31:33 +02:00
.gitignore
.gitlab-ci.yml configs/odroidc2: remove the defconfig 2019-08-04 12:57:19 +02:00
.gitlab-ci.yml.in .gitlab-ci.yml: add trigger per job 2019-05-01 15:42:45 +02:00
CHANGES Update for 2019.08-rc1 2019-08-09 09:04:28 +02:00
Config.in core: split generated kconfig file 2019-08-04 00:13:37 +02:00
Config.in.legacy package/gcc: remove version 6.5 2019-08-04 12:58:35 +02:00
COPYING
DEVELOPERS package/stellarium: new package 2019-08-06 22:33:01 +02:00
Makefile Update for 2019.08-rc1 2019-08-09 09:04:28 +02:00
Makefile.legacy
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on Freenode IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches