kumquat-buildroot

NetCube-Systems-Austria/kumquat-buildroot

Go to file

Fabrice Fontaine 7e71021a60 package/python-lxml: security bump to version 4.9.1 Fix CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. https://github.com/lxml/lxml/blob/lxml-4.9.1/CHANGES.txt Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> (cherry picked from commit `ff3b5ca2c1`) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>		2022-08-16 22:06:01 +02:00
arch	arch/Config.in: armeb no-MMU is not supported	2022-06-19 14:59:15 +02:00
board	board/qemu/ppc-bamboo: use path to vmlinux image for copy and paste users	2022-06-07 11:40:53 +02:00
boot	boot/arm-trusted-firmware: remove extra ending parentheses	2022-08-16 11:40:12 +02:00
configs	configs/zynqmp_zcu106_defconfig: uboot dp pll patch	2022-05-28 11:09:18 +02:00
docs	docs/manual: fix patchwork URL	2022-08-16 10:20:53 +02:00
fs	fs/oci: entrypoint and command are space-separated lists	2022-05-29 10:33:32 +02:00
linux	{linux, linux-headers}: bump 4.{9, 14, 19}.x / 5.{4, 10, 15, 17}.x series	2022-08-03 22:26:24 +02:00
package	package/python-lxml: security bump to version 4.9.1	2022-08-16 22:06:01 +02:00
support	Update for 2022.02.4	2022-07-29 11:39:12 +02:00
system	system/skeleton: provide run/lock directory	2022-01-12 20:38:09 +01:00
toolchain	package/uclibc: introduce and use BR2_PACKAGE_UCLIBC_ARCH_SUPPORTS and BR2_PACKAGE_UCLIBC_SUPPORTS	2022-08-10 14:37:31 +02:00
utils	utils/readme.txt: Fix typo "get-developers"	2022-08-14 21:20:35 +02:00
.clang-format
.defconfig
.flake8
.gitignore
.gitlab-ci.yml	utils/checkpackagelib/lib_sysv: run shellcheck	2022-02-06 18:27:03 +01:00
CHANGES	Update for 2022.02.4	2022-07-29 11:39:12 +02:00
Config.in	support/download: Add SFTP support	2022-01-06 09:34:05 +01:00
Config.in.legacy	package/php: remove wddx extension	2022-07-18 09:12:01 +02:00
COPYING
DEVELOPERS	DEVELOPERS: remove Min Xu	2022-08-14 21:23:10 +02:00
Makefile	Update for 2022.02.4	2022-07-29 11:39:12 +02:00
Makefile.legacy
README

README

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on OFTC IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches