NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
50,710 Commits 5 Branches 387 Tags 143 MiB
Makefile 63.3%
Python 16.3%
C 9.1%
Shell 5.9%
PHP 2.7%
Other 2.3%
98bf47237b
Go to file
Fabrice Fontaine 98bf47237b package/mp4v2: security bump to version 4.1.3 
- Switch site to an active fork
- Send patch upstream
- Update indentation in hash file (two spaces)
- Fix the following CVEs:
  - CVE-2018-14054: A double free exists in the MP4StringProperty class
    in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again
    in the destructor once an exception is triggered.
    Fixed by
    f09cceeee5
  - CVE-2018-14325: In MP4v2 2.0.0, there is an integer underflow (with
    resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.
    Fixed by
    e475013c6e
  - CVE-2018-14326: In MP4v2 2.0.0, there is an integer overflow (with
    resultant memory corruption) when resizing MP4Array for the ftyp
    atom in mp4array.h.
    Fixed by
    70d823ccd8
  - CVE-2018-14379: MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0
    incorrectly uses the MP4ItemAtom data type in a certain case where
    MP4DataAtom is required, which allows remote attackers to cause a
    denial of service (memory corruption) or possibly have unspecified
    other impact via a crafted MP4 file, because access to the data
    structure has different expectations about layout as a result of
    this type confusion.
    Fixed by
    73f38b4296
  - CVE-2018-14403: MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0
    mishandles substrings of atom names, leading to use of an
    inappropriate data type for associated atoms. The resulting type
    confusion can cause out-of-bounds memory access.
    Fixed by
    51cb6b36f6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0a860f21e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-06-01 22:18:31 +02:00
arch arch/arc: explicitly set "max-page-size" for GNU LD 2019-12-25 22:09:52 +01:00
board board/freescale: increase the vfat size 2020-06-01 22:06:30 +02:00
boot boot/syslinux: fix build of efi part with gnu-efi 3.0.10 2020-04-08 16:23:39 +02:00
configs configs/raspberrypi{3, 4}_64: enabling BR2_LINUX_KERNEL_DTB_OVERLAY_SUPPORT no longer needed 2020-05-29 22:59:18 +02:00
docs docs/manual: new chapter on release engineering 2020-05-31 23:15:35 +02:00
fs fs/cpio: make initramfs init script survive 'console=' kernel argument 2020-05-08 11:52:45 +02:00
linux {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 6}.x series 2020-06-01 22:00:30 +02:00
package package/mp4v2: security bump to version 4.1.3 2020-06-01 22:18:31 +02:00
support support/gnuconfig: reference the correct sha1 we're using 2020-05-10 21:55:47 +02:00
system Revert "system: don't attempt swapon/swapoff in inittab if not available" 2020-02-08 20:13:07 +01:00
toolchain toolchain/toolchain-buildroot: PPC64(LE) support in musl requires ALTIVEC 2020-05-07 22:47:30 +02:00
utils utils/genrandconfig: drop outdated python-nfc check 2020-03-04 19:08:12 +01:00
.defconfig arch: remove support for sh64 2016-09-08 22:15:15 +02:00
.flake8 .flake8: fix check for 80/132 columns 2019-04-10 12:31:33 +02:00
.gitignore
.gitlab-ci.yml support/testing: add libftdi1 test case 2020-02-23 11:12:09 +01:00
.gitlab-ci.yml.in gitlab-ci: use our updated docker base image 2019-10-27 21:52:28 +01:00
CHANGES Update for 2020.02.2 2020-05-12 14:14:42 +02:00
Config.in Config.in: drop BR2_NEEDS_HOST_{JAVAC,JAR} 2020-03-03 23:55:48 +01:00
Config.in.legacy package/python-pycrypto: remove package 2020-05-31 22:36:03 +02:00
COPYING COPYING: add exception about patch licensing 2016-02-26 19:50:13 +01:00
DEVELOPERS DEVELOPERS: remove python-pycrypto 2020-05-31 23:09:49 +02:00
Makefile Update for 2020.02.2 2020-05-12 14:14:42 +02:00
Makefile.legacy Remove BR2_DEPRECATED 2016-10-15 23:14:45 +02:00
README README: add reference to submitting-patches 2016-02-01 19:16:08 +01:00

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on Freenode IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches