NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44,427 Commits 5 Branches 387 Tags 141 MiB
Makefile 64%
Python 15.3%
C 9.2%
Shell 6%
PHP 2.8%
Other 2.4%
a83e30ad63
Go to file
Peter Korsgaard a83e30ad63 utils/scanpypi: protect against zip-slip vulnerability in zip/tar handling 
For details, see https://github.com/snyk/zip-slip-vulnerability

Older python versions do not validate that the extracted files are inside
the target directory.  Detect and error out on evil paths before extracting
.zip / .tar file.

Given the scope of this (zip issue was fixed in python 2.7.4, released
2013-04-06, scanpypi is only used by a developer when adding a new python
package), the security impact is fairly minimal, but it is good to get it
fixed anyway.

Reported-by: Bas van Schaik <security-reports@semmle.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-12 21:27:35 +01:00
arch arch/mips: add (Marvell) Octeon III processor 2019-02-04 17:30:18 +01:00
board board/pc: fix typo in board/pc/post-build.sh 2019-02-12 20:01:39 +01:00
boot boot/uboot: fix order of Config.in properties 2019-02-06 22:21:15 +01:00
configs configs/rock64: needs U-Boot pylibfdt 2019-02-08 13:31:10 +01:00
docs docs/website: correct association e-mail address 2019-02-08 13:49:49 +01:00
fs fs/common.mk: make sure that static devices from packages are created 2018-12-04 21:53:14 +01:00
linux package/xenomai: move arch restriction to Cobalt core, no restriction for Mercury 2019-02-09 15:38:35 +01:00
package docker-engine: fix runc version check warning 2019-02-12 20:21:44 +01:00
support support/testing: build a glibc toolchain for docker / docker-compose tests 2019-02-12 20:03:46 +01:00
system system: allow selecting merged /usr along with custom rootfs skeleton 2019-02-06 17:11:38 +01:00
toolchain toolchain: add variadic MI thunk support flag 2019-02-04 21:53:20 +01:00
utils utils/scanpypi: protect against zip-slip vulnerability in zip/tar handling 2019-02-12 21:27:35 +01:00
.defconfig
.flake8 .flake8: ignore utils/diffconfig 2018-03-13 22:37:54 +01:00
.gitignore
.gitlab-ci.yml configs/rock64: new defconfig 2019-02-06 21:56:38 +01:00
.gitlab-ci.yml.in .gitlab-ci.yml: use "extends" keyword 2019-02-06 11:40:28 +01:00
CHANGES CHANGES: add recent changes 2019-02-12 19:57:58 +01:00
Config.in infra: add force build flag for host dependencies 2019-02-04 15:52:44 +01:00
Config.in.legacy package/mongodb: new package 2019-02-12 20:13:40 +01:00
COPYING
DEVELOPERS package/mongodb: new package 2019-02-12 20:13:40 +01:00
Makefile Makefile: allow rootfs overlays to override symbolic links 2019-02-06 17:11:02 +01:00
Makefile.legacy
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on Freenode IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches