NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
47,345 Commits 5 Branches 387 Tags 141 MiB
Makefile 64%
Python 15.3%
C 9.2%
Shell 6%
PHP 2.8%
Other 2.4%
c5c106e4e3
Go to file
Peter Korsgaard c5c106e4e3 package/mosquitto: security bump to version 1.6.6 
Fixes a security issue. From the annoncement:

A vulnerability exists in Mosquitto versions 1.5 to 1.6.5 inclusive.

If a client sends a SUBSCRIBE packet containing a topic that consists of
approximately 65400 or more '/' characters, i.e.  the topic hierarchy
separator, then a stack overflow will occur.

The issue is fixed in Mosquitto 1.6.6 and 1.5.9.  Patches for older versions
are available at https://mosquitto.org/files/cve/2019-hier

The fix addresses the problem by restricting the allowed number of topic
hierarchy levels to 200.  An alternative fix is to increase the size of the
stack by a small amount.

https://mosquitto.org/blog/2019/09/version-1-6-6-released/

Also notice that 1.6.5 silently fixed a security issue:

CVE-2019-11778

A vulnerability exists in Mosquitto version 1.6 to 1.6.4 inclusive, known as CVE-2019-11778

If an MQTT v5 client connects to Mosquitto, sets a last will and testament,
sets a will delay interval, sets a session expiry interval, and the will
delay interval is set longer than the session expiry interval, then a use
after free error occurs, which has the potential to cause a crash in some
situations.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-18 17:49:58 +02:00
arch
board
boot boot/afboot-stm32: bump to version 0.2 2019-09-17 22:02:37 +02:00
configs
docs
fs
linux
package package/mosquitto: security bump to version 1.6.6 2019-09-18 17:49:58 +02:00
support support/dependencies/dependencies.sh: check for JSON:PP Perl module 2019-09-17 22:36:42 +02:00
system
toolchain
utils utils/scancpan: improve license file detection 2019-09-17 22:51:01 +02:00
.defconfig
.flake8
.gitignore
.gitlab-ci.yml
.gitlab-ci.yml.in
CHANGES
Config.in
Config.in.legacy
COPYING
DEVELOPERS DEVELOPERS: trim runtime tests for Ricardo Martincoski 2019-09-17 22:51:28 +02:00
Makefile
Makefile.legacy
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on Freenode IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches