NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
63,339 Commits 5 Branches 387 Tags 143 MiB
Makefile 63.3%
Python 16.3%
C 9.1%
Shell 5.9%
PHP 2.7%
Other 2.3%
fc961e4e10
Go to file
Fabrice Fontaine fc961e4e10 package/sysstat: security bump to version 12.6.1 
Fix CVE-2022-39377: sysstat is a set of system performance tools for the
Linux operating system. On 32 bit systems, in versions 9.1.16 and newer
but prior to 12.7.1, allocate_structures contains a size_t overflow in
sa_common.c. The allocate_structures function insufficiently checks
bounds before arithmetic multiplication, allowing for an overflow in the
size allocated for the buffer representing system activities. This issue
may lead to Remote Code Execution (RCE).

Despite what is written above in the CVE announcement, and as written in
the Changelog, the fix is also included in version 12.6.1 (12.7.1 is a
development version):
    c1e631eddc

As a consequence, 12.6.1 is still reported as being affected. Until the
NVD is updated appropriately, we mark the CVE as ignored with a comment
that explains why.

Note: that commit is not reachable from any branch in the sysstat
repository, and Github warns about that, but the commit does belong to
the upstream repository and is reachable from the 12.6.1 tag (it looks
like sysstat only pushes tags-with-history for fix releases).

https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x
https://github.com/sysstat/sysstat/blob/v12.6.1/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - ignore the CVE, explain why
  - explain why github warns about the fix commit
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e4ef408e8f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-11-23 10:50:48 +01:00
arch arch/arch.mk.xtensa: relax check on overlay file to apply only to internal toolchains 2022-11-15 14:21:42 +01:00
board board/solidrun/macchiatobin: update BSP components version in documentation 2022-09-30 17:12:42 +02:00
boot boot/arm-trusted-firmware: fix SSP disable in v2.2 2022-11-15 14:06:14 +01:00
configs configs/pine64: use mainline ATF 2022-11-13 22:20:38 +01:00
docs docs/manual: patch subjects shall not be numbered 2022-09-17 22:22:22 +02:00
fs fs/oci: entrypoint and command are space-separated lists 2022-05-29 10:33:32 +02:00
linux package/linux: don't leak host timezone into linux version string 2022-11-14 11:39:51 +01:00
package package/sysstat: security bump to version 12.6.1 2022-11-23 10:50:48 +01:00
support support/testing/tests/fs/test_f2fs: fix test after f2fs-tools bump 2022-11-22 08:38:49 +01:00
system system/skeleton: provide run/lock directory 2022-01-12 20:38:09 +01:00
toolchain toolchain: support gconv modules from glibc >= 2.34 2022-11-04 08:41:54 +01:00
utils utils/genrandconfig: handle a10disp 2022-11-13 17:48:57 +01:00
.clang-format .clang-format: initial import from Linux 5.15.6 2022-01-01 15:01:13 +01:00
.defconfig arch: remove support for sh64 2016-09-08 22:15:15 +02:00
.flake8 Revert ".flake8: fix check for 80/132 columns" 2021-01-02 17:38:20 +01:00
.gitignore
.gitlab-ci.yml utils/checkpackagelib/lib_sysv: run shellcheck 2022-02-06 18:27:03 +01:00
.shellcheckrc utils/check-package: improve shellcheck reproducibility 2022-08-18 07:59:26 +02:00
CHANGES Update for 2022.02.7 2022-11-17 10:44:53 +01:00
Config.in support/download: Add SFTP support 2022-01-06 09:34:05 +01:00
Config.in.legacy Config.in.legacy: add missing select 2022-09-16 12:18:20 +02:00
COPYING
DEVELOPERS DEVELOPERS: add myself to configs/kontron_smarc_sal28_defconfig 2022-11-14 23:28:18 +01:00
Makefile Update for 2022.02.7 2022-11-17 10:44:53 +01:00
Makefile.legacy Remove BR2_DEPRECATED 2016-10-15 23:14:45 +02:00
README docs: move the IRC channel away from Freenode 2021-05-29 22:16:23 +02:00

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on OFTC IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches