Fixes the following security issues:
CVE-2017-3167: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being bypassed.
CVE-2017-3169: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
CVE-2017-7659: A maliciously constructed HTTP/2 request could cause
mod_http2 to dereference a NULL pointer and crash the server process.
CVE-2017-7668: The HTTP strict parsing changes added in Apache httpd 2.2.32
and 2.4.24 introduced a bug in token list parsing, which allows
ap_find_token() to search past the end of its input string. By maliciously
crafting a sequence of request headers, an attacker may be able to cause a
segmentation fault, or to force ap_find_token() to return an incorrect
value.
CVE-2017-7679: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_mime can read one byte past the end of a buffer when sending a malicious
Content-Type response header.
While we're at it, use the upstream sha256 checksum instead of sha1.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e8a15fd693)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-3140 is a denial-of-service vulnerability affecting 9.9.10,
9.10.5, 9.11.0->9.11.1, 9.9.10-S1, and 9.10.5-S1 when configured with
Response Policy Zones (RPZ) utilizing NSIP or NSDNAME rules.
https://kb.isc.org/article/AA-01495/74/CVE-2017-3140
CVE-2017-3141 is a Windows privilege escalation vector affecting
9.2.6-P2+, 9.3.2-P1+, 9.4.x, 9.5.x, 9.6.x, 9.7.x, 9.8.x, 9.9.0->9.9.10,
9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, and 9.10.5-S1. The
BIND Windows installer failed to properly quote the service paths,
possibly allowing a local user to achieve privilege escalation, if
allowed by file system permissions.
https://kb.isc.org/article/AA-01496/74/CVE-2017-3141
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e14d89d5e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In buildroot ffmpeg uses x264 as optional dependency if
BR2_PACKAGE_FFMPEG_GPL is enabled at the same time.
If BR2_PACKAGE_FFMPEG_GPL is disabled and ffmpeg is built without x264
support before x264 itself is build, x264 picks up certain ffmpeg libs
as optional dependency leading to build errors because x264 does not
correctly link statically against ffmpeg.
To avoid a circular dependency and to avoid teaching x264 how to
correctly link statically with ffmpeg we just disable all ffmpeg-
related options.
Fixes
http://autobuild.buildroot.net/results/36a/36abb5b8f3aab57fb7b63056b216b4a58143ee3e/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 310e4f07f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We already have an option for selecting sntp support in ntp that can be
chosen from the menuconfig, and ntp's configure script has a --with-sntp
option (with its --without counterpart) which can be used for disabling
sntp support in ntp. However, we are not using it. This patch will make
use of it.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 79ee9b7e69)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2017-9468 - Joseph Bisch discovered that Irssi does not properly handle
DCC messages without source nick/host. A malicious IRC server can take
advantage of this flaw to cause Irssi to crash, resulting in a denial of
service.
CVE-2017-9469 - Joseph Bisch discovered that Irssi does not properly handle
receiving incorrectly quoted DCC files. A remote attacker can take
advantage of this flaw to cause Irssi to crash, resulting in a denial of
service.
See https://irssi.org/security/irssi_sa_2017_06.txt for more details.
Remove 0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch as it
applied upstream and drop autoreconf as configure.ac is no longer patched.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2e19525f2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Notice that this fixes a security issue:
CWE-416 (use after free condition during netjoin processing). No CVE
assigned yet:
https://irssi.org/security/irssi_sa_2017_03.txt
But the 0.8.x series is not believed to be vulnerable to this specific
issue. From the advisory:
Affected versions
-----------------
Irssi up to and including 1.0.1
We believe Irssi 0.8.21 and prior are not affected since a different
code path causes the netjoins to be flushed prior to reaching the use
after free condition.
Openssl is no longer optional, so select it and drop the enable/disable
handling.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d1e2d290d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
- CVE-2017-9233 - External entity infinite loop DoS. See:
https://libexpat.github.io/doc/cve-2017-9233/
- CVE-2016-9063 -- Detect integer overflow
And further more:
- Fix regression from fix to CVE-2016-0718 cutting off longer tag names.
- Extend fix for CVE-2016-5300 (use getrandom() if available).
- Extend fix for CVE-2012-0876 (Change hash algorithm to William Ahern's
version of SipHash).
Also add an upstream patch to fix detection of getrandom().
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c0ad6ded01)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently building full gdb for MIPS musl fails because it's trying to
include <sgidefs.h> which is provided by glibc and uClibc, but not by
musl.
However, the kernel headers provide <asm/sgidefs.h> which has the same
definitions, so we can use that one instead.
Backporting a patch that has been sent upstream. Taken from here:
https://sourceware.org/bugzilla/show_bug.cgi?id=21070
[Peter: drop 7.12.1 / 8.0 patches]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1874fe1522)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
systemd's configure is looking in $PATH to find utilities that will be
needed at runtime.
Usually, those utilties, when installed on the host, will be found in
the same path they would be present on the target. For example,
/usr/bin/mount on the host would also be /usr/bin/mount on the target,
and all is find.
Except when we need to install a host variant of util-linux, which will
install mount in $(HOST_DIR), in which case systemd's configure would
find that one.
Of course, it is also very well possible that those utilities are not
installed on the host in the same location they would be on the target,
in case a user has manually installed some of those (e.g. in /usr/local/
or in /opt/)
Forcibly set the path to those utilities, as they are expected to be on
the target.
For kexec, we can set it even though we do not depend on it (yet).
systemd will appropriately test it at runtime.
For quota, we point to non-existing files, so as to catch errors at
runtime. It is to be noted that quotacheck is optional, while quotaon
does not seem to be (a service file is always installed, that uses it).
Note: utilties listed in the order they appear in configure.ac
Reported-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 68986ea301)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-0376: Fix a remotely triggerable assertion failure caused by
receiving a BEGIN_DIR cell on a hidden service rendezvous circuit.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9bf22d3e80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As can be seen in linux/arch/powerpc/include/uapi/asm/termbits.h are
defined as (note that those are octal numbers):
\#define TABDLY 00006000
\#define CSIZE 00001400
\#define CRDLY 00030000
which gives shifts of 10, 8 and 12. Adjust socat.mk accordingly to
reflect that difference.
Signed-off-by: Mark Hinds <zoronic@gmail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a52896f755)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In 4c10eedc1 (systemd: enable required kernel features), we added
setting a few required kernel features to ensure systemd works.
However, there was a typo for one of the variables: CONFIG_TMPFS_XATTR
was written as CONFIG_TMPFS_POSIX_XATTR, which does not exist (and never
ever existed, at least not since 2.6.12)...
Reported-by: Michael Heinemann <posted@heine.so>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Michael Heinemann <posted@heine.so>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b0fc65a11b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 039f7d0d2f (nodejs: bump 6.x version to 6.10.2) bumped the 6.x
version but forgot to rename the patch directory, so the patches were no
longer used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes
sdksyms.c:311:15: error: expected expression before »,« token
(void *) &, /* ../../include/os.h:96 */
by backporting an upstream patch, sdksyms.c is generated by
hw/xfree86/sdksyms.sh which is broken when used with gcc5+.
Problem was found while testing
http://patchwork.ozlabs.org/patch/762102/
using this defconfig
BR2_TOOLCHAIN_BUILDROOT_WCHAR=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PACKAGE_XORG7=y
BR2_PACKAGE_XSERVER_XORG_SERVER=y
BR2_PACKAGE_XSERVER_XORG_SERVER_V_1_14=y
BR2_PACKAGE_XDRIVER_XF86_INPUT_TSLIB=y
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 99058b2586)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Botan compiles all PowerPC code with AltiVec support and only determines
at runtime whether the CPU even supports it. If the target CPU uses the
older SPE extensions, though, this is too late; since SPE and AltiVec
are incompatible, gcc aborts the compilation. This patch explicitly
disables AltiVec support unless BR2_POWERPC_CPU_HAS_ALTIVEC is defined
Signed-off-by: Tobias Blass <tobias.blass@rohde-schwarz.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e654839f9e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bash's malloc relies on sbrk which is implemented as a fail-only stub in
musl. Presently, it is disabled when configured for static
libs. Instead, default to using libc malloc.
Fixes:
# bash
bash: xmalloc: locale.c:81: cannot allocate 18 bytes (0 bytes allocated)
Signed-off-by: Daniel Sabogal <dsabogalcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 43552504c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2017-1000367 - Potential overwrite of arbitrary files on Linux
On Linux systems, sudo parses the /proc/[pid]/stat file to determine the
device number of the process's tty (field 7). The fields in the file are
space-delimited, but it is possible for the command name (field 2) to
include spaces, which sudo does not account for. A user with sudo
privileges can cause sudo to use a device number of the user's choosing by
creating a symbolic link from the sudo binary to a name that contains a
space, followed by a number.
If SELinux is enabled on the system and sudo was built with SELinux support,
a user with sudo privileges may be able to to overwrite an arbitrary file.
This can be escalated to full root access by rewriting a trusted file such
as /etc/shadow or even /etc/sudoers.
For more details, see: https://www.sudo.ws/alerts/linux_tty.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fddb760946)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The external toolchain code has some logic to calculate the correct name
for the dynamic linker symbolic link that needs to be created when the
musl C library is being used. There was already some handling for the
mipsel+soft-float case, but not for the mips+soft-float case. Due to
this, the symbolic link was incorrectly named, and programs were
referencing an non-existing file.
Reported-by: Florent Jacquet <florent.jacquet@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a6a4a8b2ef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-7650: Two errors in the "asn1_find_node()" function
(lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to
cause a stacked-based buffer overflow by tricking a user into processing a
specially crafted assignments file via the e.g. asn1Coding utility.
For more details, see:
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/
Or the 1.4.11 release mail (no mail about 1.4.12, but identical to 1.4.11 +
a soname fix):
https://lists.gnu.org/archive/html/help-libtasn1/2017-05/msg00003.html
Remove 0001-configure-don-t-add-Werror-to-build-flags.patch and autoreconf
as that patch is now upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2fb7cbeb74)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
