This commit fixes a problem where it was not possible to replace
/etc/shadow with a symlink to a e.g. a user partition where the
shadow file is placed. This is required, e.g. for systems where the
rootfs is mounted read-only but users should still be able to be
added. Thus, if within an filesystem overlay setup a user tries
to replace /etc/shadow with a symlink to the real file on a user
partition a buildroot build stops with an error message because
sed is called on the symlink instead of following the symlink.
This commit fixes this shortcoming.
Signed-off-by: Jens Maus <mail@jens-maus.de>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 82f64203a8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2016-9577
Frediano Ziglio of Red Hat discovered a buffer overflow
vulnerability in the main_channel_alloc_msg_rcv_buf function. An
authenticated attacker can take advantage of this flaw to cause a
denial of service (spice server crash), or possibly, execute
arbitrary code.
CVE-2016-9578
Frediano Ziglio of Red Hat discovered that spice does not properly
validate incoming messages. An attacker able to connect to the
spice server could send crafted messages which would cause the
process to crash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 087e70498a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2016-0749: The smartcard interaction in SPICE allows remote attackers to
cause a denial of service (QEMU-KVM process crash) or possibly execute
arbitrary code via vectors related to connecting to a guest VM, which
triggers a heap-based buffer overflow.
CVE-2016-2150: SPICE allows local guest OS users to read from or write to
arbitrary host memory locations via crafted primary surface parameters, a
similar issue to CVE-2015-5261.
The pyparsing check has been dropped from configure, and the spice protocol
definition is again included, so the workarounds can be removed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 75057fe767)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2015-3247: Race condition in the worker_update_monitors_config function
in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial
of service (heap-based memory corruption and QEMU-KVM crash) or possibly
execute arbitrary code on the host via unspecified vectors.
CVE-2015-5260: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to cause a denial of service (heap-based memory corruption
and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL
commands related to the surface_id parameter.
CVE-2015-5261: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to read and write to arbitrary memory locations on the host
via guest QXL commands related to surface creation.
Client/gui support is gone upstream (moved to spice-gtk / virt-viewer), so
add Config.in.legacy handling for them.
Lz4 is a new optional dependency, so handle it.
The spice protocol definition is no longer included and instead used from
spice-protocol. The build system uses pkg-config --variable=codegendir to
find the build time path of this, which doesn't take our STAGING_DIR prefix
into consideration, so it needs some help. The installed protocol
definition will likewise be newer than the generated files, so we need to
workaround that to ensure they are not regenerated (which needs host python
/ pyparsing).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 622ff3d6ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tunneling support is gone upstream, so drop the patch and add
Config.in.legacy handling for the option.
Celt051 is no longer a hard dependency, and opus is a new optional
dependency, so adjust the dependencies to match.
Python / pyparsing are not needed as the tarball contains the generated
files (this should presumably have been host-python in the first place as
these are used at build time), but we need a small workaround to convince
configure that they really aren't needed.
Alsa-lib is only needed for client support, and the configure script checks
for X11/Xext/Xrender, so adjust the dependencies to match.
A user manual is now generated by default if asciidoc is available, so
explicitly disable that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6f2c022023)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch backports two patches that have been sent upstream as a pull
request in order to fix sshd for MIPS64 n32.
The first patch adds support for detecting the MIPS ABI during the
configure phase.
The second patch sets the right value to seccomp_audit_arch taking into
account the MIPS64 ABI.
Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
for MIPS64. However, that's only valid for n64 ABI. The right macros for
n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.
Because of that an sshd built for MIPS64 n32 rejects connection attempts
and the output of strace reveals that the problem is related to seccomp
audit:
[pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
filter=0x555d5da0}) = 0
[pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ?
[pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP},
{fd=6, revents=POLLHUP}])
[pid 194] +++ killed by SIGSYS +++
Pull request: https://github.com/openssh/openssh-portable/pull/71
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6da3737984)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-1000381: The c-ares function `ares_parse_naptr_reply()`, which is
used for parsing NAPTR responses, could be triggered to read memory outside
of the given input buffer if the passed in DNS response packet was crafted
in a particular way.
https://c-ares.haxx.se/adv_20170620.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d1481fe474)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-3167: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being bypassed.
CVE-2017-3169: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
CVE-2017-7659: A maliciously constructed HTTP/2 request could cause
mod_http2 to dereference a NULL pointer and crash the server process.
CVE-2017-7668: The HTTP strict parsing changes added in Apache httpd 2.2.32
and 2.4.24 introduced a bug in token list parsing, which allows
ap_find_token() to search past the end of its input string. By maliciously
crafting a sequence of request headers, an attacker may be able to cause a
segmentation fault, or to force ap_find_token() to return an incorrect
value.
CVE-2017-7679: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_mime can read one byte past the end of a buffer when sending a malicious
Content-Type response header.
While we're at it, use the upstream sha256 checksum instead of sha1.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e8a15fd693)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-3140 is a denial-of-service vulnerability affecting 9.9.10,
9.10.5, 9.11.0->9.11.1, 9.9.10-S1, and 9.10.5-S1 when configured with
Response Policy Zones (RPZ) utilizing NSIP or NSDNAME rules.
https://kb.isc.org/article/AA-01495/74/CVE-2017-3140
CVE-2017-3141 is a Windows privilege escalation vector affecting
9.2.6-P2+, 9.3.2-P1+, 9.4.x, 9.5.x, 9.6.x, 9.7.x, 9.8.x, 9.9.0->9.9.10,
9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, and 9.10.5-S1. The
BIND Windows installer failed to properly quote the service paths,
possibly allowing a local user to achieve privilege escalation, if
allowed by file system permissions.
https://kb.isc.org/article/AA-01496/74/CVE-2017-3141
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e14d89d5e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In buildroot ffmpeg uses x264 as optional dependency if
BR2_PACKAGE_FFMPEG_GPL is enabled at the same time.
If BR2_PACKAGE_FFMPEG_GPL is disabled and ffmpeg is built without x264
support before x264 itself is build, x264 picks up certain ffmpeg libs
as optional dependency leading to build errors because x264 does not
correctly link statically against ffmpeg.
To avoid a circular dependency and to avoid teaching x264 how to
correctly link statically with ffmpeg we just disable all ffmpeg-
related options.
Fixes
http://autobuild.buildroot.net/results/36a/36abb5b8f3aab57fb7b63056b216b4a58143ee3e/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 310e4f07f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We already have an option for selecting sntp support in ntp that can be
chosen from the menuconfig, and ntp's configure script has a --with-sntp
option (with its --without counterpart) which can be used for disabling
sntp support in ntp. However, we are not using it. This patch will make
use of it.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 79ee9b7e69)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2017-9468 - Joseph Bisch discovered that Irssi does not properly handle
DCC messages without source nick/host. A malicious IRC server can take
advantage of this flaw to cause Irssi to crash, resulting in a denial of
service.
CVE-2017-9469 - Joseph Bisch discovered that Irssi does not properly handle
receiving incorrectly quoted DCC files. A remote attacker can take
advantage of this flaw to cause Irssi to crash, resulting in a denial of
service.
See https://irssi.org/security/irssi_sa_2017_06.txt for more details.
Remove 0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch as it
applied upstream and drop autoreconf as configure.ac is no longer patched.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2e19525f2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Notice that this fixes a security issue:
CWE-416 (use after free condition during netjoin processing). No CVE
assigned yet:
https://irssi.org/security/irssi_sa_2017_03.txt
But the 0.8.x series is not believed to be vulnerable to this specific
issue. From the advisory:
Affected versions
-----------------
Irssi up to and including 1.0.1
We believe Irssi 0.8.21 and prior are not affected since a different
code path causes the netjoins to be flushed prior to reaching the use
after free condition.
Openssl is no longer optional, so select it and drop the enable/disable
handling.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d1e2d290d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
- CVE-2017-9233 - External entity infinite loop DoS. See:
https://libexpat.github.io/doc/cve-2017-9233/
- CVE-2016-9063 -- Detect integer overflow
And further more:
- Fix regression from fix to CVE-2016-0718 cutting off longer tag names.
- Extend fix for CVE-2016-5300 (use getrandom() if available).
- Extend fix for CVE-2012-0876 (Change hash algorithm to William Ahern's
version of SipHash).
Also add an upstream patch to fix detection of getrandom().
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c0ad6ded01)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently building full gdb for MIPS musl fails because it's trying to
include <sgidefs.h> which is provided by glibc and uClibc, but not by
musl.
However, the kernel headers provide <asm/sgidefs.h> which has the same
definitions, so we can use that one instead.
Backporting a patch that has been sent upstream. Taken from here:
https://sourceware.org/bugzilla/show_bug.cgi?id=21070
[Peter: drop 7.12.1 / 8.0 patches]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1874fe1522)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
systemd's configure is looking in $PATH to find utilities that will be
needed at runtime.
Usually, those utilties, when installed on the host, will be found in
the same path they would be present on the target. For example,
/usr/bin/mount on the host would also be /usr/bin/mount on the target,
and all is find.
Except when we need to install a host variant of util-linux, which will
install mount in $(HOST_DIR), in which case systemd's configure would
find that one.
Of course, it is also very well possible that those utilities are not
installed on the host in the same location they would be on the target,
in case a user has manually installed some of those (e.g. in /usr/local/
or in /opt/)
Forcibly set the path to those utilities, as they are expected to be on
the target.
For kexec, we can set it even though we do not depend on it (yet).
systemd will appropriately test it at runtime.
For quota, we point to non-existing files, so as to catch errors at
runtime. It is to be noted that quotacheck is optional, while quotaon
does not seem to be (a service file is always installed, that uses it).
Note: utilties listed in the order they appear in configure.ac
Reported-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 68986ea301)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-0376: Fix a remotely triggerable assertion failure caused by
receiving a BEGIN_DIR cell on a hidden service rendezvous circuit.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9bf22d3e80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As can be seen in linux/arch/powerpc/include/uapi/asm/termbits.h are
defined as (note that those are octal numbers):
\#define TABDLY 00006000
\#define CSIZE 00001400
\#define CRDLY 00030000
which gives shifts of 10, 8 and 12. Adjust socat.mk accordingly to
reflect that difference.
Signed-off-by: Mark Hinds <zoronic@gmail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a52896f755)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In 4c10eedc1 (systemd: enable required kernel features), we added
setting a few required kernel features to ensure systemd works.
However, there was a typo for one of the variables: CONFIG_TMPFS_XATTR
was written as CONFIG_TMPFS_POSIX_XATTR, which does not exist (and never
ever existed, at least not since 2.6.12)...
Reported-by: Michael Heinemann <posted@heine.so>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Michael Heinemann <posted@heine.so>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b0fc65a11b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 039f7d0d2f (nodejs: bump 6.x version to 6.10.2) bumped the 6.x
version but forgot to rename the patch directory, so the patches were no
longer used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes
sdksyms.c:311:15: error: expected expression before »,« token
(void *) &, /* ../../include/os.h:96 */
by backporting an upstream patch, sdksyms.c is generated by
hw/xfree86/sdksyms.sh which is broken when used with gcc5+.
Problem was found while testing
http://patchwork.ozlabs.org/patch/762102/
using this defconfig
BR2_TOOLCHAIN_BUILDROOT_WCHAR=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PACKAGE_XORG7=y
BR2_PACKAGE_XSERVER_XORG_SERVER=y
BR2_PACKAGE_XSERVER_XORG_SERVER_V_1_14=y
BR2_PACKAGE_XDRIVER_XF86_INPUT_TSLIB=y
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 99058b2586)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Botan compiles all PowerPC code with AltiVec support and only determines
at runtime whether the CPU even supports it. If the target CPU uses the
older SPE extensions, though, this is too late; since SPE and AltiVec
are incompatible, gcc aborts the compilation. This patch explicitly
disables AltiVec support unless BR2_POWERPC_CPU_HAS_ALTIVEC is defined
Signed-off-by: Tobias Blass <tobias.blass@rohde-schwarz.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e654839f9e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
