Fixes:
wnpa-sec-2017-01 - The ASTERIX dissector could go into an infinite loop.
wnpa-sec-2017-02 - The DHCPv6 dissector could go into a large loop.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2515437e51)
On Darwin, user's trust preferences for root certificates were not honored.
If the user had a root certificate loaded in their Keychain that was
explicitly not trusted, a Go program would still verify a connection using
that root certificate. This is addressed by https://golang.org/cl/33721,
tracked in https://golang.org/issue/18141. Thanks to Xy Ziemba for
identifying and reporting this issue.
The net/http package's Request.ParseMultipartForm method starts writing to
temporary files once the request body size surpasses the given "maxMemory"
limit. It was possible for an attacker to generate a multipart request
crafted such that the server ran out of file descriptors. This is addressed
by https://golang.org/cl/30410, tracked in https://golang.org/issue/17965.
Thanks to Simon Rawet for the report.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5c9db62171)
RunC allowed additional container processes via runc exec to be ptraced by
the pid 1 of the container. This allows the main processes of the
container, if running as root, to gain access to file-descriptors of these
new processes during the initialization and can lead to container escapes or
modification of runC state before the process is fully placed inside the
container.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d6706dc430)
commit 9101ce5800 (runc: pass -extldflags '-static' on when
BR2_STATIC_LIBS=y) contained a small copy/paste error, FLANNEL_GLDFLAGS was
used instead of RUNC_GLDFLAGS.
[Peter: refer to exact commit]
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b97e3c94a9)
At compile-time the docker build scripts generate a version file used
to build the output of the docker version command. This file is
generated somewhat properly by the Buildroot build system, however the
version number and commit ID are incorrectly formatted. This patch fixes
the output to the correct format.
This is important as some tools like WeaveWorks won't even start unless
they can parse the Docker Version output correctly.
[Peter: strip v from version using patsusbt]
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0533484eb7)
Fixes CVE-2017-0381: A remote code execution vulnerability in
silk/NLSF_stabilize.c in libopus in Mediaserver could enable an attacker
using a specially crafted file to cause memory corruption during media file
and data processing.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f00a528ce6)
Fixes:
CVE-2016-9317 - gdImageCreate() doesn't check for oversized images and
as such is prone to DoS vulnerabilities.
CVE-2016-6912 - double-free in gdImageWebPtr()
(without CVE):
Potential unsigned underflow in gd_interpolation.c
DOS vulnerability in gdImageCreateFromGd2Ctx()
Signed Integer Overflow gd_io.c
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 39885cc5b0)
Fixes a critical authentication vulnerability in the MQTT plugin
(CVE-2016-9877):
MQTT (MQ Telemetry Transport) connection authentication with a
username/password pair succeeds if an existing username is provided but the
password is omitted from the connection request. Connections that use TLS
with a client-provided certificate are not affected.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a502f9acfd)
Bugfixes:
- CVE-2016-9131: A malformed response to an ANY query can cause an
assertion failure during recursion
- CVE-2016-9147: An error handling a query response containing inconsistent
DNSSEC information could cause an assertion failure
- CVE-2016-9444: An unusually-formed DS record response could cause an
assertion failure
- CVE-2016-9778: An error handling certain queries using the
nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4bab93be70)
This version is marked as "stable" on php-imagick's website, plus is
necessary for the upcoming php-7.1 version bump.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0cfddd92b6)
The 3.5.x has been promoted to stable, hence 3.4.x is deprecated and
3.3.x kept as old-stable.
libdane now specifies LGPLv2.1+ so drop the README kludge (which is also
gone regarding licensing).
libunistring is a new dependency, even though gnutls ships a builtin version
we prefer to use unbundled to avoid duplication with other users and target
size growth.
Fixes:
GNUTLS-SA-2017-01 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted X.509 certificate with
Proxy Certificate Information extension present could lead to a double
free.
GNUTLS-SA-2017-02 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted OpenPGP certificate
could lead to heap and stack overflows.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9b347c4acd)
Fixes CVE-2016-8707 (Fix possible buffer overflow when writing
compressed TIFFS). This CVE fix is included since 7.0.3-9:
fde5f55af9
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 68e8c3b5a6)
Security related fixes:
- Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer
before 0.9.11 (CVE-2016-9941)
- Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer
before 0.9.11 (CVE-2016-9942)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 143ba54758)
Bugfixes:
- CVE-2017-5193: Correct a NULL pointer dereference in the nickcmp function
found by Joseph Bisch (GL#1)
- CVE-2017-5194: Correct an error when receiving invalid nick message (GL#4,
#466)
- CVE-2017-5195: Correct an out of bounds read in certain incomplete control
codes found by Joseph Bisch (GL#2)
- CVE-2017-5196: Correct an out of bounds read in certain incomplete
character sequences found by Hanno Böck and independently by J. Bisch
(GL#3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8528edfb3b)
Security related fixes:
This flaw is caused by loading data from external sources (file, custom ctx,
etc) and are hard to validate before calling libgd APIs:
- fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
- bug #248, fix Out-Of-Bounds Read in read_image_tga
- gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)
Using application provided parameters, in these cases invalid data causes
the issues:
- Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
- fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
- improve color check for CropThreshold
The build system now enables -Wall and -Werror by default, so pass
--disable-werror to disable that. Notice that this issue has been fixed
upstream post-2.2.3:
https://github.com/libgd/libgd/issues/339
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 81dc283a00)
Fixes:
CVE-2016-8859 - fixes a serious under-allocation bug in regexec due to
integer overflow.
Drop upstream patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 63a7277107)
Fixes a NULL pointer dereference bug in png_set_text_2()
CVE not assigned yet.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d4e08cdeaa)
The patch did contain the correct newlines, but they got stripped by
patchwork so now the patch no longer applies.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9f57959147)
No features are added or removed. This release contains
just a fix for CVE-2016-9963
- Fix CVE-2016-9963 - Info leak from DKIM. When signing DKIM, if
either LMTP or PRDR was used for delivery, the key could appear in
logs. Additionally, if the experimental feature "DSN_INFO" was used,
it could appear in DSN messages (and be sent offsite).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 62f0195119)
Fixes CVE-2016-9594 - Unitilized random
Libcurl's (new) internal function that returns a good 32bit random value was
implemented poorly and overwrote the pointer instead of writing the value
into the buffer the pointer pointed to.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 72b6bf8f57)
Fixes CVE-2016-7067.
Note that since version 5.20.0 monit optionally depends on zlib.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0bf7c74e15)
"\r\n" sequences were not properly filtered when handling redirections.
This allowed an attacker to perform CRLF attacks such as HTTP header
injection:
https://github.com/bottlepy/bottle/issues/913
Python-bottle now uses setuptools instead of distutils.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aa64e33c51)
Fixes:
* Fix a NULL pointer dereference (#776026)
* Fix a memory leak (#776020)
* Avoid a buffer overrun in the qtif loader ($#775648)
* Fix a crash in the bmp loader (#775242)
* Fix crash opening pnm images with large dimensions (#775232)
* Prevent buffer overflow in the pixdata loader (#775693)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 75c3c94de9)
Fix out-of-bound access in create_url_list()
If there is an invalid URL in URLS->buf after a valid one, uri_parse is
called with out pointing after the allocated memory. As uri_parse writes
to *out before returning an error the loop in create_url_list must be
stopped early to prevent an out-of-bound access.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c489cbad77)
If there's no registered handler for a POST request, the default behaviour
is to write it to the filesystem. Several million deployed devices appear
to have this behaviour, making it possible to (at least) store arbitrary
data on them. Add a configure option that enables this behaviour, and change
the default to just drop POSTs that aren't directly handled.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9d1dab1b80)
Fixes:
CVE-2016-10009 - ssh-agent(1): Will now refuse to load PKCS#11 modules
from paths outside a trusted whitelist
CVE-2016-10010 - sshd(8): When privilege separation is disabled,
forwarded Unix-domain sockets would be created by sshd(8) with the
privileges of 'root'
CVE-2016-10011 - sshd(8): Avoid theoretical leak of host private key
material to privilege-separated child processes via realloc()
CVE-2016-10012 - sshd(8): The shared memory manager used by
pre-authentication compression support had a bounds checks that could be
elided by some optimising compilers
http://seclists.org/oss-sec/2016/q4/708
Drop upstream patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ae58da7111)
When systemd is selected, xorg-server must have config-udev-kms
enabled in order to build correctly, but it won't be the case if
BR2_PACKAGE_XPROTO_DRI2PROTO is not part of the build.
Add BR2_PACKAGE_XPROTO_DRI2PROTO as a dependency of xorg-xserver
only when systemd is part of the build.
Fixes bug #9486.
Signed-off-by: Fabien Parent <fparent@baylibre.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit cd4af31dd8)
The only security bug fixed concerns windows so it's not a security bump
for buildroot.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 326a9559dc)
Fixes an integer buffer overflow in the jpeg loader (details still
embargoed).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 660b3308cf)
The current VIM_REMOVE_DOCS hook removes all .txt files from
/usr/share/vim. Unfortunately, this also removes the rgb.txt file,
which is needed at runtime for vim, as reported in bug #9466.
This commit changes VIM_REMOVE_DOCS to remove only
/usr/share/vim/vim*/doc/. Size-wise, it's equivalent because:
- We are no longer removing a few README.txt in other directories,
taking more space.
- We are now removing the /usr/share/vim/vim*/doc/ folder entirely,
which contained a few files not named *.txt
So overall, the size of /usr/share/vim/ before and after this patch is
still 11MB.
Fixes bug #9466.
Reported-by: Mateusz Furdyna <sir.ferdek@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f7a07f42f7)
