Package: openocd / 0.10.0-4~bpo9+1

Metadata

Package Version Patches format
openocd 0.10.0-4~bpo9+1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
buspirate swd.patch | (download)

src/jtag/drivers/buspirate.c | 464 438 + 26 - 0 !
tcl/interface/buspirate.cfg | 16 8 + 8 - 0 !
2 files changed, 446 insertions(+), 34 deletions(-)

 add swd support to bus pirate openocd driver
no duplicate udev.patch | (download)

Makefile.am | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 don't install the udev file into /usr/share
 We install the udev rules into /etc/udev/ so there's no need for a
 duplicate copy in /usr/share/
fix sheeva.patch | (download)

tcl/interface/ftdi/sheevaplug.cfg | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix ftdi channel configuration for sheevaplug
fix openrd.patch | (download)

tcl/board/openrd.cfg | 2 2 + 0 - 0 !
tcl/interface/ftdi/openrd.cfg | 9 2 + 7 - 0 !
2 files changed, 4 insertions(+), 7 deletions(-)

 fix ftdi configuration for openrd
 The old ft2232 driver was dropped for 0.9.0 and the conversion for
 the OpenRD for the new driver was incorrect, using the incorrect
 FTDI channel and device description. This fixes those up and adds
 the appropriate JTAG speed configuration to get things working again.
bind localhost only.patch | (download)

doc/openocd.texi | 2 1 + 1 - 0 !
src/server/server.c | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 [patch] server: bind to ipv4 localhost by default

Since OpenOCD basically allows to perform arbitrary actions on behalf of
the running user, it makes sense to restrict the exposure by default.

If you need network connectivity and your environment is safe enough,
use "bindto 0.0.0.0" to switch to the old behaviour.

css fix.patch | (download)

src/server/startup.tcl | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 [patch] cve-2018-5704: prevent some forms of cross protocol scripting attacks

OpenOCD can be targeted by a Cross Protocol Scripting attack from
a web browser running malicious code, such as the following PoC:

var x = new XMLHttpRequest();
x.open("POST", "http://127.0.0.1:4444", true);
x.send("exec xcalc\r\n");

This mitigation should provide some protection from browser-based
attacks and is based on the corresponding fix in Redis:

https://github.com/antirez/redis/blob/8075572207b5aebb1385c4f233f5302544439325/src/networking.c#L1758