Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 004129e259)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ad104d1c63)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bc5ab96f7c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c29f2bff52)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8f6158c37f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b0696cb678)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c81289645f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 08a6aab0f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds support for zynqmp pmufw.elf files.
It will allow buildroot to use pmufw.elf binaries directly
from the Xilinx git repository built by petalinux in
addition to still supporting pmufw.bin binaries built
by the zynqmp-pmufw-builder.
https://github.com/Xilinx/ubuntu-firmware/tree/v2022.1_22.04_1/xlnx-firmware
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d07e6b7071)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 716b8c4e7b)
[Peter: drop 6.0.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gitlab CI reported build failures for the sipeed RISC-V nommu boards
with the u-boot/sdcard enabled default configuration. The compilation
errors are related to the openssl/evp.h header file missing, e.g.:
In file included from tools/imagetool.h:24,
from tools/fit_common.c:20:
include/image.h:1166:12: fatal error: openssl/evp.h: No such file or
directory
1166 | # include <openssl/evp.h>
| ^~~~~~~~~~~~~~~
Fix this issue by adding BR2_TARGET_UBOOT_NEEDS_OPENSSL=y to the config
files so that host-openssl gets built as a dependency of U-Boot.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3134229992https://gitlab.com/buildroot.org/buildroot/-/jobs/3134229994https://gitlab.com/buildroot.org/buildroot/-/jobs/3134229996https://gitlab.com/buildroot.org/buildroot/-/jobs/3134229998
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 959e9f7fde)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Denial of service fixes:
Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
these could potentially be carried out by an authenticated remote
attacker.
• An invalid array of fixed-length elements where the length of the
array is not a multiple of the length of the element would cause an
assertion failure in debug builds or an out-of-bounds read in
production builds. This was a regression in version 1.3.0.
(dbus#413, CVE-2022-42011; Simon McVittie)
• A syntactically invalid type signature with incorrectly nested
parentheses and curly brackets would cause an assertion failure in
debug builds. Similar messages could potentially result in a crash or
incorrect message processing in a production build, although we are
not aware of a practical example. (dbus#418, CVE-2022-42010;
Simon McVittie)
• A message in non-native endianness with out-of-band Unix file
descriptors would cause a use-after-free and possible memory
corruption in production builds, or an assertion failure in debug
builds. This was a regression in version 1.3.0. (dbus#417,
CVE-2022-42012; Simon McVittie)
https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.12.24/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 29586aed96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit ff0d534051 (package/iwd: bump version to 1.19), we are no
longer patching configure.ac, so autoreconfigure isn't needed anymore.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
[yann.morin.1998@free.fr: reword with reference to ff0d534051]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1db79dffca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix memory leak in EdDSA verify processing. (CVE-2022-38178)
- Fix memory leak in ECDSA verify processing. (CVE-2022-38177)
- Fix serve-stale crash that could happen when
stale-answer-client-timeout was set to 0 and there was a stale CNAME
in the cache for an incoming query. (CVE-2022-3080)
- Prevent excessive resource use while processing large delegations.
(CVE-2022-2795)
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_33/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8c31f3b50f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is stable bugfix release of libmdbx. So it is reasonable to backport
this patch to all applicable releases/branches of Buildroot.
Release notes for v0.11.12
--------------------------
Fixes:
- Fixed static assertion failure on platforms where the `off_t` type is wider
than corresponding fields of `struct flock` used for file locking (backport).
Now _libmdbx_ will use `fcntl64(F_GETLK64/F_SETLK64/F_SETLKW64)` if available.
- Fixed assertion check inside `page_retire_ex()` (backport).
Minors:
- Fixed `-Wint-to-pointer-cast` warnings while casting to `mdbx_tid_t` (backport).
- Removed needless `LockFileEx()` inside `mdbx_env_copy()` (backport).
The complete ChangeLog: https://gitflic.ru/project/erthink/libmdbx/blob?file=ChangeLog.md
Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dd2ded3355)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a bug fix and enhancement release on the 3.7.x branch.
https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2acba99893)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release contains fixes for three minor memory safety problems.
None are believed to be exploitable, but we report most memory safety
problems as potential security vulnerabilities out of caution.
* ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
Reported by Qualys
* ssh-keygen(1): double free() in error path of file hashing step in
signing/verify code; GHPR333
* ssh-keysign(8): double-free in error path introduced in openssh-8.9
https://www.openssh.com/txt/release-9.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bb571dc3e8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, with security fixes for CVE-2022-32886 and CVE-2022-32912.
Release notes:
https://wpewebkit.org/release/wpewebkit-2.36.8.html
Accompanying security advisory:
https://wpewebkit.org/security/WSA-2022-0009.html
This also imports a build fix for ARM NEON targets.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fc523deaf9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ee62626e16)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Missed from commit 2b134f9549 ({toolchain, linux-headers}: add support for
5.17.x headers).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 484b50507f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ebc9beaa6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 2.5.1, volk has been undergoing a relicensing from GPL-3.0+ to the
LGPL-3.0+, which is still not completely done by some large margin), so
it is still covered by the GPL-3.0+, but has parts already covered by
the LGPL-3.0+.
We so far only listed GPL-3.0+, but we also had the license file for the
LGPL-3.0+.
Add LGPL-3.0+ to the list of licenses; the COPYING file is the text of
the GPL-3.0+, so we already had it listed (note: the package has a
COPYING-GPL, but i's a symlink to COPYING).
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[yann.morin.1998@free.fr:
- split out to its own patch
- explain why we don't add COPYING-GPL
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0a397fa638)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since volk 2.5.1, C++17 is required, and no Boost component is used
anymore.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[yann.morin.1998@free.fr: split out to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 66215faa52)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.
This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.
https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2e4c0e722f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We can't use BR2_PACKAGE_LIBOPENSSL to force selecting libopenssl, as
it is part of a choice. Instead, we have a symbol explicitly to force
libopenssl: BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL.
Use that.
Reported-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 60f97ad95a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
At the moment rtl8189es module has -DCONFIG_LITTLE_ENDIAN hardcoded and
there is no way to override it. So to do this let's add a patch that is
pending upstream[1] to allow to override CFLAGS and then let's undefine
CONFIG_LITTLE_ENDIAN and define the correct endianness in rtl8189es.mk
Fixes:
http://autobuild.buildroot.net/results/3bcad5e88876c86a2a3338961ed20f28b5953779/
[1]: https://github.com/jwrdegoede/rtl8189ES_linux/pull/83
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 79a1c5dcad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Nicolas Tran is apparently no longer at Smile:
The response from the remote server was:
450 4.1.1 <nicolas.tran@smile.fr>: Recipient address rejected: User unknown in virtual mailbox table
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e4ecf82f99)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail server is no longer responsive. Every single day, we get:
<joerg.krause@embedded.rocks>: connect to embedded.rocks[99.83.154.118]:25:
Connection timed out
when sending the daily autobuilder report.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c6b987f39d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop have_mfpu_neon which has been added by commit
b07de37540 but is not recognized:
CMake Warning:
Manually-specified variables were not used by the project:
BUILD_DOC
BUILD_DOCS
BUILD_EXAMPLE
BUILD_EXAMPLES
BUILD_TEST
BUILD_TESTING
BUILD_TESTS
CMAKE_INSTALL_RUNSTATEDIR
have_mfpu_neon
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 27f6c1ab38)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The features of the Cortex A7 CPU on the Aspeed AST2600 A3 SoC are :
half thumb fastmult vfp edsp vfpv3 vfpv3d16 tls vfpv4 idiva idivt lpae evtstrm
the vfpv3d16 feature bit is common to both vfpv3 and vfpv4.
Drop BR2_ARM_FPU_VFPV4 which activates the use of vpfd32 (and breaks
user space). Set BR2_ARM_FPU_VFPV4D16 instead.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7ccb318d80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
(https://github.com/redis/redis/blob/7.0.5/00-RELEASENOTES)
================================================================================
Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit af56cfe372)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is currently the latest version in the v16.x branch.
Patch 0001-add-qemu-wrapper-support.patch needs some minor adaptations
to resolve conflicts with other unrelated upstream changes. The other
patches are simply refreshed.
The license file is updates due to:
- Reformatting changes
- Addition of the mention of some files being under GPLv3, but it's
only the autoconf machinery: aclocal.m4 and config.guess, so it's
not relevant to add in our LICENSE variable.
- Addition of the mention of another file being under the MIT
license (install-sh), and MIT is already listed, and this file is
anyway only part of the autoconf machinery.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a8a65d0951)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 1facb09b94 ("package/nodejs:
build host-nodejs only if we're installing modules with NPM") forgot
to account for the dependency on Qemu. Now that nodejs no longer
depends on host-nodejs, but needs host-qemu, we need to make sure that
nodejs selects the relevant BR2_PACKAGE_HOST_QEMU options.
So this patch:
- Drops the dependency of BR2_PACKAGE_NODEJS_ARCH_SUPPORTS on
BR2_PACKAGE_QEMU_ARCH_SUPPORTS_TARGET, which was incorrect: we
don't care about running Qemu on the target. We care about
host-qemu supporting the emulation of the target architecture,
which is what BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS is for.
- Adds the dependency to the relevant BR2_PACKAGE_HOST_QEMU options
to BR2_PACKAGE_NODEJS, so that host-qemu is built with the
appropriate features needed to build the target nodejs.
- Removes the qemu related dependencies from host-nodejs, which does
not need Qemu at all.
Without this change the build of nodejs without npm enabled is broken
as the host-qemu that gets built does not have all the features that
are needed. There are no autobuild failures at this point, however.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a88ba1548a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building host-nodejs is no longer needed to build the target nodejs,
unless npm is needed during the build, which happens when
BR2_PACKAGE_NODEJS_MODULES_ADDITIONAL is used.
We need to make that host-python3 is built with bz2 and ssl
support. Until now, it was done by the BR2_PACKAGE_HOST_NODEJS option,
but now that the target nodejs no longer depends on host-nodejs, we
are no longer guaranteed to have a host-python3 with bz2/ssl. To make
sure it is the case, we select the relevant options from
BR2_PACKAGE_NODEJS.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1facb09b94)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The target nodejs package is building those tools, and running them
under Qemu, so it is not necessary for the host variant to install
them.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ec5589611a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since upstream commit 79da2534737bd090b7000beed68d225618606e53,
present since NodeJS 16.0.0, another call to the torque tool is done
in tools/v8_gypfiles/v8.gyp, but our patch to wrap calls to such tools
under Qemu forgot this addition. Due to this, the build of NodeJS is
broken since the bump to v16 in Buildroot commit
07408779cc ("package/nodejs: bump to
16.15.0"). This issue is not visible in the autobuilders as it was
hidden by a previous build issue, itself fixed by "package/nodejs: fix
'Duplicate v8 target errors when cross-compiling' error".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cf0ddc8970)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reported also via:
https://github.com/nodejs/node/issues/37441
Patched in:
5e533cb943
The error is:
```
ninja: Entering directory `out/Release'
ninja: error: obj.host/tools/v8_gypfiles/run_torque.ninja:1356: multiple rules generate gen/torque-generated/bit-fields.h [-w dupbuild=err]
make[2]: *** [Makefile:127: node] Error 1
make[1]: *** [package/pkg-generic.mk:293: <buildroot>/output/build/nodejs-16.15.0/.stamp_built] Error 2
make: *** [Makefile:84: _all] Error 2
```
Fixes:
http://autobuild.buildroot.net/results/7fe9132236ee8e3a86dd97fe96ffee42990c2d19/
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
[Thomas:
- regenerate patch as a git formatted patch, add a link to the
original location, add my own SoB to it
- improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5708c5b04f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
