- May 22, 2020
-
-
Peter Korsgaard authored
Signed-off-by:Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
>From ChangeLog: - CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage - CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value - CVE: GHSL-2020-102 OOB Write in crypto_rsa_common - Enforce synchronous legacy RDP encryption count (#6156) - Fixed some leaks and crashes missed in 2.1.0 - Removed dynamic channel listener limits - Lots of resource cleanup fixes (clang sanitizers) https://github.com/FreeRDP/FreeRDP/blob/2.1.1/ChangeLog Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
- May 21, 2020
-
-
Fabrice Fontaine authored
Commit 7ef76ed3 forgot to remove python-pycrypto entry from DEVELOPERS Signed-off-by:
Yann E. MORIN <yann.morin.1998@free.fr>
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/874433d8cb30d21332f23024081a8b6d7b3254ae Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-
Heiko Thiery authored
Added upstream patch for fixing build failure when using GCC10 as a host compiler (-fno-common is now default). Fixes: http://autobuild.buildroot.net/results/aca662d9fd7052f3b361b731cd266edb3b6c41b0 http://autobuild.buildroot.net/results/6546b284cf306a2fde3c69d67daf9aacffa9e143 http://autobuild.buildroot.net/results/db20bb3c11a1a9558a5d8021015c6915f99097c8 Cc: Romain Naour <romain.naour@gmail.com> Signed-off-by:
Heiko Thiery <heiko.thiery@gmail.com> Signed-off-by:
-
Romain Naour authored
This package doesn't work with Python 3.8 since the code contains time.clock() that was deprecated in Python 3.3 and removed in Python 3.8. Instead of applying non upstream patches from Fedora [1], python-pycrypto was replaced by python-pycryptodomex for crda and optee-os package. Now we can remove safely this package. [1] http://lists.busybox.net/pipermail/buildroot/2020-April/280683.html Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/498144209 Signed-off-by:
Romain Naour <romain.naour@gmail.com> Cc: James Hilliard <james.hilliard1@gmail.com> Signed-off-by:
-
Romain Naour authored
>From [1] included in optee-os release 3.7.0: "PyCryptodome is a fork of PyCrypto, which is not maintained any more (the last release dates back to 2013 [2]). It exposes almost the same API, but there are a few incompatibilities [3]." pem_to_pub_c.py/sign.py scripts still use pycrypto that is replaced by pycryptodomex. Add a patch to use pycryptodomex but don't use upstream commit since it also switches from the algorithm TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 to TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 when replacing pycrypto to pycryptodomex [4]. [1] https://github.com/OP-TEE/optee_os/commit/90ad2450436fdd9fc0d28a3f92f3fbcfd89a38f0 [2] https://pypi.org/project/pycrypto/#history [3] https://pycryptodome.readthedocs.io/en/latest/src/vs_pycrypto.html [4] https://github.com/OP-TEE/optee_os/commit/ababd72d2fd76cb2ded8e202b49db28d6545f6eb Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/526035730 Signed-off-by:
-
Romain Naour authored
>From [1]: "PyCryptodome is a fork of PyCrypto, which is not maintained any more (the last release dates back to 2013 [2]). It exposes almost the same API, but there are a few incompatibilities [3]." [1] https://github.com/OP-TEE/optee_os/commit/90ad2450436fdd9fc0d28a3f92f3fbcfd89a38f0 [2] https://pypi.org/project/pycrypto/#history [3] https://pycryptodome.readthedocs.io/en/latest/src/vs_pycrypto.html Update the patch 0001-crda-support-python-3-in-utils-key2pub.py.patch since it add pycrypto. >From [4] "CRDA is no longer needed as of kernel v4.15 since commit 007f6c5e6eb45 ("cfg80211: support loading regulatory database as firmware file") added support to use the kernel's firmware request API which looks for the firmware on /lib/firmware. Because of this CRDA is legacy software for older kernels. It will continue to be maintained." [4] https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/tree/README?id=9856751feaf7b102547cea678a5da6c94252d83d#n8 Signed-off-by:
-
Romain Naour authored
Adding a host variant will allow to replace host-python-pycrypto by host-python-pycryptodomex for the crda and optee-os packages. From [1]: "PyCryptodome is a fork of PyCrypto, which is not maintained any more (the last release dates back to 2013 [2]). It exposes almost the same API, but there are a few incompatibilities [3]." [1] https://github.com/OP-TEE/optee_os/commit/90ad2450436fdd9fc0d28a3f92f3fbcfd89a38f0 [2] https://pypi.org/project/pycrypto/#history [3] https://pycryptodome.readthedocs.io/en/latest/src/vs_pycrypto.html Signed-off-by:
-
Stephan Hoffmann authored
I added this package while working for Grandcentrix but am willing to maintain it further. Signed-off-by:
Stephan Hoffmann <sho@relinux.de> Signed-off-by:
-
Stephan Hoffmann authored
mtdev2tuio breaks the builds every now and then and is not maintained upstream. It does not seem to be useful any more. Signed-off-by:
-
Ryan Coe authored
Add two spaces in hash file. Remove patch 0002 as it has been applied upstream. Release notes: https://mariadb.com/kb/en/library/mariadb-10323-release-notes/ Changelog: https://mariadb.com/kb/en/library/mariadb-10323-changelog/ Fixes the following security vulnerabilities: CVE-2020-2752 - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVE-2020-2812 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2020-2814 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2020-2760 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. Signed-off-by:
Ryan Coe <bluemrp9@gmail.com> Signed-off-by:
-
- May 19, 2020
-
-
Fabrice Fontaine authored
- Switch site to github - Drop patches (already in version) - Fix the following CVEs: - CVE-2020-13114: Time consumption DoS when parsing canon array markers - CVE-2020-13113: Potential use of uninitialized memory - CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes - CVE-2020-0093: read overflow - CVE-2020-12767: fixed division by zero https://github.com/libexif/libexif/releases/tag/libexif-0_6_22-release Signed-off-by: -
Thomas Petazzoni authored
Our current host-bison installation is not relocatable, so if you generate the SDK, and install it in a different location, bison will no longer work with failures such as: bison: /home/user/buildroot/output/host/share/bison/m4sugar/m4sugar.m4: cannot open: No such file or directory This particular issue is already resolved upstream by the addition of "relocatable" support, which we enable using --enable-relocatable. Once this issue is fixed, a second one pops up: the path to the m4 program itself is also hardcoded. So we add a patch to fix that as well. The patch has been submitted upstream, which have requested for further refinements not applicable to the Buildroot context; in the meantime, we carry that patch. Fixes: https://bugs.busybox.net/show_bug.cgi?id=12656 Signed-off-by:
-
Yann E. MORIN authored
This reverts commit f5845954. It in fact depends on a previous patch to python that was not applied [0], as upstream believes it is dangerous [1], and is still debating the proper solution [2]. [0] https://patchwork.ozlabs.org/project/buildroot/patch/20200202205306.1785085-1-fontaine.fabrice@gmail.com/ [1] https://bugs.python.org/issue39026#msg369309 [2] https://bugs.python.org/issue39026 Signed-off-by:
-
Fabrice Fontaine authored
python bindings supports python3 since version 2.8.19 and https://github.com/cracklib/cracklib/commit/219de98766b9f1e4c8c5b174de770158ffda3a93 Signed-off-by:
-
Stefan Sørensen authored
Signed-off-by:
Stefan Sørensen <stefan.sorensen@spectralink.com> Signed-off-by:
-
Stefan Sørensen authored
Security fixes: CVE-2020-12243: Fixed slapd to limit depth of nested filters Signed-off-by:
-
- May 18, 2020
-
-
Thomas Petazzoni authored
His e-mail is no longer working: <stephan.hoffmann@ext.grandcentrix.net>: host aspmx.l.google.com[74.125.133.26] said: 550-5.2.1 The email account that you tried to reach is disabled. Learn more at 550 5.2.1 https://support.google.com/mail/?p=DisabledUser o3si10331209wre.302 - gsmtp (in reply to RCPT TO command) Signed-off-by:
-
- May 17, 2020
-
-
Heiko Thiery authored
Added upstream patch for fixing build failure when using GCC10 as a host compiler (-fno-common is now default) Fixes: http://autobuild.buildroot.org/results/0fc/0fcb11a40bcff78e8084335114af390d2fac31e1 Cc: Romain Naour <romain.naour@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
stella converted most of its C-Style arrays to std::array since version 6.1: https://github.com/stella-emu/stella/commit/0c0f732e5f50b08cfcbdc5ad96c4e18ad230c04b However, gcc 5.x does not accept a = {} initialization for std::array: In file included from src/emucore/ConsoleIO.hxx:18:0, from src/emucore/Console.hxx:34, from src/gui/AudioDialog.cxx:22: src/emucore/Control.hxx:331:71: error: array must be initialized with a brace-enclosed initializer std::array<bool, 5> myDigitalPinState{true, true, true, true, true}; ^ So add a dependency on gcc >= 6 instead of trying to patch the numerous array initializations to make them compliant with C++11 Fixes: - http://autobuild.buildroot.org/results/dfd9b901fabf310ed9033b8a012466c565d58684 Signed-off-by:
-
Peter Seiderer authored
Disable feature-relocatable to avoid a path mismatch while searching qml files and buildroot BR2_ROOTFS_MERGED_USR feature enabled. As described in [1] with feature-relocatable Qt determines the search pathes relative to the location of libQt5Core.so, with BR2_ROOTFS_MERGED_USR enabled found first under the symlink path '/lib' instead of the install path '/usr/lib' and searches sequentially for qml files under '/qml' instead of the correct '/usr/qml'. Fixes: - https://bugs.busybox.net/show_bug.cgi?id=12906 [1] https://code.qt.io/cgit/qt/qtbase.git/commit/?id=4ac872639ed0dd3ae6627e05bdda821f7d128500 Reported-by:
Joonas Harjumäki <jharjuma@gmail.com> Signed-off-by:
Peter Seiderer <ps.report@gmx.net> Signed-off-by:
-
Romain Naour authored
As reported on bugzilla [1], the host-rust package fail when the target architecture or the target libc is not supported. The error is the following: failed to parse TOML configuration 'config.toml': expected a table key, found a right bracket at line 15 In such case BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS is not set thus RUSTC_TARGET_NAME is also not set [2]. But RUSTC_TARGET_NAME is needed to generate the file config.toml [3] Add BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS in the host-rust dependency. The commit [4] that allowed to select host-rust when the target architecture or the target libc is not supported, should have allowed to select only host-rustc-bin. Fixes: Bug #12691 [1] https://bugs.busybox.net/show_bug.cgi?id=12691 [2] https://git.buildroot.net/buildroot/tree/package/rustc/rustc.mk?h=2020.05-rc1#n10 [3] https://git.buildroot.net/buildroot/tree/package/rust/rust.mk?h=2020.05-rc1#n41 [4] 025b863e Signed-off-by:
Sam Voss <sam.voss@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
ezXML is affected by several CVEs and is not maintained anymore (no release since 2006) so remove it. Signed-off-by:
-
James Hilliard authored
We need to backport a commit to allow us to override the g-ir-scanner and g-ir-compiler binaries in the gnome module. By default since meson looks for these binaries as native: true dependencies it would use the host versions instead of the wrappers which are not useable for target package builds. Override this behavior by specifying the correct wrapper binaries in cross-compilation.conf. Fixes: http://autobuild.buildroot.net/results/f49/f49bb57a6ec2890f489fbd55ced9c9249d066334/build-end.log Signed-off-by:
James Hilliard <james.hilliard1@gmail.com> [yann.morin.1998@free.fr: - expand on why the backported patch does not closely match upstream ] Signed-off-by:
-
James Hilliard authored
Signed-off-by:
-
- May 16, 2020
-
-
Thomas Petazzoni authored
BR2_LINUX_KERNEL_DTB_OVERLAY_SUPPORT is now forcefully selected by BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTB_OVERLAYS when the kernel is in charge of building DTBs (BR2_LINUX_KERNEL_DTS_SUPPORT=y). So enabling BR2_LINUX_KERNEL_DTB_OVERLAY_SUPPORT is no longer needed in the 64-bit defconfigs for Raspberry Pi 3 and 4. Signed-off-by:
-
Thomas Petazzoni authored
When BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTB_OVERLAYS is enabled, and the DTBs are built by Linux (i.e BR2_LINUX_KERNEL_DTS_SUPPORT is enabled), these DTBs should be built with the -@ Device Tree compiler option, so that they can be used together with DTB overlays. So let's select BR2_LINUX_KERNEL_DTB_OVERLAY_SUPPORT in this situation. Fixes: https://bugs.busybox.net/show_bug.cgi?id=12831 Signed-off-by:
-
Danomi Manchego authored
The comment explaining the autoreconf says that we are building from a git clone - but we are not, currently. However, the reconf is still needed due to patches modifying ac files. This commit corrects the comment. Signed-off-by:
Danomi Manchego <danomimanchego123@gmail.com> [yann.morin.1998@free.fr: also mention acincludes.m4] Signed-off-by:
-
Fabrice Fontaine authored
Bump to latest upstream commit as it fixes a huge number of CVEs. Some of them can't be linked to a given commit (e.g. https://github.com/ckolivas/lrzip/issues/67). Moreover, upstream does not plan to tag a new release any time soon: https://github.com/ckolivas/lrzip/issues/99 - Fix CVE-2017-8842: The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive. - Fix CVE-2017-8843: The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. - Fix CVE-2017-8844: The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. - Fix CVE-2017-8845: The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive. - Fix CVE-2017-8846: The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive. - Fix CVE-2017-8847: The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. - Fix CVE-2017-9928: In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. - Fix CVE-2017-9929: In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. - Fix CVE-2018-5747: In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. - Fix CVE-2018-11496: In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. Also: - update indentation of hash file (two spaces) - drop patch (already in version) - manage host-nasm dependency which is enabled by default and has been fixed by: https://github.com/ckolivas/lrzip/commit/9f16f65705e2f1e11c41647405adcce6a12d286c Signed-off-by:
-
Peter Seiderer authored
The QT module location from qt5location depends on QT quick from qt5declarative. >From qt5location-5.14.2/src/src.pro: qtHaveModule(quick) { SUBDIRS += positioningquick location ... } Adjust pyqt5 QtLocation module dependency accordingly. Fixes: - http://autobuild.buildroot.net/results/122bb0a37d968cd79dc043b48f90f1ba4135491f Reading .../build/python-pyqt5-5.7/QtLocation/QtLocation.pro Project ERROR: Unknown module(s) in QT: location Signed-off-by: -
Joseph Kogut authored
Mesa chooses the first platform specified in -Dplatforms as the default EGL native platform. [0] Configure Options -D platforms=... List the platforms (window systems) to support. Its argument is a comma separated string such as -D platforms=x11,drm. It decides the platforms a driver may support. The first listed platform is also used by the main library to decide the native platform. This has the effect of breaking EGL applications running on X11 and possibly Wayland when the first platform specified isn't x11 or wayland, and EGL_PLATFORM isn't set. Reorder the specified platforms to use x11, wayland, and drm before surfaceless, as this is the order chosen by other common distributions, such as Arch Linux [1], Debian [2], and Fedora [3]. Users preferring drm or surfaceless over x11 or wayland likely know how to override the native EGL platform, and likely have x11 and wayland disabled anyway. [0] https://www.mesa3d.org/egl.html [1] https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/mesa#n45 [2] https://salsa.debian.org/xorg-team/lib/mesa/-/blob/fb8c1efb57ea8106525ed01c41218164f8be7f3b/debian/rules#L38 [3] https://src.fedoraproject.org/rpms/mesa/blob/master/f/mesa.spec#_337 Signed-off-by:Joseph Kogut <joseph.kogut@gmail.com> Signed-off-by:
-
- May 15, 2020
-
-
Thomas Petazzoni authored
In fact, nanopi_neo4 does not need pylibfdt or pyelftools, but only a host Python interpreter, to run ./arch/arm/mach-rockchip/make_fit_atf.py. Since upstream U-Boot commit f05d5743567984b4fff6a862fc0f42760ff135da, this script no longer needs pyelftools. However, since upstream commit 6d06ea34239ab5099783ce588ad4aead96e1fccb (merged in U-Boot 2020.01), it requires Python 3.x. Signed-off-by:
-
Thomas Petazzoni authored
In fact, roc_pc_rk3399 does not need pylibfdt or pyelftools, but only a host Python interpreter, to run ./arch/arm/mach-rockchip/make_fit_atf.py. Since upstream U-Boot commit f05d5743567984b4fff6a862fc0f42760ff135da, this script no longer needs pyelftools. However, since upstream commit 6d06ea34239ab5099783ce588ad4aead96e1fccb (merged in U-Boot 2020.01), it requires Python 3.x. Signed-off-by:
-
Thomas Petazzoni authored
Since the bump to U-Boot 2020.01 in commit e210080d, it needs Python 3.x on the host. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/535054357 Signed-off-by:
Clément Péron <peron.clem@gmail.com> [yann.morin.1998@free.fr: update with the new NEEDS_PYTHON semantics] Signed-off-by:
-
Thomas Petazzoni authored
The olimex_a20_olinuxino_lime{,2}_defconfig uses U-Boot 2020.04 since commit 6b805c3a. This new U-Boot version needs Python 3.x for pylibfdt. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/535054468 https://gitlab.com/buildroot.org/buildroot/-/jobs/535054466 Signed-off-by: -
Thomas Petazzoni authored
U-Boot versions newer than 2020.01 use Python 3.x instead of Python 2.x in various scripts. We already had the BR2_TARGET_UBOOT_NEEDS_PYLIBFDT and BR2_TARGET_UBOOT_NEEDS_PYELFTOOLS options, but depending on the U-Boot version, we now need to indicate if Python 2.x or Python 3.x should be used. In addition, it turns out that some U-Boot configurations need a Python interpreter, without needing pylibfdt or pyelftools. Some of our defconfigs were abusing the BR2_TARGET_UBOOT_NEEDS_PYLIBFDT option to make sure a Python interpreter was built. To solve this issue, we introduce a choice, that let the users specify what, if any, host python version is needed. The default is 'no', to preserve the previous behaviour, unless any of the pylibfdt or the pyelftools options is enabled, in which case we hide the 'no' option, and use python 2 by default. This dfault is guaranteed by the order of options in the choice. Signed-off-by:
-
Thomas Petazzoni authored
We will need this Python 3.x variant of the host-python-pyelftools package to be able to build some recent versions of U-Boot (>= 2020.01). Signed-off-by:
-
James Hilliard authored
Drop patch that is now upstream. Signed-off-by:
-
Matt Weber authored
Add conditional support to allow the module tools to use openssl on target to inspect the signature of signed modules. If openssl is not enabled the modinfo will show a hash algo as unknown. Signed-off-by:
Matthew Weber <matthew.weber@rockwellcollins.com> Tested-by:
-
