Fixes the following security issues:
CVE-2020-14367: Insecure writing of pidfile
-------------------------------------------
When chronyd is configured to save the pidfile in a directory where the
chrony user has write permissions (e.g. /var/run/chrony - the default
since chrony-3.4), an attacker that compromised the chrony user account
could create a symbolic link at the location of the pidfile to make
chronyd starting with root privileges follow the symlink and write its
process ID to a file for which the chrony user doesn't have write
permissions, causing a denial of service, or data loss.
This issue was reported by Matthias Gerstner of SUSE.
For further details, see the oss-security posting:
https://www.openwall.com/lists/oss-security/2020/08/21/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 15484553f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build can fail if opencv3 is built before gst1-plugins-bad because
-Dopencv=disabled does not work in meson (i.e. since commit
5d6c408e95)
Fixes:
- http://autobuild.buildroot.org/results/19605057c4956d97e9e65068680485db637282db
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a4bd80de75)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is no target elixir package, so setting a value to
ELIXIR_DEPENDENCIES has no effect, HOST_ELIXIR_DEPENDENCIES must be
used instead.
Fixes:
http://autobuild.buildroot.net/results/a3a37eb724ca5689f8e83c9b2af04d07afa80315/
Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d059946df0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html
Fixes the following CVEs:
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6db0ea91ef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix a bunch of CVEs: CVE-2020-16287, CVE-2020-16288, CVE-2020-16289,
CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293,
CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297,
CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301,
CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305
CVE-2020-16308, CVE-2020-16309, CVE-2020-17538
PKGCONFIG must be passed since version 9.51 and
2d84ecc578
Also drop patch (already in version) and update indentation in hash file
(two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e90c68e775)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
DPDK support is available since version 5.11.0 and
00cbd4d2c0
It depends on jansson and is currently enabled by default raising the
following build failure on musl:
src/dpdk_telemetry.c:43:10: fatal error: sys/unistd.h: No such file or directory
#include <sys/unistd.h>
^~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/aafb8c72f147fefc7a988c45e4dc17de48b07a95
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 44e0b6014f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
__sync builtins have been dropped since version 0.24.0 and
c3205d294e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c6c381c483)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Maxime Ripard is no longer at Bootlin, his e-mail is bouncing:
<maxime.ripard@bootlin.com>: host spool.mail.gandi.net[217.70.178.1] said: 550
5.1.1 <maxime.ripard@bootlin.com>: Recipient address rejected: User unknown
in virtual mailbox table (in reply to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3a4053b585)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit 4a40d36f13
("support/testing: switch to Python 3 only") our runtime testing
infrastructure is Python 3.x only.
Therefore, it is no longer needed to have python-nose2 and
python-pexpect in the Docker container used to run our Gitlab CI jobs.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 23f7fa874b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
support/scripts/pkg-stats now uses some Python 3.x only constructs
("async" and related keywords), so we must use the Python 3.x flake8.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 385c4da3dd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Raw strings need to be used when calling re.compile() otherwise Python
3.x flake8 complains with:
W605 invalid escape sequence '\s'
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 163f160a8e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use ac_cv_func_working_mktime=yes to force the use of a provided
mktime implementation instead of compiling the failing own one.
Fixes:
http://autobuild.buildroot.net/results/5bcd8f4235002da682cc900f866116d2fe87f1c8
mktime.c: In function 'ydhms_diff':
mktime.c:106:52: error: size of array 'a' is negative
#define verify(name, assertion) struct name { char a[(assertion) ? 1 : -1]; }
^
mktime.c:170:3: note: in expansion of macro 'verify'
verify (long_int_year_and_yday_are_wide_enough,
^~~~~~
with the failure/assert comming from the lines:
verify (long_int_year_and_yday_are_wide_enough,
INT_MAX <= LONG_MAX / 2 || TIME_T_MAX <= UINT_MAX);
which fails since the y2038 time_t conversion from 32bit to 64bit
(musl libc).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ea2f52494c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes compile errors against certain kernels.
Signed-off-by: Christian Stewart <christian@paral.in>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d83e94ed82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openssl is an optional dependency that is enabled by default since
version 0.7.0 and
23db5e3fd9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c20798bca2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
EAP-TEAP support in hostapd/wpa_supplicant fails to build with internal
TLS implementation. This patch disables TEAP support in wpa_supplicant
when internal TLS implementation is selected. Similar fix for hostapd
package has already been merged to Buildroot: see commit 47d14e3b1c
("package/hostapd: disable TEAP for internal TLS implementation").
TEAP is still an experimental feature that is not recommmended for
production use. Currently it should not be used for anything else
than experimentation and interoperability testing. Those who needs
experimenting with TEAP are encouraged to enable openssl in their
buildroot configuration.
Fixes:
http://autobuild.buildroot.net/results/e83613c06041a60f89da787f4ebf876245713cd2/
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bb27efbce7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A memory corruption issue was found in Artifex Ghostscript 9.50 and
9.52. Use of a non-standard PostScript operator can allow overriding of
file access controls. The 'rsearch' calculation for the 'post' size
resulted in a size that was too large, and could underflow to max
uint32_t. This was fixed in commit
5d499272b95a6b890a1397e11d20937de000d31b.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 13ddfcdce7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The live555 source code includes both a COPYING file (with the GPL-3.0
license text) and a COPYING.LESSER file (with the LGPL-3.0 license
text). However, all source files indicate a LGPL-3.0 license, and none
of them indicate a GPL-3.0 license. In addition,
http://live555.com/liveMedia/faq.html#copyright-and-license says the
source code is under the LGPL.
So, we:
- Bump LGPL License to 3.0+
- Add a comment about the GPL-3.0 license
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=13156
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 650c5408bd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- fixes compile against linux-5.4.x
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 854b98408c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9ffcd9279e wrongly added a
linux-headers dependency when switching to meson.
Remove it as headers are always provided by the toolchain.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d1d89d37c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows
context-dependent attackers to cause a denial of service (segmentation
fault and application crash) via a crafted image entry offset in an
ICO file, which triggers an out-of-bounds read, related to compiler
optimizations.
- Fix CVE-2017-6313: Integer underflow in the load_resources function in
io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a
denial of service (out-of-bounds read and program crash) via a crafted
image entry size in an ICO file.
- Fix CVE-2017-6314: The make_available_at_least function in io-tiff.c
in gdk-pixbuf allows context-dependent attackers to cause a denial of
service (infinite loop) via a large TIFF file.
Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d455914332)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even though librtlsdr was initially introduced by Jason Pruitt in
2014, and Jason is still listed in the DEVELOPERS file for this
package, in recent times it's mainly Gwenhael who has been taking of
this package. Let's reflect that in the DEVELOPERS file so that
Gwenhael gets notified when there are librtlsdr issues.
Cc: Jason Pruitt <jrspruitt@gmail.com>
Cc: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 72df067afe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit slightly improves the output of pkg-stats by showing the
progress of the upstream URL checks and latest version retrieval, on a
package basis:
Checking URL status
[0001/0062] curlpp
[0002/0062] cmocka
[0003/0062] snappy
[0004/0062] nload
[...]
[0060/0062] librtas
[0061/0062] libsilk
[0062/0062] jhead
Getting latest versions ...
[0001/0064] libglob
[0002/0064] perl-http-daemon
[0003/0064] shadowsocks-libev
[...]
[0061/0064] lua-flu
[0062/0064] python-aiohttp-security
[0063/0064] ljlinenoise
[0064/0064] matchbox-lib
Note that the above sample was run on 64 packages. Only 62 packages
appear for the URL status check, because packages that do not have any
URL in their Config.in file, or don't have any Config.in file at all,
are not checked and therefore not accounted.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5fea2e3997)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit reworks the code that checks if the upstream URL of each
package (specified by its Config.in file) using the aiohttp
module. This makes the implementation much more elegant, and avoids
the problematic multiprocessing Pool which is causing issues in some
situations.
Suggested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5c3221ac20)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit reworks the code that retrieves the latest upstream
version of each package from release-monitoring.org using the aiohttp
module. This makes the implementation much more elegant, and avoids
the problematic multiprocessing Pool which is causing issues in some
situations.
Since we're now using some async functionality, the script is Python
3.x only, so the shebang is changed to make this clear.
Suggested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 68093f4778)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog of this bugfix release:
https://www.php.net/ChangeLog-7.php#7.4.9
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 46ed4ac847)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
fsck.f2fs does not implement the returncodes from the fsck interface.
This is particularly bad if systemd is used with a root f2fs partition,
as it will interpret the rc as order to reboot.
for thread & pending upstream fix see:
https://sourceforge.net/p/linux-f2fs/mailman/message/37079401/
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5d8811eb87)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building with Boost Build the CXXFLAGS are extended depending
on the optimization level set. When not defined explicitly the
optimization level depends on the <variant>. For release it's 'speed'
and for debug it's set to 'off'
These flags overwrite the -O flag passed in with TARGET_CXXFLAGS as
it is appended when calling g++.
This commit sets the Optimization flags generated by Boost Build
to the value of TARGET_OPTIMIZATION no matter what level is used.
As Boost Build offers no nice way to alter those values the gcc
toolchain file is altered directly.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit af148ef4f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
U-Boot must use $(BR2_MAKE) as it uses a Make feature from v4.0. We
already use $(BR2_MAKE) in the BUILD_CMDS, but the kconfig commands
still uses $(MAKE). Without this fix, building U-Boot with kconfig will
fail with the following cryptic error.
> Makefile:37: *** missing separator. Stop.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 43dc2007a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The U-Boot package requires GNU Make v4.0 or later, and so all U-Boot
"make" commands must use "$(BR2_MAKE)" so they use the host-make
package. Currently pkg-kconfig is hardcoded to uses $(MAKE), so add a
way to support $(BR2_MAKE). The package infra for pkg-automake and
pkg-cmake have a similar problem, and they solved it by defining a
$(PKG)_MAKE variable, and allowing each package to override it.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e729d0d4b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If the less package is not enable and systemd is enabled,
then configure the less applet to fully work with systemd.
systemd sets the flags for less in an environment variable
and requires a few options for correct display.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c2caf816e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable this bootloader for cortex a7 based SoCs: support for the
sama7g5 SoC is now in upstream at91bootstrap3, and it is a Cortex-A7
based SoC.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 33003a47c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional
fix)
https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 79c9a82a10)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Cups service for systemv was erroneously installed in /etc/rcX.d and
therefore not working. Also, its init script installed in /etc/init.d
was definitely not a Buildroot-style init script.
This patch adds a Buildroot style init script instead of using the
example provided by the package.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 04226ac6b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2018-14553 : gdImageClone in gd.c in libgd 2.1.0-rc2 through
2.2.5 has a NULL pointer dereference allowing attackers to crash an
application via a specific function call sequence.
- Fix CVE-2019-6977: gdImageColorMatch in gd_color_match.c in the GD
Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch
function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14,
and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be
exploited by an attacker who is able to trigger imagecolormatch calls
with crafted image data.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6fa1a32dac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Details: https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
Fixes the following security issues:
* CVE-2020-10713
A flaw was found in grub2, prior to version 2.06. An attacker may
use the GRUB 2 flaw to hijack and tamper the GRUB verification
process. This flaw also allows the bypass of Secure Boot
protections. In order to load an untrusted or modified kernel, an
attacker would first need to establish access to the system such as
gaining physical access, obtain the ability to alter a pxe-boot
network, or have remote access to a networked system with root
access. With this access, an attacker could then craft a string to
cause a buffer overflow by injecting a malicious payload that leads
to arbitrary code execution within GRUB. The highest threat from
this vulnerability is to data confidentiality and integrity as well
as system availability.
* CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't
check for possible arithmetic overflows on the requested allocation
size. This leads the function to return invalid memory allocations
which can be further used to cause possible integrity,
confidentiality and availability impacts during the boot process.
* CVE-2020-14309
There's an issue with grub2 in all versions before 2.06 when
handling squashfs filesystems containing a symbolic link with name
length of UINT32 bytes in size. The name size leads to an
arithmetic overflow leading to a zero-size allocation further
causing a heap-based buffer overflow with attacker controlled data.
* CVE-2020-14310
An integer overflow in read_section_from_string may lead to a heap
based buffer overflow.
* CVE-2020-14311
An integer overflow in grub_ext2_read_link may lead to a heap-based
buffer overflow.
* CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create()
leading to a use-after-free vulnerability which can be triggered by
redefining a function whilst the same function is already
executing, leading to arbitrary code execution and secure boot
restriction bypass
* CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd
and grub_initrd_init in the efilinux component of GRUB2, as shipped
in Debian, Red Hat, and Ubuntu (the functionality is not included
in GRUB2 upstream), leading to a heap-based buffer overflow. These
could be triggered by an extremely large number of arguments to the
initrd command on 32-bit architectures, or a crafted filesystem
with very large files on any architecture. An attacker could use
this to execute arbitrary code and bypass UEFI Secure Boot
restrictions. This issue affects GRUB2 version 2.04 and prior
versions.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2f7a8021b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
