Fix CVE-2023-45158: An OS command injection vulnerability exists in
web2py 2.24.1 and earlier. When the product is configured to use
notifySendHandler for logging (not the default configuration), a crafted
web request may execute an arbitrary OS command on the web server using
the product.
https://jvn.jp/en/jp/JVN80476432https://github.com/web2py/web2py/compare/v2.24.1...v2.26.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
cpe:2.3🅰️lwp\:\:protocol\:\:https_project:lwp\:\:protocol\:\:https is a
valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/detail/804408BE-097D-4FE3-B6DB-29324871C6B9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also, introduce a new test in support/testing/tests/init/test_openrc.py that
ensures split-user support works properly.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
OpenRC has not been updated for quite some time, and much has changed.
- Convert to a meson package.
- Update the license hash as the year has changed from 2015 to 2023.
- Introduce one new patch:
- 0007-allow-setting-rc_libexecdir-path.patch: Introduces the previous
behavior of setting the rc directory to /usr/libexec/rc.
(Upstream: Upstream: https://github.com/OpenRC/openrc/pull/443)
- Install the sysv-rcs script in the new OPENRC_INSTALL_SYSV_RCS_SCRIPT
post install hook as the OPENRC_BUILD_CMDS define no longer exists.
Tested with tests.init.test_openrc all tests pass.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is bugfix release of stable libmdbx branch, on the day of the 100th
anniversary of the birth of the outstanding Soviet and Russian scientist
and engineer Vladimir Fedorovich Utkin.
It is reasonable to backport this patch to all applicable releases/branches of Buildroot.
The most significant fixes of v0.12.8:
- Fixed regression of mdbx_put(MDBX_MULTIPLE) during batch/bulk
insertion of multi-values (aka "dupsort").
- Implemented overwriting in mdbx_put(MDBX_CURRENT) of all current
multi-key values in the absence of the flag MDBX_NOOVERWRITE.
- Added the ability to use mdbx_cursor_get(MDBX_GET_MULTIPLE) without
first setting the cursor, combining the batch data getting operation
with positioning the cursor.
- Micro-optimization and refactoring cursor_put_nochecklen().
- Clarifying the wording in the API description, including explanation
about SIGSEGV and not allowing direct data changes.
The complete ChangeLog: https://gitflic.ru/project/erthink/libmdbx/blob?file=ChangeLog.md
Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
OpenJDK 21 is out and with it, OpenJDK11 is now EOL.
See: https://endoflife.date/oracle-jdk As such, drop support for 11 and do the
following:
- The 0001-Add-ARCv2-ISA-processors-support-to-Zero.patch patch now applies to
both 17 and 21. Move it out of the version-specific directoriy.
- BR2_OPENJDK_VERSION_LTS is now set to 17.
- BR2_OPENJDK_VERSION_LATEST is now set to 21.
- Drop --disable-hotspot-gtest as it has been removed, and was ignored in 17.
- Add two separate HOST_OPENJDK_BIN_VERSION defines in openjdk-bin.mk as
there is not a point release yet for OpenJDK 21.
- Update the expectedVersion variable in JniTest.java from 0x000A0000 to
0x00150000
Tested with:
./support/testing/run-tests tests.package.test_openjdk.TestOpenJdk.test_run
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- bump to version 6.1
- updated makefile to download source from
https://download.mono-project.com/sources/libgdiplus/
instead of github to avoid submodule build error
from ./update_submodules.sh
Signed-off-by: Kalpesh Panchal <kalpesh.panchal2@collins.com>
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following static build failure raised since commit
8144dd1b4c which fixed dynamic build but
broke static build:
src/seccomp_notify.c:10:10: fatal error: dlfcn.h: No such file or directory
10 | #include <dlfcn.h>
| ^~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/71b4f35b3150183c7b44bc3897f01b0019e10ebe
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
conmon unconditionally uses seccomp_notif_sizes which is only available
since kernel 5.0 and
6a21cc50f0
resulting in the following build failure since the addition of the
package in commit 06f50ff1bf:
In file included from src/seccomp_notify.h:4,
from src/seccomp_notify.c:26:
src/seccomp_notify_plugin.h:33:78: warning: 'struct seccomp_notif_sizes' declared inside parameter list will not be visible outside of this definition or declaration
33 | typedef int (*run_oci_seccomp_notify_handle_request_cb)(void *opaque, struct seccomp_notif_sizes *sizes, struct seccomp_notif *sreq,
| ^~~~~~~~~~~~~~~~~~~
src/seccomp_notify.c:47:36: error: field 'sizes' has incomplete type
47 | struct seccomp_notif_sizes sizes;
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/cbfa2f3a585b7feecd902137bc589a1ec15cbefe
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Checkpoint/Restore In Userspace (CRIU), is a software tool for the
Linux operating system to make it possible to freeze a running
application and checkpoint it to persistent storage as a collection of files.
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
[yann.morin.1998@free.fr:
- BR2_ARM_CPU_ARMV8M does not exist
- BR2_BR2_powerpc64le misspelled
- move all arch dependencies to BR2_PACKAGE_CRIU_ARCH_SUPPORTS
- comment hidden with arch dependencies
- select host-python3, don't depend on it
- extend legal-info: LPLG-2.1 for lib/, MIT for images/
- PREFIX is also used at compile time for PLUGINDIR
- copy .proto file, rather than symlinking
- wrap long lines
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
zenoh-pico is the Eclipse zenoh implementation that targets constrained
devices and offers a native C API. It is fully compatible with its main
Rust Zenoh implementation, providing a lightweight implementation of
most functionalities.
https://github.com/eclipse-zenoh/zenoh-pico
Signed-off-by: Alex Michel <alex.michel@wiedemann-group.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with gcc >= 13:
In file included from /home/buildroot/autobuild/instance-1/output-1/build/reproc-14.2.4/reproc++/src/reproc.cpp:1:
/home/buildroot/autobuild/instance-1/output-1/build/reproc-14.2.4/reproc++/include/reproc++/reproc.hpp:95:5: error: declaration of 'reproc::options::<unnamed struct> reproc::options::env' changes meaning of 'env' [-Wchanges-meaning]
95 | } env = {};
| ^~~
/home/buildroot/autobuild/instance-1/output-1/build/reproc-14.2.4/reproc++/include/reproc++/reproc.hpp:91:5: note: used here to mean 'class reproc::env'
91 | env::type behavior;
| ^~~
Fixes:
- http://autobuild.buildroot.org/results/11feca3698154c255938ab3b25a34429135c31f8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with gcc >= 13:
In file included from /home/thomas/autobuild/instance-1/output-1/build/snort3-3.1.40.0/src/packet_io/sfdaq_config.cc:25:
/home/thomas/autobuild/instance-1/output-1/build/snort3-3.1.40.0/src/packet_io/sfdaq_config.h:59:25: error: 'uint32_t' has not been declared
59 | void set_batch_size(uint32_t);
| ^~~~~~~~
/home/thomas/autobuild/instance-1/output-1/build/snort3-3.1.40.0/src/packet_io/sfdaq_config.h:62:5: error: 'uint32_t' does not name a type
62 | uint32_t get_batch_size() const { return (batch_size == BATCH_SIZE_UNSET) ? BATCH_SIZE_DEFAULT : batch_size; }
| ^~~~~~~~
/home/thomas/autobuild/instance-1/output-1/build/snort3-3.1.40.0/src/packet_io/sfdaq_config.h:26:1: note: 'uint32_t' is defined in header '<cstdint>'; did you forget to '#include <cstdint>'?
25 | #include <vector>
+++ |+#include <cstdint>
26 |
Fixes:
- http://autobuild.buildroot.org/results/c91a74bad542f32693f2e31412fba70446fd3959
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add Upstream link to patch (even if it was rejected)
https://github.com/namhyung/uftrace/blob/v0.14/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version)
- Relicensing from LGPL-3.0+ to MPL-2.0:
da31917f4fhttps://github.com/zeromq/libzmq/releases/tag/v4.3.5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
1.72 Added examples/smi/smi.c showing how to use new SMI bus support,
courtesy Benoit Bouchez. Added support for disabling
documentation genetration with "./configure --with-docs=no",
courtesy of Christian Zuckschwerdt.
1.73 Fixed some inconsistent indenting in bcm2835.c that triggers
warnings for some people. Added Timeout checks to
bcm2835_i2c_write() in case of IO problems. New reason cade
BCM2835_I2C_REASON_ERROR_TIMEOUT added. Patch courtesy Simon
Peacock.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build is failing with an unrecognised opcode error due to missing
`zicsr` extension requirement. This is introduced with GCC version 12.
When binutils was updated to v2.38 they updated to the default ISA spec
version 20191213. In this version the original i extension split into i,
Zicsr and Zifencei. A fix for this has been added since U-Boot version
2022.01 to detect new Zicsr and Zifencei extensions and enable it when needed
therefore, an updated U-Boot tag to our latest 2023.09 release will fix
this as in our latest release we have updated to U-Boot version 2023.07.
Update the kernel verion in line with the U-Boot release version to
ensure compatiblities and latest features and fixes are included.
Remove riscv_g selection as it is now selected by default.
Signed-off-by: Jamie Gibbons <jamie.gibbons@microchip.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
aespipe-v2.4g October 23 2023
- Added configure script autodetection for -fno-strict-aliasing compile
flag. This option is needed with some compilers that miscompile code
when link-time-optimization is used.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patches (already in version)
- C++14 is mandatory since version 7.1.0
https://github.com/DOCGroup/ACE_TAO/blob/ACE%2BTAO-7_1_1/ACE/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the generic package infrastructure removed auto derivation of
host dependencies [1] (2016.08), the host dependencies must be
explicitly set.
While adding the nettle host variant [2] the gmp dependency was not
duplicated and host-nettle was built without host-gmp (or built with
gmp installed on the build machine).
While building host-gnutls required for building mkeficapsule u-boot
tool, the configure script check if Libhogweed (nettle's companion
library) is build with libgmp support.
If internal toolchain is used, luckily host-gmp is built before
building host-nettle (and host-gnutls). But when using prebuilt
external toolchain, following error shows up :
Libhogweed (nettle's companion library) 3.6 was not found. Note that you must compile nettle with gmp support.
[1] 4bdb067e38
[2] dac6e30118
[3] eb24bfa808
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
nettle uses m4 during its build process. Without it, the build fails
with:
m4 ./m4-utils.m4 ./asm.m4 config.m4 machine.m4 aes-decrypt-internal.asm >aes-decrypt-internal.s
/bin/sh: 1: m4: not found
For the target package this is not visible, as the existing gmp
dependency pulls in host-m4. But technically speaking, nettle needs
host-m4 directly, so it makes sense to have this dependency.
For the host package, it clearly fails to build, but probably isn't
very visible as most systems have m4 installed system-wide: this was
noticed when building inside Buildroot's minimal Docker
container. There are no recorded autobuilder failures for this issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update Sway to version 1.8.1, which brings a new release series to
Buildroot and can be built with wlroots 0.16.x
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update Cage to version 0.1.5, which is a bug fix release that
supports using wlroots 0.16.x.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to version 0.16.2, which brings in support for a few new Wayland
protocols, and improved input device and scene graph APIs. Applications
which use wlroots might need to be adapted, and at least rebuilt. The
only packages in Buildroot which use wlroots at the moment are the Cage
and Sway compositors, to be updated in follow-up patches.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with gcc >= 13:
In file included from ./Common/log.h:45,
from LinuxPBA/LinuxPBA.cpp:25:
./Common/DtaOptions.h:33:5: error: 'uint8_t' does not name a type
33 | uint8_t password; /**< password supplied */
| ^~~~~~~
./Common/DtaOptions.h:1:1: note: 'uint8_t' is defined in header '<cstdint>'; did you forget to '#include <cstdint>'?
Fixes:
- http://autobuild.buildroot.org/results/b6feb4fb33d595414b61174deb9867e8c30cd186
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since Qemu 6.0.0, a warning appear in the log if a short-form boolean
option is used. This was fixed by Romain for the main cmdline description
(see 04afe86cd7 ("board/qemu/arm-vexpress-tz: use enable=on")) but was
not updated in the alternate cmdlines for when using a dual console or
a GDB debug setup.
By the way, fix description mentioning qemu-system-arm command line option
-S that is an uppercase S, not a lower case s.
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bumps OP-TEE test package version to OP-TEE release 4.0.0.
Removes the local patch on OpenSSL support that has been integrated
into mainline repository before release tag 4.0.0.
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bumps OP-TEE OS package version to OP-TEE release 4.0.0.
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The docker-init is not intended to be a user-facing command, and as such
it is more appropriate for it to be found in /usr/libexec/ than in $PATH.
See:
6caaa8cadc5a998af6f5
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
[yann.morin.1998@free.fr: use mkdir -p, not install -d]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Medium] A fix was added, but still under review for completeness, for a
Bleichenbacher style attack, leading to being able to decrypt a saved
TLS connection and potentially forge a signature after probing with a
large number of trial connections. This issue is around RSA decryption
and affects static RSA cipher suites on the server side, which are not
recommended to be used and are off by default. Static RSA cipher suites
were also removed from the TLS 1.3 protocol and only present in TLS 1.2
and lower. All padding versions of RSA decrypt are affected since the
code under review is outside of the padding processing. Information
about the private keys is NOT compromised in affected code. It's
recommended to disable static RSA cipher suites and update the version
of wolfSSL used if using RSA private decryption alone outside of TLS.
https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.4-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>