Fixes the following security issues:
ZDI-CAN-21443: Heap-based buffer overflow in the RealMedia file demuxer when
handling malformed files in GStreamer versions before 1.22.5 / 1.20.7.
https://gstreamer.freedesktop.org/security/sa-2023-0004.html
ZDI-CAN-21444: Heap-based buffer overflow in the RealMedia file demuxer when
handling malformed files in GStreamer versions before 1.22.5 / 1.20.7.
https://gstreamer.freedesktop.org/security/sa-2023-0005.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2023-37327: Heap-based buffer overflow in the FLAC parser when
handling malformed image tags in GStreamer versions before 1.22.4 / 1.20.7.
https://gstreamer.freedesktop.org/security/sa-2023-0001.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2023-37328: Heap-based buffer overflow in the subparse subtitle
parser when handling certain SRT subtitle files in GStreamer versions before
1.22.4 / 1.20.7.
https://gstreamer.freedesktop.org/security/sa-2023-0002.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update hash of license file (modern MIT license text used since
6d077838f7)
https://c-ares.org/changelog.html#1_20_1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The gpt-auto-generator can generate the boot.mount unit, which reports
an error if this directory can't be created (if / is read-only). There
is no reason not to create this directory, even if the platform doesn't
actually have a boot partition that can be mounted there.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
journald will always have a runtime log in /run/systemd/journal,
and a persistent one in /var/log/journal under certain conditions.
By default it will check for the existence of that directory.
When /var is not backed by mass-storage you typically don't want your
log duplicated and journald should be tuned to account for
having only RAM available.
With this commit, the directory will no longer be created automatically,
but instead it's created only if the root filesystem is writeable.
It is rather easy for users to opt-in by either creating that directory
(e.g. with a tmpfiles fragment) or editing /etc/systemd/journald.conf.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The mode should reflect the mount directory,
and 755 is the default - so drop the mount option.
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout:
- use a simple mount unit for
TestInitSystemSystemdRoFullOverlayfsVarBacking;
- change the test of TestInitSystemSystemdRoFullOverlayfsVarBacking to
check that the exact expected mount was performed;
- add a test of var backing with fstab instead of mount unit.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Systemd requires /var to be writeable [1]. With read-only rootfs, we
need a solution that makes sure /var is writeable. We already have a
solution using a factory, with systemd-tmpfiles. This approach has a few
limitations:
- The behaviour of what happens when the rootfs is updated and the
contents of the factory /var changes are not very intuitive.
- systemd-tmpfiles is not started super early in the boot, so there's a
relatively long time that /var is not writeable. There is also no easy
way in systemd to express dependencies on the subdirectories of /var
to have been populated from the factory.
- The contents of /var is duplicated. If it is big, the rootfs size
increases unnecessarily and it takes a long time before the copying is
done. This is also not done atomically.
This commit adds an alternative using an overlay filesystem that has the
following characteristics:
- Don't depend on anything being available, except the
API File Systems [2]. In other words, this can be done very early in
the boot process. This is useful because /var is meant to be
available before normal and even some early services are running.
- Be a clean drop-in, that can be trivially added / removed.
- Make sure that overlayfs is available in the kernel.
- Units are (partially) reusable for custom solutions. This goal is
actually not fully reached yet: for that the service file should be
converted into a template, and the mount unit should use a specifier
for all repeated references to /var.
Mounting the overlay is slightly acrobatic and requires a few steps:
- First, we have to make sure the directories for overlayfs's upper,
lower and work directories are available on a tmpfs. Note that
"upper" and "work" must be on the same filesystem.
- The writeable overlay upper directory must be mounted.
- The original contents of /var must be bind-mounted to the overlay
lower directory.
- Finally, the overlay must be mounted on /var.
For the overlayfs directories, we create a tree on /run. Since there is
no standard name convention for this, we create a new directory
"/run/buildroot" with subdirectory "mounts" for everything
mount-related. Below that, a subdirectory is created for every mount
point that needs helper directories. Thus, we arrive to
/run/buildroot/mounts/var as the base directory for the overlay. Below
this, the directories lower, upper and work are created.
The bind-mount of /var is done in the same service as the one creating
the overlay lower, upper and work directories. Creating those
directories can't be done in a mount unit, and bind-mounting /var in a
mount unit would create a circular dependency. Indeed, if we had a mount
unit to do the bind mount, then it sould look like:
# run-buildroot-mounts-var-lower.mount
[Mount]
What=/var
Where=/run/buildroot/mounts/var/lower
Options=bind
and then the var.mount unit would need to have a dependency on that
unit:
# var.mount
[Unit]
After=run-buildroot-mounts-var-lower.mount
[Mount]
Where=/var
However, the What=/var of the first unit automatically adds an implicit
dependency on /var, and since there is a unit providing Where=/var, we
would have run-buildroot-mounts-var-lower.mount depend on var.mount, but
we need var.mount to depend on run-buildroot-mounts-var-lower.mount, so
this is a circular dependency. There is no way to tell systemd no to add
the implicit dependency. So we do the bind mont manually in the service
unit that prepares the overlay structure.
For the writeable upper layer, we don't need to do anything. In the
default configuration, the upper layer is supposed to be a tmpfs, and
/run/buildroot/mounts/var/upper is already a tmpfs so it can serve as
is. To make it persistent, we suggest to the user to mount a writeable,
persistent filesystem on /run/buildroot/mounts/var. The
RequiresMountsFor dependency in the prepare-var-overlay service makes
sure that that mount is performed before the overlay is started. Using
/run/buildroot/mounts/var/upper as the mount point sounds more logical
at first, but since the work directory is supposed to be on the same
filesystem as the upper directory, this wouldn't work very well.
As example, consider using /dev/sdc1 as upper layer for var, this can be
achieved by adding the following line to fstab:
/dev/sdc1 /run/buildroot/mounts/var ext4 defaults
Systemd will convert this into a mount unit with all the proper
dependencies.
Norbert provided some systemd units as a starting point, and that was
quite a huge help in understanding how to fit all those things together.
[1] - https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems/
Co-authored-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Norbert Lange <nolange79@gmail.com>
Cc: Romain Naour <romain.naour@smile.fr>
Cc: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout:
- Merge commit messages from Yann and from Norbert.
- Remove the run-buildroot-mounts-var.mount unit; instead, just reuse
the existing tmpfs for the upper layer in the default case.
- Update the help text to explain how to mount a custom upper layer
with fstab.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Currently, we have a single solution to handle the /var content on a
read-only root filesystem, and users can opt out of using it.
We're going to introduce another solution (based on an overlayfs), which
is incompatible with using the factory, so we'll have a choice of three
mutually exclusive options.
Introduce that choice now with just the existing /var factory, and a new
option to opt out of it.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Norbert Lange <nolange79@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Romain Naour <romain.naour@smile.fr>
Cc : Jérémy Rosen <jeremy.rosen@smile.fr>
Acked-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Fixes CVE-2023-39323: Line directives ("//line") can be used to bypass the
restrictions on "//go:cgo_" directives, allowing blocked linker and compiler
flags to be passed during compilation. This can result in unexpected
execution of arbitrary code when running "go build".
go1.21.2 (released 2023-10-05) includes one security fixes to the cmd/go
package, as well as bug fixes to the compiler, the go command, the linker,
the runtime, and the runtime/metrics package.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit b574a9606e (package/erlang: do not hard-code the Erlang
Interface Version (EI_VSN)) removed the need to care about keeping
the erlang version and its API version in sync, as the latter is
automatically extracted from installed files. The corresponding comment
was removed in that commit:
# Whenever updating Erlang, this value should be updated as well, to the
# value of EI_VSN in the file lib/erl_interface/vsn.mk
However, the removal of the comment above the package version was
leftover (probably because of a conflict with a version bump that was
improperly resolved).
Drop the comment now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
am62x_sk_defconfig should be ti_am62x_sk_defconfig
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 4cbc2af604 moved the nodejs patches
to the nodejs-src directory, but forgot to update .checkpackageignore
accordingly. Fix that, by running `make .checkpackageignore`.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The TestNodeJSModule test triggers the build of host-nodejs to be able
to install third party modules. Now that host-nodejs has two
providers, it makes sense to test both cases, so we duplicate
TestNodeJSModule into TestNodeJsModuleHostBin (which tests the
host-nodejs-bin) and TestNodeJSModuleHostSrc (which tests the
host-nodejs-src).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This package downloads the pre-built version of nodejs, if the host
platform supports it.
Reuse the variables defined in nodejs.mk.
For the definition of BR2_PACKAGE_PROVIDES_HOST_NODEJS, take care of
defaulting to host-nodejs-bin if host-nodejs is not selected at all.
This makes sure that in the future we will be able to run 'make
foo-source' for a package that uses nodejs vendoring, and it will use
the prebuilt nodejs to perform the vendoring.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout:
- update to 16.20.0 to match nodejs.mk - including hashes;
- add HOST_NODEJS_BIN_ACTUAL_SOURCE_TARBALL + hash;
- move to package/nodejs/nodejs-bin;
- drop DEVELOPERS change, it's already covered by package/nodejs;
- re-order the series;
- immediately add it as a virtual package provider;
- add prompt and helpt text to choice;
- select host-nodejs-bin as provider if host-nodejs is not selected at
all.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
host-nodejs is quite long to build (5 minutes on a very fast build
machine), and will become a download dependency when we implement
vendoring for NodeJS-based packages.
In order to mitigate this build time, an idea is to use a pre-compiled
host NodeJS. One option would be to use a pre-installed NodeJS, but
we're concerned by version compatibility issues of the host NodeJS/NPM
does not have the same version as the target NodeJS/NPM. So another
option is to use a pre-compiled NodeJS provided by the NodeJS project
itself.
To achieve this, this commit turns the host-nodejs package into a
virtual package. For the time being, this has just one provider:
host-nodejs-src, which builds host-nodejs from source. This is the
original host-nodejs package, renamed to host-nodejs-src.
The target nodejs package is also renamed to nodejs-src in order to have
a single package nodejs-src that has a host and target version, as
usual. We do keep the nodejs target package itself, but it's an empty
package - not even a virtual package. This means the following.
- Its VERSION, SOURCE and SITE variables are left empty. The existing
variables are renamed to NODEJS_COMMON_VERSION etc. to allow them to
be reused by nodejs-src and the future nodejs-bin.
- It's a generic package with a single dependency, nodejs-src.
- The Config.in remains unchanged, except that it selects
BR2_PACKAGE_NODEJS_SRC.
- BR2_PACKAGE_NODEJS_SRC is a blind option.
Co-authored-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Later we will change host-nodejs into a virtual package with the option
to download the binary, or to build from source. Those two
implementations will share version etc., so we want them in a
subdirectory in order to guarantee order of inclusion.
As a preparatory step, move the existing, single nodejs implementation
down into a subdirectory.
The definitions in nodejs.mk that will later be shared between the
source and binary variants of the package stay in
package/nodejs/nodejs.mk; the rest moves down to
package/nodejs/nodejs/nodejs.mk.
The hash file will be shared between the implementations and therefore
stays in package/nodejs/nodejs.hash. package/nodejs/nodejs/nodejs.hash
is a symlink to it.
The Config.in and Config.in.host don't move. The two implementations
will only have blind options.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Bumb rwmem to the latest version. The main reason to bumb is to get a
fix for a compilation issue present when compiling with gcc-13 (need to
include <cstdint>).
As the project has moved to C++20, we need to adjust the Config.in
accordingly.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes: 74b50d553e ("package/tbb: bump to version 2021.10.0.")
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2023-4527: If the system is configured in no-aaaa mode via
/etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address
family, and a DNS response is received over TCP that is larger than
2048 bytes, getaddrinfo may potentially disclose stack contents via
the returned address data, or crash.
CVE-2023-4806: When an NSS plugin only implements the
_gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use
memory that was freed during buffer resizing, potentially causing a
crash or read or write to arbitrary memory.
CVE-2023-5156: The fix for CVE-2023-4806 introduced a memory leak when
an application calls getaddrinfo for AF_INET6 with AI_CANONNAME,
AI_ALL and AI_V4MAPPED flags set.
CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
environment of a setuid program and NAME is valid, it may result in a
buffer overflow, which could be exploited to achieve escalated
privileges. This flaw was introduced in glibc 2.34.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Removed patch which was backported from upstream and is now included
in this release.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Peter: drop CVE ignore for patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The tag we currently use no longer exists in the upstream repository, as
the history has ben "rewritten":
https://github.com/drowe67/codec2/issues/5
Bump to the latest (and only) tag in the new repository.
Release notes: https://github.com/drowe67/codec2/releases/tag/1.2.0
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[yann.morin.1998@free.fr: explain about missing tag]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes:
http://autobuild.buildroot.net/results/5676609b6331b645f2e557aca67afe4c3a087433/
Fix a build failure for --without-gd builds since the bump to 5.4.9 with
commit 6dc3d3c360 (package/gnuplot: bump version to 5.4.9):
In file included from term.h:298,
from term.c:1211:
../term/post.trm:4016:11: error: expected declaration specifiers or '...' before string constant
4016 | fputs("%%%%BeginImage\n", gppsfile);
Add a patch fixing that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2022-44792 handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c
in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can
be used by a remote attacker (who has write access) to cause the
instance to crash via a crafted UDP packet, resulting in Denial of
Service.
CVE-2022-44793 handle_ipv6IpForwarding in
agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a
NULL Pointer Exception bug that can be used by a remote attacker to
cause the instance to crash via a crafted UDP packet, resulting in
Denial of Service.
The pgp key was changed [0] as the old one expired [1].
[0]: 90a6d98aae/
[1]: https://github.com/net-snmp/net-snmp/issues/595
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>