Fixes the following security issues:
- The c_rehash script allows command injection (CVE-2022-1292)
The c_rehash script does not properly sanitise shell metacharacters to
prevent command injection. This script is distributed by some operating
systems in a manner where it is automatically executed. On such operating
systems, an attacker could execute arbitrary commands with the privileges of
the script.
Use of the c_rehash script is considered obsolete and should be replaced by
the OpenSSL rehash command line tool.
https://www.openssl.org/news/secadv/20220503.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If we don't have a DTS name or path we need to also disable cuimage
to disable DTS support as BR2_LINUX_KERNEL_CUIMAGE requires DTS
support.
Fixes:
linux/linux.mk:591: *** No kernel device tree source specified, check your BR2_LINUX_KERNEL_INTREE_DTS_NAME / BR2_LINUX_KERNEL_CUSTOM_DTS_PATH settings. Stop.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch migrates configs/zynqmp_zcu106_defconfig to tarballs for TF-A, u-boot and Linux.
This patch has zero change in code running on the device.
The goal is to improve build speed and align with the zynq_xxx_defconfigs.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch migrates configs/zynqmp_zcu102_defconfig to tarballs for TF-A, u-boot and Linux.
This patch has zero change in code running on the device.
The goal is to improve build speed and align with the zynq_xxx_defconfigs.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add TestZfsBase that contains the common parts of the test.
Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure with libressl raised since bump to
version 3.5.2 in commit 8b216927db:
lib/crypto/crypto.c: In function 'calc_mic':
lib/crypto/crypto.c:203:2: error: variable 'ctx' has initializer but incomplete type
203 | HMAC_CTX ctx = {0};
| ^~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/d8444dada84a54205273ac627d3e4f4692a55364
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If the kconfig values being replaced are not empty we should not
try to fix them.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
We can't enable lua and luajit at the same time as they both provide
the virtual luainterpreter package.
Fixes:
package/luajit/luajit.mk:80: *** Configuration error: both "luajit" and "lua" are selected as providers for virtual package "luainterpreter". Only one provider can be selected at a time. Please fix your configuration. Stop.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Internally genrandconfig will use gettimeofday when generating a
KCONFIG_SEED, since autobuild-run executes genrandconfig at the same
time for multiple autobuilder runners this could potentially result
in the same KCONFIG_SEED being generated for those test runs started
at the same time.
To ensure this doesn't happen set the KCONFIG_SEED using the urandom
entropy source.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently pillow doesn't correctly search pkg-config system paths
for some libraries which can prevent some libraries from being
properly detected/enabled in pillow.
This is due to pillow implementing custom header validation
checks which need system paths present to function correctly:
https://github.com/python-pillow/Pillow/blob/9.0.1/setup.py#L633
Removed custom BUILD_CMDS and INSTALL_TARGET_CMDS which were
causing python-pillow to be installed for the host, they are
not required, we just need to set build_ext at the start
of PYTHON_PILLOW_BUILD_OPTS instead.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
GNU Octave is a high-level language, primarily intended for numerical
computations. It provides a convenient command line interface for
solving linear and nonlinear problems numerically, and for performing
other numerical experiments using a language that is mostly compatible
with Matlab. It may also be used as a batch-oriented language. Octave
has extensive tools for solving common numerical linear algebra
problems, finding the roots of nonlinear equations, integrating
ordinary functions, manipulating polynomials, and integrating ordinary
differential and differential-algebraic equations. It is easily
extensible and customizable via user-defined functions written in
Octave's own language, or using dynamically loaded modules written in
C++, C, Fortran, or other languages.
https://www.octave.org/
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This package is moving to flit and distutils will be removed in a future
release. We need to use flit-bootstrap since host-python-pypa-build
depends on host-python-pep517.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Python DevMem is designed primarily for use with accessing
/dev/mem on OMAP platforms. It should work on other platforms
and work to mmap() files rather then just /dev/mem, but these
use cases aren't well tested.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The version is hard-coded in the CMakeList.txt, to 0.1.1dev, and has
not changed in the seven years that line was added. So we override it
with the actual version.
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When I wrote the previous commit, I was not fully focused and wrote:
-DDRIVER_NAME=$(FALCOSECURITY_LIBS_DRIVER_NAME.)
Which leaded to DRIVER_NAME to be empty.
So, it was not possible to use sysdig due to the following error message:
error opening device /dev/0. Make sure you have root credentials and that the module is loaded.
Fixes: ea86757e51 ("package/sysdig: bump to 0.29.1")
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch bumps configs/zynqmp_zcu106_defconfig to Xilinx software release 2022.1
which includes the following updates:
- TF-A release version 2.6
- U-Boot release version 2022.01
- Linux kernel release version 5.15.19
It is better to use a Xilinx official release version than sha tags.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps configs/zynqmp_zcu102_defconfig to Xilinx software release 2022.1
which includes the following updates:
- TF-A release version 2.6
- U-Boot release version 2022.01
- Linux kernel release version 5.15.19
It is better to use a Xilinx official release version than sha tags.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove upstream patch 0002-build-disable-fcf-protection-on-march-486-m16.patch
Handle new or removed configure options:
- disable dbus-display
- remove libxml2 configure option
Support for for ARMv4 and ARMv5 hosts has been dropped, Qemu target
package needs at least ARMv6. The architecture test is done at runtime,
so qemu package for ARMv4 or ARMv5 target would build but will error
out at runtime:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=01dfc0ed7f2c5f8dbab65f31228a2888c7b85a07
See:
https://wiki.qemu.org/ChangeLog/7.0
Runtime tested in gitlab:
https://gitlab.com/kubu93/buildroot/-/pipelines/520991787
Add a new patch fixing the build with seccomp support enabled.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use the same format introduced for BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS
in commit 65e05cd914.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The gcc toolchain is also released for an aarch64 host target and allow
that configuration to be used as part of the configuration. Tested on
on a aarch64 linux docker.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
From the release notes:
(See https://github.com/redis/redis/blob/7.0.0/00-RELEASENOTES)
Introduction to the Redis 7.0 release
=====================================
Redis 7.0 includes several new user-facing features, significant performance
optimizations, and many other improvements. It also includes changes that
potentially break backwards compatibility with older versions. We urge users to
review the release notes carefully before upgrading.
In particular, users should be aware of the following changes:
1. Redis 7 stores AOF as multiple files in a folder; see Multi-Part AOF below.
2. Redis 7 uses a new version 10 format for RDB files, which is incompatible
with older versions.
3. Redis 7 converts ziplist encoded keys to listpacks on the fly when loading
an older RDB format. Conversion applies to loading a file from disk or
replicating from a Redis master and will slightly increase loading time.
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The example applications, which are minimal, can be of great help in
understanding how the library works.
As there is no configure option to enable examples compilation, building
and installation instructions had to be added to libmnl.mk. By default,
which is always the case for buildroot, they are disabled.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This should have been BR2_TARGET_ROOTFS_EXT2 as the
BR2_TARGET_ROOTFS_EXT2_GEN variable is an integer variable used
to indicate the ext2/ext3/ext4 variant.
Fixes:
- http://autobuild.buildroot.net/results/5d7/5d7833212bd8a2b575945f848d8c91dabe7d3c30
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Github rockchip-linux doesn't provide libmali repository anymore and the
only up-to-date and maintained repository I've found is JeffyCN/mirrors
branch libmali that provide the identical situtation we were at with
previous repository, so let's switch to JeffyCN repository. This fixes
a build failure while trying to install rockchip-mali.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When BR2_TARGET_OPTEE_OS=y, mkimage_fit_atf.sh is executed with two additional
variables so that the ITS file contains an additional node for the TEE binary.
Then the TEE binary will be packaged into the ITB in addition to TF-A and
U-Boot.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Also, only host-python-installer itself needs to be added now.
host-python-flit-core is a dependency of host-python-installer so
doesn't need to be added explicitly.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This package is moving to flit and will soon be dropping distutils
compatibility support.
We need to use flit-bootstrap as opposed to the normal flit setup
type since host-python-pypa-build depends on host-python-installer.
We need to add the src directory to the PYTHONPATH so that installer
can run from the src directory when installing itself.
We need to explicitly add host-python-flit-core to the dependencies -
only host-python-installer is automatically added to the depenedencies
for flit-bootstrap packages, and this would create a circular dependency
so is explicitly excluded in the infra.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This adds the option to set systemd's default.target in
the System Configuration subheading if systemd is
specified as the init system.
The argument for default.target is specified pre-build
as opposed to overriding the hardcoded "multi-user.target"
symlink with post-build scripts or a rootfs overlay
Signed-off-by: Sen Hastings <sen@phobosdpl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
CONFIG_CRYPTO_AEAD2=y.
CONFIG_CRYPTO_AEAD2 and CONFIG_CRYPTO_SKCIPHER2 are needed to fix the
following build failure:
ERROR: modpost: "crypto_alloc_skcipher" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "scatterwalk_map_and_copy" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_ahash_final" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_aead_encrypt" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_aead_setkey" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_skcipher_decrypt" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_destroy_tfm" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_skcipher_setkey" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_aead_decrypt" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_aead_setauthsize" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
However, those options are not user-selectable. They are enabled by the
appropriate consumers of those cyphers. Since cryptodev is anyway meant
to give userspace access to kernel crypto (hardware), it makes sense to
enable CONFIG_CRYPTO. The easiest way to also get AEAD2 and SKCIPHER2 is
to enable CONFIG_CRYPTO_USER_API_AEAD as well.
Fixes:
- http://autobuild.buildroot.org/results/a06708369c233f6e60a1a3ffd7a77a4edd932c9a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>