Open-Source IPA shlibs need to be signed in order to be runnable within
the same process, otherwise they are deemed Closed-Source and run in
another process and communicate over IPC.
The shlib installed on the target should be the same as the one signed
by libcamera during package creation otherwise the signature won't match
the shlib.
Buildroot sanitizes RPATH in a post build process. meson gets rid of
rpath while installing so we don't need to do it manually.
Buildroot may strip symbols, so we need to do the same before signing.
Signing the IPA shlibs is done by the meson install target, so we need
to strip the IPA shlibs, so after the build but before the install,
which a post-build hooks fits the best.
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
[yann.morin.1998@free.fr: slight rewording of commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since the addition of the package
in commit 776385d645:
CMake Error: The following variables are used in this project, but they are set to NOTFOUND.
Please set them or make sure they are set and tested correctly in the CMake files:
OPENSSL_CRYPTO_LIBRARY (ADVANCED)
linked by target "uuu" in directory /home/buildroot/autobuild/instance-0/output-1/build/host-uuu-1.4.193/uuu
OPENSSL_SSL_LIBRARY (ADVANCED)
linked by target "uuu" in directory /home/buildroot/autobuild/instance-0/output-1/build/host-uuu-1.4.193/uuu
Fixes:
- http://autobuild.buildroot.org/results/2f05bc67112a59eba8f59ff707e43d76e41dbad1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The c_rehash script allows command injection (CVE-2022-2068)
============================================================
Severity: Moderate
In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the
shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
https://www.openssl.org/news/secadv/20220621.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The custom tarball option should be given a URL pointing to an OP-TEE OS
tarball and not a "kernel" one.
Fixes: 9c79b369d6 "boot/optee-os: add support for custom tarball URL"
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Gaël Portay is apparently no longer at Collabora:
<gael.portay@collabora.com>: host mail.collabora.co.uk[46.235.227.172] said:
550 5.1.1 <gael.portay@collabora.com>: Recipient address rejected: User
unknown in local recipient table (in reply to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=14881
The package provides a library and a .pc file, so install it into staging as
well.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-2085: A NULL pointer dereference vulnerability was found in
Ghostscript, which occurs when it tries to render a large number of bits
in memory. When allocating a buffer device, it relies on an
init_device_procs defined for the device that uses it as a prototype
that depends upon the number of bits per pixel. For bpp > 64,
mem_x_device is used and does not have an init_device_procs defined.
This flaw allows an attacker to parse a large number of bits (more than
64 bits per pixel), which triggers a NULL pointer dereference flaw,
causing an application to crash.
Drop patch (already in version)
https://www.ghostscript.com/doc/9.56.0/News.htmhttps://www.ghostscript.com/doc/9.56.1/News.htm
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch fixes the DP audio and video PLL configurations for the zynqmp-sm-k26-revA som.
It needs to be applied for both the kv260 and kr260 starter kits.
The Linux DP driver expects the DP to be using the following PLL config:
- DP video PLL should use the VPLL (0x0)
- DP audio PLL should use the RPLL (0x3)
- DP system time clock PLL should use RPLL (0x3)
Register 0xFD1A0070 configures the DP video PLL.
Register 0xFD1A0074 configures the DP audio PLL.
Register 0xFD1A007C configures the DP system time clock PLL.
This patch was build and run tested on a zynqmp-kria-kv260 target board.
Upstream-Status: submitted (https://lore.kernel.org/all/fa7e9abc419c9d7648405d1c62367dbe701d09b8.1652709736.git.michal.simek@amd.com/)
This patch will be removed from buildroot in a future release when no longer necessary.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch fixes an ATF issue by building the ATF for uart1 instead
of uart0 for the Kria KV260 Starter Kit.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch improves the documentation for kria k26 som qspi programming.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
[Peter: drop trailing spaces]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use official tarball and so drop UUU_SET_VERSION
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch site to get latest release
- Switch to meson-package (autotools dropped since version 0.99.14)
- libusb is not a dependency since
64582256a8
- Update indentation in hash file (two spaces)
https://gitlab.freedesktop.org/upower/upower/-/blob/v0.99.19/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: also update thermald dependencies]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
nginx has been replaced by f5 since February 2022:
<cpe-item name="cpe:/a:nginx:nginx:1.18.0" deprecated="true" deprecation_date="2022-02-22T19:26:32.967Z">
<reference href="https://nginx.org/en/CHANGES-1.18">Change Log</reference>
<cpe-23:cpe23-item name="cpe:2.3🅰️nginx:nginx:1.18.0:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3🅰️f5:nginx:1.18.0:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Af5%3Anginx
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-45386: tcpreplay 4.3.4 has a Reachable Assertion in
add_tree_ipv6() at tree.c
- Fix CVE-2021-45387: tcpreplay 4.3.4 has a Reachable Assertion in
add_tree_ipv4() at tree.c.
https://github.com/appneta/tcpreplay/blob/v4.4.1/docs/CHANGELOG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>