Gitlab CI reported build failures for the sipeed RISC-V nommu boards
with the u-boot/sdcard enabled default configuration. The compilation
errors are related to the openssl/evp.h header file missing, e.g.:
In file included from tools/imagetool.h:24,
from tools/fit_common.c:20:
include/image.h:1166:12: fatal error: openssl/evp.h: No such file or
directory
1166 | # include <openssl/evp.h>
| ^~~~~~~~~~~~~~~
Fix this issue by adding BR2_TARGET_UBOOT_NEEDS_OPENSSL=y to the config
files so that host-openssl gets built as a dependency of U-Boot.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3134229992https://gitlab.com/buildroot.org/buildroot/-/jobs/3134229994https://gitlab.com/buildroot.org/buildroot/-/jobs/3134229996https://gitlab.com/buildroot.org/buildroot/-/jobs/3134229998
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Denial of service fixes:
Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
these could potentially be carried out by an authenticated remote
attacker.
• An invalid array of fixed-length elements where the length of the
array is not a multiple of the length of the element would cause an
assertion failure in debug builds or an out-of-bounds read in
production builds. This was a regression in version 1.3.0.
(dbus#413, CVE-2022-42011; Simon McVittie)
• A syntactically invalid type signature with incorrectly nested
parentheses and curly brackets would cause an assertion failure in
debug builds. Similar messages could potentially result in a crash or
incorrect message processing in a production build, although we are
not aware of a practical example. (dbus#418, CVE-2022-42010;
Simon McVittie)
• A message in non-native endianness with out-of-band Unix file
descriptors would cause a use-after-free and possible memory
corruption in production builds, or an assertion failure in debug
builds. This was a regression in version 1.3.0. (dbus#417,
CVE-2022-42012; Simon McVittie)
https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.12.24/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit ff0d534051 (package/iwd: bump version to 1.19), we are no
longer patching configure.ac, so autoreconfigure isn't needed anymore.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
[yann.morin.1998@free.fr: reword with reference to ff0d534051]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Provide a config option that allows the user to enable mmc's "dangerous
commands" if so desired. mmc-utils considers turning on permanent write
protection on a device a "dangerous command" and doesn't offer it by
default.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
[yann.morin.1998@free.fr:
- use if-endif block
- move closer to main option for proper indentation
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is a bug fix release. The changes are:
- extmod/machine_i2c: only use WRITE1 option if transfer supports it
This fixes the machine.SoftI2C.readfrom_mem() method on esp32, so it
writes the address to read from.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix memory leak in EdDSA verify processing. (CVE-2022-38178)
- Fix memory leak in ECDSA verify processing. (CVE-2022-38177)
- Fix serve-stale crash that could happen when
stale-answer-client-timeout was set to 0 and there was a stale CNAME
in the cache for an incoming query. (CVE-2022-3080)
- Prevent excessive resource use while processing large delegations.
(CVE-2022-2795)
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_33/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is stable bugfix release of libmdbx. So it is reasonable to backport
this patch to all applicable releases/branches of Buildroot.
Release notes for v0.11.12
--------------------------
Fixes:
- Fixed static assertion failure on platforms where the `off_t` type is wider
than corresponding fields of `struct flock` used for file locking (backport).
Now _libmdbx_ will use `fcntl64(F_GETLK64/F_SETLK64/F_SETLKW64)` if available.
- Fixed assertion check inside `page_retire_ex()` (backport).
Minors:
- Fixed `-Wint-to-pointer-cast` warnings while casting to `mdbx_tid_t` (backport).
- Removed needless `LockFileEx()` inside `mdbx_env_copy()` (backport).
The complete ChangeLog: https://gitflic.ru/project/erthink/libmdbx/blob?file=ChangeLog.md
Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release contains fixes for three minor memory safety problems.
None are believed to be exploitable, but we report most memory safety
problems as potential security vulnerabilities out of caution.
* ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
Reported by Qualys
* ssh-keygen(1): double free() in error path of file hashing step in
signing/verify code; GHPR333
* ssh-keysign(8): double-free in error path introduced in openssh-8.9
https://www.openssh.com/txt/release-9.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a defconfig for the Starfive VisionFive board, a board built around the
Starfive JH7100 RISC-V 64bit SoC (same as Beaglev).
This board comes with functional lowlevel and U-Boot bootloaders in SPI
flash. The defconfig reuses these and only builds a (6.0 based) kernel and
rootfs.
The factory shipped U-Boot is hard coded to look at MMC partition 3 and
misses some variables, so we provide a uEnv.txt to fix that up, based on
what is done in provided Fedora image.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
README hash changed due to version update:
4bb7f50767
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace disable -Werror patch with new cmake option:
-DASSIMP_WARNINGS_AS_ERRORS=OFF
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mosquitto can be configured to use password files. Those have a very
trivial layout, with one "username:password" tuple per line, not unlike
Apache's htpasswd file format, but unlike htpasswd files, the password
can be either in clear (boo!), or encrypted (by calling into openssl's
libcrypto).
Encryption of passwords is done with an ad-hoc tool, mosquitto_passwd,
again very like Apache's htpasswd, but the encrypted form is different
(of course). This encryption is handled by mosquitto_passwd, which can
create, update, or delete users, all while storing their encrypted
password, or it can also convert a password file with clear-text
passwords into a password file with encrypted passwords, e.g. it turns
each "foo:bar" entry to their corresponding encrypted form, like
"foo:$7$101$yLPgk5fn46d....==".
It can be very interesting to maintain a clear-text DB of
users:passwords in configuration management [0], and only convert it to
encrypted passwords when embedded on the target.
Add a host variant for mosquitto, which only installs mosquitto_passwd.
[0] ensuring safety, confidentiality, and integrity of that DB is left
as an exercise to the user, and is clearly out of scope for Buildroot,
like storing the root password in the .config is.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Titouan Christophe <titouanchristophe@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the release 2021.3.2, a LICENSE file is shipped with the archive from
pypi.org.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patches which are already applied upstream.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop backported patches and rebase the ones that are still relevant.
From version 37 to 38, there is a new build system in place, which is
still custom Makefiles.
This introduces a host-efivar package to account for the 'makeguids'
tool. Previously it was not too cumbersome to work around building that
tool for the host, but with the new build system it is increasingly
coupled with the target build that the least hacky way to work around it
is with a host package and a Makefile patch.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update description:
TF-A to v2.4-stm32mp-r1
U-boot to version v2020.10-stm32mp-r2.1
Linux to v5.10-stm32mp-r2.1
This patch also updates U-boot to to use FIP image.
Reference:
https://octavosystems.com/octavo_products/osd32mp1-brk/
The device tree blobs, and the U-boot patches come from Octavo System:
https://github.com/octavosystems/meta-octavo-osd32mp1
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update description:
TF-A to v2.4-stm32mp-r1
U-boot to version v2020.10-stm32mp-r2.1
Linux to v5.10-stm32mp-r2.1
This patch also updates U-boot to to use FIP image.
Reference:
https://octavosystems.com/octavo_products/osd32mp1-red/
The device tree blobs, and the U-boot patches come from Octavo System:
https://github.com/octavosystems/meta-octavo-osd32mp1
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mender-grubenv no longer uses the mender_grubenv* directories, instead opting
to put the mender_grubenv directories in a grub-mender-grubenv top-level
directory. While there is a legacy install mode which keeps the two separate
directories, it is better to move forward and rip the bandaid off before it
becomes too painful to update in the future if the legacy option is removed
entirely.
- Update the license file sha256 sum due to a year change.
- mender-grubenv no longer installs grub.cfg, so mender_grub.cfg must be copied
manually to grub.cfg.
- BOOT_DIR replaces ENV_DIR in the Makefile.
- The sleep grub2 module is now a requirement.
- /etc/mender_grubenv.config file must be present on the system for the
grub-mender-grubenv-{print,set} scripts to work properly.
In addition to the above changes, update the mender example board file to work
with the updated mender-grubenv version.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
