Fixes the following security issue:
- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1
parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients
can be made to crash by an HTTPS server, while net/http servers that accept
client certificates will recover the panic and are unaffected. Thanks to
Project Wycheproof for providing the test cases that led to the discovery of
this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream patch to fix --with-openssl argument and allow gensio to use
pkg-config to retrieve openssl dependencies otherwise the detection of
openssl will fail on architecture that needs to link with -latomic such as
sparc v8 32 bits:
configure:9379: checking for openssl/ssl.h in /home/fabrice/buildroot/output/host/sparc-buildroot-linux-uclibc/sysroot/usr
configure:9386: result: yes
configure:9402: checking whether compiling and linking against OpenSSL works
Trying link with OPENSSL_LDFLAGS=-L/home/fabrice/buildroot/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib; OPENSSL_LIBS=-lssl -lcrypto; OPENSSL_INCLUDES=-I/home/fabrice/buildroot/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/include
configure:9424: /home/fabrice/buildroot/output/host/bin/sparc-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -static -I/home/fabrice/buildroot/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/include -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -static -L/home/fabrice/buildroot/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib conftest.c -lssl -lcrypto -lpthread >&5
/home/fabrice/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/8.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /home/fabrice/buildroot/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libssl.a(ssl_lib.o): in function `CRYPTO_UP_REF.isra.6':
ssl_lib.c:(.text+0x3c8): undefined reference to `__atomic_fetch_add_4'
Fixes:
- No autobuilder failures (silent error)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-8835: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8844: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8846: A use after free issue was addressed with improved memory
management
For details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0001.html
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-8835: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8844: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8846: A use after free issue was addressed with improved memory
management
For details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0001.html
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes build error:
output/build/kodi-visualisation-goom-2.1.0-Leia/lib/goom/src/lines.c:
In function 'goom_lines_draw':
output/build/kodi-visualisation-goom-2.1.0-Leia/lib/goom/src/lines.c:232:3:
error: 'for' loop initial declarations are only allowed in C99 or C11 mode
for (int i = 1; i < AUDIO_SAMPLE_LEN; i++) {
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch site to github to get latest release
- Drop patch (already in version) and so autoreconf
- Update hash of license files ($Id$ strings removed with
52b1059a5b)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also:
* Conditionally enable support for integration with UPower D-Bus
service if BR2_PACKAGE_UPOWER is selected
* The copyright year was updated in the LICENSE file, therefore
the hash value was also recalculated.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Keep rpi-firmware up-to-date with the kernel
vesion bump (4.19.97).
Go back to sha1 version scheme instead of official tag (after
only two tag versions) to keep up with the up-to-date kernel
version (as the offical last tag is for 4.19.94).
Update boot/LICENCE.broadcom hash according to the
'Update to support customisation program ' change ([1]).
[1] dd9e9ebb5d (diff-b7cccbd9821a372750de822dfd97a843)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now based on 4.19.97 (from 4.19.75).
Go back to sha1 version scheme instead of official tag (after
only two tag versions) to get an up-to-date kernel version
(as the offical last tag is for 4.19.94).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ptm2human is a decoder for trace data outputted by Program
Trace Macrocell (PTM) and Embedded Trace Macrocell (ETMv4).
It deconstructs ID packets and data packets from the
formatter of ARM Coresight ETB, and then translates the
trace data to a human-readable format.
./utils/test-pkg --package ptm2human --all
44 builds, 29 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Julien Olivain <juju@cotds.org>
[yann.morin.1998@free.fr:
- drop the host variant
- introduce _ARCH_SUPPORTS
- comment why we need autoreconf
- drop spurious empty line
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
His e-mail address is bouncing:
Your message to bachmann@tofwerk.com couldn't be delivered.
bachmann wasn't found at tofwerk.com.
thomas.petazzoni Office 365 bachmann
Action Required Recipient
Unknown To address
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
His e-mail address is bouncing:
----- The following addresses had permanent fatal errors -----
<sbobroff@linux.ibm.com>
(reason: 550 5.1.1 <sbobroff@linux.ibm.com>: Recipient address rejected: User unknown in local recipient table)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove celt051 package as celt has been merged into the IETF Opus codec
and is now obsolete (see http://celt-codec.org/).
The only reverse dependency of celt051 is spice. Opus support on spice
has been added upstream 6 years ago with:
ce9b714137
Spice disabled celt by default since version 0.14.1 and:
72b0d603e1
Spice evens error out, by default, if Opus is missing but not explicitly
disabeld since:
f522473842
This will also fix a static build failure on spice with celt051 and opus.
Fixes:
- http://autobuild.buildroot.org/results/96c786f85d35f33508e9c71778043d16b87f72cd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: slight rephrasing in legacy help]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
A library to abstract stream I/O like serial port, TCP, telnet, UDP,
SSL, IPMI SOL, etc.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Peter: explain why we need to unconditionally pass --with-openssl]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When 'make' includes a new Makefile, it appends its path to the MAKEFILE_LIST
variable. From that variable, we construct a few set of derivative
variables:
pkgdir = $(dir $(lastword $(MAKEFILE_LIST)))
pkgname = $(lastword $(subst /, ,$(pkgdir)))
Essentially, pkgdir is the full directory where the package is located
(either relative to Buildroot's top directory for in-tree packages, or
absolute for packages in br2-external trees), while pkgname is the last
component of that directory.
pkgdir is in turn used to seed FOO_PKGDIR.
This all happens when we eventually call the package-generic infra,
later down in the file.
When they are parsed, the Makefiles for each linux-extensions are
appended to MAKEFILE_LIST, after the linux.mk one. But since they are
located in the same directory as the main linux.mk, the last component
of MAKEFILE_LIST, which is no longer the main linux.mk, will still yield
the correct values for the linux package.
This is a tough assumption we made there and then.
When we added the support for br2-external linux extensions, we where
very cautious to explicitly scan them from a directory named 'linux', so
that this would yield the correct package name.
And that worked well so far, until someone needed to build an older
kernel, for which our conditional patch is needed, and which just
failed:
/bin/bash: [...]/buildroot-external-linux-test/linux//0001-timeconst.pl-Eliminate-Perl-warning.patch.conditional: No such file or directory
When we scan linux extensions from a br2-external tree, the last
component of MAKEFILE_LIST is no longer in the same directory as the
main linux.mk, and thus the assumption above falls to pieces...
Again, when we added support for linux extensions from br2-external,
although we cared about the package name (pkgname), we completely missed
out on the package directory, and the LINUX_PKGDIR variable.
We do not have a very clean way out of this mess, but we have a nice
dirty trick: Scan the linux extensions from a br2-external tree before we
scan the in-tree ones. That way, the last component of MAKEFILE_LIST is
back to one that is in the same directory as the main linux.mk, and
we're back on tracks.
This is still very fragile, though, but short of a complete overhaul on
how packages are parsed and evaluated, this is the best we can come in
short order.
Reported-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also:
* Regenerate patch 0002 so it applies without fuzz.
* Add patch 0003, which drops generated/autoconf.h from imximage as we
need uboot-tools without a board configuration.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
the year of LICENSE was upgraded:
- This software is copyright (c) 2019 by Toby Inkster.
+ This software is copyright (c) 2020 by Toby Inkster.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
the year of LICENSE was upgraded:
- This software is copyright (c) 2018 by Tatsuhiko Miyagawa <miyagawa@bulknews.net>.
+ This software is copyright (c) 2020 by Tatsuhiko Miyagawa <miyagawa@bulknews.net>.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All patches, including two additional ones contributed by Fabrice, are
included in this version.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
