Fixes the following security issue:
CVE-2024-0444: Heap-based buffer overflow in the AV1 codec parser when
handling certain malformed streams before GStreamer 1.22.9
https://gstreamer.freedesktop.org/security/sa-2024-0001.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2024-23770: Local Leak of Authentication Parameter in Process List
CVE-2024-23771: Basic Auth Timing Attack
https://security.opensuse.org/2024/01/22/darkhttpd-basic-auth-issues.html
Notice that CVE-2024-23770 is only documented as a known weakness, not
fixed.
Also change the license logic to use the dedicated COPYING file available
since 1.14:
a8ae2b1de0
This license is ISC, not MIT - So adjust DARKHTTPD_LICENSE to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit c07aafa087 (package/Makefile.in: set GIT_DIR=. in {HOST,
TARGET}_MAKE_ENV) added GIT_DIR=. to TARGET_MAKE_ENV (which is included in
TARGET_CONFIGURE_OPTS) to work around issues with packages getting confused
when building in a subdir of the Buildroot git repo.
This unfortunately also causes git commands to fail when
output/host/environment-setup is sourced:
git status
fatal: not a git repository: '.'
So strip GIT_DIR= from TARGET_CONFIGURE_OPTS when generating
environment-setup.
Reported-by: Mircea Gliga <gliga.mircea@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adds support for the rtl8188fufw firmware variant, for 802.11n, as
covered by the mainline rtl8xxxu kernel driver since Linux 6.2.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit 04dfeff624 as it
raises the following build failure because patch has been merged since
version 1.5.104:
Applying 0001-Fix-missing-references.patch using patch:
patching file libuuu/libcomm.h
Reversed (or previously applied) patch detected! Skipping patch.
1 out of 1 hunk ignored -- saving rejects to file libuuu/libcomm.h.rej
patching file uuu/buildincmd.h
Reversed (or previously applied) patch detected! Skipping patch.
1 out of 1 hunk ignored -- saving rejects to file uuu/buildincmd.h.rej
Fixes:
- http://autobuild.buildroot.org/results/bf7b2206261e3385c567ae4359b0379b03161e3a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure without gbm raised since commit
534c22dd60:
Message: dmabuf-feedback requires gbm which was not found. If you rather not build this, drop "dmabuf-feedback" from simple-clients option.
Move the option assignment further down, below all the simple-clients
lists; in Makefile, and because we are usign simply expanded variables,
this is not necessary, but it is easier on us humans when we review the
code.
Also add a comment explaining why the initial list is incomplete.
Fixes:
- http://autobuild.buildroot.org/results/ebbba1d73ceeaacee17fde0c6c853415cd316091
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
From a report on the syslinux mailing list [0]:
The GNU linker now writes two segments of type PT_LOAD into the
program header. However, this is not supported by the wrapper
script that converts the shared object to an .efi executable.
As per comment in that file:
(...) Although there may be several LOAD program headers,
only one is currently copied.
A simple workaround I've found to work is to ask the linker to put
everything into one PT_LOAD program header.
The issue is ackowledged in the syslinux wiki page about building
syslinux [1]. This page refers to various resources, of which a Debian
patch [2].
This information is also referenced in #11861.
Fixes: #11861
[0] https://www.syslinux.org/archives/2018-August/026167.html
[1] https://wiki.syslinux.org/wiki/index.php?title=Building
[2] https://salsa.debian.org/images-team/syslinux/-/blob/debian/master/debian/patches/0017-single-load-segment.patch
Reported-by: Sam Lancia <sam@gpsm.co.uk>
Reported-by: Meliodas <meliodasren01@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The NuGet packaging description file is installed as:
$(DEST_DIR)/build/native/hiredis.targets
This is a sprurious file that has nothing to do on a Linux system,
whether that be in host/, staging/, or target/.
Backport an upstream patch to get rid of it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
This was added upstream in commit:
22e4c03866
The 'USE_OPENGL_OR_ES' flag is default ON, which will enable 'USE_GBM',
so ensure that we unset 'USE_GBM' if we don't have libgbm.
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Tested-by: Adrian Perez de Castro <aperez@igalia.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libwep & wpebackend-fdo are mandatory if ENABLE_WAYLAND_TARGET and EGL_FOUND
2e35890b1f/Source/cmake/OptionsGTK.cmake (L388-L400)
egl is mandatory if ENABLE_WAYLAND_TARGET
2e35890b1f/Source/cmake/OptionsGTK.cmake (L462-L473)
So wpebackend-fdo (-> libwpe) has to be selected if BR2_PACKAGE_LIBGTK3_WAYLAND.
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Tested-By: Adrian Perez de Castro <aperez@igalia.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure in Thumb mode:
/tmp/ccfzn6FH.s:36: Error: selected processor does not support `smull r2,r3,r1,r0' in Thumb mode
Fixes:
- http://autobuild.buildroot.org/results/838808b4751244ee01cde6b8261212b49e511a32
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: reword comment slightly]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With this version we can build with Linux 6.8.
Let's also drop local patch that has been upstreamed.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With this version we can build with Linux 6.8.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With this version we can build with Linux 6.8.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For release announce, see:
https://lists.infradead.org/pipermail/kexec/2024-January/029156.html
This commit removes the two package patches, which are now included
in this new version.
The "KEXEC_AUTORECONF = YES" is also removed, since it is no longer
needed (due to the patch removal).
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a small bugfix release, with a fix for a crash in the DRM/KMS
module that affects i.MX6 boards and probably others. Release notes:
https://wpewebkit.org/release/cog-0.18.2.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
1) CVE-2023-6816 can be triggered by passing an invalid array index to
DeviceFocusEvent or ProcXIQueryPointer.
2) CVE-2024-0229 can be triggered if a device has both a button and a
key class and zero buttons.
3) CVE-2024-21885 can be triggered if a device with a given ID was
removed and a new device with the same ID added both in the same
operation.
4) CVE-2024-21886 can be triggered by disabling a master device with
disabled slave devices.
5) CVE-2024-0409 can be triggered by enabling SELinux
xserver_object_manager and running a client.
6) CVE-2024-0408 can be triggered by enabling SELinux
xserver_object_manager and creating a GLX PBuffer.
For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2024-January/003444.html
Switch to .tar.gz as the announcement mail only contained hashes for that:
https://lists.x.org/archives/xorg-announce/2024-January/003442.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
1) CVE-2023-6816 can be triggered by passing an invalid array index to
DeviceFocusEvent or ProcXIQueryPointer.
2) CVE-2024-0229 can be triggered if a device has both a button and a
key class and zero buttons.
3) CVE-2024-21885 can be triggered if a device with a given ID was
removed and a new device with the same ID added both in the same
operation.
4) CVE-2024-21886 can be triggered by disabling a master device with
disabled slave devices.
5) CVE-2024-0409 can be triggered by enabling SELinux
xserver_object_manager and running a client.
6) CVE-2024-0408 can be triggered by enabling SELinux
xserver_object_manager and creating a GLX PBuffer.
For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2024-January/003444.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Genimage complains about the config using the deprecated gpt option:
INFO: hdimage(sdcard.img): The option 'gpt' is deprecated. Use
'partition-table-type' instead
So change to partition-table-type for consistency with the other configs.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Jamie Gibbons <jamie.gibbons@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This changes bumps the version of the genimage package,
which brings in fixes when generating flash images that
reference sparse files, along with other fixes and features.
Signed-off-by: Hudson Ayers <hudson.ayers@getcruise.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop no longer required python-async-timeout runtime dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- openssl is a mandatory dependency of BR2_PACKAGE_KISMET_SERVER since
d916acf8c0
- pcre2 is an optional dependency since
bb1ecb1c56
- disable wifi-coconut (enabled by default and depends on libusb:
e221b8d45c)
https://kismetwireless.net/posts/kismet-2023-07-r1/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The versioning scheme for libwpe uses the middle version number to
indicate stability: an even number for stable releases, odd for
development preview releases. As such, Buildroot should be using
version 1.14.2, which is the most recent of the stable releases.
While at it, add a note in the .mk file about the versioning scheme.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- removed 0002-wscript-fix-build-without-stack-protector.patch
(upstream applied, see [1])
- update license info according to upstream commit [2]
(add Apache-2.0, Beerware, BSD-4-Clause and ISC, rename license
file to end with '.txt' suffix)
See [3] for details.
[1] 15862410de
[2] e29d662141
[3] https://gitlab.com/NTPsec/ntpsec/-/releases/NTPsec_1_2_3
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e88823d667 (package/refpolicy: fix build with smartmontools) added
a 0001-policy-modules-services-smartmon.te-make-fstools-opt.patch patch, but
forgot to put it in the version specific sub directory - Breaking builds
using BR2_PACKAGE_REFPOLICY_CUSTOM_GIT as shown by the TestSELinuxCustomGit
test:
>>> refpolicy RELEASE_2_20200818 Extracting
gzip -d -c /builds/buildroot.org/buildroot/test-dl/refpolicy/refpolicy-RELEASE_2_20200818-br1.tar.gz | tar --strip-components=1 -C /builds/buildroot.org/buildroot/test-output/TestSELinuxCustomGit/build/refpolicy-RELEASE_2_20200818 -xf -
>>> refpolicy RELEASE_2_20200818 Patching
Applying 0001-policy-modules-services-smartmon.te-make-fstools-opt.patch using patch:
patching file policy/modules/services/smartmon.te
Hunk #1 FAILED at 143.
1 out of 1 hunk FAILED -- saving rejects to file policy/modules/services/smartmon.te.rej
make[1]: *** [package/pkg-generic.mk:241: /builds/buildroot.org/buildroot/test-output/TestSELinuxCustomGit/build/refpolicy-RELEASE_2_20200818/.stamp_patched] Error 1
https://gitlab.com/buildroot.org/buildroot/-/jobs/5929796183
Fix it by moving the patch to a versioned sub directory.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
