Telnet logging is an optional feature that's disabled by default.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now based on 5.10.33 (from 5.10.1).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Downstream patches have been mainlined in commits [1] (v2.03.06) and
[2] (v2.03.12). Second patch was slightly modified, so replace
--disable-symvers with --with-symvers=no.
[1] 125f27ac37
[2] 1cedbaf137
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ftp links do not seem to be accessible anymore. Replace them with http.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 3b551f68a5 (boot/beaglev-ddrlnit: rename to beaglev-ddrinit to
match renamed upstream repo) forgot to update the include in boot/Config.in,
breaking menuconfig.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Current URL returns 403 error:
--2021-05-10 10:04:12-- https://dl.bintray.com/boostorg/release/1.75.0/source/boost_1_75_0.tar.bz2
Resolving dl.bintray.com... 18.193.131.58, 3.66.199.110
Connecting to dl.bintray.com|18.193.131.58|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2021-05-10 10:04:12 ERROR 403: Forbidden.
Bintray has been sunset on May 1st:
https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/
Update the URL to the new upstream location to fix this issue.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Create a new user 'sudotest' to validate that sudo really works (i.e.
properly has setuid).
Creating the user and adding it to sudoers is done at runtime, otherwise
we'd need to add extra files to the config which complicates things a
little bit.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Bump kernel to version 5.12.2.
- Bump U-Boot to version 2021.04.
While at it, switch U-Boot to the Kconfig build system and add some more
comments to the defconfig.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Bump kernel to version 5.12.2.
- Bump U-Boot to version 2021.04.
While at it, enable VFPv3 with 32 registers (instead of 16) and add a few
comments to the defconfig.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building host-cryptsetup, if tmpfiles.d support is enabled then the
install step tries to install /usr/lib/tmpfiles.d/cryptsetup.conf
globally on the host system.
Even if the tmpfiles.d config were installed correctly in the host
directory, nothing would ever run these rules, so disable this feature
via configure.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release includes security fixes:
- CVE-2021-28965: XML round-trip vulnerability in REXML
- CVE-2021-28966: Path traversal in Tempfile on Windows
https://www.ruby-lang.org/en/news/2021/04/05/ruby-3-0-1-released/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-31525: ReadRequest and ReadResponse in net/http can hit an
unrecoverable panic when reading a very large header (over 7MB on 64-bit
architectures, or over 4MB on 32-bit ones). Transport and Client are
vulnerable and the program can be made to crash by a malicious server.
Server is not vulnerable by default, but can be if the default max header
of 1MB is overridden by setting Server.MaxHeaderBytes to a higher value,
in which case the program can be made to crash by a malicious client.
https://github.com/golang/go/issues/45710
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- bpo-43434: Creating a sqlite3.Connection object now also produces a
sqlite3.connect auditing event. Previously this event was only produced
by sqlite3.connect() calls. Patch by Erlend E. Aasland.
- bpo-43882: The presence of newline or tab characters in parts of a URL
could allow some forms of attacks.
Following the controlling specification for URLs defined by WHATWG
urllib.parse() now removes ASCII newlines and tabs from URLs, preventing
such attacks.
- bpo-43472: Ensures interpreter-level audit hooks receive the
cpython.PyInterpreterState_New event when called through the
_xxsubinterpreters module.
- bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4
address strings. Leading zeros are ambiguous and interpreted as octal
notation by some libraries. For example the legacy function
socket.inet_aton() treats leading zeros as octal notatation. glibc
implementation of modern inet_pton() does not accept any leading zeros.
For a while the ipaddress module used to accept ambiguous leading zeros.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability
in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex
has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on the
client side and needs remote attackers to control the HTTP server.
- bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame,
and generator code/frame attribute access.
https://www.python.org/downloads/release/python-395/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit extends the beaglev_defconfig and its documentation to
build the low-level firmware, and to explain how to reflash it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr: use typoed-name for beaglev-ddrlnit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This packages allows to build the first stage bootloader used on the
BeagleV, which is used even before the DDR initialization and
OpenSBI/U-Boot. Yes, "secondboot" is strange for what is the first
stage bootloader, but that's the upstream name.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
- add hash file
- commit is HEAD only right now, so don't reference HEAD
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit adds a package for the DDR initialization code used on the
BeagleV platform.
The typo in the package name is upstream's typo, and we just keep it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
- upstream name is beaglev_ddrlnit, not *init (keep their typo)
- rename package and variables accordingly
- the referenced commit is no longer the HEAD of said branch
- add a hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit adds a new package for a prebuilt bare-metal toolchain for
RISC-V 64-bit. Indeed, some bootloader/firmware for the BeagleV (and
potentially later for other platforms?) do not build with a
Linux-capable toolchain.
This uses a pre-built toolchain from SiFive, precompiled for x86-64,
so all packages using this toolchain must have the appropriate
BR2_HOSTARCH dependency.
This package is modeled after package/arm-gnu-a-toolchain/, which
package a pre-built ARM32 bare-metal toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit introduces support for the RISC-V based BeagleV platform,
which uses a Starfive JH7100.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
[yann.morin.1998@free.fr: use: eval $(make printvars)]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Until now, whenever a BR2_TARGET_OPENSBI_PLAT value was specified,
opensbi.mk was assuming that both fw_jump and fw_dynamic would be
produced. However, this is not the case: the OpenSBI per-platform
config.mk can decide which image to build.
As an example, the config.mk for VIC7100-based BeagleV only enables
producing the fw_payload image.
This commit adds three options to enable the installation of images:
one for fw_jump, one for fw_dynamic, one for fw_payload.
The options for fw_jump and fw_dynamic are "default y" when
BR2_TARGET_OPENSBI_PLAT is not empty, to preserve existing behavior.
The option for fw_payload is forcefully selected when either Linux or
U-Boot are selected as payloads.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libfribidi is an optional dependency (enabled by default) since version
0.8.0 and
17974582e6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Bartosz Bilas<b.bilas@grinn-global.com>
Reviewed-by: Bartosz Bilas<b.bilas@grinn-global.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-20208: A flaw was found in cifs-utils in versions before
6.13. A user when mounting a krb5 CIFS file system from within a
container can use Kerberos credentials of the host. The highest threat
from this vulnerability is to data confidentiality and integrity.
https://lists.samba.org/archive/samba-technical/2021-April/136467.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>