Fixes the following security issues:
CVE-2023-4527: If the system is configured in no-aaaa mode via
/etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address
family, and a DNS response is received over TCP that is larger than
2048 bytes, getaddrinfo may potentially disclose stack contents via
the returned address data, or crash.
CVE-2023-4806: When an NSS plugin only implements the
_gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use
memory that was freed during buffer resizing, potentially causing a
crash or read or write to arbitrary memory.
CVE-2023-5156: The fix for CVE-2023-4806 introduced a memory leak when
an application calls getaddrinfo for AF_INET6 with AI_CANONNAME,
AI_ALL and AI_V4MAPPED flags set.
CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
environment of a setuid program and NAME is valid, it may result in a
buffer overflow, which could be exploited to achieve escalated
privileges. This flaw was introduced in glibc 2.34.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Removed patch which was backported from upstream and is now included
in this release.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Peter: drop CVE ignore for patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The tag we currently use no longer exists in the upstream repository, as
the history has ben "rewritten":
https://github.com/drowe67/codec2/issues/5
Bump to the latest (and only) tag in the new repository.
Release notes: https://github.com/drowe67/codec2/releases/tag/1.2.0
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[yann.morin.1998@free.fr: explain about missing tag]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes:
http://autobuild.buildroot.net/results/5676609b6331b645f2e557aca67afe4c3a087433/
Fix a build failure for --without-gd builds since the bump to 5.4.9 with
commit 6dc3d3c360 (package/gnuplot: bump version to 5.4.9):
In file included from term.h:298,
from term.c:1211:
../term/post.trm:4016:11: error: expected declaration specifiers or '...' before string constant
4016 | fputs("%%%%BeginImage\n", gppsfile);
Add a patch fixing that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2022-44792 handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c
in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can
be used by a remote attacker (who has write access) to cause the
instance to crash via a crafted UDP packet, resulting in Denial of
Service.
CVE-2022-44793 handle_ipv6IpForwarding in
agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a
NULL Pointer Exception bug that can be used by a remote attacker to
cause the instance to crash via a crafted UDP packet, resulting in
Denial of Service.
The pgp key was changed [0] as the old one expired [1].
[0]: 90a6d98aae/
[1]: https://github.com/net-snmp/net-snmp/issues/595
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Due to a change in util-linux (commit
10f5f79485964ab52272ebe79c3b0047b1f84d82, "libbuid: use
_UL_LIBUUID_UUID_H to cover uuid.h"), gptfdisk no longer detects the
availability of libuuid to generate UUIDs, causing the following
message at runtime:
Warning! Unable to generate a proper UUID! Creating an improper one as a last
resort! Windows 7 may crash if you save this partition table!
This issue exists since util-linux was bumped to version 2.38 in
Buildroot
ee978e853a ("package/util-linux: bump
version to 2.38").
This issue has been fixed in upstream gptfdisk, but the fix [0] is not
yet in a new stable release, so we backport it.
Additionally, now that gptfdisk uses libuuid again, the build fails
because passing LDLIBS to make overrides the default value in the
Makefile. To fix this, this patch adds -luuid to GPTFDISK_LDLIBS.
[0] 6a8416cbd1
Signed-off-by: Ben Wolsieffer <ben.wolsieffer@hefring.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 369ff9a88f (package/libmodplug: update to git version)
improperly used a short hash as version, so switch to the full-length
hash.
Github use the full-length hash when it creates the top-level directory
of the generated archive, so the hash of the archive does not in fact
change, only its filename. This is perfectly fine fine our handling of
s.b.o.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libmodplug calls `cctype` functions, such as `isspace`,
with negative values. This is undefined behaviour.
While glibc allows it, it crashes on uClibc compiled
without `UCLIBC_HAS_CTYPE_SIGNED`.
Adds a patch that resolves the issue.
Also sent upstream. However, the library author has not merged
any pull request for about a year.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
- add Gleb's SoB to the patch
- add upstream URL to the patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Y2038 is now almost only 15 years away, and embedded systems built
today are potentially going to still be operational in 15 years, and
even though they are supposed to receive updates by then, we all know
how things go, and potentially some of these embedded systems will not
receive any update.
In 2038, the signed 32-bit representation of time_t used on 32-bit
architectures will overflow, causing all time-related functions to go
back in time in a surprising way.
The Linux kernel has already been modified to support a 64-bit
representation of time_t on 32-bit architectures, but from a C library
perspective, the situation varies:
- glibc uses this 64-bit time_t representation on 32-bit systems
since glibc 2.34, but only if -D_TIME_BITS=64 is
specified. Therefore, this commit adds an option to add this flag
globally to the build, when glibc is the C library and the
architecture is not 64-bit.
- musl uses unconditionally a 64-bit time_t representation on 32-bit
systems since musl 1.2.0. So there is nothing to do here since
Buildroot has been using a musl >= 1.2.0, used since Buildroot
2020.05. No Buildroot option is needed here.
- uClibc-ng does not support a 64-bit time_t representation on 32-bit
systems, so systems using uClibc-ng will not be Y2038 compliant, at
least for now. No Buildroot option is needed here.
It should be noted that being Y2038-compliant will only work if all
application/library code is correct. For example if an
application/library stores a timestamp in an "int" instead of using
the proper time_t type, then the mechanisms described above will not
fix this, and the application/library will continue to be broken in
terms of Y2038 support.
Possible discussions points about this patch:
- Should we have an option at all, or should we unconditionally pass
-D_TIME_BITS=64, like we have been doing for _FILE_OFFSET_BITS=64
for quite some time. The reasoning for having an option is that
the mechanism is itself opt-in in glibc, and generally relatively
new, so it seemed logical for now to make it optional as well in
Buildroot.
- Should we show something (a Config.in comment?) in the musl and
uClibc-ng case to let the user know that the code is Y2038
compliant (musl) or not Y2038 compliant (uClibc-ng). Or should this
discussion be part of the Buildroot documentation?
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a bugfix release which fixes a CVE.
See:
https://www.enlightenment.org/news/2022-09-15-enlightenment-0.25.4
CVE-2022-37706 "enlightenment_sys in Enlightenment before 0.25.4 allows
local users to gain privileges because it is setuid root, and the system
library function mishandles pathnames that begin with a /dev/..
substring."
Hashes were never part of the online news page, therefore mark them as
locally computed.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Raise the minimal GCC version to 9.3, which is required since wpewebkit-2.40.0 [1].
Similar to commit 09af6d8bfd,
we do check on >= GCC 9, because we can't check on >= GCC 9.3.
[1] f9c142d9b5
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We recently discovered that host-spirv-llvm-translator downloads the
SPIR-V headers during its build process, which is bad. Now that we
have a host variant of spirv-headers, we use it to avoid the
"downloading during the build".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We discovered that the existing host-spirv-llvm-translator package
downloads the spirv-headers during its build process, which of course
is very wrong. In order to fix this, we first introduce a host variant
of the spirv-headers.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package is required by mesa3d for building rusticl:
https://docs.mesa3d.org/rusticl.html
As the version needs to be kept in sync between spirv-headers and
spirv-tools, we add a small comment about this in each package.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These headers are required to build the pacakge spirv-tools which is
requried by mesa3d for building rusticl:
https://docs.mesa3d.org/rusticl.html
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
LLVM_ENABLE_DUMP required by mesa3d rusticl:
https://docs.mesa3d.org/rusticl.html
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
host-rust-bindgen will be required to build several different rust-based
packages, including a Linux kernel with rust modules and mesa3d's
rusticl which is the rust-based implementation of OpenCL.
The Cargo.toml file at the project root is a "virtual manifest". Since
we only want to install rust-bindgen, we can specify RUST_BINDGEN_SUBDIR
= bindgen-cli to use the Cargo.toml from this directory.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Make 4.4 introduces a shuffle mode which randomizes prerequisites
in order to better flush out issues with parallel builds. On the other
hand, we use MAKE1 to build packages that are known to be broken with
parallel build. For these, passing the shuffle option would be
counter-productive and lead to spurious build failures.
The --shuffle=none option exists to turn off shuffling again. We can't
add this option unconditionally, however, because Make < 4.4 doesn't
know it. Therefore, conditionally pass --shuffle=none only if there is a
shuffle option in MAKEFLAGS.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The reinstall, rebuild and reconfigure commands rely on the
left-to-right order of evaluation of the dependencies to make sure that
the stamp files are removed before attempting to rebuild. However, this
order of evaluation is not guaranteed. In particular, if top-level
parallel build is enabled, they are executed in parallel and the stamp
file may not have been removed yet when it is evaluated to decide if
rebuild has to be done.
Since make 4.4, it is possible to reproduce this issue by passing
`--shuffle=reverse` to the make commandline.
To solve this, add a .WAIT directive between the clean and
install/build/configure dependencies. .WAIT was introduced in make 4.4
as well. It makes sure that the dependencies on the left are evaluated
before the dependencies on the right - exactly what we want here.
Earlier versions of make don't know about .WAIT, so we need to add a
.PHONY dependency to effectively ignore it.
Note that this doesn't fix the problem for make versions earlier than
4.4. However, the issue isn't really that important: reinstall, rebuild
and reconfigure are development tools, they're not fully reliable to
begin with, and it's anyway less likely that someone uses `make -j` when
doing a reinstall/rebuild/reconfigure.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Reported-by: James Hilliard <james.hilliard1@gmail.com>
- Fix CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a V7
archive in which mtime has approximately 11 whitespace characters.
- Update hash of COPYING (http replaced by https)
https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fox the following build failure with libressl raised since bump to
version 4.1.1 in commit 683563da80 and
bc05f28a4b:
lib/transport/tls-context.c: In function 'tls_context_setup_cmd_context':
lib/transport/tls-context.c:320:3: error: unknown type name 'SSL_CONF_CTX'; did you mean 'SSL_AEAD_CTX'?
320 | SSL_CONF_CTX *ssl_conf_ctx = SSL_CONF_CTX_new();
| ^~~~~~~~~~~~
| SSL_AEAD_CTX
Fixes:
- http://autobuild.buildroot.org/results/dc4d60d752e579ef054915eee3d7e3e73c25929b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building for a target architecture that go does not support, the
installation fails with:
$ make host-go
[...]
ln -sf ../lib/go/bin/go /home/nyma7486/dev/work/5GCroCo/O/pouet/per-package/host-go/host/bin/
ln: failed to create symbolic link '/home/nyma7486/dev/work/5GCroCo/O/pouet/per-package/host-go/host/bin/': No such file or directory
Indeed, the HOST_DIR/bin is not guaranteed to exist when we install a
host package, so it needs to be explicitly created before we can create
entries in there.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Christian Stewart <christian@aperture.us>
Cc: Anisse Astier <anisse@astier.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without this patch, a make <pkg>_rebuild detects overwrites. Indeed, in
target_finalize steps some modifications are done on installed files (ie
strip or TARGET_FINALIZE_HOOKS for instance).
In order to avoid these modifications seen from per-package {TARGET,HOST}_DIR
and so been analyzed as some overwrites, global {TARGET,HOST}_DIR is built
using a full copy of the involved per-package files instead of hardlinks.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Raise the minimal GCC version to 9.3, which is required since webkitgtk-2.40.0 [1].
Similar to commit ec1ff802df,
we do check on >= GCC 9, because we can't check on >= GCC 9.3.
[1] f9c142d9b5
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For qemu-system-m68k with emulates Q800 machine we need to add patches
for glibc to let it compile and run on m68k cpu m68040.
See here for discussions about the issue:
https://sourceware.org/bugzilla/show_bug.cgi?id=30740
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
This commit fixes the S10hyperv SysV init script which expects binaries
to be locate in /sbin while they are installed in /usr/sbin. Please
note, that the systemd init scripts correctly reference them.
Furthermore, the SysV init script did not check for an actual HyperV
environment to be present, which is also corrected. In addition, this
commit also fixes check-package warnings regarding a missing DAEMON
definition.
Signed-off-by: Jens Maus <mail@jens-maus.de>
[Peter: drop from .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The toolchain wrapper automatically adds Position Independent
Execution and stack protector flags in the build process when selected
in the configuration. at91bootstrap being freestanding code, it
doesn't support these, so we have to disable them.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove backported patch from this release.
Upstream commit from this release [1] very likely fixes failure
undefined reference to `__stack_chk_fail'.
[1] 72891ca1ef
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The "official" repository we used to reference disapeared quite some
time ago, so in commit 8c25838b53 (package/rockchip-mali: fix build
failure due to missing URL) we switched to using a mirror.
The tarballs generated on the Github side have a top-level directory
that is named "repo-name-HASH", so when we switched to a repository
named "libmali" to one named "mirrors", the content of the generated
tarball changed, even though the content of the files did not.
We can't just change the hash to the new value, or that would conflict
with thecopy on s.b.o and older versions of Buildroot.
So, we drop one cahr from the commit hash, which eans the tarball name
changes, and thus we can calculate a new hash for that tarball, and
there will be no conflict with any existing tarball on s.b.o.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
NVIDIA driver persistence daemon.
Signed-off-by: Raphael Pavlidis <raphael.pavlidis@gmail.com>
[Arnout:
- disable on BR2_STATIC_LIBS;
- only depend on tirpc if toolchain doesn't have RPC;
- use unstripped binary - the strip support in the makefile is utterly
broken (and we anyway strip in target-finalize);
- define NVIDIA_PERSISTENCED_USERS directly rather than with another
variable;
- install all the systemd stuff in
NVIDIA_PERSISTENCED_INSTALL_INIT_SYSTEMD.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
udisks now requires that libblockdev has support for NVME via
libnvme, while udisks itself is not linked against libnvme,
just against libblockdev-nvme.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr: fix+extend commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libnvme provides type definitions for NVMe specification and utilities
for nvme devices handling in Linux. libnvme is needed by udisks from
version 2.10.0+
https://github.com/linux-nvme/libnvme
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add defconfig for the Khadas VIM3 board which uses a A311D SoC with a 4x
ARM Cortex-A73 + 2x ARM Cortex-A53 big.LITTLE architecture.
This defconfig includes the Linux mainline kernel version 6.3 as well as
mainline uboot version 2023.04 with an in-tree .dts and uboot-defconfig.
It also includes the host-tool amlogic-boot-fip which is necessary for
signing the bootloader. This host tool is used in the post-image.sh script
in order to generate the signed binary.
This binary is then flashed to the final sdcard.img after it is
generated using genimage. It is done in this way because the bootloader
image needs to be flashed in 2 steps. First the first 444 bytes need to
be flashed to the beginning of the sdcard.img, then we need to skip 68 bytes
in the source and the destination and then write the remaining
bootloader image to the sdcard.img.
Ref: http://docs.khadas.com/products/sbc/vim3/development/create-bootable-tf-card
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
[Romain:
add BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_3=y
add BR2_TARGET_UBOOT_NEEDS_OPENSSL=y
add BR2_PACKAGE_HOST_DOSFSTOOLS=y for genimage vfat support
]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
This tool is needed by some SoCs to sign the bootloader.
See the list of supported SoCs:
https://github.com/LibreELEC/amlogic-boot-fip
The variable BR2_PACKAGE_HOST_AMLOGIC_BOOT_FIP_DEVICE is used to specify
for which device this package needs to be used.
This tool uses pre-compiled binaries in order to sign the bootloader.
These binaries are provided under a proprietary license that prohibits
any redistribution of the resulting images.
A similar tool was tried to be added in the past:
http://patchwork.ozlabs.org/project/buildroot/patch/1533545408-11248-2-git-send-email-narmstrong@baylibre.com/
This time however a license file is present which can be used by
make legal-info. Additionally, acs_tool.pyc was replaced by acs_tool.py
and is therefore not compiled anymore.
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
[Romain:
add AMLOGIC_BOOT_FIP_REDISTRIBUTE = NO
add qstrip for BR2_PACKAGE_HOST_AMLOGIC_BOOT_FIP_DEVICE
remove build-fip-all.sh copy, not needed
factorize file copy in HOST_AMLOGIC_BOOT_FIP_INSTALL_CMDS
update commit log with the github url where we can find the list of supported SoCs.
]
Signed-off-by: Romain Naour <romain.naour@smile.fr>