Commit Graph

65609 Commits

Author SHA1 Message Date
Peter Korsgaard
89815bad0a package/rabbitmq-server: drop package
The packaged version has a number of security issues, newer versions require
erlang 23+ and nobody has stepped up to maintain it since the issues were
reported:

http://lists.busybox.net/pipermail/buildroot/2022-November/656230.html

So drop the package and add legacy handling for it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-12-03 15:41:49 +01:00
Peter Korsgaard
43d5ff7ee4 package/exim: mark CVE-2022-3620 as ignored
CVE-2022-3620: A vulnerability was found in Exim and classified as
problematic.  This issue affects the function dmarc_dns_lookup of the file
dmarc.c of the component DMARC Handler.  The manipulation leads to use after
free.  The attack may be initiated remotely.  The name of the patch is
12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445.  It is recommended to apply a
patch to fix this issue.  The associated identifier of this vulnerability is
VDB-211919.

This vulnerability is in the DMARC handling, which is only used if
libopendmarc is available AND SUPPORT_DMARC is set to yes, neither of which
is true for Buildroot, so ignore the CVE.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-12-03 15:31:29 +01:00
Peter Korsgaard
4bccc70e07 package/exim: add upstream security fixes for CVE-2022-3559
Fixes CVE-2022-3559: A vulnerability was found in Exim and classified as
problematic.  This issue affects some unknown processing of the component
Regex Handler.  The manipulation leads to use after free.  The name of the
patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2.  It is recommended to
apply a patch to fix this issue.  The identifier VDB-211073 was assigned to
this vulnerability.

The upstream patch does not apply to 4.96, so use the backported patches
from Debian.  Amazingly, the patch needs 3 additional patches to unbreak
builds without "WITH_CONTENT_SCAN" (default in Buildroot), so add those as
well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-12-03 15:31:10 +01:00
Fabrice Fontaine
d74137341d package/libarchive: fix CVE-2022-36227
In libarchive 3.6.1, the software does not check for an error after
calling calloc function that can return with a NULL pointer if the
function fails, which leads to a resultant NULL pointer dereference.
NOTE: the discoverer cites this CWE-476 remark but third parties dispute
the code-execution impact: "In rare circumstances, when NULL is
equivalent to the 0x0 memory address and privileged code can access it,
then writing or reading memory is possible, which may lead to code
execution."

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-12-03 15:30:27 +01:00
Zikui Zhao
a34dcba9eb docs/manual: fixed some spelling mistakes
Fixed some spelling mistakes of countable nouns.

Signed-off-by: Zikui Zhao <zhaozikui@eswincomputing.com>
Reviewed-by: Woodrow Douglass <wdouglass@carnegierobotics.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-12-02 20:41:13 +01:00
Neal Frager
5bbc20154e configs/zynqmp_kria_kv260_defconfig: bump to Xilinx 2022.2
This patch bumps the zynqmp_kria_kv260_defconfig to Xilinx release 2022.2.

Xilinx 2022.2 includes:
- U-Boot 2022.01 bug fixes
- Linux bump to Linux 5.15.36 with bug fixes
- TF-A 2.6 bug fixes
- PMUFW bug fixes

Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-02 19:49:39 +01:00
Neal Frager
3c997c457a configs/zynqmp_zcu106_defconfig: bump to Xilinx 2022.2
This patch bumps the zynqmp_zcu106_defconfig to Xilinx release 2022.2.

Xilinx 2022.2 includes:
- U-Boot 2022.01 bug fixes
- Linux bump to Linux 5.15.36 with bug fixes
- TF-A 2.6 bug fixes
- PMUFW bug fixes

Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-02 19:49:33 +01:00
Neal Frager
818d0e18a8 configs/zynqmp_zcu102_defconfig: bump to Xilinx 2022.2
This patch bumps the zynqmp_zcu102_defconfig to Xilinx release 2022.2.

Xilinx 2022.2 includes:
- U-Boot 2022.01 bug fixes
- Linux bump to Linux 5.15.36 with bug fixes
- TF-A 2.6 bug fixes
- PMUFW bug fixes

Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-02 19:49:09 +01:00
Fabrice Fontaine
c1d783d4dd package/git: security bump to version 2.31.5
Fixes:
 * CVE-2022-39253:
   When relying on the `--local` clone optimization, Git dereferences
   symbolic links in the source repository before creating hardlinks
   (or copies) of the dereferenced link in the destination repository.
   This can lead to surprising behavior where arbitrary files are
   present in a repository's `$GIT_DIR` when cloning from a malicious
   repository.

   Git will no longer dereference symbolic links via the `--local`
   clone mechanism, and will instead refuse to clone repositories that
   have symbolic links present in the `$GIT_DIR/objects` directory.

   Additionally, the value of `protocol.file.allow` is changed to be
   "user" by default.

 * CVE-2022-39260:
   An overly-long command string given to `git shell` can result in
   overflow in `split_cmdline()`, leading to arbitrary heap writes and
   remote code execution when `git shell` is exposed and the directory
   `$HOME/git-shell-commands` exists.

   `git shell` is taught to refuse interactive commands that are
   longer than 4MiB in size. `split_cmdline()` is hardened to reject
   inputs larger than 2GiB.

https://github.com/git/git/blob/v2.31.5/Documentation/RelNotes/2.31.5.txt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-02 19:45:05 +01:00
Fabrice Fontaine
d40c8b31d5 package/vim: security bump to version 9.0.0951
Fix CVE-2022-3705: A vulnerability was found in vim and classified as
problematic. Affected by this issue is the function qf_update_buffer of
the file quickfix.c of the component autocmd Handler. The manipulation
leads to use after free. The attack may be launched remotely. Upgrading
to version 9.0.0805 is able to address this issue. The name of the patch
is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to
upgrade the affected component. The identifier of this vulnerability is
VDB-212324.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-02 19:44:54 +01:00
Giulio Benetti
0c6d4d7be8 package/rtl8723ds: bump to 2022-12-01 version to fix build issue
Drop local patch that has been upstreamed.

Fixes:
http://autobuild.buildroot.net/results/fa2/fa2482674d789e7674dc0d83c5f54393beed4d70/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-02 19:41:06 +01:00
Peter Korsgaard
1ad6bc2f58 package/netsnmp: drop autoreconf
Commit 83b4337354 (package/netsnmp: security bump to version 5.9.3)
dropped the patches, but forgot to remove the autoreconf.  Do so now.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-02 19:38:13 +01:00
Леонид Юрьев (Leonid Yuriev)
0b71948c32 package/libmdbx: bump version to 0.11.13 "Swashplate"
This is stable bugfix release of libmdbx, in Family Glory and
in memory of Boris Yuriev (the inventor of Helicopter and
Swashplate in 1911) on his 133rd birthday.

It is reasonable to backport this patch to all applicable releases/branches of Buildroot.

Release notes for v0.11.13
--------------------------

Fixes:

 - Fixed builds with older libc versions after using `fcntl64()` (backport).
 - Fixed builds with  older `stdatomic.h` versions,
   where the `ATOMIC_*_LOCK_FREE` macros mistakenly redefined using functions (backport).
 - Added workaround for `mremap()` defect to avoid assertion failure (backport).
 - Workaround for `encryptfs` bug(s) in the `copy_file_range` implementation  (backport).
 - Fixed unexpected `MDBX_BUSY` from `mdbx_env_set_option()`, `mdbx_env_set_syncbytes()`
   and `mdbx_env_set_syncperiod()` (backport).
 - CMake requirements lowered to version 3.0.2 (backport).
 - Added admonition of insecure for RISC-V (backport).

Minors:

 - Minor clarification output of `--help` for `mdbx_test` (backport).
 - Added admonition of insecure for RISC-V (backport).
 - Stochastic scripts and CMake files synchronized with the `devel` branch.
 - Use `--dont-check-ram-size` for small-tests make-targets (backport).

The complete ChangeLog: https://gitflic.ru/project/erthink/libmdbx/blob?file=ChangeLog.md

Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-12-01 22:22:15 +01:00
Bernd Kuhls
6866076d79 package/vlc: security bump version to 3.0.18
Removed patch 0010, a different fix was applied upstream:
05445b74a3

Removed patch 0011 which was backported from upstream.
Renumbered patch 0012 -> 0010.

Release notes:
http://www.videolan.org/vlc/releases/3.0.18.html

Fixes CVE-2022-41325:
http://www.videolan.org/security/sb-vlc3018.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: fix sha1 hash entry]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-01 21:54:50 +01:00
Bernd Kuhls
61bdd02e93 package/kodi: fix build with fmt >= 9.x
For details see https://github.com/xbmc/xbmc/pull/21674

Build-tested using this previously broken defconfig:

BR2_x86_64=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_PACKAGE_KODI=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_IRIS=y
BR2_PACKAGE_MESA3D_OPENGL_EGL=y
BR2_PACKAGE_MESA3D_OPENGL_ES=y
BR2_PACKAGE_PYTHON3=y
BR2_PACKAGE_PYTHON3_PY_ONLY=y

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-01 21:49:59 +01:00
Bernd Kuhls
8aa68a529e package/kodi: add comment to display udev dependency for gbm when wayland/x11 are disabled
Without this additional comment only the comment

  kodi needs an OpenGL EGL backend with OpenGL or GLES support

is displayed which is not enough to guide users.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-01 21:48:21 +01:00
Peter Korsgaard
43899226b2 package/dovecot: add upstream security fix for CVE-2022-30550
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before
2.3.20.  When two passdb configuration entries exist with the same driver
and args settings, incorrect username_filter and mechanism settings can be
applied to passdb definitions.  These incorrectly applied settings can lead
to an unintended security configuration and can permit privilege escalation
in certain configurations.  The documentation does not advise against the
use of passdb definitions that have the same driver and args settings.  One
such configuration would be where an administrator wishes to use the same
PAM configuration or passwd file for both normal and master users but use
the username_filter setting to restrict which of the users is able to be a
master user.

https://dovecot.org/pipermail/dovecot-news/2022-July/000477.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-11-30 16:36:47 +01:00
Giulio Benetti
fb894b2e98 board/freescale/imx6ul(l)evk: fix repetition of "to" string
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2022-11-29 23:19:41 +01:00
Giulio Benetti
059c61a18f DEVELOPERS: add Giulio Benetti to rtl8192eu package
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2022-11-29 22:58:15 +01:00
Giulio Benetti
121184d746 package/rtl8821au: bump to 2022-10-30 version of v5.2.6 branch
Fixes:
http://autobuild.buildroot.net/results/4526cb70ce91bcd5fce60ebb4f704a63f1ecd249/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2022-11-29 22:57:25 +01:00
Giulio Benetti
1fe4f83bf4 package/rtl8188eu: bump to 2022-11-29 version on v5.2.2.4 branch
Fixes:
http://autobuild.buildroot.net/results/8bcb4d0adabc141ff8144f9e22bd549e3cd8858a/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2022-11-29 22:54:40 +01:00
Baruch Siach
e3c14de0df package/dash: fix static with shared build
When BR2_SHARED_STATIC_LIBS is enabled we pass both --enable-static and
--enable-shared to configure. dash configure.ac only looks for
--enable-static to make the build static. But when linking against
libedit pkg-config only returns dynamic linking dependencies, so the
indirect ncurses dependency in not mentioned. The end result is that
libedit can't find ncurses symbols on link.

BR2_SHARED_STATIC_LIBS only makes sense for libraries, not executable
binaries. Pass --disable-static unless BR2_STATIC_LIBS is enabled for
static only build.

Fixes:
http://autobuild.buildroot.net/results/137d39cc5ec436759a2fde3f26ce5633e0ad6c2e/
http://autobuild.buildroot.net/results/55a38e0e45212bf7403d9ccb626c9422e3affe72/
http://autobuild.buildroot.net/results/8f109f1a04a6a2ff6d8c4c920e499fbaec3f72b9/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-25 23:19:56 +01:00
Peter Korsgaard
83b4337354 package/netsnmp: security bump to version 5.9.3
Fixes the following security issues:

- CVE-2022-24805 A buffer overflow in the handling of the INDEX of
  NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.

- CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can
  cause a NULL pointer dereference.

- CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in
  master agent and subagent simultaneously

- CVE-2022-24807 A malformed OID in a SET request to
  SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory
  access.

- CVE-2022-24808 A malformed OID in a SET request to
  NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference

- CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
  can cause a NULL pointer dereference.

Drop openssl linking patches as they are merged upstream / upstream changed
to use pkg-config for openssl since:

8c3a094fbe

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-25 22:59:27 +01:00
Thomas Petazzoni
634b55a1c6 configs/nitrogen8*: extend filesystem size
The default ext2 filesystem size of 60 MB is now too small to contain
the root filesystem of the Nitrogen i.MX8 configurations. The
nitrogen8mp_defconfig configuration for examples generates 55 MB of
contents in the rootfs, so an image of 60 MB is slightly too small.

This commit extends the filesystem size to 120 MB.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/3372859635 (nitrogen8mp)
  https://gitlab.com/buildroot.org/buildroot/-/jobs/3372859634 (nitrogen8mn)
  https://gitlab.com/buildroot.org/buildroot/-/jobs/3372859633 (nitrogen8mm)
  https://gitlab.com/buildroot.org/buildroot/-/jobs/3372859632 (nitrogen8m)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-25 22:54:01 +01:00
Thomas Petazzoni
3d5d447c5d toolchain/Config.in: fix check-package warning
toolchain/Config.in:236: attributes order: type, default, depends on, select, help (http://nightly.buildroot.org/#_config_files)

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/3381962216

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-25 21:31:56 +01:00
Thomas Petazzoni
6ade5915c1 configs/roc_pc_rk3399: remove defconfig
Commit 5370ec7451 was supposed to remove
the roc_pc_rk3399 defconfig. It actually removed everything related to
this defconfig, but not the defconfig itself.

The build failure this commit was supposed to fix is therefore still
happening. We fix it up by finally removing the defconfig.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/3372859807

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-25 19:03:39 +01:00
James Hilliard
0fc5c1ccdb package/gcc: ensure __register_frame is optimized out for glibc
On some architectures when building with -O0 the __register_frame
symbol fails to get optimized out which can cause linking failures
when building glibc.

To fix this set -O1 for GCC target libs when building with glibc
and BR2_OPTIMIZE_0 on the problematic target architectures.

This was reported both to GCC [1] and glibc [2] upstream. It is not
entirely clear yet where the bug lies exactly. At the moment the
assumption is that it's GCC, so create a symbol
BR2_TOOLCHAIN_HAS_GCC_BUG_107728.

This issue only seems to occur when linking glibc, not with anything
else, so only compile libgcc from host-gcc-initial with -O1.

Fixes:
 - http://autobuild.buildroot.net/results/89b/89b6c6924240b7cf82035a844f3573673e91b364
 - http://autobuild.buildroot.net/results/46f/46f4ec99d2b23d354a4bb5e92123d64f0da6ed27
 - http://autobuild.buildroot.net/results/839/839f929f700cf181ebdf34389c7806a96f55813e
 - http://autobuild.buildroot.net/results/0e2/0e202bf53a683930f3cad6edef2a4dea629eaecb
 - http://autobuild.buildroot.net/results/8a8/8a8c917f597fdcca744e696e19e9300b64004335
 - http://autobuild.buildroot.net/results/c05/c058b27ed2834dfa633b63ec6c3639ab1e8bf412
 - http://autobuild.buildroot.net/results/8ba/8ba8882a861cf7df359c23969c09b2be0725b2e5

[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107728
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=29621

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2022-11-25 14:53:37 +01:00
Giulio Benetti
f324758f67 package/rtl8821au: move upstream and fix missing linux options
This package builds to fail with Linux > 5.15 and abperiasamy's
rtl8812AU_8821AU_linux repository is not maintained since 2 years and
there is now a fork where all pending patches have been upstreamed, so
let's switch to lwfinger's rtl8812au repository that is well
maintained with Linux up to version 5.18 supported. While switching
let's drop all local patches. Also add me as maintainer for this
package in DEVELOPERS file.

Fixes:

  http://autobuild.buildroot.net/results/a3db3a6540b67a1f1fe31d61fe1d6824d43f59f0/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Christian Stewart<christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-24 23:10:45 +01:00
Giulio Benetti
9fe82e56d2 package/wilc-driver: fix build failure due to missing Linux options
Enable Linux options depending on the bus has been chosen, so:
1) enable by default common Linux options:
CONFIG_NET
CONFIG_WIRELESS
CONFIG_CFG80211
CONFIG_CRC_ITU_T
CONFIG_CRC7
2) enable for SDIO bus:
CONFIG_MMC
3) enable for SPI bus:
CONFIG_SPI

Fixes:
http://autobuild.buildroot.net/results/d8c4f0f959dd2ec110db8a75980f13172c3c116c/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Kris Bahnsen <Kris@embeddedTS.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-24 22:59:35 +01:00
Peter Korsgaard
269c1e9368 Update for 2022.11-rc3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-11-24 17:47:01 +01:00
Peter Korsgaard
f93c47fad8 package/libkrb5: security bump to version 1.20.1
Fixes the following security issue:

CVE-2022-42898: In MIT krb5 releases 1.8 and later, an authenticated
attacker may be able to cause a KDC or kadmind process to crash by reading
beyond the bounds of allocated memory, creating a denial of service.  A
privileged attacker may similarly be able to cause a Kerberos or GSS
application service to crash.  On 32-bit platforms, an attacker can also
cause insufficient memory to be allocated for the result, potentially
leading to remote code execution in a KDC, kadmind, or GSS or Kerberos
application server process.  An attacker with the privileges of a
cross-realm KDC may be able to extract secrets from a KDC process's memory
by having them copied into the PAC of a new ticket.

Bugfix tarballs are located in the same directory as the base version, so
introduce LIBKRB5_VERSION_MAJOR.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2022-11-24 15:36:04 +01:00
Yann E. MORIN
45bb69c2bd package.libopenssl: fix enabling/disabling mdc2
Commit 3dbc86f098 (openssl: bump version, enable mdc2+camellia+tlsext)
form 2010-06-03, forced the build of mdc2. Commit a83d41867c
(package/libopenssl: add option to enable some features) added an option
to explicitly disable mdc2, but forgot to amend the existing enabling
option.

It appears that, like most (all?) openssl config options, mdc2 ends up
enabled unless explicitly disabled.

Additionally, mdc2 depends on DES, so without DES, mdc2 gets disabled.

So, drop the explicit enabling option, and make mdc2 select DES.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: "GAUTRON, Erwan" <erwan.gautron@bertin.fr>
Cc: "Weber, Matthew L Collins" <Matthew.Weber@collins.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2022-11-24 13:42:45 +01:00
Yann E. MORIN
d7178dd432 package/libopenssl: drop useless option for rc5
Commit a83d41867c (package/libopenssl: add option to enable some
features) added an option to enable rc5. However, since commit
1fff941219 (Fixup non-x86 openssl build), dated 2002-12-30, rc5
has always been forcibly disabled in Buildroot.

Given that it was unconditionally disabled all this time, and no
one complained, it means there is virtually no-one using rc5, so we
can just drop the option.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: "GAUTRON, Erwan" <erwan.gautron@bertin.fr>
Cc: "Weber, Matthew L Collins" <Matthew.Weber@collins.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2022-11-24 13:39:36 +01:00
Michael Nosthoff
a11b36089b package/swupdate: add libubootenv as optional dependency
If the swupdate configuration contains CONFIG_UBOOT=y it uses
libubootenv to access the U-Boot environment.

We don't have Buildroot config options for all the different optional
dependencies of swupdate, instead we rely on the user to select the
appropriate packages and simply add the dependency in the .mk file. Do
this for libubootenv as well. swupdate doesn't have anything like
HAVE_LIBUBOOTENV, it just assumes libubootenv is available.

Fixes:
bootloader/uboot.c:23:10: fatal error: libuboot.h: No such file or directory
   23 | #include <libuboot.h>

Note that libubootenv is normally built before swupdate (alphabetical
ordering), so the error only occrus with BR2_PER_PACKAGE_DIRECTORIES or
when building swupdate directly.

Note that the autobuilders don't have this error, because they only
build swupdate with a default configuration that doesn't have U-Boot
support.

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2022-11-24 13:15:11 +01:00
Fabrice Fontaine
e3959a0390 package/heimdal: security bump to version 7.7.1
This release fixes the following Security Vulnerabilities:

- CVE-2022-42898 PAC parse integer overflows
- CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and
  arcfour
- CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of
  array
- CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
- CVE-2021-3671 A null pointer de-reference when handling missing sname
  in TGS-REQ
- CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec

  Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0
  on the Common Vulnerability Scoring System (CVSS) v3, as we believe
  it should be possible to get an RCE on a KDC, which means that
  credentials can be compromised that can be used to impersonate
  anyone in a realm or forest of realms.

  Heimdal's ASN.1 compiler generates code that allows specially
  crafted DER encodings of CHOICEs to invoke the wrong free function
  on the decoded structure upon decode error. This is known to impact
  the Heimdal KDC, leading to an invalid free() of an address partly
  or wholly under the control of the attacker, in turn leading to a
  potential remote code execution (RCE) vulnerability.

  This error affects the DER codec for all extensible CHOICE types
  used in Heimdal, though not all cases will be exploitable. We have
  not completed a thorough analysis of all the Heimdal components
  affected, thus the Kerberos client, the X.509 library, and other
  parts, may be affected as well.

  This bug has been in Heimdal's ASN.1 compiler since 2005, but it may
  only affect Heimdal 1.6 and up. It was first reported by Douglas
  Bagnall, though it had been found independently by the Heimdal
  maintainers via fuzzing a few weeks earlier.

  While no zero-day exploit is known, such an exploit will likely be
  available soon after public disclosure.

- CVE-2019-14870: Validate client attributes in protocol-transition

- CVE-2019-14870: Apply forwardable policy in protocol-transition
- CVE-2019-14870: Always lookup impersonate client in DB

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 23:30:45 +01:00
Yegor Yefremov
ecc33ec02a utils/scanpypi: add LICENCE.TXT to the list of the license files
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 23:20:20 +01:00
Vincent Stehlé
2cda2584fb configs/qemu_aarch64_ebbr: add host-qemu
Add the host-qemu package to enable testing on gitlab.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:42:33 +01:00
Vincent Stehlé
40c05259d8 boot/edk2: refine license
The edk2 project is licensed under the BSD-2-Clause license with a patent
grant, as per commit 304bff7223a8 ("edk2: Change License.txt from 2-Clause
BSD to BSD+Patent").

There is a BSD-2-Clause-Patent SPDX license identifier[1] for this case,
therefore refine the edk2 package to use this more specific identifier.

[1]: https://spdx.org/licenses/BSD-2-Clause-Patent.html

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:38:33 +01:00
Vincent Stehlé
9bd1266983 package/edk2-platforms: refine license
The edk2-platforms project is licensed under the BSD-2-Clause license with
a patent grant, as per commit ae604e4ffe8f ("edk2-platforms: Change
License.txt from 2-Clause BSD to BSD+Patent").

There is a BSD-2-Clause-Patent SPDX license identifier[1] for this case,
therefore refine the edk2-platforms package to use this more specific
identifier.

[1]: https://spdx.org/licenses/BSD-2-Clause-Patent.html

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:38:19 +01:00
Peter Korsgaard
39a2ff16f9 package/python3: add upstream security fix for CVE-2022-45061
Fixes the following security issue:

CVE-2022-45061: An issue was discovered in Python before 3.11.1.  An
unnecessary quadratic algorithm exists in one path when processing some
inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably
long name being presented to the decoder could lead to a CPU denial of
service.  Hostnames are often supplied by remote servers that could be
controlled by a malicious actor; in such a scenario, they could trigger
excessive CPU consumption on the client attempting to make use of an
attacker-supplied supposed hostname.  For example, the attack payload could
be placed in the Location header of an HTTP response with status code 302.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-11-23 11:03:15 +01:00
Brandon Maier
13dc57c94f boot/uboot/uboot.mk: fix zynqmp without pmufw
Commit d07e6b70 (boot/uboot/uboot.mk: add pmufw.elf support) broke
configurations where the UBOOT_ZYNQMP_PMUFW was blank. Previously it
would set the U-Boot CONFIG_PMUFW_INIT_FILE to the blank string, but now
it will set it to ".bin" which causes U-Boot to fail to build.

Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Reviewed-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-11-23 11:01:58 +01:00
Peter Korsgaard
f157a11362 {linux, linux-headers}: bump 4.{9, 14, 19}.x / 5.{4, 10, 15, 19}.x / 6.0.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-11-23 11:01:46 +01:00
Michael Fischer
73f04f7f0c package/gnupg2: bump version to 2.3.8
Brings a number of fixes: https://dev.gnupg.org/T6106

Add patch 0001 to fix undefined reference to `ks_ldap_free_state'
backported from commit 7011286ce6e1fb56c2989fdafbd11b931c489faa

Signed-off-by: Michael Fischer <mf@go-sys.de>
[Peter: add changelog info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-11-23 11:00:51 +01:00
Marek Metelski
ef6c9da9d2 package/gitlab-runner: fix inconsistency of systemd and sysv daemons
Copy default $DAEMON_ARGS from systemd service to sysv init script.

Make GITLAB_RUNNER_USER home directory the same as default
--work-directory (-d) flag.

Run sysv daemon process using root user (remove -c option)
This is needed to correctly access config files as specified.
System access can still be limited with gitlab-runner `--user` flag.

Use same $DAEMON_ARGS variable name so it can be overwritten in
/etc/default/gitlab-runner environment file in both cases.

Signed-off-by: Marek Metelski <marek.metelski@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 22:49:01 +01:00
James Hilliard
47659b4f34 package/iwd: add dbus compile time dependency
In 5b3b2d80f4 we dropped dbus as a build
dependency, however we still need it when building with systemd so
that the service directory is available via pkg-config.

In addition we can drop --with-dbus-datadir by unconditionally
requiring dbus as the datadir will then be fetched from pkg-config.

Fixes:
checking D-Bus bus services directory... configure: error: D-Bus bus services directory is required

  http://autobuild.buildroot.net/results/4a48676460e6ce588897598f0022ec840b4b4b8d/

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 22:34:22 +01:00
Vincent Stehlé
79591b7667 boot/edk2: fix the build for arm sgi575
The edk2 package can be configured for platform Arm Sgi575 but this
does not build correctly:

Usage: build.exe [options] [all|fds|genc|genmake|clean|cleanall|cleanlib|modules|libraries|run]

build.exe: error: option -a: invalid choice: '-b' (choose from 'IA32', 'X64', 'EBC', 'ARM', 'AARCH64', 'RISCV64')
make[1]: *** [package/pkg-generic.mk:293: /home/thomas/buildroot/buildroot/output/build/edk2-edk2-stable202102/.stamp_built] Error 2
make: *** [Makefile:84: _all] Error 2

Add the necessary definitions to fix the build.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 22:27:18 +01:00
Giulio Benetti
08a013d25a package/rtl8189es: bump to latest version to fix build failure with Linux >= 6.0
Drop local patch that has been upstreamed[0] and drop the endianness
handling too since from this commit[1] on it's handled by using Linux
macro __LITTLE_ENDIAN.

[0]: 4a555ffb77
[1]: b3da33576d

Fixes:
http://autobuild.buildroot.net/results/6178fbfbe9fe762645b1907c4ceb032a00e75a89/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-21 22:51:34 +01:00
Miquel Raynal
124fc473dd package/mali-driver: remove Miquèl from the DEVELOPERS list
I am not really maintaining these packages, I don't follow closely
enough nor use them to take the time to make the necessary changes.
Giulio has been much more reactive than me to fix issues and he is
already listed for them anyway.

Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-21 22:48:28 +01:00
Giulio Benetti
354f9387f3 package/rtl8723ds: fix build failure due to endianness and Linux version 6.0
Add local patch pending upstream[0] to override CFLAGS to set endianness
according to BR2_ENDIAN. Let's also bump version to latest to support up to
Linux 6.1.

[0]: https://github.com/lwfinger/rtl8723ds/pull/29

Fixes:
http://autobuild.buildroot.net/results/2646ec0512f867e20c25c1d0a6417826218942d6/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-21 22:33:57 +01:00
Bernd Kuhls
6ebfe647b6 package/mesa3d: fix uClibc build
Moved the util/compiler.h include to util/macros.h due to upstream
commit which added static_assert() to src/util/macros.h
https://cgit.freedesktop.org/mesa/mesa/commit/src/util/macros.h?h=22.2&id=f1023571e8ce7ccb6ec7bc115240cb76aef3e5e5

Please note that this patch can be removed when buildroot toolchains
are updated to uClibc 1.0.42:
https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?h=v1.0.42&id=03fbd941e943976bb92cb392882c2ff7ec218704

Fixes:
http://autobuild.buildroot.net/results/a55/a55d6980faad8b5063f8f4f8b89467061d44a2ae/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-21 22:21:09 +01:00