Fixes the following security issues:
CVE-2024-32473: Ensure IPv6 is disabled on interfaces only allocated an IPv4
address by the engine
https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Builds the spi-nor.img together with the sdcard.img.
Readme is extended with SPI NOR flash writing instructions
and recovery.
The spi-nor.img layout is based on the following document:
https://doc-en.rvspace.org/VisionFive2/Boot_UG/JH7110_SDK/boot_address_allocation.html
Signed-off-by: Lukasz Tekieli <tekieli.lukasz@gmail.com>
[Arnout: extend readme.txt with paragraph that either boot mode works.]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The configuration is based on defconfig from starfive's kernel fork [1].
[1] 076ede06c0/arch/riscv/configs/starfive_visionfive2_defconfig
Signed-off-by: Lukasz Tekieli <tekieli.lukasz@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The 6.7.x series is now EOL upstream, so drop the linux-headers option
and add legacy handling for it.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Remove ac_cv_prog_cc_c99; axel has been updated to autoconf 2.72, whose C99
test is compatible with BR2_USE_WCHAR=n.
Signed-off-by: Ismael Luceno <ismael@iodev.co.uk>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Adjust DTS_NAME to current kernel source tree location of DTs in
per-vendor directories.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6665749909
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2021-3575: A heap-based buffer overflow was found in openjpeg in
color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An
attacker could use this to execute arbitrary code with the permissions of
the application compiled against openjpeg.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because
strcpy is used instead of strncpy.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Reviewed-by: J. Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Note that, although not explicitly specified in the changelog, version
3.7 renamed the file COPYING to LICENSE, requiring corresponding changes
in Bildroot related to the license file (specifically, the name and hash).
Release notes:
- bmap-tools 3.7:
* Use GitHub Actions for CI (#109)
* Add `poetry` for dependency management and `black` for code
formatting (#104)
* Add functionality for copying from standard input (#99)
* Switch from gpg to gpgme module (#103)
- bmaptool 3.8.0:
* use 'df -P' for POSIX portable output
* bmaptool has new maintainers
* bmaptool has a new home
* bmaptool is now only called 'bmaptool' and not one of a dozen such
variations
* switch to use an X.Y.Z versioning number scheme
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Historically, the package was named bmap-tools, and that's the name
under which it was introduced in Buildroot. Since then, it has moved to
a new home (i. e. to https://github.com/yoctoproject/bmaptool) under the
Yocto Project umbrella, and got renamed to bmaptool. To avoid useless
churn, we keep the old symbols, and just refer to bmaptool in the
prompt.
Link: https://patchwork.ozlabs.org/project/buildroot/patch/20240413131757.3627575-2-dario.binacchi@amarulasolutions.com
Suggested-by: Yann E. Morin <yann.morin.1998@free.fr>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As reported in the README file of the old GitHub URL (i.e.
https://github.com/intel/bmap-tools), "The code at this location is no
longer maintained and will likely be removed in the future. This project
has moved to https://github.com/yoctoproject/bmaptool".
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Notable changes:
- The web terminal is readonly by default now, to make it writable, use
-W option.
Also set TTYD_CPE_ID_VALID.
cpe:2.3🅰️ttyd_project:ttyd is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/detail/DBEDA75E-4E19-48C1-92D7-43E4035BC048
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
[yann.morin.1998@free.fr: move CPE_ID_VALID to its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Also a runtime testcase is added.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr:
- fix check-package
- small codign style in test sample
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
/dev/shm is a world-writable directory, like /tmp, and should also
have the sticky bit set. Without this, any user can delete and
replace another user's files in /dev/shm.
This bug has been present since /dev/shm was added to the skeleton
/etc/fstab, but appears to have been fixed for systems using systemd
by commit 76fc9275f1 "system: separate sysv and systemd parts of the
skeleton" which went into Buildroot 2017.08.
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
Fixes: 22fde22e35
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
TestATFVexpress is using vexpress_aemv8a_juno as as u-boot defconfig
but the Buildroot defconfig of this board was removed in 2022.11 [1]
Since both TestATFVexpress and TestATFAllwinner are now using mainline
ATF, we don't really need several ATF test anymore. Initially [2],
several runtime test were added to test ATF/U-Boot combinations when
ATF was provided by a vendor: vexpress (mainline), Allwinner and
Marvell.
Keep TestATFAllwinner as ATF mainline test.
[1] 347c108738
[2] 8cf3ce04e9
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
u-boot-2021.04 seems to be broken when pylibfdt support is enabled
and the latest python3/setuptools are used.
Since the TestATFAllwinner is using bananapi_m64 as u-boot defconfig
but the Buildroot defconfig of this board was removed in 2022.11 [1]
update TestATFAllwinner to use a newer BSP. Use the one provided
by orangepi_zero_plus2_defconfig.
[1] daf3c6661f
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6477656317 (TestATFAllwinner)
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit ccb4e5db5c ("utils/check-package: emit library name along with check function name")
updated the .checkpackageignore format but forgot to update
.checkpackageignore files used in TestCheckPackage.
Keep .checkpackageignore_outdated as is since it must be outdated.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6568786785
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The last version bump removed python-pyopenssl runtime dependency but
doing so also removed the python-cryptography runtime depdency [1] that
is actually a direct runtime dependency.
While at it, update BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS
dependency comment.
[1] 6008f2b1b9
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6477656983 (TestPythonPy3ServiceIdentity)
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The last version bump removed python-setuptools runtime dependency
but doing so also removed the python3-pyexpat and python3-zlib
runtime depdencies [1] that are actually direct runtime
dependencies.
[1] 081162580f
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6477656982 (TestPythonPy3Segno)
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the toolchain Bootlin update to 2023.11-1 [1], the arm Linux
kernel build is broken with binutils >= 2.41 with:
arch/arm/mm/proc-v7.S: Assembler messages:
arch/arm/mm/proc-v7.S:640: Error: junk at end of line, first unrecognized character is `#'
A similar issue has already be fixed for qemu m68k [2].
Bump to the latest kernel 4.19 that already include the backport
of 790756c7e022 ("ARM: 8933/1: replace Sun/Solaris style flag on section directive")
[1] 7e0e6e3b86
[2] a1ce9474e4
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6414160106 (TestFileCapabilities)
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This version allows to build with Linux 6.9.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With this version we can build with Linux 6.9.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file was updated for two reasons:
* This version now bundles ntlmclient. NTLM support is disabled by
the buildroot package.
* The bundled zlib version (that buildroot does not use) was updated and
its copyright years changed.
This version also adds support for using the SSH binary (at an hardcoded
/usr/bin/ssh path) instead of using libssh2.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
