The hash of the license file is only changed due to a year update:
-Copyright (c) 2015-2016, angt
+Copyright (c) 2015-2019, angt
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump to latest official version.
Signed-off-by: Markus Steinhilber <markus.steinhilber@erbe-med.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
OP-TEE performance benchmark tools for the OP-TEE project.
This packages generates embedded Linux based OS materials used
to retrieve execution timing information on invocation of the
OP-TEE secure services.
It is added next to the OP-TEE client package in BR configuration.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas:
- drop version selection
- propagate the dependency of optee-client]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
OP-TEE test package provide test materials as part of the OP-TEE
project helping platforms to verify their OP-TEE components
against a set of regression and performance tests.
Package is added in the BR package configuration next to the
OP-TEE client package.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0 with an added patch to fix an issue
reported by recent GCC toolchains.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas:
- drop version selection
- propagate !BR2_STATIC_LIBS dependency of optee-client
- make sure BR2_TARGET_OPTEE_OS_SDK is selected
- use a patch generated by git format-patch
- simplify the construct to build the examples]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package generates embedded Linux based OS userland client
applications and OP-TEE OS trusted applications all embedded in the
file system. These applications shows how to use the APIs OP-TEE OS is
based on, both in the non secure and secure worlds.
Package is added next to the OP-TEE client package in the BR package
configuration.
This change references in Buildroot the today's latest OP-TEE revision
release tagged 3.4.0 with an added patch to fix an issue reported by
recent GCC toolchains.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas:
- drop version selection
- propagate !BR2_STATIC_LIBS dependency of optee-client
- make sure BR2_TARGET_OPTEE_OS_SDK is selected
- use a patch generated by git format-patch
- simplify the construct to build the examples]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
OP-TEE client API library and supplicant daemon from the
OP-TEE project are packaged in package/optee-client. An init script
launches the tee-supplicant deamon. Package is added to the
Security menu of BR configuration.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas:
- remove version selection
- add dependency on !BR2_STATIC_LIBS, as it unconditionally builds a
shared library]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a maintenance release of the current stable WPE WebKit version,
which contains security fixes for CVE identifiers: CVE-2019-6212,
CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226,
CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, and CVE-2019-6234.
Additionally, it contains a few minor fixes.
Release notes can be found in the announcement:
https://wpewebkit.org/release/wpe-2.22.4.html
More details on the issues covered by securit fixes can be found
in the corresponding security advisory:
https://wpewebkit.org/security/WSA-2019-0001.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This release fixes contains a small fix which allows calling the
backend initialization routine more than once. Release notes:
https://wpewebkit.org/release/wpebackend-fdo-1.0.1.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit eae18d01ab "libmad: needs
autoreconf", autoreconf builds an up to date ltmain.sh so remove
LIBMAD_LIBTOOL_PATCH = NO which is not needed anymore
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes since f56f329:
0a454bc makefile: also honor LDFLAGS
9e59ba9 edid-decode: update links, add README
7684918 edid-decode: README: updates
bc1e846 edid-decode: reformat to linux kernel coding style
9cb3744 edid-decode: fix spurious warning about string termination
3b26b8a edid-decode: fix wrong sample rate unit
4437dd9 edid-decode: use const for unsigned char pointers to the EDID
eee377b edid-decode: add support for QuantumData 980 EDID file format
7d8f41f edid-decode: simplify data block parsing
8c81ccf Add Samsung UE49KS8005 EDID
ab18bef edid-decode: add HDMI Forum VSDB fields for HDMI 2.1b
e9ffafc edid-decode: add options and new output formats
b2da151 edid-decode: add --extract and --check options
5eeb151 edid-decode: replace AdobeYCC/RGB by opYCC/RGB
6def7bc edid-decode: make it easier to find the out-of-range monitor values
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Linux version are changed to 4.19.16 (LTS) for all qemu defconfigs,
except for riscv. riscv defconfigs are left unchanged because they have
a custom Linux repository causing more difficulties when upgrading to
4.19 for riscv32. And for the riscv64, it has been updated recently to
Linux 4.20 by another contributor.
Patch for arm-versatile-nommu is changed into a git format
Add cache attributes for xtensa-lx60-nommu config because the commit
7bb516ca54
added a new config variable for memory cache attribute:
CONFIG_MEMMAP_CACHEATTR
All these updated configs have been built successfully.
Signed-off-by: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For details, see https://github.com/snyk/zip-slip-vulnerability
Older python versions do not validate that the extracted files are inside
the target directory. Detect and error out on evil paths before extracting
.zip / .tar file.
Given the scope of this (zip issue was fixed in python 2.7.4, released
2013-04-06, scanpypi is only used by a developer when adding a new python
package), the security impact is fairly minimal, but it is good to get it
fixed anyway.
Reported-by: Bas van Schaik <security-reports@semmle.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the startup warning from Docker:
failed to retrieve runc version: unknown output format: runc version commit ...
Introduces a patch to replace the faulty version detection logic in the Docker
engine.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Here is the list of the changes compared to the removed mongodb 3.3.4
version:
- Remove patch (not applicable anymore)
- Add patch (sent upstream) to fix openssl build with gcc 7 and
-fpermissive
- Remove 32 bits x86 platforms, removed since version 3.4:
https://docs.mongodb.com/manual/installation/#supported-platforms
- Change license: since October 2018, license is SSPL:
- https://www.mongodb.com/community/licensing
- https://jira.mongodb.org/browse/SERVER-38767
- gcc must be at least 5.3 so add a dependency on gcc >= 6
- Add a dependency on host-python-xxx modules:
https://github.com/mongodb/mongo/blob/r4.0.6/docs/building.md
- Use system versions of boost, pcre, snappy, sqlite, yaml-cpp and zlib
instead of embedded mongodb ones
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-python-typing is needed for mongodb 4.0.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-libyaml is needed for host-python-pyyaml
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The vulnerability allows a malicious container to (with minimal user
interaction) overwrite the host runc binary and thus gain root-level
code execution on the host. The level of user interaction is being able
to run any command (it doesn't matter if the command is not
attacker-controlled) as root within a container in either of these
contexts:
* Creating a new container using an attacker-controlled image.
* Attaching (docker exec) into an existing container which the
attacker had previous write access to.
For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2019/02/11/2
The fix for this issue uses fexecve(3), which isn't available on uClibc, so
add a dependency on !uclibc to runc and propagate to the reverse
dependencies (containerd/docker-engine).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
runc (which is a reverse dependency of docker-engine) is about to gain a
!uclibc dependency, so move to a glibc toolchain instead.
There are currently no prebuilt x86_64 / core2 / glibc toolchains available,
so instead use the internal toolchain backend to build one.
While we are at it, drop the infra.basetest.BASIC_TOOLCHAIN_CONFIG
reference, as that ARM toolchain configuration doesn't make any sense for
this x86-64 based test.
add docker / docker-compose tests
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2019-1000019: Crash when parsing some 7zip archives.
CVE-2019-1000020: A corrupted or malicious ISO9660 image can cause
read_CE() to loop forever.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
v3.2.0 has a bug in the configure step which causes it to fail when being
built against libressl. As libopenssl is selected as the default, the
autobuilders have not uncovered this failure. The issue has been confirmed
in LTS 2018.02.10 (probably broken prior to that as well) and is not
related to the Openssl bump to 1.1.x.
Thread with more details
http://lists.busybox.net/pipermail/buildroot/2019-February/243133.html
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2018-20330: Integer overflow causing segfault occurred when
attempting to load a BMP file with more than 1 billion pixels using the
`tjLoadImage()` function.
CVE-2018-19664: Buffer overrun occurred when attempting to decompress a
specially-crafted malformed JPEG image to a 256-color BMP using djpeg.
Cc: Murat Demirten <mdemirten@yh.com.tr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2019-6109: Due to missing character encoding in the progress
display, a malicious server (or Man-in-The-Middle attacker) can employ
crafted object names to manipulate the client output, e.g., by using
ANSI control codes to hide additional files being transferred. This
affects refresh_progress_meter() in progressmeter.c.
CVE-2019-6111: Due to the scp implementation being derived from 1983
rcp, the server chooses which files/directories are sent to the client.
However, the scp client only performs cursory validation of the object
name returned (only directory traversal attacks are prevented). A
malicious scp server (or Man-in-The-Middle attacker) can overwrite
arbitrary files in the scp client target directory. If recursive
operation (-r) is performed, the server can manipulate subdirectories as
well (for example, to overwrite the .ssh/authorized_keys file).
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adapt patch 0002 and 0003 for version 2019.01.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove upstream patch which is included in the new release.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For details see [1]:
- Fix build of static libraries with meson.
- New API: XKB_KEY_XF86MonBrightnessCycle/XKB_KEY_XF86RotationLockToggle
[1] https://lists.freedesktop.org/archives/wayland-devel/2019-February/039970.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Two quirks for specific devices, two little cleanups (for
details see [1])
- rebased 0001-meson.build-enable-CPP-include-check-only-in-case-CP.patch
[1] https://lists.freedesktop.org/archives/wayland-devel/2019-January/039864.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
[Thomas:
- add missing depends on BR2_HOST_GCC_AT_LEAST_4_8
- improve comments on depends on
- add missing "comment" for toolchain dependencies
- add missing "depends on BR2_PACKAGE_WPEWEBKIT_ARCH_SUPPORTS" on the
Config.in comment
- add missing "select BR2_PACKAGE_WAYLAND", which is needed to select
BR2_PACKAGE_WAYLAND_PROTOCOLS
- fix typoes in the JIT enabling code that was using
WEBKITGTK_CONF_OPTS instead of WPEWEBKIT_CONF_OPTS]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
