- Fix CVE-2020-10932: fix side channel in ECC code that allowed an
adversary with access to precise enough timing and memory access
information (typically an untrusted operating system attacking a
secure enclave) to fully recover an ECDSA private key.
- Fix a potentially remotely exploitable buffer overread in a DTLS
client when parsing the Hello Verify Request message.
- Fix bug in DTLS handling of new associations with the same parameters
(RFC 6347 section 4.2.8): after sending its HelloVerifyRequest, the
server would end up with corrupted state and only send invalid records
to the client. An attacker able to send forged UDP packets to the
server could use that to obtain a Denial of Service. This could only
happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in
config.h (which it is by default).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As of upstream commit 3a5e6219a2b62af076caa4f37fab9258165ec266 msgpack
is now required.
License hash change is due to date update in upstream commit
cf83d1d429ecebb093f6eaab773bd41c251530ca.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
License hash change is due to httplib2 package version number update.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop upstream patches.
Remove CVE annotation; issue fixed upstream.
Depend on MMU. Upstream removed support for fork-less targets (commit
48d12f14c9c).
Reformat hashes file with two spaces delimiter. Remove stale 2.79
tarball hash entry.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
By default, exim stores its PID file in /var/spool/exim, and its log
file in /var/spool/exim/log, but it makes a lot more sense to have the
logs in /var/log/exim and the PID file in /var/run/exim.
Using binary name subdirectory in both cases allows for the use of
systemd's LogsDirectory and RuntimeDirectory statements
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patch applied upstream in updated form:
2122fe08cc
Added new patch to fix subsequent build error on mips.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Thomas: add PSF-2.0 to the licenses and LICENSE.PSF to the license files.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add initial support for Nanopi R1 board with below features:
- U-Boot 2019.01
- Linux 5.0
- Default packages from buildroot
Configuration files taken from Armbian:
https://github.com/armbian/build/blob/master/patch
Signed-off-by: Davide Viti <zinosat@gmail.com>
[Thomas: move U-Boot config and DT to board/friendlyarm/nanopi-r1/uboot/]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switched _SITE to https.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Changelog: https://www.glfw.org/changelog.html
Updated license hash due to upstream commit:
f764836e58
xlib_libXi is now a mandatory dependency:
9cc83cf07fb383e70021
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The hash of the NOTICE file has changed due to update in copyright year
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2020-1730: Possible DoS in client and server when handling
AES-CTR keys with OpenSSL.
Format hash file with two spaces delimiter.
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Used to launch qemu tests for various qemu architectures.
Neverthless to say that this file skips any other job
different from qemu (only qemu configurations are
runtime tested).
Add the log generated by Qemu to the build artefacts.
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This script is intended to be used by gitlab CI to test at runtime Qemu
images generated by Buildroot's Qemu defconfigs.
This allows to troubleshoot different issues that may be associated with
defective builds by lanching a qemu machine, sending root password,
waiting for login shell and then perform a shutdown.
This script is inspired by toolchain builder [1] and the Buildroot
testing infrastructure.
The gitlab CI will call this script for each defconfig build but only
Qemu defconfig will be runtime tested, all others defconfig are ignored.
Some Qemu defconfig must be used with a specific Qemu version (fork)
that is not always available, so the script doesn't error out when it
can't spawn a missing command. That condition is anyway printed in the
log.
Finally, the script start Qemu like it's done for the Buildroot
testing infrastructure (using pexpect).
Note:
We noticed some timeout issues with pexpect when the Qemu machine is
powered off. That's because Qemu process doesn't stop even if the
system is halted (after "System halted"). So the script doesn't error
out when such timeout occure. The behaviour depends on the architecture
emulated by Qemu.
[1] https://github.com/bootlin/toolchains-builder/blob/master/build.sh
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit allow to use the post-image script previously added
for each qemu board.
Add "$(BR2_DEFCONFIG)" as post-image script argument to retried
the qemu command line.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit add a post-image script to be used by each qemu board
defconfig in order to generate start-qemu.sh in BINARIES_DIR. The
start-qemu.sh script can be used by Buildroot user to start Qemu
or by a gitlab CI.
To find the correct qemu command line, we use the second post script
argument which must contain "$(BR2_DEFCONFIG)"
BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_DEFCONFIG)"
The post-image script expect something like
"/path/to/qemu_aarch64_virt_defconfig" in BR2_DEFCONFIG.
Doing a basename allow to retrieve the name of the defconfig file that
should match on on the "tag" previously introduced in readme.txt files.
For running in the CI, as well as running from a remote machine (e.g. on
a remote build machine), it is better not to start in graphical mode,
but only with the serial line attached to the terminal. The post-build
script prepares two sets of arguments for each case, graphical or
serial, and stores them in the start-qemu.sh script, which then decodes
which to use, based on an argument on the command line (default is still
graphical)
sh4/sh4eb needs a special handling by adding "-serial stdio -display
none"; others only require "-nographics". Some qemu command lines
already contain "-serial stdio", but that does not play nicely with
"-nographics", we remove that when going serial-only (although this
might seem counter-intuitive).
Finally, we ensure the script uses our qemu-system (if it was built).
Signed-off-by: Romain Naour <romain.naour@smile.fr>
[yann.morin.1998@free.fr:
- drop the knowledge about gitlab-ci, replace with an argument to
pass to start-qemu.sh
- adapt the commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit add the name of the Qemu defconfig file after each
qemu command line in order to retrieve it easily.
Since a readme.txt can be shared between several Qemu defconfig, we
need at least one qemu command line in readme.txt for each defconfig.
For now, ignore the qemu_arm_vexpress_tz_defconfig since it fail to build
due to python script issue [1]. Anyway the arm vexpress boot is tested
with qemu_arm_vexpress_defconfig.
[1] http://lists.busybox.net/pipermail/buildroot/2020-February/273738.html
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
There is no reason to create boot.scr in board/udoo/neo and later
install it in TARGET_DIR/boot, leaving a stale file behind.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is no reason to create boot.scr in board/solidrun/mx6cubox and
later install it in TARGET_DIR/boot, leaving a stale file behind.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is no reason to create boot.scr at board/wandboard and later
install it at TARGET_DIR/boot, leaving a stale file behind.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Update dependency list withn python-entrypoints.
* The need for Python 3.x is no longer only related to
python-secretstorage: python-keyring itself also works only with
Python 3.x
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
