Fixes the following security issue:
AST-2019-001: Remote crash vulnerability with SDP protocol violation
When Asterisk makes an outgoing call, a very specific SDP protocol violation
by the remote party can cause Asterisk to crash (CVE-2019-7251)
https://downloads.asterisk.org/pub/security/AST-2019-001.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump kernel, U-Boot and ATF packages to the NXP imx_4.14.78_1.0.0_ga
release.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In particular update to solve an issue where LVM would fail to
initialise LVM devices when asynchronous IO was not available and it
would fail to fall back to synchronous IO. [0][1]
[0] https://bugzilla.redhat.com/show_bug.cgi?id=1650652
[1] https://github.com/open-power/petitboot/issues/60
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bumped the version of eigen to 3.3.7, which fixes issues when compiling with GCC7 (notably int-in-bool-context errors, fixed in 3.3.5), in addition to various other issues noted in the eigen change logs: http://eigen.tuxfamily.org/index.php?title=ChangeLog
Legal hashes are unchanged in 3.3.7
Signed-off-by: Reed Nightingale <reed.nightingale@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Qt 5.6: according to configure --help the command line option to
enable x11 xkbcommon support is '-system-xkbcommon-x11'
- Qt 5.12: according to configure --help the command line option to
enable xkbcommon support is '-xkbcommon'
Fixes [1]:
ERROR: Invalid value given for boolean command line option 'xkbcommon'.
[1] http://autobuild.buildroot.net/results/87076d03bb92a9940447ca80fc1f202e35ef39da
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patches 4..6 as they are now upstream.
Update the hash of the license file as the copyright dates changed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the advisory:
Jann Horn identified a problem in current versions of
libseccomp where the library did not correctly generate 64-bit syscall
argument comparisons using the arithmetic operators (LT, GT, LE, GE).
Jann has done a search using codesearch.debian.net and it would appear
that only systemd and Tor are using libseccomp in such a way as to
trigger the bad code. In the case of systemd this appears to affect
the socket address family and scheduling class filters. In the case
of Tor it appears that the bad filters could impact the memory
addresses passed to mprotect(2).
The libseccomp v2.4.0 release fixes this problem, and should be a
direct drop-in replacement for previous v2.x releases.
https://www.openwall.com/lists/oss-security/2019/03/15/1
v2.4.0 adds a new scmp_api_level utility, so update 0001-remove-static.patch
to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes some omissions from the installation.
Install the udev rules.
Tell buildroot about the fuse device.
Apply setuid permissions on the fusermount tool.
Signed-off-by: Norbert Lange <norbert.lange@andritz.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The fields in /etc/shadow were set as follows:
root::10933:0:99999:7:::
This sets the date of last password change to Jan 1, 2000, the minimum
password age to 0 days, the maximum password age to near-infinity, and a
warning period of 7 days. In practice, this means the password never
expires. So all of this is quite useless.
On the other hand, mkusers creates lines without all of these options.
It just sets ::::: which disables password expiration completely.
To make things consistent, do the same for the skeleton entries.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix TA build command to build TA libraries before TAs.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When the trusted firmware is built with debug support (DEBUG defined),
the generated images are located in a different path compared to a
build without debug support. The non debug images are located in
generated directory build/<platform>/release/ while the debug images
are located in generated directory build/<platform>/debug/.
This change introduces the boolean option
BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG to define whether the release or
debug configuration is used to build trusted firmware.
Note that enabling trusted firmware debug support using
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES="... DEBUG=1 ..."
would not work since Buildroot will try to copy the generated files
from the wrong path.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change allows one to build trusted firmware (TF-A) with OP-TEE as
BL32 secure payload.
When BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT is enabled TF-A
builds a BL32 stage according the TF-A configuration directive. If
these specify no BL32 stage then TF-A will build without BL32
support. This is the default configuration and reflects TF-A legacy
integration in BR.
When BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE is enabled TF-A builds
with support for the OP-TEE OS as BL32.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas: rename config options, simplify option prompts, and rework
option description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change allows one to build the TF-A (Trusted Firmware A) for
32bit architectures Armv7 and Armv8 platforms. TF-A supports these
configuration since release v1.5.
Change dependency on BR2_aarch64 into a dependency on either
BR2_ARM_CPU_ARMV8A/BR2_ARM_CPU_ARMV7A to better define
the target architectures supported by the package.
Set package configuration directive ARM_ARCH_MAJOR according to
BR2_ARM_CPU_ARMV8A/BR2_ARM_CPU_ARMV7A. Set package configuration
directive ARCH based on BR2_aarch64/BR2_arm.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This upgrades to version 48 plus the last commits done after that.
Note, that after that, gummiboot is officially dead, so there will
be no more upstream commits after this.
For various reasons, there are still users of gummiboot, so let's base our
work on the latest gummiboot "version".
Signed-off-by: Esben Haabendal <esben@haabendal.dk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://mariadb.com/kb/en/library/mariadb-10313-release-notes/
Changelog:
https://mariadb.com/kb/en/mariadb-10313-changelog/
Fixes the following security vulnerabilities:
CVE-2019-2510 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and
prior and 8.0.13 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2019-2537 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.6.42
and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
Note that the hash for README.md changed due to Travis CI and Appveyor CI
updates.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default, gesftpserver wants to treat al warnings as errors, but there
is an actual warning in the release, so we quiesce that by not treating
warnings as errors.
We also backport a patch from upstream, to fix the ordering of some
fields when sending file attributes.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit c46afc37dc changed bluez5-utils
dependency by bluez5_utils-headers without replacing the test on
BR2_PACKAGE_BLUEZ5_UTILS by BR2_PACKAGE_BLUEZ5_UTILS_HEADERS
Fix this mistake and also add a select on
BR2_PACKAGE_BLUEZ5_UTILS_HEADERS if BR2_PACKAGE_BLUEZ5_UTILS is set
so the user does not have to do it
Fixes:
- http://autobuild.buildroot.org/results/c6828df1f3782564451ddd4187ff026679bf37d8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The update of angularjs to 1.7.8 in commit
00dcde3eb1 broke legal-info for this
package, because the hash of the license file changed.
In fact, we are using angular.js as the license file and obviously it
is likely to change between each release. The new angular.js still
specifies a MIT license, so we can update the license file hash.
Fixes:
http://autobuild.buildroot.net/results/0b8ad8d8384d605c2230e862548ccaba1f06d9b0/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If libselinux is selected, explicitly set --enable-selinux in the
configure options and build the library first.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We will need to build Image files for OpenSBI so allow that now.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 78d4ddbf3b removed all patches so
autoreconf is not needed anymore
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the config layout, no functional change.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove old webrtc Config.in.legacy entry introduced by [1] (misnamed
webrtc option was introduced with 2017.02, renamed to webrtcdsp for
2017.08 and although backported to 2017.02.4)
[1] https://git.buildroot.net/buildroot/commit/?id=4c06d2490a07f0b88f42c56c7409899fd2f5608a
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit 7ec7ba5405, as it
causes build failures of host-gdb:
/usr/bin/ld: /home/buildroot/autobuild/instance-0/output/host/lib/libiberty.a(cplus-dem.o): relocation R_X86_64_PC32 against symbol `_sch_istable' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Bad value
Indeed, the host-gdb build picks up the libiberty installed in
$(HOST_DIR) instead of using its own internal version. This needs to
be addressed before we can make host-binutils install libiberty in
$(HOST_DIR).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit 0bb0f2ba84, because
using "host-binutils" is not correct as it should only be used with
internal toolchains, and not external toolchains.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line
This is often for example the case on sparcv8 32 bit.
Fixes:
- http://autobuild.buildroot.org/results/b941a3deaa57cac79f1686d47ca6ababf2f0d5e4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit bc51605259.
which adds a dependency on python3 as well as adddtional python runtime
modules. So revert this patch to polish a better bump.
Fixes:
- http://autobuild.buildroot.org/results/7d765d2b15bfe72b05de62e86a01d57f1696c837
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Combining musl and binutils 2.31.1 will produce static applications
that crash immediately. This commit picks up 3 upstream commits to
remedy this.
See https://sourceware.org/bugzilla/show_bug.cgi?id=23428
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
