Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a
plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result
in a heap-based buffer over-read. This can be triggered by arbitrary
local users with access to Sudo by entering a password of seven
characters or fewer. The impact could vary depending on the compiler and
processor architecture.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit aaba432e2c (package/gawk: drop incorrect patch) was sent on the
list before e6942ad11f (package/gawk: fix double free during kernel
build) was applied. But when aaba432e2c was eventually applied, the
remaining patch was not renumbered.
Fix that now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We know the system will have a modern-enough C library that implements
the required snprintf() functionality. Since the configure stage can't
detect the system's capabilities (because it is cross-compiling), let's
hard-code the decision.
As a result, rsync won't be linking in its own copy of snprintf().
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 8cd06967b9 (gawk: bump version and migrate to autotargets)
added a patch that purportedly reduced the installation size by not
installing the versioned program (gawk-X.Y).
However, the versioned program is a hard-link to the unversioned one,
so, save for a directory entry, it does not take extra space in the
final image.
Drop that patch.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Back when support/testing/tests/package/test_gdb was introduced, there
was a significant difference in how gdb < 10 and gdb >= 10 were
handled in gdb.mk, which explained why we were testing both gdb 9.x
and gdb 11.x.
However, support for gdb 9.x has now been dropped, and we only support
gdb >= 10.x, so testing gdb 9.x and 11.x separately no longer make
much sense. In addition:
- other GDB tests in the same file already test the default version,
which is now 11.x, meaning we in fact have duplicated tests between
the ones testing the default version and the ones testing 11.x
specifically
- GDB 9.x has been removed, which means all the tests testing GDB 9.x
are failing, with a Config.in.legacy build error.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3249828456 (TestGdbHostOnly9x)
https://gitlab.com/buildroot.org/buildroot/-/jobs/3249828454 (TestGdbHostGdbserver9x)
https://gitlab.com/buildroot.org/buildroot/-/jobs/3249828451 (TestGdbHostGdbTarget9x)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The CPIO filesystem generated by the test_python_crossbar test is too
large, and doesn't fit as an initramfs in the 256MB of RAM available
in the versatilepb machine. This causes a "Initramfs unpacking failed:
write error" when booting, and many files being missing from the root
filesystem, ultimately causing the test to fail.
It would make sense to switch all test cases to use ext2 + a
hard-drive, but for now, let's fix the few test cases that are causing
problems.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3249828587
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It seems like on Gitlab CI, the runners are quite slow, and the Flask
server does not startup in the 15 seconds we give it. So increase this
to 30 seconds before trying to contact the Flask server.
Hopefully fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3249828594
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2022-41974: Authorization bypass
- CVE-2022-41973: Symlink attack
For more details, see the writeup:
https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
Update README.md hash after license-unrelated changes:
git shortlog 0.9.0..0.9.3 -- README.md
Konstantin Kharlamov (1):
README.md: mention libreadline and libedit optional deps
Xose Vazquez Perez (4):
multipath-tools: update devel repo info in README.md
multipath-tools: add ALUA info to README.md
multipath-tools: add basic info on how to use multipath-tools with NVMe devices
multipath-tools: add more info for NetApp RDAC arrays
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with libunistring raised since the
addition of the package in commit
ffb85a4a16:
/home/autobuild/autobuild/instance-2/output-1/per-package/libidn2/host/bin/../lib/gcc/aarch64-buildroot-linux-gnu/11.3.0/../../../../aarch64-buildroot-linux-gnu/bin/ld: warning: libunistring.so.2, needed by ../lib/.libs/libidn2.so, not found (try using -rpath or -rpath-link)
/home/autobuild/autobuild/instance-2/output-1/per-package/libidn2/host/bin/../lib/gcc/aarch64-buildroot-linux-gnu/11.3.0/../../../../aarch64-buildroot-linux-gnu/bin/ld: ../lib/.libs/libidn2.so: undefined reference to `u8_strconv_to_encoding'
[...]
aarch64-buildroot-linux-gnu-gcc: ERROR: unsafe header/library path used in cross-compilation: '-L/usr/lib'
Fixes:
- http://autobuild.buildroot.org/results/30ac50512cd4b4cb3ecc97514a72d1f316a1b33a
- http://autobuild.buildroot.org/results/c225ff4ef007b9a3ca56e6b601687aaa33699675
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ncurses is not a dependency since bump to version 1.8.19 in commit
8317065ecb and
63dd71c39c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure without __NR_pidfd_open raised since
bump to version 3.3.17 in commit
cc28c7aa6d and
c8384e682c:
pgrep.c: In function 'pidfd_open':
pgrep.c:748:17: error: '__NR_pidfd_open' undeclared (first use in this function); did you mean 'pidfd_open'?
748 | return syscall(__NR_pidfd_open, pid, flags);
| ^~~~~~~~~~~~~~~
| pidfd_open
Fixes:
- http://autobuild.buildroot.org/results/f23a5156e641b2ebdd673973dec0f9c87760c688
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Bump U-Boot version to v2022.10.
- Bump Linux kernel version to v6.0.0.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The HELLO_ examples fail to run because the librevision.so
library build by the userland package is not included
in the image.
Include this library if BR2_PACKAGE_RPI_USERLAND_HELLO
is selected.
Signed-off-by: Tim Gover <tim.gover@raspberrypi.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure raised since bump to version 2.0.16 in
commit e9bc980d93:
/nvmedata/autobuild/instance-7/output-1/per-package/numactl/host/bin/../lib/gcc/sparc-buildroot-linux-uclibc/10.4.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: ./.libs/libnuma.a(libnuma.o): in function `numa_police_memory':
libnuma.c:(.text+0xe28): undefined reference to `__atomic_fetch_and_1'
Fixes:
- http://autobuild.buildroot.org/results/a92c1c60518d3fe08f3f808f9cc812031e85a4e9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following mips64 build failure raised since commit
0b38938566:
makedumpfile.c: In function 'is_kvaddr':
makedumpfile.c:1613:39: error: 'KVBASE' undeclared (first use in this function)
return (addr >= (unsigned long long)(KVBASE));
^~~~~~
Fixes:
- http://autobuild.buildroot.org/results/94824fa8baa8edb99a5ca245e5561e0c4e430638
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch migrates the u-boot device tree definition
from uboot.fragment files to use BR2_TARGET_UBOOT_CUSTOM_MAKEOPTS
instead for the zynqmp_zcu102 and zynqmp_zcu106 defconfigs.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In a private e-mail, Emile said "Hi Thomas. Please remove me from the
DEVELOPERS file. I am no longer interested in the packages under my
name."
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
UDisks2 provides a Library API [1] for accessing the UDisks2 service
via "libudisks2.so". For development of UDisks2 clients, install to
staging as well!
[1] http://storaged.org/doc/udisks2-api/2.9.4/ref-library.html
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This bump will fix the build with pupnp >= 1.14.13 raised since commit
a9ee25b01b and
2f99af2673:
In file included from src/threadutil/FreeList.h:43,
from src/threadutil/TimerThread.h:39,
from src/gatedevice.h:32,
from src/gatedevice.c:38:
src/threadutil/ithread.h:917:12: error: expected ';' before 'int'
917 | EXPORT_SPEC int pthread_mutexattr_setkind_np(
| ^~~~
| ;
Fixes:
- http://autobuild.buildroot.org/results/2eebf8264327bd492ee8cadc0c539d42c4f2e252
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add BR2_TARGET_UBOOT_NEEDS_GNUTLS=y and BR2_TARGET_UBOOT_NEEDS_UTIL_LINUX=y
since this are dependencies for building mkeficapsule u-boot tool.
Change the offset of the rootfs to left enough space for the U-Boot that
has increased.
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop second patch (already in version)
https://github.com/namhyung/uftrace/blob/v0.12/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We pass all our dracut configuration files via a config dir, but dracut
insists with having one config file. Because we do not want to have to
chose which file we pass (which would then have to be excluded from the
config dir), we just used an arbitrary empty file, and /dev/null seemed
to be a good candidate.
However, some build environments do not have a complete /dev, and may be
missing entries otherwise taken for granted, like /dev/null. This is
especially the case in constrained environments like containers.
Switch away from using /dev/null, and do create an actual empty file
that we can use as the dracut config file.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3249828364
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with kernel < 5.0 raised since the
addition of the package in commit
e3975ec7d4:
catatonit.c:39:11: fatal error: linux/close_range.h: No such file or directory
39 | # include <linux/close_range.h>
| ^~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/ed9a847905083175c7fcb2f2df28f9ac5b9c3313
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
openssl is optional, not mandatory, since the addition of the package in
commit 0393f5d344
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Docker compose up outputs terminal control characters intended for
interactive output viewing.
Wget similarly can use the -q option to produce quieter logs.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Docker compose is now invoked as "docker compose" not "docker-compose."
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3249828442
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch 0001 as it is not needed anymore:
2426b7f6fa
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
