Fixes the following security issues:
- CVE-2023-46218: cookie mixed case PSL bypass
This flaw allows a malicious HTTP server to set "super cookies" in curl
that are then passed back to more origins than what is otherwise allowed
or possible. This allows a site to set cookies that then would get sent
to different and unrelated sites and domains.
https://curl.se/docs/CVE-2023-46218.html
- CVE-2023-46219: HSTS long file name clears contents
When saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file unaware
of the HSTS status they should otherwise use.
https://curl.se/docs/CVE-2023-46219.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The prebuilt kernel has been updated to 5.10.202, sync the kernel
built by TestDtbocfg.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The prebuilt kernel has been updated to 5.10.202, sync the kernel
built by InitSystemSystemdBaseOverlayfs.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2023-44429: Heap-based buffer overflow in the AV1 codec parser when
handling certain malformed streams before GStreamer 1.22.7.
https://gstreamer.freedesktop.org/security/sa-2023-0009.html
CVE-2023-44446: Use-after-free (read) in the MXF demuxer when handling
certain files before GStreamer 1.22.7.
https://gstreamer.freedesktop.org/security/sa-2023-0010.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update the zynq readme.txt to add documentation for the zc702 and correct
documentation that was no longer up to date.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds support for ZynqMP ZCU104 evaluation board.
ZCU104 features can be found here:
https://www.xilinx.com/products/boards-and-kits/zcu104.html
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Let's also enable NXP firmware package to let latest SDMA firmware to be
loaded. To achieve this we also need to enable dynamic eudev to let it to
load the firmware as it is requested early before the rootfs is mounted.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Peter: explain why eudev is needed]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Let's also enable NXP firmware package to let latest SDMA firmware to be
loaded. To achieve this we also need to enable dynamic eudev to let it
load the firmware as it is requested early before the rootfs is mounted.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
[Peter: explain why eudev is needed]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patches (already in version)
This bump will fix the following build failure raised since bump of
leptonica to version 1.83.1 in commit
a4e713558d thanks to
27b1827ccd:
src/textord/devanagari_processing.cpp: In member function 'bool tesseract::ShiroRekhaSplitter::Split(bool, tesseract::DebugPixa*)':
src/textord/devanagari_processing.cpp:130:19: error: invalid use of incomplete type 'struct Pixa'
130 | Box *box = ccs->boxa->box[i];
| ^~
In file included from /home/autobuild/autobuild/instance-5/output-1/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/leptonica/alltypes.h:52,
from /home/autobuild/autobuild/instance-5/output-1/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/leptonica/allheaders.h:35,
from src/textord/devanagari_processing.h:16,
from src/textord/devanagari_processing.cpp:25:
/home/autobuild/autobuild/instance-5/output-1/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/leptonica/bmf.h:48:12: note: forward declaration of 'struct Pixa'
48 | struct Pixa *pixa; /*!< pixa of bitmaps for 93 characters */
| ^~~~
https://github.com/tesseract-ocr/tesseract/blob/5.3.3/ChangeLog
Fixes:
- http://autobuild.buildroot.org/results/46d3ffc8885245ee9a56a528be055b0b27a18245
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without DES raised since bump to version
26.0.2 in commit 2cfa86a548:
cipher.c:51:42: error: 'EVP_des_ede3_cbc' undeclared here (not in a function); did you mean 'SN_des_ede3_cbc'?
51 | {{"des_ede3_cbc"}, "des-ede3-cbc", {&EVP_des_ede3_cbc}, 0, 0},
| ^~~~~~~~~~~~~~~~
| SN_des_ede3_cbc
Fixes:
- http://autobuild.buildroot.org/results/1aace0ee738f8ec4aa2c9a739fc7535c3b6bf884
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 6b915358ba introduced PKG_PYTHON_MATURIN_INSTALL_CMD while
it should be HOST_PKG_PYTHON_MATURIN_INSTALL_CMD.
Adding any new host python package using maturin setup type will
fail during the install step.
Fixes: 6b915358ba
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Updated to gcc 13.2, gdb 13, binutils 2.41, glibc 2.38.
The x86_64 host variant prebuilt toolchain is built on RHEL7
(glibc 2.17) and is likely also be useable on OS versions like
RHEL8, Ubuntu 18.04 or later.
The AArch64 host variant prebuilt toolchain is built on Ubuntu 18.04
(glibc 2.27) is likely also be useable on OS versions like RHEL8,
Ubuntu 18.04 or later.
Release note:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
Signed-off-by: Antoine Coutant <antoine.coutant@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Updated to gcc 13.2, gdb 13, binutils 2.41, glibc 2.38.
The x86_64 host variant prebuilt toolchain is built on RHEL7
(glibc 2.17) and is likely also be useable on OS versions like
RHEL8, Ubuntu 18.04 or later.
The AArch64 host variant prebuilt toolchain is built on Ubuntu 18.04
(glibc 2.27) is likely also be useable on OS versions like RHEL8,
Ubuntu 18.04 or later.
Tested with qemu_aarch64_virt_defconfig.
Release note:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
Signed-off-by: Antoine Coutant <antoine.coutant@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Updated to gcc 13.2, gdb 13, binutils 2.41, glibc 2.38.
The x86_64 host variant prebuilt toolchain is built on RHEL7
(glibc 2.17) and is likely also be useable on OS versions like
RHEL8, Ubuntu 18.04 or later.
The AArch64 host variant prebuilt toolchain is built on Ubuntu 18.04
(glibc 2.27) is likely also be useable on OS versions like RHEL8,
Ubuntu 18.04 or later.
Tested with qemu_arm_vexpress_defconfig.
Release note:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
Signed-off-by: Antoine Coutant <antoine.coutant@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The arm-trusted-firmware package builds a host tool called "fiptool",
which is used during the build process of arm-trusted-firmware
itself. This tool links against the OpenSSL host library, and
therefore needs to be built with the correct RPATH pointing to
$HOST_DIR/lib.
This is why commit a957d9a90a
("boot/arm-trusted-firmware: build fiptool separately with dependency
o n host-openssl") added the ARM_TRUSTED_FIRMWARE_BUILD_FIPTOOL
variable, which builds the fiptool tool first, with the right
variables set, before invoking the full build of TF-A. This ensured
that fiptool was built with the correct RPATH.
However, more recent versions of TF-A have modified their Makefile
machinery, and fiptool is being rebuilt even if it was built
before. Unfortunately, this rebuild is no longer done with the right
flags, so we end up with a fiptool binary that no longer has the right
RPATH, and fiptool fails to find the OpenSSL libraries from
$HOST_DIR/lib.
In order to fix this, we take a different approach: we do not build
fiptool separately first, but we inject the necessary flags through
the HOSTCC variable. Indeed, there's no HOST_LDFLAGS or HOST_LDLIBS
variable or similar that would allow us to pass the -Wl,-rpath flag
that is needed. Shoe-horning this flag into HOSTCC gets the job done,
and actually simplifies our arm-trusted-firmware.mk.
This patch break the compatibility with version prior to 1.4 (upstream
commit 72610c4102990 ("build: Introduce HOSTCC flag")). v1.4 is very old
(July 2017), not used anymore in-tree and probably not used anymore
outside the tree.
Signed-off-by: Louis Chauvet <louis.chauvet@bootlin.com>
Co-authored-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following CVEs:
CVE-2023-39326: net/http: limit chunked data overhead
CVE-2023-45285: cmd/go: go get may unexpectedly fallback to insecure git
https://go.dev/doc/devel/release#go1.21.5
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
"This is a security release" according to the upstream release notes:
https://news-web.php.net/php.announce/369
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e6252e5b6d)
[Peter: drop Makefile/Vagrantfile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5abe7bd726)
[Peter: drop Makefile/Vagrantfile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This bump will fix the following build failures with kernel >= 6.3.0
thanks to
f3559e5b06
and
939200ef16:
In file included from /home/buildroot/autobuild/instance-1/output-1/build/lttng-modules-2.13.7/./src/lttng-ring-buffer-client.h:16,
from /home/buildroot/autobuild/instance-1/output-1/build/lttng-modules-2.13.7/./src/lttng-ring-buffer-client-discard.c:16:
/home/buildroot/autobuild/instance-1/output-1/build/lttng-modules-2.13.7/./src/../include/lttng/events-internal.h:292:9: error: unknown type name ‘uuid_le’
292 | uuid_le uuid; /* Trace session unique ID (copy) */
| ^~~~~~~
[...]
/home/thomas/autobuild/instance-3/output-1/build/lttng-modules-2.13.7/./src/lib/ringbuffer/ring_buffer_mmap.c: In function ‘lib_ring_buffer_mmap_buf’:
/home/thomas/autobuild/instance-3/output-1/build/lttng-modules-2.13.7/./src/lib/ringbuffer/ring_buffer_mmap.c:116:23: error: assignment of read-only member ‘vm_flags’
116 | vma->vm_flags |= VM_DONTEXPAND;
| ^~
https://github.com/lttng/lttng-modules/blob/v2.13.10/ChangeLog
Fixes:
- http://autobuild.buildroot.org/results/7b8f57262a02cd9aaa953a9d8666646bae1cc655
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
