Fix CVE-2021-3405: A flaw was found in libebml before 1.4.2. A heap
overflow bug exists in the implementation of EbmlString::ReadData and
EbmlUnicodeString::ReadData in libebml.
https://github.com/Matroska-Org/libebml/blob/release-1.4.2/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 2bb26c1a1d.
There was some negative feedback from Arnd Bergmann on that patch:
5b5e2985f3 (commitcomment-44782859)
The patch looks wrong to me: __NR_io_pgetevents_time64 must be used
whenever time_t is 64-bit wide on a 32-bit architecture, while
__NR_io_getevents/__NR_io_pgetevents must be used when time_t is the
same width as 'long'.
Checking whether __NR_io_getevents is defined is wrong for all
architectures other than riscv
And in light of the above, indeed the patch does not look so correct
after all.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
riscv32 is (surprise!) a 32-bit architecture. But it has been Y2038-safe
from its inception. As such, there are no legacy binaries that may use
the 32-bit time syscalls, and thus they are not available on riscv32.
Code that directly calls to the syscalls without using the C libraries
wrappers thus need to handle this case by themselves.
Backport a patch from the upstream openssl development branch that will
eventually be openssl 3.0, but has not yet been backported to the 1.1.1
stable branch.
Fixes:
http://autobuild.buildroot.org/results/eb9/eb9a64d4ffae8569b5225083f282cf87ffa7c681/
...
http://autobuild.buildroot.org/results/07e/07e413b24ba8adc9558c80267ce16dda339bf032/
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issue:
- wpa_supplicant P2P provision discovery processing vulnerability (no CVE
yet)
A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.
For more details, see the advisory:
https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: actually add the patch URL to the patch list]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
kismet embeds its own copy of fmt since version 2019-04-R1 so add a
dependency on wchar to avoid the following build failure when building
the server:
./fmt/core.h:1245:1:
std::wstring vformat(wstring_view format_str, wformat_args args);
^~~
./fmt/core.h:1266:13: error: 'wstring' in namespace 'std' does not name a type
inline std::wstring format(wstring_view format_str, const Args & ... args) {
^~~~~~~
./fmt/core.h:1266:8: note: 'std::wstring' is defined in header '<string>'; did you forget to '#include <string>'?
Fixes:
- http://autobuild.buildroot.org/results/f19b3d080514a799a1c75b38ff5f7ae4e8d2628d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Link with TARGET_NLS_LIBS if needed to avoid the following build failure
with perl in version 5.32:
/home/buildroot/autobuild/instance-3/output-1/host/bin/arm-linux-gcc -lm -Wl,-E -o perl perlmain.o libperl.a -lm -lcrypt -lpthread -ldl
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: libperl.a(locale.o): in function `S_emulate_setlocale':
/home/buildroot/autobuild/instance-3/output-1/build/perl-5.32.1/locale.c:1182: undefined reference to `libintl_textdomain'
An upstream issue has been opened in:
https://github.com/Perl/perl5/issues/18467
Fixes:
- http://autobuild.buildroot.org/results/9df8d8d28006845b4f927548f8856dfa8f79802b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2020-14343: A vulnerability was discovered in the PyYAML library
in versions before 5.4, where it is susceptible to arbitrary code
execution when it processes untrusted YAML files through the full_load
method or with the FullLoader loader. Applications that use the library
to process untrusted input may be vulnerable to this flaw. This flaw
allows an attacker to execute arbitrary code on the system by abusing
the python/object/new constructor. This flaw is due to an incomplete fix
for CVE-2020-1747.
Update hash of LICENSE file (update in year:
58d0cb7ee0)
https://github.com/yaml/pyyaml/blob/5.4.1/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
gr-qtgui examples needs to have gr-analog enabled, without this dependency
compile crash with:
In file included from
/x/output/build/gnuradio-3.8.1.0/gr-qtgui/examples/c++/display_qt.cc:22:
/x/output/build/gnuradio-3.8.1.0/gr-qtgui/examples/c++/display_qt.h:24:10:
fatal error: gnuradio/analog/noise_source.h: No such file or directory
24 | #include <gnuradio/analog/noise_source.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
make[3]: *** [gr-qtgui/examples/c++/CMakeFiles/display_qt.dir/build.make:67:
gr-qtgui/examples/c++/CMakeFiles/display_qt.dir/display_qt.cc.o] Error 1
make[3]: *** Waiting for unfinished jobs....
In file included from
/somewhere/gnuradio/build/gr-qtgui/examples/c++/moc_display_qt.cpp:10:
/somewhere/gnuradio/build/gr-qtgui/examples/c++/../../../../gr-qtgui/examples/c++/display_qt.h:24:10:
fatal error: gnuradio/analog/noise_source.h: No such file or directory
24 | #include <gnuradio/analog/noise_source.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
GR_ANALOG is not an explicit dependency of GR_QTGUI, so disable c++ examples if
user has not selected this option.
[backported from 7470a7a3771dd90defb826b464dfe62977cb1eb6]
Fixes:
- http://autobuild.buildroot.net/results/fde670499289f3d7d47379eebccf6e0f92c6d200/
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
From the release notes:
(https://github.com/redis/redis/blob/6.0.12/00-RELEASENOTES)
================================================================================
Redis 6.0.11 Released Mon Feb 22 16:13:23 IST 2021
================================================================================
Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), LOW
otherwise.
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.
================================================================================
Redis 6.0.12 Released Mon Mar 1 17:29:52 IST 2021
================================================================================
Upgrade urgency: LOW, fixes a compilation issue.
Bug fixes:
* Fix compilation error on non-glibc systems if jemalloc is not used (#8533)
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
sctp unconditionnally uses __sync_*_4 intrinsics in
https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/blob/master/ext/sctp/usrsctp/usrsctplib/user_atomic.h
As a result, this will raise the following build failure with bootlin
sparc toolchain:
/srv/storage/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: ext/sctp/usrsctp/libusrsctp-static.a(usrsctplib_user_socket.c.o): in function `usrsctp_conninput':
user_socket.c:(.text+0x3004): undefined reference to `__sync_fetch_and_add_4'
sctp uses an internal version of usrsctp (which is not available in
buildroot) and is available since version 1.15.1:
e2f06326ea
Fixes:
- http://autobuild.buildroot.org/results/981b11ae9746d1eef40c1797398c4f6c16f005bd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
https://blog.prosody.im/prosody-0.11.8-released/
This release also fixes a security issue, where channel binding, which
connects the authentication layer (i.e. SASL) with the security layer (i.e.
TLS) to detect man-in-the-middle attacks, could be used on connections
encrypted with TLS 1.3, despite the holy texts declaring this undefined.
https://issues.prosody.im/1542
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: mark as security bump, expand commit text]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We have defconfigs for quite a few friendlyarm boards, but the
naming for the defconfigs for those boards is inconsistent: some
start with 'friendlyarm_' while others don't.
Although the number of boards starting with 'friendlyarm_' is
less than those which do not, we still choose to rename the
boards so all have the 'friendlyarm_' prefix.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Chakra Divi <chakra@openedev.com>
Cc: Davide Viti <zinosat@gmail.com>
Cc: Marek Belisko <marek.belisko@open-nandra.com>
Cc: Suniel Mahesh <sunil@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
runuser allows running commands as another user, but needs to run as
root to be able to setuid(). But Buildroot does not require running as
root, and so runuser can't be used.
Incientally, that fixes host build in case unsuitable libs are found on
the system:
http://lists.busybox.net/pipermail/buildroot/2021-February/304261.html
Reported-by: GA K <guyarkam@gmail.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- expand the commit log with a more fundamental explanation that
runuser can't be used anyway
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Privoxy 3.0.32 fixes a number of security issues:
- Security/Reliability:
- ssplit(): Remove an assertion that could be triggered with a
crafted CGI request.
Commit 2256d7b4d67. OVE-20210203-0001.
Reported by: Joshua Rogers (Opera)
- cgi_send_banner(): Overrule invalid image types. Prevents a
crash with a crafted CGI request if Privoxy is toggled off.
Commit e711c505c48. OVE-20210206-0001.
Reported by: Joshua Rogers (Opera)
- socks5_connect(): Don't try to send credentials when none are
configured. Fixes a crash due to a NULL-pointer dereference
when the socks server misbehaves.
Commit 85817cc55b9. OVE-20210207-0001.
Reported by: Joshua Rogers (Opera)
- chunked_body_is_complete(): Prevent an invalid read of size two.
Commit a912ba7bc9c. OVE-20210205-0001.
Reported by: Joshua Rogers (Opera)
- Obsolete pcre: Prevent invalid memory accesses with an invalid
pattern passed to pcre_compile(). Note that the obsolete pcre code
is scheduled to be removed before the 3.0.33 release. There has been
a warning since 2008 already.
Commit 28512e5b624. OVE-20210222-0001.
Reported by: Joshua Rogers (Opera)
for more details, see the announcement:
https://www.openwall.com/lists/oss-security/2021/02/28/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix SOAP action responses which are broken since the switch to latest
version of libupnp (1.14.x) in version 2.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
