Fixes the following security issues:
1) CVE-2023-6816 can be triggered by passing an invalid array index to
DeviceFocusEvent or ProcXIQueryPointer.
2) CVE-2024-0229 can be triggered if a device has both a button and a
key class and zero buttons.
3) CVE-2024-21885 can be triggered if a device with a given ID was
removed and a new device with the same ID added both in the same
operation.
4) CVE-2024-21886 can be triggered by disabling a master device with
disabled slave devices.
5) CVE-2024-0409 can be triggered by enabling SELinux
xserver_object_manager and running a client.
6) CVE-2024-0408 can be triggered by enabling SELinux
xserver_object_manager and creating a GLX PBuffer.
For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2024-January/003444.html
Switch to .tar.gz as the announcement mail only contained hashes for that:
https://lists.x.org/archives/xorg-announce/2024-January/003442.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
1) CVE-2023-6816 can be triggered by passing an invalid array index to
DeviceFocusEvent or ProcXIQueryPointer.
2) CVE-2024-0229 can be triggered if a device has both a button and a
key class and zero buttons.
3) CVE-2024-21885 can be triggered if a device with a given ID was
removed and a new device with the same ID added both in the same
operation.
4) CVE-2024-21886 can be triggered by disabling a master device with
disabled slave devices.
5) CVE-2024-0409 can be triggered by enabling SELinux
xserver_object_manager and running a client.
6) CVE-2024-0408 can be triggered by enabling SELinux
xserver_object_manager and creating a GLX PBuffer.
For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2024-January/003444.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Genimage complains about the config using the deprecated gpt option:
INFO: hdimage(sdcard.img): The option 'gpt' is deprecated. Use
'partition-table-type' instead
So change to partition-table-type for consistency with the other configs.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Jamie Gibbons <jamie.gibbons@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This changes bumps the version of the genimage package,
which brings in fixes when generating flash images that
reference sparse files, along with other fixes and features.
Signed-off-by: Hudson Ayers <hudson.ayers@getcruise.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop no longer required python-async-timeout runtime dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- openssl is a mandatory dependency of BR2_PACKAGE_KISMET_SERVER since
d916acf8c0
- pcre2 is an optional dependency since
bb1ecb1c56
- disable wifi-coconut (enabled by default and depends on libusb:
e221b8d45c)
https://kismetwireless.net/posts/kismet-2023-07-r1/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The versioning scheme for libwpe uses the middle version number to
indicate stability: an even number for stable releases, odd for
development preview releases. As such, Buildroot should be using
version 1.14.2, which is the most recent of the stable releases.
While at it, add a note in the .mk file about the versioning scheme.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- removed 0002-wscript-fix-build-without-stack-protector.patch
(upstream applied, see [1])
- update license info according to upstream commit [2]
(add Apache-2.0, Beerware, BSD-4-Clause and ISC, rename license
file to end with '.txt' suffix)
See [3] for details.
[1] 15862410de
[2] e29d662141
[3] https://gitlab.com/NTPsec/ntpsec/-/releases/NTPsec_1_2_3
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e88823d667 (package/refpolicy: fix build with smartmontools) added
a 0001-policy-modules-services-smartmon.te-make-fstools-opt.patch patch, but
forgot to put it in the version specific sub directory - Breaking builds
using BR2_PACKAGE_REFPOLICY_CUSTOM_GIT as shown by the TestSELinuxCustomGit
test:
>>> refpolicy RELEASE_2_20200818 Extracting
gzip -d -c /builds/buildroot.org/buildroot/test-dl/refpolicy/refpolicy-RELEASE_2_20200818-br1.tar.gz | tar --strip-components=1 -C /builds/buildroot.org/buildroot/test-output/TestSELinuxCustomGit/build/refpolicy-RELEASE_2_20200818 -xf -
>>> refpolicy RELEASE_2_20200818 Patching
Applying 0001-policy-modules-services-smartmon.te-make-fstools-opt.patch using patch:
patching file policy/modules/services/smartmon.te
Hunk #1 FAILED at 143.
1 out of 1 hunk FAILED -- saving rejects to file policy/modules/services/smartmon.te.rej
make[1]: *** [package/pkg-generic.mk:241: /builds/buildroot.org/buildroot/test-output/TestSELinuxCustomGit/build/refpolicy-RELEASE_2_20200818/.stamp_patched] Error 1
https://gitlab.com/buildroot.org/buildroot/-/jobs/5929796183
Fix it by moving the patch to a versioned sub directory.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
see CVE-2024-0553: Fix more timing side-channel inside RSA-PSK key exchange
see CVE-2024-0567: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With gcc version >= 13.x stdint.h must be explicitly included according to
[0] so backport a commit to explicitly include stdint.h.
[0]: https://gcc.gnu.org/gcc-13/porting_to.html
Fixes:
still not happened
Signed-off-by: Giulio Benetti <giulio.benetti+tekvox@benettiengineering.com>
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The licence have been updated between versions v0.8.3 and v0.8.4.
see:
520c439edc
Signed-off-by: Antoine Coutant <antoine.coutant@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The help text is currently copy and pasted from the gstreamer video
player plugin help text. Change it to reflect the text from the
CMakeLists.txt file.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 99a50a8c98 (package/flutter-pi: new package) erroneously made
the gstreamer-based audio plugin depend on GLES, although there is no
such requirement defined in the CMakeLists. This error was likely due to
a copy/paste mistake.
Remove the requirement.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since the addition of the package
in commit 6aa1bc3167:
In file included from /home/buildroot/autobuild/run/instance-3/output-1/build/vulkan-loader-1.3.262/loader/extension_manual.h:24,
from /home/buildroot/autobuild/run/instance-3/output-1/build/vulkan-loader-1.3.262/loader/extension_manual.c:23:
/home/buildroot/autobuild/run/instance-3/output-1/host/aarch64-buildroot-linux-gnu/sysroot/usr/include/vulkan/vulkan.h:71:10: fatal error: X11/extensions/Xrandr.h: No such file or directory
71 | #include <X11/extensions/Xrandr.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/55ddfd44393e3bcc2f25bad2f9ecb7e1b142a985
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Tested-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The variable should be a YES/NO value, FALSE is not a valid value.
E.g. the yesno-to-bool cmd does not translate a FALSE value and therefore returns invalid JSON.
Signed-off-by: Maximilian Senftleben <maximilian.senftleben@frogblue-tec.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Do not set -march=rv64gcv1p0 when building for riscv32 to fix the
following build failure raised since bump to version 1.0.7 in commit
0db3c08daf and
7c15872e81:
cc1plus: error: ABI requires '-march=rv32'
Fixes:
- http://autobuild.buildroot.org/results/3f8def50c93f73c26339f72d6a13951d5fb41c30
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 0db3c08daf "package/highway: bump to version 1.0.7" updated the
package, but forgot to update the legal information accordingly.
Highway was relicensed from "Apache-2.0" (only) to dual "Apache-2.0 or
BSD-3-Clause" in upstream commit [1]. This commit was first included
in Highway version 1.0.6. See [2].
This commit updates _LICENSE, _LICENSE_FILES and adds the new license
hash.
[1] 92a7139f88
[2] https://github.com/google/highway/releases/tag/1.0.6
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libffi is optional, not mandatory since bump to version 1.22.0 in commit
1e12b7dd49 and
89b3207376
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The MICROPYTHON_MAKE_ENV variable contained two things;
- the comon target environment variables CC, CFLAGS et al. defined in
TARGET_MAKE_ENV,
- the GIT_DIR workaround
Commit 9024e18665 (package/micropython: drop GIT_DIR=. workaround)
totally dropped the assignment to MICROPYTHON_MAKE_ENV, but did not
replace its expansin with TARGET_MAKE_ENV.
This yields build error like:
LINK build-standard/micropython
arm-linux-gcc: ERROR: unsafe header/library path used in cross-compilation: '-L/usr/lib64/../lib64'
Fix this by expanding TARGET_MAKE_ENV in lieu of MICROPYTHON_MAKE_ENV.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
See release notes (https://github.com/redis/redis/blob/7.2.4/00-RELEASENOTES):
================================================================================
Redis 7.2.4 Released Tue 09 Jan 2024 10:45:52 IST
================================================================================
Upgrade urgency SECURITY: See security fixes below.
Security fixes
==============
* (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
buffers which can result in incorrect accounting of buffer sizes and lead to
heap overflow and potential remote code execution.
Bug fixes
=========
* Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805, #12832)
* Fix slot ownership not being properly handled when deleting a slot from a node (#12564)
* Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit 2a8065e "package/postgresql: bump version to 16.1", the
postgresql service fail to start at runtime with an error:
FATAL: could not load library "/usr/lib/postgresql/dict_snowball.so": /usr/lib/postgresql/dict_snowball.so: undefined symbol: CurrentMemoryContext
This is due to the Posgresql autotool configure script trying to
detect whether the toolchain linker needs --export-dynamic or not.
This test is done with a runtime execution of a test program, and
therefore cannot run in cross-compilation. In that case, the
configure script assumes it is not needed. See commit [1], included
in PostgreSQL v16.0.
This commit fixes the issue by forcing the value in _CONF_ENV, as
suggested in an upstream bug report [2]. The package has already a
Kconfig dependency on !BR2_STATIC_LIBS, so the value can be
unconditionally set.
Note that upstream is not considering cross-compiling as supported, and
are not keen on fixing any cross-compiling issue [3].
[1] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=9db49fc5bfdc0126be03f4b8986013e59d93b91d
[2] https://www.postgresql.org/message-id/79e63515-0f5e-30f4-136d-96e23b1a817d%40posteo.de
[3] https://www.postgresql.org/message-id/1266022.1701958693%40sss.pgh.pa.us
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
[yann.morin.1998@free.fr: add upstream ML thread on the issue]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Set WARNINGS="" to disable -Werror and fix the following build failure
raised since bump to version 1.2.17 in commit
53779570e5 and
b8d9634a1a:
event.c: In function 'zlog_event_new':
event.c:94:72: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
94 | a_event->tid_hex_str_len = sprintf(a_event->tid_hex_str, "%x", (unsigned int)a_event->tid);
| ^
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/21e9212dbb3d77108b45f755890a8e66b23d2407
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>