see CVE-2024-0553: Fix more timing side-channel inside RSA-PSK key exchange
see CVE-2024-0567: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With gcc version >= 13.x stdint.h must be explicitly included according to
[0] so backport a commit to explicitly include stdint.h.
[0]: https://gcc.gnu.org/gcc-13/porting_to.html
Fixes:
still not happened
Signed-off-by: Giulio Benetti <giulio.benetti+tekvox@benettiengineering.com>
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The licence have been updated between versions v0.8.3 and v0.8.4.
see:
520c439edc
Signed-off-by: Antoine Coutant <antoine.coutant@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The help text is currently copy and pasted from the gstreamer video
player plugin help text. Change it to reflect the text from the
CMakeLists.txt file.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 99a50a8c98 (package/flutter-pi: new package) erroneously made
the gstreamer-based audio plugin depend on GLES, although there is no
such requirement defined in the CMakeLists. This error was likely due to
a copy/paste mistake.
Remove the requirement.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since the addition of the package
in commit 6aa1bc3167:
In file included from /home/buildroot/autobuild/run/instance-3/output-1/build/vulkan-loader-1.3.262/loader/extension_manual.h:24,
from /home/buildroot/autobuild/run/instance-3/output-1/build/vulkan-loader-1.3.262/loader/extension_manual.c:23:
/home/buildroot/autobuild/run/instance-3/output-1/host/aarch64-buildroot-linux-gnu/sysroot/usr/include/vulkan/vulkan.h:71:10: fatal error: X11/extensions/Xrandr.h: No such file or directory
71 | #include <X11/extensions/Xrandr.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/55ddfd44393e3bcc2f25bad2f9ecb7e1b142a985
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Tested-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The variable should be a YES/NO value, FALSE is not a valid value.
E.g. the yesno-to-bool cmd does not translate a FALSE value and therefore returns invalid JSON.
Signed-off-by: Maximilian Senftleben <maximilian.senftleben@frogblue-tec.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Do not set -march=rv64gcv1p0 when building for riscv32 to fix the
following build failure raised since bump to version 1.0.7 in commit
0db3c08daf and
7c15872e81:
cc1plus: error: ABI requires '-march=rv32'
Fixes:
- http://autobuild.buildroot.org/results/3f8def50c93f73c26339f72d6a13951d5fb41c30
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 0db3c08daf "package/highway: bump to version 1.0.7" updated the
package, but forgot to update the legal information accordingly.
Highway was relicensed from "Apache-2.0" (only) to dual "Apache-2.0 or
BSD-3-Clause" in upstream commit [1]. This commit was first included
in Highway version 1.0.6. See [2].
This commit updates _LICENSE, _LICENSE_FILES and adds the new license
hash.
[1] 92a7139f88
[2] https://github.com/google/highway/releases/tag/1.0.6
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libffi is optional, not mandatory since bump to version 1.22.0 in commit
1e12b7dd49 and
89b3207376
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The MICROPYTHON_MAKE_ENV variable contained two things;
- the comon target environment variables CC, CFLAGS et al. defined in
TARGET_MAKE_ENV,
- the GIT_DIR workaround
Commit 9024e18665 (package/micropython: drop GIT_DIR=. workaround)
totally dropped the assignment to MICROPYTHON_MAKE_ENV, but did not
replace its expansin with TARGET_MAKE_ENV.
This yields build error like:
LINK build-standard/micropython
arm-linux-gcc: ERROR: unsafe header/library path used in cross-compilation: '-L/usr/lib64/../lib64'
Fix this by expanding TARGET_MAKE_ENV in lieu of MICROPYTHON_MAKE_ENV.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
See release notes (https://github.com/redis/redis/blob/7.2.4/00-RELEASENOTES):
================================================================================
Redis 7.2.4 Released Tue 09 Jan 2024 10:45:52 IST
================================================================================
Upgrade urgency SECURITY: See security fixes below.
Security fixes
==============
* (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
buffers which can result in incorrect accounting of buffer sizes and lead to
heap overflow and potential remote code execution.
Bug fixes
=========
* Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805, #12832)
* Fix slot ownership not being properly handled when deleting a slot from a node (#12564)
* Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit 2a8065e "package/postgresql: bump version to 16.1", the
postgresql service fail to start at runtime with an error:
FATAL: could not load library "/usr/lib/postgresql/dict_snowball.so": /usr/lib/postgresql/dict_snowball.so: undefined symbol: CurrentMemoryContext
This is due to the Posgresql autotool configure script trying to
detect whether the toolchain linker needs --export-dynamic or not.
This test is done with a runtime execution of a test program, and
therefore cannot run in cross-compilation. In that case, the
configure script assumes it is not needed. See commit [1], included
in PostgreSQL v16.0.
This commit fixes the issue by forcing the value in _CONF_ENV, as
suggested in an upstream bug report [2]. The package has already a
Kconfig dependency on !BR2_STATIC_LIBS, so the value can be
unconditionally set.
Note that upstream is not considering cross-compiling as supported, and
are not keen on fixing any cross-compiling issue [3].
[1] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=9db49fc5bfdc0126be03f4b8986013e59d93b91d
[2] https://www.postgresql.org/message-id/79e63515-0f5e-30f4-136d-96e23b1a817d%40posteo.de
[3] https://www.postgresql.org/message-id/1266022.1701958693%40sss.pgh.pa.us
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
[yann.morin.1998@free.fr: add upstream ML thread on the issue]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Set WARNINGS="" to disable -Werror and fix the following build failure
raised since bump to version 1.2.17 in commit
53779570e5 and
b8d9634a1a:
event.c: In function 'zlog_event_new':
event.c:94:72: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
94 | a_event->tid_hex_str_len = sprintf(a_event->tid_hex_str, "%x", (unsigned int)a_event->tid);
| ^
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/21e9212dbb3d77108b45f755890a8e66b23d2407
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Flutter-engine is by name an engine, i.e. a runtime for applications, a
super-library of sorts. As such, it makes more sense for applications to
select flutter-engine rather than to depend on it.
Change flutter-pi to select flutter-engine.
It also brings flutter-pi on par with ivi-homescreen, another embedder.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Remove and create the kernel_blob.bin file in the flutter_assets directory:
When Flutter compiles the source code, it creates the kernel_blob.bin file,
a Dart Kernel Bytecode of the application.
If kernel_blob.bin exists inside the flutter_assets directory, then the
application source code can be extracted with nothing more than apktool.
Not only is this a security risk, it's also redundant and a waste of space.
Removing the kernel_blob.bin file generated for flutter-gallery saves 86M!
Because this package is a reference package, and some applications may check
if the kernel_blob.bin file exists, we also touch a blank kernel_blob.bin
file.
Do not use relative symlinks:
Users may install their applications in any arbitaryt location, not
necessarily in the /usr/share/flutter/${package_name} directory. Because
flutter-gallery is a reference application, using exact symlinks to
icudtl.dat and libflutter_engine.so is preferable.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As the flutter-gallery package is a reference package for users wishing to use
Flutter for their UX with Buildroot, this package must have the correct build
options. Indeed, this package currently starts and runs, but only because of
the 0001-remove-GetStorage.patch. Through testing, flutter-gallery fails to
run during the following scenario:
- The xdg-user-dirs package is ported and present.
- flutter-gallery depends on xdg-user-dirs.
- The 0001-remove-GetStorage.patch file is removed.
After extensive testing and comparing the current build arguments against what
the meta-flutter repository for Yocto passes to all of the applications that
inherit flutter-app, it is clear that handling the dart_plugin_registrant.dart
file is missing from the dart arguments in the flutter-gallery build step.
As the documentation for the dart_plugin_registrant.dart file is nonexistent
in any official documentation. However, there is a comment from an issue on
the official dart-lang/sdk page on Github that explains what this file is
(and refers to the Dark SDK source code instead of official documentation.)
From https://github.com/dart-lang/sdk/issues/52506#issuecomment-1562806787:
```
The dart_plugin_registrant.dart is a very special file. It's neither included
in the Dart app nor any dependent packages. Rather it's an artificially
created file by the flutter tools. It contains logic to run plugin
registration logic.
A flutter build will eventually compile the Dart application where it will add
<dir>/.dart_tool/flutter_build/dart_plugin_registrant.dart as an extra source
file (see here). Additionally it will also inject that uri as a constant into
Dart source code via a -Dflutter.dart_plugin_registrant=<uri>.
Once the app runs it will access the
package:flutter/src/dart_plugin_registrant.dart:dartPluginRegistrantLibrary
constant and use it to look up the library object and then invoke the plugin
registration logic.
```
Now that what the dart_plugin_registrant.dart does is understood, we need to
pass the following to the dart binary during the flutter-gallery build step:
-Dflutter.dart_plugin_registrant=file://[...]/dart_plugin_registrant.dart:
Injects a file containing the logic to run the plugin registration logic as
a constant into the flutter-application source code.
--source file://$(@D)/.dart_tool/flutter_build/dart_plugin_registrant.dart:
Adds the dart_plugin_registrant.dart file as a source file to compile.
--source package:flutter/src/dart_plugin_registrant.dart:
Binds the plugin implementation to the platform interface based on the
configuration of the app's pubpec.yaml, and the plugin's pubspec.yaml.
The native_assets.yaml file provides the native-assets mapping for
@Native external functions. The flutter-gallery package has no functions
marked as @Native; however, calling "flutter build bundle" creates a blank
template "native_assets.yaml" file, which is safe to include in the build.
This line, while not necessary for flutter-gallery, may be helpful for other
users who use @Native external functions in their applications, and this
example makes porting other applications quicker and easier.
Finally, there is a known issue when using the dart_plugin_registrant.dart
file outlined here: https://github.com/flutter/flutter/issues/137972.
To summarize: If a user fails to pass the --obfuscate flag to gen_snapshsot
when using the dart_plugin_registrant.dart file, their application may fail
to start. One such application is Gallery, which I have independently verified.
As such, pass the --obfuscate flag to gen_snapshot to ensure that
flutter-gallery properly starts when building with the additional
dart_plugin_registrant.dart arguments above.
However, I acknowledge that the obfuscate flag hides function and class names
in compiled Dart code, and there are some cases when a user should avoid using
the flag. For example, when using the runtimeType API:
https://api.flutter.dev/flutter/dart-core/Object/runtimeType.html. However,
this is not the case with flutter-gallery, and the --obfuscate flag is needed.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: restore FLUTTER_RUNTIME_MODES]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
To make the next patch easier to understand, add a configure step to the
flutter-gallery.mk file. The `$(HOST_FLUTTER_SDK_BIN_FLUTTER) build bundle`
command is placed in the configure step because it generates several files
needed for the flutter_gen_snapshot tool to generate the target .so file.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The canonical name for the 'pub' action is 'pub', while 'packages' is
just an alias. Switch to using the canonical name.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: split off to its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
