Fixes the following CVE:
- CVE-2019-1351: Windows provides the ability to substitute
drive letters with arbitrary letters, including multi-byte
Unicode letters. To fix any potential issues arising from
interpreting such paths as relative paths, we have extended
detection of DOS drive prefixes to accomodate for such cases.
- CVE-2019-1352: by using NTFS-style alternative file streams for
the ".git" directory, it is possible to overwrite parts of the
repository. While this has been fixed in the past for Windows,
the same vulnerability may also exist on other systems that
write to NTFS filesystems. We now reject any paths starting
with ".git:" on all systems.
- CVE-2019-1353: by using NTFS-style 8.3 short names, it was
possible to write to the ".git" directory and thus overwrite
parts of the repository, leading to possible remote code
execution. While this problem was already fixed in the past for
Windows, other systems accessing NTFS filesystems are
vulnerable to this issue too. We now enable NTFS protecions by
default on all systems to fix this attack vector.
- CVE-2019-1354: on Windows, backslashes are not a valid part of
a filename but are instead interpreted as directory separators.
As other platforms allowed to use such paths, it was possible
to write such invalid entries into a Git repository and was
thus an attack vector to write into the ".git" dierctory. We
now reject any entries starting with ".git" on all systems.
libgit2 is not affected by these git CVE:
- CVE-2019-1348: the fast-import stream command "feature
export-marks=path" allows writing to arbitrary file paths.
- CVE-2019-1349: by using NTFS 8.3 short names, backslashes or
alternate filesystreams, it is possible to cause submodules to
be written into pre-existing directories during a recursive
clone using git.
- CVE-2019-1350: recursive clones may lead to arbitrary remote
code executing due to improper quoting of command line
arguments.
- CVE-2019-1387: it is possible to let a submodule's git
directory point into a sibling's submodule directory, which may
result in overwriting parts of the Git repository and thus lead
to arbitrary command execution. As libgit2 doesn't provide any
way to do submodule clones natively, it is not susceptible to
this vulnerability. Users of libgit2 that have implemented
recursive submodule clones manually are encouraged to review
their implementation for this vulnerability.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
514 scripts/extract-cert.c:21:25: fatal error: openssl/bio.h: No such file or directory
515 #include <openssl/bio.h>
Seen at:
https://gitlab.com/buildroot.org/buildroot/-/jobs/378314247
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Support for OpenSSL was added in version 0.1.15:
https://lists.freedesktop.org/archives/nice/2018-December/001443.html
With the option of using OpenSSL as a crypto provider, we can't keep
GnuTLS as the default, because using:
select BR2_PACKAGE_GNUTLS if !BR2_PACKAGE_OPENSSL
causes a Kconfig circular dependency:
package/openssl/Config.in:4:error: recursive dependency detected!
package/openssl/Config.in:4: symbol BR2_PACKAGE_OPENSSL is selected by BR2_PACKAGE_GNUTLS
package/gnutls/Config.in:1: symbol BR2_PACKAGE_GNUTLS is selected by BR2_PACKAGE_OPENSSL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: pass --with-crypto-library argument]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas:
- drop patch 0001-pool-Fix-alignment-assertion.patch, which is in
upstream commit aade9b70aabd8a97dd8a28cda2cf4d0694dd7350, available
since version 2.6.0
- further bump to 2.6.4]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Like all Allwinner platforms, building the licheepi_zero U-Boot
configuration requires pylibfdt.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/378314331
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 3468ef16fa
("configs/pc_x86_64_efi: use genimage GPT partition table support")
had a small typo on the path to grub boot.img file: i387-pc instead of
i386-pc, which causes a build failure.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/378314412
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Alexandre PAYEN <alexandre.payen@smile.fr>
Cc: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Import "0001-Fix-musl-compilation-by-adding-TEMP_FAILURE_RETRY.patch"
from the upstream repository, which allows building against the musl
libc (or any other which does not define the TEMP_FAILURE_RETRY macro).
The patch has been accepted upstream, but no releases have been made yet
which include the fix.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an option to enable WebKit's sandbox, which uses kernel
namespaces to isolate the processes used for Web content rendering
(WebKitWebProcess) and network/disk access (WebKitNetworkProcess).
The reason to have an option is that it needs additional dependencies
(bubblewrap, xdg-dbus-proxy, libseccomp), and that some users may
choose to deploy alternative solution (for example: putting all
of WebKit inside its own container, using systemd-nspawn or the
like).
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[Peter: select libseccomp]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select BR2_PACKAGE_LIBSECCOMP when the sandboxing support is enabled
during configuration.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patch (already in version)
- Update hash of license file (copyrights retained since version 4.0 and
e4b469724e)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: disable man pages build]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop dbus dependency as it is not needed since version 2.2.0 and
c1d42c9ebe
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: use --disable-defaultflags and explicitly pass -std=c99]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Explicitly disable doxygen, plymouth, initramfstools and mkinitcpio support
as it is not needed / available in Buildroot.
Also use the new --disable-defaultflags option to ensure our compiler flags
are used rather than trying to disable -fstackprotector-all, similar to how
it is done in tpm2-tss.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patch (already in version)
- Update hash of license file (SPDX ID has been removed with
0dbc84ee45)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: use --disable-defaultflags and explicitly pass -std=c99]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Until now, the arygon and pn53x_usb were unconditionally enabled, and
there were no options to choose other drivers. Therefore, we had
sub-options for each individual driver, keeping arygon and pn53x_usb
enabled by default to preserve backward compatibility.
Also, due to this, the BR2_TOOLCHAIN_HAS_THREADS dependency on the
libnfc package is no longer needed, and is only needed for some of the
sub-options.
Signed-off-by: Louis Aussedat <aussedat.louis@gmail.com>
[Thomas:
- drop the default ""
- remove the top-level HAS_THREADS dependency, and move it down to
the sub-options that need it
- improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Distributed tracing instrumentation for asyncio application
with zipkin.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
aiosignal: a list of registered asynchronous callbacks.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A list-like structure which implements
collections.abc.MutableSequence.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mixed sync-async queue to interoperate between asyncio
tasks and classic threads.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mako template renderer for aiohttp.web (http server for
asyncio).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
SockJS server implementation for aiohttp.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerability:
- CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping
addresses for loaded libraries and thus bypass ASLR for a setuid
program. Reported by Marcin Kościelnicki.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit 1745fcde74,
python-subprocess32 fails to build because it runs configure with
incorrect arguments so add a PYTHON_SUBPROCESS32_CONFIGURE_CMDS
Fixes:
- http://autobuild.buildroot.org/results/dcf944129392ee6cacc106e096d8d3adfa4447bb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
configure fails if the pkgconfig.m4 macros are not available during
this package autoreconf:
./configure: line 11829: syntax error near unexpected token `GNUSTL,'
./configure: line 11829: ` PKG_CHECK_MODULES(GNUSTL, gnustl)'
Fixes:
- http://autobuild.buildroot.org/results/9cbdfb76ea38864fce1acca88714c48c41c77255
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
luajit supports aarch64 since commit
2ca0accc21
However this raise a build failure with ljsyscall because aarch64
directory does not exist so use arm64 instead
Fixes:
- http://autobuild.buildroot.org/results/3a0bd14349b3cab3e09d0b8b24ddab66dfab91ff
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes a number of regressions in 1.3-20190808:
- Menu shadows are not longer (erroneously) drawn with --no-shadow
- Spaces in menu fields are now correctly handled on uClibc-ng
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2019-2228: The ippSetValuetag function did not validate the
default language value.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
polkit depends on spidermonkey since bump to version 0.116 in commit
ce2a5eff78 however build fails with gcc 5:
/home/naourr/work/instance-0/output-1/host/opt/ext-toolchain/mips-linux-gnu/include/c++/5.3.0/bits/c++0x_warning.h:32:2: error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support is currently experimental, and must be enabled with the -std=c++11 or -std=gnu++11 compiler options.
#error This file requires compiler and library support for the \
^
polkitbackendjsauthority.cpp:223:13: warning: G_ADD_PRIVATE
PolkitBackendJsAuthorityPrivate);
^
In file included from /home/naourr/work/instance-0/output-1/host/bin/../mips64el-buildroot-linux-gnu/sysroot/usr/include/mozjs-60/js/RequiredDefines.h:32:0,
from <command-line>:0:
/home/naourr/work/instance-0/output-1/host/bin/../mips64el-buildroot-linux-gnu/sysroot/usr/include/mozjs-60/mozilla/Char16.h:136:15: error: 'char16_t' does not name a type
typedef const char16_t* char16ptr_t;
^
Fixes:
- http://autobuild.buildroot.org/results/a7ea21a8e10f32239ee28f58331899912f232ca2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit 57f85e52a7 ("package/gpsd:
unconditionally enable NTP time hinting support"), the option
BR2_PACKAGE_GPSD_NTP_SHM was removed, because NTP time hinting support
is now enabled unconditionally.
However, in one place, a select of this option was kept, which is
obviously no longer needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is no option BR2_PACKAGE_OPENPOWERLINK_PCAP_DAEMON, and we never
had any option named like this, so it seems like a leftover from
previous iterations of the openpowerlink patch series. Since the
option does not exist, the select doesn't do anything, and we can
simply drop it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since openssl was converted to a virtual package,
BR2_PACKAGE_OPENSSL_BIN no longer exists: it was renamed to
BR2_PACKAGE_LIBOPENSSL_BIN, but easy-rsa was not changed accordingly.
easy-rsa needs to take into account the two providers of openssl, and
select the appropriate suboptions depending on which openssl
implementation was chosen.
Ideally, we would probably need a more elaborate option that ensures
easy-rsa doesn't have to know the details of which openssl
implementation is selected, but practically speaking with just two
providers of openssl at the moment, the proposed solution is good
enough.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The eventlog package was removed as part of commit
5e0b1f9c23 ("package/eventlog: remove
package"). It used to be a separate package, but it is now part of
syslog-ng itself, which is why the eventlog package was removed.
But commit 5e0b1f9c23 forgot to drop the
select BR2_PACKAGE_EVENTLOG, so let's fix this.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_WEBRTC does not exist, and we already select
BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING, which is the package really
needed by the webrtcdsp plugin.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit dd90d40b52 (package/python-pylibftdi: bump version to 0.18.1)
bumped the version of the package but failed to take into account the change
of copyright year in the license file:
-Copyright (c) 2010-2018 Ben Bass
+Copyright (c) 2010-2019 Ben Bass
Adjust the license file to match the new content.
Signed-off-by: Christian Kellermann <christian.kellermann@solectrix.de>
[Peter: extend commit message, add SOB]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_PYASN does not exist, it is BR2_PACKAGE_PYTHON_PYASN that
should be selected.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The option BR2_PACKAGE_XLIB_LIBXP does not exist, but is select by
efl/Config.in since the package was introduced. Since all xlib_*
dependency in the .mk file each have a corresponding select in the
Config.in file, we simply drop this bogus dependency.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an option to enable WebKit's sandbox, which uses kernel
namespaces to isolate the processes used for Web content rendering
(WebKitWebProcess) and network/disk access (WebKitNetworkProcess).
The reason to have an option is that it needs additional dependencies
(bubblewrap, xdg-dbus-proxy, libseccomp), and that some users may
choose to deploy alternative solutions (for example: putting all
of WebKit inside its own container, using systemd-nspawn or the
like).
Patch "0002-GTK-WPE-Do-not-run-the-Bubblewrap-executable-when-co.patch"
is imported from upstream, as it is needed to avoid trying to run
the "bwrap" command from the target during cross-compilation.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit 5cce413eb1 ("package/pango:
bump to version 1.44.6"), pango needs libfribidi. Through the Meson
subprojects mechanism, it tries to download it by itself if not
available. But in Buildroot, we definitely want to use the separate
libfribidi package, so let's add it as a dependency of pango.
Fixes:
http://autobuild.buildroot.net/results/f16fda910da23dfe5f8ac1cb51f9dbcec444b516
subprocess.CalledProcessError: Command '['git', 'clone', 'https://github.com/fribidi/fribidi.git', 'fribidi']' returned non-zero exit status 128.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>