Fixes the following vulnerabilities:
- CVE-2021-42374: An out-of-bounds heap read in Busybox's unlzma applet
leads to information leak and denial of service when crafted
LZMA-compressed input is decompressed
- CVE-2021-42375: An incorrect handling of a special element in Busybox's
ash applet leads to denial of service when processing a crafted shell
command, due to the shell mistaking specific characters for reserved
characters. This may be used for DoS under rare conditions of filtered
command input
- CVE-2021-42376: A NULL pointer dereference in Busybox's hush applet leads
to denial of service when processing a crafted shell command, due to
missing validation after a \x03 delimiter character. This may be used for
DoS under very rare conditions of filtered command input.
- CVE-2021-42377: An attacker-controlled pointer free in Busybox's hush
applet leads to denial of service and possible code execution when
processing a crafted shell command, due to the shell mishandling the &&&
string. This may be used for remote code execution under rare conditions
of filtered command input.
For details, see:
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pause() is defined in glibc since the very early times; it appears in
upstream commit 28f540f45bba (initial import) in 1995 [0].
Bluez has been defining a function named pause() for ages too, since
comit caab74c97542 (media: Implement new callbacks for pass-through
operations) in 2013 [1]
With the recent bump to glibc 2.34.xxx, the build now fails because the
two pause() clash:
profiles/audio/media.c:1284:13: error: conflicting types for 'pause'
1284 | static bool pause(void *user_data)
| ^~~~~
In file included from /tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/bits/sigstksz.h:24,
from /tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/signal.h:328,
from /tmp/instance-0/output-1/per-package/bluez5_utils/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib/gbacktrace.h:36,
from /tmp/instance-0/output-1/per-package/bluez5_utils/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib.h:34,
from profiles/audio/media.c:21:
/tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/unistd.h:489:12: note: previous declaration of 'pause' was here
489 | extern int pause (void);
| ^~~~~
The culprit is indeed glibc 2.34, as can be seen in this result matrix:
\ bluez5_utils
glibc \ 5.60 | 5.61
-------\-------+--------
2.33 | OK | OK
-------+-------+--------
2.34 | KO | KO
Even though we first bumped to glibc 2.34, then to blues5_utils 5.61,
we did not notice build issues with bluez5_utils 5.60 because the two
bumps were too close to each other for the failure to trigger in the
autobuilders.
The underlying reason that pause() is now causing issues with glibc 2.34
is not obvious: glibc is a big beast, and finding such issues is not
easy. However, we can see that the pause() provided by NPTL has been
dropped in favour of the generic one, so maybe this is causing symbol
visibility or weakness to change or something...
We fix that by renaming the local pause() in bluez5_utils with a
namespace-prefix, like some other functions there already have.
Fixes:
- http://autobuild.buildroot.org/results/c4f/c4fbface34be8815838fd7201621d7a8fddd32c5/
- http://autobuild.buildroot.org/results/62b/62b88740f19fbe4a1ad7959dc141d539eb88c1f8/
[0] https://sourceware.org/git/?p=glibc.git;a=commit;h=28f540f45bbacd939bfd07f213bcad2bf730b1bf
[1] caab74c975
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: extend commit log with the glibc culprit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a02927b94a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build of avrcp without a2dp is broken since commit
fb9fc969d9:
/home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/9.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: profiles/audio/bluetoothd-avrcp.o: in function `avrcp_handle_set_volume':
avrcp.c:(.text+0x9c4): undefined reference to `media_transport_update_device_volume'
However, build of a2dp without avrcp is also broken:
/data/buildroot-autobuilder/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/riscv32-buildroot-linux-gnu/10.2.0/../../../../riscv32-buildroot-linux-gnu/bin/ld: profiles/audio/bluetoothd-media.o: in function `.L50':
media.c:(.text+0x508): undefined reference to `avrcp_unregister_player'
/data/buildroot-autobuilder/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/riscv32-buildroot-linux-gnu/10.2.0/../../../../riscv32-buildroot-linux-gnu/bin/ld: profiles/audio/bluetoothd-media.o: in function `match_endpoint_by_path':
media.c:(.text+0x824): undefined reference to `avrcp_register_player'
Fixes:
- http://autobuild.buildroot.org/results/d54cdfc03212fff772a863d1bc8afd3cfb605831
- http://autobuild.buildroot.org/results/64d75af986a4d6e9c5a176efb6e22046f4d82350
So make a single audio option for a2dp and avrcp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit aedf2c83d0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BlueZ builds a lot of Classic BT profiles by default but allows
to disable them. This is especially handy when only BLE is needed
and enabled in the kernel.
Otherwise this yields warnings like this on bootup:
profiles/network/bnep.c:bnep_init() kernel lacks bnep-protocol support
src/plugin.c:plugin_init() System does not support network plugin
Also it allows to disable btmon which should not be needed on
production systems and is ~800KB in size.
Expose those options but default to 'y' to no break existing
configurations.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fb9fc969d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We define _DEFAULT_SOURCE in mkpasswd.c to suppress a compiler warning.
In file included from /usr/include/x86_64-linux-gnu/bits/libc-header-start.h:33,
from /usr/include/stdio.h:27,
from [...]/buildroot/output/arm64/build/host-mkpasswd/mkpasswd.c:24:
/usr/include/features.h:187:3:
187 | # warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
| ^~~~~~~
As per GLIBC 2.20 release notes[1]:
The _BSD_SOURCE and _SVID_SOURCE feature test macros are no longer
supported; they now act the same as _DEFAULT_SOURCE (but generate a
warning). Except for cases where _BSD_SOURCE enabled BSD interfaces
that conflicted with POSIX (support for which was removed in 2.19),
the interfaces those macros enabled remain available when compiling
with _GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without
any feature test macros defined.
[1] https://lwn.net/Articles/611162/
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9616ade222)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 0cfa165948 (package/pkg-utils.mk: introduce "name" field in
show-info output) did what it said, but did so in the generic show-info
part, thus it was also added to filesystems (rootfs), the other kind of
entity that show-info reports on.
Only packages have a "name"; filesystems do not. Instead, they already
have an 'image_name'.
Move the 'name' field to the package-related part of show-info.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 471ecea5ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The unmatched escaped single-quote lies in the middle of a few
function calls, so they too must be fake-closed to properly fix
colour highlighting in some editors.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cba51c7f5a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some packages install nothing in target nor staging, but install images
(like the kernel vmlinux, or a bootloader boot blob...)
If we want to appropriately account for the files installed by each
package, we also need to take images/ into account.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5d00fecb7d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When calling 'printvars', the 'suitable-host-package' macro is printed
(a macro is just a variable like the others, after all, just with some
parameters). Because it is printed as a variable, it is missing its
parameters, but it still tries to evaluate the $(shell) construct.
This causes spurious warning:
make[1]: support/dependencies/check-host-.sh: Command not found
Only try and call the script if there is actually a tool to check for.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 77304e5143)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the build_dir field is reported relative to $(BASE_DIR), to
avoid leaking local paths.
However, BASE_DIR is not a directory that is very convenient: for
in-tree builds, it is $(CONFIG_DIR)/output/, while for out-of-tree
builds, it is $(CONFIG_DIR). This difference is purely an idiosyncracy
of how out-of-tree builds have been implemented in Buildroot, and is
not under the control of the user.
What the user is in control of, however, is where the .config file is
located. This, really, is the directory we should base relative paths
on.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 76c4df324d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-4020: janus-gateway is vulnerable to Improper
Neutralization of Input During Web Page Generation ('Cross-site
Scripting')
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 99d2826e03)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
