License file hash is changed, due to a copyright year change:
- Copyright (C) 2002-2021 GraphicsMagick Group
+ Copyright (C) 2002-2022 GraphicsMagick Group
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f27ea50528)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tinyproxy commit 84f203f and earlier does not process HTTP request lines
in the process_request() function and is using uninitialized buffers.
This vulnerability allows attackers to access sensitive information at
system runtime.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit eedd93f010)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This uses a newer firmware implementation that is much faster at
booting. It is supported as of Qemu 7.0.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1fca098295)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, with a configuration with an internal toolchain, and no other
package is selected [0], especially when one wants to generate an SDK or
a pre-built, pre-installed toolchain, running 'make' will only build
glibc (and its dependencies), and not the full toolchain, as one would
have expected, so there would be no host-final-gcc.
The reason is that 'toolchain' is a virtual package, so it is excluded
from PACKAGES, the list of packages enabled in the configuration. so it
is not a dependency of target-finalize, and so nothing pulls it in the
build.
The reason for excluding virtual packages from that list is not obvious.
When virtual packages were introduced in 7439824412 (packages: add
infrastructure for virtual packages), there was no BR2_PACKAGE_FOO
symbol for virtual packages (but there was BR2_PACKAGE_HAS_FOO), so
there was no telling that the virtual package was enabled, like we had
for the other kinds of packages (normal, bootloader, toolchain, or linux
kernel).
That caused issues, so in f674c428c2 (core/pkg-virtual: do not check
they are neabled [sic]), and then 3e1b33a534 (pkg-generic: improve
incorrectly used package detection), we explicitly excluded the virtual
packages from causing a build failure when something depended on them,
as we could not yet now whether a virtual package was actually enabled
or not.
Then, in 842ba7ecef (pkg-generic: fix rdepends and phony targets of
virtual packages), we eventually associated a virtual package to is
BR2_PACKAGE_HAS_FOO, which allows treating virtual packages like the
other kinds of packages. There, we explicitly kept virtual packages out
of the list, though (the reasoning was that virtual packages install
nothing in host/ or target/, so they do not directly contribute to the
final content, so we do not need to rsync them, so this was an
optimisation).
However, virtual packages are in fact actual generic packages, and it is
possible for virtual packages to actually provide content for the final
image. Even though we do not have any virtual package that has actual
_INSTALL_CMDS, we still have udev that provides a user for example;
virtual packages in br2-external trees may also very well provide
install commands (e.g. to install files common to their various
implementations).
So, there is currently no technical reason to exclude virtual packages
from PACKAGES, the list of packages enabled in the configuration.
Drop the excluding condition, and always add enabled package, whatever
their kind, to the list of enabled packages.
[0] defconfig to reproduce the issue:
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
# BR2_PACKAGE_IFUPDOWN_SCRIPTS is not set
# BR2_TARGET_ROOTFS_TAR is not set
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 02fe7c747b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Our current heirloom-mailx package is affected by CVE-2014-7844. It
has been fixed by a Debian patch
0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch, but it does rely
on other Debian patches as well.
Instead of bringing those patches locally, we just update the package
to use version 12.5-5 from Debian, including its patches.
The local patch
0001-Patched-out-SSL2-support-since-it-is-no-longer-suppo.patch is
removed as it is part of the Debian patches.
The remaining patch 0002-fix-libressl-support.patch is renumbered.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 15972770cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the listed versions to match current status since commit
b4d9b51508 ("configs/solidrun_macchiatobin: bump BSP components").
All components are now from upstream so no need to state that for each
one.
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3f0ee52908)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Any .pyc files generated by the pycompile script during target
finalization are currently counted in the "Unknown" package,
because packages-file-list.txt only contains the source .py file.
If a .py file is added to filesdict, add the corresponding .pyc
file as well.
Signed-off-by: Michael Klein <m.klein@mvz-labor-lb.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This issue was reported by Firas Khalil Khana on a Github pull request
at https://github.com/buildroot/buildroot/pull/113/.
There is no --disable-static in m4. Research in the dark corners of
the Git history has shown that it was apparently added by Peter
Korsgaard back in 2009, in commit
3467cf7305 ("m4: cleanup"). At this
time, the version of m4 used was 1.4.9, but even looking at the
tarball of this old release shows that the ./configure did not support
--disable-static.
So let's drop this option.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bddc64e866)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit bf446513e7 (ncurses: fix hanging installation due to old
version of tic) introduced the build of the host tic, to be used by the
target ncurses. That commit purportedly built a static tic, but that is
(at least now) wrong: there is nothing that makes the build of tic
static.
Initially, host-ncurses was configured with --without-shared, but that
only drives whether to generate shared libs or not, it does not drive
whether to do a shared or static link of executables.
And in any case, in af23d762e5 (ncurses: enable shared library build
on the host) we explicitly stopped requesting the build of a static
library, to instead require the build of a shared library.
So, we never had a statically linked tic ever.
Furthermore, we override the _BUKLLD_CMDS, but we do not provide any
_INSTALL_CMDS. As a consequence, the full ncurses is installed, not just
tic. And since we override the _BUILD_CMDS, the libraries are not built,
so they get built during the install step.
And we do indeed need the libraries (host-gettext needs them), and not
just tic.
So, just drop our custom _BUILD_CMDS and just build the whole package
with the default settings. We keep the explicit use of --with-shared,
as this is not the standard flag (--enable-shared) and it is not obvious
what the default is.
The set of files installed before and after this change is exactly the
same, and tic still is an "ELF 64-bit LSB shared object" with a RUNPATH
that still correctly points to $(HOST_DIR)/lib
To be noted: there is no regressin in build time either, since we were
already building everything anyway.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8b15de20a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patches have been used by Alpine for 5 months now and they were
posted on the Busybox mailing list mid-July with no review or comment.
According to Ariadne Conill[1] - though NVD CVSS 3.x Base Score seems to
disagree - this has a low security impact so we could probably just wait
for upstream to merge the patches or implement it the way they want.
Considering those patches have been public for 5 months and upstream
hasn't acted until now, let's take the patches from the mailing list
anyway as there's no indication the CVEs will be fixed upstream soon.
[1] https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4a03d17172)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As explained in bug #14796, there are situations where the seccomp based
sandboxing in openssh can get confused, leading to connection issues.
As explained by Thomas in the bug report:
glibc does not care about the kernel headers when deciding whether to
try the clock_gettime64() syscall or not: it always use it, and if that
fails at runtime, it falls back to clock_gettime(). This is how glibc
ends up using clock_gettime64() even if your kernel does not support it.
On the other hand, the OpenSSL seccomp code relies on kernel headers to
decide whether the clock_gettime64() syscall should be in the allowed
list of syscalls or not.
So when you are in a situation where glibc is recent, but your kernel is
older, you get into precisely the problem you have: glibc tries to use
clock_gettime64, but OpenSSH seccomp configuration prevents that, which
does not allow glibc to gracefully fallback to clock_gettime (as seccomp
is configured to kill the process on filter violations).
As a workaround, add a _OPENSSH_SANDBOX option (defaulting to y) to
decide if sandboxing should be used or not.
--with-sandbox expects the type of sandboxing to use, and if not
specified, will use the first one available in a list: pledge, systrace,
darwin, seccomp, capsicum, rlimit. On Linux, only seccomp and rlimit are
available, and rlimit probably does not bring much security-wise, so in
all practical matters, on Linux, sandboxing uses seccomp or there is no
sandboxing, so let's just disable sandboxing when we do not want to use
seccomp, and let configure detect seccomp when we request sandboxing.
Fixes (works around) #14796
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: add § about sandboxing types]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f204766b8f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit b936a95d02 (package/openssh: bump to version 9.0p1) dropped the
patch touching m4/openssh.m4, but forgot to remove autoreconf. Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7719e4525d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libexpat before 2.4.9 (which is still not released) has a use-after-free
in the doContent function in xmlparse.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d8c044f584)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-29187: Git is a distributed revision control system. Git
prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3,
2.31.4, and 2.30.5, is vulnerable to privilege escalation in all
platforms. An unsuspecting user could still be affected by the issue
reported in CVE-2022-24765, for example when navigating as root into a
shared tmp directory that is owned by them, but where an attacker could
create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4,
2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The
simplest way to avoid being affected by the exploit described in the
example is to avoid running git as root (or an Administrator in
Windows), and if needed to reduce its use to a minimum. While a generic
workaround is not possible, a system could be hardened from the exploit
described in the example by removing any such repository if it exists
already and creating one as root to block any future attacks.
https://github.com/git/git/blob/v2.31.4/Documentation/RelNotes/2.31.4.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 15293e0360)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The logic implemented in e745c0b to stop makedevs from recursively running
chmod() on dangling symlinks excluded everything that isn't a symlink.
Other file types or directories are skipped/ignored.
Logic has been updated to exit the function if mode shouldn't be changed
or if path is a dangling symlink.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d6d8d60ee3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If the TARGET env variable is set icu may try to use it.
To prevent this from causing issues clear it from the icu env.
Fixes:
>>> host-icu 70-1 Building
PATH="/home/buildroot/buildroot/output/per-package/host-icu/host/bin:/home/buildroot/buildroot/output/per-package/host-icu/host/sbin:/home/buildroot/bin:/home/buildroot/.local/bin:/home/buildroot/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
PKG_CONFIG="/home/buildroot/buildroot/output/per-package/host-icu/host/bin/pkg-config"
PKG_CONFIG_SYSROOT_DIR="/" PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
PKG_CONFIG_LIBDIR="/home/buildroot/buildroot/output/per-package/host-icu/host/lib/pkgconfig:/home/buildroot/buildroot/output/per-package/host-icu/host/share/pkgconfig"
/usr/bin/make -j33 -C
/home/buildroot/buildroot/output/build/host-icu-70-1/source
cd ./config; \
/usr/bin/make -f pkgdataMakefile
rm -rf config/icu-config
rebuilding config/icucross.mk
rebuilding config/icucross.inc
/bin/bash ./mkinstalldirs lib
/bin/bash ./mkinstalldirs bin
/usr/bin/install -c ./config/icu-config-top config/icu-config
rm -rf pkgdata.inc
chmod u+w config/icu-config
mkdir lib
mkdir bin
LC_ALL=C /usr/bin/sed -f ./config/make2sh.sed < ./config/Makefile.inc
| grep -v '#M#' | uniq >> config/icu-config
config/icu-uc.pc updated.
config/icu-i18n.pc updated.
/usr/bin/make[2]: Making `all' in `stubdata'
LC_ALL=C /usr/bin/sed -f ./config/make2sh.sed < ./config/mh-linux |
grep -v '#M#' | uniq >> config/icu-config
cat ./config/icu-config-bottom >> config/icu-config
(deps) stubdata.cpp
chmod u-w config/icu-config
Note: rebuild with "/usr/bin/make VERBOSE=1 " to show all compiler parameters.
make[3]: *** No rule to make target 'bpf', needed by 'all-local'. Stop.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 17b6372790)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Due to a bug in the CodeSourcery ARM toolchain packaging, this
toolchain currently appears as available even for noMMU
configurations, which is obviously wrong. Due to this, the
bootlin-armv7m-uclibc.config fragment ends up using the CodeSourcery
ARM toolchain, which is obviously wrong for an ARM noMMU
configuration, causing a build failure when matching the toolchain
capabilities with the configuration.
Even though we will separately fix the CodeSourcery ARM toolchain
packaging, it makes sense to ensure that the
bootlin-armv7m-uclibc.config fragment explicitly selects the Bootlin
toolchain.
Reported-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 43fc826d82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is the fourth patch release in the 1.1.z series of runc, primarily fixing a
regression introduced in 1.1.3 related to device rules, as well as other bugs.
- Fix mounting via wrong proc fd. When the user and mount namespaces are used,
and the bind mount is followed by the cgroup mount in the spec, the cgroup was
mounted using the bind mount's mount fd.
- Switch kill() in libcontainer/nsenter to sane_kill().
- Fix "permission denied" error from runc run on noexec fs.
- Fix failed exec after systemctl daemon-reload. Due to a regression in v1.1.3,
the DeviceAllow=char-pts rwm rule was no longer added and was causing an error
open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
https://github.com/opencontainers/runc/releases/tag/v1.1.4
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ec8e8aaa3a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit c099842544 ("package/libmdbx:
bump version to 0.11.8") forgot to drop the hash for the previous
0.11.7 version, let's do so now.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b831f84e13)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since version 2.0.15, and upstream commit 71a90177d7b2 (Systemd: Add
mosquitto group ownership), mosquitto uses its own group rather than
the generic nobody group.
This means that mosquitto can now no longer start on a systemd-based
system.
Change our mosquitto user definition to specify a mosquitto group.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Titouan Christophe <titouanchristophe@gmail.com>
Cc: Francois Perrad <fperrad@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 63727d9a54)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
