Fixes CVE-2019-9755: An integer underflow issue exists in ntfs-3g 2017.3.23.
A local attacker could potentially exploit this by running /bin/ntfs-3g with
specially crafted arguments from a specially crafted directory to cause a
heap buffer overflow, resulting in a crash or the ability to execute
arbitrary code. In installations where /bin/ntfs-3g is a setuid-root
binary, this could lead to a local escalation of privileges.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4fb3c69854)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2019-20388: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10
allows an xmlSchemaValidateStream memory leak.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 48802015a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2020-7595: xmlStringLenDecodeEntities in parser.c in libxml2
2.9.10 has an infinite loop in a certain end-of-file situation.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 615b7c4af5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2014-9638: oggenc in vorbis-tools 1.4.0 allows remote attackers to
cause a denial of service (divide-by-zero error and crash) via a WAV file
with the number of channels set to zero.
- CVE-2014-9639: Integer overflow in oggenc in vorbis-tools 1.4.0 allows
remote attackers to cause a denial of service (crash) via a crafted number
of channels in a WAV file, which triggers an out-of-bounds memory access.
- CVE-2014-9640: oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote
attackers to cause a denial of service (out-of-bounds read) via a crafted
raw file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd43037c8c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/d9a/d9a84b642357f758c3f84270fb9a109abd7e2684/
configure.ac contains a test using $ax_cv_check_cl_libcl:
if test "$build_modules" != 'no' || test "X$ax_cv_check_cl_libcl" != Xno; then
AC_MSG_RESULT([-------------------------------------------------------------])
AC_MSG_CHECKING([for libltdl])
But ax_cv_check_cl_libcl is only assigned a value (yes/no) if
--disable-opencl is NOT passed, as the assignment logic is inside a
conditional:
AC_ARG_ENABLE([opencl],
[AC_HELP_STRING([--disable-opencl],
[do not use OpenCL])],
[disable_opencl=$enableval],
[disable_opencl='yes'])
if test "$disable_opencl" = 'yes'; then
..
AC_CACHE_CHECK([for OpenCL library], [ax_cv_check_cl_libcl],
So configure errors out if --disable-opencl is passed on setups where
libltdl isn't available:
checking if libltdl package is complete... no
configure: error: in `/home/naourr/work/instance-0/output-1/build/imagemagick-7.0.8-59':
configure: error: libltdl is required for modules and OpenCL builds
As a workaround, explictly set ax_cv_check_cl_libcl=no to skip this
conditional.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cf9591660a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since alsa-lib version 1.1.7 [1] the location for add-on config files
has changed.
In fact, the path for the alsa add-on config files has never been
correct set in the package (it should have been
`/usr/share/alsa/alsa.conf.d`).
With alsa-lib version 1.1.7 or later the correct path is
`/etc/alsa/conf.d`.
[1] 93e03bdc2a
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4e36111dbc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://mariadb.com/kb/en/library/mariadb-10322-release-notes/
Changelog:
https://mariadb.com/kb/en/library/mariadb-10322-changelog/
Fixes the following security vulnerability (10.3.22):
CVE-2020-2574 - Vulnerability in the MySQL Client product of Oracle MySQL
(component: C API). Supported versions that are affected are 5.6.46 and
prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit
vulnerability allows unauthenticated attacker with network access via
multiple protocols to compromise MySQL Client. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Client.
Fixes the following security vulnerabilities (10.3.19):
CVE-2019-2974 - Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: Optimizer). Supported versions that are affected are
5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2019-2938 - Vulnerability in the MySQL Server product of Oracle MySQL
(component: InnoDB). Supported versions that are affected are 5.7.27 and
prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
Patch 0002-fix-build-error-with-newer-cmake.patch has been removed as it
has been applied upstream.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4071a7d743)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
egrep/fgrep are wrapper scripts, calling the grep binary with the correct
arguments.
The shell wrappers use the value of SHELL at build time as the shebang value
in these wrapper scripts, which in Buildroot points to /bin/bash.
The target may not have bash available, causing runtime errors.
As a fix, add a post-install hook to change this to /bin/sh.
If the target does not have /bin/sh, simply remove the aliases.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8f9f48acd2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the grep package is selected, it should be installed at the same exact
location where busybox installs it too, this way the grep/egrep/fgrep
executables will end up overwriting the busybox provided ones.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 10bc79c612)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order to check if the initial database needs to be created, the startup
script calls ls -1 $MYSQL_LIB | wc -l to check the number of files in the
directory. If the directory does not exist, an error is printed. We fix
this by redirecting stderr to /dev/null for the ls call.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 22bb9b2c28)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We already remove mysql_config from the target since it's only useful in
staging. The same is true for mariadb_config. Thus, we remove it from the
target as well.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c700b5ea8d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mysql_install_db is currently called in the systemd unit without
--user=mysql that the sysv script uses. This will generate the initial
database files with root permissions. However, mysqld runs as user mysql
so this will cause problems. We fix this by calling chown instead of
passing the user parameter because an upcoming version bump will fail when
ran this way.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit add2c2ba2e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9228c061d5)
[Peter: drop 5.4.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libselinux is an optional dependency since a very long time (2010) and
ab807ee43b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 33b6b6b3e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some packages installs libOpenCL without declaring
BR2_PACKAGE_PROVIDES_LIBOPENCL (e.g. imx-gpu-viv). ImageMagick will detect
the library and will require libtool. Since libtool is not in dependencies,
build might fail.
To prevent that situation, explicitly disable opencl support for target and host.
Signed-off-by: Julien Olivain <juju@cotds.org>
[Peter: drop unneeded ax_cv_check_cl_libcl=no]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9056908e93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues (2.2.10):
- CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)
django.contrib.postgres.aggregates.StringAgg aggregation function was
subject to SQL injection, using a suitably crafted delimiter.
For more details, see the advisory:
https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
Fixes the following security issues (2.2.11):
- CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS
functions and aggregates on Oracle.
GIS functions and aggregates on Oracle were subject to SQL injection,
using a suitably crafted tolerance.
For more details, see the advisory:
https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The meson script includes the full path to the python interpreter. In
deep build trees, this path can be more than 128 characters long, which
is the limit for how long a shebang may be.
Notice that this has been bumped to 256 since kerel 5.1, but the issue still
persists:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eb3c3d0a52dca337e327ae8868ca1f44a712e02
In older kernels, this limit was silently ignored, leading to potential
bugs, but newer kernels enforce that limit, and refuse to execve() the
script, returning with NOEXEC. Since the script is +x, the shell (any
bourne shell, as well as the C shell) will conclude from that situation that
they should interpret it as a shell script, which it obviously is not.
Fix the problem by replacing the shebang with a call to /usr/bin/env
which will redirect to the correct python3 interpreter found in the
PATH.
Note however that this means our meson installation can no longer be
called from outside of the meson-package infrastructure anymore (not
that we ever supported it before, but who knows what people may have
done in their br2-external), unless one does set the PATH to include
$(HOST_DIR)/bin/ earlier than a system-provided python3 would be found.
Fixes: #12331#12461
Reported-by: Jean-pierre Cartal <jpcartal@free.fr>
Reported-by: Matthias Weißer <m.weisser.m@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 62df914ced)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building host-util-linux, the systemdsystemunitdir is set to the
real host directory, so the install step fails with:
/usr/bin/install: cannot remove '/usr/lib/systemd/system/fstrim.service': Permission denied
/usr/bin/install: cannot remove '/usr/lib/systemd/system/fstrim.timer': Permission denied
Since we don't need systemd support in host-util-linux, unconditionally
disable it for the host build.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 86441b9fd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patches already applied upstream and, consequently, AUTORECONF.
util-linux 2.35.1 Release Notes
===============================
build-sys:
- add --disable-hwclock-gplv3 [Karel Zak]
chrt:
- Use sched_setscheduler system call directly [jonnyh64]
lib/randutils:
- use explicit data types for bit ops [Karel Zak]
libfdisk:
- fix __copy_partition() [Karel Zak]
- make sure we use NULL after free [Karel Zak]
libmount:
- fix x- options use for non-root users [Karel Zak]
po:
- update uk.po (from translationproject.org) [Yuri Chornoivan]
sfdisk:
- make sure we do not overlap on --move [Karel Zak]
- remove broken step alignment for --move [Karel Zak]
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3052da3eac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version brings bug fixes, enhancements and a new script utility,
scriptlive. For detailed information see the release notes:
http://www.kernel.org/pub/linux/utils/util-linux/v2.35/v2.35-ReleaseNotes
Pull some fixed applied after the release.
Disable the use of code under GPLv3 included in hwclock since v2.30. The
subject was discussed upstream[1] and it was decided that hwclock will
be made GPLv2-only again in v2.36, so do it in advance in Buildroot.
Meanwhile, be warned that all OS images selecting hwclock built with
Buildroot since commit 74235a6854 (util-linux: bump to version 2.30)
contain code under GPLv3, which imposes some technical difficulties to
include in embedded systems. For more information see GPLv3, Section 6,
"Conveying Non-Source Forms", and the definitions of User Product and
Installation Information[2].
1. https://lore.kernel.org/util-linux/20200127202152.4jh2w4chch37wgee@ws.net.home/T/#t
2. https://www.gnu.org/licenses/gpl-3.0.html
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4f3af906fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
python script is compatible with python3 since 2.1.10 and
532a8cc301
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f0ec49f09b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libcap-ng is an optional dependency since a very long time (2010) and
24882d3672
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f692541dff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixed the following security issue:
- CVE-2020-0569: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would
search for certain plugins first on the current working directory of the
application, which allows an attacker that can place files in the file
system and influence the working directory of Qt-based applications to
load and execute malicious code. This issue was verified on macOS and
Linux and probably affects all other Unix operating systems. This issue
does not affect Windows.
- CVE-2020-0570: QLibrary in Qt versions 5.12.0 through 5.14.0, on certain
x86 machines, would search for certain libraries and plugins relative to
current working directory of the application, which allows an attacker
that can place files in the file system and influence the working
directory of Qt-based applications to load and execute malicious code.
This issue was verified on Linux and probably affects all Unix operating
systems, other than macOS (Darwin). This issue does not affect Windows.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/01/30/1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f5e4100c08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixed the following security issue:
- CVE-2020-0569: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would
search for certain plugins first on the current working directory of the
application, which allows an attacker that can place files in the file
system and influence the working directory of Qt-based applications to
load and execute malicious code. This issue was verified on macOS and
Linux and probably affects all other Unix operating systems. This issue
does not affect Windows.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/01/30/1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c0607b38c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
lzma package is a host-only package so replace this wrong dependency by
xz package
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2f185e82ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Includes fixes to the runtime, the crypto/x509, and net/http
packages.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9b15ef3505)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1
parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients
can be made to crash by an HTTPS server, while net/http servers that accept
client certificates will recover the panic and are unaffected. Thanks to
Project Wycheproof for providing the test cases that led to the discovery of
this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f40acb4684)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.13.6 (released 2020/01/09) includes fixes to the runtime and the net/http
package.
https://github.com/golang/go/issues?q=milestone=Go1.13.6
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 17aea508c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6f6118ec3a)
[Peter: drop 5.4.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-3862: Impact: A malicious website may be able to cause a denial
of service. Description: A denial of service issue was addressed with
improved memory handling.
- CVE-2020-3864: Impact: A DOM object context may not have had a unique
security origin. Description: A logic issue was addressed with improved
validation.
- CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
been considered secure. Description: A logic issue was addressed with
improved validation.
- CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
to universal cross site scripting. Description: A logic issue was
addressed with improved state management.
- CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
to arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
For more details, see the advisory:
https://wpewebkit.org/security/WSA-2020-0002.html
While we are at it, adjust the white space in the .hash function to match
the new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit abafaedd05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CMakeLists.txt contains a toolchain check:
if (${CMAKE_CXX_COMPILER_ID} STREQUAL "GNU")
if (${CMAKE_CXX_COMPILER_VERSION} VERSION_LESS "7.3.0")
message(FATAL_ERROR "GCC 7.3 or newer is required to build WebKit. Use a newer GCC version or Clang.")
endif ()
endif ()
So bump the toolchain dependency to >= GCC 7. The check is really about >=
7.3.0, but we do not have such detailed version checks. Given that GCC
7.3.0 was released in January 2018 (and 7.1.0 in May 2017), most external
GCC 7.x toolchains probably use >= 7.3.0.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 09af6d8bfd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Forcibly disable the JavaScriptCore JIT compilation support
for MIPSr6 processors, which are unsupported.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f779520a63)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-8835: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8844: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8846: A use after free issue was addressed with improved memory
management
For details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0001.html
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9412a38fec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-3862: Impact: A malicious website may be able to cause a denial
of service. Description: A denial of service issue was addressed with
improved memory handling.
- CVE-2020-3864: Impact: A DOM object context may not have had a unique
security origin. Description: A logic issue was addressed with improved
validation.
- CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
been considered secure. Description: A logic issue was addressed with
improved validation.
- CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
to universal cross site scripting. Description: A logic issue was
addressed with improved state management.
- CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
to arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
For more details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0002.html
While we are at it, adjust the white space in the .hash function to match
the new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 97ce61f633)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CMakeLists.txt contains a toolchain check:
if (${CMAKE_CXX_COMPILER_ID} STREQUAL "GNU")
if (${CMAKE_CXX_COMPILER_VERSION} VERSION_LESS "7.3.0")
message(FATAL_ERROR "GCC 7.3 or newer is required to build WebKit. Use a newer GCC version or Clang.")
endif ()
endif ()
So bump the toolchain dependency to >= GCC 7. The check is really about >=
7.3.0, but we do not have such detailed version checks. Given that GCC
7.3.0 was released in January 2018 (and 7.1.0 in May 2017), most external
GCC 7.x toolchains probably use >= 7.3.0.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ec1ff802df)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Forcibly disable the JavaScriptCore JIT compilation support
for MIPSr6 processors, which are unsupported.
Fixes: http://autobuild.buildroot.net/results/3d21d3c3460cd85a4c828dd197929cdf17aaf4e0
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5eb70ceced)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-8835: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8844: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8846: A use after free issue was addressed with improved memory
management
For details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0001.html
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 35df7bdb07)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even though pyqt5 would be perfectly usable with just the core Qt5
modules (QtCore, QtDbus, ...), its configure.py script passes the -gui
option to qmake unconditionally. Therefore, make sure that GUI is built.
Fixes:
- http://autobuild.buildroot.org/results/ea0c8db44aacf1ce76f75e8288969fe5da6690d9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 6b0ba1a3c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Qt5 has predefined optimization flags depending if you're building for
size, for debug etc. These flags are defined in
mkspecs/common/gcc-base.conf:
QMAKE_CFLAGS_OPTIMIZE = -O2
QMAKE_CFLAGS_OPTIMIZE_FULL = -O3
QMAKE_CFLAGS_OPTIMIZE_DEBUG = -Og
QMAKE_CFLAGS_OPTIMIZE_SIZE = -Os
Then, in the same file, they use them to set
QMAKE_CFLAGS_RELEASE/QMAKE_CXXFLAGS_RELEASE:
QMAKE_CFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CXXFLAGS_RELEASE += $$QMAKE_CFLAGS_RELEASE
At this point there is our chance to override QMAKE_CFLAGS_OPTIMIZE_* in
qmake.conf, but it's too late, because QMAKE_CFLAGS_RELEASE is already
set (i.e. -O2) so trying to add or remove QMAKE_CFLAGS_OPTIMIZE (that is
reset now on) from QMAKE_CLAGS_RELEASE in
common/features/default_post.prf won't work:
optimize_size {
!isEmpty(QMAKE_CFLAGS_OPTIMIZE):!isEmpty(QMAKE_CFLAGS_OPTIMIZE_SIZE) {
QMAKE_CFLAGS_RELEASE -= $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CXXFLAGS_RELEASE -= $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE_SIZE
QMAKE_CXXFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE_SIZE
}
} else: optimize_full {
!isEmpty(QMAKE_CFLAGS_OPTIMIZE):!isEmpty(QMAKE_CFLAGS_OPTIMIZE_FULL) {
QMAKE_CFLAGS_RELEASE -= $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CXXFLAGS_RELEASE -= $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE_FULL
QMAKE_CXXFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE_FULL
}
}
So let's reset:
QMAKE_CFLAGS_RELEASE
QMAKE_CFLAGS_DEBUG
QMAKE_CXXFLAGS_RELEASE
QMAKE_CXXFLAGS_DEBUG
in our qmake.conf since the only assignment done in
mkspecs/common/gcc-base.conf only regards optimization.
This package is also affected by BR2_TOOLCHAIN_HAS_GCC_BUG_90620 and
it's been worked around by appending -O0 to CFLAGS/CXXFLAGS. This bug
prevented workaround to work overriding optimization flags, so solving
this also solves workaround problem.
Fixes:
http://autobuild.buildroot.net/results/ada/adaa9b4bcc6f9d2b5e82c479859a07e8abf5cf13/http://autobuild.buildroot.net/results/a83/a83bdd1f3bf309c07abebe871b017c331ed36e67/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Tested-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Arnout: add a comment to qmake.conf.in]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c4a6f974b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2018-11813: libjpeg 9c has a large loop because read_pixel in
rdtarga.c mishandles EOF.
- Update hash of README (small updates such as authors, year ...)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 75a14ec067)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues (4.10.12):
CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
CVE-2019-14907: Crash after failed character conversion at log level 3
or above.
CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD
DC.
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.10.12.html
In addition, 4.10.13 fixes a number of bugs. For details, see the release
notes:
https://www.samba.org/samba/history/samba-4.10.13.html
Drop now upstreamed
0006-heimdal_build-wscript_build-do-not-add-host-include-.patch
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 20286d494a)
[Peter: drop 5.4.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
XSA-312: arm: a CPU may speculate past the ERET instruction
For further details, see the advisory:
https://xenbits.xenproject.org/xsa/advisory-312.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 76d56fe769)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 4.12.2 release brings a large number of fixes:
https://xenproject.org/downloads/xen-project-archives/xen-project-4-12-series/xen-project-4-12-2/
Including a number of security fixes:
XSA-296: VCPUOP_initialise DoS (CVE-2019-18420)
XSA-298: missing descriptor table limit checking in x86 PV emulation
(CVE-2019-18425)
XSA-299: Issues with restartable PV type change operations (CVE-2019-18421)
XSA-301: add-to-physmap can be abused to DoS Arm hosts (CVE-2019-18423)
XSA-302: passed through PCI devices may corrupt host memory after
deassignment (CVE-2019-18424)
XSA-303: ARM: Interrupts are unconditionally unmasked in exception handlers
(CVE-2019-18422)
XSA-304: x86: Machine Check Error on Page Size Change DoS (CVE-2018-12207)
XSA-305: TSX Asynchronous Abort speculative side channel (CVE-2019-11135)
XSA-306: Device quarantine for alternate pci assignment methods
(CVE-2019-19579)
XSA-307: find_next_bit() issues (CVE-2019-19581 CVE-2019-19582)
XSA-308: VMX: VMentry failure with debug exceptions and blocked states
(CVE-2019-19583)
XSA-309: Linear pagetable use / entry miscounts (CVE-2019-19578)
XSA-310: Further issues with restartable PV type change operations
(CVE-2019-19580)
XSA-311: Bugs in dynamic height handling for AMD IOMMU pagetables
(CVE-2019-19577)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 636df7ffcd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/14af2dc3219847a92c6ec2db14ba387159b61fde
The Xen build system builds and embeds a default XSM FLASK (Flux Advanced
Security Kernel) security policy if it detects SELinux checkpolicy on the
build machine.
If enabled, a gen-policy.py python script is used to convert the binary
FLASK policy to a C array initialization list to embed it in the Xen binary.
Depending on the python version and locale available on the host, this fails
with byte values outside the 0..255 range:
policy.c:7:10: error: unsigned conversion from 'int' to 'unsigned char' changes value from '56575' to '255' [-Werror=overflow]
0xdc8c, 0xdcff, 0x7c, 0xdcf9, 0x08, 0x00, 0x00, 0x00, 0x58, 0x65, 0x6e, 0x46, 0x6c,
To fix this and ensure a consistent build, pass XEN_HAS_CHECKPOLICY=n to
disable the checkpolicy detection.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b60f3e2ae6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building with path containing "m4/" occurence(i.e. make
O=output-m4) gettext-tiny install recipe copies files to wrong place and
later some package using autotools fail to autoreconf(i.e. minicom).
This is due to buggy gettext-tiny Makefile install recipe where they
substitute every "m4/" in INSTALL destination path, including the "m4/"
part of our build folder. Add patch to fix this by using $(patsubst ...)
instead of $(subst m4/,,$@) to substitute only last "m4/" occurence in
path.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12481
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 41b9a64526)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2019-18222: Our bignum implementation is not constant
time/constant trace, so side channel attacks can retrieve the blinded
value, factor it (as it is smaller than RSA keys and not guaranteed to
have only large prime factors), and then, by brute force, recover the
key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a7186d0913)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
