The SWUPDATE_SET_BUILD_OPTIONS macro sets a number of swupdate
configuration options with local build details, especially the
cross-compiler path and sysroot path.
This means that if one stores an swupdate defconfig file as part of
Buildroot, generated with "make swupdate-update-defconfig", it will
contain things like:
CONFIG_CROSS_COMPILE="/home/thomas/projets/buildroot/output/host/bin/arm-linux-"
CONFIG_SYSROOT="/home/thomas/projets/buildroot/output/host/arm-buildroot-linux-uclibcgnueabi/sysroot"
which obviously are not good, as they are specific to where the build
was done.
So instead this commit:
- Uses the CROSS_COMPILE environment variable to pass the
cross-compiler path.
- Drops entirely the use of CONFIG_SYSROOT, since all it does is pass
a --sysroot option to the compiler, which is not needed in the
context of Buildroot.
- Pass EXTRA_CFLAGS/EXTRA_LDFLAGS also through the environment.
Thanks to that the swupdate defconfig file no longer contains any
local build details, and can be re-used by different users of a given
Buildroot configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 716f43153e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- disable introspection unconditionally (as already done for all
other original gstreamer1 packages)
- use '=' instead of '+=' for the first usage of GST1_VALIDATE_CONF_OPTS
Fixes:
http://autobuild.buildroot.net/results/e6e43fb85c71af9bb599ea8bbe2e805b392cf1ad
GEN GstValidate-1.0.gir
Couldn't find include 'GstPbutils-1.0.gir' (search path: '['/nvmedata/autobuild/instance-6/output-1/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/bin/../share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/nvmedata/autobuild/instance-6/output-1/host/share', 'gir-1.0', '/nvmedata/autobuild/instance-6/output-1/host/share/gir-1.0', '/usr/share/gir-1.0']')
make[5]: *** [Makefile:1612: GstValidate-1.0.gir] Error 1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4f64face1f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-thrift can fail if a broken Qt4 is found on host:
CMake Error in lib/cpp/CMakeLists.txt:
Imported target "Qt4::QtCore" includes non-existent path
"/nvmedata/autobuild/instance-4/output-1/host/usr/mkspecs/default"
in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:
* The path was deleted, renamed, or moved to another location.
* An install or uninstall procedure did not complete successfully.
* The installation package was faulty and references files it does not
provide.
Fixes:
- http://autobuild.buildroot.org/results/57cad5313896c868e99b0b9534678f1c83a386f2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2f81865717)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (since 1.60):
- 1.61 2020-01-11 Fixed errors in the documentation for bcm2835_spi_write.
Fixes issue seen on Raspberry Pi 4 boards where 64-bit off_t is used by
default via -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64. The offset was
being incorrectly converted, this way is clearer and fixes the problem.
Contributed by Jonathan Perkin.
- 1.62 2020-01-12 Fixed a problem that could cause compile failures with
size_t and off_t
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3cbf70366f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
checking for a Python interpreter with version >= 2.6... none
configure: error: no suitable Python interpreter found
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 93490c2583)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It was discovered the fix for CVE-2018-19758 (libsndfile) was not
complete and still allows a read beyond the limits of a buffer in
wav_write_header() function in wav.c. A local attacker may use this flaw
to make the application crash.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3426b37ebb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is a heap-based buffer over-read at wav.c in wav_write_header in
libsndfile 1.0.28 that will cause a denial of service.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 27acdca7ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Several users of rolling-release distributions have been reporting on
IRC that Buildroot is broken now that they have switched to the newly
released make 4.3.
It turns out that the constructs we use to generated and include the
internal br2-external related fragments is no longer working with
make-4.3.
Indeed, an upstream bug report [0] seems to imply that it so far was
working by chance. There has been no further feedback, whether this is
really considered a fix for a previous ill-defined behaviour, or an
actual regression...
In the meantime, we add a workaround, suggested in that same bug report,
that fixes the issue for make 4.3, and that should not break on older
make versions either (verified on all relevant versions: from 3.81,
3.82, 4.0, 4.1, and 4.2).
[0] https://savannah.gnu.org/bugs/?57676
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Mircea Gliga <mgliga@bitdefender.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9e2128bf50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-1010301: jhead 3.03 is affected by: Buffer Overflow. The
impact is: Denial of service. The component is: gpsinfo.c Line 151
ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG
file.
- Fix CVE-2019-1010302: jhead 3.03 is affected by: Incorrect Access
Control. The impact is: Denial of service. The component is: iptc.c
Line 122 show_IPTC(). The attack vector is: the victim must open a
specially crafted JPEG file.
- Fix CVE-2019-19035: jhead 3.03 is affected by: heap-based buffer
over-read. The impact is: Denial of service. The component is:
ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is:
Open a specially crafted JPEG file.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit faf755b491)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9ea528f84b (package/python-nfc: bump to version 0.13.5) changed the
python-nfc package to download from github, so the package no longer needs
bzr on the host.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 06417e97e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to
overwrite arbitrary files via a .. (dot dot) in a zip file, because of
the function unzzip_cat in the bins/unzzipcat-mem.c file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 401d18b2e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in ZZIPlib through 0.13.69. There is a memory
leak triggered in the function __zzip_parse_root_directory in zip.c,
which will lead to a denial of service attack.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ffd556f407)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ad9c33935b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings
beginning with a ! character. NOTE: this is the same commit as for
CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to
a shell metacharacter.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0835550ce9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a
memory leak (CWE-655) in VNC server code, which allow an attacker to
read stack memory and can be abused for information disclosure. Combined
with another vulnerability, it can be used to leak stack memory and
bypass ASLR. This attack appear to be exploitable via network
connectivity. These vulnerabilities have been fixed in commit
d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 05bf029c11)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability
in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b10cee5326)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib
1.11.1 allows remote attackers to cause information disclosure
(heap-based buffer over-read) via a crafted audio file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 70b2411cee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In TagLib 1.11.1, the rebuildAggregateFrames function in
id3v2framefactory.cpp has a pointer to cast vulnerability, which allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted audio file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 85ed0d1c09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building qdoc requires a llvm and clang for the host.
However, there is a limitation in the llvm and clang packages in
Buildroot, which makes it impossible to have a host variant without
a target variant.
So, propagate the dependencies of the target llvm and clang, to ensure
we can only have a host-llvm and -clang packages that are correctly
built.
Note that we do propagate all of the dependencies (instead of just the
architecture part), to be consistent.
Reported-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 546a4e1c1f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
3.0.7:
- CVE-2019-19553: In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS
dissector could crash. This was addressed in
epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object
identifier is set to NULL after a ContentInfo dissection.
3.0.8:
- CVE-2020-7045: In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could
crash. This was addressed in epan/dissectors/packet-btatt.c by validating
opcodes.
3.0.9:
- CVE-2020-9428: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to
2.6.14, the EAP dissector could crash. This was addressed in
epan/dissectors/packet-eap.c by using more careful sscanf parsing.
- CVE-2020-9430: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to
2.6.14, the WiMax DLMAP dissector could crash. This was addressed in
plugins/epan/wimax/msg_dlmap.c by validating a length field.
- CVE-2020-9431: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to
2.6.14, the LTE RRC dissector could leak memory. This was addressed in
epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a
stack-based buffer over-read.
Same patch as for CVE-2017-14160
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- update 0001-*.patch to also reference CVE-2018-10393
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e21730db5c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not
validate the number of channels, which allows remote attackers to cause
a denial of service (heap-based buffer overflow or over-read) or
possibly have unspecified other impact via a crafted file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3321eef6f2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and
Android, has a buffer overflow in the dev_map_read function in
btt/devmap.c because the device and devno arrays are too small, as
demonstrated by an invalid free when using the btt program with a
crafted file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8c0ecc91b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read
has been detected in the pure_strcmp function in utils.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6ef8420dd8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through
2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a
different issue than CVE-2020-6851.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 190964b668)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenJPEG through 2.3.1 has a heap-based buffer overflow in
opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of
opj_j2k_update_image_dimensions validation.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a3b1f2885e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In OpenJPEG 2.3.1, there is excessive iteration in the
opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could
leverage this vulnerability to cause a denial of service via a crafted
bmp file. This issue is similar to CVE-2018-6616.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5934e676f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in
the HTTP request parsing logic. By sending a crafted multipart/form-data
HTTP request, an attacker could exploit this to force shellinaboxd into
an infinite loop, exhausting available CPU resources and taking the
service down.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5553223297)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in Suricata 5.0.0. It is possible to
bypass/evade any tcp based signature by overlapping a TCP segment with a
fake FIN packet. The fake FIN packet is injected just before the PUSH
ACK packet we want to bypass. The PUSH ACK packet (containing the data)
will be ignored by Suricata because it overlaps the FIN packet (the
sequence and ack number are identical in the two packets). The client
will ignore the fake FIN packet because the ACK flag is not set. Both
linux and windows clients are ignoring the injected packet.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2914843b39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
/usr/bin/suricatactl and /usr/bin/suricatasc have their interpreter set
to the path of python in the HOST machine.
Use distutils' option '-e' to specify a better shabang.
[yann.morin.1998@free.fr:
- author did not provide their SoB, but it's simple enough to
not require it for once
- reword commit log
- use git-formatted patch, with a proper commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 061768a040)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666
regardless of the configured umask, leading to disclosure of information
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7d74283309)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream patch to fix CVE-2018-19876: cairo 1.16.0, in
cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a
free function incompatible with WebKit's fastMalloc, leading to an
application crash with a "free(): invalid pointer" error.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 91b150dc33)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input
file can result in an infinite loop and hang, with high CPU consumption.
Remote attackers could leverage this vulnerability to cause a denial of
service via a crafted file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d8be0e4cd4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in
types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory
in crwimage_int.cpp, because there is no validation of the relationship
of the total size to the offset and size.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d383b46ac1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-15682: RDesktop version 1.8.4 contains multiple
out-of-bound access read vulnerabilities in its code, which results in
a denial of service (DoS) condition. This attack appear to be
exploitable via network connectivity. These issues have been fixed in
version 1.8.5
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ffb50125b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
keymaps and save-keymaps require kbd_mode and dumpkeys, respectively, so
remove them if the kbd package is not selected (e.g. devices with serial
console, only).
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr:
- expand to three commands to match the existing hook
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0acd05423d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
