tpm2-tools is commonly used with the resource manager, tpm2-abrmd - But it
CAN be used without, E.G. by setting the TPM2TOOLS_TCTI_NAME environment
variable to communicate directly with the kernel driver:
export TPM2TOOLS_TCTI_NAME=device
Either directly with the TPM device (/dev/tpmN) or through the in-kernel
resource manager provided by Linux kernel since 4.12 (/dev/tpmrmN)
For some use cases (E.G. initramfs) it makes sense to use tpm2-tools
without abrmd, so remove the tpm2-abrmd select, and instead a note in the
help text that it may be needed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7b8feba51d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Overriding variables in packages recipes is an error-prone practice.
Current behavior of installing either only as a script or only as a
binary is intended, as describe in the commit log of "d3e4db4e34
usb_modeswitch: bump to version 1.2.6" from 2013.
Rewrite the code to keep the same behavior while replacing variable
override [1] by conditional assignments [2].
[1]
VAR = ...
if ...
VAR = ...
[2]
if ...
VAR = ...
else
VAR = ...
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e25040d31a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "a554109af8 package/usb_modeswitch: disable parallel build" added
a unicode space in a comment. Replace it with a normal ASCII space for
consistency with elsewhere.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8be8c72c2b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit d1f545004b from 2014
because the added variables already existed. The real problem at the
time was that one of the pre-existent variables had a typo, fixed in a
later commit.
Currently AVRDUDE_LICENSE and AVRDUDE_LICENSE_FILES are declared twice
with the same values for each one. So remove one of them.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Wojciech M. Zabolotny <wzab01@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d6bce837ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since "57ace26b6c package/sdl_sound: add optional support for
libmodplug" from 2016, optional CONF_OPTS are added but they do not
really take effect because there is an unconditional override below the
conditional append.
Currently this does not cause build failures, but it can lead to wrong
detection of dependencies because many explicit --enable/--disable are
not passed to configure.
Fix this by moving the unconditional code to the top.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit df0d7d1371)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "c5b85231fb s6-networking: enable SSL if libressl is selected"
actually dropped the dependency on s6-dns and s6 when libressl is
enabled.
Fix this by using += inside the conditional code.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 30ff614a03)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add backported patches for the following four security issues in libarchive.
There is no new release yet including these patches.
- CVE-2018-1000877 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000877)
"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(),
realloc(rar->lzss.window, new_size) with new_size = 0 that can result in
Crash/DoS. This attack appear to be exploitable via the victim must open a
specially crafted RAR archive."
- CVE-2018-1000878 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000878)
"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c that can result
in Crash/DoS - it is unknown if RCE is possible. This attack appear to be
exploitable via the victim must open a specially crafted RAR archive."
- CVE-2018-1000879 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000879)
"libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards
(release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference
vulnerability in ACL parser - libarchive/archive_acl.c,
archive_acl_from_text_l() that can result in Crash/DoS. This attack appear
to be exploitable via the victim must open a specially crafted archive
file."
- CVE-2018-1000880 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000880)
"libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards
(release v3.2.0 onwards) contains a CWE-20: Improper Input Validation
vulnerability in WARC parser -
libarchive/archive_read_support_format_warc.c, _warc_read() that can result
in DoS - quasi-infinite run time and disk usage from tiny file. This attack
appear to be exploitable via the victim must open a specially crafted WARC
file."
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 17ba24bac1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression
- CVE-2018-16853: Fix S4U2Self crash with MIT KDC build
- CVE-2018-16853: Do not segfault if client is not set
For more info, see the release notes:
https://www.samba.org/samba/history/samba-4.9.4.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mention security impact, add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3cf46525b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The websock_config.h file currently ends up being installed into the
sysroot with a #include "config.h" line but the config.h file does not
get copied into the sysroot. Refactoring the original patch to have the
configure script properly report whether or not SSL support is enabled
without using the config.h file.
Patch has been submitted upstream but may never be merged since upstream
appears to be dead.
https://github.com/payden/libwebsock/pull/38
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f6843a75fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused. [Hank Ibell]
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data. [Stefan Eissing]
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052. [Joe Orton]
For more details, see the CHANGES file:
https://www.apache.org/dist/httpd/CHANGES_2.4.38
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7675863549)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2018-19935: Allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via an empty string in the
message argument to the imap_mail function.
https://www.cvedetails.com/cve/CVE-2018-19935/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other
products, allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via crafted text with
invalid Unicode sequences.
https://nvd.nist.gov/vuln/detail/CVE-2018-15120
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1574dd6d48)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the
function double64_init() in double64.c, which may lead to DoS when playing a
crafted audio file
CVE-2017-17456: The function d2alaw_array() in alaw.c of libsndfile
1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address
0x000000000000), a different vulnerability than CVE-2017-14245
CVE-2017-17457: The function d2ulaw_array() in ulaw.c of libsndfile
1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address
0x000000000000), a different vulnerability than CVE-2017-14246
CVE-2018-13139: A stack-based buffer overflow in psf_memset in common.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a crafted
audio file. The vulnerability can be triggered by the executable
sndfile-deinterleave
CVE-2018-19661: An issue was discovered in libsndfile 1.0.28. There is a
buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a
denial of service
CVE-2018-19662: An issue was discovered in libsndfile 1.0.28. There is a
buffer over-read in the function i2alaw_array in alaw.c that will lead to a
denial of service
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 45014da2b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libmad uses a very old configure script.
When the toolchain lacks C++ and the build machine lacks /lib/cpp, this
old configure script fails because it can't find a C++ preprocessor that
is valid:
checking for arm-buildroot-linux-uclibcgnueabi-g++... no
checking whether we are using the GNU C++ compiler... no
checking whether no accepts -g... no
checking dependency style of no... none
checking how to run the C++ preprocessor... /lib/cpp
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
See `config.log' for more details.
This is yet another case that was tentatively fixed by bd39d11d2e
(core/infra: fix build on toolchain without C++), further amended by
4cd1ab1588 (core: alternate solution to disable C++).
However, this only works on libtool scripts that are recent enough, and
thus we need to autoreconf to get it.
We also need to patch configure.ac so that it does not fail on the
missing, GNU-specific files: NEWS, AUTHORS, and Changelog.
Fixes:
- http://autobuild.buildroot.org/results/6a6aa29295bd70679c3a22a149e79010fa20c1bf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eae18d01ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When linking the host cargo binary, the linker should be told to find
libraries in $(HOST_DIR)/lib, otherwise it will not work libraries
such as libhttp_parser. This was found with per-package directory
support, where the build failed with:
= note: /usr/bin/ld: cannot find -lhttp_parser
collect2: error: ld returned 1 exit status
In order to fix this, instead of passing -L$(HOST_DIR)/lib during the
build of Cargo, we make sure all flags in $(HOST_LDFLAGS) are passed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b5e1b51dd1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- epoll supported since linux-2.5.44/glibc-2.3.2 (see [1])
- dup3 supported since linux-2.6.27/glibc-2.9 (see [2])
- SOCK_CLOEXEC supported on linux (see [3])
- accept4 suppported since linux-2.6.28/glibc-2.10 (see [4])
Fixes [5] apache runtime failure (#11576)
[mpm_event:crit] [pid 173:tid 1996214272] (70023)This function has not been
implemented on this platform: AH00495: Couldn't create a Thread Safe Pollset.
Is it supported on your platform?Also check system or user limits!
[:emerg] [pid 173:tid 1996214272] AH00017: Pre-configuration failed, exiting
[1] http://man7.org/linux/man-pages/man7/epoll.7.html
[2] https://linux.die.net/man/2/dup3
[4] https://linux.die.net/man/2/accept4
[5] https://bugs.busybox.net/show_bug.cgi?id=11576
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7a3b44f445)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While building llvm for the target (x86_64), the build failed due to
path poisoning (-I/usr/include/libxml2) while building NATIVE tools
(i.e for the host). The llvm package tries to build a tool for the host
with the cross-compiler which doesn't work when the paranoid toolchain
wrapper (BR2_COMPILER_PARANOID_UNSAFE_PATH) is enabled.
We know that llvm (target) needs llvm-tablegen and llvm-config built by
host-llvm, but only LLVM_TABLEGEN is provided by llvm.mk. Adding
LLVM_CONFIG_PATH=$(HOST_DIR)/bin/llvm-config for llvm (target)
fixes the path poisoining issue since llvm doesn't build the NATIVE
variant.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Valentin Korenblit <valentinkorenblit@gmail.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d3245ce425)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kconfig build logic uses the HOSTCC variable to find the host
compiler. It makes sense to explicitly pass a value to this variable,
pointing to the host compiler used by Buildroot.
During the kconfig step, host-ccache is not ready (host-ccache is only
a dependency to the configure step of packages), so we use
$(HOSTCC_NOCCACHE).
Packages currently using the kconfig-package fell into two categories:
- Those not passing any HOSTCC value. For such packages, it was the
default host compiler detected by the kconfig build logic that was
used. ccache was therefore never used. With this commit, those
packages will now be using the host compiler detected by
Buildroot. Packages in this situation: at91bootstrap3, barebox,
busybox, swupdate, uclibc, xvisor.
- Those passing a HOSTCC value. Such packages were passing $(HOSTCC),
which doesn't work as host-ccache will not be ready. This commit
does not fix them, as they still override HOSTCC. It will be fixed
in followup commits. Packages in this situation: uboot and
linux. Note that linux was a bit special, because it has a
KCONFIG_DEPENDENCIES on the toolchain package, so in fact
host-ccache was ready.
So practically speaking, this commit does not fix anything, as the two
only problematic packages that use $(HOSTCC) are not fixed. However,
it makes things more correct by explicitly telling kconfig which
compiler to use.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 28aa05dd95)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e04ae696d4 (tpm2-abrmd: fix build with BR2_FORTIFY_SOURCE_1) missed
a backslash in TPM2_ABRMD_CONF_ENV, fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
This release of wolfSSL includes a fix for 1 security vulnerability.
Medium level fix for potential cache attack with a variant of
Bleichenbacher’s attack. Earlier versions of wolfSSL leaked PKCS #1 v1.5
padding information during private key decryption that could lead to a
potential padding oracle attack. It is recommended that users update to the
latest version of wolfSSL if they have RSA cipher suites enabled and have
the potential for malicious software to be ran on the same system that is
performing RSA operations. Users that have only ECC cipher suites enabled
and are not performing RSA PKCS #1 v1.5 Decryption operations are not
vulnerable. Also users with TLS 1.3 only connections are not vulnerable to
this attack. Thanks to Eyal Ronen (Weizmann Institute), Robert Gillham
(University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir
(Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of
Adelaide and Data61) for the report.
The paper for further reading on the attack details can be found at
http://cat.eyalro.net/cat.pdf
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4e1b3c6e9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The start-stop-daemon invocation to start abrmd was missing the -m (make
pidfile) option, causing stop to fail.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 03be1db663)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure script passes -U FORTIFY_SOURCE -D FORTIFY_SOURCE=2 by
default, which conflicts with BR2_FORTIFY_SOURCE_1 as -Werror is used:
<cross>-gcc .. -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 .. -D_FORTIFY_SOURCE=1
<command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
Disable this so the FORTIFY_SOURCE flags in TARGET_CFLAGS (if any) is used
instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8286be2891)
[Peter: adjust variable names for abrmd-1.3.0]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Stack protection is now controlled Buildroot wide with the BR2_SSP_*
options, so disable the explicit -fstack-protector-all so the SSP logic in
the toolchain wrapper is used instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit db828b9192)
[Peter: adjust variable names for abrmd-1.3.0]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building with --enable-hardening (the default), forces -fstack-protector-all
/ FORTIFY_SOURCE=2. These options are now controlled Buildroot wide with
the BR2_SSP_* / BR2_FORTIFY_SOURCE_* options. Disable hardening so the
ssp/fortify settings in the toolchain wrapper / CFLAGS is used instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2bf187c2b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure script passes -U FORTIFY_SOURCE -D FORTIFY_SOURCE=2 by
default, which conflicts with BR2_FORTIFY_SOURCE_1 as -Werror is used:
<cross>-gcc .. -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 .. -D_FORTIFY_SOURCE=1
<command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
Disable this so the FORTIFY_SOURCE flags in TARGET_CFLAGS (if any) is used
instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 223c4fb704)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Stack protection is now controlled buildroot wide with the BR2_SSP_*
options, so disable the explicit -fstack-protector-all so the SSP logic in
the toolchain wrapper is used instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d38bcb9de5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
