Patch to resolve cve-2019-12900 which affects bzip2 versions 1.0.6 and older
More information can be found at
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also add a standard sha256 hash for the package itself.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The bzip.org website is down. Use the Buildroot backup download site.
Remove the website link as there is no clear alternative upstream at
this point.
https://lwn.net/Articles/762264/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
TARGET_MAKE_ENV is not passed to make because it is on a different
line without a backslash.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove the redundant usr/ component of the HOST_DIR paths. Since a
previous commit added a symlink from $(HOST_DIR)/usr to $(HOST_DIR),
everything keeps on working.
This is a mechanical change with
git grep -l '\$(HOST_DIR)/usr' | xargs sed -i 's%\(prefix\|PREFIX\)=\("\?\)\$(HOST_DIR)/usr%\1=\2$(HOST_DIR)%g'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345)
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed
from "prefer static libraries when possible" to "use only static
libraries". The former semantic didn't make much sense, since the user
had absolutely no control/idea of which package would use static
libraries, and which packages would not. Therefore, for quite some
time, we have been starting to enforce that BR2_PREFER_STATIC_LIB
should really build everything with static libraries.
As a consequence, this patch renames BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS, and adjust the Config.in option accordingly.
This also helps preparing the addition of other options to select
shared, shared+static or just static.
Note that we have verified that this commit can be reproduced by
simply doing a global rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
libbz2.so was explicitly built for the host, but was not installed. Install it.
Signed-off-by: David Bachelart <david.bachelart@bbright.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Instead of doing some nasty SED tricks, use a patch that modifies the
bzip2 build system to make it a little bit nicer. Those SEDs were made
differently for the host and target packages, which is contrary to the
logic of not having any difference in the source tree between the host
build and the target build.
This commit also makes sure that bzip2.mk behaves properly in a
BR2_PREFER_STATIC_LIB=y context.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Bump bzip2 to version 1.0.6 to fix CVE-2010-0405
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
In addition to the .so link add a .so.1 link for the target rootfs.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
GENTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.
[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Also simply installation rules a little
[Peter: leave in busybox install fix]
Signed-off-by: Lionel Landwerlin <llandwerlin@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The bzip2 make install target follows symlinks, so if busybox is
enabled and the bzip/bunzip2 applets are installed, bin/busybox will
get overwritten by bzip2.
Fix it by ensuring any previously installed bzip2/bunzip2/bzcat (the
applets available in busybox) are removed before running make install.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Fix a few typos/mistakes introduced in commit ea448fe:
- bzip2 soname is not the same as package version
- It is PKG_INSTALL_STAGING, not PKG_STAGING_INSTALL
- Typo: BZIP2_INSTALL_TARGET_CMDS, not B2IP_INSTALL_TARGET_CMDS
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.
Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
of bzip2 fixes a security issue with bzip2 v.1.0.2. This patch also modifies
the .mk file so that version changes can be acomodated more easily.
http://bugs.uclibc.org/view.php?id=255
