- Drop second patch (already in version)
- Fix CVE-2021-43400: An issue was discovered in gatt-database.c in BlueZ
5.61. A use-after-free can occur when a client disconnects during D-Bus
processing of a WriteValue call.
http://www.bluez.org/release-of-bluez-5-62
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1e48b159dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pause() is defined in glibc since the very early times; it appears in
upstream commit 28f540f45bba (initial import) in 1995 [0].
Bluez has been defining a function named pause() for ages too, since
comit caab74c97542 (media: Implement new callbacks for pass-through
operations) in 2013 [1]
With the recent bump to glibc 2.34.xxx, the build now fails because the
two pause() clash:
profiles/audio/media.c:1284:13: error: conflicting types for 'pause'
1284 | static bool pause(void *user_data)
| ^~~~~
In file included from /tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/bits/sigstksz.h:24,
from /tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/signal.h:328,
from /tmp/instance-0/output-1/per-package/bluez5_utils/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib/gbacktrace.h:36,
from /tmp/instance-0/output-1/per-package/bluez5_utils/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib.h:34,
from profiles/audio/media.c:21:
/tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/unistd.h:489:12: note: previous declaration of 'pause' was here
489 | extern int pause (void);
| ^~~~~
The culprit is indeed glibc 2.34, as can be seen in this result matrix:
\ bluez5_utils
glibc \ 5.60 | 5.61
-------\-------+--------
2.33 | OK | OK
-------+-------+--------
2.34 | KO | KO
Even though we first bumped to glibc 2.34, then to blues5_utils 5.61,
we did not notice build issues with bluez5_utils 5.60 because the two
bumps were too close to each other for the failure to trigger in the
autobuilders.
The underlying reason that pause() is now causing issues with glibc 2.34
is not obvious: glibc is a big beast, and finding such issues is not
easy. However, we can see that the pause() provided by NPTL has been
dropped in favour of the generic one, so maybe this is causing symbol
visibility or weakness to change or something...
We fix that by renaming the local pause() in bluez5_utils with a
namespace-prefix, like some other functions there already have.
Fixes:
- http://autobuild.buildroot.org/results/c4f/c4fbface34be8815838fd7201621d7a8fddd32c5/
- http://autobuild.buildroot.org/results/62b/62b88740f19fbe4a1ad7959dc141d539eb88c1f8/
[0] https://sourceware.org/git/?p=glibc.git;a=commit;h=28f540f45bbacd939bfd07f213bcad2bf730b1bf
[1] caab74c975
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: extend commit log with the glibc culprit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a02927b94a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We define _DEFAULT_SOURCE in mkpasswd.c to suppress a compiler warning.
In file included from /usr/include/x86_64-linux-gnu/bits/libc-header-start.h:33,
from /usr/include/stdio.h:27,
from [...]/buildroot/output/arm64/build/host-mkpasswd/mkpasswd.c:24:
/usr/include/features.h:187:3:
187 | # warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
| ^~~~~~~
As per GLIBC 2.20 release notes[1]:
The _BSD_SOURCE and _SVID_SOURCE feature test macros are no longer
supported; they now act the same as _DEFAULT_SOURCE (but generate a
warning). Except for cases where _BSD_SOURCE enabled BSD interfaces
that conflicted with POSIX (support for which was removed in 2.19),
the interfaces those macros enabled remain available when compiling
with _GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without
any feature test macros defined.
[1] https://lwn.net/Articles/611162/
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9616ade222)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream maintainer, now also maintainer in Buildroot.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit afdd3b2afc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cpe:2.3🅰️kernel:util-linux is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Akernel%3Autil-linux
Inherit the values from util-linux; they really are, and have to be,
the same.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: inherit values from util-linux]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bfe518b068)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 0cfa165948 (package/pkg-utils.mk: introduce "name" field in
show-info output) did what it said, but did so in the generic show-info
part, thus it was also added to filesystems (rootfs), the other kind of
entity that show-info reports on.
Only packages have a "name"; filesystems do not. Instead, they already
have an 'image_name'.
Move the 'name' field to the package-related part of show-info.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 471ecea5ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The unmatched escaped single-quote lies in the middle of a few
function calls, so they too must be fake-closed to properly fix
colour highlighting in some editors.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cba51c7f5a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some packages install nothing in target nor staging, but install images
(like the kernel vmlinux, or a bootloader boot blob...)
If we want to appropriately account for the files installed by each
package, we also need to take images/ into account.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5d00fecb7d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When calling 'printvars', the 'suitable-host-package' macro is printed
(a macro is just a variable like the others, after all, just with some
parameters). Because it is printed as a variable, it is missing its
parameters, but it still tries to evaluate the $(shell) construct.
This causes spurious warning:
make[1]: support/dependencies/check-host-.sh: Command not found
Only try and call the script if there is actually a tool to check for.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 77304e5143)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When calling 'printvars' on a just-configured tree, the output contains
many spurious warnings about pkg-config being not found:
make[1]: [...]/host/bin/pkg-config: Command not found
This is partly because a few packages call pkg-config at the time the
Makefile is parsed (really, right when make evaluates the recipe before
executing it).
It is customary, instead, to defer the call to pkg-config to the actual
shell running the recipe's commands, like all our other packages do.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 22fb4c469b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the build_dir field is reported relative to $(BASE_DIR), to
avoid leaking local paths.
However, BASE_DIR is not a directory that is very convenient: for
in-tree builds, it is $(CONFIG_DIR)/output/, while for out-of-tree
builds, it is $(CONFIG_DIR). This difference is purely an idiosyncracy
of how out-of-tree builds have been implemented in Buildroot, and is
not under the control of the user.
What the user is in control of, however, is where the .config file is
located. This, really, is the directory we should base relative paths
on.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 76c4df324d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-4020: janus-gateway is vulnerable to Improper
Neutralization of Input During Web Page Generation ('Cross-site
Scripting')
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 99d2826e03)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As already done for libglib2 in commit
b094f88a4d, fix girdir to avoid the
following build failure with gst1-plugins-base and introspection:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/riscv32-buildroot-linux-gnu/sysroot/usr/bin/g-ir-compiler gst-libs/gst/tag/GstTag-1.0.gir --output gst-libs/gst/tag/GstTag-1.0.typelib --includedir=/usr/share/gir-1.0
Could not find GIR file 'Gst-1.0.gir'; check XDG_DATA_DIRS or use --includedir
Fixes:
- http://autobuild.buildroot.org/results/d1e2bdde97777ff61c185d375ba412a93e7ca467
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ff420a3195)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2021-30535: Double free in ICU in Google Chrome prior to
91.0.4472.77 allowed a remote attacker to potentially exploit heap
corruption via a crafted HTML page.
https://nvd.nist.gov/vuln/detail/CVE-2021-30535
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f4483f1aab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5.14.x is EOL, so no more updates for that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 64cb922db7)
[Peter: drop 5.15.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-43527: Heap overflow in NSS when verifying DSA/RSA-PSS
DER-encoded signatures
For more details, see the advisory:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop third patch as it is not needed when using compile_et from heimdal
instead of compile_et from e2fprogs as spotted by upstream in:
https://bugzilla.samba.org/show_bug.cgi?id=13856#c20
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5847208213)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
compile_et is not installed anymore by heimdal since version 7.0.1 and
e40ef47b57
So remove the broken symlink and install it manually as it is needed for
samba4 because compile_et provided by e2fsprogs raises a build failure
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 30107f026e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't install compile_et as it raises the following build failure with
samba4 since, at least, bump to version 4.14.7 in commit
630e85f8f5ed64933b45599fc4332d9609177c5c:
source4/heimdal/lib/asn1/asn1_err.c:47:23: error: 'link' redeclared as different kind of symbol
47 | static struct et_list link = { 0, 0 };
| ^~~~
In file included from /home/giuliobenetti/autobuild/run/instance-1/output-1/host/s390x-buildroot-linux-gnu/sysroot/usr/include/bits/sigstksz.h:24,
from /home/giuliobenetti/autobuild/run/instance-1/output-1/host/s390x-buildroot-linux-gnu/sysroot/usr/include/signal.h:328,
from /home/giuliobenetti/autobuild/run/instance-1/output-1/host/s390x-buildroot-linux-gnu/sysroot/usr/include/sys/param.h:28,
from ../../lib/replace/../replace/replace.h:659,
from ../../source4/heimdal_build/config.h:10,
from source4/heimdal/lib/asn1/asn1_err.c:1:
/home/giuliobenetti/autobuild/run/instance-1/output-1/host/s390x-buildroot-linux-gnu/sysroot/usr/include/unistd.h:819:12: note: previous declaration of 'link' was here
819 | extern int link (const char *__from, const char *__to)
| ^~~~
Fixes:
- http://autobuild.buildroot.org/results/d6de6ed59c553f6f413d280f3c65184945bb3850
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dd89074e83)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump to version 3.4.10 in
commit 0ce776942d34d5d3bea6c11913cac38ea3e52f8b:
/usr/bin/ld: cannot find /usr/lib64/libatomic.so.1.0.0
collect2: error: ld returned 1 exit status
make[3]: *** [run/lemon] Error 1
Fixes:
- http://autobuild.buildroot.org/results/02ea7d76a683b039fb37e005578644108bd1e3b7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 76e66240da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes build on an ARM64 host (and I assume also
other non-x86).
Signed-off-by: Urja Rannikko <urjaman@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e938419bd9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update fourth patch to add girdir in gio-2.0.pc. This will fix the
following build failure with libnice raised since commit
aade2fd293fc8a13bc5665fa70a4002ddac9aae6:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/riscv32-buildroot-linux-gnu/sysroot/usr/bin/g-ir-compiler nice/Nice-0.1.gir --output nice/Nice-0.1.typelib --includedir=/usr/share/gir-1.0
Could not find GIR file 'GObject-2.0.gir'; check XDG_DATA_DIRS or use --includedir
Fixes:
- http://autobuild.buildroot.org/results/3088ef32b03e0bb984291b1227b187f1ff816eb7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2c916b400b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-3973: vim is vulnerable to Heap-based Buffer Overflow
- Fix CVE-2021-3974: vim is vulnerable to Use After Free
- Fix CVE-2021-3968: vim is vulnerable to Heap-based Buffer Overflow
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5377ff1933)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that our pipelines are using the Docker image from the Gitlab
registry, there is no longer any reason to push the image to the
Docker hub.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 37004bde66)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On a properly setup machine, it is totally useless to use sudo to run
docker; it is very bad practice. Instead, users really should add
themselves to the docker group.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9f6a2dbe03)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the
server allows attackers to upload files of unbounded size, which may
lead to denial of service or a server hang. This occurs because a
certain greater-than-zero test does not anticipate an initial -1 value.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4fd5d8df2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Support configurable limit on depth of JSON parsing (possible DoS issue)
https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d317b76458)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an
mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted
input, leading to a segmentation fault on 32-bit platforms.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9d0536d82d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ad2b4b8cc7)
[Peter: drop 5.14.x / 5.15.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since the addition of
introspection in commit 3915e17e7734ee3abe088d4ce1893eecd7cc4663:
/home/giuliobenetti/autobuild/run/instance-1/output-1/host/bin/../riscv32-buildroot-linux-gnu/sysroot/usr/bin/g-ir-compiler -l `/usr/bin/sed -nE "s/^dlname='([A-Za-z0-9.+-]+)'/\1/p" libgee-0.8.la` -o Gee-0.8.typelib Gee-0.8.gir libgee-0.8.la
Could not find GIR file 'GObject-2.0.gir'; check XDG_DATA_DIRS or use --includedir
error parsing file Gee-0.8.gir: Failed to parse included gir GObject-2.0
Fixes:
- http://autobuild.buildroot.org/results/884faa0f84c8dc43ed1ca6cde9caf21c731a4b35
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a4bf020e8c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since version 10.1 and
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=9a665d62266e75f0519f3a663784c458885b5c63:
CXXLD libinproctrace.so
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i586-buildroot-linux-musl/9.3.0/../../../../i586-buildroot-linux-musl/bin/ld: gdbsupport/tdesc-ipa.o: in function `print_xml_feature::visit(tdesc_type_builtin const*)':
/home/buildroot/autobuild/instance-2/output-1/build/gdb-10.2/build/gdbserver/../../gdbserver/../gdbsupport/tdesc.cc:310: undefined reference to `libintl_gettext'
Fixes:
- http://autobuild.buildroot.org/results/faacc874fe9d32b74cb3d3dea988ef661cb0e3d0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2da1267c1e)
[Peter: drop 11.1 patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
"Path to to out-of-tree..." -> "Path to the out-of-tree..."
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8f3e2a6678)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a small bugfix release, read the announcement on
https://mosquitto.org/blog/2021/11/version-2-0-14-released/
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 98372c5444)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Starting with uboot 2021.10, with upstream commit 473fc279c89 (kconfig /
kbuild: Re-sync with Linux 4.20), the kconfig in uboot now needs the
compiler to detect its features.
Like was done for linux in 3fc990a798 (linux: kconfig needs the
toolchain) and barebox in 1c1a629d81 (boot/barebox: kconfig needs the
toolchain), add the toolchain to the kconfig dependencies of uboot.
Reported-by: Davian on IRC
Reported-by: Xogium on IRC
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c224e7e5c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This defconfig uses arm-trusted-firmware version 1.5 which fails since
commit eacf7a1d0b ("package/gcc: switch to
gcc 10.x as the default").
Backport a patch from v2.2 to fix the build.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/1768915296
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5b115aff1a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set license to BSD-2-Clause instead of BSD-2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit eaaa756bbe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
License is BSD-3-Clause since the addition of the package in commit
e96c1b244e and
a1c8a50ce7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit df729d9c25)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As stated on www.pcre.org:
"Note that the former ftp.pcre.org FTP site is no longer available."
Update _SITE URL to Sourceforge.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 236385c50f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Various security, performance, accuracy and stability issues have been
fixed, including two TCP evasion issues. CVE 2021-37592 was assigned.
https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 33edb17410)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Do the same as commit "12c01079bd package/stress-ng: bump to version
0.13.05" did for 2022.02 but without the version bump.
The project URL returns 404 error because:
Quoting Coling King:
"Unfortunately when I left Canonical last week they removed my tarballs"
So use github and update hash.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Ricardo: do not bump the version.
There will be no version clash at sources.buildroot.net since the file
format changed]
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We get newer CA certificates, to get rid of the annoying issues with the
now-expired Let's Encrypt root certificate.
Suggested-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Tested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current stretch image we are using on the maintenance branches still
has the old Let's Encrypt certificate that expired a few weeks ago,
causign a lot of download errors:
Suggested-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following per-package build failure with apache:
/home/buildroot/autobuild/instance-3/output-1/per-package/apparmor/host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/../../usr/build-1/libtool --silent --mode=link /home/buildroot/autobuild/instance-3/output-1/per-package/apparmor/host/bin/aarch64-linux-gcc -o mod_apparmor.la -rpath /usr/modules -module -avoid-version mod_apparmor.lo -L/home/buildroot/autobuild/instance-3/output-1/per-package/apparmor/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/lib -lapparmor
/home/buildroot/autobuild/instance-3/output-1/per-package/apache/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-buildroot-linux-gnu/9.3.0/../../../../aarch64-buildroot-linux-gnu/bin/ld: cannot find /lib64/libc.so.6
This build failure is raised because the fix added by commit
3c836e5420 was incomplete as the apr
special libtool script was not patched (see commit
b747c29c4e for a detailled explanation)
Fixes:
- http://autobuild.buildroot.org/results/6747b1cb11b129ea4bcb1ecc9645e94fb8e095e8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8bd40a0303)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
isl.gforge.inria.fr no longer responds and the main site is now at
sourceforge.io. This change corresponds to the upstream commit that
updates the documentation [1].
[1] https://repo.or.cz/isl.git/commitdiff/002820d725479b456c97ca9b0d59d6b3e18f7ee4
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 748b7878e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop fourth patch and disable objcopy as suggested by upstream in
https://bugs.ghostscript.com/show_bug.cgi?id=704442#c2
This will also fix the following build failure on sparc and xtensa:
OBJCOPY build/release/resources/fonts/urw/Dingbats.cff.o
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc64-buildroot-linux-gnu/9.3.0/../../../../sparc64-buildroot-linux-gnu/bin/ld: --relax and -r may not be used together
While at it, drop MUPDF_DISABLE_OPENGL and use the new MUPDF_MAKE_OPTS
variable
Fixes:
- http://autobuild.buildroot.org/results/e64d456174a0f701c0e0de68317debcdc429a660
- http://autobuild.buildroot.net/results/0945f305d31530677282f38fa7c99af5295d47bd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit cf8900b063)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The server does not support TLS v1.2, causing dowloads to fall back to
sources.buildroot.net. Mail sent to the project owner bounces, so it
looks like this issue will not be solved anytime soon.
Switch to HTTP, like was done in commit 399ad854cc (package/mksh:
fix project URL in Config.in) for the homepage, and rely on our hashes
to verify the integrity and authenticity of the download.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
[yann.morin.1998@free.fr: slight rewording in the commit message]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0e83706aa1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It's http://www.mirbsd.org/mksh.htm
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 399ad854cc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The old U-Boot version used does not build with hostcc >= 10. Backport a
patch fixing that issue. Same goes for Linux so let's backport a patch for
it too.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1758966188
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 31bce3d6fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes https://gitlab.com/buildroot.org/buildroot/-/jobs/1758966041
The old U-Boot version used does not build with hostcc >= 10. Backport a
patch fixing that issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4074fbd0aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes https://gitlab.com/buildroot.org/buildroot/-/jobs/1758966307
The old U-Boot version used does not build with hostcc >= 10. Backport a
patch fixing that issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2d6a5a0cc7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/1758965994
To correct a build breakage after the move to a gcc 10.x based host
compiler, as the updated kernel contains a fix for:
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e33a814e772cdc36436c8c188d8c42d019fda639
Also correct a mistake in the kernel headers version comment.
Build-tested only.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f66785d8c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, when BR2_LINUX_KERNEL_INSTALL_TARGET=y is selected, issuing
a "saveenv" command in the U-Boot prompt may lead to rootfs corruption.
When BR2_LINUX_KERNEL_INSTALL_TARGET is not selected, then
board/freescale/common/imx/genimage.cfg.template is used as per the logic
inside board/freescale/common/imx/post-image.sh.
board/freescale/common/imx/genimage.cfg.template correctly puts the
rootfs at a safe offset.
With BR2_LINUX_KERNEL_INSTALL_TARGET=y, then
board/freescale/common/imx/genimage.cfg.template_no_boot_part or
board/freescale/common/imx/genimage.cfg.template_no_boot_part_spl
are used and no offset to the rootfs is given, which may cause U-Boot
environment area to write into the rootfs area, causing the rootfs
corruption.
Avoid this problem by placing the rootfs at an 8MB offset, just like
it is done in board/freescale/common/imx/genimage.cfg.
Tested on a imx6qp-wandboard and also on a custom imx6ull based board.
"saveenv" does not corrupt the rootfs anymore after this change.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0351a60b95)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (for details see [1]):
- Fix memory leak generated by last node not being freed.
[1] https://github.com/RidgeRun/gst-interpipe/releases/tag/1.1.7
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 056e84b713)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libffi supports ARC since commit 34c2afeb75 ("libffi: back-port support
for ARC") in 2014.
Add nds32 and ARMv7-M to the list.
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fb89f86349)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
genrandconfig is used by the Buildroot autobuilders to generate
semi-random configurations that we build test. As part of this, we use
"make randpackageconfig" to randomize the selection of packages,
together with a KCONFIG_PROBABILITY value, which indicates the
probabibility for each option to be enabled. This probability is
itself randomized, between 1% and 30% for every build.
However, with our increasing number of packages (over 2900), when we
use a 30% probability for options to be enabled, it means a *lot* of
options are enabled, causing very large configurations to be
tested. These configurations are not very realistic, and they take
ages to build on our autobuilders: we have builds that take 4, 5 or
even 7 hours to build.
In order to test a larger number of configurations and therefore a
larger variety of configurations, this commit reduces the maximum
probability to 20%.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0e64537917)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add myself as co-maintainer of SMCRoute in Buildroot, handy since I'm
the upstream maintainer anyway.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 96e2fccd9c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The heuristic to extract the various variables of interest is pretty
crude: we filter on variables ending with certain suffixes (like
'%_VERSION' to get the version strings).
However, in doing so, we may dump variables that are not actual package
versions (especially with br2-external trees), and those may contain one
or more equal sign. And anyway, an actual package version string may
very well contain an equal sign too.
But the current situation is that the output of 'printvars' is split on
all equal signs, which will not fit in the 2-tuple we assign the result,
thus causing an exception.
Fix that by limiting to a single split.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b919d5dbba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9c068b4be8 (package/glmark2: fix wayland build) extended the set
of required libraries for various "flavor" options by selecting those
libraries from the blind options.
However, those blind options are true as soon as their requirements are
met (the depends on), even when glmark2 itself is not enabled.
This means that extra libraries are pulled in to the build, even when
not required.
We fix that by moving the actual selects to the main symbol, along with
the proper conditions. This means that we have two lines that select
wayland-protocols, under two different conditions; we could make that a
single select, but the condition would need to be on two lines anyway,
so meh...
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4a36af9450)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc 4.8 raised since the addition
of the package in commit c23612b5db036fe89accb8db48690d1ce1be4b1b:
In file included from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/src/cap_ffmpeg_impl.hpp💯0,
from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/src/cap_ffmpeg.cpp:50:
/home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/src/cap_ffmpeg_hw.hpp: In constructor 'HWAccelIterator::HWAccelIterator(cv::VideoAccelerationType, bool, AVDictionary*)':
/home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/src/cap_ffmpeg_hw.hpp:939:23: error: use of deleted function 'std::basic_istringstream<char>& std::basic_istringstream<char>::operator=(const std::basic_istringstream<char>&)'
s_stream_ = std::istringstream(accel_list);
^
In file included from /home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/arm-none-linux-gnueabi/include/c++/4.8.3/complex:45:0,
from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/core/include/opencv2/core/cvstd.inl.hpp:47,
from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/core/include/opencv2/core.hpp:3306,
from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/include/opencv2/videoio.hpp:46,
from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/src/precomp.hpp:57,
from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/src/cap_ffmpeg.cpp:42:
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/arm-none-linux-gnueabi/include/c++/4.8.3/sstream:272:11: note: 'std::basic_istringstream<char>& std::basic_istringstream<char>::operator=(const std::basic_istringstream<char>&)' is implicitly deleted because the default definition would be ill-formed:
class basic_istringstream : public basic_istream<_CharT, _Traits>
^
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/arm-none-linux-gnueabi/include/c++/4.8.3/sstream:272:11: error: use of deleted function 'std::basic_istream<char>& std::basic_istream<char>::operator=(const std::basic_istream<char>&)'
Fixes:
- http://autobuild.buildroot.org/results/60f8846b435dafda0ced412d59ffe15bdff0810d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0f7761b6f9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since gdb 10.1 and
bf84f70666:
../../gdbserver/linux-riscv-low.cc: In function 'void riscv_fill_fpregset(regcache*, void*)':
../../gdbserver/linux-riscv-low.cc:140:19: error: 'ELF_NFPREG' was not declared in this scope; did you mean 'ELF_NGREG'?
140 | for (i = 0; i < ELF_NFPREG - 1; i++, regbuf += flen)
| ^~~~~~~~~~
| ELF_NGREG
musl fixed the issue with
e5d2823631
Fixes:
- http://autobuild.buildroot.org/results/16b19198980ce9c81a618b3f6e8dc9fe28247a28
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: use upstream repository for commit references]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9d77dae557)
[Peter: drop 11.1 patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-3928: vim is vulnerable to Stack-based Buffer Overflow
- Drop patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9f42504d6d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mosquitto v2.0.13 is bugfix release, read the announcement on
https://mosquitto.org/blog/2021/10/version-2-0-13-released/
Also update the checksum of license files, which have been whitespace-trimmed
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a7ac3f0a4a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently when a tag is added to the Buildroot git tree, the gitlab-ci
create a pipeline with several hundred of jobs (~750) to build all
defconfigs and execute the Buildroot testsuite.
However, there is only a limited number of gitlab-ci runner (9 runners)
and some jobs reach the timeout limit (24h) while waiting for a runner
[1]. Indeed, the Buildroot project doesn't use the Gitlab's shared
runners.
In addition to the pipeline created when a new tag is added to the
git repository, two pipelines are created each weeks to execute the
Buildroot testsuite (on monday [2]) and build all defconfigs (on
Thursday [3]).
At some point there are too many jobs waiting in gitlab due board
defconfigs builds. Indded a board defconfig requires a lot of time
(~30min) compared to other jobs in order to build a toolchain and a
kernel linux along with a basic rootfs. There is currently 262
defconfigs.
This is even worse when several pipelines are trigged at the same
time (new git tag and scheduled pipeline trigger).
In order to reduce the number of long jobs, don't build board
defconfigs with pipelines trigged on tag, keeping only the runtime
tests and the Qemu's defconfigs.
[1] https://gitlab.com/buildroot.org/buildroot/-/jobs/1758966541
[2] https://gitlab.com/buildroot.org/buildroot/-/pipelines/404035190
[3] https://gitlab.com/buildroot.org/buildroot/-/pipelines/401685550
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8ea6eead60)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As found out by Yann [1], binutils will use its bundled copy of zlib,
whether it is already provided by the system or not, and unless
explicitly told to use the system zlib with --with-system-zlib, which
is available since version 2.21 and
700d40ca16
This will fix the following build failure with oprofile when compiling
in a static configuration where zlib is not enabled:
checking for bfd_openr in -lbfd... no
checking for compress in -lz... no
configure: error: libz library not found; required by libbfd
As found out by Arnout [1], this fails infrequently because static is
already pretty rare, but in addition zlib is almost always selected by
some other package.
Fixes:
- http://autobuild.buildroot.org/results/0e1d16dfbb455a08db80ac5d35613908c3b4163f
[1] https://patchwork.ozlabs.org/project/buildroot/patch/20211030214734.2154583-1-fontaine.fabrice@gmail.com/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- reword the explanations about the system zlib
- extend the oprofile example with static and !zlib
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a3c1ba68f4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We don't want to allow meson to download wrap dependencies as this
bypasses buildroot's dependency resolution.
This is badly documented in the meson manual, but there is at least
an FAQ that refers to it:
https://mesonbuild.com/FAQ.html#does-wrap-download-sources-behind-my-back
Meson has a option called wrap-mode which can be used to disable
wrap downloads altogether with --wrap-mode=nodownload.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: add pointer to FAQ]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 12ba356365)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override LIBDNET_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ea21670ee8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override GLOG_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1f9e65b2f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override UBOOT_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9de2c792e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override RCW_SMARC_SAL28_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7d653a7abd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override GPU_AMD_BIN_MX51_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7c9e88120d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override ALSA_LIB_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5a3165e097)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable the runtime testing by adding the tag in the readme.txt
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Dick Olsson <hi@senzilla.io>
Reviewed-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0bd07a0cc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Cortex-a53 is not a vaild CPU supported by the SBSA reference machine
[0], so qemu fails to boot in our current defconfig:
qemu-system-aarch64: sbsa-ref: CPU type other than the built-in cortex-a57 not supported
Use ARM cortex-a57 which is the CPU that SBSA was meant to emulate [1]
[0] https://git.qemu.org/?p=qemu.git;a=commitdiff;h=4f335a6381f83beb5d6ac0d3993514379454a99d
[1] https://git.qemu.org/?p=qemu.git;a=commitdiff;h=64580903c2b3aee08d74d64e6248a313b246cb69
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Dick Olsson <hi@senzilla.io>
Reviewed-by: Dick Olsson <hi@senzilla.io>
[yann.morin.1998@free.fr: update the commit log with info from Dick]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 17c516d67a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-41103: Insufficiently restricted permissions on plugin
directories
https://github.com/advisories/GHSA-c2h3-6mxw-7mvq
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override LUA_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bb0ca7f32e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override ARMADILLO_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 05fb75e495)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override KEXEC_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7f1fa3b615)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override IUCODE_TOOL_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0be1b16269)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override DVB_APPS_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e2b6861fe0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override SOCKETCAND_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2bb820cb9e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit aaca5fa971 forgot to drop
autoreconf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c4b312914f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
refpolicy patches are for upstream version but when using a custom version
from git they may fail to apply.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1734417630
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The test_jffs2 test fail for the same reason as test_ubi test with qemu >= 2.9
due to a qemu 2.8 bug. See commit d8447c38f5.
Divide the erase block size by two.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1687590514
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d2f92512f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This option only exists in main and is not in a release.
Fixes:
output/build/weston-9.0.0/meson.build:1:0: ERROR: Unknown options: "launcher-libseat"
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0f1bce7b73)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The entry seems to have been renamed slightly.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eb2a5cc9e6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable unit tests which are enabled by default if cmocka is found since
the addition of the package in commit
1d2bb46907
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ab721dc460)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libcap is an optional dependency which is enabled by default since the
addition of the package in commit
1d2bb46907
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 33160aeeb4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override RSH_REDONE_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d525300021)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override ESPEAK_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 70195ea004)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't override APCUPSD_DEPENDENCIES in a conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c82676211)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix hotplug build which fails since the addition of the package in
commit d959966b41
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ae4198abf4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dahdi-linux needs a linux with CRC CCITT since the addition of the
package in commit d959966b41 as stated in
the README:
- CONFIG_CRC_CCITT must be enabled ('y' or 'm'). On 2.6 kernels this can
be selected These can be selected from the "Library Routines" submenu
during kernel configuration via "make menuconfig".
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b22ec4bd95)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-40114: Multiple Cisco products are affected by a
vulnerability in the way the Snort detection engine processes ICMP
traffic that could allow an unauthenticated, remote attacker to cause a
denial of service (DoS) condition on an affected device. The
vulnerability is due to improper memory resource management while the
Snort detection engine is processing ICMP packets. An attacker could
exploit this vulnerability by sending a series of ICMP packets through
an affected device. A successful exploit could allow the attacker to
exhaust resources on the affected device, causing the device to reload.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UUhttps://www.snort.org/downloads/snort/changelog_2.9.18.1.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5afa2320ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenJDK 17 is a new LTS release, which leaves the Buildroot Config option of
"LTS" and "LATEST" as a misnomer because both 11 and 17 are LTS releases.
There are two options in this case:
1) Remove "LATEST" and update OpenJDK 11 to 17, and only support 17.
2) Change "LTS" to "11" and "LATEST" to "17" and only support the latest 2 LTS
OpenJDK releases.
After some discussion with Thomas Petazzoni and Peter Korsgaard, and testing,
option 2 is the best course of action for a few reasons:
- OpenJDK 11 and 17 have very long support cycles:
- OpenJDK 11 has two years of Active and five years of security support left.
- OpenJDK 17 has five years of Active and ten years of security support left.
- Both OpenJDK versions build with the same parameters.
- The maintenance cost of both versions is meager.
- Both versions pass tests.package.test_openjdk without issue.
Changes:
- Change BR2_OPENJDK_VERSION_LATEST -> BR2_OPENJDK_VERSION_17
- Change BR2_OPENJDK_VERSION_LTS -> BR2_OPENJDK_VERSION_11
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Peter: add Config.in.legacy, use BR2_PACKAGE_OPENJDK_ prefix]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a610bf9967)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.16.10 (released 2021-11-04) includes security fixes to the archive/zip
and debug/macho packages, as well as bug fixes to the compiler, linker,
runtime, the misc/wasm directory, and to the net/http package.
https://golang.org/doc/devel/release#go1.16.minor
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with uclibc raised since bump to version
8.2.3565 in commit 5650439b92 and
0a7984af56:
In file included from vim.h:27,
from fileio.c:14:
fileio.c: In function 'time_differs':
auto/config.h:149:22: error: 'stat_T' {aka 'struct stat'} has no member named 'st_mtim'; did you mean 'st_mtime'?
149 | #define ST_MTIM_NSEC st_mtim.tv_nsec
| ^~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/2132f9aa1b0bc618c91f7bf44fbd1b71b9d6ba05
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0b518033e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail is no longer responding:
** Address not found **
Your message wasn't delivered to mirza.krak@northern.tech because the address couldn't be found, or is unable to receive mail.
Learn more here: https://support.google.com/mail/?p=NoSuchUser
The response from the remote server was:
550 5.1.1 The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces. Learn more at https://support.google.com/mail/?p=NoSuchUser bi21si292758edb.0 - gsmtp
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2b2478dfdb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 377aa3b117)
[Peter: drop 5.14.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add Giulio Benetti to all Olimex Allwinner boards' defconfigs since I've
recently updated and tested them all and I'd like to receive possible
build failure from gitlab CI/CD.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1b31b4b9ce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since I'm the upstream maintainer, it'd be nice to get Cc:ed on any
issues with the package.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6e3c73bcaf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit
40bb37bd70 ("utils/getdeveloperlib.py:
use relative paths for files"), the Developer class was changed to use
relative paths, including for its .hasfile() method.
However the check_developers() function of getdeveloperlib.py was not
updated accordingly, and continued to pass absolute paths. This caused
"get-developers -c" to return the entire list of files in Buildroot as
being unmaintained, as none of them were matching the file listed in
the DEVELOPERS file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 79cba4056b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Python 3.x, check_output() returns a "bytes" array, and not a
string. Its result needs to be decoded to be turned into a
string. Without this fix, "get-developers -c" bails out with:
Traceback (most recent call last):
File "/home/thomas/projets/buildroot/./utils/get-developers", line 105, in <module>
__main__()
File "/home/thomas/projets/buildroot/./utils/get-developers", line 53, in __main__
files = getdeveloperlib.check_developers(devs)
File "/home/thomas/projets/buildroot/utils/getdeveloperlib.py", line 280, in check_developers
files = subprocess.check_output(cmd).strip().split("\n")
TypeError: a bytes-like object is required, not 'str'
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 53da6a7c05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-25219: Lame cache can be abused to severely degrade resolver
performance
For details, see the advisory:
https://kb.isc.org/docs/cve-2021-25219
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4e4bf1cf09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This option is only available in master and not any release.
Fixes:
output/build/libpsl-0.21.1/meson.build:1:0: ERROR: Unknown options: "docs"
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit bcde80febd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove efi-ldsdir meson config option which is no longer used.
Meson config variable systemd-analyze is renamed to analyze.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 63b3a3c6d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current documentation was poorly organized, with for example the
"Here is an example walk through of running a test case" sentence
followed by the explanation of how to list available test cases, but
not how to run one.
Many other aspects of the wording were confusing, or not really
accurate.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a9dc2de551)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current Gitlab CI mechanism allows to trigger all tests in a CI
pipeline by pushing a branch named <something>-runtime-tests, or to
trigger a single test in a CI pipeline by pushing a branch name
<something>-tests.<name of test>.
However, there are cases where it is useful to run a suite of tests,
for example to run all tests in tests.init.test_busybox.
This commit makes that possible by extending the current semantic of
<something>-tests.<name of test> to not expect a complete test name,
but instead to accept all tests that starts with the given pattern.
This allows to do:
git push gitlab HEAD:foobar-tests.init.test_busybox.TestInitSystemBusyboxRo
like it was the case before. But it now also allows to do:
git push gitlab HEAD:foobar-tests.init.test_busybox
to run all Busybox tests.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 23186356a1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The directory that containts tests is "support/testing/tests/", not
"supporting/testing/test".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 18bbeefb99)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cc26ee8e1b)
[Peter: drop 5.14.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
output/build/pango-1.48.10/meson.build:1:0: ERROR: Unknown options: "use_fontconfig"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 15a7be2c12)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
output/build/gst1-vaapi-1.18.5/meson.build:1:0: ERROR: Unknown options: "test"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d352ae7121)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
output/build/gst1-plugins-ugly-1.18.5/meson.build:1:0: ERROR: Unknown options: "examples"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c98ca5f44f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix teletextdec name and remove vdpau which is no longer available.
Fixes:
output/build/gst1-plugins-bad-1.18.5/meson.build:1:0: ERROR: Unknown options: "teletextdec, vdpau"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 87505ba947)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fixed a denial-of-service vulnerability in the gmp plugin that was
caused by an integer overflow when processing RSASSA-PSS signatures
with very large salt lengths. This vulnerability has been registered
as CVE-2021-41990.
- Fixed a denial-of-service vulnerability in the in-memory certificate
cache if certificates are replaced and a very large random value
caused an integer overflow. This vulnerability has been registered as
CVE-2021-41991.
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).htmlhttps://github.com/strongswan/strongswan/blob/5.9.4/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c12e8a15f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-27347: Use after free in lzma_decompress_buf function in
stream.c in Irzip 0.631 allows attackers to cause Denial of Service
(DoS) via a crafted compressed file.
- Fix CVE-2021-27345: A null pointer dereference was discovered in
ucompthread in stream.c in Irzip 0.631 which allows attackers to cause
a denial of service (DOS) via a crafted compressed file.
- Fix CVE-2020-25467: A null pointer dereference was discovered
lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker
to cause a denial of service (DOS) via a crafted compressed file.
- lz4 is a mandatory dependency since version 0.640 and
3345a239b77f3bf46203...v0.641
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3332c143c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-3872: vim is vulnerable to Heap-based Buffer Overflow
Fix CVE-2021-3875: vim is vulnerable to Heap-based Buffer Overflow
https://github.com/vim/vim/compare/v8.2.3432...v8.2.3565
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5650439b92)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use LICENSE file which is available since version 8.2.0105 and
c838626fea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1f5ed26e18)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
The http parser accepts requests with a space (SP) right after the header
name before the colon. This can lead to HTTP Request Smuggling (HRS).
- CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
The http parser ignores chunk extensions when parsing the body of chunked
requests. This leads to HTTP Request Smuggling (HRS) under certain
conditions.
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- disable doc generation (via sphinx) for host build
Reduces host-qemu build time from (on a system with sphinx installed):
real 2m5,522s
user 9m41,292s
sys 1m9,732s
to:
real 1m9,183s
user 8m40,131s
sys 1m9,533s
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit df857f6e0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Seen with the IconvGNU transcoder when parsing "<aaa.xsdopengis.net/gml\x96".
The reason is that XMLString::transcode(repText2, manager) throws a TranscodingException
which causes the tmp1 string to leak.
Upstream: 1bdf6d8ba8
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a2c02a8c2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
16.15.0:
- ASTERISK-29057: pjsip: Crash on call rejection during high load
16.15.1:
- AST-2020-003: Remote crash in res_pjsip_diversion
A crash can occur in Asterisk when a SIP message is received that has a
History-Info header, which contains a tel-uri.
https://downloads.asterisk.org/pub/security/AST-2020-003.pdf
- AST-2020-004: Remote crash in res_pjsip_diversion
A crash can occur in Asterisk when a SIP 181 response is received that has
a Diversion header, which contains a tel-uri.
https://downloads.asterisk.org/pub/security/AST-2020-004.pdf
16.16.0:
- ASTERISK-29219: res_pjsip_diversion: Crash if Tel URI contains History-Info
16.16.1:
- AST-2021-001: Remote crash in res_pjsip_diversion
If a registered user is tricked into dialing a malicious number that sends
lots of 181 responses to Asterisk, each one will cause a 181 to be sent
back to the original caller with an increasing number of entries in the
“Supported” header. Eventually the number of entries in the header
exceeds the size of the entry array and causes a crash.
https://downloads.asterisk.org/pub/security/AST-2021-001.pdf
- AST-2021-002: Remote crash possible when negotiating T.38
When re-negotiating for T.38 if the initial remote response was delayed
just enough Asterisk would send both audio and T.38 in the SDP. If this
happened, and the remote responded with a declined T.38 stream then
Asterisk would crash.
https://downloads.asterisk.org/pub/security/AST-2021-002.pdf
- AST-2021-003: Remote attacker could prematurely tear down SRTP calls
An unauthenticated remote attacker could replay SRTP packets which could
cause an Asterisk instance configured without strict RTP validation to
tear down calls prematurely.
https://downloads.asterisk.org/pub/security/AST-2021-003.pdf
- AST-2021-004: An unsuspecting user could crash Asterisk with multiple
hold/unhold requests
Due to a signedness comparison mismatch, an authenticated WebRTC client
could cause a stack overflow and Asterisk crash by sending multiple
hold/unhold requests in quick succession.
https://downloads.asterisk.org/pub/security/AST-2021-004.pdf
- AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver
Given a scenario where an outgoing call is placed from Asterisk to a
remote SIP server it is possible for a crash to occur.
https://downloads.asterisk.org/pub/security/AST-2021-005.pdf
16.16.2:
- AST-2021-006: Crash when negotiating T.38 with a zero port
When Asterisk sends a re-invite initiating T.38 faxing and the endpoint
responds with a m=image line and zero port, a crash will occur in
Asterisk.
This is a reoccurrence of AST-2019-004.
https://downloads.asterisk.org/pub/security/AST-2021-006.pdf
16.17.0:
- ASTERISK-29203 / AST-2021-002 — Another scenario is causing a crash
- ASTERISK-29260: sRTP Replay Protection ignored; even tears down long calls
- ASTERISK-29227: res_pjsip_diversion: sending multiple 181 responses causes
memory corruption and crash
16.19.1:
- AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver
When Asterisk receives a re-INVITE without SDP after having sent a BYE
request a crash will occur. This occurs due to the Asterisk channel no
longer being present while code assumes it is.
https://downloads.asterisk.org/pub/security/AST-2021-007.pdf
- AST-2021-008: Remote crash when using IAX2 channel driver
If the IAX2 channel driver receives a packet that contains an unsupported
media format it can cause a crash to occur in Asterisk.
https://downloads.asterisk.org/pub/security/AST-2021-008.pdf
- AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during
handshake
Depending on the timing, it’s possible for Asterisk to crash when using a
TLS connection if the underlying socket parent/listener gets destroyed
during the handshake.
https://downloads.asterisk.org/pub/security/AST-2021-009.pdf
16.20.0:
- ASTERISK-29415: Crash in PJSIP TLS transport
- ASTERISK-29381: chan_pjsip: Remote denial of service by an authenticated
user
In addition, a large number of bugfixes.
Drop now upstreamed
0006-AC_HEADER_STDC-causes-a-compile-failure-with-autoconf-2-70.patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 289a15f33b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump of autoconf to version
2.71 in commit ecd54b65c1f998a7ccd91f7c523e4ff38c4781da:
configure: error: *** ANSI C header files not found.
Fixes:
- http://autobuild.buildroot.org/results/e7dc47da7863a5dc492154f620c4fcebafccf6ea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ae68285509)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-41159: Improper client input validation for gateway
connections allows to overwrite memory
- Fix CVE-2021-41160: Improper region checks in all clients allow out of
bound write to memory
https://github.com/FreeRDP/FreeRDP/releases/tag/2.4.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f5dc5f47f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- the last version bump of package/python-cffi (790c10d) ignored
the comment 'Please keep in sync with package/python3-cffi/python3-cffi.mk',
so catch up now
Fixes:
ERROR: No hash found for cffi-1.14.2.tar.gz
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 777b1f9135)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Link with -latomic if needed to avoid the following build failure since
bump to version 2.0.1 in commit 0f8d4a6ecd
and
5528267b54:
/tmp/instance-0/output-1/per-package/gensio/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: ../lib/.libs/libgensio.so: undefined reference to `__atomic_fetch_add_4'
Fixes:
- http://autobuild.buildroot.org/results/2114f9cb3d820fc620932e793f53341a0c1f10bc
- http://autobuild.buildroot.org/results/c1b397eea1c2eda19149844cec4a87d55651862d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 92f367b474)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The pkg-stats script queries release-monitoring.org to find the latest
upstream versions of our packages. However, up until recently,
release-monitoring.org had no notion of stable
vs. development/release-candidate versions, so for some packages the
"latest" version was in fact a development/release-candidate version
that we didn't want to package in Buildroot.
However, in recent time, release-monitoring.org has gained support for
differentiating stable vs. development releases of upstream
projects. See for example
https://release-monitoring.org/project/10024/ for the glib library,
which has a number of versions marked "Pre-release".
The JSON blurb returned by release-monitoring.org has 3 relevant
fields:
- "version", which we are using currently, which is a string
containing the reference of the latest version, including
pre-release.
- "versions", which is an array of strings listing all versions,
pre-release or not.
- "stable_versions", which is an array of string listing only
non-pre-release versions. It is ordered newest first to oldest
last.
So, this commit changes from using 'version' to using
'stable_versions[0]'.
As an example, before this change, pkg-stats reports that nfs-utils
needs to be bumped to 2.5.5rc3, while after this patch, it reports
that nfs-utils is already at 2.5.4, and that this is the latest stable
version (modulo an issue where Buildroot has 2.5.4 and
release-monitoring.org has 2-5-4, this will be addressed separately).
Note that part of this change was already done in commit f7b0e0860, but
it was incomplete.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 11efcb39b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The pkg-stats scripts tries to match packages against
release-monitoring.org in two ways:
- First by using the "Buildroot" distribution registered on
release-monitoring.org, in which we have added a lot of mappings
between Buildroot package names and release-monitoring.org package
names. If there is a match using this distribution, the package
status is RM_API_STATUS_FOUND_BY_DISTRO, which means that the
resulting HTML has a "found by distro" statement.
- Then, if the first solution didn't work, by using the pattern
matching, as done in the check_package_get_latest_version_by_guess()
function.
However, there is a bug in this later case: it sets the package status
to RM_API_STATUS_FOUND_BY_DISTRO as well, while it should have been
RM_API_STATUS_FOUND_BY_PATTERN. Due to this bug, in the resulting HTML
file from a pkg-stats run, all packages are marked as "found by
distro" even the ones that are "found by guess".
This commit fixes that by setting the correct package status.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9602fd94e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For example with libpng: 1.6.37 instead of 1.7.0beta89
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[yann.morin.1998@free.fr: coalesce into a single line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f7b0e08605)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The dbus-next package uses the Python type annotation for dbus types. This is
not compatible with the python typing assumption that flake8 makes.
Exclude F821 from this line.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/1687009829
partially:
support/testing/tests/package/sample_python_dbus_next.py:17:36: F821 undefined name 's'
support/testing/tests/package/sample_python_dbus_next.py:17:48: F821 undefined name 's'
support/testing/tests/package/sample_python_dbus_next.py:17:56: F821 undefined name 's'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1217817ac2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-41089: Create parent directories inside a chroot during docker
cp to prevent a specially crafted container from changing permissions of
existing files in the host’s filesystem.
- CVE-2021-41091: Lock down file permissions to prevent unprivileged users
from discovering and executing programs in /var/lib/docker.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ce45136df0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-41092: Ensure default auth config has address field set, to
prevent credentials being sent to the default registry.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d53c702419)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On Linux version >= 4.20 in order to have mali working we need to pass
drm_kms_helper.drm_leak_fbdev_smem=1 and at least
drm_kms_helper.drm_fbdev_overalloc=200 to have a double buffer fbdev.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 97408545ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-32765: Hiredis is a minimalistic C client library for the
Redis database. In affected versions Hiredis is vulnurable to integer
overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk`
protocol data. When parsing `multi-bulk` (array-like) replies, hiredis
fails to check if `count * sizeof(redisReply*)` can be represented in
`SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make
this check, it would result in a short allocation and subsequent buffer
overflow.
https://github.com/redis/hiredis/blob/v1.0.2/CHANGELOG.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9e092ba253)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adding the Image format on the Qemu command line avoid this warning:
"WARNING: Image format was not specified for 'output/TestUbi/images/rootfs.ubi' and probing guessed raw.
Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
Specify the 'raw' format explicitly to remove the restrictions."
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1ab2dd6aa5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a comment when kernel is not enabled (missing since the addition of
the package in commit 5b13fc05b3)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b5a48f3584)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a comment when kernel is not enabled (missing since the addition of
the package in commit de591c5c3a)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5eedd33368)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There are currently three issues with the installation step:
1. it does not ensure the parent destination directory exists before
copying into it, so if /usr/share has not been created in the
dependency chain of edk2-platforms, the installation fails, which
may very well happen easily as edk2-plaforms has nothing in its
dependency chain (except the toolchain et al.);
2. all our dot-stampfiles and .files-list are also copied, as well as
the Readme, license files, and maintainers file. All of those are
useless on the target (and the .files-list introduce
non-reproduciiblity);
3. of a lesser importance, the construct to install, and specifically
to reinstall, does not match what we usually do in Buildroot
(removal of the directory to copy).
We fix all three in one fell swoop:
1. create the destination directory if needed;
2. copy just the directories with the actual platform descriptions
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Dick Olsson <hi@senzilla.io>
Cc: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit dbf381c199)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adding myself as co-maintainer of libuev alongside Peter Seiderer, his
initiative, and I am the upstream so seems logical.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 541fb5b581)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
450 4.1.1 <arthur.courtel@smile.fr>: Recipient address rejected: User
unknown in virtual mailbox table
Arthur is no longer at Smile.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6df212931b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d538f3c7a7)
[Peter: drop 5.14.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since v0.8 a script 'dfuse-pack.py' is part of the package, which has a
different license.
Fixes: c212a90b61 ("package/dfu-util: bump version to 0.8, add hash, fix SITE url")
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit efef1974c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
DFU 1.1 specification is also supported.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ddafea9c80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For details see [1].
[1] https://github.com/log4cplus/log4cplus/releases/tag/REL_2_0_7
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c22790448d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported by Jens [0], commit db7d786140 (fs/ext2: fix namespace for
variables) forgot to rename one variable expansion, resulting in the
ext2 label as set by the user to be ignored, with an empty label set.
[0] https://github.com/buildroot/buildroot/commit/db7d78614098#commitcomment-57918423
Reported-by: Jens Maus <mail@jens-maus.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5ece6be60b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Testing buildroot 2021.05 I observed that after first
boot I was having the following folders:
/context:
/system_u:object_r:auditd_log_t
The root of this problem turned to be a difference in the
output of $(selabel_lookup -b file -k /var/log/audit) called
by S02auditd that from this version on looks like:
$ selabel_lookup -b file -k /var/log/audit
Default context: system_u:object_r:auditd_log_t
This patch will cut it to retrieve the type piece only. Unfortunately,
audit has no options to create machine-readable output that is
guaranteed not to change, so that's the best we can do.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e47832c860)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes CVE-2021-32672
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f03ad7e0a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Repeat after me: "Forcing the value of <pkg>_DEPENDENCIES inside a
conditional is the root of all evil."
Repeat after me: "Forcing the value of <pkg>_DEPENDENCIES inside a
conditional is the root of all evil."
Repeat after me: "Forcing the value of <pkg>_DEPENDENCIES inside a
conditional is the root of all evil."
Repeat after me: "Forcing the value of <pkg>_DEPENDENCIES inside a
conditional is the root of all evil."
Enough? :-)
Due to this mistake, any other GDB_DEPENDENCIES defined before this
assignment were lost. For example, the host-flex host-bison added
inside the GDB_FROM_GIT==y condition were ignored if
BR2_PACKAGE_GDB_DEBUGGER.
Fixes the build of all ARC configurations that have
BR2_PACKAGE_GDB_DEBUGGER enabled.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 97f3ad7af3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since I'm the upstream maintainer and we use it for $DAYJOB, I'll adopt.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 96db7735f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (for details see [1]):
- Fix for memory corruption issue when listening to same node (#99)
[1] https://github.com/RidgeRun/gst-interpipe/releases/tag/1.1.6
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 49381c4f59)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select BR2_PACKAGE_WOLFSSL_ALL as suggested by upstream in
https://github.com/curl/curl/issues/7745 to fix the following build
failure raised since bump to version 7.79.1 in commit
6d6842130b456499d3ff230a3b70cec756cbccd1:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/lib/gcc/riscv64-buildroot-linux-uclibc/10.3.0/../../../../riscv64-buildroot-linux-uclibc/bin/ld: ../lib/.libs/libcurl.so: undefined reference to `wolfSSL_ERR_clear_error'
Fixes:
- http://autobuild.buildroot.org/results/2956c8fb91a16d2ab59fb1c7babec46a6c8399e5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 36ac5b0b0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2
(CVE-2021-28116 aka ZDI-CAN-11610)
Due to an out of bounds memory access Squid is vulnerable to an
information leak vulnerability when processing WCCPv2 messages.
This problem allows a WCCPv2 sender to corrupt Squids list of
known WCCP routers and divert client traffic to attacker
controlled routers.
This attack is limited to Squid proxy with WCCPv2 enabled and
IP spoofing of a router IP address configured as trusted in
squid.conf.
For more details, see the advisory:
http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000136.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6263c1f9a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (since 2021.04.21):
47007d0 wireless-regdb: update regulatory database based on preceding changes
e983a25 Update regulatory rules for Ecuador (EC)
a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz
cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz
a4468e8 wireless-regdb: update regulatory database based on preceding changes
86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US
6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US
9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately
42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 95f3fc514c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-41617: sshd in OpenSSH 6.2 through 8.x before 8.8, when
certain non-default configurations are used, allows privilege escalation
because supplemental groups are not initialized as expected. Helper
programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may
run with privileges associated with group memberships of the sshd
process, if the configuration specifies running the command as a
different user.
https://www.openssh.com/txt/release-8.8https://www.openssh.com/txt/release-8.7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 29b6114acf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
python-meld3 is not a dependency since bump to version 4.1.0 in commit
5da3e1a3e6 and
d09d843493
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cd5dc168e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 96464f7562)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This package uses meson-package infrastracture, so we don't need to
explicitly pass its additional CFLAGS to some variable. The only thing we
need to pass them is to use MESA3D_CFLAGS, because in package/pkg-meson.mk
we have:
$(2)_CFLAGS ?= $$(TARGET_CFLAGS)
that makes the work automatically, where $(2) is exactly the package name,
though $(2)_CFLAGS expands to MESA3D_CFLAGS.
So let's remove the MESA3D_CONF_OPTS += -DCMAKE_C_FLAGS="$(MESA3D_CFLAGS)"
line that has been added by mistake.
Note: this doesn't fix any bug, but remove an unnecessary and ambiguos line
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4383fde622)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mesa3d uses very big switch statements, which causes the build to fail
on m68k, beause the offsets there are only 16-bit.
We fix that by using -mlong-jump-table-offsets on m68k, to use 32-bit
offsets for switch statements, but this is only available starting with
gcc 7 [0] [1].
Fixes:
http://autobuild.buildroot.net/results/60c4653c2a93125edbdd0beb43cd47301643464a/
Note: we have two packages that select mesa3d, but:
package/intel-mediadriver/
-> already depends on x86_64, so implies !m68k
package/x11r7/xdriver_xf86-video-imx-viv/
-> imx is an ARM, but xdriver_xf86-video-imx-viv is missing
a depends on BR2_arm (although the comments do have that
dependency). However, it depends on other imx related
packages, and they depend on either arm or aarch64, so
that implies !m68k.
As such, we do not need to propagate that new dependency.
[0] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57583#c15
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57583#c16
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr:
- add comment
- reword commit log, add BZ references, add non-propagation notes
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2fe3a8f81b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Traditional VT-10x terminals (and their emulators) [0] have a "magic
margins" feature that enables the last character position to be updated
without scrolling the screen: whenever a character is printed on the
last column, the cursor stays over the character, instead of moving to
the next line.
The Busybox shell, ash, attempts to defeat this feature by printing
CR,LF right after echoing a character to the last column.[1] This
doesn't play well with emulator.py. The run() method of the Emulator
class captures the output of the emulated system and assumes the first
line it reads is the echo of the command, and all subsequent lines are
the command's output. If the line made by the command + shell prompt is
longer than 80 characters, then it is echoed as two or more lines, and
all but the first one are mistaken for the command's output.
We fix this by telling the emulated system that we are using an
ultra-wide terminal with 29999 columns. Larger values would be ignored
and replaced by the default, namely 80 columns.[2]
[0] https://vt100.net/docs/vt100-ug/chapter3.html - DECAWM
[1] https://git.busybox.net/busybox/tree/libbb/lineedit.c?h=1_34_0#n412
[2] https://git.busybox.net/busybox/tree/libbb/xfuncs.c?h=1_34_0#n258
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Co-authored-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit eb3ee3078a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This has a compile time dependency on gst1-plugins-bad due to
the codecparsers dependency.
We need to prevent the wpe plugin from being selected when wpewebkit
media-stream support is enabled as the wpe plugin requires wpewebkit
which would create a circular dependency with gst1-plugins-bad.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7749e73b9a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.16.9 (released 2021-10-07) includes a security fix to the linker and
misc/wasm directory, as well as bug fixes to the runtime and to the
text/template package.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc 4.8 raised since bump of
php-gnupg to version 1.5.0 in commit
20ecd9c942 and
8b5b1e718f:
.libs/gnupg_keylistiterator.o: In function `_phpc_res_close':
gnupg_keylistiterator.c:(.text+0x2d4): multiple definition of `_phpc_res_close'
Fixes:
- http://autobuild.buildroot.org/results/d79/d79bc1b0f98d68eb8a7fe7d86af5ddcc75e42507/build-end.log
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 867521fed7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
zlib is an optional dependency since bump to version 7.60 in commit
c4faf1d4d1 and
0c142333bb.
If it is not disabled, nmap will build its own zlib version which can
result in the following build failure:
/home/giuliobenetti/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: attempted static link of dynamic object `libz.so.1.2.11'
Fixes:
- http://autobuild.buildroot.org/results/da9469e24390c94fe74f133152dc320c21872159
- http://autobuild.buildroot.org/results/53034d8dd506bc033dc92343f9a37cd4ac8b2142
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e991c2cba6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mips_32 is not supported by ffmpeg and it tries to build with loongson3
SIMD support that leads to build failure due to:
/tmp/ccFO2LRa.s: Assembler messages:
/tmp/ccFO2LRa.s:15314: Error: opcode not supported on this processor: mips32 (mips32) `dmult $2,$6'
/tmp/ccFO2LRa.s:15316: Error: opcode not supported on this processor: mips32 (mips32) `dsrl $2,$2,32'
So let's --disable-asm to prevent using those unsupported opcodes for every
mips architecture according to Arnout.
Fixes:
http://autobuild.buildroot.net/results/f01/f01d9cedec8e1b371308d0f7af561a75883fa27c/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 4e822fcadf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Compiling on Ubuntu 20.04 generates this:
./util.c: In function ‘file_write_dep’
./util.c:54:18: warning: ‘..config.tmp’ directive writing 12 bytes into a region of size between 1 and 4097 [-Wformat-overflow=]
54 | sprintf(buf, "%s..config.tmp", dir);
| ^~~~~~~~~~~~
./util.c:54:2: note: ‘sprintf’ output between 13 and 4109 bytes into a destination of size 4097
54 | sprintf(buf, "%s..config.tmp", dir);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
and similar warnings on confdata.c, lines 778, 989, 995, 1000, 1007,
1040, 1046 and 1054. Avoid the warnings by enlarging the destination
buffer of fprintf().
Normally, we want changes to kconfig to be reflected by patches in
support/kconfig/patches. This makes it easier to resync with upstream
kconfig. However, in this case, everything that is changed here is
already changed completely (and differently) upstream, so there is no
added value in keeping the patch.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 324612d68e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With some toolchains (e.g. mips64el), partial linking fails in the
following way:
/tmp/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mips64el-buildroot-linux-uclibc/8.4.0/../../../../mips64el-buildroot-linux-uclibc/bin/ld: build/release/libmupdf.a(Dingbats.cff.o): ABI is incompatible with that of the selected emulation
/tmp/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mips64el-buildroot-linux-uclibc/8.4.0/../../../../mips64el-buildroot-linux-uclibc/bin/ld: failed to merge target specific data of file build/release/libmupdf.a(Dingbats.cff.o)
Taking inspiration from commit
9eca4b9f84, fix it by using GCC instead
of LD for partial linking.
Note that on mips the build will now produce warnings similar to this
one:
buildroot/output/host/lib/gcc/mips64el-buildroot-linux-gnu/10.3.0/../../../../mips64el-buildroot-linux-gnu/bin/ld: build/release/libmupdf.a(NotoSansTaiTham-Regular.ttf.o): warning: linking abicalls files with non-abicalls files
During a runtime test on mips64el under qemu, mupdf-x11 was
nonetheless able to display a sample PDF file correctly.
Fixes:
- http://autobuild.buildroot.net/results/156fe9ee5f6dccdc98990f6c5de5562383bc2b74/
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit daa315e178)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-41054: tftpd_file.c in atftp through 0.7.4 has a buffer
overflow because buffer-size handling does not properly consider the
combination of data, OACK, and other options.
- Update hash of license file (license replaced with current version of
the GPL text:
bf22ccaef3)
https://sourceforge.net/p/atftp/code/ci/v0.7.5/tree/Changelog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f39ae602ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release Notes:
```
This release was focused on stability and hardening, notably fixing some
long-standing race conditions and memory leaks. Default mount options got
tweaked towards data safety.
All users are strongly advised to upgrade.
```
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d0298f4052)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2021-3013 does not impact any buildroot versions of ripgrep as it is
a Windows-only exploit targeting ripgrep versions earlier than 13. It
can be safely ignored on our LTS branches.
https://nvd.nist.gov/vuln/detail/CVE-2021-3013
Signed-off-by: Sam Voss <sam.voss@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 641beb3217)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When booting under EFI, grub2 will output a nice and shiny boot menu,
using extended ASCII characters (in the [0x80..0xFF] range), namely
CP437 [0], on the assumption that the VGA BIOS is a real one and has the
corresponding (and only!) font, as is the case on real hardware.
However, when run in our runtime test infrastructure, this triggers the
infamous python UnicodeDecodeError exception:
Traceback (most recent call last):
[...]
emulator.login()
File "[...]/buildroot/support/testing/infra/emulator.py", line 89, in login
index = self.qemu.expect(["buildroot login:", pexpect.TIMEOUT],
File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 340, in expect
return self.expect_list(compiled_pattern_list,
File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 369, in expect_list
return exp.expect_loop(timeout)
File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 111, in expect_loop
incoming = spawn.read_nonblocking(spawn.maxread, timeout)
File "/usr/lib/python3/dist-packages/pexpect/pty_spawn.py", line 485, in read_nonblocking
return super(spawn, self).read_nonblocking(size)
File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 178, in read_nonblocking
s = self._decoder.decode(s, final=False)
File "/usr/lib/python3.8/codecs.py", line 322, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xda in position 0: invalid continuation byte
Grub2 is not wrong in emitting those chars, and basically we should not
expect the packages we test to always emit correct UTF-8 sequences; at
the very least, this should not cause the test infra to fail.
We fix that by telling pexpect.spawn to "fix" such invalid sequences by
replacing them with the suitable Unicode character, U+FFFD REPLACEMENT
CHARACTER.
[0] https://en.wikipedia.org/wiki/Code_page_437
[1] https://docs.python.org/3/library/codecs.html#error-handlers
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr:
- don't change encoding, use codec_errors
- rewrite commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d6d7cbb8e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_TOOLCHAN_USES_UCLIBC -> BR2_TOOLCHAIN_USES_UCLIBC
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b03ea972ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_TOOLCHAN_USES_UCLIBC -> BR2_TOOLCHAIN_USES_UCLIBC
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 71ce29eff3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When parsing and adding modules the refpolicy build system checks their
validity using xmllint. By default the host system version is used and
if not found an error is displayed but the build is not stopped. This
leads to interesting issues where modules are not added correctly to
modules.conf[1] (other possible issues are likely).
Fix this by adding a dependency on host-libxml2 and explicitly use the
xmllint binary built by Buildroot.
[1] https://lore.kernel.org/buildroot/20210830114531.2285178-1-jose.pekkarinen@unikie.com/
Tested-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5141cee109)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Plus, indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
(cherry picked from commit 1c543c729e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use --with-ncurses and --without-ncurses options which are available
since version 0.88 and
4e2a948a16
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit edb65b4e6d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-lvm2 is needed to avoid the following build failure raised since
the addition of the package in commit
ccfc90e1010e42e6529afae3a5ea8bf7226dabc1:
Program pvcreate found: NO
../output-1/build/libvirt-7.7.0/meson.build:1888:6: ERROR: Program 'pvcreate' not found
Fixes:
- http://autobuild.buildroot.org/results/13c12086a0ce06c348d5971b56b5f4f27fa0f317
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit e43e3ccbab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use the standard install for the host, so e.g. pvcreate is installed as
well. pvcreate is needed for libvirt.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit cadf33cab9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, fixing a number of regressions:
- Fixed a regression in Django 3.2 that caused a crash validating "NaN"
input with a forms.DecimalField when additional constraints, e.g.
max_value, were specified (#32949).
- Fixed a bug in Django 3.2 where a system check would crash on a model with
a reverse many-to-many relation inherited from a parent class (#32947).
- Fixed a regression in Django 3.2 that caused the incorrect offset
extraction from fixed offset timezones (#32992).
https://docs.djangoproject.com/en/3.2/releases/3.2.6/https://docs.djangoproject.com/en/3.2/releases/3.2.7/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f71e240229)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The various micropython ports may include code licensed under different
licenses compared to the core micropython. List these in MICROPYTHON_LICENSE.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 4dc40c21ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libcap is an optional dependency which is enabled by default since
version 0.88 and
2ff8de3102
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 3d99699f82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While creating the initial package file a wrong dependency was chosen.
This package really depends on jsoncpp, not json-for-modern-cpp:
f724c5934c
This bug was found while testing per-package directories.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
(cherry picked from commit 2d8e452895)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libcap is an optional dependency which is enabled by default since
version 0.7.1 and
669c53e335
and can be explicitly enabled or disabled since version 0.9.0 and
af36fbe756
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c3712a86ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with glibc >= 2.33:
src/client/linux/handler/exception_handler.cc: In function 'void google_breakpad::{anonymous}::InstallAlternateStackLocked()':
src/client/linux/handler/exception_handler.cc:147:49: error: no matching function for call to 'max(int, long int)'
147 | static const unsigned kSigStackSize = std::max(16384, SIGSTKSZ);
| ~~~~~~~~^~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/61a89fa954db16a7b5b9fcee55c545e489f8d489
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 53495c204b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release clears CVE-2021-40530 and fixes a problem with ChaCha20
AVX2 implementation. The CVE was due to ElGamal encryption using a work
estimate to size encryption exponents instead subgroup order. The
ChaCha20 issue was due to mishandling a carry in the AVX2 code path. The
ChaCha20 issue was difficult to duplicate, so most users should not
experience it.
https://github.com/weidai11/cryptopp/releases/tag/CRYPTOPP_8_6_0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d714137722)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Syslinux use some python scripts during the build and they
are using python interpreter by default. It fail to build
when there is no python interpreter on the host.
[...]/syslinux-6.03/com32/cmenu/menugen.py
make[6]: python: No such file or directory
Since Syslinux 5.00, we can override the python interpreter
used during the build:
https://repo.or.cz/syslinux.git/commitdiff/4dec62ce9c2c0d170f21b3ae2d7c618eb7a30c05
Add the missing host-python3 dependency and override
it in SYSLINUX_BUILD_CMDS.
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1614446766
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6ccfd40711)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since v2.2 release (commits 8cc36aec912 "doc: De-duplicate readme and
license files" and 9f1622b018ab "doc: Move content out of readme and
create new index page "), the license.rst file at the root of the git
repo is only telling to look at docs/license.rst file.
Let's point the ARM_TRUSTED_FIRMWARE_LICENSE_FILES to the correct file
and modify the .hash file accordingly.
The comment has also been wrong since we bumped from version 1.4 to 2.2
in commit a757d173f1 (boot/arm-trusted-firmware: bump to version
2.2). Drop referencing an explicit version, so that is is never wrong
again.
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
[yann.morin.1998@free.fr: also fix the comment.]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8354176915)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 2cfdf8b8a2 (boot/mv-ddr-marvell: Bump to HEAD as of 20201207)
forgot to update the hash a a source file that we use as license file.
Fixes: #14221
Reported-by: nyanyamiau@gmail.com
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: D. Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f05136090d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In filesystems, variables must be prefixed with ROOTFS_, to avoid
ckashing with packages of the same name.
We do not have a package named 'ext2', so we currently have no clash,
but it is still better that the variables be properly namespaced.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit db7d786140)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Static build with musl fails since bump to version 2020.04 in commit
fe97212976 because LDFLAGS, which contains
-static, is not passed resulting in the following build failure:
/tmp/instance-1/output-1/host/lib/gcc/arm-buildroot-linux-musleabihf/10.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: /tmp/instance-1/output-1/host/lib/gcc/arm-buildroot-linux-musleabihf/10.3.0/libgcc.a(_dvmd_lnx.o): in function `__aeabi_ldiv0':
/tmp/instance-1/output-1/build/host-gcc-final-10.3.0/build/arm-buildroot-linux-musleabihf/libgcc/../../../libgcc/config/arm/lib1funcs.S:1499: undefined reference to `raise'
collect2: error: ld returned 1 exit status
Fixes:
- http://autobuild.buildroot.org/results/d71aba27ff0c7711f2cb67261183506f25217a5f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 84a2723568)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ee8b680816 ("utils/scanpypi: use python3 explicitly") started to use python3,
thus compatibility can be removed:
from __future__ import print_function
from __future__ import absolute_import
Tested with python3 -m py_compile.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d50290764e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile
1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.
https://nvd.nist.gov/vuln/detail/CVE-2021-3246
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit cb18218ad1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-22945: UAF and double-free in MQTT sending
When sending data to an MQTT server, libcurl could in some circumstances
erroneously keep a pointer to an already freed memory area and both use
that again in a subsequent call to send data and also free it again.
https://curl.se/docs/CVE-2021-22945.html
- CVE-2021-22946: Protocol downgrade required TLS bypassed
A user can tell curl to require a successful upgrade to TLS when speaking
to an IMAP, POP3 or FTP server (--ssl-reqd on the command line or
CURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL with libcurl).
This requirement could be bypassed if the server would return a properly
crafted but perfectly legitimate response.
This flaw would then make curl silently continue its operations without
TLS contrary to the instructions and expectations, exposing possibly
sensitive data in clear text over the network.
https://curl.se/docs/CVE-2021-22946.html
- CVE-2021-22947: STARTTLS protocol injection via MITM
When curl connects to an IMAP, POP3, SMTP or FTP server to exchange data
securely using STARTTLS to upgrade the connection to TLS level, the server
can still respond and send back multiple responses before the TLS upgrade.
Such multiple "pipelined" responses are cached by curl. curl would then
upgrade to TLS but not flush the in-queue of cached responses and instead
use and trust the responses it got before the TLS handshake as if they
were authenticated.
Using this flaw, it allows a Man-In-The-Middle attacker to first inject
the fake responses, then pass-through the TLS traffic from the legitimate
server and trick curl into sending data back to the user thinking the
attacker's injected data comes from the TLS-protected server.
Over POP3 and IMAP an attacker can inject fake response data.
https://curl.se/docs/CVE-2021-22947.html
In addition, 7.79.1 fixes a number of regressions in 7.79.0:
https://daniel.haxx.se/blog/2021/09/22/curl-7-79-1-patched-up-and-ready/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 6d6842130b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The file access protection built into Ghostscript proved insufficient for
the "%pipe%" PostScript device, when combined with Ghostscript's requirement
to be able to create and control temporary files in the conventional
temporary file directories (for example, "/tmp" or "/temp). This exploit is
restricted to Unix-like systems (i.e., it doesn't affect Windows). The most
severe claimed results are only feasible if the exploit is run as a "high
privilege" user (root/superuser level) \u2013 a practice we would discourage
under any circumstances.
For more details, see the advisory:
https://ghostscript.com/CVE-2021-3781.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 4e415b4164)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which
allows remote attackers to discover cleartext credentials because they may
appear in SNI data.
https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
Upstream unfortunately does not provide a public VCS (only source
snapshots), so fetch the security patch from Debian.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5bb9d79f27)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Includes a number of bugfixes and the security fixes up to xsa-384:
https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-3/
Drop the now upstream
0002-libs-foreignmemory-Fix-osdep_xenforeignmemory_map-prototype.patch, and
renumber the remaining patches.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 69e4493fb1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a minor release which provides fixes for CVE-2021-30858 and
a number of other potential security issues without an associated CVE.
Patch "0001-Add-ldp-and-stp-support-for-FP-registers-plus-some-b.patch"
is deleted as it has been included in this release.
Full release notes can be found at:
https://webkitgtk.org/2021/09/17/webkitgtk2.32.4-released.html
An accompanying security advisory has been published at:
https://webkitgtk.org/security/WSA-2021-0005.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 3e4230e6e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a minor release which provides fixes for CVE-2021-30858 and
a number of other potential security issues without an associated CVE.
Patch "0001-Add-ldp-and-stp-support-for-FP-registers-plus-some-b.patch"
is deleted as it has been included in this release.
Full release notes can be found at:
https://wpewebkit.org/release/wpewebkit-2.32.4.html
An accompanying security advisory has been published at:
https://wpewebkit.org/security/WSA-2021-0005.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5d062fdbe8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport the following security fix from the upstream 21.1 release fixing
CVE-2021-3572:
https://github.com/pypa/pip/pull/9827
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The gdbinit supplied by Buildroot does two things:
A. specify the sysroot where gdb can find shared libraries
B. mark the sysroot as a 'safe path' for its auto-load feature, to make sure
that pretty printers for libstdc++.so are added automatically (see commit
6fb3216a80)
When debugging a core file, and the gdbinit file is specified via '-x'
rather than '-ix', then the order of these settings matters: If you first
set the sysroot, then gdb will immediately start finding the shared
libraries it needs for the core file, detect libstdc++ and its associated
libstdc++-gdb.py file, then give a big warning about safe paths:
warning: File ".../i686-buildroot-linux-gnu/sysroot/lib/libstdc++.so.6.0.24-gdb.py"
auto-loading has been declined by your `auto-load safe-path' set
to "$debugdir:$datadir/auto-load".
To enable execution of this file add
add-auto-load-safe-path .../i686-buildroot-linux-gnu/sysroot/lib/libstdc++.so.6.0.24-gdb.py
line to your configuration file "/home/me/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/me/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
info "(gdb)Auto-loading safe path"
and the pretty printing code is not loaded. This is because the second
line from the gdbinit file was not yet parsed at this point.
By changing the order (first configuring the safe path, then setting the
sysroot), this issue does not appear and everything is as expected.
Note that when '-ix' were used instead of '-x' to pass the gdbinit file to
gdb, then the order would not matter, because the entire gdbinit file would
be parsed before considering the core file.
However, even though the Buildroot manual now suggests '-ix', users may not
have noticed this change and continue to use '-x'.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f0e204d99b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A gdbinit file passed via '-x' will be read _after_ parsing any
object/core file passed on the command-line. In cross-compilation context,
this is particularly a problem when loading a core file, because without the
'sysroot' specified in the gdbinit file, it will give a lot of warnings,
like:
warning: .dynamic section for "/lib/libstdc++.so.6" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/librt.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libm.so.6" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libgcc_s.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libc.so.6" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/ld-linux.so.2" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libanl.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libdl.so.2" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libpthread.so.0" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/usr/lib/libz.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libnss_files.so.2" is not at the expected address (wrong library or version mismatch?)
warning: Could not load shared library symbols for 17 libraries, e.g. [...]
Use the "info sharedlibrary" command to see the complete listing.
Do you need "set solib-search-path" or "set sysroot"?
In contrast, the '-ix' option will load the specified gdbinit file _before_
parsing object/core files. This will remove said warnings.
See also: https://sourceware.org/bugzilla/show_bug.cgi?id=28330
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e1ee121cae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To avoid spending some time to build the x86_64 toolchain (~20min),
switch to corei7 cpu (Nahalem) and use the prebuilt Bootlin toolchain.
We have to use the "stable" Bootlin toolchain to use the same kernel version
for the toolchain kernel headers and the running kernel.
With the "bleeding-edge" toolchain we have the "kernel too old" issue
(running kernel 4.19 vs kernel headers 5.4)
Runtime tested locally.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 521b6f8550)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Switch from the Buildroot internal toolchain for armv5 to
the prebuilt Bootlin external toolchain.
The test doesn't require to build a toolchain, there was
no prebuilt glibc toolchain recent enough at the time this
test has been introduced.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 184d20404e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This test already use builtin kernel provided by the testsuite infra:
self.emulator.boot(arch="armv7",
kernel="builtin",
options=["-initrd", img])
But a second kernel is build from the its defconfig. This second kernel
is not used by the test.
The TestRust (using BR2_PACKAGE_HOST_RUST=y) is really long to build,
save some cpu time by removing the kernel build.
This unused kernel (based on 4.11.3 release) doesn't even build with
host gcc >= 10.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f6d438d59f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kernel 4.19.79 curently used by the test doesn't build with host
gcc >= 10 due the gcc default -fno-common. See GCC 10 porting guide [1].
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
The issue was fixed in 4.19.114 [2]
Bump to the latest 4.19.x version.
[1] https://gcc.gnu.org/gcc-10/porting_to.html
[2] http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=621f2ded601546119fabccd1651b1ae29d26cd38
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 883d5a2f3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kernel 5.5.7 curently used by the test doesn't build with host
gcc >= 10 due the gcc default -fno-common. See GCC 10 porting guide [1].
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
But we can't just update this test to the next linux kernel LTS 5.10.y since
the minimum gcc version has been updated to gcc 4.9 since 5.8 kernel [2]
and the Sourcery CodeBench ARM 2014.05 is used (gcc 4.8 based).
Enable arm cortex A9 and VFP support to switch to the ARM arm prebuilt
toolchain (the Bootlin toolchain could be used).
While at it use the prebuilt buildin kernel for the vexpress target
recently updated to 5.10.7.
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1564202094
[1] https://gcc.gnu.org/gcc-10/porting_to.html
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ec4476ac82512f09c94aff5972654b70f3772b2
[3] 3cf2782906
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e0ad7c6411)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kernel 4.16.7 curently used by the test doesn't build with host
gcc >= 10 due the gcc default -fno-common. See GCC 10 porting guide [1].
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Bump to the next LTS release.
[1] https://gcc.gnu.org/gcc-10/porting_to.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 73278c8a70)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kernel 4.16.7 curently used by the test doesn't build with host
gcc >= 10 due the gcc default -fno-common. See GCC 10 porting guide [1].
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Bump to the next LTS release.
[1] https://gcc.gnu.org/gcc-10/porting_to.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e0a64dfc0e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kernel 4.11.3 curently used by the test doesn't build with host
gcc >= 10 due the gcc default -fno-common. See GCC 10 porting guide [1].
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Bump to the next LTS release.
[1] https://gcc.gnu.org/gcc-10/porting_to.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 69de111c46)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kernel 4.11.3 curently used by the test doesn't build with host
gcc >= 10 due the gcc default -fno-common. See GCC 10 porting guide [1].
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Bump to the next LTS release.
[1] https://gcc.gnu.org/gcc-10/porting_to.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 322b40405e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update to version 0.10.1, which fixes the build when the DRM platform
module is enabled, fixes handling of absolute pointer events, and makes
the headless platform optional.
Although the headless platform is optional, Buildroot keeps it enabled
unconditionally (as previously) because the wpebackend-fdo dependency
is always needed anyway because Buildroot does not include any other
WPE backend.
Release notes:
https://wpewebkit.org/release/cog-0.10.1.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 59a19eb4c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add simple mixer python bindings to build when "Python support for
alsa-lib" is active. smixer-python is the only python module which
exists in alsa-lib. It is compatible with Python2 and Python3.
Signed-off-by: Illia Bitkov <illia.bitkov@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit fde3bf94b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Added patch fixes linkage of libgc with external libtomic-ops.
Mono uses bundeled bdwgc which doesn't link external libatomic-ops.
Patch is a fix cherry-picked from bdwgc upstream.
Problem found on ARMv5 processors, on newer ARM processors
it uses header based functions and doesn't need built library.
Error:
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../../external/bdwgc/.libs/libgc.a(gc.o): in function `GC_steal_mark_stack':
gc.c:(.text+0x2020): undefined reference to `AO_store_full_emulation'
Fixes:
http://autobuild.buildroot.net/results/ebc54e5dea63aca21a4072d294fdede41de559c7http://autobuild.buildroot.net/results/6d10a4bd43fbc9c1d3fa26d5eef394c8023cb85f
Signed-off-by: Illia Bitkov <illia.bitkov@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7b5a13eb3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If the toolchain does not have threads (e.g. br-arm-full-nothread),
compilation fails:
In file included from /home/fail/br-test-pkg/br-arm-full-nothread/build/libressl-3.3.3/crypto/cryptlib.c:117:
/home/fail/br-test-pkg/br-arm-full-nothread/build/libressl-3.3.3/crypto/../include/compat/pthread.h:114:15: fatal error: pthread.h: No such file or directory
114 | #include_next <pthread.h>
| ^~~~~~~~~~~
compilation terminated.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit da8f069d74)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Port the following upstream commit:
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/591/diffs?commit_id=0148a15da1616a868d71abe1b56e3f28cc79533c
This fixes the following build error on mips with GCC10:
CCLD libint10.la
buildroot/output/host/lib/gcc/mips64el-buildroot-linux-gnu/10.3.0/../../../../mips64el-buildroot-linux-gnu/bin/ld: .libs/helper_mem.o:(.bss+0x0): multiple definition of `IOPortBase'; .libs/helper_exec.o:(.bss+0x0): first defined here
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2e52de40d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, fixing a regression in 3.33.1:
- disk-buffer: fixed a bug, which was introduced in 3.33.1, where we
sometimes corrupted the disk-buffer file when it reached full size.
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.2
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e8752217fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The AKA backend for 3GPP2 requires libgmp (see
https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf). Since
the AKA backend for 3GPP2 is included by BR2_PACKAGE_STRONGSWAN_EAP,
when selecting a crypto backend different from
BR2_PACKAGE_STRONGSWAN_GMP, there is no guarantee the gmp package is
selected as well. When doing so, make fails since the package is in the
dependency chain but not selected:
$ make
Makefile:585: *** gmp is in the dependency chain of strongswan that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
make: *** [Makefile:23: _all] Error 2
To fix this, select BR2_PACKAGE_GMP when selecting BR2_PACKAGE_STRONGSWAN_EAP.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 363613a698)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Trace-cmd needs -fPIC for Sparc64 platform otherwise it fails on linking,
so add -fPIC to CFLAGS when building for such platform.
Fixes;
http://autobuild.buildroot.net/results/c59/c596f6308b7f4d44d9ba009ed0c395396fc72f47/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b1942c8e47)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
AM_ICONV is not needed since drop of autoreconf in commit
03fbb81b8b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit aa90237546)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will fix the following build failure with kernel >= 5.14 thanks to
382975557e:
In file included from crc/../os/os.h:39,
from crc/crc32c-arm64.c:2:
crc/../os/os-linux.h:17:10: fatal error: linux/raw.h: No such file or directory
17 | #include <linux/raw.h>
| ^~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/d85c044263c76ff7ef0fe47921d893a472954da9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1fe8806dbb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-28902: In function read_yin_container() in libyang <= v1.0.225,
it doesn't check whether the value of retval->ext[r] is NULL. In some
cases, it can be NULL, which leads to the operation of
retval->ext[r]->flags that results in a crash.
- CVE-2021-28903: A stack overflow in libyang <= v1.0.225 can cause a denial
of service through function lyxml_parse_mem(). lyxml_parse_elem()
function will be called recursively, which will consume stack space and
lead to crash.
- CVE-2021-28904: In function ext_get_plugin() in libyang <= v1.0.225, it
doesn't check whether the value of revision is NULL. If revision is NULL,
the operation of strcmp(revision, ext_plugins[u].revision) will lead to a
crash.
- CVE-2021-28905: In function lys_node_free() in libyang <= v1.0.225, it
asserts that the value of node->module can't be NULL. But in some cases,
node->module can be null, which triggers a reachable assertion (CWE-617).
- CVE-2021-28906: In function read_yin_leaf() in libyang <= v1.0.225, it
doesn't check whether the value of retval->ext[r] is NULL. In some cases,
it can be NULL, which leads to the operation of retval->ext[r]->flags that
results in a crash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 800bf65adc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-39272: Fetchmail before 6.4.22 fails to enforce STARTTLS session
encryption in some circumstances, such as a certain situation with IMAP
and PREAUTH.
https://www.fetchmail.info/fetchmail-SA-2021-02.txt
Update COPYING hash for a clarification of the license situation with
openssl 3.x (which is Apache 2.0 licensed):
8eed56c21c
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6041702a24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
only build --with-boost when both required modules (filesystem and system) are
also selected.
Fixes:
http://autobuild.buildroot.net/results/4fbf2a63f9ddfbc540ce7dabd10964b311477c06
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5572b2e531)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2021-29221 is a Windows specific issue:
A local privilege escalation vulnerability was discovered in Erlang/OTP
prior to version 23.2.3. By adding files to an existing installation's
directory, a local attacker could hijack accounts of other users running
Erlang programs or possibly coerce a service running with "erlsrv.exe" to
execute arbitrary code as Local System. This can occur only under specific
conditions on Windows with unsafe filesystem permissions.
So ignore it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e7c2eaf929)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-40529: The ElGamal implementation in Botan through 2.18.1, as
used in Thunderbird and other products, allows plaintext recovery because,
during interaction between two cryptographic libraries, a certain
dangerous combination of the prime defined by the receiver's public key,
the generator defined by the receiver's public key, and the sender's
ephemeral exponents can lead to a cross-configuration attack against
OpenPGP
For more details, see the upstream bug and issue writeup:
- https://github.com/randombit/botan/pull/2790
- https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 31c94080d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-37701: Arbitrary File Creation/Overwrite via insufficient symlink
protection due to directory cache poisoning using symbolic links
- CVE-2021-37712: Arbitrary File Creation/Overwrite via insufficient symlink
protection due to directory cache poisoning using symbolic links
- CVE-2021-37713: Arbitrary File Creation/Overwrite on Windows via
insufficient relative path sanitization
- CVE-2021-39134: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
- CVE-2021-39135: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e3bdcdd596)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit edb6d5f00b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 02bf32ca01)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 598c852077)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fc3e9ba25a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 931c6e2a70)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f8e9c7470b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e2bfdc4f18)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 40e02dccd5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6e6d6185dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 50cc9ab544)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 374b8f5845)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 97fddaa3df)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4b897e778a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7433ca40ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Named failed to check the opcode of responses when performing zone
refreshes, stub zone updates, and UPDATE forwarding. This could lead to an
assertion failure under certain conditions and has been addressed by
rejecting responses whose opcode does not match the expected value. [GL #2762]
For details, see the release notes:
https://downloads.isc.org/isc/bind9/9.11.35/RELEASE-NOTES-bind-9.11.35.html
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6977ee6e0e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This bump contains a single change to fix the following build failure
with Microblaze raised since bump to version 4.4.25 in commit
a071bec0a0cd928443223132d47564c90bc64713:
lib/crypt-gensalt-static.c:33:1: error: symver is only supported on ELF platforms
33 | SYMVER_crypt_gensalt;
| ^~~~~~~~~~~~~~~~~~~~
Update hash of LICENSING due to new file being added with
4ab5f672ebhttps://github.com/besser82/libxcrypt/blob/v4.4.26/NEWS
Fixes:
- http://autobuild.buildroot.org/results/4766bfce9813b7f321369ec45298d16cd6dc251a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 30479788f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- storage: Unlock pool objects on ACL check failures in
storagePoolLookupByTargetPath (CVE-2021-3667)
A logic bug in storagePoolLookupByTargetPath where the storage pool
object was left locked after a failure of the ACL check could
potentially deprive legitimate users access to a storage pool object
by users who don't have access.
- svirt: fix MCS label generation (CVE-2021-3631)
A flaw in the way MCS labels were generated could result in a VM's
resource not being fully protected from access by another VM were
it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153
- Disable Cloud-Hypervisor driver added by
56fbabf1a1
- Update indentation in hash file (two spaces)
https://gitlab.com/libvirt/libvirt/-/blob/v7.7.0/NEWS.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 93cbbb2ce8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libnl is an optional dependency (which is enabled by default) since the
addition of the package in commit
ccfc90e101
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 69bcb52766)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable docs and tests which are enabled since the addition of the
package in commit ccfc90e101
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a1fa1d4b70)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As the github repository has changed from github.com/AdoptOpenJDK/ to
github.com/adoptium, both versions are updated in the same patch.
Security fixes
JD K-8256157: Improve bytecode assembly
JDK-8256491: Better HTTP transport
JDK-8258432, CVE-2021-2341: Improve file transfers
JDK-8260453: Improve Font Bounding
JDK-8260960: Signs of jarsigner signing
JDK-8260967, CVE-2021-2369: Better jar file validation
JDK-8262380: Enhance XML processing passes
JDK-8262403: Enhanced data transfer
JDK-8262410: Enhanced rules for zones
JDK-8262477: Enhance String Conclusions
JDK-8262967: Improve Zip file support
JDK-8264066, CVE-2021-2388: Enhance compiler validation
JDK-8264079: Improve abstractions
JDK-8264460: Improve NTLM support
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit baaf71b9bb)
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- pthread_getname_np not available with musl libc, add patch to disable
usage for musl (patch inspired/ported from [1])
Fixes:
- http://autobuild.buildroot.net/results/ed372a4a8e50d9e20be589eeda40c92888d709bc
platform/default/thread.cpp: In function ‘std::string mbgl::platform::getCurrentThreadName()’:
platform/default/thread.cpp:14:5: error: ‘pthread_getname_np’ was not declared in this scope; did you mean ‘pthread_setname_np’?
14 | pthread_getname_np(pthread_self(), name, sizeof(name));
| ^~~~~~~~~~~~~~~~~~
| pthread_setname_np
[1] e64dd67f43/srcpkgs/qt5/patches/0014-musl-set_thread_name_np.patch
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: add uClibc]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4c8ec58504)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before
1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in
kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b9646b18bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-33193: A crafted method sent through HTTP/2 will bypass
validation and be forwarded by mod_proxy, which can lead to request
splitting or cache poisoning. This issue affects Apache HTTP Server
2.4.17 to 2.4.48.
https://github.com/apache/httpd/blob/2.4.49/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 868367222b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 148e695e37 (package/kodi: bump version to 19.0-Matrix) extended
the set of required libraries for various "platform" backends, by
selecting those libraries from the blind options. For example, we have:
config BR2_PACKAGE_KODI_PLATFORM_SUPPORTS_GBM
bool
default y
depends on [...]
select BR2_PACKAGE_LIBINPUT
[...]
However, that option is true as soon as the requirements are met (the
depends on), even when Kodi itself is not enabled.
This means that extra libraries are pulled in to the build, even when
not required.
We fix that by moving the actual selects to the main symbol, along with
the proper conditions. This means that we have two lines that select
libxbcommon, under two different conditions; we could make that a single
select, but the codition would need to be on two lines anyway, so meh...
This is not an ideal solution, because it is a bit ugly, but:
1) adding three new blind options just for the select is kinda extreme
and superfluous;
2) our Kodi packaging is already a bit ugly anyway.
Fixes: #14206
Reported-by: Thomas Ruschival <t.ruschival@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
(cherry picked from commit b80c488d04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc 4.8 raised since bump to
version 0.6.23 in commit e2f805097611b4828d2cba6168472aac6dedeafe:
exif-gps-ifd.c: In function 'exif_get_gps_tag_info':
exif-gps-ifd.c:62:3: error: 'for' loop initial declarations are only allowed in C99 mode
for (int i = 0; i < sizeof(exif_gps_ifd_tags) / sizeof(ExifGPSIfdTagInfo); ++i) {
^
exif-gps-ifd.c:62:3: note: use option -std=c99 or -std=gnu99 to compile your code
Fixes:
- http://autobuild.buildroot.org/results/7dd222e06d1e6611449fb8fe7516817c9ad43d65
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 039de9a291)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-23437 Raise ValueError if color specifier is too long
- Fix 6-byte OOB read in FliDecode
- Update indentation in hash file (two spaces)
https://github.com/python-pillow/Pillow/releases/tag/8.3.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a7919e68a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-40145: ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD
Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE:
the vendor's position is "The GD2 image format is a proprietary image
format of libgd. It has to be regarded as being obsolete, and should
only be used for development and testing purposes."
- Drop patch (already in version)
- Update hash of COPYING (duplicate merged and title added with
82d26095056013c7bcf6)
https://github.com/libgd/libgd/releases/tag/gd-2.3.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a052ecb5b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix several issues found by Covscan in the testsuite. These include:
- CWE-170: String not null terminated (STRING_NULL)
- CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
- CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
- CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
- CWE-573: Missing varargs init or cleanup (VARARGS)
- CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)
- Update hash of LICENSING due to files being updated with:
44e9eb57b4578271c377https://github.com/besser82/libxcrypt/blob/v4.4.25/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a071bec0a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-3770: vim is vulnerable to Heap-based Buffer Overflow
- Update hash of README.txt due to changes not related to license:
f2a44e5c4889a9c159f2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c3198cd414)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-3634: A flaw has been found in libssh in versions prior to
0.9.6. The SSH protocol keeps track of two shared secrets during the
lifetime of the session. One of them is called secret_hash and the other
session_id. Initially, both of them are the same, but after key
re-exchange, previous session_id is kept and used as an input to new
secret_hash. Historically, both of these buffers had shared length
variable, which worked as long as these buffers were same. But the key
re-exchange operation can also change the key exchange method, which can
be based on hash of different size, eventually creating "secret_hash" of
different size than the session_id has. This becomes an issue when the
session_id memory is zeroed or when it is used again during second key
re-exchange.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 88cb451446)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patches (already in version)
- Fix some more denial of service (compute time or stack exhaustion)
counter-measures added that avoid minutes of decoding time with
malformed files found by OSS-Fuzz
https://github.com/libexif/libexif/releases/tag/v0.6.23
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e2f8050976)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
protobuf moved from the google org to protocolbuffers in 2018.
There is a redirect but we should use the official url.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 107103ef91)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a7864c4ff4)
[Peter: drop 5.14.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openjdk needs host gcc >= 4.9 since bump to version 16.0.1+9 in commit
057e27029c and
2a8f92e7e7:
configure: Using gcc BuildC compiler version 4.8.5 [cc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-44)]
configure: Using gcc BuildC++ compiler version 4.8.5 [g++ (GCC) 4.8.5 20150623 (Red Hat 4.8.5-44)]
configure: Using gcc build linker version 2.27 [GNU ld version 2.27-44.base.el7]
[...]
g++: error: unrecognized command line option '-std=c++14'
Add a dependency on host gcc >= 4.9 for the OpenJDK 16 version only, so
that users can still use OpenJDK 11 on older distributions.
Fixes:
- http://autobuild.buildroot.org/results/7072308d148ccb8237180729551df65c87a76f11
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: limit the dependency to OpenJDK 16]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0e5a1f7757)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Force relative file path resolution of DEVELOPERS file entries to use
forward-slash separators since pattern matching assumes forward slashes.
This is to help permit uses invoking `get-developers` on Platforms where
`os.sep` may not be a forward slash.
Signed-off-by: James Knight <james.d.knight@live.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit eb75d71b80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix MKIMAGE_ARCH handling to avoid the following build failure:
/home/buildroot/autobuild/instance-0/output-1/build/host-uboot-tools-2021.07/tools/mkimage -C none -A openrisc -T script -d /home/buildroot/autobuild/instance-0/output-1/boot_script.txt /home/buildroot/autobuild/instance-0/output-1/build/host-uboot-tools-2021.07/tools/boot.scr
Invalid architecture, supported are:
alpha Alpha
arc ARC
arm ARM
arm64 AArch64
avr32 AVR32
blackfin Blackfin
ia64 IA64
invalid Invalid ARCH
m68k M68K
microblaze MicroBlaze
mips MIPS
mips64 MIPS 64 Bit
nds32 NDS32
nios2 NIOS II
or1k OpenRISC 1000
powerpc PowerPC
riscv RISC-V
s390 IBM S390
sandbox Sandbox
sh SuperH
sparc SPARC
sparc64 SPARC 64 Bit
x86 Intel x86
x86_64 AMD x86_64
xtensa Xtensa
Strangely enough, we only have autobuilder failures since July 2021 even
as or1k has been used since the addition of openriscv support in 2012:
3ddcaccda3
For x86_64, we incorrectly mangle it to x86.
Finally, the comment about mips64 is wrong: mips64 *is* a valid
archtecture, and we anyway had no code to tweak that case.
Fixes:
- http://autobuild.buildroot.org/results/c3f0f2a3fb87d74bfdaccf9b94c66f0b5bae7520
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: extend commit log for mips64 and x86_64]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5e8804d4e4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build is broken since bump to version 3.0.0 in commit
45524f10cd because libxslt is needed
instead of expat since
37772c5453:
adding module in /tmp/instance-0/output-1/build/nginx-dav-ext-3.0.0
+ ngx_http_dav_ext_module was configured
checking for PCRE library ... found
checking for PCRE JIT support ... found
Package libxslt was not found in the pkg-config search path.
Perhaps you should add the directory containing `libxslt.pc'
to the PKG_CONFIG_PATH environment variable
Package 'libxslt', required by 'virtual:world', not found
Package libxslt was not found in the pkg-config search path.
Perhaps you should add the directory containing `libxslt.pc'
to the PKG_CONFIG_PATH environment variable
Package 'libxslt', required by 'virtual:world', not found
checking for libxslt ... not found
checking for libxslt in /usr/local/ ... not found
checking for libxslt in /usr/pkg/ ... not found
checking for libxslt in /opt/local/ ... not found
./configure: error: the HTTP XSLT module requires the libxml2/libxslt
libraries. You can either do not enable the module or install the libraries.
Fixes:
- http://autobuild.buildroot.org/results/8735d20ca7ccf4eda2f79f9400bed70474855b40
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c4cae0b7c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libvirt needs a lvm2 standard install since its addition in commit
ccfc90e101 to avoid the following build
failure:
../output-1/build/libvirt-7.4.0/meson.build:1831:6: ERROR: Program 'pvcreate' not found
Fixes:
- http://autobuild.buildroot.org/results/dc9af7a677af7e53c1240ebbee5b0edc84c8cf52
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d0bd34ab20)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following static build failure on musl which is raised because
the "Check for directory libraries" in configure wrongly adds -DNO_DIR
when no directory library is needed:
/tmp/instance-0/output-1/host/bin/arm-buildroot-linux-musleabihf-gcc -c -D_FILE_OFFSET_BITS=64 -O2 -g0 -static -I. -DUNIX -DUIDGID_NOT_16BIT -DBZIP2_SUPPORT -DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT -DNO_MKTIME -DNO_DIR -DHAVE_DIRENT_H -DHAVE_TERMIOS_H unix/unix.c
unix/unix.c:70:14: error: conflicting types for 'DIR'
70 | typedef FILE DIR;
| ^~~
Fixes:
- http://autobuild.buildroot.org/results/83a6e0c8c4ad026cb0261246e3b1a80d754454bd
Patch not sent upstream since upstream is dead.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ea0a4c610d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ruby package exhibits gcc bug 83143 when built for the SH4 architecture
with optimization enabled, which causes a build failure.
Differentely from other packages in Buildroot where we work around this
gcc bug by setting optimization to -O0 we can use -freorder-blocks-algorithm=simple
as suggested here [1] if BR2_TOOLCHAIN_HAS_GCC_BUG_83143=y.
Fixes:
http://autobuild.buildroot.net/results/f57/f5742e7fb6e8142bcdb53b7f4f5e9c1bea3558cd/
[1]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83143#c15
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 4e07008249)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reorder gcc bugs by number
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b1e8594f09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
environment-setup uses BASH_SOURCE which is bash specific. For other
shells, this variable is empty, leading to an error message and empty
SDK_PATH.
Zsh Uses $0. Unfortunately POSIX is not specifying how exactly $0
should behave when in sourced (or using special dot utility). So other
shell support have to be implemented in different manner.
Signed-off-by: Krzysztof Kanas <kkanas@fastmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 65cee90cc3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set includedir to $(STAGING_DIR)/usr/share/gir-1.0 instead of . in
Makefile.introspection or g-ir-compiler won't find .gir files resulting
in a build failure for autotools-based based programs such as gconf
since bump of gobject-introspection to version 1.68.0 in commit
abc110e3624aa4e8a9bd8595b3fdc0aec60845e0:
Could not find GIR file 'GObject-2.0.gir'; check XDG_DATA_DIRS or use --includedir
error parsing file GConf-2.0.gir: Failed to parse included gir GObject-2.0
Fixes:
- http://autobuild.buildroot.org/results/8180d893cbd27512915a7f8a3adb232b93a98ceb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8dda799706)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the website depends on the webserver being enabled we should
add a config option for it and make the website depend on that.
We should also ensure that the mongoose(webserver) config is present.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 25b0645aa4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This needs to be set properly so that services work correctly.
Enable disable automatically based on BR2_PACKAGE_SYSTEMD state.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 85062dcefc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This ensures all tools/libraries will be properly installed.
Update SWUPDATE_BUILD_CMDS param ordering for consistency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 08de8f500e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The swupdate services do not depend on
BR2_PACKAGE_SWUPDATE_INSTALL_WEBSITE, so install them unconditionally.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit cbeaef0f95)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In buildroot, stripping for the target is configured and implemented
with the global `BR2_STRIP_strip` option that drive the stripping in
the target-finalize step.
So, we explicitly disable stripping at build time for swupdate.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1833c710ce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure on uclibc-ng raised since bump to
version 6.0.0 in commit 6b86c9335fc3ff381878156c6243454d4b688df9:
../block/export/fuse.c: In function 'fuse_lseek':
../block/export/fuse.c:641:19: error: 'SEEK_HOLE' undeclared (first use in this function)
641 | if (whence != SEEK_HOLE && whence != SEEK_DATA) {
| ^~~~~~~~~
../block/export/fuse.c:641:19: note: each undeclared identifier is reported only once for each function it appears in
../block/export/fuse.c:641:42: error: 'SEEK_DATA' undeclared (first use in this function); did you mean 'SEEK_SET'?
641 | if (whence != SEEK_HOLE && whence != SEEK_DATA) {
| ^~~~~~~~~
| SEEK_SET
Fixes:
- http://autobuild.buildroot.org/results/33c90ebf04997f4d3557cfa66abc9cf9a3076137
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 52286188ca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
alsa unconditionally uses seq since version 0.2.90 and
818fb9e904
which will result in the following build failure since commit
a6d88d3ba5e30e11f4d726f341bc56c1be7c71c9:
In file included from ../spa/plugins/alsa/alsa-seq-bridge.c:44:
../spa/plugins/alsa/alsa-seq.h:71:2: error: unknown type name 'snd_seq_addr_t'
71 | snd_seq_addr_t addr;
| ^~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/65e3a9185b3b84ad78cd05f788f741b8734d2bbc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6409ea4c22)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The URL pointing to phytec.de is obsolete and not even used by
Buildroot.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fde22d8c77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
sox also provides one or more libraries with headers, so also install
sox to staging.
Signed-off-by: Adrian Amaglio <nainformatique@gresille.org>
[Giulio: reword commit log]
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr:
- further refine commit log
- move assignment in a more sensible location
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b6ff11fd9d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gr-pager (labeled 'gr-flex' in our menuconfig) is not available since
bump to version 3.8.0.0 in commit 0d6a7b2981 (package/gnuradio: bump
to version 3.8.0.0) and upstream commit:
2d2caa205f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5045cab63d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-40346: An integer overflow exists in HAProxy 2.0 through 2.5 in
the htx_add_header() can be exploited to perform an HTTP request smuggling
attack, allowing an attacker to bypass all configured http-request HAProxy
ACLs and possibly other ACLs.
For more details, see the advisory:
https://www.mail-archive.com/haproxy@formilux.org/msg41114.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 36c115d0bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Explicitly indicate the file encoding to UTF-8 for the DEVELOPERS
document. This prevents Unicode decoding errors when printing E-Mail
entries with Unicode characters on systems using an alternative default
encoding (e.g. 'CP1252').
This corrects the following observed error:
$ ./utils/get-developers outgoing/*
Traceback (most recent call last):
File "utils\get-developers", line 105, in <module>
__main__()
File "utils\get-developers", line 47, in __main__
devs = getdeveloperlib.parse_developers()
File "...\buildroot\utils\getdeveloperlib.py", line 239, in parse_developers
for line in f:
File "...\Python<ver>\lib\encodings\cp1252.py", line 23, in decode
return codecs.charmap_decode(input,self.errors,decoding_table)[0]
UnicodeDecodeError: 'charmap' codec can't decode byte 0x81 in position 6659: character maps to <undefined>
Signed-off-by: James Knight <james.d.knight@live.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f127cc420)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.16.8 (released 2021-09-09) includes a security fix to the archive/zip
package, as well as bug fixes to the archive/zip, go/internal/gccgoimporter,
html/template, net/http, and runtime/pprof packages.
https://golang.org/doc/devel/release#go1.16.minor
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop 2021.08 entry duplicate added with commit
531b2a10cd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e5ff29c4a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to version 2.9.3:
This is a small bugfix release focusing on exfat and dosfstools upstream
changes, along with a couple of test fixes.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7515f62017)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mosquitto 2.0.12 is a security and bugfix release, notably:
* Fix possible DoS in the broker with MQTTv5
* Fix CVE-2020-13849
* Fix CVE-2021-34434
Read the full announcement on
https://mosquitto.org/blog/2021/08/version-2-0-12-released/
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d333eab3f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>