Fixes the following security issues:
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion
Affected Node.js versions converted carriage returns in HTTP request
headers to a hyphen before parsing. This can lead to HTTP Request
Smuggling as it is a non-standard interpretation of the header.
Impacts:
All versions of the 14.x and 12.x releases line
- CVE-2020-8252: fs.realpath.native may cause buffer overflow
libuv's realpath implementation incorrectly determined the buffer size
which can result in a buffer overflow if the resolved path is longer than
256 bytes.
Impacts:
All versions of the 10.x release line
All versions of the 12.x release line
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
Adjust license hash for the addition of the BSD-3c licensed highlight.js:
6f8b7a85d2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We used to have a conditional patch applied on PowerPC soft-float, but
this logic was dropped in commit
0c82f3f635 ("package/gcc: remove powerpc
conditional patching logic"). However, we still have some related
leftovers in the calculation of the hashes for ccache, which can now
be dropped.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Acked-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 52c5c6050c disabled debuginfod on
target but not on host resulting in the following build failure:
configure: error: dependencies not found, use --disable-libdebuginfod to disable or --enable-libdebuginfod=dummy to build a (bootstrap) dummy library.
Fixes:
- http://autobuild.buildroot.org/results/97713c7e281313826067af559337832f22c3cb09
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The logic in libbacktrace/configure.ac to detect if __sync builtins
are available assumes they are as soon as target_subdir is not
empty, i.e when cross-compiling. However, some platforms do not have
__sync builtins, so help the configure script a bit.
"libbacktrace_cv_sys_sync=no" is lost when it is added to
HOST_GCC_COMMON_CONF_ENV because the environment is not exported
when executing the libbacktrace configure script.
Use target_configargs to force "libbacktrace_cv_sys_sync=no" when
executiong the libbacktrace configure script.
Fixes:
https://gitlab.com/bootlin/toolchains-builder/-/jobs/729359681
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Romain: use target_configargs="libbacktrace_cv_sys_sync=no"]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We dropped the CodeBench 2012.09 toolchain for SuperH a long time,
and with recent toolchains, Ruby at -Os builds perfectly fine, so
there's no reason to keep this work-around.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: slight rewording in the commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit f89ca996b6 enabled linux-pam on
musl however rlogind fails to build on musl because it uses logwtmp:
/home/giuliobenetti/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/8.3.0/../../../../x86_64-buildroot-linux-musl/bin/ld: rlogind.c:(.text.startup+0x9ec): undefined reference to `logwtmp'
As this package is unmaintained, just disable back rlogind on musl
Fixes:
- http://autobuild.buildroot.org/results/f2eb1c0bab7c6c32d6c561da0f85a530bd419206
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
DEPS_DIR is a new CLI option introduced by the version 3.4.0,
which avoids the use of `external_deps_dirs` in the config files.
now, the host config doesn't need to be altered.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- update home page URL
- change download to new location
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When gdb is built from sources fetched from Git, it contains both the
gdb and the binutils code base. In order to really build only gdb, we
disable a number of binutils components in the
GDB_DISABLE_BINUTILS_CONF_OPTS variable: --disable-binutils,
--disable-ld, --disable-gas, etc. However, gprof was still being
built, so disable it as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The GDB version used on ARC is based on a recent gdb code base, post
gdb 9.2. This recent gdb code base, which pre-figures what will be in
gdb 10, has a significant change: gdbserver is not longer in
gdb/gdbserver, but at the top-level, and the mechanism to build
gdbserver only has changed. Due to this change, a build of ARC GDB for
gdbserver only fails with:
/bin/bash: line 0: cd: /opt/output/build/gdb-arc-2020.03-release-gdb/gdb/gdbserver: No such file or directory
This commit adjusts gdb.mk to support four cases:
- "old" gdb, gdbserver only
- "old" gdb, with the gdb debugger (and optionally gdbserver as well)
- "new" gdb, gdbserver only
- "new" gdb, with the gdb debugger (and optionally gdbserver as well)
A boolean GDB_GDBSERVER_TOPLEVEL is introduced to differentiate
between the old and new gdb, it is set to "y" for gdb versions that
have the gdbserver code at the top-level. For now, only the ARC
version sets it, but in the future, upstream gdb version 10 will also
have to set it.
Here is the behavior, for each case:
(1) "old" gdb, gdbserver only
We set GDB_SUBDIR to gdb/gdbserver, so only the configure script
in this folder gets called.
--enable-gdbserver --disable-gdb are passed in CONF_OPTS.
(2) "old" gdb, with the gdb debugger (and optionally gdbserver as well)
We set GDB_SUBDIR to build/, an empty directory which allows to
do an out of tree build, which is mandatory for a full gdb build
since gdb 9.x.
--enable-gdb is passed in CONF_OPTS as well as --enable-gdbserver
or --disable-gdbserver depending on whether gdbserver is enabled
as well.
(3) "new" gdb, gdbserver only
We set GDB_SUBDIR to build/, an empty directory which allows to
do an out of tree build, which is mandatory for a full gdb build
since gdb 9.x.
--enable-gdbserver --disable-gdb are passed in CONF_OPTS.
(4) "new" gdb, with the gdb debugger (and optionally gdbserver as well)
We set GDB_SUBDIR to build/, an empty directory which allows to
do an out of tree build, which is mandatory for a full gdb build
since gdb 9.x.
--enable-gdb is passed in CONF_OPTS as well as --enable-gdbserver
or --disable-gdbserver depending on whether gdbserver is enabled
as well.
In addition to these changes, some related changes are done as well:
- We re-enable building both gdb and gdbserver on ARC, as it works
again.
- We only pass --with-curses when curses is really provided, i.e when
the full debugger is being built.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Replace SENTRY_CLI_DEPENDENCIES by HOST_SENTRY_CLI_DEPENDENCIES as
sentry-cli is a host-generic-package
Fixes:
- http://autobuild.buildroot.org/results/ce566ec91a8f7d69f2525892a7a034c829db9dad
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The qt5base feature 'xcb_syslibs' is a compile check
using a xcb_render_util call (see qt5base-5.15.1/src/gui/configure.json).
Fixes:
- http://autobuild.buildroot.net/results/3c05e597c073b823f8b091e17b676ed3ecf6b5b3
ERROR: Feature 'xcb' was enabled, but the pre-condition 'features.thread && libs.xcb && tests.xcb_syslibs && features.xkbcommon-x11' failed.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
From release note:
Version 3.1 - September 2020
This release offers substantial new functionality. Users are encouraged
to upgrade. The most notable changes are as follows.
* Fixes non-functional NMEA mode of the ts2phc program (since 3.0)
* Improves system time synchronization via the PTP_SYS_OFFSET_PRECISE
and PTP_SYS_OFFSET_EXTENDED ioctls.
* Supports implementing a PTP GM clock by using a GPS radio or other
PPS time source.
* Provides per-port statistics via the management interface.
* Implements IEEE 1588 v2.1 slave event monitoring.
* Adds Automotive Profile support.y
utils/test-pkg -p linuxptp
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: OK
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
6 builds, 0 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Needed in order to use eglfs_kms platform backend.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a minor release which fixes a regression found in 2.30.0.
Release notes:
https://webkitgtk.org/2020/09/21/webkitgtk2.30.1-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream repository has been dead for quite a while now, and in fact
we are using s.b.o as the "official" location now.
There however exists a Github repository, which is still alive. That
repository has not been touched in a looooong while, but it's still
up, and there is a revision which actually gives the exact same
content (although the hash changes, because the directory name has
changed, from open2300-12/ to open2300-f2198.../).
Also fix spaces in hash file.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The whole arch/Config.in.s390x file is only included by arch/Config.in
if BR2_s390x=y, so having "depends on" conditions on each options of
the choice doesn't make much sense.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: drop first, empty line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Refreshed patch #1 and disable debuginfod.
The debuginfod tools needs to hook into serverinfrastructure,
this currently only exists for Fedora.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a minimal s390x s13 autobuild configuration for the
internal toolchain with glibc.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.net/results/76b580000e6311e88584874f942517badd6fadf6/
python-txtorcon DOES support python 2.x, but it contains some optional
python 3 / async code in controller_py3.py which is conditionally used from
controller.py:
try:
from .controller_py3 import _AsyncOnionAuthContext
HAVE_ASYNC = True
except Exception:
HAVE_ASYNC = False
pycompile unfortunately errors out on the async code:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/txtorcon/controller_py3.py", line 13
async def __aenter__(self):
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable _py3 file from TARGET_DIR if
building for python 2.x.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes:
http://autobuild.buildroot.net/results/eef0969bac04800cec51fa27f1e1ecd3a4c8211e/
tinyrpc 1.x is not compatible with python 2.x, leading to errors during the
pycompile step:
error: File "/usr/lib/python2.7/site-packages/tinyrpc/client.py", line 37
self, protocol: RPCProtocol, transport: ClientTransport
^
SyntaxError: invalid syntax
As also documented in the README:
The current version will support Python3 only. Have a look at the 0.9.x
version if you need Python2 support
https://github.com/mbr/tinyrpc/blob/1.0.4/README.rst
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The host-zstd-build step was not actually compiling the library:
make[1]: Entering directory '/buildroot/output/build/host-zstd-1.4.5/lib'
make[1]: Nothing to be done for 'default'.
make[1]: Leaving directory '/buildroot/output/build/host-zstd-1.4.5/lib'
and the actual compilation was part of the install step.
This is not how other Buildroot packages work.
Make sure to specify which library targets we want instead. The total amount
of compiled files does not change with this patch.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit a2830f0dad (support/gnuconfig: bump version) carried
spurious, uncommited local changes to config.sub, that were not
part of upstream commit d7a4dee7cc25e332b990d0a6d9f0ddd42cb33cf5.
Fix that by actually using the code as it is upstream.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- squash the revert and the new bump into this commit
- ammend commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
fixes following in the generated cross-complation.conf file:
pkg_config_static = '$(if $(BR2_STATIC_LIBS),true,false)'
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The fakeroot script does not appear to be used in any of the checked
in defconfig targets, but it seems that most often the post
fakeroot script should be done after all the packages rules have
been applied instead of before.
Given that a change in systemd moved the SYSTEMD_PRESET_ALL hook to
a ROOTFS_PRE_CMD_HOOKS, there was no way to use a FAKEROOT script
to disable a service or fixup a systemd configuration. The systemd
move makes sense, and this just tries to preserve the same ability
to fixup a rootfs after all the cmd hooks are processed.
Refer to commit 65b63785a6 for
the change that instigated this reordering.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When one GPL-licensed plugin was enabled, the license of
gst1-plugins-ugly would be "LGPL-2.1+ GPL-2.0", but licenses should be
comma separated, not space separated. So let's fix that to get the
expected value of "LGPL-2.1+, GPL-2.0".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change home page url to https
- meson options: doc=disabled
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
