- Fix CVE-2020-7069: In PHP versions 7.2.x below 7.2.34, 7.3.x below
7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with
openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the
IV is actually used. This can lead to both decreased security and
incorrect encryption data.
- Fix CVE-2020-7070: In PHP versions 7.2.x below 7.2.34, 7.3.x below
7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP
cookie values, the cookie names are url-decoded. This may lead to
cookies with prefixes like __Host confused with cookies that decode to
such prefix, thus leading to an attacker being able to forge cookie
which is supposed to be secure. See also CVE-2020-8184 for more
information.
https://www.php.net/ChangeLog-7.php#7.4.11
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All the python packages are inside a
if BR2_PACKAGE_PYTHON || BR2_PACKAGE_PYTHON3
conditional, so no need to repeat it in the Config.in.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9e4ffdc8cf modified the output of
'setlocalversion' so that the Buildroot version tag is included in the
output, the version part was added in Makefile.
Due to differences in behavior of the used git and Mercurial commands, this
caused different output for the Mercurial case, in BR2_VERSION_FULL and thus
/etc/os-release and 'make print-version'. Assuming the official Buildroot
releases are tagged and no project-specific tags are present, the output
after commit 9e4ffdc8cf is:
-hg<commit>
whereas it is expected to be something like:
2020.02.6-hg<commit>
Change the Mercurial case in setlocalversion to behave similar to git,
looking up the latest tag if the current revision is not itself tagged.
The number of commits after the latest tag is not added, unlike in git, as
this value is not commonly present in Mercurial output, and its added value
can be disputed in this context. Even one commit could bring a huge change
to the sources, so in order to interpret the number one has to look at the
repository anyhow, in which case the commit ID can just be used.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The content of the license file (doc/readme.html) differs between lua 5.3
and 5.4, so we cannot use a shared .hash file for all versions.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 52f188140c (qemu version bump to 5.1),
the image generated by qemu_riscv64_virt_defconfig doesn't boot anyore with
the following error:
rom: requested regions overlap (rom phdr #0: [...]/images//fw_jump.elf. free=0x000000008000e240, addr=0x0000000080000000)
qemu-system-riscv64: rom check and register reset failed
Update the qemu command line as described in the Qemu wiki for riscv64 [1]
Fixes:
https://gitlab.com/jugurthaB/buildroot/-/jobs/686104707
[1] https://wiki.qemu.org/Documentation/Platforms/RISCV#Booting_64-bit_OpenEmbedded_Images
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Cc: Alistair Francis <alistair.francis@wdc.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since Qemu 5.1, this defconfig doesn't boot due to the to small SD card image size (60MB).
qemu-system-arm: sd_init failed: Invalid SD card size: 60 MiB
SD card size has to be a power of 2, e.g. 64 MiB.
You can resize disk images with 'qemu-img resize <imagefile> <new-size>'
(note that this will lose data if you make the image smaller than it currently is).
qemu-system-arm: sd_init failed
From [1]:
"While the possibility to use small SD card images has been seen as
a feature, it became a bug with CVE-2020-13253, where the guest is
able to do OOB read/write accesses past the image size end."
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/766482935
[1] https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a9bcedd15a5834ca9ae6c3a97933e85ac7edbd36
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/72e0cc78194a1b93bf26a50742e59a1e93bde1d1/
fire has conditional logic to load test_components_py3.py when running under
Python 3.x:
if six.PY3:
from fire import test_components_py3 as py3
pycompile unfortunately errors out on it:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/fire/test_components_py3.py", line 18
def identity(arg1, arg2: int, arg3=10, arg4: int = 20, *arg5,
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable _py3 file from TARGET_DIR if
building for python 2.x.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/4ca459d54545c0e20b0f0cdc63bd81844ecd7f36/
aenum has conditional logic to load python 3.x code located in test_v3.py:
if pyver >= 3.0:
from aenum.test_v3 import TestEnumV3, TestOrderV3, TestNamedTupleV3
And contains logic in setup.py to drop that file during setup.py install if
building for python 2.x:
py3_only = ('aenum/test_v3.py', )
..
if __name__ == '__main__':
if 'install' in sys.argv:
import os, sys
..
if sys.version_info[0] != 3:
for file in py3_only:
try:
os.unlink(file)
But this doesn't work in Buildroot as pkg-python.dk first does setup.py
build (which copies test_v3.py to the build directory) before setup.py
install, so test_v3.py gets installed, leading to errors from pycompile:
error: File "/usr/lib/python2.7/site-packages/aenum/test_v3.py", line 12
class MagicAutoNumberEnum(Enum, settings=AutoNumber):
^
SyntaxError: invalid syntax
As a workaround, add a hook to drop it from the target directory when
building for python 2.x.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use upstream provided hash.
Update README hash because of unrelated content changes.
Format hashes with two spaces delimiter.
Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Contains a number of bugfixes. For details, see the changelog:
https://docs.python.org/release/3.8.6/whatsnew/changelog.html#changelog
Update the license hash for the addition of a note stating that the examples
and documentation is now dual licensed under the PSF and a Zero-Clause BSD
license since:
9fef7c54a0
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion
Affected Node.js versions converted carriage returns in HTTP request
headers to a hyphen before parsing. This can lead to HTTP Request
Smuggling as it is a non-standard interpretation of the header.
Impacts:
All versions of the 14.x and 12.x releases line
- CVE-2020-8252: fs.realpath.native may cause buffer overflow
libuv's realpath implementation incorrectly determined the buffer size
which can result in a buffer overflow if the resolved path is longer than
256 bytes.
Impacts:
All versions of the 10.x release line
All versions of the 12.x release line
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
Adjust license hash for the addition of the BSD-3c licensed highlight.js:
6f8b7a85d2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We used to have a conditional patch applied on PowerPC soft-float, but
this logic was dropped in commit
0c82f3f635 ("package/gcc: remove powerpc
conditional patching logic"). However, we still have some related
leftovers in the calculation of the hashes for ccache, which can now
be dropped.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Acked-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 52c5c6050c disabled debuginfod on
target but not on host resulting in the following build failure:
configure: error: dependencies not found, use --disable-libdebuginfod to disable or --enable-libdebuginfod=dummy to build a (bootstrap) dummy library.
Fixes:
- http://autobuild.buildroot.org/results/97713c7e281313826067af559337832f22c3cb09
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The logic in libbacktrace/configure.ac to detect if __sync builtins
are available assumes they are as soon as target_subdir is not
empty, i.e when cross-compiling. However, some platforms do not have
__sync builtins, so help the configure script a bit.
"libbacktrace_cv_sys_sync=no" is lost when it is added to
HOST_GCC_COMMON_CONF_ENV because the environment is not exported
when executing the libbacktrace configure script.
Use target_configargs to force "libbacktrace_cv_sys_sync=no" when
executiong the libbacktrace configure script.
Fixes:
https://gitlab.com/bootlin/toolchains-builder/-/jobs/729359681
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Romain: use target_configargs="libbacktrace_cv_sys_sync=no"]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We dropped the CodeBench 2012.09 toolchain for SuperH a long time,
and with recent toolchains, Ruby at -Os builds perfectly fine, so
there's no reason to keep this work-around.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: slight rewording in the commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit f89ca996b6 enabled linux-pam on
musl however rlogind fails to build on musl because it uses logwtmp:
/home/giuliobenetti/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/8.3.0/../../../../x86_64-buildroot-linux-musl/bin/ld: rlogind.c:(.text.startup+0x9ec): undefined reference to `logwtmp'
As this package is unmaintained, just disable back rlogind on musl
Fixes:
- http://autobuild.buildroot.org/results/f2eb1c0bab7c6c32d6c561da0f85a530bd419206
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
DEPS_DIR is a new CLI option introduced by the version 3.4.0,
which avoids the use of `external_deps_dirs` in the config files.
now, the host config doesn't need to be altered.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- update home page URL
- change download to new location
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When gdb is built from sources fetched from Git, it contains both the
gdb and the binutils code base. In order to really build only gdb, we
disable a number of binutils components in the
GDB_DISABLE_BINUTILS_CONF_OPTS variable: --disable-binutils,
--disable-ld, --disable-gas, etc. However, gprof was still being
built, so disable it as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The GDB version used on ARC is based on a recent gdb code base, post
gdb 9.2. This recent gdb code base, which pre-figures what will be in
gdb 10, has a significant change: gdbserver is not longer in
gdb/gdbserver, but at the top-level, and the mechanism to build
gdbserver only has changed. Due to this change, a build of ARC GDB for
gdbserver only fails with:
/bin/bash: line 0: cd: /opt/output/build/gdb-arc-2020.03-release-gdb/gdb/gdbserver: No such file or directory
This commit adjusts gdb.mk to support four cases:
- "old" gdb, gdbserver only
- "old" gdb, with the gdb debugger (and optionally gdbserver as well)
- "new" gdb, gdbserver only
- "new" gdb, with the gdb debugger (and optionally gdbserver as well)
A boolean GDB_GDBSERVER_TOPLEVEL is introduced to differentiate
between the old and new gdb, it is set to "y" for gdb versions that
have the gdbserver code at the top-level. For now, only the ARC
version sets it, but in the future, upstream gdb version 10 will also
have to set it.
Here is the behavior, for each case:
(1) "old" gdb, gdbserver only
We set GDB_SUBDIR to gdb/gdbserver, so only the configure script
in this folder gets called.
--enable-gdbserver --disable-gdb are passed in CONF_OPTS.
(2) "old" gdb, with the gdb debugger (and optionally gdbserver as well)
We set GDB_SUBDIR to build/, an empty directory which allows to
do an out of tree build, which is mandatory for a full gdb build
since gdb 9.x.
--enable-gdb is passed in CONF_OPTS as well as --enable-gdbserver
or --disable-gdbserver depending on whether gdbserver is enabled
as well.
(3) "new" gdb, gdbserver only
We set GDB_SUBDIR to build/, an empty directory which allows to
do an out of tree build, which is mandatory for a full gdb build
since gdb 9.x.
--enable-gdbserver --disable-gdb are passed in CONF_OPTS.
(4) "new" gdb, with the gdb debugger (and optionally gdbserver as well)
We set GDB_SUBDIR to build/, an empty directory which allows to
do an out of tree build, which is mandatory for a full gdb build
since gdb 9.x.
--enable-gdb is passed in CONF_OPTS as well as --enable-gdbserver
or --disable-gdbserver depending on whether gdbserver is enabled
as well.
In addition to these changes, some related changes are done as well:
- We re-enable building both gdb and gdbserver on ARC, as it works
again.
- We only pass --with-curses when curses is really provided, i.e when
the full debugger is being built.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Replace SENTRY_CLI_DEPENDENCIES by HOST_SENTRY_CLI_DEPENDENCIES as
sentry-cli is a host-generic-package
Fixes:
- http://autobuild.buildroot.org/results/ce566ec91a8f7d69f2525892a7a034c829db9dad
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The qt5base feature 'xcb_syslibs' is a compile check
using a xcb_render_util call (see qt5base-5.15.1/src/gui/configure.json).
Fixes:
- http://autobuild.buildroot.net/results/3c05e597c073b823f8b091e17b676ed3ecf6b5b3
ERROR: Feature 'xcb' was enabled, but the pre-condition 'features.thread && libs.xcb && tests.xcb_syslibs && features.xkbcommon-x11' failed.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
From release note:
Version 3.1 - September 2020
This release offers substantial new functionality. Users are encouraged
to upgrade. The most notable changes are as follows.
* Fixes non-functional NMEA mode of the ts2phc program (since 3.0)
* Improves system time synchronization via the PTP_SYS_OFFSET_PRECISE
and PTP_SYS_OFFSET_EXTENDED ioctls.
* Supports implementing a PTP GM clock by using a GPS radio or other
PPS time source.
* Provides per-port statistics via the management interface.
* Implements IEEE 1588 v2.1 slave event monitoring.
* Adds Automotive Profile support.y
utils/test-pkg -p linuxptp
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: OK
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
6 builds, 0 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Needed in order to use eglfs_kms platform backend.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
