Fixes the following security issue:
- TROVE-2020-005: When completing a channel, relays now check more
thoroughly to make sure that it matches any pending circuits before
attaching those circuits. Previously, address correctness and Ed25519
identities were not checked in this case, but only when extending circuits
on an existing channel
For more details, see the release notes:
https://blog.torproject.org/node/1952
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream backports package does not define the LEX/YACC Makefile
variables, contrary to the Kernel which is defining those in [1]. The
default "lex" and "yacc" are then used. On some systems, "yacc" is
Berkeley Yacc. Kconfig parser files are using non-Posix Bison
constructs.
Attempting to generate the parser with byacc fails with error:
yacc: e - line 97 of "zconf.y", syntax error
%destructor {
^
This patch defines the LEX and YACC Makefile variable to use flex and
bison, to fix this issue. The host-bison and host-flex dependencies are
added only if the host does not have them, following the same logic of
the Kernel.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73a4f6dbe70a1b93c11e2d1d6ca68f3522daf434
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ec493ea489)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pick the below patch from upstream, in order to fix
'settimeofday: Invalid argument' introduced by using glibc v2.31+.
(upstream fix 8b4b928 with a small change to apply on busybox 1.31.1)
See https://bugs.busybox.net/show_bug.cgi?id=12756 for more info.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- AST-2020-001: Remote crash in res_pjsip_session
Upon receiving a new SIP Invite, Asterisk did not return the created
dialog locked or referenced.
- AST-2020-002: Outbound INVITE loop on challenge with different nonce
If Asterisk is challenged on an outbound INVITE and the nonce is changed
in each response, Asterisk will continually send INVITEs in a loop. This
causes Asterisk to consume more and more memory since the transaction will
never terminate (even if the call is hung up), ultimately leading to a
restart or shutdown of Asterisk. Outbound authentication must be
configured on the endpoint for this to occur.
For details, see the announcement:
https://www.asterisk.org/asterisk-news/asterisk-13-37-1-16-14-1-17-8-1-18-0-1-and-16-8-cert5-now-available-security/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 339d3e82e8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Avoid setting executable bits for apparmor.service. This gets rid of a
corresponding warning during installation:
Configuration file ../target/usr/lib/systemd/system/apparmor.service
is marked executable. Please remove executable permission bits.
Proceeding anyway.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a325eefc1b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use fbset.c as the license file and, while at it, also update
indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1379ef161b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use README as the license file until upstream provides one:
https://github.com/nroach44/bandwidthd/issues/2
While at it, also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ffc3d6c240)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use argp.h as the license file and, while at it, update indentation in
hash file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ad0e1d609b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2020-27347: The function input_csi_dispatch_sgr_colon() in file
input.c contained a stack-based buffer-overflow that can be exploited by
terminal output.
For details, see:
https://www.openwall.com/lists/oss-security/2020/11/05/3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7e0f81a9f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will fix a static build failure with dnsmasq on latest
libnetfilter_conntrack
Fixes:
- http://autobuild.buildroot.org/results/3fdc2cba20162eb86eaa5c49a056fb40fb18a392
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Baruch Siach <baruch@tkos.co.il>
[Peter: adjust upstream status as pointed out by Baruch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 083dbf4cca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport an upstream patch to fix a regresion introduced in
246.5 by [1].
[1] 8019995e9a
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981805
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8d5076fdba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix a typo in service location, the right location is indeed /usr/sbin.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cfc63898f4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build of xen tools fails if slirp is built before xen because xen is not
compatible with spice slirp which does not provide libslirp.h:
/home/buildroot/autobuild/instance-2/output-1/build/xen-4.13.0/tools/qemu-xen/net/slirp.c:40:10: fatal error: libslirp.h: No such file or directory
#include <libslirp.h>
^~~~~~~~~~~~
Indeed, xen prefers a system-provided slirp over its internal one
So add slirp as a mandatory dependency (now that we switched to the up
to date https://gitlab.freedesktop.org/slirp/libslirp)
This build failure is raised since, at least, version 4.13.0
Fixes:
- http://autobuild.buildroot.org/results/b80b33ed558518f7bbb0a3c8586bf2d0b8acc36f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a0a5c184ef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
slirp depends on libglib2, don't update xen as it already depends on it
Fixes:
- http://autobuild.buildroot.org/results/0b9cff1bc650876a6fff6102b2cb31dcdf4c5e8f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 88a62fac1f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Use an up to date fork (spice slirp is archived and has not been
updated since 2012)
- Add COPYRIGHT as the license file
- BSD-4-Clause has been replaced by BSD-3-Clause since
3bac39137af9f6e69c4e
- Add hash file
- Switch to meson-package
- Fix multiple security vulnerabilities: CVE-2014-3640, CVE-2017-11434,
CVE-2019-6778, CVE-2019-9824, CVE-2019-14378 and CVE-2020-10756
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 97fcae8ddf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps Linux CIP RT to version 4.19.152-cip37-rt16
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0e4d645cf2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps Linux CIP to version 4.19.152-cip37
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 18729f8d64)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 493b1d7b25)
[Peter: drop 5.8.x/5.9.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set BITCOIN_GENBUILD_NO_GIT to not include (Buildroot) git version info in
build, which is available since version 0.15.0 and
e98e3dde6a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 82d6abda1a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add license file and, while at it, update indentation to two spaces
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 062e5d8a65)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I haven't looked at that package and touched it for 6 years now, and
clearly others have taken care of it when looking at the Git history.
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19932c8e02)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e6b3803c84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When running the TestInitSystemSystemdRwIfupdown test, the rootfs must
be in read-write mode. The commit log [1] introducing systemd tests say
so:
"basic systemd, read-write, network w/ ifupdown"
With systemd 246.5, the service systemd-update-done return an error code
when it can't write on the filesystem (/etc)
[1] 117835d5fc
[2] 8019995e9a
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981813
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 14ed65e3a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version is 4.19 and not 4.4.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 642f821ce5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Various bfd section macros and functions like bfd_section_size() have been
modified starting with binutils >= 2.34.
Add a patch to handle this API change.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c2bfbdecd5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
boost program-options is not needed since version 0.17.0 and
f447a0a707
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2185877a80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following check-package warning added by commit
a2b98a6add:
package/davfs2/davfs2.mk:22: expected indent with tabs
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 62bb541d99)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mount.davfs expects the availability of the user and group davfs2.
Signed-off-by: Sven Klomp <mail@klomp.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a2b98a6add)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add lzlib.c as the license file and, while at it, update indentation to
two spaces
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit afdaeab729)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add license file and, while at it, update indentation to two spaces
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1906912a04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2020-15999, https://www.freetype.org/index.html#news
"This is an emergency release, fixing a severe vulnerability in embedded
PNG bitmap handling [...].
All users should update immediately."
Removed md5 hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1ffe654c6d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch is needed to fix the build with freetype >= 2.10.3.
https://www.freetype.org/index.html#news
"A warning for distribution maintainers: Version 2.10.3 and later may
break the build of ghostscript, due to ghostscript's use of a with-
drawn macro that wasn't intended for external usage."
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5177f726a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes of this "Security and build system fixes" release:
https://github.com/open-source-parsers/jsoncpp/releases/tag/1.9.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b2019a5183)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patch (already in version)
Fixed many problems found by OSS-Fuzz
Fixed many problems found by Coverity
https://github.com/kkos/oniguruma/releases/tag/v6.9.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 969fe10855)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dvdsub{enc,overlay} -> dvbsub{enc,overlay}
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8d6c60656e)
[Peter: drop dvbsubenc, only added in 1.18.0]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
opencv3 does not install anything in $(TARGET_DIR)/usr/share/OpenCV/doc
so drop OPENCV3_CLEAN_INSTALL_DOC
However it installs its licence files in
$(TARGET_DIR)/usr/share/licenses/opencv3 so add
OPENCV3_CLEAN_INSTALL_LICENSE
Moreover, the cmake hook does not catch all cmake files and missed the
valgrind files so update OPENCV3_CLEAN_INSTALL_CMAKE and add
OPENCV3_CLEAN_INSTALL_VALGRIND to delete those files:
OpenCVConfig.cmake OpenCVConfig-version.cmake OpenCVModules.cmake OpenCVModules-release.cmake valgrind_3rdparty.supp valgrind.supp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 436f4804b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit d01b0bbad0.
Original commit made restriction for Linux headers < 3.4 which was
related to keepalived version 1.3.5, but it compiles fine now at least
with a toolchain based on 3.2 headers and keepalived 2.0.15 together
with ipset enabled.
Probably it was fixed by this commit:
5a7f895bb7
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c69a88190a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
