At the moment there are 2 patches with the same id(0001-xxx.patch) so
let's rename one of them to 0002-xxx.patch.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The oldest toolchain we test in the autobuilders is the Sourcery ARM
toolchain which is GCC 4.8 and kernel headers 3.13. Therefore, it is
likely that we're missing the required _AT_LEAST dependencies to exclude
packages that don't build with older GCC/headers.
Add a comment to the custom external toolchain that warns when an
untested GCC or kernel headers version is selected.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch bump fail2ban to verison 0.11.1.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libcap-ng is an optional dependency since a very long time (2010) and
24882d3672
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Notice that 1.8.31 fixes a security issue with the non-default pwfeedback
option, but according to the advisory this is not exploitable in 1.8.28:
versions 1.8.26 through 1.8.30 it is not exploitable due to a change in EOF
handling introduced in sudo 1.8.26
https://www.sudo.ws/alerts/pwfeedback.html
Adjust license hash as the copyright year was changed:
- Copyright (c) 1994-1996, 1998-2019
+ Copyright (c) 1994-1996, 1998-2020
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixed the following security issue:
- CVE-2020-0569: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would
search for certain plugins first on the current working directory of the
application, which allows an attacker that can place files in the file
system and influence the working directory of Qt-based applications to
load and execute malicious code. This issue was verified on macOS and
Linux and probably affects all other Unix operating systems. This issue
does not affect Windows.
- CVE-2020-0570: QLibrary in Qt versions 5.12.0 through 5.14.0, on certain
x86 machines, would search for certain libraries and plugins relative to
current working directory of the application, which allows an attacker
that can place files in the file system and influence the working
directory of Qt-based applications to load and execute malicious code.
This issue was verified on Linux and probably affects all Unix operating
systems, other than macOS (Darwin). This issue does not affect Windows.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/01/30/1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixed the following security issue:
- CVE-2020-0569: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would
search for certain plugins first on the current working directory of the
application, which allows an attacker that can place files in the file
system and influence the working directory of Qt-based applications to
load and execute malicious code. This issue was verified on macOS and
Linux and probably affects all other Unix operating systems. This issue
does not affect Windows.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/01/30/1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed patch which was applied upstream:
69b4230c36
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Allow specifying additional build targets for ATF.
This might be more useful when using a custom git repository.
For example, when using with the ATF repository from NXP QorIQ,
there is a new build target 'pbl' which is used to build the
pbl binary image. Note that in the specific case of the 'pbl'
target, additional build variables also need to be specified
through BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES.
Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
patch 0005 has been sourced from upstream, and can be dropped when
7.4.3 is released.
The mbstrings module used to use a bundled oniguruma library, but now
uses an external one, hence the new dependency on this package for the
mbstrings module.
The hash of the license file has changed due to this change in the
copyright year:
-Copyright (c) 1999 - 2018 The PHP Group. All rights reserved.
+Copyright (c) 1999 - 2019 The PHP Group. All rights reserved.
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patch that is now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Xtensa architecture has been added. Let's use upstream sha1 for
tarball's hash.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump to version 4.4 and switch to github site since the kernel
repository has not been updated. See
https://github.com/plougher/squashfs-tools/blob/master/README.
Dropping patch that has been incorporated in the new release.
This version bump includes support for reproducible images. See the full
release notes for details at
https://github.com/plougher/squashfs-tools/blob/master/README-4.4
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
lzma package is a host-only package so replace this wrong dependency by
xz package
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
zlib is optional since version 4.22 and
b950f1f426
and --enable-zlib has been fixed since version 5.37 and
8c6dcd7ef6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bugfix release, fixing a number of issues in the 4.1 release. For details,
see the announcement:
https://github.com/tpm2-software/tpm2-tools/releases/tag/4.1.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
bzip2 is an optional dependency since version 5.38 and
b259a07ea9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
xz is an optional dependency since version 5.38 and
b259a07ea9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The libmodsecurity build system uses the file installed on the host if not
explicitly pointed to pcre-config in the staging dir.
Fixes:
- http://autobuild.buildroot.net/results/f936ad05bca4bb776917306700750ba6d2498ef0
+ similar failures for other architectures
Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The name of the package diverges slightly from upstream to maintain
consistency with other nginx modules already present.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The dependency on !BR2_STATIC_LIBS is due to missing Libs.private in the
libmodconfig pkg-config file making builds that statically link against
libmodsecurity fail.
Lua is disabled due to using the host libraries.
Yajl is disabled as enabling it forces the tests to be built. These tests have a
hard dependency on libmodsecurity.a which is not built when --disable-static is
used in the configuration. There is no flag to disable these tests.
Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This includes the following changes:
879c073 Do not hardcode path for install
d9c639b libubootenv: add pkg-config support
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1
parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients
can be made to crash by an HTTPS server, while net/http servers that accept
client certificates will recover the panic and are unaffected. Thanks to
Project Wycheproof for providing the test cases that led to the discovery of
this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
