get-developers tries to open DEVELOPERS in the current directory, so it
breaks when calling it from elsewhere than the toplevel Buildroot directory.
Traceback (most recent call last):
File "../utils/get-developers", line 107, in <module>
__main__()
File "../utils/get-developers", line 26, in __main__
devs = getdeveloperlib.parse_developers(os.path.dirname()
File "/home/peko/source/buildroot/utils/getdeveloperlib.py", line 161, in parse_developers
with open(os.path.join(basepath, "DEVELOPERS"), "r") as f:
IOError: [Errno 2] No such file or directory: '/home/peko/source/buildroot/output-foo/DEVELOPERS'
Fix it by instead figuring out where the DEVELOPERS file is relative to the
location of get-developers (E.G. one level up).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Arnout:
- add realpath to support a symlinked get-developers script;
- pass devs_dir argument to check_developers() to support -c in subdir;
- convert basepath to absolute path to support -f option.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 62d5558f76)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes a syntax error introduced in bcf2ed5cc3.
Output before the patch:
$ ./utils/get-developers outgoing/*
File "./utils/get-developers", line 97
print dev
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean
print(dev)?
Output after the patch:
$ ./utils/get-developers outgoing/*
git send-email --to buildroot@buildroot.org
Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8320ad3341)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When called with a list of patches, get-developers prints the entire git
send-email invocation line:
./utils/get-developers 0001-git-security-bump-to-version-2.16.5.patch
git send-email --to buildroot@buildroot.org --cc "Matt Weber <matthew.weber@rockwellcollins.com>"
This may be handy when creating an entire patch series and editing a cover
letter, but it does mean that this has to be explicitly executed and
get-developers cannot be used directly by the --cc-cmd option of git
send-email to automatically CC affected developers.
So add an -e flag to only let get-developers print the email addresses of
the affected developers in the one-email-per-line format expected by git
send-email, similar to how get_maintainer.pl works in the Linux kernel.
With this and a suitable git configuration:
git config sendemail.to buildroot@buildroot.org
git config sendemail.ccCmd "$(pwd)/utils/get-developers -e"
You can simply do:
git send-email master
To automatically mail the buildroot list and CC affected developers on
patches.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bcf2ed5cc3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the release notes:
This update contains new mitigation functionality for CVE-2018-3639
(Speculative Store Bypass) in x86. There are also bug fixes for
migration, Intel IOMMU emulation, block layer/image handling, ARM
emulation, and various other areas.
https://www.mail-archive.com/qemu-devel@nongnu.org/msg553574.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b400c2ae0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In addition:
- Update 0001-user-exec-fix-usage-of-mcontext-structure-on-ARM-uCl.patch
with new line numbers and file location.
- Remove upstream 0002-memfd-fix-configure-test.patch
- Add new options found in 2.12.0 in qemu.mk as disabled.
- Remove --with-system-pixman as it's no longer optional.
Tested with test-pkg:
./utils/test-pkg -p qemu -c configs/qemu_min_defconfig
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: SKIPPED
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
armv5-ctng-linux-gnueabi [6/6]: OK
6 builds, 1 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 06e3957c16)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit:
https://git.buildroot.net/buildroot/commit/?id=13722d58f77d0e9fea9eefc50bf083d19f835433
Patch "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
was intended to fix AC_CHECK_FUNCS() failure on openssl functions. This
was due to missing -lz during static linking.
But the patch is wrong and results in explicitly linking against -lz in
both shared and static build.
This makes no sense, since shared linking has transitive dependency so
it doesn't need to list -lz after -lssl, -lssl is enough.
Differently static linking needs -lz to be listed after -lssl.
So the real cause of previous build failure:
http://autobuild.buildroot.net/results/881/881139fb049738b16609d39ad5a49bd77ff6b4aa/
is that when AC_CHECK_FUNCS(), $LIBS variable is overwritten with
$LIBCRYPTO without taking into accout previous $LIBS content(i.e. where
-lz is present). This results in AC_CHEC_FUNCS() to fail while trying to
statically link without listing -lz.
Then:
- Remove current "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
- Add patch "0003-configure-fix-AC_CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch"
where add $LIBS content to tail of new $LIBS variable like this:
LIBS="$LIBCRYPTO $LIBS"
NOTE: $LIBS is at the end to ensure static linking to work correctly.
- Add patch 0004-configure-fix-AC_CHECK_FUNCS-TLS_method-TLSv1_method.patch
where add $LIBS content to tail of new $LIBS variable like this:
LIBS="-lssl $LIBCRYPTO $LIBS"
NOTE: $LIBS is at the end to ensure static linking to work correctly.
This way AC_CHECK_FUNCS(), when static linking, try to link with -lz too
appending it at the end of linking library list.
And after every AC_CHECK_FUNCS(), previously saved $LIBS variable gets
back to its original value(i.e. containing -lz if present) resulting in
having or not -lz appended to library list according to static or
shared build.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c5a7c287de)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-18065: _set_key in agent/helpers/table_container.c in
Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an
authenticated attacker to remotely cause the instance to crash via a crafted
UDP packet, resulting in Denial of Service.
For more details, see description and PoC:
https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
Removed patch, applied upstream, autoreconf is not needed anymore.
Added sha256 hashes for tarball and license file.
Switched _SITE to https.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1fe32e8375)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-17456: RCE issue in handling of git submodules
For more details, see the announcement:
https://marc.info/?l=git&m=153875888916397&w=2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 063eff9bc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Because we are patching Makefile.am, Makefile.am is newer than Makefile.in
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This package only needs ncurses when readline support is enabled, as
it's the autoconf macro file for readline (used by autoconf to create
the gnupg configure script) that checks for and pulls in ncurses.
Since readline already depends on ncurses, gnupg need only depend on
readline (when enabled).
The host package always forces readline support off, so the
host-ncurses dependency can be removed entirely.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 51e17496cc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a race condition in QuerySet.update_or_create() that could result in
data loss:
https://code.djangoproject.com/ticket/29499
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit feb811f567)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It seems package has a parallel build issue on ARM cortex A8 or A9 since
at least version 2.5:
[ 94%] Linking CXX shared library libx265.so
ipfilter8.S.o: file not recognized: File truncated
collect2: error: ld returned 1 exit status
CMakeFiles/x265-shared.dir/build.make:221: recipe for target 'libx265.so.160' failed
Fixes:
- http://autobuild.buildroot.org/results/f6ea88324a8f9ac8ee780ddd71ec61f922e20210
- http://autobuild.buildroot.org/results/3bd91a5694936650ce936a408ddd50338f65f8b0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 03bfbc5ab2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In 0002-shared-libs-for-lua.patch, revision number is used to set
library name:
TO_SOLIB = liblua.so.$(R)
However, library is built using PKG_VERSION which is passed only during
build step:
$(CC) -o $@.$(PKG_VERSION) -shared -Wl,-soname="$@.$(PKG_VERSION)" $?
As a result, dynamic library is not installed in staging or target paths
since bump to lua 5.3.5
So, instead of replacing R by PKG_VERSION and passing this variable in
all steps, simply update R to 5
Fixes:
- http://autobuild.buildroot.net/results/28b6672188bb0082ac1467d3b45904880e3634f3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca287f2044)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop 0003-memfd-fix-configure-test.patch applied upstream.
The 4.10.2 version brings a large number of fixes:
https://xenproject.org/downloads/xen-archives/xen-project-410-series/xen-4102.html
Including a number of security fixes:
XSA-260: x86: mishandling of debug exceptions (CVE-2018-8897)
XSA-261: x86 vHPET interrupt injection errors (CVE-2018-10982)
XSA-262: qemu may drive Xen into unbounded loop (CVE-2018-10981)
XSA-263: Speculative Store Bypass (CVE-2018-3639)
XSA-264: preemption checks bypassed in x86 PV MM handling (CVE-2018-12891)
XSA-265: x86: #DB exception safety check can be triggered by a guest
(CVE-2018-12893)
XSA-266: libxl fails to honour readonly flag on HVM emulated SCSI disks
(CVE-2018-12892)
XSA-267: Speculative register leakage from lazy FPU context switching
(CVE-2018-3665)
XSA-268: Use of v2 grant tables may cause crash on ARM (CVE-2018-15469)
XSA-269: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS
(CVE-2018-15468)
XSA-272: oxenstored does not apply quota-maxentity (CVE-2018-15470)
XSA-273: L1 Terminal Fault speculative side channel (CVE-2018-3620,
CVE-2018-3646)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 059d655f5c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2018-16151: The OID parser in the ASN.1 code in gmp allows any number of
random bytes after a valid OID.
CVE-2018-16152: The algorithmIdentifier parser in the ASN.1 code in gmp
doesn't enforce a NULL value for the optional parameter which is not used
with any PKCS#1 algorithm.
For more details, see the advisory:
https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5e04cdde19)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that
begins with $, but is not $SYS, then an assert that should be unreachable is
triggered and Mosquitto will exit.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5e62304359)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed patch 0001, applied upstream.
Replaced patch 0002 with a more generic solution as patch 0001.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f5336412d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the release notes
(http://ftp.isc.org/isc/bind9/9.11.4-P2/RELEASE-NOTES-bind-9.11.4-P2.txt):
* There was a long-existing flaw in the documentation for ms-self,
krb5-self, ms-subdomain, and krb5-subdomain rules in update-policy
statements. Though the policies worked as intended, operators who
configured their servers according to the misleading documentation may
have thought zone updates were more restricted than they were; users of
these rule types are advised to review the documentation and correct
their configurations if necessary. New rule types matching the
previously documented behavior will be introduced in a future maintenance
release. [GL !708]
* named could crash during recursive processing of DNAME records when
deny-answer-aliases was in use. This flaw is disclosed in CVE-2018-5740.
[GL #387]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 63eb34fa12)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2018-16543: In Artifex Ghostscript before 9.24, gssetresolution and
gsgetresolution allow attackers to have an unspecified impact
- CVE-2018-17183: Artifex Ghostscript before 9.25 allowed a user-writable
error exception table, which could be used by remote attackers able to
supply crafted PostScript to potentially overwrite or replace error
handlers to inject code.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b054797eca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't display comment if BR2_USE_MMU is true
Moreover, move BR2_USE_MMU dependency at the top of dependency list
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0dbab1bb45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The libXdmcp configure script uses pkg-config, but the Buildroot
package does not depend on host-pkgconf. This is not seen by the
autobuilders most likely because another package that is always built
before libXdmcp builds pkg-config.
However, running:
$ make xlib_libXdmcp
triggers the following build failure:
checking pkg-config is at least version 0.9.0... ./configure: line 12323: /home/thomas/projets/buildroot/output/host/bin/pkg-config: No such file or directory
no
[...]
checking for XDMCP... configure: error: in `/home/thomas/projets/buildroot/output/build/xlib_libXdmcp-1.1.2':
configure: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
This was detected using per-package target/host folders, because with
this, only the dependencies explicitly expressed by a package are
available to the package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a517df56d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The woff2 dependency is used to support Web fonts in WOFF2 format.
This is a Web-facing feature that Web sites expect WebKit to support,
and it is recommended to be unconditionally enabled. While it is
possible to disable the feature at build time, upstream only recommends
doing so if the target system cannot provide a woff2 package.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 51b3fe094a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure script of xutil_makedepend uses PKG_CHECK_MODULES(), so
it should depend on host-pkgconf. Otherwise, a "make
host-xutil_makedepend" fails with:
"""
checking for X... configure: error: in `/home/thomas/projets/buildroot/output/build/host-xutil_makedepend-1.0.5':
configure: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
Alternatively, you may set the environment variables X_CFLAGS
and X_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
To get pkg-config, see <http://pkg-config.freedesktop.org/>.
"""
This was detected using per-package host/target directories, but can
be reproduced without it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 73185f1270)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit 2524acd417
("package/x11r7/xlib_libxshmfence: bump version to 1.3"), the patch
0001-configure.ac-call-AC_USE_SYSTEM_EXTENSIONS.patch was dropped, but
the corresponding AUTORECONF = YES was not dropped.
This causes a build issue if just xlib_libxshmfence is built (using
"make xlib_libxshmfence" or using per-package host/target directories):
>>> xlib_libxshmfence 1.3 Autoreconfiguring
configure.ac:40: error: must install xorg-macros 1.3 or later before running autoconf/autogen
configure.ac:40: the top level
This commit fixes that by dropping the no longer needed
AUTORECONF = YES.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bcf4b72def)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Use SPDX short identifier (Imlib2) instead of full name
- Add COPYING-PLAIN to license files
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e29fcc1480)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The old URL was not working for quite some time.
Signed-off-by: Marcel Patzlaff <m.patzlaff@pilz.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 43e7667fc8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mrouted part of igmpproxy is licensed under BSD-3-Clause so add this in
IGMPPROXY_LICENSE and add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c60c928614)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As specified in COPYING, examples are licensed under GPL-3.0+ and .x
files are licensed under BSD-2-Clause.
So update LIBNFS_LICENSE, add COPYING, LICENCE-BSD.txt and
LICENCE-GPL-3.txt to LIBNFS_LICENSE_FILES and add hash for all license
files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1b486d4fa3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently libxslt configure finds native /usr/bin/xml2-config.
Signed-off-by: Ferdinand van Aartsen <ferdinand@ombud.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f8f8ff3347)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cppcms contains embedded third party software so add
THIRD_PARTY_SOFTWARE.TXT to CPPCMS_LICENSE_FILES as well as the
additional licenses to CPPCMS_LICENSE.
Also add hash for COPYING.TXT and THIRD_PARTY_SOFTWARE.TXT
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c17310450b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 78dd830f15)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Allows scripting of URL checking to be simplier
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4bdb24c5d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The "For more information, see" is a bit useless, and not having the
URL alone on its own line prevents scripted URL checking.
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b7de9139e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9835025476)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b7490dbd31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8084c33b39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
