Fixes CVE-2017-18342: In PyYAML before 4.1, the yaml.load() API
could execute arbitrary code.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For details see [1].
This bump also deleted the two patch files for the RAUC package. These
were related to eMMC support being made optional, and workaround for
olde kernel. Both of these patch sets have been merged into upsteam in
the rauc git repos.
Older kernel workaound:
993b698c48 (diff-b3a0044e6a3b6a8b16933e72f416c8f1)
Make eMMC selectable:
f85d1cab07 (diff-365367c8cde56aafd5cbad767e1c9738)
[1] https://github.com/rauc/rauc/releases/tag/v1.0
Signed-off-by: David J Fogle <dave@exitstrategytech.com>
[Thomas: drop AUTORECONF = YES, no longer needed.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4.20.x is not a long term support kernel, but 4.19.x is (supported until end
2020):
https://www.kernel.org/category/releases.html
With the upcoming Buildroot 2019.02 release being a LTS release, default to
4.19.x instead.
Notice: The userspace API breakage in net_stamp.h causing build failures has
now been fixed in 4.19.14 by commit e4a2ffe9029fd (net: Use
__kernel_clockid_t in uapi net_stamp.h)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Thomas: add comment in linux/Config.in and
package/linux-headers/Config.in.host so that we don't mistakenly bump
to 4.20+.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit adds a package for 'shim', an EFI bootloader for secure
boot chain loading.
While gnu-efi supports 32bit ARM, this is currently broken in shim.
Patches to fix this have been submitted upstream but are not included
here for now.
https://github.com/rhboot/shim/pull/162
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Thomas: use BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS, add separate depends
on to exclude ARM32 build.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This will be used in packages that depend on gnu-efi, and we take this
opportunity to propagate this dependency where it was missing in
gummiboot and syslinux. In practice, it was not a problem because
gummiboot and syslinux are only available on i386 and x86-64, which is
a subset of the architectures supported by gnu-efi.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adds support for StrnCat, needed by shim.
Also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Pass TARGET_CONFIGURE_OPTS in the environment instead of on the make command
line, so 'CFLAGS +=' does the right thing in the Makefile without patching.
TARGET_CONFIGURE_OPTS includes TARGET_MAKE_ENV, so drop that.
This does require us to pass CROSS_COMPILE to ensure the native tools are
not used though.
Add a GNU_EFI_MAKE_OPTS and use in both the build and install steps, instead
of repeating the various arguments.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now CMAKE_SYSTEM_VERSION is properly set in toolchainfile.cmake, it is
no longer necessary to set a dummy value in azure-iot-sdk-c.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Nikita Sobolev <Nikita.Sobolev@synopsys.com>
Cc: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Quoting the CMake documentation:
When the CMAKE_SYSTEM_NAME variable is set explicitly to enable cross
compiling then the value of CMAKE_SYSTEM_VERSION must also be set
explicitly to specify the target system version.
Thus, we should also set CMAKE_SYSTEM_VERSION in toolchainfile.cmake. It
is supposed to be set to the value of `uname -r` on the target. We don't
have that exact value available (unless we build the kernel), but the
value of BR2_TOOLCHAIN_HEADERS_AT_LEAST contains the (minimum) version
of the kernel it will run on, so it should be OK for all practical
purposes.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove first patch (already in version) and so remove
READLINE_AUTOCONF as configure.ac is not patched anymore
- Use the new --disable-install-examples option and remove
READLINE_PURGE_EXAMPLES
- Remove READLINE_INSTALL_PC_FILE as readline.pc is installed since:
http://git.savannah.gnu.org/cgit/readline.git/commit/Makefile.in?id=8e6ccd0373d77b86ed37a9a7d232ccfea3d6670c
- Remove READLINE_INSTALL_FIXUPS_SHARED (libraries are installed with
correct rights)
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the bump to version 1.15, libsquish can conditionally
build/install its shared library, which makes it possible to re-enable
this package for BR2_STATIC_LIBS configurations.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While testing the new supertuxkart 0.10-beta1 version, the build
failed due to missing libsquash shared library.
Indeed, by default (see config file) the shared library is not build
and all symlinks created by LIBSQUISH_INSTALL_{STAGING,TARGET}_CMDS
are curently broken.
To fix that, add USE_SHARED=1 to LIBSQUISH_MAKE_ENV.
Also add a patch to allow reinstall the package.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Brings lots improvements and bug fixes, especially bug #1720[1], which
causes problems on some of our (DATACOM) products.
1. https://github.com/balabit/syslog-ng/issues/1720
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure option "--with-pcre-regex=$(STAGING_DIR)/usr" is broken.
PHP will prepend $(STAGING_DIR)/usr to the paths, which will cause a
failure because it won't be able to find pcre, and will then fallback to
searching for pcre2, which won't be installed.
Removing "=$(STAGING_DIR)/usr" from --with-pcre-regex fixes the issue.
Fixes:
http://autobuild.buildroot.net/results/586/586f56e8fcf2d2bbbd3bdf69b1c3befff7ce8bbf
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Tested-by: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
gnuchess is licensed under GPL-3.0+ not GPL-2.0+, also add hash for
license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a minimal RISC-V 32-bit autobuild configuration for the
internal toolchain with glibc.
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
releases.nixos.org gives some weird XML pages. The upstream location is
nixos.org/releases.
This side uses HSTS, so switch to https to avoid a needless redirect.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit ec69d3820f (package/lighttpd: bump to version 1.4.52) bumped the
lighttpd version but forgot to adjust the upstream hash comment.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As xenomai release tarballs ship with a configure script, there is only a
need for autoreconfiguring when patches are applied.
The last patch was removed with git commit
de993bc23a but the AUTORECONF line remained.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The v0.1 tag is the first (and only) tag of the project, and has been
done after commit 424b706f990a9eb96dfc19cc8e54f2cd6ce5e186 that we
currently use as a valijson version.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
uClibc-ng in non-NPTL configurations doesn't implement
pthread_setname_np(). Unfortunately grpc assumes that as soon as
__GLIBC__ is defined, pthread_setname_np() is available. It is
particularly sad, because grpc build system uses CMake, so it is
trivial to do such a check.
This commit adds a patch that does just this: check for the
availability of pthread_setname_np(), and use it only if
available. The patch has been submitted upstream.
Fixes:
http://autobuild.buildroot.org/results/47991306abbcd80fb8e6baad0bd7490fa74f696c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream CHANGELOG entry for 4.3.0 lists these fixes:
- CVE-2018-18408 use-after-free in post_args (#489)
- CVE-2018-18407 heap-buffer-overflow csum_replace4 (#488)
- CVE-2018-17974 heap-buffer-overflow dlt_en10mb_encode (#486)
- CVE-2018-17580 heap-buffer-overflow fast_edit_packet (#485)
- CVE-2018-17582 heap-buffer-overflow in get_next_packet (#484)
- CVE-2018-13112 heap-buffer-overflow in get_l2len (#477 dup #408)
Drop tr_cv_libpcap_version and ac_cv_have_bpf; unused in current
configure script.
Make configure script use pcap-config to list library dependencies.
Unfortunately, pcap-config is not entirely correct, so we still need to
set the LIBS variable for static linking.
Use the smaller tar.xz archive.
Add license file hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
