Enable RC4 in openssl to fix build failure raised since commit
a83d41867c
Fixes:
- http://autobuild.buildroot.org/results/c658beb245cbf06786aa4155c7649c3e1a613e39
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- move the 'select' of the option closer to the 'select' on openssl
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2021-28651: Denial of Service in URN processing
Due to a buffer management bug Squid is vulnerable to a Denial of service
attack against the server it is operating on.
This attack is limited to proxies which attempt to resolve a "urn:"
resource identifier. Support for this resolving is enabled by default in
all Squid.
https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4
- CVE-2021-28652: Denial of Service issue in Cache Manager
Due to an incorrect parser validation bug Squid is vulnerable to a Denial
of Service attack against the Cache Manager API.
https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
- CVE-2021-28662: Denial of Service in HTTP Response Processing
Due to an input validation bug Squid is vulnerable to a Denial of Service
against all clients using the proxy.
https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
- CVE-2021-31806, CVE-2021-31807, CVE-2021-31808: Multiple Issues in HTTP
Range header
Due to an incorrect input validation bug Squid is vulnerable to
a Denial of Service attack against all clients using the proxy.
https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
- CVE-2021-33620: Denial of Service in HTTP Response processing
Due to an input validation bug Squid is vulnerable to a Denial of Service
against all clients using the proxy.
https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release. From the release notes:
Some backports of important fixes to the 1.25 series, for very conservative
people.
libmpg123: Backport bit reservoir CRC fix from 1.26
libmpg123: Backport part2_3_length regression fix (bug 312).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_UDISKS_LVM2 was dropped in commit eb251b3008 (package/lvm2:
drop BR2_PACKAGE_LVM2_APP_LIBRARY), but missed when merging next. Drop it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a python3 host variant since another downstream OSS component
(OP-TEE) uses buildroot and it will depend on a python3 host variant
of python-cryptography.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[yann.morin.1998@free.fr:
- drop target _DEPENDENCIES since this is a host-only package
- instead, add host-openssl to dependencies
- add CPE variables
- also add sync comment for python-pip
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a python3 host variant since we are adding a python3 host variant of
python-cryptography and it is dependent on this.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[yann.morin.1998@free.fr:
- drop target _DEPENDENCIES since this is a host-only package
- also add sync comment to python-cffi
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a python3 host variant since we are adding a python3 host variant of
python-cryptography and it is dependent on this.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[yann.morin.1998@free.fr: also add sync comment to python-pycparser]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a python3 host variant since we are adding a python3 host variant of
python-cryptography and it is dependent on this.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[yann.morin.1998@free.fr:
- add CPE variables
- also add sync comment for python-pip
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a python3 host variant since we are adding a python3 host variant of
python-cryptography and it is dependent on this.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[yann.morin.1998@free.fr: also add sync comment in python-six]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2021-33195: The LookupCNAME, LookupSRV, LookupMX, LookupNS, and
LookupAddr functions in net, and their respective methods on the Resolver
type may return arbitrary values retrieved from DNS which do not follow
the established RFC 1035 rules for domain names. If these names are used
without further sanitization, for instance unsafely included in HTML, they
may allow for injection of unexpected content. Note that LookupTXT may
still return arbitrary values that could require sanitization before
further use
- CVE-2021-33196: The NewReader and OpenReader functions in archive/zip can
cause a panic or an unrecoverable fatal error when reading an archive that
claims to contain a large number of files, regardless of its actual size
- CVE-2021-33197: ReverseProxy in net/http/httputil could be made to forward
certain hop-by-hop headers, including Connection. In case the target of
the ReverseProxy was itself a reverse proxy, this would let an attacker
drop arbitrary headers, including those set by the ReverseProxy.Director
- CVE-2021-33198: The SetString and UnmarshalText methods of math/big.Rat
may cause a panic or an unrecoverable fatal error if passed inputs with
very large exponents
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libmpv-static and libmpv-shared are disabled by default resulting in the
following build failure when building with gl but without rpi, wayland
or x11:
Checking for OpenGL without platform-specific code (e.g. for libmpv) : libmpv-shared not found
Checking for OpenGL context support : gl-cocoa not found
You manually enabled the feature 'gl', but the autodetection check failed.
Here is an extract of wscript:
} , {
'name': '--plain-gl',
'desc': 'OpenGL without platform-specific code (e.g. for libmpv)',
'deps': 'libmpv-shared || libmpv-static',
'func': check_true,
}, {
'name': '--gl',
'desc': 'OpenGL context support',
'deps': 'gl-cocoa || gl-x11 || egl-x11 || egl-drm || '
+ 'gl-win32 || gl-wayland || rpi || '
+ 'plain-gl',
'func': check_true,
'req': True,
'fmsg': "No OpenGL video output found or enabled. " +
"Aborting. If you really mean to compile without OpenGL " +
"video outputs use --disable-gl.",
}, {
Enabling both the shared and static libraries is not allowed by mpv, so
we consider the BR2_STATIC_LIBS to be static, and otherwise (i.e.
BR2_SHARED_LIBS and BR2_SHARED_STATIC_LIBS) to be shared.
Fixes:
- http://autobuild.buildroot.org/results/590d2a8b6746ef071dfb439e42b636f81dbdc35d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- expand config log about shared/static icompatibility
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes https://gitlab.com/buildroot.org/buildroot/-/jobs/1297337965
Commit 15a2f9b819 (package/{mesa3d, mesa3d-headers}: bump
version to 21.0.2) marked BR2_PACKAGE_MESA3D_DRI_DRIVER_SWRAST as legacy,
but forgot to update the defconfig. The SW rasterizer isn't really needed
with the Intel GPU, so just drop it.
In addition, X11 now needs some help with loading the modules in the correct
order, similar to how it was done for the test in commit 4a3639bad0
(support/testing: test_glxinfo load X11 modules in the right order).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update commit ID to include recent upstream fixes:
- Fix I and D cache synchronization issue (2e2f6faaf105)
- Add carriage return to correct menu formatting (2f6ea51dbb51)
- Add copyright info (7d3413d2ffd9)
- Expand the limit on the size of uboot when update it (623888127a0e)
Signed-off-by: Drew Fustini <drew@beagleboard.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update the commit id to include upstream fixes:
- Fix print format in load_and_run_ddr(e976d186e69a)
- Update copyright info (f2b049b7fff2)
- Avoid chiplink address exception (86664be28e5d)
Signed-off-by: Drew Fustini <drew@beagleboard.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with gcc 11:
/data/buildroot-autobuilder/instance-0/output-1/build/qt5base-5.15.2/include/QtCore/../../src/corelib/global/qfloat16.h:300:7: error: 'numeric_limits' is not a class template
300 | class numeric_limits<QT_PREPEND_NAMESPACE(qfloat16)> : public numeric_limits<float>
| ^~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/9a7a987af40b8408ccdfcae4890008c7090b41a1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Disable -Werror to avoid the following build failure:
<command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror]
MEDIA_BUILD_FATAL_WARNINGS option is available since version 18.2.0 and
6932fc0ffb
Fixes:
- http://autobuild.buildroot.org/results/52638d95312e464626d1c4047b3b26d4f57a1cd2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add -std=c++11 to fix the following build failure with gcc 11:
/data/buildroot-autobuilder/instance-0/output-1/host/include/cutl/shared-ptr/base.hxx:34:41: error: ISO C++17 does not allow dynamic exception specifications
34 | operator new (std::size_t, cutl::share) throw (std::bad_alloc);
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/9cbb8be7a1d8ac5913fbc5e2a78c4c45b5daf8e2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Building efibootmgr with a musl toolchain is possible.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Disable dc3dd on riscv32 because of the size of time_t (riscv32 has
never had a 32-bit time, and has always been 64-bit from the onset):
In file included from getdate.y:40:
verify.h:132:30: error: negative width in bit-field 'verify_error_if_negative_size__'
132 | (struct { unsigned int verify_error_if_negative_size__: (R) ? 1 : -1; }))
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
verify.h:138:61: note: in expansion of macro 'verify_true'
138 | # define verify(R) extern int (* verify_function__ (void)) [verify_true (R)]
| ^~~~~~~~~~~
getdate.y:116:1: note: in expansion of macro 'verify'
116 | verify (LONG_MIN <= TYPE_MINIMUM (time_t) && TYPE_MAXIMUM (time_t) <= LONG_MAX);
| ^~~~~~
Fixes:
- http://autobuild.buildroot.org/results/267151dec9d2328a5f8c61ddf224219a4f617e5c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Parallel build is broken since bump to version 2.03.12 in commit
80997acd35. Commits 4526078d1b, 8a313b019c, and a7186cd1ea tried to fix
that by only installing systemd units when appropriate.
It turns out that there are more cases where parallel build still fails:
http://autobuild.buildroot.org/results/995/995f46ee0033e34261ba7b24b61c41e7a088602b/
>>> lvm2 2.03.12 Installing to staging directory
[...]
[INSTALL] ioctl/libdevmapper.so
[CC] dmsetup.c
/usr/bin/make -C lib install_device-mapper
[CC] dmsetup.c
[...]
[CC] dmsetup
[CC] dmsetup
/nvme/rc-buildroot-test/scripts/instance-0/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/10.3.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /nvme/rc-buildroot-test/scripts/instance-0/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/Scrt1.o: in function `_start':
(.text+0x54): undefined reference to `main'
collect2: error: ld returned 1 exit status
Makefile:60: recipe for target 'dmsetup' failed
Or:
http://autobuild.buildroot.org/results/a4e/a4ea87da502272dc2e677123b6fbcb0c23106f0b/
>>> lvm2 2.03.12 Installing to staging directory
[...]
[CC] dmsetup
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-musleabihf/9.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: /home/giuliobenetti/autobuild/run/instance-3/output-1/host/arm-buildroot-linux-musleabihf/sysroot/lib/Scrt1.o: in function `_start_c':
Scrt1.c:(.text._start_c+0x5c): undefined reference to `main'
collect2: error: ld returned 1 exit status
make[3]: *** [Makefile:61: dmsetup] Error 1
make[3]: Leaving directory '/home/giuliobenetti/autobuild/run/instance-3/output-1/build/lvm2-2.03.12/libdm/dm-tools'
make[2]: *** [../libdm/make.tmpl:315: dm-tools.device-mapper] Error 2
make[2]: *** Waiting for unfinished jobs....
[CC] dmsetup
[INSTALL] dmsetup
[...]
Similar traces in either case: it tries to build dmsetup twice, at
intall time instead of build time.
Fixes:
- http://autobuild.buildroot.org/results/995/995f46ee0033e34261ba7b24b61c41e7a088602b/
- http://autobuild.buildroot.org/results/a4e/a4ea87da502272dc2e677123b6fbcb0c23106f0b/
Note that this is just a workaround for a broken buildsystem anyway:
indeed, the build of dmsetup is done at install time, instead of build
time. More fixes should be worked on with upstream to properly fix the
issue...
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- update after the three partial fix-commits
- extend commit log accordingly
- add new upstream failures
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Import a small patch from the upstream Bugzilla which is needed to allow
building WPE WebKit against uClibc.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr: add upstream commit refs in backported patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
WebKitGTK 2.32.1 includes fixes for building with the Musl libc, which
also makes it possible to use uClibc as well, therefore arrange
dependencies to allow selecting the package any of the C libraries is in
use. This is done by making the dependencies be more granular, basically
following what the wpewebkit package does.
In order to make make it build against uClibc a small patch that has
been submitted to the upstream's Bugzilla is needed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr: add upstream commit refs in backported patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit [1] breaks Buildroot Makefile since a Makefile endif has been left
with no sense giving following error:
package/lvm2/lvm2.mk:61: *** extraneous 'endif'. Stop.
So let's remove that forgotten endif.
[1]: https://git.buildroot.net/buildroot/commit/?id=8a313b019c7d7e898186a8b08f9c25ae0194fa16
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit ff0f55e381 (lvm2: replace !BR2_PACKAGE_LVM2_DMSETUP_ONLY by
BR2_PACKAGE_LVM2_STANDARD_INSTALL) changed a negative-logic option to a
positive-logic option.
However, it kept the ordering of the conditional block, which became a
negatice-logic condition.
This is confusing; let's fix that.
Reported-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
