python-attrs contains a file with API for python 3.6+.
Although we can make a "tweak" and remove this specific file
for python2, we prefer to make this package available only for
python3, because the day this package (and many others) will drop
support for python2 is probably very close.
In addition, update python-attrs recursive dependencies to
depend on python3 too (python-automat is the only one left).
Fixes:
- http://autobuild.buildroot.net/results/aa6/aa6889bc254eaa93adb4fc1a71bcee9f2f23cb33/
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This release clears CVE-2021-40530 and fixes a problem with ChaCha20
AVX2 implementation. The CVE was due to ElGamal encryption using a work
estimate to size encryption exponents instead subgroup order. The
ChaCha20 issue was due to mishandling a carry in the AVX2 code path. The
ChaCha20 issue was difficult to duplicate, so most users should not
experience it.
https://github.com/weidai11/cryptopp/releases/tag/CRYPTOPP_8_6_0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since bump to version 2.43 in
commit bdd05a2b13:
/usr/bin/install: cannot stat '/tmp/instance-0/output-1/build/liblinear-2.43/liblinear.so.3': No such file or directory
Fixes:
- http://autobuild.buildroot.org/results/97c2a3babe8f9df7cda069858f13e3be2508cf40
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Syslinux use some python scripts during the build and they
are using python interpreter by default. It fail to build
when there is no python interpreter on the host.
[...]/syslinux-6.03/com32/cmenu/menugen.py
make[6]: python: No such file or directory
Since Syslinux 5.00, we can override the python interpreter
used during the build:
https://repo.or.cz/syslinux.git/commitdiff/4dec62ce9c2c0d170f21b3ae2d7c618eb7a30c05
Add the missing host-python3 dependency and override
it in SYSLINUX_BUILD_CMDS.
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1614446766
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since v2.2 release (commits 8cc36aec912 "doc: De-duplicate readme and
license files" and 9f1622b018ab "doc: Move content out of readme and
create new index page "), the license.rst file at the root of the git
repo is only telling to look at docs/license.rst file.
Let's point the ARM_TRUSTED_FIRMWARE_LICENSE_FILES to the correct file
and modify the .hash file accordingly.
The comment has also been wrong since we bumped from version 1.4 to 2.2
in commit a757d173f1 (boot/arm-trusted-firmware: bump to version
2.2). Drop referencing an explicit version, so that is is never wrong
again.
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
[yann.morin.1998@free.fr: also fix the comment.]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 2cfdf8b8a2 (boot/mv-ddr-marvell: Bump to HEAD as of 20201207)
forgot to update the hash a a source file that we use as license file.
Fixes: #14221
Reported-by: nyanyamiau@gmail.com
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: D. Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- libnss is an optional dependency since version 2.3.0 and
a946b3f561
- Drop comment about pkg-config as libsrtp uses PKG_CHECK_MODULES to
find libnss and openssl
- Update indentation in hash file (two spaces)
https://github.com/cisco/libsrtp/blob/v2.4.1/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Switch to github to get latest release
- Not an uploaded tarball, so autoreconf is necessary
- Update hash of license files (gnu.org license files are used since
b69c2046ce)
Paragraphs are rewrapped, URLs and addresses have changed, and some
additional explanation from gnu.org is added. It's still just (L)GPL
though.
https://github.com/linux-ras/sysfsutils/releases/tag/v2.1.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libcap is an optional dependency which is enabled by default since
version 0.7.1 and
669c53e335
and can be explicitly enabled or disabled since version 0.9.0 and
af36fbe756
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Switch to meson-package
- Add patch to allow tests to be disabled
- Update indentation in hash file (two spaces)
usbredirserver was the only executable that was installed before.
Disable tools to keep the same behavior.
https://gitlab.freedesktop.org/spice/usbredir/-/blob/usbredir-0.11.0/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update hash of COPYING (Change mention of PROJ.4 to PROJ and change 'I'
pronoun to Frank Warmerdam:
b56f39dec5)
https://github.com/OSGeo/PROJ/blob/8.1.1/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The files added by this commit are associated both to Nicolas Carrier
and myself in the DEVELOPERS, as this commit is based on initial work
from Nicolas.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit adds a new package called python-flask-expects-json, which
also to validate the JSON blurbs submitted to a Flask web
application. A runtime test is added as well, making sure that the
package minimally works with an example Flask application.
The files added by this commit are associated both to Nicolas Carrier
and myself in the DEVELOPERS file, as Nicolas is also interested in
this package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit adds a test for python-flask package. As we are about to
add python-flask-expects-json together with a test, it made sense to
also add a test for python-flask itself.
As far as the DEVELOPERS file is concerned, the test files are added
both to the existing maintainer of package/python-flask, as well as to
myself.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit bumps the python-smmap2 and python-gitdb2 packages in
lockstep, as the new version of gitdb2 requires a newer version of
smmap2, but the current version of gitdb2 cannot work with the newer
version of smmap2 (sigh).
Also, upstream the projects have been renamed: gitdb2 is now named
gitdb on PyPi (see https://pypi.org/project/gitdb2/) and smmap2 is now
named smmap (https://pypi.org/project/smmap2/). However, to avoid
needless churn, we don't rename the Buildroot packages, but that
rename is visible in the name of the tarballs being downloaded.
Also, since version 4.0.0, smmap supports only Python 3.x, so we add a
dependency on Python 3.x and drop the test case of gitdb2 on Python
2.x.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In filesystems, variables must be prefixed with ROOTFS_, to avoid
ckashing with packages of the same name.
We do not have a package named 'ext2', so we currently have no clash,
but it is still ebtter that the variables be properly namespaced.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch will add an init script that allows
to set a ruleset in /etc/iptables.conf to be loaded
on boot, or flushed on stop, as well as a saving
command to generate a new file.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
[Arnout: change handling of readonly filesystem]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
mpd 0.22.10 terminates with segmentation fault on graphical clients while
retrieving album information. This bug was fixed in version 0.22.11
Tested on x86_64 using M.A.L.P. Android client
Signed-off-by: Andreas Ziegler <br015@umbiko.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Static build with musl fails since bump to version 2020.04 in commit
fe97212976 because LDFLAGS, which contains
-static, is not passed resulting in the following build failure:
/tmp/instance-1/output-1/host/lib/gcc/arm-buildroot-linux-musleabihf/10.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: /tmp/instance-1/output-1/host/lib/gcc/arm-buildroot-linux-musleabihf/10.3.0/libgcc.a(_dvmd_lnx.o): in function `__aeabi_ldiv0':
/tmp/instance-1/output-1/build/host-gcc-final-10.3.0/build/arm-buildroot-linux-musleabihf/libgcc/../../../libgcc/config/arm/lib1funcs.S:1499: undefined reference to `raise'
collect2: error: ld returned 1 exit status
Fixes:
- http://autobuild.buildroot.org/results/d71aba27ff0c7711f2cb67261183506f25217a5f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Build of vaapi with BR2_PACKAGE_MESA3D_DRI_DRIVER is broken since commit
17a7abbafe because vaapi can only be
enabled with x11, wayland or egl-drm
(ec0006bfa1/wscript (L632)):
'deps': 'libdl && (x11 || wayland || egl-drm)',
As a result, despite what is being displayed in the autobuilder log
message, the build failure is not related to X11 but to the fact that
we try to enable vaapi through a DRI driver but without egl.
Fixes:
- http://autobuild.buildroot.org/results/5ae706e94eb6e5a3aa69368f81c5d12e608b1a5a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
On attempt to build ntp with glibc 2.34 the following error happens:
-------------------------------->8------------------------------
In file included from .../output/host/lib/gcc/i586-buildroot-linux-gnu/10.3.0/include-fixed/pthread.h:42,
from work_thread.c:13:
work_thread.c:45:57: error: missing binary operator before token "("
45 | #if defined(PTHREAD_STACK_MIN) && THREAD_MINSTACKSIZE < PTHREAD_STACK_MIN
| ^~~~~~~~~~~~~~~~~
-------------------------------->8------------------------------
That's because starting from glibc 2.34 PTHREAD_STACK_MIN gets determined
dynamically in runtime via sysconf(), see [1].
Original fix proposed by Khem Raj in OpenEmbedded, see [2].
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=5d98a7dae955bafa6740c26eaba9c86060ae0344
[2] 7055c764c8
Suggested-by: Artem Panfilov <artemp@synopsys.com>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Starting with Qemu 6.1.0, gcc 7.5 is needed to build.
Since we build host-qemu package for qemu defconfig, we have to
upgrade to (at least) Debian buster that provide gcc 8 as host compiler.
While testing this upgrate, the test_edk2 failed since it actually
requires Qemu >= 4.1.0 to support arm SBSA reference machine [1].
Debian Buster only provide Qemu 3.1.
Finally, upgrade to Debian bullseye but it requires some linux
kernel version bump in several defconfigs since host gcc is based
on gcc-10 [2].
[1] https://git.qemu.org/?p=qemu.git;a=commit;h=64580903c2b3aee08d74d64e6248a313b246cb69
[2] http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=621f2ded601546119fabccd1651b1ae29d26cd38
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[Arnout: don't install python]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
ee8b680816 ("utils/scanpypi: use python3 explicitly") started to use python3,
thus compatibility can be removed:
from __future__ import print_function
from __future__ import absolute_import
Tested with python3 -m py_compile.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Python 2 is EOL sice 2020 [1], it's still available on distros, but may not
be installed by default (as being replaced by python3).
Thus remove compatibility imports:
from __future__ import print_function
from __future__ import absolute_import
Tested with python3 -m py_compile.
[1] https://www.python.org/doc/sunset-python-2/
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile
1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.
https://nvd.nist.gov/vuln/detail/CVE-2021-3246
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- CVE-2021-22945: UAF and double-free in MQTT sending
When sending data to an MQTT server, libcurl could in some circumstances
erroneously keep a pointer to an already freed memory area and both use
that again in a subsequent call to send data and also free it again.
https://curl.se/docs/CVE-2021-22945.html
- CVE-2021-22946: Protocol downgrade required TLS bypassed
A user can tell curl to require a successful upgrade to TLS when speaking
to an IMAP, POP3 or FTP server (--ssl-reqd on the command line or
CURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL with libcurl).
This requirement could be bypassed if the server would return a properly
crafted but perfectly legitimate response.
This flaw would then make curl silently continue its operations without
TLS contrary to the instructions and expectations, exposing possibly
sensitive data in clear text over the network.
https://curl.se/docs/CVE-2021-22946.html
- CVE-2021-22947: STARTTLS protocol injection via MITM
When curl connects to an IMAP, POP3, SMTP or FTP server to exchange data
securely using STARTTLS to upgrade the connection to TLS level, the server
can still respond and send back multiple responses before the TLS upgrade.
Such multiple "pipelined" responses are cached by curl. curl would then
upgrade to TLS but not flush the in-queue of cached responses and instead
use and trust the responses it got before the TLS handshake as if they
were authenticated.
Using this flaw, it allows a Man-In-The-Middle attacker to first inject
the fake responses, then pass-through the TLS traffic from the legitimate
server and trick curl into sending data back to the user thinking the
attacker's injected data comes from the TLS-protected server.
Over POP3 and IMAP an attacker can inject fake response data.
https://curl.se/docs/CVE-2021-22947.html
In addition, 7.79.1 fixes a number of regressions in 7.79.0:
https://daniel.haxx.se/blog/2021/09/22/curl-7-79-1-patched-up-and-ready/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The file access protection built into Ghostscript proved insufficient for
the "%pipe%" PostScript device, when combined with Ghostscript's requirement
to be able to create and control temporary files in the conventional
temporary file directories (for example, "/tmp" or "/temp). This exploit is
restricted to Unix-like systems (i.e., it doesn't affect Windows). The most
severe claimed results are only feasible if the exploit is run as a "high
privilege" user (root/superuser level) \u2013 a practice we would discourage
under any circumstances.
For more details, see the advisory:
https://ghostscript.com/CVE-2021-3781.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which
allows remote attackers to discover cleartext credentials because they may
appear in SNI data.
https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
Upstream unfortunately does not provide a public VCS (only source
snapshots), so fetch the security patch from Debian.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Includes a number of bugfixes and the security fixes up to xsa-384:
https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-3/
Drop the now upstream
0002-libs-foreignmemory-Fix-osdep_xenforeignmemory_map-prototype.patch, and
renumber the remaining patches.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This is a minor release which provides fixes for CVE-2021-30858 and
a number of other potential security issues without an associated CVE.
Patch "0001-Add-ldp-and-stp-support-for-FP-registers-plus-some-b.patch"
is deleted as it has been included in this release.
Full release notes can be found at:
https://webkitgtk.org/2021/09/17/webkitgtk2.32.4-released.html
An accompanying security advisory has been published at:
https://webkitgtk.org/security/WSA-2021-0005.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This is a minor release which provides fixes for CVE-2021-30858 and
a number of other potential security issues without an associated CVE.
Patch "0001-Add-ldp-and-stp-support-for-FP-registers-plus-some-b.patch"
is deleted as it has been included in this release.
Full release notes can be found at:
https://wpewebkit.org/release/wpewebkit-2.32.4.html
An accompanying security advisory has been published at:
https://wpewebkit.org/security/WSA-2021-0005.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
