Fixes CVE-2018-1000858: Cross Site Request Forgery with arbitrary HTTPS
GET requests via HTTP redirect.
https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The syscfg header name is now based on the target triplet, with the
vendor part set to "unknown". The symlink approach no longer works since
we use "buildroot" for the vendor part. Override the target host
configure parameter to match the build system expectation.
The x86 header vendor part has been renamed to "unknown" as well.
Account for that in BR2_PACKAGE_LIBGPG_ERROR_SYSCFG.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update hash for COPYING because a typo was fixed:
de46ee648a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove upstream patch.
While at it, switch to https.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop statx patch as it's included in this release.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
uclibc on m68k defines pthread_spinlock_t but does not define
pthread_spin_trylock so check for this function before using it
Fixes:
- http://autobuild.buildroot.org/results/0a6de11c030a4f39e402917809fc6d33fb463d1b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The meson C++ dependency is only used for a build-time header
inclusion test, add patch dropping hard meson C++ dependency
and build the header inclusion test only in case C++ compiler
is available.
Fixes [1]:
The Meson build system
Version: 0.49.0
Source dir: .../build/libinput-1.12.5
Build dir: .../build/libinput-1.12.5/build
Build type: cross build
Project name: libinput
Project version: 1.12.5
Native C compiler: cc (gcc 4.8.4 "cc (Ubuntu 4.8.4-2ubuntu1~14.04.4) 4.8.4")
Cross C compiler: .../host/bin/riscv64-buildroot-linux-gnu-gcc (gcc 7.4.0)
meson.build:1:0: ERROR: Unknown compiler(s): [['.../host/bin/riscv64-buildroot-linux-gnu-g++']]
The follow exceptions were encountered:
Running ".../host/bin/riscv64-buildroot-linux-gnu-g++ --version" gave "[Errno 2] No such file or directory: '.../host/bin/riscv64-buildroot-linux-gnu-g++': '.../host/bin/riscv64-buildroot-linux-gnu-g++'"
[1] http://autobuild.buildroot.net/results/bf4d3d360f635c3524a52b84a72d558770596ed0
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-20685: The scp client allows server to modify permissions
of the target directory by using empty ("D0777 0 \n") or dot ("D0777 0
.\n") directory name.
The bug reporter lists a number of related vulnerabilities that are not
fixed yet:
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the bump to 1.5.3, the behavior of pkg-config has slightly
changed. Like it used to behave before this bump, a few paths (libdir,
includedir, etc.) are prefixed by the sysroot, and other paths are
not. However, the behavior changes when a path, such as dridriverdir,
is defined in terms of ${libdir}.
With the older pkg-config, dridriverdir was not sysroot-prefixed.
With the new pkg-config, it will be sysroot-prefixed, because
pkg-config really resolved the value of libdir, which is
sysroot-prefixed. dridriverdir is used on the target and not at build
time, so we don't want it to be sysroot-prefixed.
As reported by #11591, the xerver fail to load dri modules (r600_dri.so):
>From Xorg.0.log:
(EE) AIGLX error: dlopen of /full/path/to/sysroot/usr/lib/dri/r600_dri.so failed (/full/path/to/sysroot/usr/lib/dri/r600_dri.so: cannot open shared object file: No such file or directory)
(II) GLX: no usable GL providers found for screen 0
That's because the xserver hardcode the dri divers directory path in
DRI_DRIVER_PATH which come from
dridriverdir=`$PKG_CONFIG --variable=dridriverdir dri`
We can see in dri.pc that dridriverdir use libdir which is now prefixed
by the sysroot by pkgconf 1.5.3:
prefix=/usr
exec_prefix=/usr
libdir=${exec_prefix}/lib
includedir=${prefix}/include
dridriverdir=${libdir}/dri
Since we can't rely on pkgconf anymore, use
--with-dri-driverdir="/usr/lib/dri" to use explicitly "/usr/lib/dri"
instead of relying on dri.pc.
Tested using TestGlxinfo test from:
http://patchwork.ozlabs.org/patch/1021669/
Fixes:
https://bugs.buildroot.org/show_bug.cgi?id=11591
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: drop double quotes in path, rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Move site to github
- Add gcc >= 5 dependency for C++14:
cafeffaa60
- Remove first patch and use --without-python instead
- Remove second patch (patch has been merged in 2015:
47ca0621cc)
- Add a new patch to fix build when size_t is an unsigned int
- Use new --disable-tests option
- Update license to BSD-3-Clause and replace COPYING by LICENSE.txt:
3f12abc045
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove patch (rejected upstream:
https://gitlab.com/muttmua/mutt/merge_requests/25), an other solution
has been preferred:
78db40f25c). This
other solution doesn't require pkg-config, so we can drop the
host-pkgconf dependency.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Building python-numpy on ARC with glibc fails due to missing FE_*
definitions in <fenv.h>. These exceptions are not supported by
ARC architecture. Let's add patch, which disables compilation
of a part of the code in which FE_* errors occur for ARC.
ARCompact toolchain issues are already fixed in the latest toolchain.
Also since commit "311af5e8c2db887800639bc803c8201b6b70e9ce"
("toolchain/toolchain-buildroot: enable glibc for all little-endian
ARCs with atomic ops") glibc is available for ARCompact.
That is why in Config.in we are leaving only "BR_arc" and
removing comments, which are not actual.
Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The zbar upstream previously used has been abandoned since 2012.
The linuxtv fork appears to be the most actively maintained fork.
Removed all patches which are merged upstream or fixed upstream.
Changed configure flags to match new upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for this architecture was added in upstream commit
1d686c3a23f3ae286ef964ab62199be96e4ad1dc.
Take this opportunity to reformat how the
BR2_PACKAGE_FDK_AAC_ARCH_SUPPORTS option is described.
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
[Thomas: reformat BR2_PACKAGE_FDK_AAC_ARCH_SUPPORTS option.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
fwts uses the completionsdir variable from bash-completion.pc to decide
where to install things.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove patch and tweak haproxy.mk to adapt pcre-config/pcre2-config
workaround with upstream solution.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove both patches (already in version) and so drop
LXC_AUTORECONF = YES.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove fifth patch (already in version)
- Remove BR2_PACKAGE_BOOST_SIGNALS as signals is now removed. Its
removal was announced in 1.68 and its deprecation was announced in
1.54. Users are encouraged to use Signals2 instead.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
cc-tool depends on signals2 not signals, indeed only signals2 is used
in src/data/progress_watcher.h and BOOST_SIGNALS defined in
m4/boost.m4 is never used in configure.ac.
There is no need to select any sort of BR2_PACKAGE_BOOST_SIGNALS2
option, as signals2 is a header-only boost library, and such
header-only boost libraries do not have any Config.in options, as they
are all always installed with the base boost library.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: tweak commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
lxc uses the completionsdir variable from bash-completions.pc to decide
where to install things.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove the patches as they're already on upstream.
As a consequence, no need to autoreconf anymore.
Also added license hashes.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2017-18342: In PyYAML before 4.1, the yaml.load() API
could execute arbitrary code.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>