A check for python-ply has been added as this is a dependency of the
dnssec-keymgr script so install host-python-ply to avoid a build failure
if python-ply is not installed on host
Fixes:
- http://autobuild.buildroot.org/results/96815b1300547c976443bf74b762febdfcc8d3ba
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 89e70a7077)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In 7672234200 (gst1-plugins-base: bump version to 1.12.0), the unknown
options were removed, but the comment associated to --disable-gio_unix_2_0
was left out.
Drop it now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 80a5217476)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate fragmentation reassembly state
properly for a case where an unexpected fragment could be received. This
could result in process termination due to NULL pointer dereference.
For details, see the advisory:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c21edddec9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate fragmentation reassembly state
properly for a case where an unexpected fragment could be received. This
could result in process termination due to NULL pointer dereference.
For details, see the advisory:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b3adfacdb1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2019-7317: png_image_free in png.c in libpng 1.6.36 has a use-after-free
because png_image_free_function is called under png_safe_execute.
Update license hash for a change in copyright year and typo fixes.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit bc4ac7da33)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
https://kb.isc.org/docs/cve-2018-5743
- CVE-2019-6467: An error in the nxdomain redirect feature can cause
BIND to exit with an INSIST assertion failure in query.c
https://kb.isc.org/docs/cve-2019-6467
- CVE-2019-6468: BIND Supported Preview Edition can exit with an
assertion failure if nxdomain-redirect is used
https://kb.isc.org/docs/cve-2019-6468
Add an upstream patch to fix building on architectures where bind does not
implement isc_atomic_*.
Upstream moved to a 2019 signing key, so update comment in .hash file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fc8ace0938)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
* CVE-2019-10691: Trying to login with 8bit username containing
invalid UTF8 input causes auth process to crash if auth policy is
enabled. This could be used rather easily to cause a DoS. Similar
crash also happens during mail delivery when using invalid UTF8 in
From or Subject header when OX push notification driver is used.
https://dovecot.org/pipermail/dovecot-news/2019-April/000406.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 89c7e417ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2019-11324: The urllib3 library before 1.24.2 for Python mishandles
certain cases where the desired set of CA certificates is different from
the OS store of CA certificates, which results in SSL connections
succeeding in situations where a verification failure is the correct
outcome. This is related to use of the ssl_context, ca_certs, or
ca_certs_dir argument.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5bc45c5e77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following ffbe46a529 ("linux: simplify
LINUX_BUILD_CMDS"), the Linux kernel build for
qemu_ppc_virtex_ml507_defconfig builds an image format that needs
mkimage.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/199339544
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7cbf9c63e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following ffbe46a529 ("linux: simplify
LINUX_BUILD_CMDS"), the Linux kernel build for
qemu_ppc_mpc8544ds_defconfig builds an image format that needs
mkimage.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/199339543
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b78c8a3b17)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following ffbe46a529 ("linux: simplify
LINUX_BUILD_CMDS"), the Linux kernel build for
qemu_nios2_10m50_defconfig builds an image format that needs mkimage.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/199339537
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e7c2e5f0ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following ffbe46a529 ("linux: simplify
LINUX_BUILD_CMDS"), the Linux kernel build for beaglebone_defconfig
builds more things, including some .itb files, which require mkimage
with FIT support.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/199339433
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 80029da692)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2019-11068: libxslt through 1.1.33 allows bypass of a protection
mechanism because callers of xsltCheckRead and xsltCheckWrite permit
access even upon receiving a -1 error code. xsltCheckRead can return -1
for a crafted URL that is not actually invalid and is subsequently loaded.
Upstream bugtracker issue not yet public:
https://gitlab.gnome.org/GNOME/libxslt/issues/12
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 73edd3c21c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 707529b7f7)
[Peter: drop 5.0.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps the Linux CIP version to v4.4.176-cip31.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 97f824bec5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Contains a number of bugfixes since 5.28.1. For details, see:
https://perldoc.pl/perl5282delta
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3c68d2ddf9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When configuring qt5base, qmake is built, but it's not built in parallel
mode. This is due to MAKEFLAGS having 2 dashes on its tail, so this:
MAKEFLAGS="$(MAKEFLAGS) -j$(PARALLEL_JOBS)"
expands in this(i.e. 5 njobs):
MAKEFLAGS="--no-print-directory -- -j5"
and -j5 gets ignored due to "--" preceeding -j5.
Double dashes are part of $(MAKEFLAGS) only when evaluated by shell.
Swap $(MAKEFLAGS) and -j$(PARALLEL_JOBS) to avoid having "--" before
-j$(PARALLEL_JOBS), this way -j$(PARALLEL_JOBS) won't be ignored by
./configure.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Tested-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a1c175cc9e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
neon checks for bind_textdomain_codeset
Helps neon to find lintl so it will correctly add -lintl to neon-config
en neon.pc. This will fix build of packages using neon such as nu
Fixes:
- http://autobuild.buildroot.org/results/f7e6afce4b3335573f3cc62d282368b288e9a65a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9b667fd144)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Help lynx finding openssl dependencies by giving it a path in --with-ssl
and using pkg-config to directly pass the correct libraries in LIBS.
This will disable the call to pkg-config and CF_ADD_LIBS which has the
sad behavior of removing duplicates ...
As a result, build fails because, the following correct dependencies:
configure:14170: testing adding -L/accts/mlweber1/rclinux/rc-buildroot-test/scripts/instance-0/output/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib -lssl -L/accts/mlweber1/rclinux/rc-buildroot-test/scripts/instance-0/output/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib -lz -pthread -latomic -lcrypto -lz -pthread -latomic to LIBS ...
is replaced by:
-L/accts/mlweber1/rclinux/rc-buildroot-test/scripts/instance-0/output/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib -lssl -lz -pthread -latomic -lcrypto
As a result, static linking fails on crypto because the second -latomic
has been removed ...
Fixes:
- http://autobuild.buildroot.org/results/2c28426253014d93e86e3ba6ed578e84317a9f19
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fbe58db378)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The default of 60 MB is no longer sufficient to contain all the tools
enabled in this "development" defconfig, so let's increase the ext4
image size to 120 MB.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/199339421
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d9273b22e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The default of 60 MB is no longer sufficient to contain all the tools
enabled in this "development" defconfig, so let's increase the ext4
image size to 120 MB.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/199339417
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit df9f189072)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The default of 60 MB is no longer sufficient to contain all the tools
enabled in this "development" defconfig, so let's increase the ext4
image size to 120 MB.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/199339426
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 18a4d55906)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The default rootfs image size is too small, causing the following
build failure:
Copying files into the device: __populate_fs: Could not allocate block in ext2 filesystem while writing file "udevd"
mkfs.ext4: Could not allocate block in ext2 filesystem while populating file system
*** Maybe you need to increase the filesystem size (BR2_TARGET_ROOTFS_EXT2_SIZE)
So we increase it to 120 MB.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/199339415
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ce751fad37)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The yaffs2utils Makefile uses plain "cp", which fails when
$(HOST_DIR)/bin doesn't exist. Fix that by creationg $(HOST_DIR)/bin
beforehand.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/199339624
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 01a0bd3f73)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Default value of CONFIG_SYS_BOOTM_LEN in u-boot causes board reset for
large uImage files, so add u-boot patch to increase the maximum kernel
image size.
Signed-off-by: Shyam Saini <shyam.saini@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b0bae3bcc8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
LICENSE has been added in version 0.0.1.32 with
74671aa279
So add it to LINKNX_LICENSE_FILES as well as its hash
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8481ba9c19)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_GST_PLUGINS_UGL1_PLUGIN_XINGMUX needs to be
BR2_PACKAGE_GST1_PLUGINS_UGLY_PLUGIN_XINGMUX
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d2ada4d704)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
