- Switch site to github
- Remove second patch (already in version)
- Add hash for license file
- Fix memory corruption in process_bitmap_data - CVE-2018-8794
- Fix remote code execution in process_bitmap_data - CVE-2018-8795
- Fix remote code execution in process_plane - CVE-2018-8797
- Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
- Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
- Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
- Fix Denial of Service in sec_recv - CVE-2018-20176
- Fix minor information leak in rdpdr_process - CVE-2018-8791
- Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
- Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
- Fix Denial of Service in process_bitmap_data - CVE-2018-8796
- Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
- Fix Denial of Service in process_secondary_order - CVE-2018-8799
- Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
- Fix major information leak in ui_clip_handle_data - CVE-2018-20174
- Fix memory corruption in rdp_in_unistr - CVE-2018-20177
- Fix Denial of Service in process_demand_active - CVE-2018-20178
- Fix remote code execution in lspci_process - CVE-2018-20179
- Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
- Fix remote code execution in seamless_process - CVE-2018-20181
- Fix remote code execution in seamless_process_line - CVE-2018-20182
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Contains a number of fixes for issues discovered post-7.64.0. For details,
see the list of changes:
https://curl.haxx.se/changes.html#7_64_1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With this commit we update for ARC boards Linux kernel
version to 4.19.31 and Linux headers version to 4.19.
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that Qt4 has been removed, drop patch
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
nftables support has been added since version 2.0.11 and
aa12175ea6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Disable tests as they are enabled by default since version 0.9.9.1:
d307d39019
- Static and shared libraries are always built since version 0.9.9.1:
a23dd2f800
So, disable them as GLM is header-only (it should be noted that
upstream wants to keep those libraries as the commit to disable them
has been reverted:
ca8372490e
- Add hash for license file (now in manual.md#section0)
Fixes:
- http://autobuild.buildroot.org/results/3cf1fd3387bd4952470edcfcb93d44f58c9e7ff7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
wavemon does not use pthread_mutexattr_setrobust since version 0.8.2 and
d271685e03
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
kexec has fully support of ppc64 platform:
https://www.kernel.org/doc/Documentation/kdump/kdump.txt
Added BR2_powerpc64 platform support.
Signed-off-by: Artem Senichev <artemsen@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
- Fixes for the following vulnerabilities affecting 0.101.1 and prior:
- CVE-2019-1787:
An out-of-bounds heap read condition may occur when scanning PDF
documents. The defect is a failure to correctly keep track of the number
of bytes remaining in a buffer when indexing file data.
- CVE-2019-1789:
An out-of-bounds heap read condition may occur when scanning PE files
(i.e. Windows EXE and DLL files) that have been packed using Aspack as a
result of inadequate bound-checking.
- CVE-2019-1788:
An out-of-bounds heap write condition may occur when scanning OLE2 files
such as Microsoft Office 97-2003 documents. The invalid write happens when
an invalid pointer is mistakenly used to initialize a 32bit integer to
zero. This is likely to crash the application.
- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:
- CVE-2019-1786:
An out-of-bounds heap read condition may occur when scanning malformed PDF
documents as a result of improper bounds-checking.
- CVE-2019-1785:
A path-traversal write condition may occur as a result of improper input
validation when scanning RAR archives. Issue reported by aCaB.
- CVE-2019-1798:
A use-after-free condition may occur as a result of improper error
handling when scanning nested RAR archives. Issue reported by David L.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
PyJWT is a Python library which allows you to encode and decode
JSON Web Tokens (JWT). JWT is an open, industry-standard (RFC 7519)
for representing claims securely between two parties.
https://github.com/jpadilla/pyjwt
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
[Arnout: bump to 1.7.1]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The lua_swupdate.so library was still built (without any object files)
and linked against swupdate even when HAVE_LUA was not set. This fails
in some static-only configurations.
Fixes:
- http://autobuild.buildroot.org/results/c11c4d26983e0347d96f3dda62e6d72b031967bb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This enables the brickd package by default on LEGO MINDSTORM EV3. This
program is important because it shuts down the system on low battery.
Without this, rechargeable batteries could be damaged.
Signed-off-by: David Lechner <david@lechnology.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This adds a new package for brickd. Brickd is system management daemon
for the LEGO MINDSTORMS EV3 programmable brick.
Signed-off-by: David Lechner <david@lechnology.com>
[Thomas: add missing BR2_USE_MMU dependency]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switch from using BR2_GCC_ENABLE_OPENMP to BR2_TOOLCHAIN_HAS_OPENMP to
determine OpenMP support in the following packages:
fftw
flann
opencv3
Signed-off-by: Ed Blake <ed.blake@sondrel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Enable OpenMP support in the following external toolchains:
toolchain-external-arm-aarch64-be
toolchain-external-arm-aarch64
toolchain-external-arm-arm
toolchain-external-codescape-img-mips
toolchain-external-codescape-mti-mips
toolchain-external-codesourcery-amd64
toolchain-external-codesourcery-mips
toolchain-external-linaro-aarch64-be
toolchain-external-linaro-aarch64
toolchain-external-linaro-arm
toolchain-external-linaro-armeb
Signed-off-by: Ed Blake <ed.blake@sondrel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
BR2_TOOLCHAIN_HAS_OPENMP is also selected by external toolchains, so
can be used by packages to determine OpenMP support.
Signed-off-by: Ed Blake <ed.blake@sondrel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add new BR2_TOOLCHAIN_HAS_OPENMP option for toolchains with OpenMP
support.
Signed-off-by: Ed Blake <ed.blake@sondrel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This sets 5.0 to be the default, moving from 4.19 which was used instead
of 4.20 for the LTS branch.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This sets 5.0 to be the default, moving from 4.19 which was used instead
of 4.20 for the LTS branch.
We need to update linux/linux.hash as part of this commit, because
package/linux-headers/linux-headers.hash is a symlink to
linux/linux.hash.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add two patches over current optee-client 3.4.0 to fix build issues
reported by some toolchains with traces like:
/path/to/build/optee-client-3.4.0/libteec/src/tee_client_api.c: In function 'TEEC_InitializeContext':
/path/to/build/optee-client-3.4.0/libteec/src/tee_client_api.c:149:28: error: 'gen_caps' may be used uninitialized in this function [-Werror=maybe-uninitialized]
ctx->reg_mem = gen_caps & TEE_GEN_CAP_REG_MEM;
^
/path/to/build/optee-client-3.4.0/libteec/src/tee_client_api.c: In function ‘TEEC_OpenSession’:
/path/to/build/optee-client-3.4.0/libteec/src/tee_client_api.c:507:8: error: cast increases required alignment of target type [-Werror=cast-align]
arg = (struct tee_ioctl_open_session_arg *)buf;
^
/path/to/build/optee-client-3.4.0/libteec/src/tee_client_api.c: In function ‘TEEC_InvokeCommand’:
/path/to/build/optee-client-3.4.0/libteec/src/tee_client_api.c:581:8: error: cast increases required alignment of target type [-Werror=cast-align]
arg = (struct tee_ioctl_invoke_arg *)buf;
The optee-client patches have been in the OP-TEE project [1] & [2] and
will be available in the OP-TEE next release planned 3.5.0.
Fixes [3], [4], [5] and other failing builds reported by autobuild tests.
[1] 9dbc61b376
[2] 16c8f54878
[3] http://autobuild.buildroot.net/results/80e78cb0bb955e912d6cbe5b30c9b024e7efc802
[4] http://autobuild.buildroot.net/results/a42c19897d03beb02fde2e7e6da25532be27d5ca
[5] http://autobuild.buildroot.net/results/827087f91b7481d1c3effd615172bbee86317962
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
base64 reuses the uuencode logic, so only adds very little extra overhead,
is enabled by default upstream and is used more often than uuencode - So
enable it in the default busybox config.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
/home/test/autobuild/run/instance-2/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libssl.a(ssl_cert.o): In function `CRYPTO_DOWN_REF':
/home/test/autobuild/run/instance-2/output/build/libopenssl-1.1.1a/include/internal/refcount.h:50: undefined reference to `__atomic_fetch_sub_4'
This is often for example the case on sparcv8 32 bit.
To fix this issue, use pkg-config to retrieve openssl dependencies
including atomic library, these dependencies must be passed to
LIB_4_CRYPTO IN GIT_MAKE_OPTS
Fixes:
- http://autobuild.buildroot.org/results/3093897d14a854a7252b25b2fa1f8fdcbb26c9b7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add upstream patch [1] to fix build with meson 0.50.0 (as suggested
by Thomas Petazzoni ).
Fixes [2]:
atspi/meson.build:60:0: ERROR: Subdir keyword must not be an absolute path.
[1] 44a812ea51.patch
[1] http://autobuild.buildroot.net/results/83250522c79b5749fc8236ba2b0e873a12747413
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use OpenSBI by default instead of riscv-pk (BBL).
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
OpenSBI is a much improved alternative to BBL (riscv-pk). Add OpenSBI
support to buildroot.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
[Thomas:
- disable target installation, as we install nothing
- enable staging installation
- enable images installation only when needed
- improve the comment about the staging installation]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reduce the config fragment to the bare minimum to enable 32-bit
support. This means we are as close as possible to the arch
defconfig.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Convert the config to the arch defconfig plus a fragment. When this
fragment is applied we will generate the same config as we previously
did.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This includes a fix that might delay application startup
considerably (11486a15008b9).
Adapted the patch to point to the correct file.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Refik Tuzakli <refik.tuzakli@savronik.com.tr>
[Thomas:
- add missing dependency on BR2_TOOLCHAIN_HAS_GCC_BUG_64735 and
corresponding Config.in comment
- add missing dependency on BR2_INSTALL_LIBSTDCPP and update
Config.in comment
- add comment to explain why -DTHREADS_PTHREAD_ARG=OFF is passed in
CONF_OPTS]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Because one package relies on the other, bump both at the same time.
Other changes:
- Drop --with-cpu-port=aarch64 option as it is no longer a valid option.
(See https://openjdk.java.net/jeps/340)
- Add xlib_libXrandr as a dependency.
Tested with:
./support/testing/run-tests -s -o ./output/ -d dl tests.package.test_openjdk.TestOpenJdk
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that we can get the whole dependency tree from make, use it to
speed up things considerably.
So far, we had three functions to get the dependencies information:
get_depends(), get_rdepends(), and, somehow unrelated, get_version().
Because of the way %-show-{,r}depends works, getting the dependency tree
was expensive, the three functions all took a set of packages for which
to get the dependencies, in an attempt to limit the time it took to get
that tree, but we still had to call these functions iteratively, until
they returned no new dependency. This was pretty costly.
Now, getting the tree is much, much less costly, and we can get the
whole tree as cheaply as we previously got only the first-level
dependencies.
Furthermore, we can now also get the version information at the same
time, and that also brings in whether the package is virtual or not,
target or host.
So, we drop all three helper functions, and replace them with a single
one that returns all that information in one go: full dependency trees
(direct and reverse), per-package type, and per-package version.
Note: since commit 2d29fd96a (pkg-virtual: remove VERSION/SOURCE),
virtual packages are no longer reported as having a 'virtual' version,
so have since been displayed as regular packages in the graphs. Although
noone complained, this patch incidentally restores the initial
behaviour, and virtual packages are now correctly displayed as such
again.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We we simplify the dependency graph, we try to remove so-called
mandatory dependencies from each package, and for each mandatory that
was thus removed, reattach it to the root-package of the graph.
This was made so that mandatory dependencies (which are dependencies of
all packages, or at least of a lot of packages) do not clutter the
dependency graph, but that they are still shown in the graph, as
dependencies of the root package.
However, these mandatory dependencies are only _direct_ dependencies.
As such, it does not make sense to reattach a mandatory dependency when
doing a reverse graph. Worse, it can actually be incorrect.
For example, 'skeleton' is a mandatory dependency, and as such is
removed from all packages. But when doing a reverse graph, skeleton is
now in the dependency chain of, e.g. skeleton-init-none; it should then
not be removed.
In short: the notion of mandatory dependencies does not make sense in
the case of a reverse graph.
Consequently, skip over the mandatory dependency removal when doing a
reverse graph.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The %-graph-rdepends should be marked PHONY, as the %-graph-depends is.
The %-show-dependency-tree should also be a PHONY rule, because it does
not actually create a file. Furthermore, to avoid the "Nothing to be
done for .." message, give that rule an actual recipe that just does
nothing.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libubox dependency has been added in
33a2ba1c14
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update from version 1.29.3 to 1.30.1. The new version
includes the removed patches.
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit 5dcb8aa0ba.
This patch re-enables the usage of bundled ffmpeg code because
gst1-libav 1.14.x is blocking the bump to ffmpeg 4.x.
A fix to build the bundled ffmpeg code on arm/aarch64 was added.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>