Added upstream patch for fixing build failure when using GCC10 as a host
compiler (-fno-common is now default)
Fixes:
http://autobuild.buildroot.org/results/0fc/0fcb11a40bcff78e8084335114af390d2fac31e1
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Tested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 53158e41fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported on bugzilla [1], the host-rust package fail when
the target architecture or the target libc is not supported.
The error is the following:
failed to parse TOML configuration 'config.toml': expected a table key, found a right bracket at line 15
In such case BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS is
not set thus RUSTC_TARGET_NAME is also not set [2].
But RUSTC_TARGET_NAME is needed to generate the file config.toml [3]
Add BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS in the host-rust
dependency.
The commit [4] that allowed to select host-rust when the target
architecture or the target libc is not supported, should have
allowed to select only host-rustc-bin.
Fixes:
Bug #12691
[1] https://bugs.busybox.net/show_bug.cgi?id=12691
[2] https://git.buildroot.net/buildroot/tree/package/rustc/rustc.mk?h=2020.05-rc1#n10
[3] https://git.buildroot.net/buildroot/tree/package/rust/rust.mk?h=2020.05-rc1#n41
[4] 025b863e6f
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Sam Voss <sam.voss@gmail.com>
Reviewed-by: Sam Voss <sam.voss@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4c051c65ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_LINUX_KERNEL_DTB_OVERLAY_SUPPORT is now forcefully selected by
BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTB_OVERLAYS when the kernel is in
charge of building DTBs (BR2_LINUX_KERNEL_DTS_SUPPORT=y). So enabling
BR2_LINUX_KERNEL_DTB_OVERLAY_SUPPORT is no longer needed in the 64-bit
defconfigs for Raspberry Pi 3 and 4.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 562e602442)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTB_OVERLAYS is enabled, and the
DTBs are built by Linux (i.e BR2_LINUX_KERNEL_DTS_SUPPORT is enabled),
these DTBs should be built with the -@ Device Tree compiler option, so
that they can be used together with DTB overlays. So let's select
BR2_LINUX_KERNEL_DTB_OVERLAY_SUPPORT in this situation.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12831
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9fd1d4fec1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The comment explaining the autoreconf says that we are building from a git
clone - but we are not, currently. However, the reconf is still needed due
to patches modifying ac files.
This commit corrects the comment.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
[yann.morin.1998@free.fr: also mention acincludes.m4]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7dccd3b248)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to latest upstream commit as it fixes a huge number of CVEs. Some
of them can't be linked to a given commit (e.g.
https://github.com/ckolivas/lrzip/issues/67). Moreover, upstream does
not plan to tag a new release any time soon:
https://github.com/ckolivas/lrzip/issues/99
- Fix CVE-2017-8842: The bufRead::get() function in libzpaq/libzpaq.h in
liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial
of service (divide-by-zero error and application crash) via a crafted
archive.
- Fix CVE-2017-8843: The join_pthread function in stream.c in
liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial
of service (NULL pointer dereference and application crash) via a
crafted archive.
- Fix CVE-2017-8844: The read_1g function in stream.c in liblrzip.so in
lrzip 0.631 allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted archive.
- Fix CVE-2017-8845: The lzo1x_decompress function in lzo1x_d.ch in LZO
2.08, as used in lrzip 0.631, allows remote attackers to cause a
denial of service (invalid memory read and application crash) via a
crafted archive.
- Fix CVE-2017-8846: The read_stream function in stream.c in
liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial
of service (use-after-free and application crash) via a crafted
archive.
- Fix CVE-2017-8847: The bufRead::get() function in libzpaq/libzpaq.h in
liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial
of service (NULL pointer dereference and application crash) via a
crafted archive.
- Fix CVE-2017-9928: In lrzip 0.631, a stack buffer overflow was found
in the function get_fileinfo in lrzip.c:979, which allows attackers to
cause a denial of service via a crafted file.
- Fix CVE-2017-9929: In lrzip 0.631, a stack buffer overflow was found
in the function get_fileinfo in lrzip.c:1074, which allows attackers
to cause a denial of service via a crafted file.
- Fix CVE-2018-5747: In Long Range Zip (aka lrzip) 0.631, there is a
use-after-free in the ucompthread function (stream.c). Remote
attackers could leverage this vulnerability to cause a denial of
service via a crafted lrz file.
- Fix CVE-2018-11496: In Long Range Zip (aka lrzip) 0.631, there is a
use-after-free in read_stream in stream.c, because decompress_file in
lrzip.c lacks certain size validation.
Also:
- update indentation of hash file (two spaces)
- drop patch (already in version)
- manage host-nasm dependency which is enabled by default and has been
fixed by:
9f16f65705
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0f783ba66e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mesa chooses the first platform specified in -Dplatforms as the default
EGL native platform. [0]
Configure Options
-D platforms=...
List the platforms (window systems) to support. Its argument is
a comma separated string such as -D platforms=x11,drm. It
decides the platforms a driver may support. The first listed
platform is also used by the main library to decide the native
platform.
This has the effect of breaking EGL applications running on X11 and
possibly Wayland when the first platform specified isn't x11 or wayland,
and EGL_PLATFORM isn't set.
Reorder the specified platforms to use x11, wayland, and drm before
surfaceless, as this is the order chosen by other common distributions,
such as Arch Linux [1], Debian [2], and Fedora [3].
Users preferring drm or surfaceless over x11 or wayland likely know how
to override the native EGL platform, and likely have x11 and wayland
disabled anyway.
[0] https://www.mesa3d.org/egl.html
[1] https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/mesa#n45
[2] fb8c1efb57/debian/rules (L38)
[3] https://src.fedoraproject.org/rpms/mesa/blob/master/f/mesa.spec#_337
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8e79f54323)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* (2.24.2) With a crafted URL that contains a newline in it, the credential
helper machinery can be fooled to give credential information for a wrong
host. The attack has been made impossible by forbidding a newline
character in any value passed via the credential protocol.
* (2.24.3) With a crafted URL that contains a newline or empty host, or
lacks a scheme, the credential helper machinery can be fooled into
providing credential information that is not appropriate for the protocol
in use and host being contacted.
Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
credentials are not for a host of the attacker's choosing; instead,
they are for some unspecified host (based on how the configured
credential helper handles an absent "host" parameter).
The attack has been made impossible by refusing to work with
under-specified credential patterns.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Xtensa have added new relocation types R_XTENSA_[NP]DIFF{8,16,32} with
the same properties as the existing types R_XTENSA_DIFF{8,16,32}.
Add them to the list of ignored relocation types.
This fixes the following error when invoking elf2flt on xtensa binaries
built with the recent binutils:
ERROR: reloc type R_XTENSA_PDIFF32 unsupported in this context
Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c99a3950d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
fakeroot does mask out necessary flags, instead pass through
the flags that are supported by fstatat
Upstream BR: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959876
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e642e17982)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libopcodes was installed in staging/ in commit 6a508d9361 (binutils:
Also install libopcodes in staging), but was not installed in target/
Starting with linux-5.6, perf (linux-tools) will link to libopcodes when
it is present. Since it is available in staging, the build succeeds.
However, libopcodes missing in target, perf fails at runtime:
perf: ...libopcodes-2.33.1.so: cannot open shared object file
Install libopcodes to target as well.
Signed-off-by: Lecopzer Chen <lecopzer@gmail.com>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit afceb76e43)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
corruption when they were passed a pseudo-zero argument. Reported by Guido
Vranken / ForAllSecure Mayhem.
CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
out-of-bounds write when executed in a signal frame context.
CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6488684e2b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c9c7213785)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
- Improve mitigation for CVE-2019-14271 for some nscd configuration.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 21e4b43544)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Prevent possible use-after-free and double-free in ares_getaddrinfo() if
ares_destroy() is called prior to ares_getaddrinfo() completing.
https://c-ares.haxx.se/changelog.html#1_16_1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 42a0b2d2d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
python-markdown2 through 2.3.8 allows XSS because element names are
mishandled unless a \w+ match succeeds. For example, an attack might use
elementname@ or elementname- with an onclick attribute.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 544007dcc4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
python-future does not depends on python2.
The package work with python 3.x.
Signed-off-by: Louis Aussedat <aussedat.louis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2f3fc10587)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To match the docker-engine version.
./support/testing/run-tests tests.package.test_docker_compose.TestDockerCompose
09:54:39 TestDockerCompose Starting
09:54:40 TestDockerCompose Building
10:45:33 TestDockerCompose Building done
10:46:30 TestDockerCompose Cleaning up
.
----------------------------------------------------------------------
Ran 1 test in 3121.828s
OK
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0a0e3017d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set PAHO_HIGH_PERFORMANCE to disable free redefiniton as suggested by
upstream in https://github.com/eclipse/paho.mqtt.c/issues/846.
This will avoid the following build failure on musl:
/tmp/instance-1/output-1/host/x86_64-buildroot-linux-musl/sysroot/usr/include/sched.h:80:17: error: expected declaration specifiers or '...' before string constant
void free(void *);
^
/tmp/instance-1/output-1/host/x86_64-buildroot-linux-musl/sysroot/usr/include/sched.h:80:17: error: expected declaration specifiers or '...' before numeric constant
void free(void *);
^
[ 35%] Building C object src/CMakeFiles/common_obj.dir/Base64.c.o
[ 36%] Building C object src/CMakeFiles/common_obj.dir/SHA1.c.o
make[3]: *** [src/CMakeFiles/common_obj.dir/build.make:284: src/CMakeFiles/common_obj.dir/MQTTReasonCodes.c.o] Error 1
Fixes:
- http://autobuild.buildroot.org/results//fbe57a1602fed331ddff3ff3560dce02573816ff
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e446f5ac02)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7616ce3e46)
[Peter: drop 5.5.x / 5.6.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a
HandleCursorShape integer overflow and heap-based buffer overflow via a
large height or width value. NOTE: this may overlap CVE-2019-15690.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 705adbaf9a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bumping the hashes for CIP and CIP RT.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fb8186d53e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps Linux CIP RT version to 4.19.115-cip24-rt9.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2452aa182d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps Linux CIP version to v4.19.118-cip25.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1b53b94690)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream patch to fix squashfs-tools build failures because
of missing external declaration for fwriter_buffer and
bwriter_buffer.
Fixes:
- http://autobuild.buildroot.net/results/6789b668898245926e0a3a3e7caf823dff515d71
/usr/bin/ld: read_fs.o:(.bss+0x0): multiple definition of `fwriter_buffer'; mksquashfs.o:(.bss+0x400c90): first defined here
/usr/bin/ld: read_fs.o:(.bss+0x8): multiple definition of `bwriter_buffer'; mksquashfs.o:(.bss+0x400c98): first defined here
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8d7b714027)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add two upstream patches fixing input_event time related
compile failures.
Fixes:
- http://autobuild.buildroot.net/results/3883a948e30cfd235cfca1fb8646fe8032f5e18d
keytable.c: In function 'test_event':
keytable.c:1536:11: error: 'struct input_event' has no member named 'time'; did you mean 'type'?
ev[i].time.tv_sec, ev[i].time.tv_usec,
^~~~
type
keytable.c:1536:30: error: 'struct input_event' has no member named 'time'; did you mean 'type'?
ev[i].time.tv_sec, ev[i].time.tv_usec,
^~~~
type
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cd27ee0a58)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cvs is an old package, and it shows:
- CVS is licensed under GPL-1.0+ as stated in README (referenced in source
code) and COPYING files;
- COPYING.LIB also give the terms of LGPL-2.0+, and is referenced by a
few files, like lib/strnlen1.c, mostly vampirised rom older versions
of the GNU C library (glibc);
- additionally, the glob implementation was also grabbed from a more
recent (but still old) glibc version, and is LGPL-2.1+, but there is
no license file associated with it, so we use the header instead.
Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- LGPL-2.0+ is used, reference at least one file
- LGPL-2.1+ is also used
- reword commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 449ac1b6cb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Irrlicht fail to detect properly the NEON support on aarch64 or ARM with NEON FPU support.
While linking an application with libIrrlicht.so, we get an undefined reference to
png_init_filter_functions_neon.
Some files are missing in the libpng bundled in Irrlicht, in particular arm/arm_init.c [1],
so disable NEON support completely.
This can be reproduced by building minetest using this defconfig for aarch64:
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_MINETEST=y
BR2_PACKAGE_MINETEST_CLIENT=y
BR2_PACKAGE_MINETEST_SERVER=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST=y
BR2_PACKAGE_MESA3D_OPENGL_GLX=y
BR2_PACKAGE_XORG7=y
Or for ARM with NEON FPU support:
BR2_arm=y
BR2_cortex_a15=y
BR2_ARM_FPU_NEON=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_MINETEST=y
BR2_PACKAGE_MINETEST_CLIENT=y
BR2_PACKAGE_MINETEST_SERVER=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST=y
BR2_PACKAGE_MESA3D_OPENGL_GLX=y
BR2_PACKAGE_XORG7=y
[1] https://github.com/glennrp/libpng/tree/v1.6.37/arm
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bf5f4f417a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a
heap-based buffer overflow during JPEG_MARKER_SOS handling because of a
missing length check.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit aab52d8722)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 3052da3eac did not renumber
remaining patches, fix that
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit df2f438616)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit ff9f778c66 (support/gnuconfig: update to 2019-05-28), we
forgot to update the README to reference the sha1 we're using, keeping
the old one from 2016...
Update it now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3bf545da78)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add hash for license file, add sha256 for tarball and update indentation
for hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7f59e2c01a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
matchbox selects expat but does not add it to its dependency resulting
in the following build failure:
configure: error: cannot find expat library
make: *** [/home/buildroot/autobuild/run/instance-2/output-1/build/matchbox-1.2/.stamp_configured] Error 1
Fixes:
- http://autobuild.buildroot.org/results/37021f1d7fcfd890011068a28ce6181dc509e746
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3a784f49eb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When we prepare the release, we generate the manual in various formats,
so that it can be consulted locally without needing the miriads of tools
needed to generate it.
However, this creates the temporary .br2-external.* files in the output
directory, and those end up in the release tarball.
This is not a problem in practice, but is not clean.
Run 'distclean' in the output directory, to get rid of everything but
the generated documentation.
Reported-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bee47598aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use WITH_LIBUSB which is available since version 4.9700 and
f53817577a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a896be19de)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-11945: An issue was discovered in Squid before 5.0.2. A
remote attacker can replay a sniffed Digest Authentication nonce to gain
access to resources that are otherwise forbidden. This occurs because
the attacker can overflow the nonce reference counter (a short integer).
Remote code execution may occur if the pooled token credentials are
freed (instead of replayed as valid credentials).
http://www.squid-cache.org/Advisories/SQUID-2020_4.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b365c64236)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC10 as a host complier has started to trigger these failures
Add upstream patch for
libsepol: remove leftovers of cil_mem_error_handler
libsepol: fix CIL_KEY_* build errors with -fno-common
Fixes:
http://autobuild.buildroot.net/results/1ebeed4bb1b0f5bca493ff687f879367eaeaf868
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Under certain circumstances (host distribution, openssl version),
the qemu-system binary fail to start:
qemu-system-aarch64: symbol lookup error: /lib64/libssh.so.4: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b
There is no problem when only host-qemu is built, but it's linked with /lib64/libcurl.so.4
$ make host-qemu
$ ldd output/host/bin/qemu-system-aarch64
[...]
libcurl.so.4 => /lib64/libcurl.so.4 (0x00007fb21cb57000)
libssh.so.4 => /lib64/libssh.so.4 (0x00007fb21c35d000)
libpsl.so.5 => /lib64/libpsl.so.5 (0x00007fb21c34a000)
libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007fb21c2b4000)
Note: /lib64/libcurl.so.4 is linked with libssh and libssl:
$ ldd /lib64/libcurl.so.4
[...]
libssh.so.4 => /lib64/libssh.so.4 (0x00007f90d8efd000)
libpsl.so.5 => /lib64/libpsl.so.5 (0x00007f90d8eea000)
libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f90d8e54000)
Continue the build.
$ make
We can notice that qemu_aarch64_virt_defconfig set
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
So host-openssl package is built and this is the problem:
$ ldd output/host/bin/qemu-system-aarch64
[...]
libcurl.so.4 => /lib64/libcurl.so.4 (0x00007f3adb444000)
libssh.so.4 => /lib64/libssh.so.4 (0x00007f3adac4a000)
libpsl.so.5 => /lib64/libpsl.so.5 (0x00007f3adac37000)
libssl.so.1.1 => /home/naourr/buildroot/test/qemu_aarch64_virt_defconfig-master/host/lib/libssl.so.1.1 (0x00007f3adaba8000)
qemu-system-aarch64: symbol lookup error: /lib64/libssh.so.4: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b
This is due to the build system trying to find libcurl using
pkg-config or curl-config.
libcurl is used by the QEMU Block driver for CURL images and
elf2dmp tool which is not needed.
Instead of adding host-libcurl dependency, we can disable it
entierely.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e30eaeb10e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This change enables host qemu support for or1k which among other
things allows to test this architecture in gitlab.
The or1k support was named or32 until Qemu 2.9.0 and then renamed or1k
in upstream commit [1]. Since we're already using Qemu 4.2.0, we use
the or1k name.
Tested using qemu_or1k_defconfig.
[1] https://git.qemu.org/?p=qemu.git;a=commit;h=4a09d0bb34ab030e09e87173b2e3ec0fd7616cff
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a41fae16d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
