- disable doc generation (via sphinx) for host build
Reduces host-qemu build time from (on a system with sphinx installed):
real 2m5,522s
user 9m41,292s
sys 1m9,732s
to:
real 1m9,183s
user 8m40,131s
sys 1m9,533s
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit df857f6e0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Seen with the IconvGNU transcoder when parsing "<aaa.xsdopengis.net/gml\x96".
The reason is that XMLString::transcode(repText2, manager) throws a TranscodingException
which causes the tmp1 string to leak.
Upstream: 1bdf6d8ba8
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a2c02a8c2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
16.15.0:
- ASTERISK-29057: pjsip: Crash on call rejection during high load
16.15.1:
- AST-2020-003: Remote crash in res_pjsip_diversion
A crash can occur in Asterisk when a SIP message is received that has a
History-Info header, which contains a tel-uri.
https://downloads.asterisk.org/pub/security/AST-2020-003.pdf
- AST-2020-004: Remote crash in res_pjsip_diversion
A crash can occur in Asterisk when a SIP 181 response is received that has
a Diversion header, which contains a tel-uri.
https://downloads.asterisk.org/pub/security/AST-2020-004.pdf
16.16.0:
- ASTERISK-29219: res_pjsip_diversion: Crash if Tel URI contains History-Info
16.16.1:
- AST-2021-001: Remote crash in res_pjsip_diversion
If a registered user is tricked into dialing a malicious number that sends
lots of 181 responses to Asterisk, each one will cause a 181 to be sent
back to the original caller with an increasing number of entries in the
“Supported” header. Eventually the number of entries in the header
exceeds the size of the entry array and causes a crash.
https://downloads.asterisk.org/pub/security/AST-2021-001.pdf
- AST-2021-002: Remote crash possible when negotiating T.38
When re-negotiating for T.38 if the initial remote response was delayed
just enough Asterisk would send both audio and T.38 in the SDP. If this
happened, and the remote responded with a declined T.38 stream then
Asterisk would crash.
https://downloads.asterisk.org/pub/security/AST-2021-002.pdf
- AST-2021-003: Remote attacker could prematurely tear down SRTP calls
An unauthenticated remote attacker could replay SRTP packets which could
cause an Asterisk instance configured without strict RTP validation to
tear down calls prematurely.
https://downloads.asterisk.org/pub/security/AST-2021-003.pdf
- AST-2021-004: An unsuspecting user could crash Asterisk with multiple
hold/unhold requests
Due to a signedness comparison mismatch, an authenticated WebRTC client
could cause a stack overflow and Asterisk crash by sending multiple
hold/unhold requests in quick succession.
https://downloads.asterisk.org/pub/security/AST-2021-004.pdf
- AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver
Given a scenario where an outgoing call is placed from Asterisk to a
remote SIP server it is possible for a crash to occur.
https://downloads.asterisk.org/pub/security/AST-2021-005.pdf
16.16.2:
- AST-2021-006: Crash when negotiating T.38 with a zero port
When Asterisk sends a re-invite initiating T.38 faxing and the endpoint
responds with a m=image line and zero port, a crash will occur in
Asterisk.
This is a reoccurrence of AST-2019-004.
https://downloads.asterisk.org/pub/security/AST-2021-006.pdf
16.17.0:
- ASTERISK-29203 / AST-2021-002 — Another scenario is causing a crash
- ASTERISK-29260: sRTP Replay Protection ignored; even tears down long calls
- ASTERISK-29227: res_pjsip_diversion: sending multiple 181 responses causes
memory corruption and crash
16.19.1:
- AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver
When Asterisk receives a re-INVITE without SDP after having sent a BYE
request a crash will occur. This occurs due to the Asterisk channel no
longer being present while code assumes it is.
https://downloads.asterisk.org/pub/security/AST-2021-007.pdf
- AST-2021-008: Remote crash when using IAX2 channel driver
If the IAX2 channel driver receives a packet that contains an unsupported
media format it can cause a crash to occur in Asterisk.
https://downloads.asterisk.org/pub/security/AST-2021-008.pdf
- AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during
handshake
Depending on the timing, it’s possible for Asterisk to crash when using a
TLS connection if the underlying socket parent/listener gets destroyed
during the handshake.
https://downloads.asterisk.org/pub/security/AST-2021-009.pdf
16.20.0:
- ASTERISK-29415: Crash in PJSIP TLS transport
- ASTERISK-29381: chan_pjsip: Remote denial of service by an authenticated
user
In addition, a large number of bugfixes.
Drop now upstreamed
0006-AC_HEADER_STDC-causes-a-compile-failure-with-autoconf-2-70.patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 289a15f33b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump of autoconf to version
2.71 in commit ecd54b65c1:
configure: error: *** ANSI C header files not found.
Fixes:
- http://autobuild.buildroot.org/results/e7dc47da7863a5dc492154f620c4fcebafccf6ea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ae68285509)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-41159: Improper client input validation for gateway
connections allows to overwrite memory
- Fix CVE-2021-41160: Improper region checks in all clients allow out of
bound write to memory
https://github.com/FreeRDP/FreeRDP/releases/tag/2.4.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f5dc5f47f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Link with -latomic if needed to avoid the following build failure since
bump to version 2.0.1 in commit 0f8d4a6ecd
and
5528267b54:
/tmp/instance-0/output-1/per-package/gensio/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: ../lib/.libs/libgensio.so: undefined reference to `__atomic_fetch_add_4'
Fixes:
- http://autobuild.buildroot.org/results/2114f9cb3d820fc620932e793f53341a0c1f10bc
- http://autobuild.buildroot.org/results/c1b397eea1c2eda19149844cec4a87d55651862d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 92f367b474)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Workaround for gcc bug 68485 doesn't work anymore since bump to version
3.21 in commit 5b3e721399 because CXXFLAGS
is appended after CFLAGS and does not contain -O0:
/tmp/instance-7/output-1/host/bin/microblazeel-linux-gcc -o rtcm2_json.os -c --sysroot=/tmp/instance-7/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot -pthread -Wall -Wcast-align -Wextra -Wimplicit-fallthrough -Wmissing-declarations -Wmissing-prototypes -Wno-missing-field-initializers -Wno-uninitialized -Wpointer-arith -Wreturn-type -Wstrict-prototypes -Wvla -O0 -Os -g0 -pthread -fPIC -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/tmp/instance-7/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot/usr/include/dbus-1.0 -I/tmp/instance-7/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot/usr/lib/dbus-1.0/include rtcm2_json.c
during RTL pass: reload
rtcm2_json.c: In function ‘json_rtcm2_read’:
rtcm2_json.c:267:1: internal compiler error: in gen_reg_rtx, at emit-rtl.c:1155
267 | }
| ^
It should be noted that GPSD_CXXFLAGS was added 5 years ago with commit
b4c050e9af but was not actually used in
that commit or any later.
Fixes:
- http://autobuild.buildroot.org/results/fab33f25b08fa218af91640fdbd8c0dcf1d07228
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 922cd6f64c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add option that enables gpsd python support including modules, tools,
and gpsfake test harness. If python is enabled then install python
modules unconditionally. Note that gpsd python modules run compatibly
under Python 2 and 3.x for x >= 2. So enable gpsd python support when
any Python version is enabled in board configuration. If no Python is
enabled, but gpsd Python support is requested, then select Python 3.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f3ef0723cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update gpsd to latest release v3.21:
- bump version
- update checksums
- remove patch for v3.20: it is not needed for v3.21
- remove obsolete options and add them to Config.in.legacy
Signed-off-by: Olivier Dautricourt <olivier.dautricourt@orolia.com>
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5b3e721399)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The pkg-stats script queries release-monitoring.org to find the latest
upstream versions of our packages. However, up until recently,
release-monitoring.org had no notion of stable
vs. development/release-candidate versions, so for some packages the
"latest" version was in fact a development/release-candidate version
that we didn't want to package in Buildroot.
However, in recent time, release-monitoring.org has gained support for
differentiating stable vs. development releases of upstream
projects. See for example
https://release-monitoring.org/project/10024/ for the glib library,
which has a number of versions marked "Pre-release".
The JSON blurb returned by release-monitoring.org has 3 relevant
fields:
- "version", which we are using currently, which is a string
containing the reference of the latest version, including
pre-release.
- "versions", which is an array of strings listing all versions,
pre-release or not.
- "stable_versions", which is an array of string listing only
non-pre-release versions. It is ordered newest first to oldest
last.
So, this commit changes from using 'version' to using
'stable_versions[0]'.
As an example, before this change, pkg-stats reports that nfs-utils
needs to be bumped to 2.5.5rc3, while after this patch, it reports
that nfs-utils is already at 2.5.4, and that this is the latest stable
version (modulo an issue where Buildroot has 2.5.4 and
release-monitoring.org has 2-5-4, this will be addressed separately).
Note that part of this change was already done in commit f7b0e0860, but
it was incomplete.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 11efcb39b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The pkg-stats scripts tries to match packages against
release-monitoring.org in two ways:
- First by using the "Buildroot" distribution registered on
release-monitoring.org, in which we have added a lot of mappings
between Buildroot package names and release-monitoring.org package
names. If there is a match using this distribution, the package
status is RM_API_STATUS_FOUND_BY_DISTRO, which means that the
resulting HTML has a "found by distro" statement.
- Then, if the first solution didn't work, by using the pattern
matching, as done in the check_package_get_latest_version_by_guess()
function.
However, there is a bug in this later case: it sets the package status
to RM_API_STATUS_FOUND_BY_DISTRO as well, while it should have been
RM_API_STATUS_FOUND_BY_PATTERN. Due to this bug, in the resulting HTML
file from a pkg-stats run, all packages are marked as "found by
distro" even the ones that are "found by guess".
This commit fixes that by setting the correct package status.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9602fd94e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For example with libpng: 1.6.37 instead of 1.7.0beta89
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[yann.morin.1998@free.fr: coalesce into a single line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f7b0e08605)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-41089: Create parent directories inside a chroot during docker
cp to prevent a specially crafted container from changing permissions of
existing files in the host’s filesystem.
- CVE-2021-41091: Lock down file permissions to prevent unprivileged users
from discovering and executing programs in /var/lib/docker.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ce45136df0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-41092: Ensure default auth config has address field set, to
prevent credentials being sent to the default registry.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d53c702419)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On Linux version >= 4.20 in order to have mali working we need to pass
drm_kms_helper.drm_leak_fbdev_smem=1 and at least
drm_kms_helper.drm_fbdev_overalloc=200 to have a double buffer fbdev.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 97408545ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-32765: Hiredis is a minimalistic C client library for the
Redis database. In affected versions Hiredis is vulnurable to integer
overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk`
protocol data. When parsing `multi-bulk` (array-like) replies, hiredis
fails to check if `count * sizeof(redisReply*)` can be represented in
`SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make
this check, it would result in a short allocation and subsequent buffer
overflow.
https://github.com/redis/hiredis/blob/v1.0.2/CHANGELOG.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9e092ba253)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adding the Image format on the Qemu command line avoid this warning:
"WARNING: Image format was not specified for 'output/TestUbi/images/rootfs.ubi' and probing guessed raw.
Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
Specify the 'raw' format explicitly to remove the restrictions."
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1ab2dd6aa5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a comment when kernel is not enabled (missing since the addition of
the package in commit 5b13fc05b3)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b5a48f3584)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a comment when kernel is not enabled (missing since the addition of
the package in commit de591c5c3a)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5eedd33368)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adding myself as co-maintainer of libuev alongside Peter Seiderer, his
initiative, and I am the upstream so seems logical.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 541fb5b581)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
450 4.1.1 <arthur.courtel@smile.fr>: Recipient address rejected: User
unknown in virtual mailbox table
Arthur is no longer at Smile.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6df212931b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d538f3c7a7)
[Peter: drop 5.14.x/5.14.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since v0.8 a script 'dfuse-pack.py' is part of the package, which has a
different license.
Fixes: c212a90b61 ("package/dfu-util: bump version to 0.8, add hash, fix SITE url")
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit efef1974c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
DFU 1.1 specification is also supported.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ddafea9c80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported by Jens [0], commit db7d786140 (fs/ext2: fix namespace for
variables) forgot to rename one variable expansion, resulting in the
ext2 label as set by the user to be ignored, with an empty label set.
[0] https://github.com/buildroot/buildroot/commit/db7d78614098#commitcomment-57918423
Reported-by: Jens Maus <mail@jens-maus.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5ece6be60b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Testing buildroot 2021.05 I observed that after first
boot I was having the following folders:
/context:
/system_u:object_r:auditd_log_t
The root of this problem turned to be a difference in the
output of $(selabel_lookup -b file -k /var/log/audit) called
by S02auditd that from this version on looks like:
$ selabel_lookup -b file -k /var/log/audit
Default context: system_u:object_r:auditd_log_t
This patch will cut it to retrieve the type piece only. Unfortunately,
audit has no options to create machine-readable output that is
guaranteed not to change, so that's the best we can do.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e47832c860)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Port the following upstream commit:
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/591/diffs?commit_id=0148a15da1616a868d71abe1b56e3f28cc79533c
This fixes the following build error on mips with GCC10:
CCLD libint10.la
buildroot/output/host/lib/gcc/mips64el-buildroot-linux-gnu/10.3.0/../../../../mips64el-buildroot-linux-gnu/bin/ld: .libs/helper_mem.o:(.bss+0x0): multiple definition of `IOPortBase'; .libs/helper_exec.o:(.bss+0x0): first defined here
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2e52de40d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Repeat after me: "Forcing the value of <pkg>_DEPENDENCIES inside a
conditional is the root of all evil."
Repeat after me: "Forcing the value of <pkg>_DEPENDENCIES inside a
conditional is the root of all evil."
Repeat after me: "Forcing the value of <pkg>_DEPENDENCIES inside a
conditional is the root of all evil."
Repeat after me: "Forcing the value of <pkg>_DEPENDENCIES inside a
conditional is the root of all evil."
Enough? :-)
Due to this mistake, any other GDB_DEPENDENCIES defined before this
assignment were lost. For example, the host-flex host-bison added
inside the GDB_FROM_GIT==y condition were ignored if
BR2_PACKAGE_GDB_DEBUGGER.
Fixes the build of all ARC configurations that have
BR2_PACKAGE_GDB_DEBUGGER enabled.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 97f3ad7af3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
