- Fix CVE-2020-14148: The Server-Server protocol implementation in
ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated
by the IRC_NJOIN() function.
- Fix a static build failure with openssl thanks to
ad86a41eee
- Update indentation in hash file (two spaces)
Fixes:
- http://autobuild.buildroot.org/results/078a7afc432786316a1d2ea03f96444ff741b942
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issue:
* CVE-2020-8619: It was possible to trigger an INSIST failure when a
zone with an interior wildcard label was queried in a certain
pattern.
Release notes:
https://ftp.isc.org/isc/bind9/cur/9.11/RELEASE-NOTES-bind-9.11.20.txt
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Get official tarball and its hash
- Update indentation in hash file (two spaces)
This is a fairly important release which includes performance
improvements and new major CLI features. It also fixes a few corner
cases, making it a recommended upgrade.
https://github.com/facebook/zstd/releases/tag/v1.4.5https://github.com/facebook/zstd/releases/tag/v1.4.4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit 'package/rpi-firmware: fix startup file names' ([1]) the
start and fixup file names are normalized to start.elf/fixup.dat,
adjust the rpi4 genimage config files accordingly.
Fixes:
ERROR: file(rpi-firmware/fixup4.dat): stat(.../images/rpi-firmware/fixup4.dat) failed: No such file or directory
ERROR: vfat(boot.vfat): could not setup rpi-firmware/fixup4.dat
[1] https://git.buildroot.net/buildroot/commit/?id=1bdc0334ff6273761b2e7fda730cdcc7e1f46862
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since version 1.27.3, cups-filters needs dejavu (even if it is only used
for test programs):
1d66106e5a
Add a patch to avoid this build failure when cross-compiling and set
test font path to /dev/null to avoid setting TESTFONT to an incorrect
host path
Fixes:
- http://autobuild.buildroot.org/results/0e141abc57e4185c74adce75cac4215dd8a3108b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2020-7212 (1.25.2 - 1.25.7)
The _encode_invalid_chars function does not remove duplicate percent
encodings in the _percent_encodings array, which combined with the
normalization step could take O(N^2) time to compute for a URL of
length N. This results in a marginally higher CPU consumption
compared to the potential linear time achieved by deduplicating
the _percent_encodings array.
CC: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patches (already in version) and so drop autoreconf
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As spotted by Thomas Petazzoni during review of
https://patchwork.ozlabs.org/project/buildroot/patch/20200713215943.2240412-1-fontaine.fabrice@gmail.com,
oracle-mysql uses its bundled version of zlib if it is not found on the
system
So explictly disable zlib if needed and add a patch fixing build
failures without it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove all patches (already in version)
- Move to meson-package
- Add new gsettings-desktop-schemas mandatory dependency
- gdu option doesn't exist anymore:
1db029df72
- Use new gcrypt otion
- systemd-login option has been replaced by logind option
- avahi option has been replaced by dnsd option
- gtk3 optional dependency has been removed since
dff13283c9
- Disable new sftp backend:
44d45dca5d
- Disable fuse (depends on fuse3 which is not available on buildroot)
- Remove gvfs-less workaround (not installed anymore)
- Update indentation of hash file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE Test package version to OP-TEE release 3.9.0.
Drop patch on scripts/file_to_c.py that is merged in 3.9.0.
Add patch from [1] for related issue found in 3.9.0 xtest tool.
Add patch to default disable xtest regression test 1027 and 1028 that
mandate changes in Linux kernel OP-TEE driver that are not available
in mainline, at least as of Linux kernel v5.7.
[1] e1af176af2
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE OS package version to OP-TEE release 3.9.0.
Update patch on pydrypto/pycryptodome to match 3.9.0.
Add patch on CFG_OPTEE_REVISION_MINOR that was not updated in release
3.9.0 and fixed only few commits above.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
See full changelog : https://github.com/sbabic/swupdate/releases/tag/2020.04
Since commit
82a157e35e,swupdate
only supports using libubootenv to manipulate the U-Boot environment,
and no longer directly using the U-Boot tools, so we adjust the
Config.in help text and .mk logic accordingly.
Regenarated the default .config
Signed-off-by: Joris Offouga <offougajoris@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
--{en,dis}able-libiptc has been dropped since version 2.1.0 and
05443e1efa
So replace it by --{en,dis}able-iptables
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add host-pkgconf dependency, it is only used to find cunit for tests
which are disabled by default but otherwise autoreconf will fail
Fixes:
- http://autobuild.buildroot.org/results/721c9feb96f93c60505a12f546a64a86b7eb36aa
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
EXIV2_ENABLE_LIBXMP has been dropped since version 0.27 and
2784b1f7f7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
EXIV2_ENABLE_BUILD_SAMPLES has been renamed into EXIV2_BUILD_SAMPLES
since version 0.27 and
60d436c969
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update patch and renumber it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version)
- Add zstd optional dependency, available since version 2.10.0 and
1f4758bd7f
- Use the new MZ_LIBBSD option available since version 2.10.0 and
29fcb47680
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Agent++ 4.3.1 does not build if SNMPv3 is disabled due to incorrect #ifdef
clauses, esulting in errors such as:
../include/agent_pp/notification_originator.h:232:39: error: 'snmpCommunityEntry' has not been declared
void set_snmp_community_entry(snmpCommunityEntry* communityEntryRef) {
^
../include/agent_pp/notification_originator.h:296:32: error: 'nlmLogEntry' has not been declared
void set_nlm_log_entry(nlmLogEntry* nlmLogEntryRef) {
^
../include/agent_pp/notification_originator.h:321:9: error: 'nlmLogEntry' does not name a type
nlmLogEntry* _nlmLogEntry;
^
Fixes:
http://autobuild.buildroot.net/results/d7a5fa5ba4ab6c9da23fcc93bf766be9ca630af3/http://autobuild.buildroot.net/results/40ce9bc4bed267dc762a0282a8da0ad1514ad7a8/
...
Fixes: 88355e967f ("package/agentpp: bump version to 4.3.1")
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Prior to gzip 1.10, the compression pipeline used with PCF fonts was
not reproducible due to the implicit -N/--name injecting a timestamp:
$ cat /path/to/file | gzip > /path/to/file.gz
This updates Portable Compiled Format font packages to have a host-gzip
dependency, so gzip version 1.10 or newer will reliably be used.
This change does not affect encodings, which use a seemingly
synonymous compression pipeline, but that happens to be reproducible
with gzip versions at least as old as version 1.3.13:
$ gzip < /path/to/file > /path/to/file.gz
Reported-by: Jordan Speicher <jspeicher@xes-inc.com>
Signed-off-by: Aaron Sierra <asierra@xes-inc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, we delete /usr/share/bash-completion when bash is not enabled.
We need to delete /etc/bash_completion.d too. For example, the jo package
installs files there:
/etc/bash_completion.d/jo.bash
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some toolchains, like the Linaro gcc7 toolchains, now install libstdc++ debug
library symbols to /lib/debug, which can be as large as the library itself.
This commit removes the extra debug content if debugging is not enabled.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removes BR2_PACKAGE_GPSD_PPS config option, since PPS functionality is
no longer optional and always enabled in gpsd's SCons configuration.
Removed passing ntpshm=y to SCons since that feature is also no longer
optional.
Added a patch adapted from changes merged upstream post-3.20 to fix a
build failure during cross-compilation when checking sizeof(time_t)
and where shared libraries were being linked with ld rather than g++.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This includes a patch to fix building with uclibc, where pdbg was
missing a header for ssize_t.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This was supposed to be part of
fce71d09fb, which introduced the
parprouted package, but due to a missed "git commit --amend", it
wasn't included in this commit, so let's add it now.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
- Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
private key that didn't include the uncompressed public key), as well
as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with
a NULL f_rng argument. An attacker with access to precise enough
timing and memory access information (typically an untrusted operating
system attacking a secure enclave) could fully recover the ECC private
key.
- Fix issue in Lucky 13 counter-measure that could make it ineffective
when hardware accelerators were used (using one of the
MBEDTLS_SHAxxx_ALT macros). This would cause the original Lucky 13
attack to be possible in those configurations, allowing an active
network attacker to recover plaintext after repeated timing
measurements under some conditions.
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07
Switch to github to get latest release
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Add a patch to fix build without fork in src/dhcpcd.c. This
regression was introduced in upstream commit
3063ebb6c8ac7c96196fa923cdd5f7c0384de23b, which was merged in dhcpcd
9.0.0. Therefore, Buildroot is affected since we bumped from 8.0.3
to 9.1.4 in commit 809f548e79, which
was applied after 2020.05
- Disable privsep as it unconditionally uses fork (privsep has been
enabled by default since version 9.0.0 and
3a4c2e5604)
Fixes:
- http://autobuild.buildroot.org/results/9fcc88abedcb8a02946f37837dcf4fff02f66c23
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
