Commit abba4e7012 did not succeed in
fixing all parallel build failures because sometimes $(SHARED_OUTDIR) is
created but not $(SHARED_OUTDIR)/db so instead of fixing this mess,
revert the patch and disable parallel build as upstream switched to
cmake
Fixes:
- http://autobuild.buildroot.org/results/9c33692aa130a20b0f8e868156e49990e862d6ee
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fb22931bcf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qemu_aarch64_virt_defconfig (implicitly) specifies cortex-a53, so adjust the
QEMU command line to also emulate a a53 instead of a57.
Also adjust the defconfig to explicitly specify a53 for consistency/clarity.
Signed-off-by: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0203df36ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Overriding variables in packages recipes is an error-prone practice.
Current behavior of installing either only as a script or only as a
binary is intended, as describe in the commit log of "d3e4db4e34
usb_modeswitch: bump to version 1.2.6" from 2013.
Rewrite the code to keep the same behavior while replacing variable
override [1] by conditional assignments [2].
[1]
VAR = ...
if ...
VAR = ...
[2]
if ...
VAR = ...
else
VAR = ...
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e25040d31a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "a554109af8 package/usb_modeswitch: disable parallel build" added
a unicode space in a comment. Replace it with a normal ASCII space for
consistency with elsewhere.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8be8c72c2b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit d1f545004b from 2014
because the added variables already existed. The real problem at the
time was that one of the pre-existent variables had a typo, fixed in a
later commit.
Currently AVRDUDE_LICENSE and AVRDUDE_LICENSE_FILES are declared twice
with the same values for each one. So remove one of them.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Wojciech M. Zabolotny <wzab01@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d6bce837ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since "57ace26b6c package/sdl_sound: add optional support for
libmodplug" from 2016, optional CONF_OPTS are added but they do not
really take effect because there is an unconditional override below the
conditional append.
Currently this does not cause build failures, but it can lead to wrong
detection of dependencies because many explicit --enable/--disable are
not passed to configure.
Fix this by moving the unconditional code to the top.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit df0d7d1371)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "c5b85231fb s6-networking: enable SSL if libressl is selected"
actually dropped the dependency on s6-dns and s6 when libressl is
enabled.
Fix this by using += inside the conditional code.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 30ff614a03)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add backported patches for the following four security issues in libarchive.
There is no new release yet including these patches.
- CVE-2018-1000877 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000877)
"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(),
realloc(rar->lzss.window, new_size) with new_size = 0 that can result in
Crash/DoS. This attack appear to be exploitable via the victim must open a
specially crafted RAR archive."
- CVE-2018-1000878 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000878)
"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c that can result
in Crash/DoS - it is unknown if RCE is possible. This attack appear to be
exploitable via the victim must open a specially crafted RAR archive."
- CVE-2018-1000879 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000879)
"libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards
(release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference
vulnerability in ACL parser - libarchive/archive_acl.c,
archive_acl_from_text_l() that can result in Crash/DoS. This attack appear
to be exploitable via the victim must open a specially crafted archive
file."
- CVE-2018-1000880 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000880)
"libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards
(release v3.2.0 onwards) contains a CWE-20: Improper Input Validation
vulnerability in WARC parser -
libarchive/archive_read_support_format_warc.c, _warc_read() that can result
in DoS - quasi-infinite run time and disk usage from tiny file. This attack
appear to be exploitable via the victim must open a specially crafted WARC
file."
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 17ba24bac1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c331187744)
[Peter: drop 4.19.x/4.20.x, linux / hash changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression
- CVE-2018-16853: Fix S4U2Self crash with MIT KDC build
- CVE-2018-16853: Do not segfault if client is not set
For more info, see the release notes:
https://www.samba.org/samba/history/samba-4.8.8.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The websock_config.h file currently ends up being installed into the
sysroot with a #include "config.h" line but the config.h file does not
get copied into the sysroot. Refactoring the original patch to have the
configure script properly report whether or not SSL support is enabled
without using the config.h file.
Patch has been submitted upstream but may never be merged since upstream
appears to be dead.
https://github.com/payden/libwebsock/pull/38
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f6843a75fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Additional fixes for CVE-2017-9800: Malicious server can execute arbitrary
command on client and a number of crash fixes.
https://svn.apache.org/repos/asf/subversion/tags/1.9.10/CHANGES
Drop upstream SHA1 hash as that is no longer listed. Also add a hash for
the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ed382bf74a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9a76fd4dd6)
[Peter: drop 4.19.x/4.20.x, linux / hash changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused. [Hank Ibell]
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data. [Stefan Eissing]
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052. [Joe Orton]
For more details, see the CHANGES file:
https://www.apache.org/dist/httpd/CHANGES_2.4.38
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7675863549)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 22c80d2a82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The website for rp-pppoe moved from Roaring Penguin's main site to
a personal project page.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 02af305b5c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It seems tekui has parallel build issues since November 2017:
- Fatal error: can't create build/posix/directfb_lua.lo: No such file or directory
- /home/peko/autobuild/instance-3/output/host/bin/microblazeel-buildroot-linux-uclibc-ar: ../../lib/posix/libtekdebug.a: No such file or directory
- Fatal error: can't create build/posix/visual_mod.lo: No such file or directory
So disable parallel build
Fixes:
- http://autobuild.buildroot.org/results/0732568fcbaa6829154fa91c352b52f074384df0
- http://autobuild.buildroot.org/results/580593e79bc4ecdea1dc71d16607e5c88f87403c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c80789c917)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2018-19935: Allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via an empty string in the
message argument to the imap_mail function.
https://www.cvedetails.com/cve/CVE-2018-19935/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other
products, allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via crafted text with
invalid Unicode sequences.
https://nvd.nist.gov/vuln/detail/CVE-2018-15120
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1574dd6d48)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the
function double64_init() in double64.c, which may lead to DoS when playing a
crafted audio file
CVE-2017-17456: The function d2alaw_array() in alaw.c of libsndfile
1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address
0x000000000000), a different vulnerability than CVE-2017-14245
CVE-2017-17457: The function d2ulaw_array() in ulaw.c of libsndfile
1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address
0x000000000000), a different vulnerability than CVE-2017-14246
CVE-2018-13139: A stack-based buffer overflow in psf_memset in common.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a crafted
audio file. The vulnerability can be triggered by the executable
sndfile-deinterleave
CVE-2018-19661: An issue was discovered in libsndfile 1.0.28. There is a
buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a
denial of service
CVE-2018-19662: An issue was discovered in libsndfile 1.0.28. There is a
buffer over-read in the function i2alaw_array in alaw.c that will lead to a
denial of service
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 45014da2b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d9dcf1c5c1)
[Peter: drop 4.19.x/4.20.x, linux / hash changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libmad uses a very old configure script.
When the toolchain lacks C++ and the build machine lacks /lib/cpp, this
old configure script fails because it can't find a C++ preprocessor that
is valid:
checking for arm-buildroot-linux-uclibcgnueabi-g++... no
checking whether we are using the GNU C++ compiler... no
checking whether no accepts -g... no
checking dependency style of no... none
checking how to run the C++ preprocessor... /lib/cpp
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
See `config.log' for more details.
This is yet another case that was tentatively fixed by bd39d11d2e
(core/infra: fix build on toolchain without C++), further amended by
4cd1ab1588 (core: alternate solution to disable C++).
However, this only works on libtool scripts that are recent enough, and
thus we need to autoreconf to get it.
We also need to patch configure.ac so that it does not fail on the
missing, GNU-specific files: NEWS, AUTHORS, and Changelog.
Fixes:
- http://autobuild.buildroot.org/results/6a6aa29295bd70679c3a22a149e79010fa20c1bf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eae18d01ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When linking the host cargo binary, the linker should be told to find
libraries in $(HOST_DIR)/lib, otherwise it will not work libraries
such as libhttp_parser. This was found with per-package directory
support, where the build failed with:
= note: /usr/bin/ld: cannot find -lhttp_parser
collect2: error: ld returned 1 exit status
In order to fix this, instead of passing -L$(HOST_DIR)/lib during the
build of Cargo, we make sure all flags in $(HOST_LDFLAGS) are passed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b5e1b51dd1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- epoll supported since linux-2.5.44/glibc-2.3.2 (see [1])
- dup3 supported since linux-2.6.27/glibc-2.9 (see [2])
- SOCK_CLOEXEC supported on linux (see [3])
- accept4 suppported since linux-2.6.28/glibc-2.10 (see [4])
Fixes [5] apache runtime failure (#11576)
[mpm_event:crit] [pid 173:tid 1996214272] (70023)This function has not been
implemented on this platform: AH00495: Couldn't create a Thread Safe Pollset.
Is it supported on your platform?Also check system or user limits!
[:emerg] [pid 173:tid 1996214272] AH00017: Pre-configuration failed, exiting
[1] http://man7.org/linux/man-pages/man7/epoll.7.html
[2] https://linux.die.net/man/2/dup3
[4] https://linux.die.net/man/2/accept4
[5] https://bugs.busybox.net/show_bug.cgi?id=11576
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7a3b44f445)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This script currently uses "/usr/bin/env python" as shebang but it does
not really support Python3. Instead of limiting the script to Python2,
fix it to support both versions.
So change all imports to absolute imports because Python3 follows PEP328
and dropped implicit relative imports.
In order to avoid errors when decoding files with the default 'utf-8'
codec, use errors="surrogateescape" when opening files, the docs for
open() states: "This is useful for processing files in an unknown
encoding.". This argument is not compatible with Python2 open() so
import 'six' to use it only when running in Python3.
As a consequence the file handler becomes explicit, so use it to close()
the file after it got processed.
This "surrogateescape" is a simple alternative to the complete solution
of opening files with "rb" and changing all functions in the lib*.py
files to use bytes objects instead of strings. The only case we can have
non-ascii/non-utf-8 files being checked by the script are for patch
files when the upstream file to be patched is not ascii or utf-8. There
is currently one case in the tree:
package/urg/0002-urg-gcc6-fix-narrowing-conversion.patch.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Tested-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 02b165dc71)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
This release of wolfSSL includes a fix for 1 security vulnerability.
Medium level fix for potential cache attack with a variant of
Bleichenbacher’s attack. Earlier versions of wolfSSL leaked PKCS #1 v1.5
padding information during private key decryption that could lead to a
potential padding oracle attack. It is recommended that users update to the
latest version of wolfSSL if they have RSA cipher suites enabled and have
the potential for malicious software to be ran on the same system that is
performing RSA operations. Users that have only ECC cipher suites enabled
and are not performing RSA PKCS #1 v1.5 Decryption operations are not
vulnerable. Also users with TLS 1.3 only connections are not vulnerable to
this attack. Thanks to Eyal Ronen (Weizmann Institute), Robert Gillham
(University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir
(Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of
Adelaide and Data61) for the report.
The paper for further reading on the attack details can be found at
http://cat.eyalro.net/cat.pdf
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4e1b3c6e9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
wolfssl is a library, so it should be installed into staging so other
packages can find the header files / library.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ff1d005f80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream post-3.14.0 patch to fix build issue related to missing fips.h
header.
For more details, see:
https://github.com/wolfSSL/wolfssl/issues/1415
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0edfa02eb7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The build fails because $(TARGET_DIR)/bin folder may not exist if for
example to use the following defconfig:
BR2_x86_64=y
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
BR2_SYSTEM_BIN_SH_DASH=y
BR2_TARGET_GENERIC_GETTY_PORT="tty1"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86_64/linux.config"
BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y
BR2_PACKAGE_S6_LINUX_INIT=y
BR2_TARGET_ROOTFS_EXT2=y
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[Peter: use install -D]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 89fdf21d58)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-1000858: Cross Site Request Forgery with arbitrary HTTPS
GET requests via HTTP redirect.
https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d4dbcb036a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The syscfg header name is now based on the target triplet, with the
vendor part set to "unknown". The symlink approach no longer works since
we use "buildroot" for the vendor part. Override the target host
configure parameter to match the build system expectation.
The x86 header vendor part has been renamed to "unknown" as well.
Account for that in BR2_PACKAGE_LIBGPG_ERROR_SYSCFG.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e58b5b1b93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-20685: The scp client allows server to modify permissions
of the target directory by using empty ("D0777 0 \n") or dot ("D0777 0
.\n") directory name.
The bug reporter lists a number of related vulnerabilities that are not
fixed yet:
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8233c66612)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patch #1. uClibc no longer includes pthreads.h indirectly.
Drop patch #2. The sys/param.h header is included indirectly through the
local includes.h header since version 6.8p1.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 458ad4d7b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cc-tool depends on signals2 not signals, indeed only signals2 is used
in src/data/progress_watcher.h and BOOST_SIGNALS defined in
m4/boost.m4 is never used in configure.ac.
There is no need to select any sort of BR2_PACKAGE_BOOST_SIGNALS2
option, as signals2 is a header-only boost library, and such
header-only boost libraries do not have any Config.in options, as they
are all always installed with the base boost library.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: tweak commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 024ed470ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-18342: In PyYAML before 4.1, the yaml.load() API
could execute arbitrary code.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1cf071726d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
