Fix CVE-2021-40114: Multiple Cisco products are affected by a
vulnerability in the way the Snort detection engine processes ICMP
traffic that could allow an unauthenticated, remote attacker to cause a
denial of service (DoS) condition on an affected device. The
vulnerability is due to improper memory resource management while the
Snort detection engine is processing ICMP packets. An attacker could
exploit this vulnerability by sending a series of ICMP packets through
an affected device. A successful exploit could allow the attacker to
exhaust resources on the affected device, causing the device to reload.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UUhttps://www.snort.org/downloads/snort/changelog_2.9.18.1.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenJDK 17 is a new LTS release, which leaves the Buildroot Config option of
"LTS" and "LATEST" as a misnomer because both 11 and 17 are LTS releases.
There are two options in this case:
1) Remove "LATEST" and update OpenJDK 11 to 17, and only support 17.
2) Change "LTS" to "11" and "LATEST" to "17" and only support the latest 2 LTS
OpenJDK releases.
After some discussion with Thomas Petazzoni and Peter Korsgaard, and testing,
option 2 is the best course of action for a few reasons:
- OpenJDK 11 and 17 have very long support cycles:
- OpenJDK 11 has two years of Active and five years of security support left.
- OpenJDK 17 has five years of Active and ten years of security support left.
- Both OpenJDK versions build with the same parameters.
- The maintenance cost of both versions is meager.
- Both versions pass tests.package.test_openjdk without issue.
Changes:
- Change BR2_OPENJDK_VERSION_LATEST -> BR2_OPENJDK_VERSION_17
- Change BR2_OPENJDK_VERSION_LTS -> BR2_OPENJDK_VERSION_11
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Peter: add Config.in.legacy, use BR2_PACKAGE_OPENJDK_ prefix]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.17.3 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime, the
go command, the misc/wasm directory, and to the net/http and syscall packages.
https://golang.org/doc/devel/release#go1.17.minor
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump of autoconf to version
2.70 in commit ecd54b65c1:
ERROR: 'IT_PROG_INTLTOOL' must appear in configure.ac for intltool to work.
Fixes:
- http://autobuild.buildroot.org/results/e8bea26f6b12adf16335b24836a7c5c31911af6a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure raised since bump of autoconf to version
2.71 in commit ecd54b65c1 and
http://git.savannah.gnu.org/gitweb/?p=autoconf.git;a=commit;h=ec90049dfcf4538750e61d675d885157fa5ca7f8:
checking for /home/buildroot/autobuild/instance-0/output-1/host/bin/mips-linux-gnu-gcc options needed to detect all undeclared functions... cannot detect
configure: error: in `/home/buildroot/autobuild/instance-0/output-1/build/boinc-7.16.18':
configure: error: cannot make /home/buildroot/autobuild/instance-0/output-1/host/bin/mips-linux-gnu-gcc report undeclared builtins
This error raised because AC_CHECK_DECLS returns an error due to -mavx
flag:
mips-linux-gnu-gcc: error: unrecognized command line option '-mavx'
To fix this build failure, hard code ac_cv_c_undeclared_builtin_options
to 'none needed' as removing '-mavx' from CPPFLAGS will hinder the
detection of xgetbv, xgetbv, __xgetbv, cpuid, _cpuid and __cpuid
Fixes:
- http://autobuild.buildroot.org/results/4b468a5d3bfbff9638316ca930ef791867774aef
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the wrong assumption that six is not a dependency with python3 made
in commit 95a63a34ac to avoid the
following build failure with ca-certificates:
Traceback (most recent call last):
File "/home/buildroot/autobuild/instance-2/output-1/build/ca-certificates-20211016/mozilla/certdata2pem.py", line 31, in <module>
from cryptography import x509
File "/home/buildroot/autobuild/instance-2/output-1/host/lib/python3.9/site-packages/cryptography/x509/__init__.py", line 7, in <module>
from cryptography.x509 import certificate_transparency
File "/home/buildroot/autobuild/instance-2/output-1/host/lib/python3.9/site-packages/cryptography/x509/certificate_transparency.py", line 10, in <module>
import six
ModuleNotFoundError: No module named 'six'
Fixes:
- http://autobuild.buildroot.org/results/2b6872eec31362bf3edf88c69b67d681b2f016aa
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: James Hilliard <james.hilliard1@gmail.com>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with uclibc raised since bump to version
8.2.3565 in commit 5650439b92 and
0a7984af56:
In file included from vim.h:27,
from fileio.c:14:
fileio.c: In function 'time_differs':
auto/config.h:149:22: error: 'stat_T' {aka 'struct stat'} has no member named 'st_mtim'; did you mean 'st_mtime'?
149 | #define ST_MTIM_NSEC st_mtim.tv_nsec
| ^~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/2132f9aa1b0bc618c91f7bf44fbd1b71b9d6ba05
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail is no longer responding:
** Address not found **
Your message wasn't delivered to mirza.krak@northern.tech because the address couldn't be found, or is unable to receive mail.
Learn more here: https://support.google.com/mail/?p=NoSuchUser
The response from the remote server was:
550 5.1.1 The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces. Learn more at https://support.google.com/mail/?p=NoSuchUser bi21si292758edb.0 - gsmtp
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Raspberry-Pis Linux kernel is now based on 5.10.76. The previous release
was 5.10.63.
Signed-off-by: Julien Grossholtz <julien.grossholtz@openest.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build of nano with uclibc < 1.0.35 is broken since bump to version 5.9
in commit 3e62e9b14b:
In file included from ./sys/random.h:40,
from getrandom.c:22:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:27:35: error: unknown type name 'size_t'
27 | extern int getrandom(void *__buf, size_t count, unsigned int flags)
| ^~~~~~
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:8:1: note: 'size_t' is defined in header '<stddef.h>'; did you forget to '#include <stddef.h>'?
7 | #include <features.h>
+++ |+#include <stddef.h>
8 |
Fixes:
- http://autobuild.buildroot.org/results/1932c524aa6b6a3337a0fc21b44adaac60972d30
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following static build failure raised since commit
77f4d2f8ef:
../ipcalc-maxmind.c:41:11: fatal error: dlfcn.h: No such file or directory
41 | # include <dlfcn.h>
| ^~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/5f867aeab9c61538e34b14023d0ba327698d3c04
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
p11-kit is an optional dependency which is enabled by default since the
addition of the package in commit
53873b6dae and softhsm2 needs help to
properly install files:
/usr/bin/install -c -m 644 softhsm2.module '/home/buildroot/autobuild/instance-0/output-1/host/nios2-buildroot-linux-gnu/sysroot/home/buildroot/autobuild/instance-0/output-1/host/bin/../nios2-buildroot-linux-gnu/sysroot/usr/share/p11-kit/modules'
[...]
softhsm2: installs files in /home/buildroot/autobuild/instance-0/output-1/host/nios2-buildroot-linux-gnu/sysroot//home/buildroot/autobuild/instance-0/output-1
package/pkg-generic.mk:330: recipe for target '/home/buildroot/autobuild/instance-0/output-1/build/softhsm2-2.6.1/.stamp_staging_installed' failed
Fixes:
- http://autobuild.buildroot.org/results/a05bb71cfe016f793c89b2a035835718836039c8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The 5.13.x series is now EOL, so drop it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Upstream has .sha256 checksums now, drop redundant .md5
- Upstream has dropped RSRR support, drop Config.in support
- Add BR2_PACKAGE_MROUTED_RSRR to Config.in.legacy
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop Suppression file for musl libc patch which is now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
License hash change due to removal of full license text:
63e781b874
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add firmware for Realtek 8152/8153/8156 based USB Ethernet adapters.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Drop depends on !BR2_PACKAGE_UBOOT_TOOLS_FWPRINTENV as mender-grubenv no
longer uses fw_printenv and fw_setenv and instead provides
grub-mender-grubenv-print and grub-mender-grubenv-set
- Update the LICENSE hash as the year has changed.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Update license files hash due to the progressbar library changing versions
from v0.0.2 to v0.0.3
- Remove HOST_MENDER_ARTIFACT_BUILD_TARGETS = cli/mender-artifact as
commit a79edc3e7632f38de0dfeaa5a3c72567318e8079 removed the
cli/mender-artifact directory.
- Change -X main.Version= to
-X github.com/mendersoftware/mender-artifact/cli.Version
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This file adds a DBus endpoint for the UpdateControlMap, which allows a user
to set the ID and Priority of a given update process
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Use official tarball (and so drop autoreconf and first patch)
- gnutls is an optional dependency since
e490011b68https://github.com/strophe/libstrophe/releases/tag/0.11.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add Giulio Benetti to all Olimex Allwinner boards' defconfigs since I've
recently updated and tested them all and I'd like to receive possible
build failure from gitlab CI/CD.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package has a buildroot local patch
0001-build-Use-MYSQL_CONFIG-variable-instead-of-mysql_con.patch
This patch was submitted and applied upstream.
https://sourceforge.net/p/libdbi-drivers/mailman/message/37370618/
Bumping to this commit allows to discard the no more needed
buildroot local patch.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since I'm the upstream maintainer, it'd be nice to get Cc:ed on any
issues with the package.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Change the comment so it doesn't need to be updated when changing the
version.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The BLK_DEV_IDE_PMAC driver has been removed from the kernel, so use the
libata replacement PATA_MACIO. This requires enabling ATA and BLK_DEV_SD
for the disk to show up, and changing the command line to use /dev/sda.
YENTA depends on PCCARD, so enable it.
The UART does not show up in /dev without DEVTMPFS.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit
40bb37bd70 ("utils/getdeveloperlib.py:
use relative paths for files"), the Developer class was changed to use
relative paths, including for its .hasfile() method.
However the check_developers() function of getdeveloperlib.py was not
updated accordingly, and continued to pass absolute paths. This caused
"get-developers -c" to return the entire list of files in Buildroot as
being unmaintained, as none of them were matching the file listed in
the DEVELOPERS file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In Python 3.x, check_output() returns a "bytes" array, and not a
string. Its result needs to be decoded to be turned into a
string. Without this fix, "get-developers -c" bails out with:
Traceback (most recent call last):
File "/home/thomas/projets/buildroot/./utils/get-developers", line 105, in <module>
__main__()
File "/home/thomas/projets/buildroot/./utils/get-developers", line 53, in __main__
files = getdeveloperlib.check_developers(devs)
File "/home/thomas/projets/buildroot/utils/getdeveloperlib.py", line 280, in check_developers
files = subprocess.check_output(cmd).strip().split("\n")
TypeError: a bytes-like object is required, not 'str'
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2021-25219: Lame cache can be abused to severely degrade resolver
performance
For details, see the advisory:
https://kb.isc.org/docs/cve-2021-25219
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>