MKINSTALLDIRS is not automatically called by autotools when
autoreconfigured.
This leads to the following error during install:
`/bin/sh @MKINSTALLDIRS@ /home/dawncrow/buildroot-test/scripts/instance-0/output/target/usr/share
/bin/sh: 0: Can't open @MKINSTALLDIRS@`
because @MKINSTALLDIRS@ doesn't get substituted during autoreconf.
This particular command only gets invoked when NLS is enabled.
Add patch that explicitly calls AM_MKINSTALLDIRS macro to substitute
every @MKINSTALLDIRS@ occurence in *.in Makefile.
Patch is not sent upstream since upstream is dead.
Fixes:
http://autobuild.buildroot.net/results/744/7447c03426556f787f20f7ab2d36f0cacc4af1bd/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 00b733a39b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit 197b5f9d1c ("package/binutils: fix loops relaxation in
xtensa gas") changed the way loop opcodes are relaxed resulting in build
failures in hand-made assembly code that has loops in sections without
.literal_position pseudo op or equivalent construct. This e.g. breaks
xtensa linux kernel build.
Fix that by adding literal position to the beginning of every section.
Fixes: 197b5f9d1c ("package/binutils: fix loops relaxation in xtensa
gas")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit de1d1577d7)
[Peter: drop 2.32 patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in verbose
- CVE-2019-8322: Escape sequence injection vulnerability in gem owner
- CVE-2019-8323: Escape sequence injection vulnerability in API response handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9009823137)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a number of issues discovered post-2.1.2. For details, see:
https://github.com/tpm2-software/tpm2-tss/releases/tag/2.1.3
Drop 002-configure.ac-switch-default-ESAPI-crypto-backend-to-.patch as this
issue is now fixed upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 097ce6b3a8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This moves the BR2_PACKAGE_LINUX_FIRMWARE_TI_CC2560 option to the
Bluetooth section of the config file. This chip is Bluetooth-only, so
it belongs there instead of with the Wi-Fi/Bluetooth combo chips.
Signed-off-by: David Lechner <david@lechnology.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0edbbe548f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit f93596d8ba, systemd is
enabled on arc however systemd-bootchart is not available on this
architecture so add a BR2_PACKAGE_SYSTEMD_BOOTCHART_ARCH_SUPPORTS from
the information retrieved in src/architecture.h
Fixes:
- http://autobuild.buildroot.org/results/84fb51212abf99faa2b7a46b8c44c42a3ca1201c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9c3089c8a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix a bug where cJSON_Minify could overflow it's buffer, both reading
and writing: https://github.com/DaveGamble/cJSON/issues/338.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a45a3997d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a number of post-1.3 fixes. For details, see the announcement:
http://lists.xiph.org/pipermail/opus/2019-April/004318.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b594e6a1b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Default value of CONFIG_SYS_BOOTM_LEN in u-boot causes board reset for
large uImage files, so add u-boot patch to increase the maximum kernel
image size.
Signed-off-by: Shyam Saini <shyam.saini@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7dfcd850b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Update hash of COPYING (update in year:
bb693862a3)
- Include a Security bugfix released in version 5.48: Fixed requesting
client certificate when specified as a global option.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f69da705d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fixes:
- http://autobuild.buildroot.org/results/28a466b98f813edb6402686cc4706766e73e1ff3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a6e6dc1b32)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch enables the inclusion of the Pi's overlays. Previously
the overlays were not included in the genimage configuration.
This patch ensures overlays are included in the sdcard (when
enabled) by defaulting to the inclusion of an empty
output/images/rpi-firmware/overlays directory in genimage cfg.
The Pi's overlays are built with the following config
variables:
BR2_PACKAGE_RPI_FIRMWARE=y
BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTBS=y
BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTB_OVERLAYS=y
BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y
BR2_LINUX_KERNEL_IMAGE_NAME="Image"
BR2_LINUX_KERNEL_IMAGE_TARGET_NAME="Image modules dtbs"
After building, the dtbo files are present in the
output/images/rpi-firmware/overlays directory but not added
to the sdcard because they are missing from the genimage cfg
file.
Signed-off-by: Matt Flax <flatmax@flatmax.org>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Arnout: fix indentation, and add comment explaining why an empty
directory is created.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 51d6d6c580)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We currently do the Linux build as follows:
make <imagename>
if modules enabled; make modules; fi
However, Clement Léger recently reported that due to us not using the
"all" target, the GDB scripts that the kernel can build when
CONFIG_GDB_SCRIPTS is enabled are not built, since upstream kernel
commit 67274c083438340ad16c1437caebc84e1253b224 (merged in v5.1) moved
that logic to a separate scripts_gdb target, which is a dependency of
the "all" target.
While we could add some more logic to explicit generate the
"scripts_gdb" target, this logic would fail on Linux < 5.1 for which
this make target doesn't exist.
So instead, let's simplify the build logic, and use:
make all <imagename>
The "all" target automatically depends on "modules" if CONFIG_MODULES
is set, so we no longer need to explicit generate the "modules" target
separately.
As a result of this change, we may generate additional kernel images
compared to what was done previously, but such images would anyway not
be installed, and the additional build time is minimal.
We did some research as to why the kernel build was done like this in
Buildroot, and it's been like that since linux/linux.mk was added back
in 2010 by commit 487e21cff6 ("New,
simpler, infrastructure for building the Linux kernel").
Reported-by: Clément Leger <cleger@kalray.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ffbe46a529)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A patch was added to the Linux kernel in 5.1.0-rc3 which adds a
requirement that the host build environment include pkg-config. Add the
correct host-pkgconf dependency and environment variables to ensure
Linux picks up the correct libraries.
Move the existing LINUX_MAKE_ENV assignment earlier, to simplify the
append-assignment in the libelf conditional block.
Fixes: #11761
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Stuart Summers <stuart.summers@intel.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Arnout: extend commit message as suggested by Yann]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 615e2edc2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fixes:
- http://autobuild.buildroot.org/results/8f6fdbf8a21967363b737bc771252bcded4278a9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit db430c67a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fix static build on sparc v8 (even if there is no autobuilder failures
yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 98eb10b138)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
thrift uses pkg-config to find openssl dependencies such as lz or
latomic so drop unneeded workaround. This was a leftover from the very
first integration of thrift 0.9.1 in 2013.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8b84b90162)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't pass --with-openssl option to force softether to use pkg-config
(see autotools/ax_check_openssl.m4).
pkg-config will find openssl dependencies such as lz or latomic
Fix static build on sparc v8 (even if there is no autobuilder failures
yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5472d80405)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fix build on sparc v8 (even if there is no autobuilder failures yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d1455b91f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fix build on sparc v8 (even if there is no autobuilder failures yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 056e963119)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fixes:
- http://autobuild.buildroot.org/results/eba8d344446b0db6327c0588c456c14594984f76
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ff5504b4da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to retrieve openssl dependencies such as lz or latomic
Fixes:
- http://autobuild.buildroot.org/results/9bf69f238a63ea28690f7c0dbb8c30feb0afc5ad
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c49482604e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
Notable regressions in sscanf and pthread_key_create introduced in 1.1.21
have also been fixed, along with various other bugs and minor conformance
issues.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 66976dff96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-9494 (cache attack against SAE)
For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- CVE-2019-9495 (cache attack against EAP-pwd)
For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d28897da5e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-9494 (cache attack against SAE)
For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- CVE-2019-9495 (cache attack against EAP-pwd)
For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 736f344755)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
json option has been removed in version 0.9.7 with
06987a24ce
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2bbe9c41c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Instead of README.md, use LICENSE file that has been added in version
0.9.5 with
4d534a60ee
- Add hash of license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d86eb0c8b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2018-8785: FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based
Buffer Overflow in function zgfx_decompress() that results in a memory
corruption and probably even a remote code execution.
- CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer
Truncation that leads to a Heap-Based Buffer Overflow in function
update_read_bitmap_update() and results in a memory corruption and
probably even a remote code execution.
- CVE-2018-8787: FreeRDP prior to version 2.0.0-rc4 contains an Integer
Overflow that leads to a Heap-Based Buffer Overflow in function
gdi_Bitmap_Decompress() and results in a memory corruption and probably
even a remote code execution.
- CVE-2018-8788: FreeRDP prior to version 2.0.0-rc4 contains an
Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that
results in a memory corruption and possibly even a remote code execution.
- CVE-2018-8789: FreeRDP prior to version 2.0.0-rc4 contains several
Out-Of-Bounds Reads in the NTLM Authentication module that results in a
Denial of Service (segfault).
For details, see the upstream PR:
https://github.com/FreeRDP/FreeRDP/pull/5031
Add support to set tls security level (for openssl >= 1.1.0), for RDP
protocol version 10 (needed for windows 10 and windows server
2016). Also have some fix and features, see
e21b72c95f
Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1e91d89bf1)
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Add COPYING to license files as it gives useful info on license
- Add "Public Domain" to XZ_LICENSE (see COPYING)
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dc9b97ab6c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sync builtins ops are strictly required by perf utility as it uses
atomic_xxx() functions.
Otherwise building fails like that:
|.../output/host/opt/ext-toolchain/bin/../lib/gcc/arc-snps-linux-uclibc/8.2.1/../../../../arc-snps-linux-uclibc/bin/ld:
|.../output/build/linux-5.0.7/tools/perf/libperf.a(libperf-in.o): in function `atomic_cmpxchg':
|.../output/build/linux-5.0.7/tools/include/asm-generic/atomic-gcc.h:69: undefined reference to `__sync_val_compare_and_swap_4'
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: drop Config.in comment]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d5edfa6eef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some kernel-selftests are using modprobe options (-n) that are not available
from busybox's modprobe, so make sure that BR2_PACKAGE_KMOD_TOOLS is selected.
[linux-4.19 selftests]$ git grep tput
drivers/gpu/drm_mm.sh:if ! /sbin/modprobe -n -q test-drm_mm; then
drivers/usb/usbip/usbip_test.sh:if ! /sbin/modprobe -q -n usbip_host; then
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c301405c34)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some kernel-selftests are using tput program, so make sure that
BR2_PACKAGE_NCURSES_TARGET_PROGS is selected.
[linux-4.19 selftests]$ git grep tput
[...]
futex/run.sh:tput setf 7 || tput setaf 7
futex/run.sh: tput sgr0
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 633e5121f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
syslog-ng may segfault at startup (during library initialization, before
reaching main) in newer toolchains. I have witnessed it on aarch64 (but with
32-bit arm userland) with glibc 2.28.
Problem is described in syslog-ng issue #2263 [1], which in turn leads to a
problem in 'ivykis' which is shipped with syslog-ng, see ivykis issue #15
[2].
Root cause is that 'pthread_atfork' is used by ivykis but searched by its
configure script in libpthread_nonshared only. In newer toolchains, it seems
this symbol is in libc_nonshared.
Apply a patch someone proposed via pullrequest [3] to the ivykis project,
but which is at this moment not yet merged upstream.
[1] https://github.com/balabit/syslog-ng/issues/2263
[2] https://github.com/buytenh/ivykis/issues/15
[3] https://github.com/buytenh/ivykis/pull/16
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d1467eaa6b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The year was updated.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cf6615d801)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also remove upstream patch 0033.
Fixes the following security issues:
- bpo-36216: Changes urlsplit() to raise ValueError when the URL contains
characters that decompose under IDNA encoding (NFKC-normalization) into
characters that affect how the URL is parsed.
- bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The
cert parser did not handle CRL distribution points with empty DP or URI
correctly. A malicious or buggy certificate can result into segfault.
Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of
Cisco.
- bpo-35121: Don’t send cookies of domain A without Domain attribute to
domain B when domain A is a suffix match of domain B while using a
cookiejar with http.cookiejar.DefaultCookiePolicy policy. Patch by
Karthikeyan Singaravelan.
For more details, see the changelog:
https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-3-final
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6afc83b60f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-3870:
During the provision of a new Active Directory DC, some files in the private/
directory are created world-writable.
https://www.samba.org/samba/security/CVE-2019-3870.html
- CVE-2019-3880:
Authenticated users with write permission can trigger a symlink traversal to
write or detect files outside the Samba share.
https://www.samba.org/samba/security/CVE-2019-3880.html
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.9.6.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8a662ae308)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2019-3835, CVE-2019-3838: A specially crafted PostScript file
could use these flaws to have access to the file system outside of the
constrains imposed by -dSAFER.
Drop upstream patches.
Use the make subst function to compute the download site from version.
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 10a6ea5a30)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On commit 027a8b29f1 pkg-config has been
added to retrieve OpenSSL dependencies, but it's been passed `libssl`
instead of `openssl`, this makes fail some linking. Indeed we need
OpenSSL dependency, so let's use `openssl` with pkg-config.
Substitute `libssl` with `openssl`.
Fixes:
http://autobuild.buildroot.net/results/b225425ee237852bd9fee4ca0b8d24f3e37d64f9/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e38641851a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
During linking one OpenSSL dependecy is missing(-latomic) on linking
library list.
- Substitute explicit library list with `pkg-config libssl` when
BR2_PACKAGE_OPENSSL is enabled. In such way all needed libraries
will be included in linking list.
- Add also `host-pkgconf` to CIVETWEB_DEPENDENCIES if
BR2_PACKAGE_OPENSSL is enabled to make it available for previous
point.
Fixes:
http://autobuild.buildroot.net/results/b2e210bdefe84f4ec9cfda79a33d81788fb7e66c/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 027a8b29f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>