Commit Graph

44733 Commits

Author SHA1 Message Date
Vadim Kochan
5cb061e1a7 package/git: fix build with NLS enabled
git fails to build with NLS enabled because of weak check
for gettext in configure.ac. The AC_CHECK_LIB(c, gettext ...)
is used to set LIBC_CONTAINS_LIBINTL variable. If the variable
is set then '-libs' is not passed to the linker, but this variable
is set to 'Yes' even libc implementation does not provide libintl
support, the AC_CHECK passes because gcc has gettext builtin.

So use instead AC_LINK_IFELSE with included libintl.h because it
makes gettext to unfold as libintl_gettext which causes AC_CHECK
to fail for cases when gettext is not provided by libc.

Tested by ./utils/test-pkg with NLS disabled/enabled.

Fixes:
	http://autobuild.buildroot.net/results/091b790ca6f5b46d5d29211dc1cb3ff05b62a965
	http://autobuild.buildroot.net/results/a69b58b35b270fdd2df9b076e7030bb594520197
	http://autobuild.buildroot.net/results/f104c4e6ff41b1dd175f2d27f3b4ea7c9b61f7c5
	http://autobuild.buildroot.net/results/ee12bdba398a139995de5f6f6718be6a493541d9
	http://autobuild.buildroot.net/results/74fa6b2bfbb1301e35c9dd1bbc04856c1cbf25f2

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cb3a0177ef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 14:28:57 +02:00
Fabrice Fontaine
cb9972244e package/syslog-ng: fix S01syslog-ng indentation
Don't mix spaces and tabs, use only tabs

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 26c7e2a1a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 14:26:06 +02:00
Fabrice Fontaine
e264eacdb8 package/sysklogd: fix S0{1sys, 2k}logd indentation
Don't mix spaces and tabs, only use tabs

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9064821d0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 14:26:00 +02:00
Fabrice Fontaine
1f1f524fa2 package/rsyslog: fix S01rsyslogd indentation
Don't mix spaces and tabs, only use tabs

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 95a8655fe2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 14:25:52 +02:00
Giulio Benetti
ffb839ce3e package/madplay: fix build when NLS is enabled
MKINSTALLDIRS is not automatically called by autotools when
autoreconfigured.
This leads to the following error during install:

`/bin/sh @MKINSTALLDIRS@ /home/dawncrow/buildroot-test/scripts/instance-0/output/target/usr/share
/bin/sh: 0: Can't open @MKINSTALLDIRS@`

because @MKINSTALLDIRS@ doesn't get substituted during autoreconf.

This particular command only gets invoked when NLS is enabled.

Add patch that explicitly calls AM_MKINSTALLDIRS macro to substitute
every @MKINSTALLDIRS@ occurence in *.in Makefile.

Patch is not sent upstream since upstream is dead.

Fixes:
http://autobuild.buildroot.net/results/744/7447c03426556f787f20f7ab2d36f0cacc4af1bd/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 00b733a39b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 14:23:52 +02:00
Max Filippov
88eff22a9e package/binutils: fix loops relaxation in bare sections
The commit 197b5f9d1c ("package/binutils: fix loops relaxation in
xtensa gas") changed the way loop opcodes are relaxed resulting in build
failures in hand-made assembly code that has loops in sections without
.literal_position pseudo op or equivalent construct. This e.g. breaks
xtensa linux kernel build.

Fix that by adding literal position to the beginning of every section.

Fixes: 197b5f9d1c ("package/binutils: fix loops relaxation in xtensa
gas")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit de1d1577d7)
[Peter: drop 2.32 patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:46:47 +02:00
Peter Korsgaard
c0ce796f57 package/ruby: security bump to version 2.4.6
Fixes the following security issues:

- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in verbose
- CVE-2019-8322: Escape sequence injection vulnerability in gem owner
- CVE-2019-8323: Escape sequence injection vulnerability in API response handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9009823137)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:30:18 +02:00
Peter Korsgaard
dc036559ac package/tpm2-tss: bump version to 2.1.3
Fixes a number of issues discovered post-2.1.2. For details, see:
https://github.com/tpm2-software/tpm2-tss/releases/tag/2.1.3

Drop 002-configure.ac-switch-default-ESAPI-crypto-backend-to-.patch as this
issue is now fixed upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 097ce6b3a8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:30:07 +02:00
David Lechner
37c2ba61e5 package/linux-firmware: move BR2_PACKAGE_LINUX_FIRMWARE_TI_CC2560 to Bluetooth
This moves the BR2_PACKAGE_LINUX_FIRMWARE_TI_CC2560 option to the
Bluetooth section of the config file. This chip is Bluetooth-only, so
it belongs there instead of with the Wi-Fi/Bluetooth combo chips.

Signed-off-by: David Lechner <david@lechnology.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0edbbe548f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:28:45 +02:00
Fabrice Fontaine
585f4c2281 package/systemd-bootchart: add BR2_PACKAGE_SYSTEMD_BOOTCHART_ARCH_SUPPORTS
Since commit f93596d8ba, systemd is
enabled on arc however systemd-bootchart is not available on this
architecture so add a BR2_PACKAGE_SYSTEMD_BOOTCHART_ARCH_SUPPORTS from
the information retrieved in src/architecture.h

Fixes:
 - http://autobuild.buildroot.org/results/84fb51212abf99faa2b7a46b8c44c42a3ca1201c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9c3089c8a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:27:02 +02:00
Fabrice Fontaine
01abefd719 package/cjson: security bump to version 1.7.11
Fix a bug where cJSON_Minify could overflow it's buffer, both reading
and writing: https://github.com/DaveGamble/cJSON/issues/338.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a45a3997d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:25:29 +02:00
Peter Korsgaard
1f699c6147 package/opus: bump version to 1.3.1
Fixes a number of post-1.3 fixes.  For details, see the announcement:

http://lists.xiph.org/pipermail/opus/2019-April/004318.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b594e6a1b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:25:16 +02:00
Shyam Saini
ab80f66b51 configs/asus_tinker_rk3288: adjust U-Boot config to boot larger kernel image
Default value of CONFIG_SYS_BOOTM_LEN in u-boot causes board reset for
large uImage files, so add u-boot patch to increase the maximum kernel
image size.

Signed-off-by: Shyam Saini <shyam.saini@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7dfcd850b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:23:41 +02:00
Fabrice Fontaine
5f1466ec15 package/mutt: fix static build with idn2 and unistring
Fixes:
 - http://autobuild.buildroot.org/results/c9544b4f1a0252e260a2ed19218fa950f4dc2d2d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a78ed3f375)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:22:32 +02:00
Fabrice Fontaine
6f55425e46 package/stunnel: security bump to version 5.53
- Update hash of COPYING (update in year:
  bb693862a3)
- Include a Security bugfix released in version 5.48: Fixed requesting
  client certificate when specified as a global option.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f69da705d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:17:10 +02:00
Fabrice Fontaine
1f47bd3b3c package/stunnel: fix static build with openssl and atomic
Use pkg-config to find openssl dependencies such as lz or latomic

Fixes:
 - http://autobuild.buildroot.org/results/28a466b98f813edb6402686cc4706766e73e1ff3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a6e6dc1b32)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:17:04 +02:00
Matt Flax
b05381cbb5 Fix rasberry Pi 64bit firmware overlay inclusion
This patch enables the inclusion of the Pi's overlays. Previously
the overlays were not included in the genimage configuration.
This patch ensures overlays are included in the sdcard (when
enabled) by defaulting to the inclusion of an empty
output/images/rpi-firmware/overlays directory in genimage cfg.

The Pi's overlays are built with the following config
variables:
BR2_PACKAGE_RPI_FIRMWARE=y
BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTBS=y
BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTB_OVERLAYS=y
BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y
BR2_LINUX_KERNEL_IMAGE_NAME="Image"
BR2_LINUX_KERNEL_IMAGE_TARGET_NAME="Image modules dtbs"

After building, the dtbo files are present in the
output/images/rpi-firmware/overlays directory but not added
to the sdcard because they are missing from the genimage cfg
file.

Signed-off-by: Matt Flax <flatmax@flatmax.org>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Arnout: fix indentation, and add comment explaining why an empty
         directory is created.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit 51d6d6c580)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:14:25 +02:00
Thomas Petazzoni
71ce6efa3c linux: simplify LINUX_BUILD_CMDS
We currently do the Linux build as follows:

   make <imagename>
   if modules enabled; make modules; fi

However, Clement Léger recently reported that due to us not using the
"all" target, the GDB scripts that the kernel can build when
CONFIG_GDB_SCRIPTS is enabled are not built, since upstream kernel
commit 67274c083438340ad16c1437caebc84e1253b224 (merged in v5.1) moved
that logic to a separate scripts_gdb target, which is a dependency of
the "all" target.

While we could add some more logic to explicit generate the
"scripts_gdb" target, this logic would fail on Linux < 5.1 for which
this make target doesn't exist.

So instead, let's simplify the build logic, and use:

  make all <imagename>

The "all" target automatically depends on "modules" if CONFIG_MODULES
is set, so we no longer need to explicit generate the "modules" target
separately.

As a result of this change, we may generate additional kernel images
compared to what was done previously, but such images would anyway not
be installed, and the additional build time is minimal.

We did some research as to why the kernel build was done like this in
Buildroot, and it's been like that since linux/linux.mk was added back
in 2010 by commit 487e21cff6 ("New,
simpler, infrastructure for building the Linux kernel").

Reported-by: Clément Leger <cleger@kalray.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ffbe46a529)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:04:09 +02:00
Stuart Summers
e08d1aa6d6 linux: use host pkg-config when host libelf is set
A patch was added to the Linux kernel in 5.1.0-rc3 which adds a
requirement that the host build environment include pkg-config. Add the
correct host-pkgconf dependency and environment variables to ensure
Linux picks up the correct libraries.

Move the existing LINUX_MAKE_ENV assignment earlier, to simplify the
append-assignment in the libelf conditional block.

Fixes: #11761

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Stuart Summers <stuart.summers@intel.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Arnout: extend commit message as suggested by Yann]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit 615e2edc2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:01:02 +02:00
Fabrice Fontaine
a7da7760f8 package/netsnmp: fix static build with openssl
Use pkg-config to find openssl dependencies such as lz or latomic

Fixes:
 - http://autobuild.buildroot.org/results/8f6fdbf8a21967363b737bc771252bcded4278a9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit db430c67a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:00:24 +02:00
Fabrice Fontaine
cb1497a4aa package/ipsec-tools: fix static build with openssl and atomic
Use pkg-config to find openssl dependencies such as lz or latomic

Fix static build on sparc v8 (even if there is no autobuilder failures
yet)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 98eb10b138)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:59:52 +02:00
Fabrice Fontaine
5af3db7461 package/msmtp: drop unneeded static openssl workaround
msmtp uses pkg-config to find openssl dependencies such as lz or latomic
so drop unneeded openssl workaround that was added by
https://git.buildroot.net/buildroot/commit/package/msmtp?id=468bbc1538aaea87beaf455a2ad6ea5a255d5f58

I don't know why it was added seven years ago as msmtp already used
pkg-config at this time:
https://github.com/marlam/msmtp-mirror/blob/rel-1-4-27/configure.ac

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 117108d59c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:58:56 +02:00
Fabrice Fontaine
a5f0433687 package/thrift: drop unneeded static openssl workaround
thrift uses pkg-config to find openssl dependencies such as lz or
latomic so drop unneeded workaround. This was a leftover from the very
first integration of thrift 0.9.1 in 2013.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8b84b90162)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:58:38 +02:00
Fabrice Fontaine
2615bba75e package/softether: fix static build with openssl and atomic
Don't pass --with-openssl option to force softether to use pkg-config
(see autotools/ax_check_openssl.m4).

pkg-config will find openssl dependencies such as lz or latomic

Fix static build on sparc v8 (even if there is no autobuilder failures
yet)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5472d80405)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:57:45 +02:00
Fabrice Fontaine
440c933d3c package/hostapd: fix static build with openssl and atomic
Use pkg-config to find openssl dependencies such as lz or latomic

Fix build on sparc v8 (even if there is no autobuilder failures yet)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d1455b91f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:56:39 +02:00
Fabrice Fontaine
88019952d5 package/wpa_supplicant: fix static build with openssl and atomic
Use pkg-config to find openssl dependencies such as lz or latomic

Fix build on sparc v8 (even if there is no autobuilder failures yet)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 056e963119)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:56:33 +02:00
Fabrice Fontaine
5bc5a2b3db package/pure-ftpd: fix static build with openssl and latomic
Use pkg-config to find openssl dependencies such as lz or latomic

Fixes:
 - http://autobuild.buildroot.org/results/eba8d344446b0db6327c0588c456c14594984f76

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ff5504b4da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:55:41 +02:00
Fabrice Fontaine
c5814dcad4 package/libfreefare: fix static build with latomic
Use pkg-config to retrieve openssl dependencies such as lz or latomic

Fixes:
 - http://autobuild.buildroot.org/results/9bf69f238a63ea28690f7c0dbb8c30feb0afc5ad

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c49482604e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:54:15 +02:00
Jörg Krause
9f832e5277 package/musl: bump to version 1.1.22
From the release notes:
Notable regressions in sscanf and pthread_key_create introduced in 1.1.21
have also been fixed, along with various other bugs and minor conformance
issues.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 66976dff96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:52:51 +02:00
Peter Korsgaard
4238369b54 package/wpa_supplicant: add upstream 2019-1, 2, 3, 4 security patches
Fixes the following security vulnerabilities:

- CVE-2019-9494 (cache attack against SAE)

For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt

- CVE-2019-9495 (cache attack against EAP-pwd)

For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt

- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)

For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt

- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)

For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt

Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d28897da5e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:50:15 +02:00
Peter Korsgaard
084f230842 package/hostapd: add upstream 2019-1, 2, 3, 4 security patches
Fixes the following security vulnerabilities:

- CVE-2019-9494 (cache attack against SAE)

For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt

- CVE-2019-9495 (cache attack against EAP-pwd)

For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt

- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)

For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt

- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)

For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt

Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 736f344755)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:49:55 +02:00
Fabrice Fontaine
3f62d96cd6 package/lldpd: remove --without-json
json option has been removed in version 0.9.7 with
06987a24ce

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2bbe9c41c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:44:09 +02:00
Fabrice Fontaine
56e57b144f package/lldpd: update license file
- Instead of README.md, use LICENSE file that has been added in version
  0.9.5 with
  4d534a60ee
- Add hash of license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d86eb0c8b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:20:56 +02:00
Fabrice Fontaine
6de205f8be package/freerdp: fix build without xfixes
Fixes:
 - http://autobuild.buildroot.org/results/69245e574787bada718c52c805ec137041dc233d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 41da6f02ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:19:40 +02:00
Alexey Lukyanchuk
942da943f3 package/freerdp: security bump to version 2.0.0-rc4
Fixes the following security issues:

- CVE-2018-8785: FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based
  Buffer Overflow in function zgfx_decompress() that results in a memory
  corruption and probably even a remote code execution.

- CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer
  Truncation that leads to a Heap-Based Buffer Overflow in function
  update_read_bitmap_update() and results in a memory corruption and
  probably even a remote code execution.

- CVE-2018-8787: FreeRDP prior to version 2.0.0-rc4 contains an Integer
  Overflow that leads to a Heap-Based Buffer Overflow in function
  gdi_Bitmap_Decompress() and results in a memory corruption and probably
  even a remote code execution.

- CVE-2018-8788: FreeRDP prior to version 2.0.0-rc4 contains an
  Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that
  results in a memory corruption and possibly even a remote code execution.

- CVE-2018-8789: FreeRDP prior to version 2.0.0-rc4 contains several
  Out-Of-Bounds Reads in the NTLM Authentication module that results in a
  Denial of Service (segfault).

For details, see the upstream PR:
https://github.com/FreeRDP/FreeRDP/pull/5031

Add support to set tls security level (for openssl >= 1.1.0), for RDP
protocol version 10 (needed for windows 10 and windows server
2016). Also have some fix and features, see
e21b72c95f

Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1e91d89bf1)
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:15:44 +02:00
Bernd Kuhls
38ee47cc9c package/rapidxml: fix install path
kodi-pvr-iptvsimple as of
d27b3ed1d3

depends on rapidxml but expects the headers in usr/include/rapidxml
instead of usr/include.

This changes the install path to be consistent with Debian and Gentoo:

https://packages.debian.org/stretch/all/librapidxml-dev/filelist
https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/rapidxml/rapidxml-1.13-r1.ebuild#n22

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b0209a99e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 20:48:33 +02:00
Fabrice Fontaine
532af46554 package/xz: update license
- Add COPYING to license files as it gives useful info on license
- Add "Public Domain" to XZ_LICENSE (see COPYING)
- Add hash for license files

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dc9b97ab6c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 20:46:22 +02:00
Yann E. MORIN
e880e269dc package/linux-tools: fix kconfig coding style
Fix coding style introduced in d5edfa6eef (package/linux-tools/perf: add
dependency on 32-bit sync builtins).

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3fd181bdcc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 17:23:52 +02:00
Alexey Brodkin
b9e934bfbf package/linux-tools/perf: add dependency on 32-bit sync builtins
Sync builtins ops are strictly required by perf utility as it uses
atomic_xxx() functions.

Otherwise building fails like that:
|.../output/host/opt/ext-toolchain/bin/../lib/gcc/arc-snps-linux-uclibc/8.2.1/../../../../arc-snps-linux-uclibc/bin/ld:
|.../output/build/linux-5.0.7/tools/perf/libperf.a(libperf-in.o): in function `atomic_cmpxchg':
|.../output/build/linux-5.0.7/tools/include/asm-generic/atomic-gcc.h:69: undefined reference to `__sync_val_compare_and_swap_4'

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: drop Config.in comment]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit d5edfa6eef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 17:23:38 +02:00
Romain Naour
9c5f6b89c3 package/linux-tools: some selftests needs kmod's modprobe
Some kernel-selftests are using modprobe options (-n) that are not available
from busybox's modprobe, so make sure that BR2_PACKAGE_KMOD_TOOLS is selected.

[linux-4.19 selftests]$ git grep tput
drivers/gpu/drm_mm.sh:if ! /sbin/modprobe -n -q test-drm_mm; then
drivers/usb/usbip/usbip_test.sh:if ! /sbin/modprobe -q -n usbip_host; then

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c301405c34)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 17:23:25 +02:00
Romain Naour
c6f30d355c package/linux-tools: some selftests needs tput
Some kernel-selftests are using tput program, so make sure that
BR2_PACKAGE_NCURSES_TARGET_PROGS is selected.

[linux-4.19 selftests]$ git grep tput
[...]
futex/run.sh:tput setf 7 || tput setaf 7
futex/run.sh:    tput sgr0

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 633e5121f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 17:23:19 +02:00
Romain Naour
058c89f1e6 package/linux-tools: some selftests needs util-linux schedutils
Some kernel-selftests are using taskset program, so make sure that
BR2_PACKAGE_UTIL_LINUX_SCHEDUTILS is selected.

[linux-4.19 selftests]$ git grep taskset
bpf/test_progs.c:       assert(system("taskset 0x1 ./urandom_read 100000") == 0);
cpu-hotplug/cpu-on-off-test.sh: taskset -p 01 $$
cpufreq/main.sh:        taskset -p 01 $$
netfilter/nft_trans_stress.sh:        ip netns exec "$testns" taskset $mask ping -4 127.0.0.1 -fq > /dev/null &
netfilter/nft_trans_stress.sh:        ip netns exec "$testns" taskset $mask ping -6 ::1 -fq > /dev/null &
rcutorture/bin/jitter.sh:       if ! taskset -p $cpumask $$ > /dev/null 2>&1

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6af93482d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 17:23:11 +02:00
Thomas De Schampheleire
05f41b5a43 package/syslog-ng: fix segfault on startup due to pthread_atfork
syslog-ng may segfault at startup (during library initialization, before
reaching main) in newer toolchains. I have witnessed it on aarch64 (but with
32-bit arm userland) with glibc 2.28.

Problem is described in syslog-ng issue #2263 [1], which in turn leads to a
problem in 'ivykis' which is shipped with syslog-ng, see ivykis issue #15
[2].

Root cause is that 'pthread_atfork' is used by ivykis but searched by its
configure script in libpthread_nonshared only. In newer toolchains, it seems
this symbol is in libc_nonshared.

Apply a patch someone proposed via pullrequest [3] to the ivykis project,
but which is at this moment not yet merged upstream.

[1] https://github.com/balabit/syslog-ng/issues/2263
[2] https://github.com/buytenh/ivykis/issues/15
[3] https://github.com/buytenh/ivykis/pull/16

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d1467eaa6b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 15:57:47 +02:00
Adam Duskett
3df4ea4694 package/python3: fix hash for license file
The year was updated.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cf6615d801)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 15:53:08 +02:00
Adam Duskett
0012baabfc package/python3: security bump version to 3.7.3
Also remove upstream patch 0033.

Fixes the following security issues:

- bpo-36216: Changes urlsplit() to raise ValueError when the URL contains
  characters that decompose under IDNA encoding (NFKC-normalization) into
  characters that affect how the URL is parsed.

- bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module.  The
  cert parser did not handle CRL distribution points with empty DP or URI
  correctly.  A malicious or buggy certificate can result into segfault.
  Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of
  Cisco.

- bpo-35121: Don’t send cookies of domain A without Domain attribute to
  domain B when domain A is a suffix match of domain B while using a
  cookiejar with http.cookiejar.DefaultCookiePolicy policy.  Patch by
  Karthikeyan Singaravelan.

For more details, see the changelog:
https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-3-final

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6afc83b60f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 15:51:47 +02:00
Peter Korsgaard
1c5dd5d934 package/samba4: security bump to version 4.9.6
Fixes the following security vulnerabilities:

 - CVE-2019-3870:
   During the provision of a new Active Directory DC, some files in the private/
   directory are created world-writable.
   https://www.samba.org/samba/security/CVE-2019-3870.html

 - CVE-2019-3880:
   Authenticated users with write permission can trigger a symlink traversal to
   write or detect files outside the Samba share.
   https://www.samba.org/samba/security/CVE-2019-3880.html

For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.9.6.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8a662ae308)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:29:00 +02:00
Baruch Siach
8db0d3901d package/ghostscript: security bump to version 9.27
Fixes CVE-2019-3835, CVE-2019-3838: A specially crafted PostScript file
could use these flaws to have access to the file system outside of the
constrains imposed by -dSAFER.

Drop upstream patches.

Use the make subst function to compute the download site from version.

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 10a6ea5a30)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:27:09 +02:00
Fabrice Fontaine
2004e75d35 package/xserver_xorg-server: disable unit tests
Fixes:
 - http://autobuild.buildroot.org/results/95a5004c9245f1f90758631b02e17d3df12812ec

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c41d8ba066)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:26:19 +02:00
Giulio Benetti
89029b28b5 package/civetweb: fix linking failure caused by wrong argument passed to pkg-config
On commit 027a8b29f1 pkg-config has been
added to retrieve OpenSSL dependencies, but it's been passed `libssl`
instead of `openssl`, this makes fail some linking. Indeed we need
OpenSSL dependency, so let's use `openssl` with pkg-config.

Substitute `libssl` with `openssl`.

Fixes:

  http://autobuild.buildroot.net/results/b225425ee237852bd9fee4ca0b8d24f3e37d64f9/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e38641851a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:22:37 +02:00
Giulio Benetti
18f8a9d00c package/civetweb: fix link failure due to missing OpenSSL dependency
During linking one OpenSSL dependecy is missing(-latomic) on linking
library list.

- Substitute explicit library list with `pkg-config libssl` when
  BR2_PACKAGE_OPENSSL is enabled. In such way all needed libraries
  will be included in linking list.

- Add also `host-pkgconf` to CIVETWEB_DEPENDENCIES if
  BR2_PACKAGE_OPENSSL is enabled to make it available for previous
  point.

Fixes:

  http://autobuild.buildroot.net/results/b2e210bdefe84f4ec9cfda79a33d81788fb7e66c/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 027a8b29f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:22:26 +02:00