The --arch value on i386 must be "i386", and not i486, i586 or i686,
so let's have a special case for BR2_i386, and use $(BR2_ARCH) for the
other supported CPU architectures.
Fixes:
http://autobuild.buildroot.net/results/01a28789bcec9af66137cbce5a8fda2d606de99f/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit a646cd27b1 (package/freescale-imx/imx-vpu: bump version to
5.4.39.3) somehow messed up when updating the hashes of the licene
files:
>>> imx-vpu 5.4.39.3 Collecting legal info
ERROR: EULA has wrong sha256 hash:
ERROR: expected: a39da2e94bd8b99eaac4325633854620ea3a55145259c3a7748c610a80714cfc
ERROR: got : 7ffad92e72e5f6b23027e7cf93a770a4acef00a92dcf79f22701ed401c5478c0
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
ERROR: COPYING has wrong sha256 hash:
ERROR: expected: 69cbb76b3f10ac5a8c36f34df7bbdf50825815560c00a946fff2922365ef01a2
ERROR: got : 2ceab29de5ea533b86f570bcc4e9ddbfb5fe85a1da4978a8613ff3fd9bed781d
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
The most probable cause is some confusion with imx-vpu-hantro, as the
faulty hashes reported above are those found in imx-vpu-hantro.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[yann.morin.1998@free.fr: rewrite commit log with a probably reason]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
https://security-tracker.debian.org/tracker/CVE-2015-3243
"Rsyslog uses weak permissions for generating log files."
Ignoring this CVE for Buildroot as normally there are not local
users and a build could customize the rsyslog.conf to be more
restrictive ($FileCreateMode 0640).
Example fix from Alpino Linux
3cb5210cda
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 4b21273d71 added upstream (security) patches up to 20200118
and in the commit description it outlines these CVEs were patched.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The CVE can be ignored when the internal TLS impl isn't used.
https://security-tracker.debian.org/tracker/CVE-2021-30004
"Issue only affects the "internal" TLS implementation
(CONFIG_TLS=internal)"
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The CVE can be ignored when the internal TLS impl isn't used.
https://security-tracker.debian.org/tracker/CVE-2021-30004
"Issue only affects the "internal" TLS implementation
(CONFIG_TLS=internal)"
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
https://security-tracker.debian.org/tracker/CVE-2019-6293https://github.com/NixOS/nixpkgs/issues/55386#issuecomment-683792976
"But this bug does not cause stack overflows in the generated code.
The function and file referred to in the bug (mark_beginning_as_normal
in nfa.c) are part of the flex code generator, not part of the
generated code. If flex crashes before generating any code, that
can hardly be a vulnerability. If flex does not crash, the generated
code is fine (or perhaps subject to other unreported bugs, who knows,
but the NFA has been generated correctly)."
Upstream has chosen to not provide a fix
https://github.com/westes/flex/issues/414
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: use actual upstream URL]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is specific to the npm package that installs cmake, so isn't
relevant to Buildroot.
14241ed09f/meta/recipes-devtools/cmake/cmake.inchttps://nvd.nist.gov/vuln/detail/CVE-2016-10642#vulnCurrentDescriptionTitle
"cmake installs the cmake x86 linux binaries. cmake downloads
binary resources over HTTP, which leaves it vulnerable to
MITM attacks. It may be possible to cause remote code
execution (RCE) by swapping out the requested binary with
an attacker controlled binary if the attacker is on the
network or positioned in between the user and the remote server."
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
There had existed in one of the ISC BIND libraries a bug in a
function that was used by dhcpd when operating in DHCPv6 mode.
There was also a bug in dhcpd relating to the use of this function
per its documentation, but the bug in the library function
prevented this from causing any harm. All releases of dhcpd from
ISC contain copies of this, and other, BIND libraries in
combinations that have been tested prior to release and are known
to not present issues like this.
Affects: Builds of dhcpd versions prior to version 4.4.1 when
using BIND versions 9.11.2 or later.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6470
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This CVE is only relevant to the configuration of a specific
RHEL release (6.x).
https://bugzilla.redhat.com/show_bug.cgi?id=1447743
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
bash has a concept of "loadables", which are "plugins" that can be
loaded at runtime by bash to add new builtin. For example:
# type whoami
whoami is hashed (/usr/bin/whoami)
# whoami
root
# enable -f /usr/lib/bash/whoami whoami
# type whoami
whoami is a shell builtin
# whoami
root
# enable -d whoami
# type whoami
whoami is hashed (/usr/bin/whoami)
# whoami
root
bash comes with a set of example loadables, installed in
/usr/lib/bash/. They take 312 KB on ARM32, and are by default not
used, and provide builtins that are for the most part already
available as external commands in Busybox/coreutils:
Makefile.inc finfo mkfifo realpath sync
accept head mktemp rm tee
basename id mypid rmdir truefalse
csv ln pathchk seq tty
cut loadables.h print setpgid uname
dirname logname printenv sleep unlink
fdflags mkdir push strftime whoami
So instead of having them unconditionally installed, add an option to
enable/disable their installation (their build apparently cannot be
disabled via a configure option).
Normally, we try to keep backward compatibility by preserving the
existing behavior. In this case, this would have meant making this
option "default y". But this also breaks our principle of "being
minimal by default", and in this case, it feels preferable to be
"minimal by default" than preserving existing behavior.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
SHOBJ_STATUS=unsupported was added in commit
4a2af11cba to work around a limitation
of the configure script that forgot to set this variable in
static-linking configurations.
It turns out that this issue has been fixed upstream as of bash 5.0:
https://git.savannah.gnu.org/cgit/bash.git/diff/configure.ac?id=d233b485e83c3a784b803fb894280773f16f2deb
(see hunk @@ -1151,6 +1179,9 @@)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We want bash to be installed as /bin/bash. For ages, Buildroot has
been doing this by overriding exec_prefix at install time. First of
all, it would be preferred to do this at configure time. But also,
overriding exec_prefix not only changes where "bash" goes, but also
where the pkgconfig file goes. Due to this, bash.pc goes into
/lib/pkgconfig/, and doesn't get removed by target-finalize.
Since all we want is to have 'bash' as /bin/bash, simply pass
--bindir=/bin at configure time. This allows to use the default target
installation logic for autotools-package. We keep a post-install
target hook to remove /bin/bashbug.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Switch to new OpenPrinting upstream repository.
NOTICE hash change due to date+copyright holder update in:
1bc199354e
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The server part of pupnp (libupnp) appears to be vulnerable to DNS-rebinding
attacks because it does not check the value of the `Host` header.
Fixes CVE-2021-29462
https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix vulnerability to DNS-rebind attacks.
This security fix addresses the same vulnerability isue which was reported
for libupnp (which libnpupnp is derived from) in CVE-2021-29462.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a patch to disable tests through the standard BUILD_TESTING variable
which is already passed by cmake-package.
While at it, drop protobuf dependency which is only needed for tests
This will fix a build failure on toolchains without wchar, toolchains
for sh4 (ICE) or toolchains where gcc is affected by bug 64735.
Upstream thinks that this is unecessary but no additional feedback was
received on how we should handle those build failures
Fixes:
- http://autobuild.buildroot.org/results/1cd24b757d87b963c70bc7ff927c6d983d0b142a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The uftrace tool is to trace and analyze execution of a program
written in C/C++.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hash of the HTML license file has changed due to changes in the
HTML menu and other parts of the page that don't change the license
text itself.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
From the release notes:
================================================================================
Redis 6.2.2 Released Mon April 19 19:00:00 IST 2021
================================================================================
Upgrade urgency: HIGH, if you're using ACL and pub/sub, CONFIG REWRITE, or
suffering from performance regression.
See https://github.com/redis/redis/blob/6.2.2/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
From the changelog:
* Enable SATA RX lane swap
* Add workaround for A-010554 (Improve SATA hard drive detection)
* Add workaround for A-009531 (Wrong IDO bit value for PCIe completion
packets)
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The last release is five years old. To support newer hardware we bump
the package to latest git master branch. For upstream discussion see
github issue 819.
Removed patches, they were all applied upstream.
Added NUT_PRE_CONFIGURE_HOOKS to fix autoreconf:
configure.ac:1994: error: required file 'scripts/augeas/nutupsconf.aug.in' not found
configure.ac:1994: error: required file 'scripts/devd/nut-usb.conf.in' not found
configure.ac:1994: error: required file 'scripts/udev/nut-usbups.rules.in' not found
because upstream autogen.sh creates additional files:
https://github.com/networkupstools/nut/blob/master/autogen.sh
Configure is not cross-compile friendly:
https://github.com/networkupstools/nut/blob/master/m4/ax_c_pragmas.m4#L574
Add ax_cv__printf_string_null=yes to fix cross build.
Removed configure option --without-hal due to upstream removal of hal
files:
5860c09e85
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upgrade to release 2021.4.4 with the following bug fixes:
- regex fails with a quantified backreference but succeeds with
repeated backref
- API is not a drop-in replacement for python's re when it comes
to typing
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also remove patch (already in upstream)
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change to python3 only
- update license file hash:
@@ -1,4 +1,4 @@
-Copyright 2016-2018 Dave Jones <dave@waveform.org.uk>
+SPDX-License-Identifier: BSD-3-Clause
Changelog ([1]):
- Dropped Python 2.x support. Current Python support level is 3.5 and above.
- Added html and css format specifications to the :class:`Color` class'
string-formatting capabilities.
[1] https://github.com/waveform80/colorzero/blob/master/docs/changelog.rst
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Static build with tremor raises a build failure since bump to latest git
tree in commit c8e27f3baa. However, it
should be noted that before this bump, tremor was always disabled in
static builds because vorbisidec detection was broken until
565a9a27cc
Fixes:
- http://autobuild.buildroot.org/results/9634adc433da0e25732eb98675c59d0f96ac93b2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
--without-x is not recognized since at least version 1.2.12:
configure: WARNING: unrecognized options: --disable-gtk-doc, --disable-gtk-doc-html, --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --enable-ipv6, --disable-nls, --without-x
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since version flup-1.0.3.dev20151210, flup needs Python 3. This was
apparently missed in Buildroot commit
ff0f53c04d, which bumped flup from
1.0.3.dev-20110405 to 1.0.3.dev20161029.
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A package for interfacing with iwlib, providing an implementation to
the wireless tools in Linux.
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Kalpesh Panchal <kalpesh.panchal@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a patch release that fixes some minor bugs, tidies the code for
many compiler warnings, and improves windows compatibility. Upgrading
from v2.3.1 is recommended for most people, and essential for people
using platforms experiencing bugs #214 or #207.
https://github.com/librsync/librsync/releases/tag/v2.3.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build with xtensa toolchain is broken since bump to version 2.10.0.2 in
commit 4d5587cb56 indeed patch was dropped
assuming that it was included upstream but this assumption was wrong.
The code was just reworked in version 2.10.0.0 and commit
21e6ea800c
Fixes:
- http://autobuild.buildroot.org/results/ee58ffa7b2f0be46ef7bc0ba38d3142f26a9bce9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build is broken since bump of skalibs to version 2.10.0.2 in commit
4d5587cb56 because skalibs removed
webipc.h in version 2.10.0.0 and
e557bab0dc
So bump to version 1.0.6.1 to retrieve the following commit
ca8d2c96ea
Update hash of COPYING (update in year:
5e17662d131de5c2d7c6)
While at it, also update indentation in hash file (two spaces)
Fixes:
- http://autobuild.buildroot.org/results/fe879267675a80bfc5ba17341144feeee53dc197
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
chardet is a mandatory runtime dependency since version 0.8.2 and
e9344a0916
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>