Needed for Kodi 18.x-compatible version of kodi-screensaver-rsxs.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerabilities:
- CVE-2019-9494 (cache attack against SAE)
For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- CVE-2019-9495 (cache attack against EAP-pwd)
For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerabilities:
- CVE-2019-9494 (cache attack against SAE)
For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- CVE-2019-9495 (cache attack against EAP-pwd)
For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.net/results/6c9bb17920749409e5a0c3388ccda411c6c7cfb4/
tpm2-totp uses _DEFAULT_SOURCE to make the htobe64() macro available,
support for which was only added in glibc 2.20:
https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html#index-_005fDEFAULT_005fSOURCE
>From glibc 2.20 NEWS:
* The _BSD_SOURCE and _SVID_SOURCE feature test macros are no longer
supported; they now act the same as _DEFAULT_SOURCE (but generate a
warning). Except for cases where _BSD_SOURCE enabled BSD interfaces that
conflicted with POSIX (support for which was removed in 2.19), the
interfaces those macros enabled remain available when compiling with
_GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without any feature
test macros defined.
This could be worked around by defining _BSD_SOURCE for this old toolchain
(cannot be done unconditionally as it generated warnings for modern glibc
versions), but given that platforms using this old toolchain are unlikely to
have a TPM 2.0 and use it for TOTP, simply blacklist it instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This test allow to check if the xserver with GLX is working properly.
This is a basic test but it allow to trigger the current bug reported
by [1].
To test if the glxinfo test is working, you can change "-display :0" by
"-display :1" in the glxinfo command line.
[1] https://bugs.buildroot.org/show_bug.cgi?id=11591
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Youssef Harmouch <youssef.harmouch@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libcap dependency has been added in version 1.16 with
009faa64b7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
pcre dependency has been added in version 1.18 and
ab3324be47
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also change the site location to the non-archived URL.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Remove upstream patch
- Add PYTHON=$(LIBSELINUX_PYLIBVER) to LIBSELINUX_MAKE_OPTS
- Add PYTHON=$(HOST_LIBSELINUX_PYLIBVER) to HOST_LIBSELINUX_MAKE_OPTS
The python changes are necessary because libselinux python tools now defaults
to python3.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump rust to 1.33.0 with the following changes:
- drop support for jemalloc
- add dependency on host-openssl
- add a patch to fix bootstraping with rust 1.33.0 [1]
[1] https://github.com/rust-lang/rust/pull/57765
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Host version of this package needs pkg-conf the same way as target
package: for Makefiles library dependencies retrieving.
Fixes:
http://autobuild.buildroot.net/results/8543eb3815a67747349a2e60654d19b9804a3a89/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A strange unicode character was used instead of a standard white space
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit adds an option to install fit_check_sign to target for fit
image validation.
This will allow a fit image to have its signature and hashes validated
from Linux, assuming a device-tree of keys (the same as which is in
u-boot) is available.
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libcap optional dependency has been added in version 1.0.2 with
f6933edaf2
Also refactor check and valgrind optional dependencies to put them on a
single line
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove patch (already in version)
- Drop autoreconf as patch has been removed
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
json option has been removed in version 0.9.7 with
06987a24ce
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Instead of README.md, use LICENSE file that has been added in version
0.9.5 with
4d534a60ee
- Add hash of license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Julien Floret <julien.floret@6wind.com
Signed-off-by: Fabrice Fontaine <<a href="mailto:fontaine.fabrice@gmail.com" target="_blank" rel="noreferrer">fontaine.fabrice@gmail.com</a>><br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add support to set tls security level (for openssl >= 1.1.0), for RDP
protocol version 10 (needed for windows 10 and windows server
2016). Also have some fix and features, see
e21b72c95f
Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove first, third and fourth patches (already in version)
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Clang no longer needs llvm-config. It now looks for LLVMConfig.cmake,
which is specified by LLVM_DIR option.
The license file hash changed due to a copyright year update:
-Copyright (c) 2007-2018 University of Illinois at Urbana-Champaign.
+Copyright (c) 2007-2019 University of Illinois at Urbana-Champaign.
Signed-off-by: Valentin Korenblit <valentinkorenblit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file hash changed due to a copyright year update:
-Copyright (c) 2003-2018 University of Illinois at Urbana-Champaign.
+Copyright (c) 2003-2019 University of Illinois at Urbana-Champaign.
Signed-off-by: Valentin Korenblit <valentinkorenblit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Switch site to https
- Update hash for COPYING: website URL changed from http to https
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Add COPYING to license files as it gives useful info on license
- Add "Public Domain" to XZ_LICENSE (see COPYING)
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some kernel-selftests are using modprobe options (-n) that are not available
from busybox's modprobe, so make sure that BR2_PACKAGE_KMOD_TOOLS is selected.
[linux-4.19 selftests]$ git grep tput
drivers/gpu/drm_mm.sh:if ! /sbin/modprobe -n -q test-drm_mm; then
drivers/usb/usbip/usbip_test.sh:if ! /sbin/modprobe -q -n usbip_host; then
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some kernel-selftests are using tput program, so make sure that
BR2_PACKAGE_NCURSES_TARGET_PROGS is selected.
[linux-4.19 selftests]$ git grep tput
[...]
futex/run.sh:tput setf 7 || tput setaf 7
futex/run.sh: tput sgr0
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
syslog-ng may segfault at startup (during library initialization, before
reaching main) in newer toolchains. I have witnessed it on aarch64 (but with
32-bit arm userland) with glibc 2.28.
Problem is described in syslog-ng issue #2263 [1], which in turn leads to a
problem in 'ivykis' which is shipped with syslog-ng, see ivykis issue #15
[2].
Root cause is that 'pthread_atfork' is used by ivykis but searched by its
configure script in libpthread_nonshared only. In newer toolchains, it seems
this symbol is in libc_nonshared.
Apply a patch someone proposed via pullrequest [3] to the ivykis project,
but which is at this moment not yet merged upstream.
[1] https://github.com/balabit/syslog-ng/issues/2263
[2] https://github.com/buytenh/ivykis/issues/15
[3] https://github.com/buytenh/ivykis/pull/16
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
