Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a4832641bc)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5a90d87d33)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using a custom git or mercurial repository for u-boot the error message
indicating a version had not been provided incorrectly stated that the URL was
missing. Update the error message to indicate that it's the version that's
missing.
Signed-off-by: Garret Kelly <garret.kelly@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will avoid the following build failure with qemu 5.0.0 and above:
/srv/storage/autobuild/run/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/8.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-2/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/lib/../lib64/libnuma.a(libnuma.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a PIE object; recompile with -fPIC
Fixes:
- http://autobuild.buildroot.org/results/616dff216a215dc0494c846d337e03e0795b2fb2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit [1] added a second LIBPAM_TACPLUS_AUTORECONF
because we are now patching configure.ac.
But LIBPAM_TACPLUS_AUTORECONF was already used because the
package is fetched from github.
[1] bd85d82f61
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/849509860
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--disable-bzip2 is not a recognized option so replace it by
--disable-libbz2 to match the target logic.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We change Trent's e-mail address in commit
1c20802d4b, but it turns out the new one
also doesn't work:
<trent.piepho@synapse.com>: host
synapse-com.mail.protection.outlook.com[104.47.57.138] said: 550 5.4.1
Recipient address rejected: Access denied. AS(201806281)
[DM6NAM11FT063.eop-nam11.prod.protection.outlook.com] (in reply to RCPT TO
command)
So let's drop Trent entirely, which orphans the libp11 package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Attempting to compile this package with newer Kernel version (e.g. v5.4)
fails with message:
Generating local configuration database from kernel ...Kernel version parse failed!
Upgrading the package to 5.8 fixes this issue. Anyways, v4.4 is now
rather old and beat the very purpose of having newer drivers in older
kernels.
Since backports tag v4.14-rc4-1, the requirement on minimal kernel
version changed from 3.0 to 3.10. See commit [1]. The minimal kernel
version check is changed accordingly.
License files are also updated: the linux backports package copies the
license files from the kernel version used for its generation. v5.8 is
now "GPL-2.0 WITH Linux-syscall-note". However, there is no such SPDX
identifier (contrary to what is said in the COPYING file), so we keep it
as GPL-2.0 (which also keeps it aligned to what we have in linux.mk).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git/commit/?id=a0d05f9f9ca50ea8b1d60726fac6b54167257e76
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr: keep license as GPL-2.0, like for linux]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since there is not necessary to have support of systemd within the host
variant let's disable it unconditionally to solve the following errors:
/usr/bin/install -c -m 644 data/rauc.service '/usr/lib/systemd/system'
/usr/bin/install: cannot create regular file '/usr/lib/systemd/system/rauc.service': Permission denied
/usr/bin/install -c -m 644 data/de.pengutronix.rauc.conf 'no'
make[4]: *** [Makefile:1700: install-nodist_systemdunitDATA] Error 1
make[4]: *** Waiting for unfinished jobs....
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While testing Buildroot on a Cortex-A5 that doesn't provide NEON, we
found out that a system generated with the ARM toolchain from Arm
didn't boot. It turns out that this ARM toolchain is built with:
--with-arch=armv7-a --with-fpu=neon --with-float=hard --with-mode=thumb
So, it uses NEON as its FPU, which means it can only work on CPU cores
that have NEON support. This commit adds the appropriate dependency to
the toolchain-external-arm-arm package, and adjusts the Config.in help
text accordingly.
While at it, it also drops the part of the Config.in help text that
says the code is tuned for Cortex-A9, as it is not the case: it was
the case for the Linaro toolchain (built with --with-tune=cortex-a9),
but not for the ARM toolchain, for which no specific --with-tune is
passed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a
large amount of memory.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit [1] should fix a circular dependency by
using util-linux-libs instead of util-linux if
BR2_PACKAGE_UTIL_LINUX_LIBS is set.
But util-linux is still in CRYPTSETUP_DEPENDENCIES.
Remove it to really break the circular dependency.
[1] e3c86f5c9e
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The commit 05fea6e4a6 "infra/pkg-kconfig:
do not rely on package's .config as a timestamp" broke the kernel
version check of this linux-backports package (it was no longer
executed). Since linux-4.19, the kernel's build system internally
touches its .config file, so it can no longer be used as a stamp file.
The stamp file defined in KCONFIG_STAMP_DOTCONFIG variable of
pkg-kconfig infra need to be used instead.
This commit fixes the kernel version check.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Static build of luajit is disabled since commit b2e8f28efa
("package/luajit: disable for static build"). Remove the related
BUILDMODE handling as well.
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patch (already in version) and so autoreconf
- Update hash of COPYING (mailing address updated:
b6bb53e112)
- Update indentation in hash file (two spaces)
https://sourceforge.net/p/linuxquota/code/ci/v4.06/tree/Changelog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit [1] enabled riscv32 and riscv64 for uClibc-ng
internal toolchain backend but only riscv64 is curently
supported by uClibc-ng.
The initial patch [2] from Mark Corbin is only about riscv64.
Remove riscv32 from uClibc-ng supported architecture list.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981656
[1] 209a082478
[2] bd9810e176
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enables the "-z" flag.
Signed-off-by: Václav Kubernát <sir.venceslas@gmail.com>
Reviewed-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enables the `perf trace` command.
Signed-off-by: Václav Kubernát <sir.venceslas@gmail.com>
Reviewed-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix build of suricata 6.0.0 with mips32r6
app-layer-ftp.o: In function `FTPCheckMemcap':
app-layer-ftp.c:(.text+0x284): undefined reference to `__atomic_load_8'
app-layer-ftp.c:(.text+0x2d8): undefined reference to `__atomic_fetch_add_8'
Fixes:
- http://autobuild.buildroot.org/results/f574005204905250702df32b61c85d427ab4feda
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- math/big: panic during recursive division of very large numbers
A number of math/big.Int methods (Div, Exp, DivMod, Quo, Rem, QuoRem, Mod,
ModInverse, ModSqrt, Jacobi, and GCD) can panic when provided crafted
large inputs. For the panic to happen, the divisor or modulo argument
must be larger than 3168 bits (on 32-bit architectures) or 6336 bits (on
64-bit architectures). Multiple math/big.Rat methods are similarly affected.
crypto/rsa.VerifyPSS, crypto/rsa.VerifyPKCS1v15, and crypto/dsa.Verify may
panic when provided crafted public keys and signatures. crypto/ecdsa and
crypto/elliptic operations may only be affected if custom CurveParams with
unusually large field sizes (several times larger than the largest
supported curve, P-521) are in use. Using crypto/x509.Verify on a crafted
X.509 certificate chain can lead to a panic, even if the certificates
don’t chain to a trusted root. The chain can be delivered via a
crypto/tls connection to a client, or to a server that accepts and
verifies client certificates. net/http clients can be made to crash by an
HTTPS server, while net/http servers that accept client certificates will
recover the panic and are unaffected.
Moreover, an application might crash invoking
crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate
request or during a golang.org/x/crypto/otr conversation. Parsing a
golang.org/x/crypto/openpgp Entity or verifying a signature may crash.
Finally, a golang.org/x/crypto/ssh client can panic due to a malformed
host key, while a server could panic if either PublicKeyCallback accepts a
malformed public key, or if IsUserAuthority accepts a certificate with a
malformed public key.
Thanks to the Go Ethereum team and the OSS-Fuzz project for reporting
this. Thanks to Rémy Oudompheng and Robert Griesemer for their help
developing and validating the fix.
This issue is CVE-2020-28362 and Go issue golang.org/issue/42552.
- cmd/go: arbitrary code execution at build time through cgo
The go command may execute arbitrary code at build time when cgo is in
use. This may occur when running go get on a malicious package, or any
other command that builds untrusted code.
This can be caused by malicious gcc flags specified via a #cgo directive,
or by a malicious symbol name in a linked object file.
Thanks to Imre Rad and to Chris Brown and Tempus Ex respectively for
reporting these issues.
These issues are CVE-2020-28367 and CVE-2020-28366, and Go issues
golang.org/issue/42556 and golang.org/issue/42559 respectively.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=13306
.../wpewebkit-2.30.2/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp:242:30: error: ‘class WebCore::Settings’ has no member named ‘setGenericCueAPIEnabled’; did you mean ‘setBeaconAPIEnabled’?
page->settings().setGenericCueAPIEnabled(enabled);
^~~~~~~~~~~~~~~~~~~~~~~
setBeaconAPIEnabled
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream backports package does not define the LEX/YACC Makefile
variables, contrary to the Kernel which is defining those in [1]. The
default "lex" and "yacc" are then used. On some systems, "yacc" is
Berkeley Yacc. Kconfig parser files are using non-Posix Bison
constructs.
Attempting to generate the parser with byacc fails with error:
yacc: e - line 97 of "zconf.y", syntax error
%destructor {
^
This patch defines the LEX and YACC Makefile variable to use flex and
bison, to fix this issue. The host-bison and host-flex dependencies are
added only if the host does not have them, following the same logic of
the Kernel.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73a4f6dbe70a1b93c11e2d1d6ca68f3522daf434
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Pick the below patch from upstream, in order to fix
'settimeofday: Invalid argument' introduced by using glibc v2.31+.
(busybox hasn't tagged a new version since).
See https://bugs.busybox.net/show_bug.cgi?id=12756 for more info.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- AST-2020-001: Remote crash in res_pjsip_session
Upon receiving a new SIP Invite, Asterisk did not return the created
dialog locked or referenced.
- AST-2020-002: Outbound INVITE loop on challenge with different nonce
If Asterisk is challenged on an outbound INVITE and the nonce is changed
in each response, Asterisk will continually send INVITEs in a loop. This
causes Asterisk to consume more and more memory since the transaction will
never terminate (even if the call is hung up), ultimately leading to a
restart or shutdown of Asterisk. Outbound authentication must be
configured on the endpoint for this to occur.
For details, see the announcement:
https://www.asterisk.org/asterisk-news/asterisk-13-37-1-16-14-1-17-8-1-18-0-1-and-16-8-cert5-now-available-security/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Avoid setting executable bits for apparmor.service. This gets rid of a
corresponding warning during installation:
Configuration file ../target/usr/lib/systemd/system/apparmor.service
is marked executable. Please remove executable permission bits.
Proceeding anyway.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use fbset.c as the license file and, while at it, also update
indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use README as the license file until upstream provides one:
https://github.com/nroach44/bandwidthd/issues/2
While at it, also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
