While the kernel is built for the target, the build may need various host
libraries depending on config (and kernel version), so use HOST_MAKE_ENV
instead of TARGET_MAKE_ENV.
In particular, this ensures that our host-pkgconf will look for host
libraries and not target ones.
Fixes building scripts/dtc for Buildroot configurations enabling libyaml and
host-pkgconf for kernels after commit 067c650c45 (dtc: Use pkg-config to
locate libyaml).
With this enabled, we can drop the PKG_CONFIG_* variables for the
_NEEDS_HOST_LIBELF conditional, as those are included in HOST_MAKE_ENV.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f0b208f125)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building host-util-linux, the systemdsystemunitdir is set to the
real host directory, so the install step fails with:
/usr/bin/install: cannot remove '/usr/lib/systemd/system/fstrim.service': Permission denied
/usr/bin/install: cannot remove '/usr/lib/systemd/system/fstrim.timer': Permission denied
Since we don't need systemd support in host-util-linux, unconditionally
disable it for the host build.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 86441b9fd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patches already applied upstream and, consequently, AUTORECONF.
util-linux 2.35.1 Release Notes
===============================
build-sys:
- add --disable-hwclock-gplv3 [Karel Zak]
chrt:
- Use sched_setscheduler system call directly [jonnyh64]
lib/randutils:
- use explicit data types for bit ops [Karel Zak]
libfdisk:
- fix __copy_partition() [Karel Zak]
- make sure we use NULL after free [Karel Zak]
libmount:
- fix x- options use for non-root users [Karel Zak]
po:
- update uk.po (from translationproject.org) [Yuri Chornoivan]
sfdisk:
- make sure we do not overlap on --move [Karel Zak]
- remove broken step alignment for --move [Karel Zak]
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3052da3eac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version brings bug fixes, enhancements and a new script utility,
scriptlive. For detailed information see the release notes:
http://www.kernel.org/pub/linux/utils/util-linux/v2.35/v2.35-ReleaseNotes
Pull some fixed applied after the release.
Disable the use of code under GPLv3 included in hwclock since v2.30. The
subject was discussed upstream[1] and it was decided that hwclock will
be made GPLv2-only again in v2.36, so do it in advance in Buildroot.
Meanwhile, be warned that all OS images selecting hwclock built with
Buildroot since commit 74235a6854 (util-linux: bump to version 2.30)
contain code under GPLv3, which imposes some technical difficulties to
include in embedded systems. For more information see GPLv3, Section 6,
"Conveying Non-Source Forms", and the definitions of User Product and
Installation Information[2].
1. https://lore.kernel.org/util-linux/20200127202152.4jh2w4chch37wgee@ws.net.home/T/#t
2. https://www.gnu.org/licenses/gpl-3.0.html
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4f3af906fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch for adding the `--enable-wipefs` configuration option requires an
reconfiguration of autotools which is causing autobuilder failures.
Signed-off-by: Sam Voss <sam.voss@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c4059e9f8f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add option to enable wipefs as a standalone app, so that it may be
enabled when the flag --disable-all-packages is set.
Signed-off-by: Sam Voss <sam.voss@gmail.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ab4538c909)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Leave pam_selinux enabled by default in su.pam and remove it from the
/etc/pam.d/su and /etc/pam.d/su-l files if libselinux is not selected.
This cosmetic change prevents leaving a misleading commented-out line
that references a PAM module that does not exist.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c3aed7b0cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Remove patches already applied upstream.
- Update file hash.
- Add an option to select the new "hardlink" command (off by default)
- hardlink uses libpcre2-8 if pcre2 is detected at config time so add a
build dependency on pcre2, if it's selected.
- Change selections to reflect that libblkid now does not depend on
libuuid anymore
Full release notes available at
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.34/v2.34-ReleaseNotes
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bb216ed060)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libcap-ng is an optional dependency since a very long time (2010) and
24882d3672
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f692541dff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream patch to fix CVE-2020-0569 for latest version
- CVE-2020-0569: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would
search for certain plugins first on the current working directory of the
application, which allows an attacker that can place files in the file
system and influence the working directory of Qt-based applications to
load and execute malicious code. This issue was verified on macOS and
Linux and probably affects all other Unix operating systems. This issue
does not affect Windows.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/01/30/1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixed the following security issue:
- CVE-2020-0569: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would
search for certain plugins first on the current working directory of the
application, which allows an attacker that can place files in the file
system and influence the working directory of Qt-based applications to
load and execute malicious code. This issue was verified on macOS and
Linux and probably affects all other Unix operating systems. This issue
does not affect Windows.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/01/30/1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c0607b38c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Happy 2020!
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6648cfc749)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6f6118ec3a)
[Peter: drop 5.4.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-3862: Impact: A malicious website may be able to cause a denial
of service. Description: A denial of service issue was addressed with
improved memory handling.
- CVE-2020-3864: Impact: A DOM object context may not have had a unique
security origin. Description: A logic issue was addressed with improved
validation.
- CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
been considered secure. Description: A logic issue was addressed with
improved validation.
- CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
to universal cross site scripting. Description: A logic issue was
addressed with improved state management.
- CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
to arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
For more details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0002.html
While we are at it, adjust the white space in the .hash function to match
the new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 97ce61f633)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CMakeLists.txt contains a toolchain check:
if (${CMAKE_CXX_COMPILER_ID} STREQUAL "GNU")
if (${CMAKE_CXX_COMPILER_VERSION} VERSION_LESS "7.3.0")
message(FATAL_ERROR "GCC 7.3 or newer is required to build WebKit. Use a newer GCC version or Clang.")
endif ()
endif ()
So bump the toolchain dependency to >= GCC 7. The check is really about >=
7.3.0, but we do not have such detailed version checks. Given that GCC
7.3.0 was released in January 2018 (and 7.1.0 in May 2017), most external
GCC 7.x toolchains probably use >= 7.3.0.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ec1ff802df)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Forcibly disable the JavaScriptCore JIT compilation support
for MIPSr6 processors, which are unsupported.
Fixes: http://autobuild.buildroot.net/results/3d21d3c3460cd85a4c828dd197929cdf17aaf4e0
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5eb70ceced)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1a6de2da70)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-8835: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8844: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8846: A use after free issue was addressed with improved memory
management
For details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0001.html
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 35df7bdb07)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail address is bouncing:
Your message to bachmann@tofwerk.com couldn't be delivered.
bachmann wasn't found at tofwerk.com.
thomas.petazzoni Office 365 bachmann
Action Required Recipient
Unknown To address
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 19829deb25)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail address is bouncing:
----- The following addresses had permanent fatal errors -----
<sbobroff@linux.ibm.com>
(reason: 550 5.1.1 <sbobroff@linux.ibm.com>: Recipient address rejected: User unknown in local recipient table)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 374fe52bb0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even though pyqt5 would be perfectly usable with just the core Qt5
modules (QtCore, QtDbus, ...), its configure.py script passes the -gui
option to qmake unconditionally. Therefore, make sure that GUI is built.
Fixes:
- http://autobuild.buildroot.org/results/ea0c8db44aacf1ce76f75e8288969fe5da6690d9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 6b0ba1a3c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Qt5 has predefined optimization flags depending if you're building for
size, for debug etc. These flags are defined in
mkspecs/common/gcc-base.conf:
QMAKE_CFLAGS_OPTIMIZE = -O2
QMAKE_CFLAGS_OPTIMIZE_FULL = -O3
QMAKE_CFLAGS_OPTIMIZE_DEBUG = -Og
QMAKE_CFLAGS_OPTIMIZE_SIZE = -Os
Then, in the same file, they use them to set
QMAKE_CFLAGS_RELEASE/QMAKE_CXXFLAGS_RELEASE:
QMAKE_CFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CXXFLAGS_RELEASE += $$QMAKE_CFLAGS_RELEASE
At this point there is our chance to override QMAKE_CFLAGS_OPTIMIZE_* in
qmake.conf, but it's too late, because QMAKE_CFLAGS_RELEASE is already
set (i.e. -O2) so trying to add or remove QMAKE_CFLAGS_OPTIMIZE (that is
reset now on) from QMAKE_CLAGS_RELEASE in
common/features/default_post.prf won't work:
optimize_size {
!isEmpty(QMAKE_CFLAGS_OPTIMIZE):!isEmpty(QMAKE_CFLAGS_OPTIMIZE_SIZE) {
QMAKE_CFLAGS_RELEASE -= $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CXXFLAGS_RELEASE -= $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE_SIZE
QMAKE_CXXFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE_SIZE
}
} else: optimize_full {
!isEmpty(QMAKE_CFLAGS_OPTIMIZE):!isEmpty(QMAKE_CFLAGS_OPTIMIZE_FULL) {
QMAKE_CFLAGS_RELEASE -= $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CXXFLAGS_RELEASE -= $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE_FULL
QMAKE_CXXFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE_FULL
}
}
So let's reset:
QMAKE_CFLAGS_RELEASE
QMAKE_CFLAGS_DEBUG
QMAKE_CXXFLAGS_RELEASE
QMAKE_CXXFLAGS_DEBUG
in our qmake.conf since the only assignment done in
mkspecs/common/gcc-base.conf only regards optimization.
This package is also affected by BR2_TOOLCHAIN_HAS_GCC_BUG_90620 and
it's been worked around by appending -O0 to CFLAGS/CXXFLAGS. This bug
prevented workaround to work overriding optimization flags, so solving
this also solves workaround problem.
Fixes:
http://autobuild.buildroot.net/results/ada/adaa9b4bcc6f9d2b5e82c479859a07e8abf5cf13/http://autobuild.buildroot.net/results/a83/a83bdd1f3bf309c07abebe871b017c331ed36e67/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Tested-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Arnout: add a comment to qmake.conf.in]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c4a6f974b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2018-11813: libjpeg 9c has a large loop because read_pixel in
rdtarga.c mishandles EOF.
- Update hash of README (small updates such as authors, year ...)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 75a14ec067)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues (4.10.12):
CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
CVE-2019-14907: Crash after failed character conversion at log level 3
or above.
CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD
DC.
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.9.18.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As recently reported to the list:
http://lists.busybox.net/pipermail/buildroot/2020-January/271937.html
The hardcoded rootfs partition size can lead to hard to understand build
failures if more packages are added.
So drop the hardcoded partition size. Genimage will then size the partition
to match the size of the rootfs image (which by default is also 60MB for ext4).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f1d1967422)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 20286d494a)
[Peter: drop 5.4.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 4.11.3 release brings a large number of fixes:
https://xenproject.org/downloads/xen-project-archives/xen-project-4-11-series/xen-project-4-11-3/
Including a number of security fixes:
XSA-298: missing descriptor table limit checking in x86 PV emulation
(CVE-2019-18425)
XSA-299: Issues with restartable PV type change operations (CVE-2019-18421)
XSA-301: add-to-physmap can be abused to DoS Arm hosts (CVE-2019-18423)
XSA-302: passed through PCI devices may corrupt host memory after
deassignment (CVE-2019-18424)
XSA-303: ARM: Interrupts are unconditionally unmasked in exception handlers
(CVE-2019-18422)
XSA-304: x86: Machine Check Error on Page Size Change DoS (CVE-2018-12207)
XSA-305: TSX Asynchronous Abort speculative side channel (CVE-2019-11135)
XSA-306: Device quarantine for alternate pci assignment methods
(CVE-2019-19579)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/14af2dc3219847a92c6ec2db14ba387159b61fde
The Xen build system builds and embeds a default XSM FLASK (Flux Advanced
Security Kernel) security policy if it detects SELinux checkpolicy on the
build machine.
If enabled, a gen-policy.py python script is used to convert the binary
FLASK policy to a C array initialization list to embed it in the Xen binary.
Depending on the python version and locale available on the host, this fails
with byte values outside the 0..255 range:
policy.c:7:10: error: unsigned conversion from 'int' to 'unsigned char' changes value from '56575' to '255' [-Werror=overflow]
0xdc8c, 0xdcff, 0x7c, 0xdcf9, 0x08, 0x00, 0x00, 0x00, 0x58, 0x65, 0x6e, 0x46, 0x6c,
To fix this and ensure a consistent build, pass XEN_HAS_CHECKPOLICY=n to
disable the checkpolicy detection.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b60f3e2ae6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The README file saved by legal-info does not mention the host package
variant of the saved material. Add them.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ec78068972)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This list dates back to 2012. Since a long time now Buildroot saves the
patches applied as well as the actual source code for some external
toolchains. Update the manual accordingly.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a74e57c932)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2019-18222: Our bignum implementation is not constant
time/constant trace, so side channel attacks can retrieve the blinded
value, factor it (as it is smaller than RSA keys and not guaranteed to
have only large prime factors), and then, by brute force, recover the
key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.
For more details, see the announcement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds a new manual section that captures an overview
of the run-tests tool, how to manually run a test and where to
find the test case script.
A brief set of steps is included to go through how to add a new
test case and suggestions on how to test/debug.
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr:
- switch the creating and debugging sections
- minor reformatting
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e2e57d5678)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2019-10155 (IKEv1 information exchange packet's integrity check
value is not verified)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 94c66ece47)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will fix a static build failure with czmq
Fixes:
- http://autobuild.buildroot.org/results/4a12f1ede260cd956a0b5ccb4eec6ca8b44cb04f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f2fc6df260)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 565db7267e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-13117: In numbers.c in libxslt 1.1.33, an xsl:number with certain
format strings could lead to a uninitialized read in
xsltNumberFormatInsertNumbers. This could allow an attacker to discern
whether a byte on the stack contains the characters A, a, I, i, or 0, or
any other character.
- CVE-2019-13118: In numbers.c in libxslt 1.1.33, a type holding grouping
characters of an xsl:number instruction was too narrow and an invalid
character/length combination could be passed to xsltNumberFormatDecimal,
leading to a read of uninitialized stack data.
- CVE-2019-18197: In xsltCopyText in transform.c in libxslt 1.1.33, a
pointer variable isn't reset under certain circumstances. If the relevant
memory area happened to be freed and reused in a certain way, a bounds
check could fail and memory outside a buffer could be written to, or
uninitialized data could be disclosed.
Remove patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: mention security impact]
(cherry picked from commit 5645107c39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adds the --dynamic option to xml2-config, needed by libxslt 1.1.34+.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Peter: mention the dependency from libxslt]
(cherry picked from commit 2eeff06272)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-14491: An issue was discovered in OpenCV before 3.4.7
and 4.x before 4.1.1. There is an out of bounds read in the function
cv::predictOrdered<cv::HaarEvaluator> in
modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
- Fix CVE-2019-14492: An issue was discovered in OpenCV before 3.4.7
and 4.x before 4.1.1. There is an out of bounds read/write in the
function HaarEvaluator::OptFeature::calc in
modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
- atomic workaround is not needed since version 3.4.8 and
464972855e
- Update hash of license file (Xperience.AI added:
766465ce94)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f6fb2cae06)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With Microblaze Gcc version <= 9.x the build fails due to gcc bug 68485:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68485. The bug show up when
building opencv3 with optimization but not when building with -O0. To
work around this, if BR2_TOOLCHAIN_HAS_GCC_BUG_68458=y, we force using
-O0.
Fixes:
- http://autobuild.buildroot.org/results/c78eac84d1c5a6702e7759cd5364da1c3e399b4b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 87040137a3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3cb8d6c3a6)
[Peter: drop 5.4.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
