Remove upstream patches included in the version bump.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/516456c8e21759e1ecee4ef9f9689a8f720ecd90/
This patch is to fix the following build error:
weak_readline.c:30:19: fatal error: dlfcn.h: No such file or directory
#include <dlfcn.h>
^
compilation terminated.
Makefile:890: recipe for target 'weak_readline.o' failed
Signed-off-by: Laurent Charpentier <laurent_pubs@yahoo.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit aebabb2780 used an automoake
configuration option. Replace it with the meson version.
Fixes#10716
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL
authentication results in a memory leak in dovecot's auth client used by
login processes. The leak has impact in high performance configuration
where same login processes are reused and can cause the process to crash due
to memory exhaustion.
For more details, see:
http://www.openwall.com/lists/oss-security/2018/01/25/4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP
POST for sending data to 127.0.0.1 port 4444, which allows remote attackers
to conduct cross-protocol scripting attacks, and consequently execute
arbitrary commands, via a crafted web site.
For more details, see:
https://sourceforge.net/p/openocd/mailman/message/36188041/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Firmware required when Intel QuickAssist is enabled in the kernel via
CRYPTO_DEV_QAT_DH895xCC, CRYPTO_DEV_QAT_C3XXX or CRYPTO_DEV_QAT_C62X.
See https://dpdk.org/doc/guides/cryptodevs/qat.html
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Locally calculated, to fix legal-info generation.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add SHA256 hash, and a license hash.
Drop mxml dependency since XML support has been removed upstream.
Refresh the patch.
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_TARGET_GENERIC_HOSTNAME is set, use the config option
--with-fallback-hostname to specify the fallback hostname to use
if none is configured in /etc/hostname. This is useful in a
pristine installation with an empty /etc.
Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable option to compile with '--with-uploadscript' to allow running
script after successful uploads.
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
Acked-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This enables a user to build a complete system using these
options. It is important to note that not all packages will
build correctly to start with.
Modeled after OpenWRT approach
https://github.com/openwrt/openwrt/blob/master/config/Config-build.in#L176
A good testing tool to check a target's elf files for compliance
to an array of hardening techniques can be found here:
https://github.com/slimm609/checksec.sh
[Peter: reword fortify help texts, glibc comment]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This package provides a tool to load a firmware to the Cortex-M4 core
available in some i.MX processors such as i.MX6SX or i.MX7.
This package was tested on a i.MX7D Nitrogen7 platform:
# imx-m4fwloader hello_world.bin 0x007F8000
Upstream repository:
https://github.com/codeauroraforum/imx-m4fwloader
[Peter: add license hash, install in /usr/sbin, tweak help text]
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When physfs is built for a Linux system the PHYSFS_PLATFORM_POSIX (which
enable code that use pthread_*()) symbol must be defined, so threads support
is required. The physfs build system used by the previous version didn't
correctly set PHYSFS_PLATFORM_POSIX for system without pthread support.
Add pthread dependency.
Fixes:
http://autobuild.buildroot.org/results/75d/75d68ff9da42d61f47d80b463445c12bc51ed1a4
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_TOOLCHAIN_HAS_SYNC_4 is enabled for all these architectures except
arc. There is no need to list them explicitly.
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The hwdata collection is hosted at GitHub now and provides additional
databases, besides pci.ids and usb.ids:
- Individual Address Block (IAB) and Organizationally Unique Identifier
(OUI) databases, from IEEE Registration Authority
- PNP ID database (from Microsoft)
Install only pci.ids and usb.ids by default, to keep compatibility with
previous versions.
In the future we can make other packages (pciutils, lshw) use the common
files instead of installing their own copies, thus saving some storage
space.
[Peter: drop BR2_PACKAGE_HWDATA_ANY and build time error, rework install step]
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building SWUpdate with the following defconfig:
```
CONFIG_DOWNLOAD=y
```
.. the build process breaks with:
```
corelib/channel_curl.c:27:10: fatal error: json-c/json.h: No such file or directory
#include <json-c/json.h>
```
Looking at the SWUpdate Kconfig based build system shows that `CONFIG_DOWNLOAD`
depends on `HAVE_LIBCURL`, which selects CURL, which eventually enables the
(unnecessary) build of channel_curl.o.
The upstream fixes the condition for building channel_curl.o by adding a new
hidden config option `CHANNEL_CURL`, which is only selected by the
dependent options.
Backported from:
37a6666a53
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Change download site; the latest version is not on the official site.
Add license hash.
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop upstream patches. autoreconf is no longer needed.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-1000007: libcurl might leak authentication data to third
parties.
https://curl.haxx.se/docs/adv_2018-b3bf.html
Fixes CVE-2018-1000005: libcurl contains an out bounds read in code handling
HTTP/2 trailers.
https://curl.haxx.se/docs/adv_2018-824a.html
Update license hash due to copyright year change.
[Peter: also add CVE-2018-1000005 reference]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable all programs that depend on ncurses, as well as utilities that
are useless on the host: agetty, chfn-chsh, chmem, login, lslogins,
mesg, more, newgrp, nologin, nsenter, pg, rfkill, schedutils, setpriv,
setterm, su, sulogin, tunelp, ul, unshare, uuidd, vipw, wall, wdctl,
write, zramctl.
Also add dependency on host-zlib if host cramfs utils are to be built.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE-2018-4088, CVE-2017-13885,
CVE-2017-7165, CVE-2017-13884, CVE-2017-7160, CVE-2017-7153,
CVE-2017-7153, CVE-2017-7161, and CVE-2018-4096. Additionally, it solves
a GStreamer deadlock when stopping video playback, and contains fixes
and improvements for the WebDriver implementation.
Release notes can be found in the announcement:
https://webkitgtk.org/2018/01/24/webkitgtk2.18.6-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Nowadays libtasn1 is always required and if not present the CMake
configuration step would fail.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
SQUID-2018:1 Due to incorrect pointer handling Squid is vulnerable to denial
of service attack when processing ESI responses.
http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
SQUID-2018:2 Due to incorrect pointer handling Squid is vulnerable to
denial of service attack when processing ESI responses or downloading
intermediate CA certificates.
http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove 0001-fix-regex-escape-sequence-error.patch, as it has been
committed upstream.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The fsl-epdc.mk file is no longer shipped with the package.
Add license files hashes.
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With 1.0.28 NPTL support for m68k was added.
Microblaze is already supported for a while, enable it now to
benefit from it.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Similar patch included upstream.
Mostly bugfixes and NPTL support for m68k was added.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Python-txtorcon selects python-pyopenssl and python-service-identity, both
(indirectly) needing C++ support, so propagate that dependency.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tweak build system to play well with Buildroot.
Signed-off-by: Guillermo A. Amaral <g@maral.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit 954509f added a security fix for CVE-2017-8779, involving
pairing all svc_getargs() calls with svc_freeargs() to avoid a memory
leak. However it also introduced a couple of issues:
- The call to svc_freeargs() from rpcbproc_callit_com() may result in
an attempt to free static memory, resulting in undefined behaviour.
- A typo in the svc_freeargs() call from pmapproc_dump() causes NIS
(aka ypbind) to fail.
Backport upstream fixes for these issues to version 0.2.3.
Signed-off-by: Ed Blake <ed.blake@sondrel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Pull a patch from upstream that adds Documentation/licenses/COPYING.ISC
instead of distributing the whole rfkill.c file.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
With gcc 4.7, it fails to build with:
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features by default... no
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features with -std=c++11... no
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features with +std=c++11... no
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features with -h std=c++11... no
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features with -std=c++0x... no
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features with +std=c++0x... no
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features with -h std=c++0x... no
configure: error: *** A compiler with support for C++11 language features is required.
Fixes:
http://autobuild.buildroot.net/results/788c1a4bbc8ec90b5cdd94c107c784df21869f6c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update dependencies and add licence checksum.
As BR now has the latest setuptools version, remove now obsolete
comment.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The iputils executables are installed without the setuid bit set,
which prevents some programs from working.
This patch adds a permission table to fix the permissions of the ping
and traceroute6 executables.
Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
