Downloading from the cgit repo is now broken and it is a mirror of the
Gitlab repo so use the Gitlab repo.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9ea9dd021f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix for xtensa PR ld/25861 introduced a regression in handling negative
symbol differences resulting in linker performing incorrect relaxation
or failing to link. Fix XTENSA_NDIFF relocation handling.
Backported from:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=d548f47df4d2e3d117d504a4c9977982c78a0556
Fixes: f0291ef4ab ("package/binutils: fix xtensa PR ld/25861")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Tested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f31db17a8d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
NXP apparently changed file naming convention for this particular file.
Fixes: 1d0ea8d433 (package/freescale-imx/imx-gpu-g2d: bump to version 6.4.0.p1.0)
Signed-off-by: Timo Ketola <timo.ketola@exertus.fi>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cd3dc5b4fa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
python-jedi bundles its own copy of typeshed since version 0.14.0 and
7d2b7bb3c1
So add it to the license files (and update indentation of hash file to
two spaces while at it)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ab98c1ffb6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Notice: 5.5.x is now EOL, so should be dropped at the next version bump.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Peter: drop 5.5.x / 5.6.x bump]
(cherry picked from commit 72a6e50da9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sparc support is deprecated and may be removed in future releases. There are
two choices to fix this issue:
1) Set --enable-deprecated-ports=yes in the CONF_OPTS to supress the error.
2) Remove support for Sparc.
Because this port is deprecated, it's safer to remove support alltogether.
Fixes:
http://autobuild.buildroot.net/results/692820b4b6d4da42cd557fa7badbbd11806bbeba/
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6ee7de3d2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Several directories and files are currently not installed during the
target installation, these include:
- conf
Several configuration files, including security configuration files which
may be necessary for running various java applications.
- legal
This directory contains legal notices that some java applications may
require, as they may print legal information and will throw exceptions at
runtime if the legal files are not present on the system.
- release
This file contains a list of modules included in the image.
Because these directories take up less than of megabyte extra, it is not an
issue to install all of them.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Reviewed-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Tested-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 63b576095b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, Buildroot installs the jre libraries using
cp -dprf /build/linux-*-release/images/jre/lib/* $(TARGET_DIR)/usr/lib/
However, if a system has a merged /usr directory, and there is a built kernel
before installing OpenJDK, the installation fails because jre/lib has binary
modules file, which causes the following error: cp: cannot overwrite directory
'/usr/lib/modules with non-directory
The obvious fix is to install the modules to /usr/lib/jvm/ and set the
appropriate rpaths via the --with-extra-ldflags conf option. However, this fix
does not work because the built binaries themselves do not link against
libjava.so
Indeed, running readelf on the built java binary reports the following:
"(RUNPATH) Library runpath: [/usr/lib/jvm]" and /usr/lib/jvm/libjava.so exists.
However, when running the Java binary on the target, the following error
occurs: "Error: could not find libjava.so."
The following is the result of "strace java" ran on the target:
faccessat(AT_FDCWD, "/usr/lib/libjava.so", F_OK) = -1 ENOENT
faccessat(AT_FDCWD, "/usr/jre/lib/libjava.so", F_OK) = -1 ENOENT
newfstatat(AT_FDCWD, "/usr/lib/libjava.so", 0x7ffe7b4af8, 0) = -1 ENOENT
newfstatat(AT_FDCWD, "/usr/lib/jvm/libjli.so", [sic] AT_SYMLINK_NOFOLLOW) = 0
As seen above, the java binary searches for libjli.so in /usr/lib/jvm,
which demonstrates that the java binary searches for some of the
DT_NEEDED libraries using the correct rpath. But libjava.so is not
searched from the rpath; it is instead dl-opened manually, looked for in
the search paths hardcoded to the following directories:
- /usr/lib/
- /usr/jre/lib/
- $(dirname $0)/../lib/
The reason behind the hardcoded paths given by the maintainers is due to
historical purposes for the need to support several java versions at the
same time on a single system, and that changing the above behavior is not
likely to ever happen.
As such, most distributions such as Redhat do the following:
- Create the directory /usr/lib/jvm/java-$(JAVA_VERSION)/
- Install all directories and files found in images/jre to that directory.
- Symlink the binaries to in /usr/lib/jvm/java-$(JAVA_VERSION)/bin to
/usr/bin.
However, because Buildroot does not need to support multiple versions of java
concurrently, there is no need for the additional java-$(JAVA_VERSION)
directory.
To fix the above issue, the following changes are performed:
- Introduce the variable "OPENJDK_INSTALL_BASE" which points to /usr/lib/jvm
- Set the --with-extra-ldflags conf_opt to
"-Wl,-rpath,$(OPENJDK_INSTALL_BASE)/lib,-rpath,
$(OPENJDK_INSTALL_BASE)/lib/$(OPENJDK_JVM_VARIANT)"
- Run "mkdir -p $(TARGET_DIR)/usr/lib/jvm/" in the INSTALL_TARGET_CMDS step.
- Copy both the lib and bin directories to /usr/lib/jvm/
- Symlink the binaries in /usr/lib/jvm/bin/ to /usr/bin.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12751
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Reviewed-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Tested-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
[yann.morin.1998@free.fr: fix two remaining mis-placed '/']
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3edb915709)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Prior to commit 4102db0f7a ("package/libglib2: bump to version 2.60.3")
which converted libglib2 to meson, Buildroot used to set a range of
autoconf options to bypass tests that require running binaries.
The meson version of libglib2's build system has many fewer of these
checks, but there are still some and these can be fed the "correct"
answer by adding properties to cross-compilation.conf.
Add the necessary properties to indicate that we have C99 compliant
print functions to avoid pulling in the gnulib fallback.
Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4f91198f0d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes CVE-2020-1967:
Server or client applications that call the SSL_check_chain() function during
or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a
result of incorrect handling of the "signature_algorithms_cert" TLS extension.
The crash occurs if an invalid or unrecognised signature algorithm is received
from the peer. This could be exploited by a malicious peer in a Denial of
Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this
issue. This issue did not affect OpenSSL versions prior to 1.1.1d.
See https://www.openssl.org/news/secadv/20200421.txt
Also update the hash file to the new two spaces convention
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 849aee4f88)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This option never existed in opensbi package.
This fixes the new defconfig check.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8dd067ef3a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The BR2_SOFT_FLOAT option is lost while loading the defconfig with:
make qemu_ppc_virtex_ml507_defconfig
On powerpc, BR2_POWERPC_SOFT_FLOAT must be used to enable soft
floating point support.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b6245ed49b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 2e71b396a1, this defconfig needs
a glibc toolchain to select sunxi-mali-mainline package.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 04f9ff54a5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The BR2_PACKAGE_GLMARK2 is lost while loading the defconfig with:
make engicam_imx6qdl_icore_qt5_defconfig
In order to select gmark2 package, BR2_PACKAGE_GLMARK2_FLAVOR_ANY option
must be set.
Based on the defconfig without X11 and wayland package, the only missing
option to select BR2_PACKAGE_GLMARK2_FLAVOR_ANY is BR2_PACKAGE_HAS_UDEV.
The only possible option is to enable one of the udev provider
(eudev or systemd). Select eudev package for /dev management.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6dd11cefb8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This option has been removed since 6836f2a70a.
This fixes the new defconfig check.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7a239696d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This defconfig loses mesa3d-demo and glmark2 package since commit
5cb821d563 that introduced an
explicit option to enable GLX support.
This fixes the new defconfig check.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ffedbd1c53)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ext4 option is BR2_TARGET_ROOTFS_EXT2_4 not
BR2_TARGET_ROOTFS_EXT_4.
This fixes the new defconfig check.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a3704cd8c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
board/amarula/a64-relic/readme.txt makes use the host fastboot utility
to flash the board. However, BR2_PACKAGE_HOST_ANDROID_TOOLS_FASTBOOT
(which is enabled in the defconfig) has a dependency on
BR2_PACKAGE_HOST_ANDROID_TOOLS, which is not enabled in the
defconfig. Due to this, BR2_PACKAGE_HOST_ANDROID_TOOLS_FASTBOOT=y is
lost when loading the defconfig.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Jagan Teki <jagan@amarulasolutions.com>
[Thomas: change to add BR2_PACKAGE_HOST_ANDROID_TOOLS=y]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 016a1d80ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e69b8ddd43 bumped paho-mqtt-c to
version 1.3.2 but hash was wrong moreover licence has changed to EPL-2.0
since
1e91229cb6
So fix that and add LICENSE to the list of license files
Fixes:
- http://autobuild.buildroot.org/results/7ea1791778053613e9ef6b146dbd1992a0f63dc6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7a078ef054)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
paho-c-mqtt 1.3.2 is a maintenance release. It fixes many bugs
including memory leaks and segmentation faults.
Release notes: https://github.com/eclipse/paho.mqtt.c/milestone/7?closed=1
Signed-off-by: Julien Grossholtz <julien.grossholtz@openest.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e69b8ddd43)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
musl currently assumes all PPC64(LE) CPUs support ALTIVEC instructions.
However, there are exceptions (such as the e5500) for which musl builds
ultimately generate illegal instructions for the targets.
Disable musl if the PPC64(LE) CPU does not support ALTIVEC instructions.
This patch addresses the issues seen here:
https://gitlab.com/kubu93/toolchains-builder/-/jobs/418092743https://gitlab.com/kubu93/toolchains-builder/-/jobs/418092744
musl mailing list thread:
https://www.openwall.com/lists/musl/2020/02/03/10
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 20c267f2e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Parallel make used to be broken in exim, as reported in its docs. Now that
line has disappeared from the docs, and parallel make is actually working.
Tested with 'make exim-dirclean ; time make BR2_JLEVEL=999 exim': builds
still succeed and the build time decreases from 34 to 11 seconds on my
host.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 153b78ee26)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Rhys has asked through private e-mail to be removed:
==
Please can I be removed as the developer, as I’m not longer involved.
Cheers Rhys
==
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 45e8a699a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When threads are enabled, haproxy expects that pthread_getcpuclockid is
available which is not the case on m68k. Fix this by enabling threads
support only if NPTL is available.
Fixes:
- http://autobuild.buildroot.org/results/52cc4b1fcac2a4fc84ab15ec4c692d2cd9b6d8bd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fb7fd98774)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cb0ce03ba6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-11647: In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and
2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed
in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.
https://www.wireshark.org/security/wnpa-sec-2020-07.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 94fd6bdcc9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-std=c++11 is needed to avoid the following build failure with poppler
and gcc 5:
/home/naourr/work/instance-0/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/poppler/cpp/poppler-page.h:40:37: note: C++11 'noexcept' only available with -std=c++11 or -std=gnu++11
/home/naourr/work/instance-0/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/poppler/cpp/poppler-page.h:70:10: error: 'unique_ptr' in namespace 'std' does not name a template type
std::unique_ptr<text_box_data> m_data;
^
Fixes:
- http://autobuild.buildroot.org/results/3428b9017168db9239756dc06cdaa5ae004cab97
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d9a4208f62)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The support for Unix domain socket transport was disabled as part of
the bump of netsnmp from 5.5 to 5.6 in commit
de642c9904, but with no apparent reason.
This support is needed to allow Unix socket based AgentX subagents to
connect to netsnmp, so let's re-enable it.
Signed-off-by: Ryan Steffens <ryan.steffens@rockwellcollins.com>
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8aef2d3a5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Due to migration to pkg-config in php 7.4, the detection of
library dependencies has been changed.
source from php.net:
--with-gd becomes --enable-gd
--with-png-dir has been removed. libpng is required.
--with-zlib-dir has been removed. zlib is required.
--with-freetype-dir becomes --with-freetype
--with-jpeg-dir becomes --with-jpeg
Signed-off-by: Louis Aussedat <aussedat.louis@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 31c5fd8f4b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
since php7.4, --enable-zip becomes --with-zip due to
migration to pkg-config.
Signed-off-by: Louis Aussedat <aussedat.louis@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ac2b371732)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If tty_handler() resets terminal while pkttyagent is run in background job,
the process gets stopped by SIGTTOU. This impacts systemctl, hence it must
be blocked for a while and then the process gets killed anyway.
Upstream commit: 28e3a6653d8c3777b07e0128a0d97d46e586e311
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0d749be3e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch fixes two small memory leaks.
Upstream commit: 28e3a6653d8c3777b07e0128a0d97d46e586e311
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ba70e29fea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The default installed service file is missing a target, which causes preset-all
to not enable the service.
Add the service file to package/polkit with the addition of:
[Install]
WantedBy=multi-user.target
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3f885d9dfe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
0001-make-netgroup-support-optional.patch patches configure.ac, but we
don't autoreconf the package, which is not good.
However, simply adding AUTORECONF = YES is not sufficient: polkit
Makefile.am use the automake conditional HAVE_INTROSPECTION, which is
"available" only when the gobject-introspection m4 file is installed.
Since we don't want to make gobject-introspection a mandatory
dependency of polkit, we take a simpler route: add a copy of
introspection.m4 into the polkit source tree. This is only a 142 lines
file, and it can be dropped when
0001-make-netgroup-support-optional.patch is merged upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8edcb84730)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The help text was wrong, as it didn't match the actual default values
we were specifying. Indeed, when we specify:
default 31 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_13
default 30 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_3
It means that the policy version 30 is supported starting from Linux
4.3 included, and that 31 is supported from Linux 4.13 included.
So we shouldn't have:
> 4.3 <= 4.13 30
> 4.13 31
but:
>= 4.3 < 4.13 30
>= 4.13 31
This patch fixes that for all versions.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 67d7705a9a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
EXT_SUFFIX in Python versions > 3.5 contains a platform tag which only applies
to cpython extensions. Given that ctypes.util.find_library does not work on the
target due to the absence of the underlying tools '.so' needs to be added as a
possible suffix for libraries to enable python-iptables to find the iptables
shared libraries.
Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 52276cdda3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ctypes.util.find_library() depends on gcc and friends to detect the location of
a given shared library. Given that these are not available on the target and
that python-iptables depends on this functionality we need to work around this.
The SONAMEs of the libc are well known so we try the known ones for glibc,
uClibc and musl.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12271
Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 90c18ab269)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package uses ctypes.CDLL extensively which only makes sense when dynamic
libraries are available.
Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 21b85bc56c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-10932: fix side channel in ECC code that allowed an
adversary with access to precise enough timing and memory access
information (typically an untrusted operating system attacking a
secure enclave) to fully recover an ECDSA private key.
- Fix a potentially remotely exploitable buffer overread in a DTLS
client when parsing the Hello Verify Request message.
- Fix bug in DTLS handling of new associations with the same parameters
(RFC 6347 section 4.2.8): after sending its HelloVerifyRequest, the
server would end up with corrupted state and only send invalid records
to the client. An attacker able to send forged UDP packets to the
server could use that to obtain a Denial of Service. This could only
happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in
config.h (which it is by default).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b5704f8869)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default, exim stores its PID file in /var/spool/exim, and its log
file in /var/spool/exim/log, but it makes a lot more sense to have the
logs in /var/log/exim and the PID file in /var/run/exim.
Using binary name subdirectory in both cases allows for the use of
systemd's LogsDirectory and RuntimeDirectory statements
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 754341460b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The libssh server is used by libnetconf2. With libssh version 0.9.4 a
regression was introduced that wrongly leads to session closed after the
poll timeout.
The patch comes from upstrem:
https://git.libssh.org/projects/libssh.git/commit/?id=6417f5a3cac8537ac6f6ff7fc1642dfaa0917fb4
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 39099153d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The released libssh package does wrongly reports the previous version.
This patch fixes the version field in the lib.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a7db921da5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2020-1730: Possible DoS in client and server when handling
AES-CTR keys with OpenSSL.
Format hash file with two spaces delimiter.
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6b8a47e292)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is no reason to create boot.scr in board/udoo/neo and later
install it in TARGET_DIR/boot, leaving a stale file behind.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2306339d1f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
