The upstream Makefile failed to detect systemd being present in some (maybe all)
builds, resulting in the unit file not being installed. Without the unit file,
the udev rules in usb_modeswitch-data don't work as expected (no modeswitch is
performed).
This commit adds a patch that modifies the Makefile to include
'$(PREFIX)/bin/systemctl' in the list of paths checked, which makes the
installation phase work as intended. I will also submit this patch upstream.
Signed-off-by: Sol Bekic <s+removethis@s-ol.nu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c6b746e6fc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libks needs NPTL since its addition in commit
5752d18bfc:
/nvmedata/autobuild/instance-17/output-1/build/libks-1.8.0/src/ks_thread.c: In function 'thread_launch':
/nvmedata/autobuild/instance-17/output-1/build/libks-1.8.0/src/ks_thread.c:237:21: error: 'pthread_setname_np' undeclared (first use in this function); did you mean 'pthread_setcanceltype'?
237 | if (thread->tag && pthread_setname_np)
| ^~~~~~~~~~~~~~~~~~
| pthread_setcanceltype
Fixes:
- http://autobuild.buildroot.org/results/8a93b75ee51e005383eac17aa7577b43eda4cd92
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 91600a62af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-24882: FreeRDP is a free implementation of the Remote
Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager
(NTLM) authentication does not properly abort when someone provides and
empty password value. This issue affects FreeRDP based RDP Server
implementations. RDP clients are not affected. The vulnerability is
patched in FreeRDP 2.7.0. There are currently no known workarounds.
Fix CVE-2022-24883: FreeRDP is a free implementation of the Remote
Desktop Protocol (RDP). Prior to version 2.7.0, server side
authentication against a `SAM` file might be successful for invalid
credentials if the server has configured an invalid `SAM` file path.
FreeRDP based clients are not affected. RDP server implementations using
FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0
contains a fix for this issue. As a workaround, use custom
authentication via `HashCallback` and/or ensure the `SAM` database path
configured is valid and the application has file handles left.
https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ecaca2d01e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Recent commit f0c7cb01a9 (package/pkg-download: do not try to vendor
_EXTRA_DOWNLOADS) got last-minute changes when applied, which changed
the expected behaviour for packages that do not have a main download.
Before f0c7cb01a9, the dl-wrapper would not even be called for those
packages, and the original patch that was sent also avoided downloading
such packages, but f0c7cb01a9 now causes the dl-wrapper to be called.
It is however an accident that the dl-wrapper does not fail. Indeed, it
is expected to fail if no download was successful; we pass no URI, so
the dl-wrapper should have failed, as it basically does:
download_and_check=0
for uri in "${uris[@]}"; do
...
done
if [ "${download_and_check}" -eq 0 ]; then
exit 1
fi
However, it does not even go that far...
Even though there is no output file, we still pass the path to the
package output directory as the output path. So, to avoid downloading
files already present, the wrapper checks if the output file exists,
and checks its hash:
if [ -e "${output}" ]; then
if support/download/check-hash ${quiet} "${hfile}" "${output}" ...
exit 0
...
fi
The output path does exist now, because we explicitly create it just
before calling the wrapper, because that's where we also locate the
lockfile.
So it ends up trying to validate the hash of a directory, but it fails
to, as there is indeed no hash file for that package. And a missing hash
file is just a warning, not an error, which makes the download actually
a success...
So, this is currently working, and this is by pure luck.
However, there is a potential issue: if a target package is a virtual
package, but the host package is a real package, e.g. the same foo.mk
does (or the other way around):
HOST_FOO_VERSION = 1.2.3
HOST_FOO_SITE = http://example.net/
$(eval $(virtual-package))
$(eval $(host-generic-package))
If there is a hash file to validate the host download, then the current
situation will cause a failure, because there would be a hash file, but
no hash for the output path of the target variant, which would then be
a hard-error.
So, revert to the behaviour from before f0c7cb01a9, where no download
is attempted for a package without a source (really, without a main
download, now).
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d95a6dac31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Our libiconv shouldn't need the ICONV_OMITS_BOM workaround.
We also need to correctly set the iconv path so that we don't use the
host iconv path.
Fixes:
- http://autobuild.buildroot.net/results/027/027602a750fd0989f9861773a2c4672667590acc
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit cd4b55dca0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The default defconfig target for the 64 bit powerpc kernel is
ppc64_defconfig, the big endian configuration.
When building for powerpc64le users want the little endian kernel as
they can't boot LE userspace on a BE kernel.
Fix up the defconfig used in this case. This will avoid the following
autobuilder failure:
VDSO32A arch/powerpc/kernel/vdso32/sigtramp.o
cc1: error: ‘-m32’ not supported in this configuratioin
make[4]: *** [arch/powerpc/kernel/vdso32/Makefile:49: arch/powerpc/kernel/vdso32/sigtramp.o] Error 1
http://autobuild.buildroot.net/results/dd76d53bab56470c0b83e296872d7bb90f9e8296/
Note that the failure indicates the toolchain is configured to disable
the 32 bit target, causing the kernel to fail when building the 32 bit
VDSO. This is only a problem on the BE kernel as the LE kernel disables
CONFIG_COMPAT, aka 32 bit userspace support, by default.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 62044e8675)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following build failure on powerpc64le:
http://autobuild.buildroot.net/results/1f84facd106abdd59be87b9f6e1eb24bcef0a846
Assembler messages:
Error: missing operand
The code will fail to build on any powerpc platform with optimisation
disabled as package contains incorrect syntax behind !defined(__OPTIMIZE__).
The patch has been submitted to the project:
https://github.com/j256/dmalloc/pull/113
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2712e32028)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump package revision to pull various fixes for v5.1 - v5.17 kernels.
Patch that disables verbose debug is no more compatible with updated
driver since build flags in Makefile has been changed. Drop it.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 25956b29e4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable Linux kernel configuration options required by the driver.
Those are wireless networking and sdio support.
Fixes:
- http://autobuild.buildroot.net/results/ed6e29e44333ccae2728ca3321ff876c3056eada/
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c9cd65a03f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add host-pkgconf dependency to fix the following build failure raised
since commit 4e3be3ae9d:
run pkg_config fail: "Failed to run `\"/nvmedata/autobuild/instance-6/output-1/per-package/host-rust/host/bin/pkg-config\" \"--libs\" \"--cflags\" \"openssl\"`: No such file or directory (os error 2)"
Fixes:
- http://autobuild.buildroot.org/results/b046523960079cbf85931b8f67c3b98dd07fbbda
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5cd13ec765)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
numactl unconditionally uses __atomic_fetch_and resulting in the
following build failure on architectures that need libatomic to provide
atomic intrinsics (e.g. microblaze) since commit
4ed540ddf5:
/nvmedata/autobuild/instance-5/output-1/host/lib/gcc/microblaze-buildroot-linux-uclibc/10.3.0/../../../../microblaze-buildroot-linux-uclibc/bin/ld: ./.libs/libnuma.a(libnuma.o): in function `numa_node_to_cpus_v1':
(.text+0x2a34): undefined reference to `__atomic_fetch_and_1'
Fixes:
- http://autobuild.buildroot.org/results/e225cb83dae390d9dc543d4da85c52180efbd40a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5ade3ecdb8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported by [1], the lxc test is broken since lxc >= 4.0.11.
A patch was added to lxc 4.0.11 to use the new mount api for devpts
setup [2] but the fall back code doesn't work when this new mount
API is not supported. This API was added in kernel 5.6.
(kernel 5.5)
DEBUG conf - conf.c:lxc_setup_devpts_child:1682 - No new devpts instance will be
mounted since no pts devices are required
lxc-start lxc_iperf3 DEBUG conf - conf.c:lxc_setup_dev_console:1966 - Cleared
all (0) mounts from "/dev/console"
lxc-start lxc_iperf3 ERROR mount_utils - mount_utils.c:mount_at:661 - No such
file or directory - Failed to mount "/proc/self/fd/44" to "/proc/self/fd/43"
lxc-start lxc_iperf3 ERROR conf - conf.c:lxc_setup_dev_console:1988 - No such
file or directory - Failed to mount "10(/dev/pts/0)" on "43"
lxc-start lxc_iperf3 ERROR conf - conf.c:lxc_setup_console:2143 - No such file
or directory - Failed to setup console
(kernel 5.6)
lxc-start lxc_iperf3 TRACE mount_utils - mount_utils.c:can_use_mount_api:582 -
Kernel supports mount api
lxc-start lxc_iperf3 TRACE mount_utils - mount_utils.c:move_detached_mount:328
- Attach detached mount 45 to filesystem at 43
lxc-start lxc_iperf3 TRACE conf - conf.c:lxc_setup_dev_console:1990 - Setup
console "/dev/pts/0"
Bump the kernel to the current LTS 5.15.38 version that fully support the
mount API needed by lxc.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/2429013708
[1] http://lists.busybox.net/pipermail/buildroot/2022-January/635251.html
[2] be606e16fd
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ca135c9939)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9286f2a4d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the very beginning, libunistring was a mandatory dependency of
gnutls. However, it would use its internal copy if libunistring was not
selected. We never want that, so make libunistring an actual mandatory
dependency.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3292f87412)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 3.7.4 added compression options with brotli, zlib and zstd.
These are automatically discovered, which makes their inclusion depend
on the build order. Therefore, explicitly enable/disable them.
Note that the configure help text says "--without-brotli" and
"--without-zstd", but the options are actually --without-libbrotli and
--without-libzstd. --without-zlib is correct in the help text.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 91354636e6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The option is set a few lines below depending on
BR2_PACKAGE_GNUTLS_OPENSSL.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr: move it all under a single conditional block]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 91b10ec79a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The pcre/libregex dependency was removed in version 3.7.3 with upstream
commit 26578b7d02c269ff1d34ff782d84c7667734d03d, which removed the
bundled libopts. Remove the pcre dependency and the relevant CONF_OPTS
handling.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 00a046e455)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gnutls's configure script has a weird approach where it first searches
for dependent libraries in the path specified by --prefix, before
searching in the default search path. Since we set --prefix to /usr,
and it doesn't take into account DESTDIR (which is anyway not set at
configure time), that means it will first search /usr/lib before
searching $(STAGING_DIR)/usr/lib.
Ideally, this would be fixed in the configure script itself. However,
the m4 file that does this is pretty complex, it's not immediately clear
where to add $DESTDIR. In addition it comes from gnulib which is a
somewhat annoying upstream.
Therefore, instead, bypass the prefix lookup with
--without-libfoo-prefix. Note that we could set
--with-libfoo-prefix=$(STAGING_DIR)/usr (the latter is already done for
librt and libpthread), but that's pretty pointless -
--without-libfoo-prefix in fact reverts to what should have been done in
the first place, i.e. use the toolchain search path.
Add --without-libfoo-prefix for all options defined in configure (found
with ./configure --help | grep without-.*-prefix). Most of these are
only used in tests (e.g. libcrypto) or even not at all (e.g. libiconv),
but it's fairly hard to discover this and to be sure that they are
indeed not needed, so better pass all of them.
Remove the now-redundant arguments for librt and libpthread.
Add a comment to remind people to revisit these when bumping the
version.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b707a67daa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
One per line, and alphabetical (was already the case for host).
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr: all host dependencies first]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fb5aad3024)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Forgotten in commit e6f8c403fe which
removed 0001-configure-define-HAVE_LIBBSD-when-libbsd-was-found.patch
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6a3379ad31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Includes security fixes to the syscall package, as well as bug fixes to the
compiler, runtime, and the crypto/x509 and net/http/httptest packages.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Minor bug fixes, including upstream fix for meson iconv handling, which makes
0002-src-lib-icu-fix-iconv-detection-when-libiconv-is-ins.patch redundant.
Introduces version dependencies for libshout and libupnp, which are met since
01/2021 (commit 118648d161).
Full change log:
https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.23.7/NEWS
Signed-off-by: Andreas Ziegler <br015@umbiko.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c22b1650d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/a6c7dd171529e2a7b7a26af8d99bec53117a7a02/
Commit fd5842a1dd (boot/shim: add
BR2_PACKAGE_SHIM_ARCH_SUPPORTS) added explicit support for big/little endian
arm/aarch64, but the shim code is hard coded for little endian:
head -n 1 elf_{arm,aarch64}_efi.lds
==> elf_arm_efi.lds <==
OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm")
==> elf_aarch64_efi.lds <==
OUTPUT_FORMAT("elf64-littleaarch64", "elf64-littleaarch64", "elf64-littleaarch64")
So drop the support for the big endian variants.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0ebbf0b280)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.
This issue leads to a segmentation fault and possibly arbitrary code
execution via a specially crafted filesystem.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3ef096786a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch fixes the DP audio and video PLL configurations for the
zynqmp-zcu106-revA evaluation board.
The Linux DP driver expects the DP to be using the following PLL config:
- DP video PLL should use the VPLL (0x0)
- DP audio PLL should use the RPLL (0x3)
Register 0xFD1A0070 configures the DP video PLL.
Register 0xFD1A0074 configures the DP audio PLL.
This patch was build and run tested on a zynqmp-zcu106-revA target board.
Upstream-Status: submitted (https://lore.kernel.org/all/62538b4a04dee28a6fc8ac5b85f8c845a5a76aa4.1651740988.git.michal.simek@amd.com/)
This patch will be removed from buildroot in a future release when no longer necessary.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8125300088)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since SDMA firmwares for imx[6,7,8] are now provided only by
firmware-imx package and not linux-firmware package [1]. If
CONFIG_EXTRA_FIRMWARE is set in the kernel config, the build will fail
if the imx firmware is not available.
[1] http://lists.busybox.net/pipermail/buildroot/2021-January/603807.html
Signed-off-by: Leger Charlie <c.leger@borea-dental.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 666084f494)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Recent changes in libusb have exposed a bug in OpenOCD which now crash when trying
to use the ST-Link driver.
Upstream has a fix as commit cff0e417da58adef1ceef9a63a99412c2cc87ff3. This add the commit
as a stand alone patch. The crash also happen on Linux, which was not mentionned in that
commit message.
Should be removed when OpenOCD is updated to a release newer than 0.11
Signed-off-by: Yannick Brosseau <yannick.brosseau@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 4239958963)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For golang- or cargo-based packages, we apply a vendoring pass after the
package's "main" download is done. Whether to vendor or not is based on
the heuristic that a specific directory exists or not; for golang
packages, we look for '/vendor', while for cargo, we look for '/VENDOR'.
This is fine for the "main" (by lack of a better term) download, but
this falls flat on its face for extra downloads. Indeed, some packages
may need to download data sets, or assets, as _EXTRA_DOWNLOADS. Those
are usually just data blobs, and are not actual golang or cargo packages;
as such they do not need to be vendored, but worse, if we try to
actually vendor them, this fails because the required files for
vendoring are missing from the archives in such data sets.
We fix that by decoupling the download for the extra download, from the
download for the main archive. We pass the post-processing option only
to the main download.
This makes the hard assumption that extra downloads will never need to
be post-processed for vendoring, of course; we hope this will always be
correct in practice. If not, we can fix it later.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout:
- no loop needed for MAIN_DOWNLOAD, it can have only one;
- remove superfluous backslash in the definition of MAIN_DOWNLOAD;
- introduce _ADDITIONAL_DOWNLOADS to avoid filter-out.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f0c7cb01a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This was already disabled for target packages in:
12ba356365
We need to disable wrap downloads for host meson packages as well.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5c2f0c698c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add mappings for new cpu families based on the reference table:
https://mesonbuild.com/Reference-tables.html#cpu-families
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 0a91f37c48)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps configs/zynqmp_zcu106_defconfig pmufw to 2022.1.
The pm_cfg_obj.c has not changed between 2021.2 and 2022.1.
The pmufw_v2022.1.bin has been tested on a zcu106 board.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 27c672e53a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps configs/zynqmp_zcu102_defconfig pmufw to 2022.1.
The pm_cfg_obj.c has not changed between 2021.2 and 2022.1.
The pmufw_v2022.1.bin has been tested on a zcu102 board.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b044be10f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- The c_rehash script allows command injection (CVE-2022-1292)
The c_rehash script does not properly sanitise shell metacharacters to
prevent command injection. This script is distributed by some operating
systems in a manner where it is automatically executed. On such operating
systems, an attacker could execute arbitrary commands with the privileges of
the script.
Use of the c_rehash script is considered obsolete and should be replaced by
the OpenSSL rehash command line tool.
https://www.openssl.org/news/secadv/20220503.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 96a4aee289)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch migrates configs/zynqmp_zcu106_defconfig to tarballs for TF-A, u-boot and Linux.
This patch has zero change in code running on the device.
The goal is to improve build speed and align with the zynq_xxx_defconfigs.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ac05c0d68d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch migrates configs/zynqmp_zcu102_defconfig to tarballs for TF-A, u-boot and Linux.
This patch has zero change in code running on the device.
The goal is to improve build speed and align with the zynq_xxx_defconfigs.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 56539c5c93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We can't enable lua and luajit at the same time as they both provide
the virtual luainterpreter package.
Fixes:
package/luajit/luajit.mk:80: *** Configuration error: both "luajit" and "lua" are selected as providers for virtual package "luainterpreter". Only one provider can be selected at a time. Please fix your configuration. Stop.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e11431dd61)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
