Release notes:
https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html
Fixes the following CVEs:
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
alphasort and uint used to be guarded behind various test-macros
definitions, which are not default on ancient toolchains (glibc-2.18
era for example).
Fixes:
- http://autobuild.buildroot.org/results/41fde4aa06f7c025bb05aa594716643b9010358f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: issue is with glibc, not gcc]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In order to not have to define all architecture bitness variants in
src/LibSupport.h to conditionally define RADIX_BITS, a patch was created
to depend on LONG_BIT being defined via limits.h
For glibc, LONG_BIT is behind a _XOPEN_SOURCE define guard so patch the
makefile to define this macro as well as _DEFAULT_SOURCE.
Defining _XOPEN_SOURCE requires _DEFAULT_SOURCE to be explicitly defined
for builds to succeed as it is no longer impliclty defined when
_XOPEN_SOURCE is defined.
Fixes:
http://autobuild.buildroot.net/results/bc145dd23c80a0660300766d0c114a00ed2e52b6/http://autobuild.buildroot.net/results/1d84e70c30d4d0719274aa4f3edc01772beb24a3/
Fixes: 19bd089004 ("package/ibm-sw-tpm2: fix patch to address musl builds")
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix a bunch of CVEs: CVE-2020-16287, CVE-2020-16288, CVE-2020-16289,
CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293,
CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297,
CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301,
CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305
CVE-2020-16308, CVE-2020-16309, CVE-2020-17538
PKGCONFIG must be passed since version 9.51 and
2d84ecc578
Also drop patch (already in version) and update indentation in hash file
(two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
buddyinfo is available since version 5.11.0 and
cb19ecf90d
It is currently enabled by default
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
capabilities plugin is available since version 5.11.0 and
b934f1572c
It is currently enabled by default depending on jansson and
libmicrohttpd availability
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
InfluxDB support is available since version 5.11.0 and
605fcdcdde
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
DPDK support is available since version 5.11.0 and
00cbd4d2c0
It depends on jansson and is currently enabled by default raising the
following build failure on musl:
src/dpdk_telemetry.c:43:10: fatal error: sys/unistd.h: No such file or directory
#include <sys/unistd.h>
^~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/aafb8c72f147fefc7a988c45e4dc17de48b07a95
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This will fix the following build failure:
../src/gstreamer/gstlibcameraallocator.cpp: In static member function 'static GQuark FrameWrap::getQuark()':
/home/peko/autobuild/instance-1/output-1/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib/gatomic.h:128:15: error: variable 'gapg_temp_atomic' set but not used [-Werror=unused-but-set-variable]
gpointer *gapg_temp_atomic = (gpointer *)(atomic); \
^
Fixes:
- http://autobuild.buildroot.org/results/c28500d4cc55fbd2bac87f2c11759ddc9163bc91
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
__sync builtins have been dropped since version 0.24.0 and
c3205d294e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Previously, __WORDSIZE was being used to define RADIX_BITS.
__WORDSIZE is not defined consistently via limits.h across all libc
variants, so use LONG_BIT instead.
Fixes:
http://autobuild.buildroot.net/results/b5cb347a98dc64f77982633c0fc48d14030aa5b6/
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In keepalived, ipset is only used when iptables support is
enabled. The configure.ac script is quite convoluted, but one can
clearly see:
AS_IF([test .$enable_iptables != .no],
[
... testing for iptables ...
if test $USE_IPTABLES = Yes; then
dnl ----[Check for ipset libraries]----
SAV_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS $kernelinc"
if test "${enable_libipset}" != no; then
... testing for libipset ...
fi
]
So, the libipset library is only tested and used if iptables is
enabled. This is also visible by the code that shows at the end of the
configure script which features are enabled:
echo "Use iptables : ${USE_IPTABLES}"
if test .$USE_IPTABLES = .Yes; then
echo "Use libipset : ${USE_LIBIPSET}"
fi
Once again, the libipset support only makes sense when iptables is
enabled.
However, the configure.ac script also has some logic to detect if a
--<something>-libipset option is passed while iptables is enabled:
AS_IF([test .$enable_iptables = .no],
AS_IF([test .$enable_libipset != .], [AC_MSG_ERROR([disable-libipset requires vrrp and iptables])])
)
The error message is quite misleading because it is in fact displayed
as soon as a --<something>-libipset is passed not just
--disable-libipset.
In the context of Buildroot, we are always passing a
--<something>-libipset, regardless of whether iptables support is
enabled or not, which makes the build error out:
configure: error: disable-libipset requires vrrp and iptables
This commit fixes that by enclosing the libipset logic inside the
iptables condition. When iptables is not available, we pass
--disable-iptables and that's it, nothing else is needed. When
iptables is available, we pass --enable-iptables *and*
--enable-libipset or --disable-libipset depending on the availability
of libipset.
This has been tested successfully with the following combinations:
- keepalived, without iptables or libipset
- keepalived, with iptables, but without libipset
- keepalived, without iptables, but with libipset. In this case
libipset is obviously not used.
- keepalived, with iptables and with libipset. Both are used. Note
that you will not see the keepalived binary linked with libipset.so
in "readelf -d" because keepalived dlopen()s the libipset.so
library by default.
Fixes:
http://autobuild.buildroot.org/results/a1712b2cc3ad878e6876325ec7d4c434d0d9d11b/
(case with --disable-libipset --disable-iptables)
http://autobuild.buildroot.net/results/4567e3b0a0510e8a615781178ff5bbbd835a92c3/
(case with --enable-libipset --disable-iptables)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit bd9810e176. Indeed,
while uClibc-ng has support for RISC-V 64-bit, this support lacks the
__riscv_flush_icache() function call, which is used by some GCC
builtins used for example in libffi.
Due to this missing __riscv_flush_icache(), anything that links
against libffi fails to build:
/home/test/autobuild/run/instance-0/output-1/host/bin/riscv64-buildroot-linux-uclibc-gcc -o gobject/gobject-query gobject/gobject-query.p/gobject-query.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,--start-group glib/libglib-2.0.so.0.6400.4 gobject/libgobject-2.0.so.0.6400.4 -Wl,--end-group -pthread '-Wl,-rpath,$ORIGIN/../glib:$ORIGIN/' -Wl,-rpath-link,/home/test/autobuild/run/instance-0/output-1/build/libglib2-2.64.4/build/glib -Wl,-rpath-link,/home/test/autobuild/run/instance-0/output-1/build/libglib2-2.64.4/build/gobject
/home/test/autobuild/run/instance-0/output-1/host/lib/gcc/riscv64-buildroot-linux-uclibc/9.3.0/../../../../riscv64-buildroot-linux-uclibc/bin/ld: /home/test/autobuild/run/instance-0/output-1/host/riscv64-buildroot-linux-uclibc/sysroot/usr/lib64/libffi.so.7: undefined reference to `__riscv_flush_icache'
collect2: error: ld returned 1 exit status
Note that this commit means that
support/config-fragments/autobuild/br-riscv64-full-internal.config
will be back to using glibc as the C library, but that is OK, until
uClibc-ng is fixed to implemented __riscv_flush_icache().
This uClibc-ng issue has been reported upstream at
https://mailman.uclibc-ng.org/pipermail/devel/2020-August/002022.html.
Fixes:
http://autobuild.buildroot.net/results/ec1185ad1fd8863a3990143a0af2ace987761a27/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit backports an upstream commit to fix the build of pulseview
with recent Qt versions.
Note that pulseview has a 0.4.2 version (newer than our 0.4.1) but it
doesn't have the fix we need. And 0.4.2 now requires additional Qt
translation tools, so the update to 0.4.2 is anyway not
straightforward.
Fixes:
http://autobuild.buildroot.net/results/c9e27a91905dfda0ba1ddb12c7910316d3ee82ef/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Maxime Ripard is no longer at Bootlin, his e-mail is bouncing:
<maxime.ripard@bootlin.com>: host spool.mail.gandi.net[217.70.178.1] said: 550
5.1.1 <maxime.ripard@bootlin.com>: Recipient address rejected: User unknown
in virtual mailbox table (in reply to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The pkg-stats script now uses Python3 only constructs (the "async"
keyword) and therefore fails to pass the Python2 flake8 test.
Let's use the Python3 flake8 instead.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/681711009
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since commit 4a40d36f13
("support/testing: switch to Python 3 only") our runtime testing
infrastructure is Python 3.x only.
Therefore, it is no longer needed to have python-nose2 and
python-pexpect in the Docker container used to run our Gitlab CI jobs.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump configs/qemu_* to latest longterm kernel 5.4.42.
All defconfig using a specific kernel version (csky, risc32) are not
taken into account.
Build and runtime tested: https://gitlab.com/jugurthaB/buildroot/-/pipelines/177882458
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
>From the release notes:
================================================================================
Redis 6.0.6 Released Mon Jul 20 09:31:30 IDT 2020
================================================================================
Upgrade urgency MODERATE: several bugs with moderate impact are fixed here.
The most important issues are listed here:
* Fix crash when enabling CLIENT TRACKING with prefix
* EXEC always fails with EXECABORT and multi-state is cleared
* RESTORE ABSTTL won't store expired keys into the db
* redis-cli better handling of non-pritable key names
* TLS: Ignore client cert when tls-auth-clients off
* Tracking: fix invalidation message on flush
* Notify systemd on Sentinel startup
* Fix crash on a misuse of STRALGO
* Few fixes in module API
* Fix a few rare leaks (STRALGO error misuse, Sentinel)
* Fix a possible invalid access in defrag of scripts (unlikely to cause real harm)
New features:
* LPOS command to search in a list
* Use user+pass for MIGRATE in redis-cli and redis-benchmark in cluster mode
* redis-cli support TLS for --pipe, --rdb and --replica options
* TLS: Session caching configuration support
================================================================================
Also, the reference hashes repo has moved to redis/redis-hashes
probably because the original maintainer has stepped down, see
http://antirez.com/news/133
Finally, the copyright year in the COPYING file has been updated,
and so does its sha256 checksum.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
support/scripts/pkg-stats now uses some Python 3.x only constructs
("async" and related keywords), so we must use the Python 3.x flake8.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Raw strings need to be used when calling re.compile() otherwise Python
3.x flake8 complains with:
W605 invalid escape sequence '\s'
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use ac_cv_func_working_mktime=yes to force the use of a provided
mktime implementation instead of compiling the failing own one.
Fixes:
http://autobuild.buildroot.net/results/5bcd8f4235002da682cc900f866116d2fe87f1c8
mktime.c: In function 'ydhms_diff':
mktime.c:106:52: error: size of array 'a' is negative
#define verify(name, assertion) struct name { char a[(assertion) ? 1 : -1]; }
^
mktime.c:170:3: note: in expansion of macro 'verify'
verify (long_int_year_and_yday_are_wide_enough,
^~~~~~
with the failure/assert comming from the lines:
verify (long_int_year_and_yday_are_wide_enough,
INT_MAX <= LONG_MAX / 2 || TIME_T_MAX <= UINT_MAX);
which fails since the y2038 time_t conversion from 32bit to 64bit
(musl libc).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
fluidsynth is an optional dependency of mpd since version 0.18.5 and
727c622659
It is enabled by default
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
applications, such as mpd, fail to build statically with fluidsynth
because fluidsynth does not fill Libs.Private in their pkg-config file
Because fluidsynth is a cmake-package with many dependencies, it is not
easy to fix so just add a dynamic library dependency.
Here is an extract of src/CMakeLists.txt that gives the list of
fluidsynth possible dependencies:
target_link_libraries ( libfluidsynth
${GLIB_LIBRARIES}
${GMODULE_LIBRARIES}
${LASH_LIBRARIES}
${JACK_LIBRARIES}
${ALSA_LIBRARIES}
${PULSE_LIBRARIES}
${PORTAUDIO_LIBRARIES}
${LIBSNDFILE_LIBRARIES}
${SDL2_LIBRARIES}
${DBUS_LIBRARIES}
${READLINE_LIBS}
${DART_LIBS}
${COREAUDIO_LIBS}
${COREMIDI_LIBS}
${WINDOWS_LIBS}
${MidiShare_LIBS}
${OpenSLES_LIBS}
${OBOE_LIBS}
${LIBFLUID_LIBS}
${LIBINSTPATCH_LIBRARIES}
)
Fixes:
- http://autobuild.buildroot.org/results/ec9dd2903359b9bf6b15c8cb69e732f8cb6c4d39
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes compile errors against certain kernels.
Signed-off-by: Christian Stewart <christian@paral.in>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>