Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 04e9fdb1c6)
[Peter: drop 5.3.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fbc54866a3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-16276: Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP
Request Smuggling.
https://github.com/golang/go/issues/34540
>From the release notes:
go1.12.10 (released 2019/09/25) includes security fixes to the net/http and
net/textproto packages
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bd574c445c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Config.in documented BR2_LIBCURL for swupdate but the actual
package name is BR2_PACKAGE_LIBCURL
Fix by updating the same in Config.in
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5abe6f2bf7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OMAP kernels use 8250 driver by default. Hence the name of
the console device is not /dev/ttyO0 but /dev/ttyS0.
Use /dev/console in order to handle the console independently
of the selected driver.
Tested in BeagleBone Black board.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 68b5b79b2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Otherwise they are installed even though the Braille support is not
built because it requires liblouis, which is not available.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3da92264c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I no longer work at Amarula Solutions and neither do I have access to
olimex A33 olinuxino board. So, add Jagan as maintainer of this board.
Signed-off-by: Shyam Saini <mayhs11saini@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 31fb2ac781)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Xtensa hwloop_optimize segfaults when zero overhead loop is about to be
inserted as the first instruction of the function.
Insert zero overhead loop instruction into new basic block before the
loop when basic block that precedes the loop is empty.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a88e87eee0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Stack pointer adjustment code in xtensa call0 ABI prologue missed a case
of no callee-saved registers and a stack frame size bigger than 128 bytes.
Handle that case.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9fd7ad8e71)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a number of issues after 1.6.6:
https://mosquitto.org/blog/2019/09/version-1-6-7-released/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7b65663a47)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some installations mount /tmp with the 'noexec' option, which prevents
running the program generated there to check the kernel headers.
Avoid the problem by generating the program under $(BUILD_DIR), passed
as the first argument to check-kernel-headers.sh.
We could globally export a TMPDIR environment variable with some path
under $(BUILD_DIR) but such solution would be too intrusive, depriving
the user from the freedom to set TMPDIR at his will (or needs).
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12241
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6136765b23)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop second and third patches (alredy in version)
- Add mitigation against an ECDSA timing attack. [T4626,CVE-2019-13627]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 26daf383f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The recent versions of ncurses now have the license information in a
separate file called COPYING.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 40de427a63)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Joe changed the COPYING file from GPL-1.0 to GPL-2.0 in the development
leading up to 3.8:
d731f9b379/
So change the license to GPL-2.0+
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 0d26068b38)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes WARNINGs in make legal-info of the kind:
WARNING: kf5-extra-cmake-modules-5.47.0: cannot save license
(KF5_EXTRA_CMAKE_MODULES_LICENSE_FILES not defined)
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a6c594b8dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The source files contain the "(at your option) any later version" text, so
change the licese to GPL-2.0+.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f58ea370da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The source files contain the "(at your option) any later version" text and
the website states:
License
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
http://0pointer.de/lennart/projects/ifplugd/
So change the license to GPL-2.0+
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d8c2d82d7a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Which is the version used by docker 18.09.9:
0a3767c7e9
Also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 02e2fe2eca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Includes a number of post-18.09.7 bugfixes and to keep in sync with the
docker-engine version.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c5568f9985)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
CVE-2019-13509: Docker Engine in debug mode may sometimes add secrets to the
debug log. This applies to a scenario where docker stack deploy is run to
redeploy a stack that includes (non external) secrets. It potentially
applies to other API users of the stack API if they resend the secret.
And a number of other non-security issues.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1d1fb619f9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patch used previously to support versions of ln lacking the '-r'
option generated broken links:
$ file target/usr/lib/cups/backend/driverless
target/usr/lib/cups/backend/driverless: broken symbolic link to ../../usr/lib/cups/driver/driverless
Add a squashing of two patches already applied upstream that provide a
better solution:
https://github.com/OpenPrinting/cups-filters/pull/154https://github.com/OpenPrinting/cups-filters/pull/157
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f80ec7963a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
texttotext must be linked to libiconv if !BR2_ENABLE_LOCALE so pull a
patch applied upstream that adds libiconv discovery via autoconf.
With this change, autoreconf requires the config.rpath and ABOUT-NLS
files which are not in v1.25.4. Add a pre-configure hook to fake them.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12031
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5376b4b4e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With Microblaze Gcc version < 8.x the build hangs due to gcc bug
85180: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180. The bug
shows up when building protobuf with optimization but not when building
with -O0. To work around this, if BR2_TOOLCHAIN_HAS_GCC_BUG_85180=y we
force using -O0.
Fixes:
http://autobuild.buildroot.net/results/73dc9610a13d6e14eec58d529617210d93d5dec4/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Arnout: fix variable name]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e975f1cbef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using a newer host system cmake to build MariaDB, the following build
error occurs:
CMake Error at cmake/os/Linux.cmake:29 (STRING):
STRING sub-command REPLACE requires at least four arguments.
Call Stack (most recent call first):
CMakeLists.txt:101 (INCLUDE)
CMake Error at cmake/os/Linux.cmake:29 (STRING):
STRING sub-command REPLACE requires at least four arguments.
Call Stack (most recent call first):
CMakeLists.txt:101 (INCLUDE)
Fixes: https://bugs.busybox.net/show_bug.cgi?id=11781
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c2ff8c63da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mariadb no longer allows the WITH_SSL=OFF configure option. It will
instead search for openssl or gnutls headers, and if missing error out
with:
CMake Error at /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
Could NOT find GnuTLS (missing: GNUTLS_LIBRARY GNUTLS_INCLUDE_DIR)
(Required is at least version "3.3.24")
Call Stack (most recent call first):
/usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:378 (_FPHSA_FAILURE_MESSAGE)
/usr/share/cmake/Modules/FindGnuTLS.cmake:54 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
libmariadb/CMakeLists.txt:298 (FIND_PACKAGE)
Therefore, make host-mariadb depend on host-openssl, and tell mariadb
to use the system openssl.
This was not found by autobuilders because mariadb isn't built in the
autobuilders (it's part of a choice).
Note that the target mariadb already has an unconditional dependency
on openssl.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit fca2e83768)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If follow through the customize-outside-br.txt with how to add external
toolchain in br-ext tree then one thing is missing - inclusion of
*.mk file with external toolchain package description.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 392b60f176)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Remove second patch (already in version)
- Fix a missing error detection in ECJPAKE. This could have caused a
predictable shared secret if a hardware accelerator failed and the
other side of the key exchange had a similar bug.
- When writing a private EC key, use a constant size for the private
value, as specified in RFC 5915. Previously, the value was written as
an ASN.1 INTEGER, which caused the size of the key to leak about 1 bit
of information on average and could cause the value to be 1 byte too
large for the output buffer.
- The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to
implement blinding. Because of this for the same key and message the
same blinding value was generated. This reduced the effectiveness of
the countermeasure and leaked information about the private key
through side channels. Reported by Jack Lloyd.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6bab018ee8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Remove all patches except first one (already in version)
- Update first patch
- Fix CVE-2019-6471: A race condition when discarding malformed packets
can cause BIND to exit with an assertion failure
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 395ad387e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I am exclusively using my Gmail address for now on. Reflect this in
the DEVELOPERS file.
Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 916497d7d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mathieu is no longer working at Savoir-faire Linux, update his email
address in the DEVELOPERS file.
Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd7f37606d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a security issue. From the annoncement:
A vulnerability exists in Mosquitto versions 1.5 to 1.6.5 inclusive.
If a client sends a SUBSCRIBE packet containing a topic that consists of
approximately 65400 or more '/' characters, i.e. the topic hierarchy
separator, then a stack overflow will occur.
The issue is fixed in Mosquitto 1.6.6 and 1.5.9. Patches for older versions
are available at https://mosquitto.org/files/cve/2019-hier
The fix addresses the problem by restricting the allowed number of topic
hierarchy levels to 200. An alternative fix is to increase the size of the
stack by a small amount.
https://mosquitto.org/blog/2019/09/version-1-6-6-released/
Also notice that 1.6.5 silently fixed a security issue:
CVE-2019-11778
A vulnerability exists in Mosquitto version 1.6 to 1.6.4 inclusive, known as CVE-2019-11778
If an MQTT v5 client connects to Mosquitto, sets a last will and testament,
sets a will delay interval, sets a session expiry interval, and the will
delay interval is set longer than the session expiry interval, then a use
after free error occurs, which has the potential to cause a crash in some
situations.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c5c106e4e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This would normally be enabled by systemctl preset-all however since we
don't have a host systemctl we need to enable the service manually.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b81e00e2ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Keep listing the test infra so the developer is included in reviews, but
trim the list of tests to those the developer are most interested in.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 10acb4ff6d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The JSON::PP Perl module is used at build time by the webkitgtk and
wpewebkit packages.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e0c879509d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- ECDSA remote timing attack (CVE-2019-1547)
Severity: Low
- Fork Protection (CVE-2019-1549)
Severity: Low
- Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
Severity: Low
For more details, see the advisory:
https://www.openssl.org/news/secadv/20190910.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 99a2f0dd6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In the SYSV init script allow /etc/default/vmtoolsd to override $ARGS
(if it present)
Signed-off-by: Simon Rowe <simon.rowe@citrix.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3d104ce719)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, fixing a number of issues:
- Fix v5 DISCONNECT packets with remaining length == 2 being treated as a
protocol error. Closes#1367.
- Fix support for libwebsockets 3.x (excluding 3.2.0)
- Fix slow websockets performance when sending large messages. Closes
#1390.
- Fix bridges potentially not connecting on Windows. Closes#478.
- Fix clients authorised using use_identity_as_username or
use_subject_as_username being disconnected on SIGHUP. Closes#1402.
- Improve error messages in some situations when clients disconnect.
Reduces the number of "Socket error on client X, disconnecting" messages.
- Fix Will for v5 clients not being sent if will delay interval was greater
than the session expiry interval. Closes#1401.
- Fix CRL file not being reloaded on HUP. Closes#35.
- Fix repeated "Error in poll" messages on Windows when only websockets
listeners are defined. Closes#1391.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b7c4cdad1e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
CVE-2019-15903: In libexpat before 2.2.8, crafted XML input could fool the
parser into changing from DTD parsing to document parsing too early; a
consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)
then resulted in a heap-based buffer over-read.
While we're at it, also change to use .tar.xz rather than the bigger
.tar.bz2.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 386794d02e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
