Support for atftp is added by the services/tftp module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix a denial of service attack against the KDC encrypted challenge
code [CVE-2021-36222].
- Fix a memory leak when gss_inquire_cred() is called without a
credential handle.
- Update indentation in hash file (two spaces)
- Update hash of NOTICE (update in year:
9cbfdf65e1)
https://web.mit.edu/kerberos/krb5-1.18/krb5-1.18.4.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
BlueZ builds a lot of Classic BT profiles by default but allows
to disable them. This is especially handy when only BLE is needed
and enabled in the kernel.
Otherwise this yields warnings like this on bootup:
profiles/network/bnep.c:bnep_init() kernel lacks bnep-protocol support
src/plugin.c:plugin_init() System does not support network plugin
Also it allows to disable btmon which should not be needed on
production systems and is ~800KB in size.
Expose those options but default to 'y' to no break existing
configurations.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for nut is added by the services/nut module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for ntp is added by the services/ntp module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for oracle-mysql is added by the services/mysql module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for mariadb is added by the services/mysql module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
From the release notes:
================================================================================
Redis 6.2.5 Released Wed Jul 21 16:32:19 IDT 2021
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues that affect
authenticated client connections on 32-bit versions. MODERATE otherwise.
Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
An integer overflow bug in Redis version 2.2 or newer can be exploited using the
BITFIELD command to corrupt the heap and potentially result with remote code
execution.
See https://github.com/redis/redis/blob/6.2.5/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for mpd is added by the services/mpd module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for monit is added by the services/monit module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for mongodb is added by the services/mongodb module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for modem-manager is added by the services/modemmanager module
in the SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for memcached is added by the services/memcached module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for lirc-tools is added by the services/lircd module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for openldap is added by the services/ldap module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for xl2tp is added by the services/l2tp module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for irqbalance is added by the services/irqbalance module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for iodine is added by the services/iodine module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for ifplugd is added by the services/ifplugd module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for gpsd is added by the services/gpsd module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for gpm is added by the services/gpm module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for git is added by the services/git module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for fetchmail is added by the services/fetchmail module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for fail2ban is added by the services/fail2ban module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for exim is added by the services/exim module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for drbd-utils is added by the services/drbd module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for dante is added by the services/dante module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for cvs is added by the services/cvs module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The open62541 tools directory is indeed 52 MiB, which built as a standalone package
named 'libopen62541-1-tools' in launchpad. Nothing is required at runtime.
See the official debian control file template:
https://raw.githubusercontent.com/open62541/open62541/master/debian/control-template
See https://launchpad.net/~open62541-team/+archive/ubuntu/ppa/+packages
libopen62541-1 Open source implementation of OPC UA - shared library
libopen62541-1-dev Open source implementation of OPC UA - development files
libopen62541-1-tools Open source implementation of OPC UA - tools
open62541-doc Open source implementation of OPC UA - documentation
Signed-off-by: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In case the setup.py file of a python package does not directly call the
'setup' method, utils/scanpypi was hoping there be a 'main' function which
would do the work, normally called via a construct like:
if __name__ == '__main__':
main()
However, this construct is nonstandard, and there are packages in PyPI which
call 'setup()' directly from the 'if' statement, without a main() method.
But scanpypi does not actually need to make such assumption: when loading
the module, it can decide the name to be '__main__', just as if setup.py
would be loaded interactively.
Additionally, remove some logic seemingly related to the previous trick of
calling 'main'. There should not be a problem in keeping already loaded
modules in sys.modules, as this is the purpose of sys.modules.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Even though the directory containing a package's setup.py was added to
sys.path, some setup.py implementations rely on the fact that it is placed
in sys.path[0].
An example package is 'cram' which failed to be added with scanpypi:
Traceback (most recent call last):
File "utils/scanpypi", line 756, in <module>
main()
File "utils/scanpypi", line 703, in main
package.load_setup()
File "utils/scanpypi", line 303, in load_setup
setup = imp.load_module('setup', s_file, s_path, s_desc)
File "/usr/lib/python3.8/imp.py", line 234, in load_module
return load_source(name, filename, file)
File "/usr/lib/python3.8/imp.py", line 171, in load_source
module = _load(spec)
File "<frozen importlib._bootstrap>", line 702, in _load
File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 783, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/tmp/scanpypi-2pzc5wb_/python-cram/cram-0.7/setup.py", line 44, in <module>
long_description=long_description(),
File "/tmp/scanpypi-2pzc5wb_/python-cram/cram-0.7/setup.py", line 20, in long_description
return open(os.path.join(sys.path[0], 'README.rst')).read()
FileNotFoundError: [Errno 2] No such file or directory: '.../buildroot/utils/README.rst'
The corresponding code from cram's setup.py is:
def long_description():
"""Get the long description from the README"""
return open(os.path.join(sys.path[0], 'README.rst')).read()
Indeed, the Python documentation says:
https://docs.python.org/3.8/library/sys.html#sys.path
"...
As initialized upon program startup, the first item of this list,
path[0], is the directory containing the script that was used to invoke
the Python interpreter.
..."
Fix this by inserting explicitly at index 0 instead of appending to
sys.path.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change clock_gettime option from yes/no style to disable/enable one
(still omitting the explicit disable to keep the configure logic
defaulting to yes in case no rdtsc is available)
- change to set all available configure options:
* '--enable-daemon': previous default
* '--disable-diagnostic': previous default
* '-disable-init': do not install init files as buildroot ships its
own sysv/systemd init files
* '--disable-nistest': disable tests, previous default
* '--disable-enttest': new option, disable tests
* '--disable-olt': previous default was yes, disable builtin test
* '--enable-tune': previous default
- add patch to fix uclibc compile (disable dependency on sys/auxv.h
introduced with upstream commit [1])
Changelog ([2]):
- made enttest configurable
- havegecmd.c - new command added to close the communication socket
[Werner Fink]
[1] 26d35af198
[2] https://github.com/jirka-h/haveged/releases/tag/v1.9.14
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- add patch for qv4regexp_p to include c++ limits include (instead of plain
c limit.h)
Fixes:
In file included from jsruntime/qv4regexp_p.h:62,
from jsruntime/qv4regexp.cpp:40:
../3rdparty/masm/yarr/Yarr.h:46:44: error: ‘numeric_limits’ is not a member of ‘std’
46 | static const unsigned offsetNoMatch = std::numeric_limits<unsigned>::max();
| ^~~~~~~~~~~~~~
../3rdparty/masm/yarr/Yarr.h:46:59: error: expected primary-expression before ‘unsigned’
46 | static const unsigned offsetNoMatch = std::numeric_limits<unsigned>::max();
| ^~~~~~~~
- add patch for qqmlprofilerevent_p to include c++ limits include
Fixes:
In file included from qqmlprofilertypedevent_p.h:43,
from qqmlprofilertypedevent.cpp:40:
qqmlprofilerevent_p.h: In member function ‘void QQmlProfilerEvent::assignNumbers(const Container&)’:
qqmlprofilerevent_p.h:314:65: error: ‘numeric_limits’ is not a member of ‘std’
314 | static_cast<quint16>(numbers.size()) : std::numeric_limits<quint16>::max();
| ^~~~~~~~~~~~~~
qqmlprofilerevent_p.h:314:87: error: expected primary-expression before ‘>’ token
314 | static_cast<quint16>(numbers.size()) : std::numeric_limits<quint16>::max();
| ^
qqmlprofilerevent_p.h:314:90: error: ‘::max’ has not been declared; did you mean ‘std::max’?
314 | static_cast<quint16>(numbers.size()) : std::numeric_limits<quint16>::max();
| ^~~
| std::max
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
host-flex is needed to avoid the following build failure since bump to
version 4.14.3 in commit 7df2611e9e due to
942c0d2128
Checking for flex
Checking for program 'flex' : not found
Embedded Heimdal build requires flex but it was not found. Install flex or use --with-system-mitkrb5 or --with-system-heimdalkrb5
Fixes:
- http://autobuild.buildroot.org/results/b9ed8be51a0eef77d6e48755861ae266c3b9f811
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
