This new version fixes, amongst many other things, CVE-2020-8231
(https://curl.haxx.se/docs/CVE-2020-8231.html). See the full changelog
on https://curl.haxx.se/changes.html#7_72_0 .
Also drop the 4 patches, that have all been released upstream.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openfpgaloader is written in C++, so the dependency on C++ is not
inherited from libftdipp1.
Drop the confusing comment.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
hash extension can't be disabled since version 7.4.0 and
bf34442581
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
--with-libxml-dir has been dropped since version 7.4.0 and
29d1b7fd52
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
FFI support in php has been added with commit
e16f05c0f0, it depends on dynamic library
otherwise the build will fail on:
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/5.5.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ext/ffi/ffi.o: in function `zim_FFI_cdef':
ffi.c:(.text+0xe78): undefined reference to `DL_LOAD'
Fixes:
- http://autobuild.buildroot.org/results/3380b7b6777d1c5fcb53c855b003466fa3bf2079
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2020-14367: Insecure writing of pidfile
-------------------------------------------
When chronyd is configured to save the pidfile in a directory where the
chrony user has write permissions (e.g. /var/run/chrony - the default
since chrony-3.4), an attacker that compromised the chrony user account
could create a symbolic link at the location of the pidfile to make
chronyd starting with root privileges follow the symlink and write its
process ID to a file for which the chrony user doesn't have write
permissions, causing a denial of service, or data loss.
This issue was reported by Matthias Gerstner of SUSE.
For further details, see the oss-security posting:
https://www.openwall.com/lists/oss-security/2020/08/21/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
python-numpy is an optional dependency since
545c1a1d3a
This dependency will raise the following build failure if python-numpy
is found on the host:
aarch64_be-linux-gnu-g++: ERROR: unsafe header/library path used in cross-compilation: '-I/usr/lib/python3/dist-packages/numpy/core/include'
because mjpg-streamer uses the python executable to retrieve the include
directory:
-- Found PythonLibs: /home/peko/autobuild/instance-0/output-1/host/aarch64_be-buildroot-linux-gnu/sysroot/usr/lib/libpython3.8.so (found version "3.8.5")
-- Found PythonInterp: /usr/bin/python3.5 (found version "3.5.3")
-- Found NUMPY: /usr/lib/python3/dist-packages/numpy/core/include
So disable python filter as well as cpp example while at it
Fixes:
- http://autobuild.buildroot.org/results/e6795fa8ed5d8514b3e10ea1135afb31eab22b7e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
nls is enabled by default in meson_options.txt (which is available since
version 1.22.0). NLS was explicitly disabled for host-efl in commit
6deaa3d50d but nothing was done for the
target resulting in the following build failure:
../src/lib/elementary/elm_priv.h:189:25: warning: implicit declaration of function '_elm_dgettext'; did you mean 'dgettext'? [-Wimplicit-function-declaration]
# define E_(string) _elm_dgettext(string)
^~~~~~~~~~~~~
/nvme/rc-buildroot-test/scripts/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/8.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: src/lib/elementary/libelementary.so.1.24.3.p/elc_hoversel.c.o: in function `_access_state_cb':
elc_hoversel.c:(.text+0x1210): undefined reference to `_elm_dgettext'
So enable nls dependening on BR2_SYSTEM_ENABLE_NLS and add
TARGET_NLS_DEPENDENCIES to EFL_DEPENDENCIES
Fixes:
- http://autobuild.buildroot.org/results/5985b39b87c5c392b4f9b65c12008ec7b3a143fe
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Disable introspection as it raises a build failure with autotools.
It could be enabled after bumping to upcoming 1.18.x and switching to
messon. We can't switch now as version 1.16.2 don't allow to disable
examples/tools through meson
Fixes:
- http://autobuild.buildroot.org/results/36eb875fba2847b32df05f31d8f8ca9f0ecde36f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is no target elixir package, so setting a value to
ELIXIR_DEPENDENCIES has no effect, HOST_ELIXIR_DEPENDENCIES must be
used instead.
Fixes:
http://autobuild.buildroot.net/results/a3a37eb724ca5689f8e83c9b2af04d07afa80315/
Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This new runtime test is based on test_dropbear.py. The only required change
is to use "-oStrictHostKeyChecking=no" instead of "-y" to accept the new key.
Since the base test infra only provide a uClibc-ng toolchain, add a second
test using a glibc based internal toolchain.
For example, this allow to trigger the openssh 8.1p bug with glibc 2.31 [1].
[1] https://bugs.archlinux.org/task/65386
Signed-off-by: Romain Naour <romain.naour@smile.fr>
yann.morin.1998@free.fr:
- deduplicate the whole test
- don't provide any NIC, we only need and use lo
- simplify post-build script (append with cat, don't munge with sed)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
zziplib is an optional dependency since version 0.15.0 and
e216e01ab3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libmodplug is an optional dependency since version 0.15.0 and
d838a1ad24
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libsidplay2 is an optional dependency since version 0.15.0 and
1136f6fb7a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes:
https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html
Fixes the following CVEs:
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The src/v3.cpp source file, used as a license file, has seen a few
modifications (hence the change of hash) but none of these changes are
related to licensing.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
alphasort and uint used to be guarded behind various test-macros
definitions, which are not default on ancient toolchains (glibc-2.18
era for example).
Fixes:
- http://autobuild.buildroot.org/results/41fde4aa06f7c025bb05aa594716643b9010358f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: issue is with glibc, not gcc]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In order to not have to define all architecture bitness variants in
src/LibSupport.h to conditionally define RADIX_BITS, a patch was created
to depend on LONG_BIT being defined via limits.h
For glibc, LONG_BIT is behind a _XOPEN_SOURCE define guard so patch the
makefile to define this macro as well as _DEFAULT_SOURCE.
Defining _XOPEN_SOURCE requires _DEFAULT_SOURCE to be explicitly defined
for builds to succeed as it is no longer impliclty defined when
_XOPEN_SOURCE is defined.
Fixes:
http://autobuild.buildroot.net/results/bc145dd23c80a0660300766d0c114a00ed2e52b6/http://autobuild.buildroot.net/results/1d84e70c30d4d0719274aa4f3edc01772beb24a3/
Fixes: 19bd089004 ("package/ibm-sw-tpm2: fix patch to address musl builds")
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix a bunch of CVEs: CVE-2020-16287, CVE-2020-16288, CVE-2020-16289,
CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293,
CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297,
CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301,
CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305
CVE-2020-16308, CVE-2020-16309, CVE-2020-17538
PKGCONFIG must be passed since version 9.51 and
2d84ecc578
Also drop patch (already in version) and update indentation in hash file
(two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
