Drop patch which has been merged into mainline.
LICENSING file identifies individual files in the tree, and some have
moved between 4.4.17 and 4.4.18 (upstream commit 3436c6a94b8d).
Fix two -spaces in hash file as well.
Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
[yann.morin.1998@free.fr:
- explain license hash change
- two-spaces in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As of readline 8.1, "bracketed paste" is enabled by default. However,
the feature causes control characters to appear in captured (telnet)
session output. This can throw off pattern matching if the output is to
be processed by scripts.
Let's keep the previous default of leaving this feature disabled and
provide a configuration option for users to enable it.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
[yann.morin.1998@free.fr:
- explicit enable/disable
- no indentation in conditional block
- rewrap help text
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
tests/fp/fp-bench.c use fenv.h that is not always provided
by the libc (uClibc).
To workaround this issue, add an new meson option to
disable tests while building Qemu.
Fixes:
http://autobuild.buildroot.net/results/53f5d8baa994d599b9da013ee643b82353366ec3/build-end.log
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
Affected Node.js versions are vulnerable to denial of service attacks when
too many connection attempts with an 'unknownProtocol' are established.
This leads to a leak of file descriptors. If a file descriptor limit is
configured on the system, then the server is unable to accept new
connections and prevent the process also from opening, e.g. a file. If no
file descriptor limit is configured, then this lead to an excessive memory
usage and cause the system to run out of memory.
CVE-2021-22884: DNS rebinding in --inspect
Affected Node.js versions are vulnerable to denial of service attacks when
the whitelist includes “localhost6”. When “localhost6” is not present in
/etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e.,
over network. If the attacker controls the victim's DNS server or can spoof
its responses, the DNS rebinding protection can be bypassed by using the
“localhost6” domain. As long as the attacker uses the “localhost6” domain,
they can still apply the attack described in CVE-2018-7160.
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update COPYING hash; copyright year update:
-_Copyright (C) 1998-2020 Michal Trojnara_
+_Copyright (C) 1998-2021 Michal Trojnara_
See full changelog https://www.stunnel.org/NEWS.html
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-23336: urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a
query args separator
https://bugs.python.org/issue42967
And fixes a number of issues. For details, see the changelog:
https://docs.python.org/release/3.9.2/whatsnew/changelog.html
Drop the now upstreamed security patch and update the license hash for a
change of copyright year:
-2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Python Software Foundation;
+2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Python Software Foundation;
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Along with the version bump the following changes were
needed to get the package built:
- since 1.1.1 PyUSB supports only Python3
- change download file name to lowercase
- the package now requires setuptools and setuptools_scm
- change LICENSE checksum as the copyright year changed to 2021
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To support building in (a subset of) the linux-firmware files into the
kernel using the CONFIG_EXTRA_FIRMWARE option, we need to ensure that the
firmware files are installed before the Linux kernel is built, similar to
how it is done for intel-microcode.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some drivers request their firmware very early when built into the kernel,
even before the initramfs is mounted - So the only way to provide firmware
for those drivers is to include them directly in the kernel with the
CONFIG_EXTRA_FIRMWARE option.
An example of this is the uC firmware for modern Intel GPUs.
Conceptually you can point CONFIG_EXTRA_FIRMWARE to
${TARGET_DIR}/lib/firmware, but then you cannot remove the firmware from the
initramfs and pay the size cost twice (inside the kernel + in initramfs), so
instead also install linux-firmware to the images dir, similar to how we do
it for intel-microcode.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The logic we have for the installation of the firmware files is, to say
the least, non conventional. It is split in two parts:
- one that copies files via an intermediate tarball: the tarball
creation is used to detect if firmware files are missing (i.e. on
a version bump) and fail the build if so, while the tarball
extraction is the actual firmware installation;
- one that copies directories one by one in a loop, removing the
destination before the copy, to maintain a proper layout.
Needless to say, this is not very clean. First, there is no reason why
the directories can not be copied with the same mechanism as the files
themselves; not sure what I had in mind with b55bd5a9e25e...
Second, we're soon going to need the same installation step to copy the
firmware files in the images/ directory, to ease embedding in the kernel
image.
Rationalise this installation procedure.
Cherry-picking files and directories with cp, while still maintaining
the directory layout, is not trivial; rsync is not one of our
pre-requisites. So we're left with tar, which makes it easy. So we keep
using an intermediate tarball, but we use it for both files and
directories, and we generate it at build time, not install time.
That archive is then extracted during the installation.
Now the installation complexity is mostly located in the creation of the
symlinks, so we merge all of that directly into the _INSTALL_TARGET_CMDS
and drop the intermediate macros that have no longer any reason to exist.
This will also make it pretty simple to later install in the images/
directory.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes: https://golang.org/doc/go1.16
The latest Go release, version 1.16, arrives six months after Go 1.15. Most of
its changes are in the implementation of the toolchain, runtime, and libraries.
The linker changes in 1.16 extend the 1.15 improvements to all supported
architecture/OS combinations (the 1.15 performance improvements were primarily
focused on ELF-based OSes and amd64 architectures). For a representative set of
large Go programs, linking is 20-25% faster than 1.15 and requires 5-15% less
memory on average for linux/amd64, with larger improvements for other
architectures and OSes. Most binaries are also smaller as a result of more
aggressive symbol pruning.
According to the release notes, Go 1.16 drops support for x87 mode
compilation (GO386=387). Support for non-SSE2 processors is now available
using soft float mode. Buildroot will automatically set GO386=softfloat on
non-SSE2 processors.
Signed-off-by: Christian Stewart <christian@paral.in>
v1 -> v2:
- added 386=softfloat handling re: Peter's review
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.15.8 (released 2021/02/04) includes fixes to the compiler, linker, runtime,
the go command, and the net/http package.
https://golang.org/doc/go1.15
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Micropython 1.4 brings many changes, see the release notes:
https://github.com/micropython/micropython/releases/tag/v1.14
Amongst these changes, Micropython can now produce reproducible
builds, using the standard SOURCE_DATE_EPOCH.
The LICENSE hash changed because the copyright year range was extended
to 2021.
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some download backends, like svn, will provide timestamps with a
sub-second precision, e.g.
$ svn info --show-item last-changed-date [...]
2021-02-19T20:22:34.889717Z
However, the PAX headers do not accept sub-second precision, leading to
failure to download from subversion:
tar: Time stamp is out of allowed range
tar: Exiting with failure status due to previous errors
make[1]: *** [package/pkg-generic.mk:148: [...]/build/subversion-1886712/.stamp_downloaded] Error 1
Fix that by massaging the timestamp to drop the sub-second part. We
do that in the generic helper, rather than the svn backend, so that
all callers to the generic helper benefit from this, as this is more
an internal details of the tarball limitations, than of the backends
themselves.
Reported-by: Roosen Henri <Henri.Roosen@ginzinger.com>
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
[yann.morin.1998@free.fr:
- add Henri as reporter
- move it out of the svn backend, and to the generic helper
- reword the commit log accordingly
- use an explicit time format rather than -Iseconds
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
- CVE-2020-8625: When tkey-gssapi-keytab or tkey-gssapi-credential was
configured, a specially crafted GSS-TSIG query could cause a buffer
overflow in the ISC implementation of SPNEGO (a protocol enabling
negotiation of the security mechanism to use for GSSAPI authentication).
This flaw could be exploited to crash named. Theoretically, it also
enabled remote code execution, but achieving the latter is very difficult
in real-world conditions
For details, see the advisory:
https://kb.isc.org/docs/cve-2020-8625
In addition, 9.11.26-27 fixed a number of issues, see the release notes for
details:
https://downloads.isc.org/isc/bind9/9.11.28/RELEASE-NOTES-bind-9.11.28.html
Drop now upstreamed patches, update the GPG key for the 2021-2022 variant
and update the COPYRIGHT hash for a change of year:
-Copyright (C) 1996-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2021 Internet Systems Consortium, Inc. ("ISC")
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit f45925a951 add the patch:
0003-libfakeroot.c-add-wrappers-for-new-glibc-2.33-symbol.patch
which allowed fakeroot to be compiled with GLIBC 2.33 or above.
However, this introduce a bug for building with a non-GLIBC based
toolchain as a GLIBC macro - __GLIBC_PREREQ - is used on the same line
as the detection of GLIBC.
Fix this by backporting the fix to this incorrect macro from upstream
commit:
8090dffdad
CC: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes: http://autobuild.buildroot.net/results/e9a058a8c98daf197cd9d7ac632e0cb5707d524f
Some sensitive compilers may raise a warning that turns into an error on this line.
Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
[yann.morin.1998@free.fr: backport the actual commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This release contains a number of bug fixes. There is added support
for the EDNS Padding option (RFC7830 and RFC8467), and the EDNS NSID
option (RFC 5001). Unbound control has added commands to enable and
disable rpz processing. Reply callbacks have a start time passed to
them that can be used to calculate time, these are callbacks for
response processing. With the option serve-original-ttl the TTL served
in responses is the original, not counted down, value, for when in
front of authority service.
https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.1
Signed-off-by: Stefan Ott <stefan@ott.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add patch to fix irqbalance/irqbalance-ui socket communication by
fixing uint64_t printf format usage.
Fixes:
$ irqbalance-ui
Invalid data sent. Unexpected token: (null)TYPE
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- do an actual backport as upstream applied the patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Manually specified version must start with letter 'v',
otherwise, the generated version macro will be zero
in the <build_dir>/src_generated/open62541/config.h file:
#define UA_OPEN62541_VER_MAJOR 0
#define UA_OPEN62541_VER_MINOR 0
#define UA_OPEN62541_VER_PATCH 0
Reference from the following link:
https://open62541.org/doc/current/building.html
Signed-off-by: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>