Drop 0003-memfd-fix-configure-test.patch applied upstream.
The 4.10.2 version brings a large number of fixes:
https://xenproject.org/downloads/xen-archives/xen-project-410-series/xen-4102.html
Including a number of security fixes:
XSA-260: x86: mishandling of debug exceptions (CVE-2018-8897)
XSA-261: x86 vHPET interrupt injection errors (CVE-2018-10982)
XSA-262: qemu may drive Xen into unbounded loop (CVE-2018-10981)
XSA-263: Speculative Store Bypass (CVE-2018-3639)
XSA-264: preemption checks bypassed in x86 PV MM handling (CVE-2018-12891)
XSA-265: x86: #DB exception safety check can be triggered by a guest
(CVE-2018-12893)
XSA-266: libxl fails to honour readonly flag on HVM emulated SCSI disks
(CVE-2018-12892)
XSA-267: Speculative register leakage from lazy FPU context switching
(CVE-2018-3665)
XSA-268: Use of v2 grant tables may cause crash on ARM (CVE-2018-15469)
XSA-269: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS
(CVE-2018-15468)
XSA-272: oxenstored does not apply quota-maxentity (CVE-2018-15470)
XSA-273: L1 Terminal Fault speculative side channel (CVE-2018-3620,
CVE-2018-3646)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 059d655f5c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2018-16151: The OID parser in the ASN.1 code in gmp allows any number of
random bytes after a valid OID.
CVE-2018-16152: The algorithmIdentifier parser in the ASN.1 code in gmp
doesn't enforce a NULL value for the optional parameter which is not used
with any PKCS#1 algorithm.
For more details, see the advisory:
https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5e04cdde19)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the release notes
(http://ftp.isc.org/isc/bind9/9.11.4-P2/RELEASE-NOTES-bind-9.11.4-P2.txt):
* There was a long-existing flaw in the documentation for ms-self,
krb5-self, ms-subdomain, and krb5-subdomain rules in update-policy
statements. Though the policies worked as intended, operators who
configured their servers according to the misleading documentation may
have thought zone updates were more restricted than they were; users of
these rule types are advised to review the documentation and correct
their configurations if necessary. New rule types matching the
previously documented behavior will be introduced in a future maintenance
release. [GL !708]
* named could crash during recursive processing of DNAME records when
deny-answer-aliases was in use. This flaw is disclosed in CVE-2018-5740.
[GL #387]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 63eb34fa12)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2018-16543: In Artifex Ghostscript before 9.24, gssetresolution and
gsgetresolution allow attackers to have an unspecified impact
- CVE-2018-17183: Artifex Ghostscript before 9.25 allowed a user-writable
error exception table, which could be used by remote attackers able to
supply crafted PostScript to potentially overwrite or replace error
handlers to inject code.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b054797eca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't display comment if BR2_USE_MMU is true
Moreover, move BR2_USE_MMU dependency at the top of dependency list
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0dbab1bb45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The woff2 dependency is used to support Web fonts in WOFF2 format.
This is a Web-facing feature that Web sites expect WebKit to support,
and it is recommended to be unconditionally enabled. While it is
possible to disable the feature at build time, upstream only recommends
doing so if the target system cannot provide a woff2 package.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 51b3fe094a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add the woff2 package to Builroot. This is needed by webkitgtk from
version 2.20.0 onwards. WebKitGTK+ used to bundle a copy of the library,
but it stopped doing so now that the upstream is has been making
releases.
[Peter: fix license hash]
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 70afd4afa7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This adds a local patch, also submitted upstream, which modifies
CMakeLists.txt to avoid the check for the unneeded C++ compiler.
Fixes:
- http://autobuild.buildroot.net/results/68e05c634e62ba4b6f6eb8dc95eeb16faa58fd60
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bfda8371d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add the brotli package to Buildroot. This is needed by woff2, which in
turn is needed by webkitgtk from version 2.20.0 onwards. WebKitGTK+ used
to bundle a copy of the library, but it stopped doing so now that the
upstream has started making releases.
[Peter: fix license hash]
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4f634160b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Use SPDX short identifier (Imlib2) instead of full name
- Add COPYING-PLAIN to license files
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e29fcc1480)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The old URL was not working for quite some time.
Signed-off-by: Marcel Patzlaff <m.patzlaff@pilz.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 43e7667fc8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mrouted part of igmpproxy is licensed under BSD-3-Clause so add this in
IGMPPROXY_LICENSE and add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c60c928614)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As specified in COPYING, examples are licensed under GPL-3.0+ and .x
files are licensed under BSD-2-Clause.
So update LIBNFS_LICENSE, add COPYING, LICENCE-BSD.txt and
LICENCE-GPL-3.txt to LIBNFS_LICENSE_FILES and add hash for all license
files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1b486d4fa3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently libxslt configure finds native /usr/bin/xml2-config.
Signed-off-by: Ferdinand van Aartsen <ferdinand@ombud.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f8f8ff3347)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cppcms contains embedded third party software so add
THIRD_PARTY_SOFTWARE.TXT to CPPCMS_LICENSE_FILES as well as the
additional licenses to CPPCMS_LICENSE.
Also add hash for COPYING.TXT and THIRD_PARTY_SOFTWARE.TXT
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c17310450b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 78dd830f15)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Allows scripting of URL checking to be simplier
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4bdb24c5d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The "For more information, see" is a bit useless, and not having the
URL alone on its own line prevents scripted URL checking.
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b7de9139e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9835025476)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b7490dbd31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8084c33b39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 49fff788d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The underlying problem is that $(foreach V,1 2 3,) does not evaluate to
an empty string. It evaluates to " ", three empty strings separated by
whitespace.
A construct of this format, with a giant list in the foreach, is part of
the printvars command. This means that "@:$(foreach ....)", which is
intended to expand to a null command, in fact expands to "@: "
with a great deal of whitespace. Make chooses to execute this command
with:
execve("/bin/sh", ["/bin/sh", "-c", ": "]
But with far more whitespace. So much that it can exceed shell command
line length limits.
This solution is to move the foreach to another step in the recipe. The
"@:" is retained as the first line so the recipe is not Empty, which
would cause a change in make behavior when make builds the target. The
2nd line, all whitespace, will be skipped by make.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b8d0aadc6d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Nine years ago we added autoreconf to fix libtool-related problems
with the matchbox package:
https://git.buildroot.net/buildroot/commit/?id=51ef5b81224c243aa7f937c4690b1a120c81ccbc
After building this defconfig with autoreconf removed from this package
BR2_x86_64=y
BR2_x86_core_avx2=y
BR2_TOOLCHAIN_BUILDROOT_LOCALE=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PACKAGE_XORG7=y
BR2_PACKAGE_XLIB_LIBXFONT=y
BR2_PACKAGE_MATCHBOX=y
BR2_PACKAGE_MATCHBOX_SM=y
BR2_PACKAGE_MATCHBOX_COMMON=y
BR2_PACKAGE_MATCHBOX_COMMON_PDA=y
BR2_PACKAGE_MATCHBOX_DESKTOP=y
BR2_PACKAGE_MATCHBOX_KEYBOARD=y
BR2_PACKAGE_MATCHBOX_PANEL=y
BR2_PACKAGE_MATCHBOX_STARTUP_MONITOR=y
it is obvious that the problem which existed nine years ago seems to be
gone, therefore we remove autoreconf from this package because there is
no need for it anymore.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3ae61eac51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Nine years ago we added autoreconf to fix libtool-related problems
with the matchbox package:
https://git.buildroot.net/buildroot/commit/?id=51ef5b81224c243aa7f937c4690b1a120c81ccbc
Autoreconf for this package needs the xutil_util-macros but after
building this defconfig with autoreconf removed from this package
BR2_x86_64=y
BR2_x86_core_avx2=y
BR2_TOOLCHAIN_BUILDROOT_LOCALE=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PACKAGE_XORG7=y
BR2_PACKAGE_XLIB_LIBXFONT=y
BR2_PACKAGE_MATCHBOX=y
BR2_PACKAGE_MATCHBOX_SM=y
BR2_PACKAGE_MATCHBOX_COMMON=y
BR2_PACKAGE_MATCHBOX_COMMON_PDA=y
BR2_PACKAGE_MATCHBOX_DESKTOP=y
BR2_PACKAGE_MATCHBOX_KEYBOARD=y
BR2_PACKAGE_MATCHBOX_PANEL=y
BR2_PACKAGE_MATCHBOX_STARTUP_MONITOR=y
it is obvious that the problem which existed nine years ago seems to be
gone. So instead of fixing autoreconf we remove it from this package
because there is no need for it anymore.
Fixes
http://autobuild.buildroot.net/results/30c/30cf5cc139f9f6a9dc070953270f74e18b9310d4/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 534706e260)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current download location fails, and Buildroot falls back to
sources.b.o:
--2018-08-20 23:41:39-- https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz
Resolving red.libssh.org (red.libssh.org)... 78.46.80.163
Connecting to red.libssh.org (red.libssh.org)|78.46.80.163|:443... connected.
The certificate's owner does not match hostname ‘red.libssh.org’
--2018-08-20 23:41:39-- http://sources.buildroot.net/libssh/libssh-0.7.5.tar.xz
Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.211.19, 104.25.210.19, 2400:cb00:2048:1::6819:d313, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.211.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-xz]
This commit fixes the download location:
--2018-08-20 23:43:04-- https://www.libssh.org/files/0.7/libssh-0.7.5.tar.xz
Resolving www.libssh.org (www.libssh.org)... 87.98.168.187, 2001:41d0:2:f80c::4
Connecting to www.libssh.org (www.libssh.org)|87.98.168.187|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-tar]
This patch is extracted from a contribution from Bernd Kuhls who was
also bumping the package at the same time
(http://patchwork.ozlabs.org/patch/959192/).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ac26da5275)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the function add_one_group is called on an existing group,
make sure the members of this group are not removed in the process of
deleting then re-adding the group.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Thomas: add curly braces when referencing ${members}, as suggested by
Yann.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 497f7134fc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It's preferable to use "shutdown -hP now" to ensure that the runlevel is
known, preventing this message on the system console and log:
WARNING: could not determine runlevel - doing soft poweroff
(it's better to use shutdown instead of poweroff from the command line)
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ab842ce21d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e047dee241 adds an upstream patch
to fix a build issue with soxr. The patch also adds detecting soxr
using pkg-config. Upstream detected an config issue [1], where the
resulting binary lacks soxr support, although libsoxr was correctly
detected.
This patch adds a define for `HAVE_LIBSOXR` when using pkg-config.
Backported from: cd6a99a7cfde1c5e1c1cc74ee6a77041bb4012d9
[1] https://github.com/mikebrady/shairport-sync/issues/740
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ac4bca24ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
