Version 5.0.1 - 8/2/2022
- On very low speed transfers (<10Kbps) sessions would time out due to
a very large interpacket transmission interval. Fixed by putting a
lower limit on the advertised GRTT of of the interpacket transmission
interval.
- Sending of ABORT messages on early shutdown would sometimes fail due
to OpenSSL cleanup functions running before application cleanup.
Changed the ordering of atexit() handlers to ensure OpenSSL cleanup
happens last.
- Fixed missing timestamp update when clients read CONG_CTRL messages
- Fix to GRTT handling on server to ensure it doesn't fall below minumim.
- Fixed bypassed checking of existing files on client for backup
- Various logging fixes
https://sourceforge.net/projects/uftp-multicast/files/Changes.txt/download
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds Xilinx bootgen as a host package to buildroot.
bootgen is a required utility for generating a boot.bin for
Xilinx versal products.
In addition, for developers who wish to use secure boot with
Xilinx SoC products such as zynq and zynqmp, bootgen has a
more complete offering in secure boot features than the u-boot
mkimage utility.
https://github.com/Xilinx/bootgen
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Startig with glibc 2.34, the gconv modules description has been split in
two:
- a common definition in the old location, /usr/lib/gconv/gconv-modules
- specific definitions in a subdirectory, /usr/lib/gconv/gconv-modules.d/
This is done so as to simplify the handling of glibc gconv modules, and
eventually to segregate those outside of glibc, and so that third-parties
may also provide their own gconv converters and their definitions.
And starting with that same glibc version, most of the gconv modules
definitions are moved to an extra configuration file in that
sub-directory.
It is thus no longer possible to use special code pages, like cp850,
which are very useful to access FAT-formatted devices.
Add support for this new gconv layout, while keeping support for older
glibc versions. Note that the modules themselves are not moved or
renamed, just the definition files have changed.
Instead of passing the one old gonv modules definitions file on stdin,
we pass the base directory to that file, and move into the script the
responsibility to find all the gconv definition files.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When only a subset of the glibc gconv modules are installed, we need to
generate a trimmed-down list of available modules. We currently use gawk
for that.
However, we are not using any GNU extension in that awk script, and it
happens to work as expected when using mawk (which has no GNU
extension).
Commit 11c1076db9 (toolchain: add option to copy the gconv libraries)
did not explain why it used gawk explicitly, and given the age for that
commit, we doubt we'd be able to have the involved participants recall
anything from that period...
Besides, gawk is not a requirement for Buildroot.
Switch over to using plain awk.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
To generate the glibc locale data, we call into a recursive Makefile,
so as to generate locales in parallel. This is done as part of a
target-finalize hook.
However, that hook is registered after all packages have been parsed,
and as such, it maye be registered after hooks defined in packages.
Furthermore, the expansion of target-finalize hooks is done in a recipe,
so it is not easy to understand whether this generates a "simple" rule
or not.
As a consequence, despite the use of $(MAKE), make may not notice that
the command is a recursive call, and will decide to close the jobserver
file-descriptors, yielding warnings like:
make[2]: warning: jobserver unavailable: using -j1. Add '+' to
parent make rule.
This causes the lcoale data to not be generated in parallel, which is
initially all the fuss about using a sub-makefile...
So, do as suggested, and prepend the hook with a '+', so that it is
explicit to make that it should not close its jobserver fds.
Fixes: 6fbdf51596 (Makefile: Parallelize glibc locale generation)
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Gleb Mazovetskiy <glex.spb@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We use gpsd's upstream systemd service unit files, which define a
dependency on chronyd.service. And indeed, upstream chrony does
provide an example service unit file chronyd.service.
However, in Buildroot, we are not using chrony's upstream unit, we are
providing our own, much simplified as compared to upstream. We install
that unit file as chrony.service. Notice that subtle difference in the
name: upstream's is chronyd, with a trailing 'd', while ours just
chrony, without the trailing 'd'.
As a consequence, in a Buildroot-built system, gpsd does not wait for
after chrony is started, which causes all kind of mayhem when gpsd
actually needs to talk to chrony.
We have multiple options:
1. use chrony's upstream unit file;
2 rename the chrony service file as installed by Buildroot, to match
what chrony would actually do;
3. tweak gpsd's unit file to refer to chrony.service, not
chronyd.service;
4. leverage systemd's flexibility in how units are defined, and provide
a drop-in to complement gpsd's unit to also wait for chrony.service.
For 1. it is totally unknown why we do have our unit file to begin with,
rather than use upstream's. Since upstream's is much more complex than
ours, using it might have unforetold consequences.
Going with 2. seems the easiest at first sight, but then it would break
systems where users provide their own drop-ins for chrony, as they would
no longer match.
3. is relatively easy, but running sed is not entirely nice. Besides, it
semantically should be a post-install hook, rather than a systemd-init
command, but again that makes things a bit more ugly. Also, some people
may have their own gpsd.service in an overlay or whatever, which would
break our fixup.
Solution 4. is pretty straightforward, although it is not ideal either.
To be noted: some distributions, like Ubuntu 20.04 at least, do install
the chrony unit file as chrony.service, like Buildroot does. However,
there does not appear to be any fixup in gpsd for this discrepancy, as
their gpsd install still refers to chronyd.service. So that does not
help us decide what to do.
So, eventually, we decided to go with solution 4, which has the least
impact on the system, and keeps the status-quo for all other use-cases.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since gpsd-3.22, the systemd service files no longer contain hard-coded
paths to /usr/local/, but use @SBINDIR@ which is replaced appropriately
at build time, and contains the correct path.
Drop the legacy fixup now.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2022-40674: bundled libexpat was upgraded from 2.4.7 to 2.4.9 which
fixes a heap use-after-free vulnerability in function doContent
- gh-97616: a fix for a possible buffer overflow in list *= int
- gh-97612: a fix for possible shell injection in the example script
get-remote-certificate.py(this issue originally had a CVE assigned to it,
which its author withdrew)
- gh-96577: a fix for a potential buffer overrun in msilib
License hash changed due to links in license text being changed from
http to https:
96f8d3619d
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-40153
- CVE-2021-41072 which is a writing outside of destination exploit, has
been fixed.
- Drop patch (already in version)
- Set INSTALL_MANPAGES_DIR to an empty value to disable build and
install of man pages which were added with
25bce9a64chttps://github.com/plougher/squashfs-tools/releases/tag/4.5.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc 4.8 raised since bump to
version 2 in commit 026265bf7e and
dbbf0d4542:
In file included from alloc.c:25:0:
utils.h:204:48: error: expected ';', ',' or ')' before 'dest'
static inline void *sftp_memcpy(void *restrict dest, const void *restrict src,
^
Fixes:
- http://autobuild.buildroot.org/results/2795213c07c4a961cee0ae7a4e7cccb8bcd6f68e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch will solve the problem of the pmufw built by the
zynqmp-pmufw-builder where soft resets crash for the zcu106.
Details of the issue can be found here:
https://lore.kernel.org/buildroot/87ilqccu3k.fsf@dell.be.48ers.dk/
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch will solve the problem of the pmufw built by the
zynqmp-pmufw-builder where soft resets crash for the zcu102.
Details of the issue can be found here:
https://lore.kernel.org/buildroot/87ilqccu3k.fsf@dell.be.48ers.dk/
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The bump from 9.0p1 to 9.1p1 in commit
bb571dc3e8 forgot to update the hash of
the license file. The license file change (detailed below) does not
change the license terms of OpenSSH:
--- output/build/openssh-9.0p1/LICENCE 2022-04-06 02:47:48.000000000 +0200
+++ output/build/openssh-9.1p1/LICENCE 2022-10-03 16:51:42.000000000 +0200
@@ -231,6 +231,7 @@
Eric P. Allman
The Regents of the University of California
Constantin S. Svintsoff
+ Kungliga Tekniska Högskolan
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Fixes:
http://autobuild.buildroot.net/results/697cdcea128c3716c9ae81be6c97937ebd80a5da/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Disable new unsupported bluez5-codec-lc3 feature.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release of Docker Engine comes with some bug-fixes, and an updated version
of Docker Compose.
Builder
Fix an issue that could result in a panic during docker builder prune or
docker system prune moby/moby#44122.
Daemon
Fix a bug where using docker volume prune would remove volumes that were
still in use if the daemon was running with "live restore" and was restarted
moby/moby#44238.
Packaging
Update Docker Compose to v2.11.2.
https://github.com/moby/moby/releases/tag/v20.10.19
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release of Docker Engine comes with some bug-fixes, and an updated version
of Docker Compose.
Builder
Fix an issue that could result in a panic during docker builder prune or
docker system prune moby/moby#44122.
Daemon
Fix a bug where using docker volume prune would remove volumes that were
still in use if the daemon was running with "live restore" and was restarted
moby/moby#44238.
Packaging
Update Docker Compose to v2.11.2.
https://github.com/moby/moby/releases/tag/v20.10.19
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-41550: GNU oSIP v5.3.0 was discovered to contain an integer
overflow via the component osip_body_parse_header.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Corrected a reference count leak that occurs when the server builds
responses to leasequery packets. Thanks to VictorV of Cyber Kunlun
Lab for reporting the issue.
[Gitlab #253]
CVE: CVE-2022-2928
- Corrected a memory leak that occurs when unpacking a packet that has an
FQDN option (81) that contains a label with length greater than 63 bytes.
Thanks to VictorV of Cyber Kunlun Lab for reporting the issue.
[Gitlab #254]
CVE: CVE-2022-2929
https://kb.isc.org/docs/cve-2022-2928https://kb.isc.org/docs/cve-2022-2929https://ftp.isc.org/isc/dhcp/4.4.3-P1/dhcp-4.4.3-P1-RELNOTES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://github.com/signalwire/freeswitch/releases/tag/v1.10.8
Removed two patches which are included in upstream release,
renumbered remaining patch.
Removed libs/apr-util/LICENSE due to upstream removal of bundled
apr-util package.
Added fix to disable pcap detection, otherwise /usr/bin/pcap-config
can be picked-up which breaks building freeswitch.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Armada target does not provide platform level support for SSP.
Fixes link failure:
(.text.asm.update_stack_protector_canary+0x4): undefined reference to `plat_get_stack_protector_canary'
This error does not show up on CI jobs because SSP was effectively always
disabled until the previous commit.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit ccac9a5bbb ("boot/arm-trusted-firmware: don't force
ENABLE_STACK_PROTECTOR") fixed a build failure but also effectively
disabled SSP entirely for ATF. This is because ENABLE_STACK_PROTECTOR is
set to 0 unconditionally in make_helpers/defaults.mk, overwriting any
environment set value. So we must pass ENABLE_STACK_PROTECTOR in
MAKE_OPTS for it to be effective. But to avoid said build failure we
can't pass ENABLE_STACK_PROTECTOR=0.
Only pass ENABLE_STACK_PROTECTOR when
BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP is enabled. Drop SSP_LEVEL value for
the !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP case which is now unused.
Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Make AGENT_PROXY_VERSION compliant with release-monitoring.org
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-pkgconf is needed since bump to version 1.16.1 in commit
c8ed72c15d and
3a651c615e:
checking for Check... ./configure: line 14123: syntax error near unexpected token `CHECK,'
./configure: line 14123: ` PKG_CHECK_MODULES(CHECK, check)'
Fixes:
- http://autobuild.buildroot.org/results/e1ff5ca46e83db2c722f782387dbb7402b8d459e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2022-26291: lrzip v0.641 was discovered to contain a multiple
concurrency use-after-free between the functions zpaq_decompress_buf()
and clear_rulist(). This vulnerability allows attackers to cause a
Denial of Service (DoS) via a crafted Irz file.
- Use official tarball and so drop autoreconf
https://github.com/ckolivas/lrzip/blob/v0.651/WHATS-NEW
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>