*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
https://downloads.apache.org/apr/Announcement-aprutil-1.x.htmlhttps://downloads.apache.org/apr/CHANGES-APR-UTIL-1.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4231054b05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4.9.x / 6.0.x is now EOL.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 36a8be4770)
[Peter: drop 6.1.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
zabbix uses custom --enable-{static,shared} options, instead of standard
libtool directives resulting in the following build failure with openssl
or libcurl:
configure:13132: /home/autobuild/autobuild/instance-6/output-1/host/bin/or1k-buildroot-linux-gnu-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Ofast -g0 -I/home/autobuild/autobuild/instance-6/output-1/host/or1k-buildroot-linux-gnu/sysroot/usr/include -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -rdynamic -static -L/home/autobuild/autobuild/instance-6/output-1/host/or1k-buildroot-linux-gnu/sysroot/usr/lib conftest.c -lssl -lcrypto -lm >&5
/home/autobuild/autobuild/instance-6/output-1/host/lib/gcc/or1k-buildroot-linux-gnu/10.3.0/../../../../or1k-buildroot-linux-gnu/bin/ld: /home/autobuild/autobuild/instance-6/output-1/host/or1k-buildroot-linux-gnu/sysroot/usr/lib/libcrypto.a(dso_dlfcn.o): in function `dlfcn_globallookup':
dso_dlfcn.c:(.text+0x2c): warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/home/autobuild/autobuild/instance-6/output-1/host/lib/gcc/or1k-buildroot-linux-gnu/10.3.0/../../../../or1k-buildroot-linux-gnu/bin/ld: /home/autobuild/autobuild/instance-6/output-1/host/or1k-buildroot-linux-gnu/sysroot/usr/lib/libcrypto.a(b_addr.o): in function `BIO_lookup_ex':
b_addr.c:(.text+0x1128): warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/home/autobuild/autobuild/instance-6/output-1/host/lib/gcc/or1k-buildroot-linux-gnu/10.3.0/../../../../or1k-buildroot-linux-gnu/bin/ld: /home/autobuild/autobuild/instance-6/output-1/host/or1k-buildroot-linux-gnu/sysroot/usr/lib/libcrypto.a(b_sock.o): in function `BIO_gethostbyname':
b_sock.c:(.text+0x90): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/home/autobuild/autobuild/instance-6/output-1/host/lib/gcc/or1k-buildroot-linux-gnu/10.3.0/../../../../or1k-buildroot-linux-gnu/bin/ld: /tmp/cceWHjDi.o: in function `main':
conftest.c:(.text.startup+0x8): undefined reference to `SSL_connect'
[...]
configure: error: OpenSSL library libssl or libcrypto not found
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 895686180f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/12a/12a63ae177fe3ed0c9a1ef2fa01870f334f36b0f/
Currently, when the post-process helper fails while downloading from
upstream, there is no fallback to the backup mirror.
In case the post-process helper fails, we must consider that to be a
download failure, so we must bail out as if the download backend itself
did fail, but we fail to do so.
Duplicate the logic we have for the download helper: if the post-process
helper fails, remove the downloaded stuff, and continue on to the next
URI, which will ultimately hit the backup mirror (if one has been
configured).
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a39116b5db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/820/820e98b1c126469b1f180f078d102ded43b9c40e/
scripts/Makefile.am of mosh-1.4.0 needs the perl diagnostics module on the host:
make[3]: Entering directory '/home/buildroot/autobuild/instance-2/output-1/build/mosh-1.4.0/scripts'
perl -Mdiagnostics -c ./mosh.pl
Can't locate diagnostics.pm in @INC (you may need to install the diagnostics module) (@INC contains: /home/buildroot/autobuild/instance-2/output-1/host/lib/perl /usr/local/lib64/perl5/5.36 /usr/local/share/perl5/5.36 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5).
BEGIN failed--compilation aborted.
So add a check for it in dependencies.sh similar to the other perl modules.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5be2d9bb62)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We're not using next branch so let's rename label linux-next to linux.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d4b46bc3c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
During the last U-boot version bump it's not been noted that the TPL
was not prepended to SPL anymore preventing the board to boot, so
let's copy TPL to the image folder, prepend it to u-boot-spl-dtb.bin
and place it at offset 32KB, where RK3288 bootrom expects to find
it. Let's also place u-boot-dtb separated from SPL at offset 8M, where
the SPL expects it to find it.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e738d5b725)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Wpewebkit needs cmake >= 3.20 when building with the make backend since
wpewebkit 3.8.0.
Cmake 3.20 is above our minimal version in
support/dependencies/check-host-cmake.mk, so this breaks builds on hosts
with cmake >= 3.18 < 3.20 - So use the ninja backend instead.
6cd89696b5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 78d499409f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, with many security fixes, including (but not limited to)
patches for CVE-2023-23517, CVE-2023-23518, and CVE-2022-42826.
Release notes:
https://wpewebkit.org/release/wpewebkit-2.38.4.html
Accompanying security advisory:
https://wpewebkit.org/security/WSA-2023-0001.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 02ace135ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update to a new major release which brings in improvements and a few
new features. Release notes:
https://wpewebkit.org/release/wpewebkit-2.38.0.html
This release also includes security fixes for CVE-2022-32886,
CVE-2022-32891, and CVE-2022-32912. Accompanying security advisory:
https://wpewebkit.org/security/WSA-2022-0009.html
Both building documentation and support for gobject-introspection have
been added in this release. Version 2.38.0 also introduces a new WebRTC
implementation based on GstWebRTC. Options for them are explicitly left
disabled to keep the configuration as it was, and may be enabled in
follow-up patches. Lastly, the SILENCE_CROSS_COMPILATION_NOTICES option
removed because it no longer exists.
The patch that fixes the build on 32-bit ARM targets is also updated
for the 2.38 release series.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 917f05975f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Webkitgtk needs cmake >= 3.20 when building with the make backend since
webkitgtk 3.8.0.
Cmake 3.20 is above our minimal version in
support/dependencies/check-host-cmake.mk, so this breaks builds on hosts
with cmake >= 3.18 < 3.20 - So use the ninja backend instead.
6cd89696b5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 16e5c92ff5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, with many security fixes, including (but not limited to)
patches for CVE-2023-23517, CVE-2023-23518, and CVE-2022-42826.
Release notes:
https://webkitgtk.org/2023/02/02/webkitgtk2.38.4-released.html
Accompanying security advisory:
https://webkitgtk.org/security/WSA-2023-0001.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ca203080d1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update to a new major release which brings in improvements and a few
new features. Release notes:
https://webkitgtk.org/2022/09/16/webkitgtk2.38.0-released.html
This release also includes security fixes for CVE-2022-32886,
CVE-2022-32891, and CVE-2022-32912. Accompanying security advisory:
https://webkitgtk.org/security/WSA-2022-0009.html
The CMake option to build the documentation has been renamed from
ENABLE_GTK_DOC to ENABLE_DOCUMENTATION, therefore update the build
recipe accordingly. Option USE_LIBNOTIFY is no longer available, as
WebKit now uses the notification portal D-Bus API directly without
relying on libnotify. Lastly, version 2.38.0 introduces a new WebRTC
implementation based on GstWebRTC which is left disabled for now to
keep the existing status quo (WebRTC not available), and adding an
option to enable it can be done in a follow-up patch.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ce4b87be82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Frank Vanbever <frank.vanbever@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 416213be39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (for details see [1] and [2]):
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
[1] https://www.openssl.org/news/cl111.txt
[2] https://www.openssl.org/news/vulnerabilities.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 040896bd43)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In utils/brmake line 6:
local found ret start d h m mf
^---^ SC2034: found appears unused. Verify use (or export if used externally).
In utils/brmake line 16:
> >( while read line; do
^--^ SC2162: read without -r will mangle backslashes.
For both, the suggestions from shellcheck can be applied.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit dc364c6ae6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The go vendoring fails on CentOS 7 (which uses git 1.8.3.1) with errors
related to shallow clones:
make docker-compose-source
..
go: downloading github.com/matttproud/golang_protobuf_extensions v1.0.4
github.com/docker/compose/v2/pkg/mocks imports
github.com/theupdateframework/notary/client imports
github.com/docker/go/canonical/json: github.com/docker/go@v1.5.1-1.0.20160303222718-d30aec9fd63c: invalid pseudo-version: git fetch --unshallow -f origin in /home/jacmet/source/buildroot-mirror/output/host/share/go-path/pkg/mod/cache/vcs/48fbd2dfabec81f4c93170677bfc89087d4bec07a2d08f6ca5ce3d17962677ee: exit status 128:
fatal: git fetch-pack: expected shallow list
make[1]: *** [/home/jacmet/source/buildroot-mirror/output/build/docker-compose-2.15.1/.stamp_downloaded] Error 1
It works with git 2.0.0 (released May 2014, included in Debian 8), so check
for >= 2.0.0 with logic similar to the GNU patch version check.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f229564c36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The vendoring done for cargo / go packages (may) need git, so ensure we
check for it in dependencies, similar to how it is done for packages
directly using git.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8c8ee42bbe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit bed21bb9b added a patch to change configure.ac but failed to
update configure which caused build failures due to the timestamp
difference between configure and configure.ac and the makefile attempting
to run aclocal.
XZ_AUTORECONF = YES creates a circular dependency where the host autotools
need host-xz which also gets patched. Because of this, we need to patch
xz's configure script manually and NOT patch configure.ac so its timestamp
stays older than Makefile.in.
While we're doing this, correct the language in the commit body of the
patch, remove a stray whitespace, and fix the offset for configure.ac
Fixes: bed21bb9b ("package/xz: fix microblaze compiles")
Fixes: http://autobuild.buildroot.net/results/958/9586f21e447ef9923606b1385ff333138406b685/
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
[Peter: Only patch configure]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e5a83df8da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch xz to check if __attribute__((symver ..)) is supported via a
compile check during configure.
Fixes:
http://autobuild.buildroot.org/results/c0d/c0de72e5a34b379e0c516ad08984bb2c4b0abb5c//
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bed21bb9b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
wolfssl contains some assembly code and its configure.ac script
enables the assembly code depending on the CPU architecture. However,
the detection logic is not sufficient and leads to using the assembly
code in situation where it should not.
Here are two examples:
- As soon as the architecture is mips64/mips64el, it uses assembly
code, but that assembly code is not mips64r6 compatible.
- As soon as the architecture is RISC-V, it uses assembly code, but
that assembly code uses multiplication instructions, without paying
attention that the "M" extension may not be available in the RISC-V
CPU instruction set.
In order to avoid this, we introduce a
BR2_PACKAGE_WOLFSSL_ASM_SUPPORTS hidden boolean to decide when to
enable/disable assembly code. We set an initial value with the
supported CPU architectures, with the exclusion of the problematic
cases described above.
It is pretty likely that this variable will need tuning progressively,
as it is difficult to determine which CPU variants exactly are
supported by the assembly code in wolfssl.
Fixes:
- MIPS64 case: http://autobuild.buildroot.net/results/43e/43ee1a457cbeb986d958c9a70cac0676377661c0/
- RISC-V case: http://autobuild.buildroot.net/results/f05/f056ebe7749a69994afba39a9d4967e2774c45ea/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d8dc5315eb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default on ARM32, wolfssl uses assembly instructions that are not
supported on Thumb (original Thumb, not Thumb 2), causing a build
failure:
/tmp/ccgn33X7.s:299: Error: selected processor does not support `umlal r4,r5,r10,ip' in Thumb mode
/tmp/ccgn33X7.s:386: Error: instruction not supported in Thumb16 mode -- `adds r4,r4,r6'
/tmp/ccgn33X7.s:387: Error: unshifted register required -- `adc r3,r3,#0'
/tmp/ccgn33X7.s:395: Error: instruction not supported in Thumb16 mode -- `adds r4,r4,r6'
Fix that by passing --with-arm-target=thumb, which tells wolfssl to
use a different set of assembly routines.
Fixes:
http://autobuild.buildroot.net/results/907/907a5967439c3157c426023b0be1e613092d7bfe/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f79a9c775f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
wolfSSL has ARMv8-A assembly implementations of some functions for
both A64 and A32 ISAs. However, some of the A32 versions use r11,
which is usually not allowed:
wolfcrypt/src/port/arm/armv8-aes.c: In function 'wc_AesCbcEncrypt':
wolfcrypt/src/port/arm/armv8-aes.c:3303:5: error: fp cannot be used in 'asm' here
3303 | }
| ^
That can be fixed by adding the compiler flag -fomit-frame-pointer,
but then there is another failure:
/tmp/ccV19DQV.s: Assembler messages:
/tmp/ccV19DQV.s:248: Error: first transfer register must be even -- `ldrd r11,r10,[r14,#4*14]'
make[3]: *** [Makefile:5858: wolfcrypt/src/port/arm/src_libwolfssl_la-armv8-chacha.lo] Error 1
This is definitely not a valid instruction in A32, which suggests that
this code isn't being tested at all upstream. So disable it here.
Fixes:
http://autobuild.buildroot.net/results/502/502a2b217845eb290c1961d4740b032462f8ae53/
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 36b8c9494b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The gcc plugin test was not using the -q option to grep causing it to print
the line to stdout, so fix that.
While we're at it, adjust the locale check to use grep -q instead of
redirecting to /dev/null for consistency with the other checks.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4fbd2f6d2c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the version bump of sudo to v1.9.11p2 in commit 9b7f8da96b, the
sed magic in SUDO_ENABLE_SUDO_GROUP_RULE no longer does its job, due
to a slight change in the example sudoers file provided by upstream
sudo.
This commit fixes the regexp to match the new sudoers file.
Fixes bug #14891 (https://bugs.busybox.net/show_bug.cgi?id=14891)
Reported-by: Matthias Hardt <mhardt@berlinux-solutions.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 079fccdee5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On host without jq installed, test-pkg's output is as following:
$ ./utils/test-pkg -p mmc-utils
bootlin-armv5-uclibc [1/6]: which: no jq in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/lib/llvm/14/bin:/usr/lib/llvm/13/bin:/usr/lib64/opencascade/bin)
JQ IS
OK
bootlin-armv7-glibc [2/6]: which: no jq in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/lib/llvm/14/bin:/usr/lib/llvm/13/bin:/usr/lib64/opencascade/bin)
JQ IS
OK
bootlin-armv7m-uclibc [3/6]: which: no jq in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/lib/llvm/14/bin:/usr/lib/llvm/13/bin:/usr/lib64/opencascade/bin)
...
Since test-pkg handles this case we can hide this error message and have
proper output:
$ ./utils/test-pkg -p mmc-utils
bootlin-armv5-uclibc [1/6]: OK
bootlin-armv7-glibc [2/6]: OK
bootlin-armv7m-uclibc [3/6]: OK
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 09ac5a9e18)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configuration checks should only be done when building so that
make allyespackageconfig && make source works.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7231701a29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configuration checks should only be done when building so that
make allyespackageconfig && make source works.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 509956da4c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
http://www.asterisk.org/downloads/dahdi no longer works, use the
Github page instead.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e06975b380)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 4cdd99190e (support/dependencies/dependencies.sh: require open perl
package for libxcrypt) added a check for the "open" perl module for
libxcrypt, but it does not work as "open" cannot be directly used with
"require" as an argument is needed:
perl -e "require open"
Not enough arguments for open at -e line 1, at EOF
Execution of -e aborted due to compilation errors.
So special case the check to instead check with "use open ':std'".
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b63e155e5f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/16c/16cba783be11cc5024f9c56bb0a7abb0acf13ef8/
The configure script of libxcrypt needs the open perl module on the host:
Can't locate open.pm in @INC (you may need to install the open module) (@INC
contains: /home/buildroot/autobuild/instance-2/output-1/host/lib/perl
/usr/local/lib64/perl5/5.36 /usr/local/share/perl5/5.36
/usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5
/usr/share/perl5) at ./build-aux/scripts/expand-selected-hashes line 20.
So add a check for it in dependencies.sh similar to how it is done for mpv.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4cdd99190e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes http://autobuild.buildroot.net/results/166/1667b4ebd8e16e7d8b47bc3ca128a76daf27b4d9/
The configure script of host-libxml-parser-perl needs the English perl
module on the host:
ERROR from evaluation of
/home/buildroot/autobuild/instance-1/output-1/build/host-libxml-parser-perl-2.46/Expat/Makefile.PL:
Can't locate English.pm in @INC (you may need to install the English module)
(@INC contains:
/home/buildroot/autobuild/instance-1/output-1/build/host-libxml-parser-perl-2.46/inc
/home/buildroot/autobuild/instance-1/output-1/host/lib/perl
/usr/local/lib64/perl5/5.36 /usr/local/share/perl5/5.36
/usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5
/usr/share/perl5 .) at ./Makefile.PL line 3.
So add a check for it in dependencies.sh similar to the existing check for
ExtUtils::MakeMaker.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8f8085e63a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Qt5 only supports openssl, check [0] and [1]. So in qt5base.mk let's check
if BR2_PACKAGE_LIBOPENSSL is enabled instead of BR2_PACKAGE_OPENSSL(that
could be openssl or libressl) and for qt5enginio and qt5webkit let's select
BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL instead of only BR2_PACKAGE_OPENSSL.
This way we make sure that only openssl is selected and not libressl or
other future openssl-like implementations.
Fixes:
http://autobuild.buildroot.net/results/a956b48b782dbaa055d7146360465e2493a809d9/
[0]: https://doc.qt.io/qt-5/ssl.html#enabling-and-disabling-ssl-support
[1]: https://bugreports.qt.io/browse/QTBUG-68374
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a94d39d693)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/5d1/5d10f4f545dccf126e3f5b5efce777a393c5e7bc/http://autobuild.buildroot.net/results/7c2/7c2df31c6eb34b68e460e092d8c262bdc6c8f25a/
The configure script of (host-)libopenssl needs the FindBin perl module on the host:
Can't locate FindBin.pm in @INC (you may need to install the FindBin module)
(@INC contains: /home/buildroot/autobuild/instance-2/output-1/host/lib/perl
/usr/local/lib64/perl5/5.36 /usr/local/share/perl5/5.36
/usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5
/usr/share/perl5) at ./Configure line 15. BEGIN failed--compilation aborted
at ./Configure line 15.
As this is needed for both libopenssl and host-libopenssl (which does not
have a corresponding config symbol in the .config), we have to require it
unconditionally.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5aab8c59d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "6a7a652b14 package/sunxi-mali-utgard: rename from
sunxi-mali-mainline" tried to add legacy handling but the new symbols
are part of a choice, and Kconfig does not enforce the select of a
option from a choice.
Update the legacy entry for 2022.02, following the example described in
the beginning of the file.
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit efc223abd4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "a610bf9967 package/openjdk{-bin}: bump version to 17.0.1+12"
tried to add legacy handling but the new symbols are part of a choice,
and Kconfig does not enforce the select of a option from a choice.
Update the legacy entry for 2021.11, following the example described in
the beginning of the file.
Cc: Tudor Holton <buildroot@tudorholton.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a97a4a74aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "c38b5566fe package/ti-sgx-{km, um, demos}: bump to latest TI
version", added in release 2020.02, removed some options that were
previously renamed in release 2018.05.
Update the legacy entry for 2018.05 and add the corresponding legacy
entries for 2020.02.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b2661fe639)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "297613f1c7 package/lua: remove 5.2.x version" tried to add
legacy handling but the new symbols are part of a choice, and Kconfig
does not enforce the select of a option from a choice.
Update the legacy entry for 2019.02, following the example described in
the beginning of the file.
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f461543d9c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "50332a530b gcc: rename option for ARC gcc" tried to add legacy
handling but the new symbol is part of a choice, and Kconfig does not
enforce the select of a option from a choice.
Update the legacy entry for 2016.11, following the example described in
the beginning of the file.
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eb8f38891b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "b1063a0136 package/openpowerlink: bump to v2.2.2" tried to add
legacy handling but the new symbols are part of a choice, and Kconfig
does not enforce the select of a option from a choice.
Update the legacy entry for 2016.02, following the example described in
the beginning of the file.
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e1e4f39507)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package host-linux-headers does not exist and there were never
references to this symbol in the tree, do drop it.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 367bd65f3c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "bf3626002f system cfg: remove mkpasswd MD5 format option", from
release 2019.02, moved the symbol to legacy handling, but the symbol is
still referenced.
Remove the reference to it.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 032cfbc716)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
