Fixes the following security issues:
- bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with
additional text after the address and only quad-dotted notation without
trailing whitespaces. Some inet_aton() implementations ignore whitespace
and all data after whitespace, e.g. ‘127.0.0.1 whatever’.
- bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file://
and local_file:// URL schemes in URLopener().open() and
URLopener().retrieve() of urllib.request.
- bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded
whitespace or control characters through into the underlying http client
request. Such potentially malicious header injection URLs now cause an
http.client.InvalidURL exception to be raised.
- bpo-33529: Prevent fold function used in email header encoding from
entering infinite loop when there are too many non-ASCII characters in a
header.
- bpo-35755: shutil.which() now uses os.confstr("CS_PATH") if available and
if the PATH environment variable is not set. Remove also the current
directory from posixpath.defpath. On Unix, shutil.which() and the
subprocess module no longer search the executable in the current directory
if the PATH environment variable is not set.
Also remove the following upstreamed patches:
- 0033-bpo-36742-Fixes-handling-of-pre-normalization-charac.patch
- 0034-bpo-36742-Corrects-fix-to-handle-decomposition-in-us.patch
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump U-Boot to 2019.07 and kernel to version 5.1.16.
Also
- adjust the U-Boot binary name after DM conversion.
- add missing notes about DFU
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Tested-by: Joris Offouga <offougajoris@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
[Arnout:
- calculate level by counting - instead of with a static array;
- new_package is only used locally, so don't make it a class member;
- do indentation according to length of prefix;
- don't split string in the middle of a line;
- report first wrong package per menu;
- do replace() only once;
- add comment why we do replace().
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
openrisc support has been added with gcc 9.1.
Keep for now the old gcc 5 fork for ork1.
https://gcc.gnu.org/gcc-9/changes.html
Tested using qemu_or1k_defconfig.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
... and not an armv8.3a like previously supposed:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=886d991373e4dc5a746d0a33de64f1b36e61eed9
So, change the correspoding labels and comments.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In gcc-9, some cores from the ThunderX familly have been renamed to
their marketting names, i.e. OcteonTX. Subsequently, new core names
have been added to gcc, with the old names still being around.
Update the prompts with the new names as alternative to the existing
names. We still keep the kconfig options as-is, so that we do not need
to add legacy handling.
However, since there is no guarantee for how long gcc will retain
compatibility for the older names, we readily switch over to using the
new names when using a gcc 9-or-later, but keep using the older names
with gcc older than 9.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[Arnout: don't rely on ordering, but make condition explicit]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
It will make it easier to introduce new variants anywhere in the
list, when those variants have different bitness requirements.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
WIth Qt latest, if opengl is not enabled, qt5wayland examples won't be
built:
make[3]: Entering directory `/home/dawncrow/buildroot-test/scripts/instance-0/output/build/qt5wayland-5.12.2/examples/wayland'
Some of the required modules (qtConfig(opengl)) are not available.
Skipped.
make[3]: Leaving directory `/home/dawncrow/buildroot-test/scripts/instance-0/output/build/qt5wayland-5.12.2/examples/wayland'
And build will fail on:
cp: cannot stat '/home/dawncrow/buildroot-test/scripts/instance-0/output/host/sparc64-buildroot-linux-gnu/sysroot/usr/lib/qt/examples/wayland': No such file or directory
Fixes:
- http://autobuild.buildroot.org/results/902322ca156c14044d4ce53ab2c77f30dd854c98
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Jailhouse is a partitioning Hypervisor based on Linux. It is able to run
bare-metal applications or (adapted) operating systems besides Linux.
For this purpose, it configures CPU and device virtualization features
of the hardware platform in a way that none of these domains, called
"cells" here, can interfere with each other in an unacceptable way.
For 32-bit ARM, it uses instructions from the armv7ve ISA. Since we
don't have a Config.in symbol to represent this yet, exclude 32-bit ARM
for now.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
[Arnout:
- remove arm as supported architecture;
- add architecture dependency to comment;
- remove architecture comment;
- move python dependencies to the condition.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop patch as it is not needed since
69117d1507
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
hostapd 2.7 added compile time options to include
redirecting the output from stdout to a file or syslog
like wpa_supplicant
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Prepare for reproducable re-generation of hash list for
coming up qt5 update.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
GStreamer 1.16.0 is the last version to support autotools, which is
removed in the next version.
Other changes:
- The meson build provides no 'disable-valgrind' option in the plugin
packages (valgrind availability checking is done in the base
gstreamer package already).
- zlib no longer has an option and is also checked via headers.
- Add the following new meson-specific options:
- -Dgtk_doc=disabled
- -Dglib-asserts=disabled
- -Dglib-checks=disabled
- -Dgobject-cast-checks=disabled
- Three config options are comma separated strings. These
options are:
- gl_api
- gl_platform
- gl_winsys
The lists can be passed empty without error. As such, the logic now
creats a list such as:
-Dgl_api='opengl,gles2'
-Dgl_platform='glx,egl'
-Dgl_winsys='x11,wayland'
- Remove the egl BASE_CONF_ENV CPPFLAGS and LIBS options, as meson finds
the include paths and libraries correctly during the configure stage.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Gstreamer 1.16.0 is the last version to support autotools, and will be removed
in the next version.
Other changes:
- The meson build provides no 'disable-valgrind' option but checks
for the availability of valgrind/valgrind.h, so add an optional
valgrind dependency instead.
- Add the following new meson-specific options:
- -Dgtk_doc=disabled
- -Dglib-asserts=disabled
- -Dglib-checks=disabled
- -Dgobject-cast-checks=disabled
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
intltool is not needed since
984625165e
So drop it and add TARGET_NLS_DEPENDENCIES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Removed patch which was accepted (slightly different version) upstream as
d0272f54 ("devlink: fix libc and kernel headers collision")
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop Makefile changes]
(cherry picked from commit 26bae84832)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also
- adjust the U-Boot binary name after DM conversion.
- add missing notes about flashing U-Boot and SPL
Signed-off-by: Joris Offouga <offougajoris@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
For boards like imx7d-pico, u-boot.img changes to u-boot-dtb.img in
U-Boot v2019.07. Therefore, we need to pick u-boot.img or u-boot-dtb.img
depending on the board configuration.
Just like was done in commit 52344e556f for the generic genimage
template, replace the U-Boot file name with UBOOTBIN, which is set
according to the BR2_TARGET_UBOOT_FORMAT_* option. We also need to set
the correct value for this variable for the u-boot.img and
u-boot-dtb.img cases.
While we're at it, rename the partition from 'u-boot-img' to 'u-boot',
to stay consistent with the generic genimage template.
Signed-off-by: Joris Offouga <offougajoris@gmail.com>
[Arnout: correct u-boot.img condition, rework commit log]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop Makefile changes]
(cherry picked from commit 5b4e32cae8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
tarball conf/ scripts no longer link to host files. Drop autoreconf.
Add license hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use a mirror download site.
https://github.com/libarchive/libarchive/issues/1216
Drop upstream patches.
Mention additional licenses for new RARv5 code. Update license file
hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
