Commit Graph

45223 Commits

Author SHA1 Message Date
Ryan Coe
d08a4ffa00 package/mariadb: security bump to version 10.3.17
Release notes:
https://mariadb.com/kb/en/library/mariadb-10317-release-notes/

Changelog:
https://mariadb.com/kb/en/mariadb-10317-changelog/

Fixes the following security vulnerabilities:
CVE-2019-2805
CVE-2019-2740
CVE-2019-2739
CVE-2019-2737
CVE-2019-2758

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 899c6397a3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 14:19:37 +02:00
Ryan Coe
b2904f6cad package/mariadb: bump to version 10.3.16
The license file COPYING has been updated with a new address.

Release notes:
https://mariadb.com/kb/en/library/mariadb-10316-release-notes/

Changelog:
https://mariadb.com/kb/en/mariadb-10316-changelog/

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8ea7c21473)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 14:19:27 +02:00
Ryan Coe
d267ae2de0 package/mariadb: add bug tracker link to existing patch
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit db814692d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 14:18:08 +02:00
Ryan Coe
313201c0a8 package/mariadb: fix build error with newer cmake
When using a newer host system cmake to build MariaDB, the following build
error occurs:

    CMake Error at cmake/os/Linux.cmake:29 (STRING):
    STRING sub-command REPLACE requires at least four arguments.
    Call Stack (most recent call first):
    CMakeLists.txt:101 (INCLUDE)

    CMake Error at cmake/os/Linux.cmake:29 (STRING):
    STRING sub-command REPLACE requires at least four arguments.
    Call Stack (most recent call first):
    CMakeLists.txt:101 (INCLUDE)

Fixes: https://bugs.busybox.net/show_bug.cgi?id=11781

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c2ff8c63da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 14:17:08 +02:00
Peter Seiderer
85ebd28dbb package/mariadb: use host-openssl from buildroot-system
mariadb no longer allows the WITH_SSL=OFF configure option. It will
instead search for openssl or gnutls headers, and if missing error out
with:

  CMake Error at /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
    Could NOT find GnuTLS (missing: GNUTLS_LIBRARY GNUTLS_INCLUDE_DIR)
    (Required is at least version "3.3.24")
  Call Stack (most recent call first):
    /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:378 (_FPHSA_FAILURE_MESSAGE)
    /usr/share/cmake/Modules/FindGnuTLS.cmake:54 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
    libmariadb/CMakeLists.txt:298 (FIND_PACKAGE)

Therefore, make host-mariadb depend on host-openssl, and tell mariadb
to use the system openssl.

This was not found by autobuilders because mariadb isn't built in the
autobuilders (it's part of a choice).

Note that the target mariadb already has an unconditional dependency
on openssl.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit fca2e83768)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 14:15:21 +02:00
Peter Korsgaard
85596ae5f0 package/mbedtls: security bump to version 2.7.12
Fixes the following security vulnerabilities:

2.7.12:

- Fix a missing error detection in ECJPAKE.  This could have caused a
  predictable shared secret if a hardware accelerator failed and the other
  side of the key exchange had a similar bug.

- When writing a private EC key, use a constant size for the private value,
  as specified in RFC 5915.  Previously, the value was written as an ASN.1
  INTEGER, which caused the size of the key to leak about 1 bit of
  information on average and could cause the value to be 1 byte too large
  for the output buffer.

- The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to
  implement blinding.  Because of this for the same key and message the same
  blinding value was generated.  This reduced the effectiveness of the
  countermeasure and leaked information about the private key through side
  channels.  Reported by Jack Lloyd.

2.7.11:

- Make mbedtls_ecdh_get_params return an error if the second key belongs to
  a different group from the first.  Before, if an application passed keys
  that belonged to different group, the first key's data was interpreted
  according to the second group, which could lead to either an error or a
  meaningless output from mbedtls_ecdh_get_params.  In the latter case, this
  could expose at most 5 bits of the private key.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 12:31:45 +02:00
Fabrice Fontaine
9c5d229dee package/bind: security bump to version 9.11.10
- Remove all patches except first one (already in version)
- Update first patch
- Fix CVE-2019-6471: A race condition when discarding malformed packets
  can cause BIND to exit with an assertion failure

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 395ad387e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 11:39:34 +02:00
Vivien Didelot
fee9442edd DEVELOPERS: change Vivien Didelot e-mail address
I am exclusively using my Gmail address for now on. Reflect this in
the DEVELOPERS file.

Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 916497d7d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 11:33:36 +02:00
Vivien Didelot
842dc90d4e DEVELOPERS: change Mathieu Audat's email address
Mathieu is no longer working at Savoir-faire Linux, update his email
address in the DEVELOPERS file.

Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd7f37606d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 11:32:10 +02:00
Titouan Christophe
d30a52e9f2 package/mosquitto: security bump to v1.5.9
This is a backportport of c5c106e4e3 into 2019.02

If a client sends a SUBSCRIBE packet containing a topic that consists of
approximately 65400 or more '/' characters, i.e.  the topic hierarchy
separator, then a stack overflow will occur.

The issue is fixed in Mosquitto 1.6.6 and 1.5.9.  Patches for older versions
are available at https://mosquitto.org/files/cve/2019-hier

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 11:30:32 +02:00
James Hilliard
060dbfc2f1 package/systemd-bootchart: enable systemd-bootchart.service
This would normally be enabled by systemctl preset-all however since we
don't have a host systemctl we need to enable the service manually.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b81e00e2ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 11:26:35 +02:00
Ricardo Martincoski
2ba99ff4e2 DEVELOPERS: trim runtime tests for Ricardo Martincoski
Keep listing the test infra so the developer is included in reviews, but
trim the list of tests to those the developer are most interested in.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 10acb4ff6d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 11:23:55 +02:00
Adrian Perez de Castro
fe0054dffc support/dependencies/dependencies.sh: check for JSON:PP Perl module
The JSON::PP Perl module is used at build time by the webkitgtk and
wpewebkit packages.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e0c879509d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 11:11:49 +02:00
Giulio Benetti
5d7c98f098 DEVELOPERS: adjust e-mail address for Giulio Benetti
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dfd4190122)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 11:07:07 +02:00
Peter Korsgaard
67a0e38e72 package/libopenssl: security bump to version 1.1.1d
Fixes the following security vulnerabilities:

- ECDSA remote timing attack (CVE-2019-1547)
  Severity: Low

- Fork Protection (CVE-2019-1549)
  Severity: Low

- Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
  Severity: Low

For more details, see the advisory:
https://www.openssl.org/news/secadv/20190910.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 99a2f0dd6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 10:50:50 +02:00
Simon Rowe
b951766467 package/openvmtools: source default file
In the SYSV init script allow /etc/default/vmtoolsd to override $ARGS
(if it present)

Signed-off-by: Simon Rowe <simon.rowe@citrix.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3d104ce719)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 10:49:58 +02:00
Peter Korsgaard
b3e39a7543 package/expat: security bump to version 2.2.8
Fixes the following security vulnerability:

CVE-2019-15903: In libexpat before 2.2.8, crafted XML input could fool the
parser into changing from DTD parsing to document parsing too early; a
consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)
then resulted in a heap-based buffer over-read.

While we're at it, also change to use .tar.xz rather than the bigger
.tar.bz2.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 386794d02e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-26 10:46:03 +02:00
Vadim Kochan
793eb5881b package/uclibc: fix termios redefinition issue for PowerPC
Fix redefinition of 'struct termios' by syncing termios powerpc headers
from glibc, the commit which fixed the same issue in glibc:

    d4795e4a43e6f0c221bc5dc64c612206a21a177b PowerPC: Fix termios definitions

    https://sourceware.org/git/?p=glibc.git;a=commit;h=d4795e4a43e6f0c221bc5dc64c612206a21a177b

it fixed the following bug request:

    https://bugzilla.redhat.com/show_bug.cgi?id=1122714

In case of Buildroot it fixes flashrom build for PowerPC.

Fixes:
	http://autobuild.buildroot.net/results/797dde5cbf0e94162c7cc7b557841605c78ac2f3/

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2c69838208)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 23:02:57 +02:00
Romain Naour
6f64885e44 package/uclibc: backport patch to remove asm constraint on sparc
uClibc-ng don't build with gcc 9.1 [1] on sparc due to a new check
that "catch illegal asm constraint usage" [2]. This issue has been
fixed in upstream uclibc-ng, so we simply backport the fix.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[Thomas: backport the patch that was applied to upstream uclibc-ng]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 08d25f3942)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 23:02:53 +02:00
Peter Korsgaard
5f7560cc4f package/wireshark: security bump to version 2.6.11
Fixes the following security issues:

2.6.8:

- NetScaler file parser crash. Bug 15497. CVE-2019-10895
  https://www.wireshark.org/security/wnpa-sec-2019-09

- SRVLOC dissector crash. Bug 15546. CVE-2019-10899
  https://www.wireshark.org/security/wnpa-sec-2019-10

- GSS-API dissector crash. Bug 15613. CVE-2019-10894
  https://www.wireshark.org/security/wnpa-sec-2019-14

- DOF dissector crash. Bug 15617. CVE-2019-10896
  https://www.wireshark.org/security/wnpa-sec-2019-15

- LDSS dissector crash. Bug 15620. CVE-2019-10901
  https://www.wireshark.org/security/wnpa-sec-2019-17

- DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903
  https://www.wireshark.org/security/wnpa-sec-2019-18

2.6.9:

- Wireshark dissection engine crash. Bug 15778
  https://www.wireshark.org/security/wnpa-sec-2019-19

2.6.10:

- ASN.1 BER and related dissectors crash. Bug 15870. CVE-2019-13619
  https://www.wireshark.org/security/wnpa-sec-2019-20

2.6.11:

- Gryphon dissector infinite loop. Bug 16020
  https://www.wireshark.org/security/wnpa-sec-2019-21

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 22:17:17 +02:00
Carlos Santos
0dbf9b709d package/eudev: add missing user/groups "kvm" and "render"
They are required by the default udev rules.

Fixes: https://bugs.busybox.net/show_bug.cgi?id=12141

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0aa6634318)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 21:48:18 +02:00
Yegor Yefremov
45f6b6fc04 DEVELOPERS: add Yegor Yefremov to dhcpcd and nftables package
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cc74a1488b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 21:46:13 +02:00
Carlos Santos
658838df1d package/util-linux: create $(TARGET_DIR)/etc/pam.d if necessary
Useful for test purposes when we want to install util-linux with a
custom TARGET_DIR, e.g.

    $ make util-linux-reinstall TARGET_DIR=/tmp/util-linux

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 40af3a6661)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 21:44:33 +02:00
Carlos Santos
70c5b3c4ee package/thttpd: fix systemd startup
Create the configuration file as /etc/thttpd.conf, as expected by the
systemd unit file.

This matches other web server packages that install configuration files
at /etc/lighttpd/, /etc/apache2, etc.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 349501320b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 21:41:01 +02:00
Carlos Santos
9557a7eff5 package/thttpd: fix init script
The init script provided by thttpd is for FreeBSD. Add a custom one,
made specifically for Buildroot.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fc7488e99f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 21:37:35 +02:00
Peter Korsgaard
797f7b6203 {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dc82013bf5)
[Peter: drop 5.2.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 21:04:20 +02:00
Peter Korsgaard
cdd1059b5c package/libcurl: security bump to version 7.66.0
Fixes the following security vulnerabilities:

CVE-2019-5481: FTP-KRB double-free
https://curl.haxx.se/docs/CVE-2019-5481.html

CVE-2019-5482: TFTP small blocksize heap buffer overflow
https://curl.haxx.se/docs/CVE-2019-5482.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2683200065)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 20:00:33 +02:00
Peter Korsgaard
b775c99262 package/nodejs: security bump to version v8.16.1
Fixes the following security vulnerabilities:

- CVE-2019-9511 "Data Dribble": The attacker requests a large amount of data
  from a specified resource over multiple streams.  They manipulate window
  size and stream priority to force the server to queue the data in 1-byte
  chunks.  Depending on how efficiently this data is queued, this can
  consume excess CPU, memory, or both, potentially leading to a denial of
  service.

- CVE-2019-9512 "Ping Flood": The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume excess
  CPU, memory, or both, potentially leading to a denial of service.

- CVE-2019-9513 "Resource Loop": The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way that
  causes substantial churn to the priority tree.  This can consume excess
  CPU, potentially leading to a denial of service.

- CVE-2019-9514 "Reset Flood": The attacker opens a number of streams and
  sends an invalid request over each stream that should solicit a stream of
  RST_STREAM frames from the peer.  Depending on how the peer queues the
  RST_STREAM frames, this can consume excess memory, CPU, or both,
  potentially leading to a denial of service.

- CVE-2019-9515 "Settings Flood": The attacker sends a stream of SETTINGS
  frames to the peer.  Since the RFC requires that the peer reply with one
  acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost
  equivalent in behavior to a ping.  Depending on how efficiently this data
  is queued, this can consume excess CPU, memory, or both, potentially
  leading to a denial of service.

- CVE-2019-9516 "0-Length Headers Leak": The attacker sends a stream of
  headers with a 0-length header name and 0-length header value, optionally
  Huffman encoded into 1-byte or greater headers.  Some implementations
  allocate memory for these headers and keep the allocation alive until the
  session dies.  This can consume excess memory, potentially leading to a
  denial of service.

- CVE-2019-9517 "Internal Data Buffering": The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave the
  TCP window closed so the peer cannot actually write (many of) the bytes on
  the wire.  The attacker then sends a stream of requests for a large
  response object.  Depending on how the servers queue the responses, this
  can consume excess memory, CPU, or both, potentially leading to a denial
  of service.

- CVE-2019-9518 "Empty Frames Flood": The attacker sends a stream of frames
  with an empty payload and without the end-of-stream flag.  These frames
  can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE.  The peer spends
  time processing each frame disproportionate to attack bandwidth.  This can
  consume excess CPU, potentially leading to a denial of service.
  (Discovered by Piotr Sikora of Google)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 19:52:25 +02:00
Martin Bark
dd4f4fe45b package/nodejs: use shared nghttp2 library
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9a52e173b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 19:28:05 +02:00
Peter Korsgaard
7fcd08bf68 package/nghttp2: security bump to version 1.39.2
Fixes the following security issues:

CVE-2019-9511: Data Dribble
CVE-2019-9513: Resource Loop

For details, see the advisory:
https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/

Notice that libnghttp2 itself is not affected by these vulnerabilities, only
nghttpx and nghttpd (which are currently not built).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4c7e7acbe4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 19:26:42 +02:00
Martin Bark
3cbc9a3ff4 package/nghttp2: bump version to 1.37.0
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bd52cb76b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 19:26:30 +02:00
Peter Korsgaard
d2465aac0e package/luksmeta: do not build man pages
Fixes:
http://autobuild.buildroot.net/results/a6247b95f1578fe1daec485589582310c75b5d84/

luksmeta-v9 generates man pages at build if a2x is available since:

commit 3fa51bb22350fee101fc52044949f6eb394114ae
Author: Daniel Kopeček <dkopecek@redhat.com>
Date:   Fri Jul 13 01:52:45 2018 +0200

   Generate manual page from source during build time

   If a2x (asciidoc) is not available during configure time,
   a warning will be generated and the manual page wont be
   generated nor installed.

Man pages are not needed on target and the build step fails in certain
setups, so disable it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0471f650b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 18:04:58 +02:00
Peter Korsgaard
51af5842af package/luksmeta: bump to version v9
Bugfix release, fixing a potential infinite loop when handling the LUKS
header:

git shortlog v8..v9
Daniel Kopeček (2):
      Use asciidoc as the manual page source format
      Generate manual page from source during build time

Milan Broz (1):
      Fix infinite loop when initializing trimmed LUKS header.

Nathaniel McCallum (3):
      Fix invalid man page section reference
      Fix typos in the man page
      Release version 9

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8103460aa1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 18:04:48 +02:00
Carlos Santos
f9400e938c package/nfs-utils: always use libtirpc and enable IPv6
nfs-utils selects rpcbind, and rpcbind unconditionally selects
libtirpc. Therefore, nfs-utils will never be used with the C library
RPC implementation: libtirpc will always be used. Consequently, all
the conditional logic to use libtirpc only if available is useless,
and we can use libtirpc unconditionally.

As an added bonus, this means that we can enable IPv6, because
libtirpc provides an IPv6-compatible RPC implementation.

Fixes: https://bugs.busybox.net/show_bug.cgi?id=10806

Signed-off-by: Carlos Santos <unixmania@gmail.com>
[Thomas: rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 749334cb36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 18:00:50 +02:00
Baruch Siach
6218199ccd package/libnftnl: drop obsolete patch
Patch #1 is obsolete since upstream commit 244d60de2f1 ("utils: define
xfree() as macro") in version 1.0.3. xfree is no longer a symbol, so it
can't conflict with symbols of the code libnftnl links with.

Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 291bfa5902)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 14:22:32 +02:00
Baruch Siach
e9a935047f package/libnftnl: bump to version 1.1.3
Rebase patch #1.

Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1208e41561)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-25 14:22:27 +02:00
Pierre-Jean Texier
cd72d5bf57 package/haveged: bump to version 1.9.6
This includes the following changes:

94079e6 Fixed invalid UTF-8 codes in ChangeLog
1470a82 Updated service.fedora
9596c53 Updated service.fedora
b50b59b New version 1.9.5
037e059 New version 1.9.5
2681d01 Added test for /dev/random symlink
0dac21b Update to automake 1.16
638e2f0 Fixed built issue on Cygwin
083f827 minimize diff
b38def1 minimize diff
e16369d take into account review by @nbraud
6dfce53 Remove support for CPUID on ia64
fc50dda [PATCH] Output some progress during CUSUM and RANDOM EXCURSION test
be4e481 NEWS: Cleanup extraneous whitespace
0815b3c Fixup upstream changelog
6d52229 Fix type mismatch in get_poolsize
90d00f7 service.redhat: update PIDFile
16a9726 fix segv at start
ceab89a init.d/Makefile.am: add missing dependency
01e3154 Diagnostics capture mode now works correctly by referencing the right variable during rng warmup
f219358 Fix segfault on arm machines

Also add a 'v' prefix in _SITE variable.

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8e1b0d8857)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-24 16:49:04 +02:00
Pierre-Jean Texier
2940519e54 package/haveged: bump to version 1.9.4
See https://github.com/jirka-h/haveged/releases/tag/1.9.4

Also change the site location, upstream release
mechanism has switched to using github.

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6bc4189b82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-24 16:48:18 +02:00
Raphaël Mélotte
1f17bc1719 docs/manual/adding-packages-python.txt: fix outdated Python 3 explanation
Python packages should no longer depend on BR2_PACKAGE_PYTHON in their
config file, unless they are only compatible with Python 2.

Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b5c553ba59)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-24 16:32:13 +02:00
Thomas Petazzoni
b916a116f5 DEVELOPERS: remove Pranit Sirsat, e-mail bounces
<Pranit.Sirsat@imgtec.com>: host mxa-00376f01.gslb.pphosted.com[91.207.212.86]
    said: 550 5.1.1 User Unknown (in reply to RCPT TO command)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fa54d02458)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-24 16:28:57 +02:00
Fabrice Fontaine
c546f46e03 package/augeas: drop AUTORECONF
autoreconf is not needed since bump to version 1.10.1 in
commit 3cd6faa04c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 75baf4764c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-24 16:03:19 +02:00
Baruch Siach
c4ed5ae29b package/iptables: bump to version 1.8.3
Drop upstream patches.

Fixes a buffer overflow issue in iptables-save parsing.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 326a9ae2e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-19 17:08:04 +02:00
Bernd Kuhls
2e92975b70 package/libgpg-error: fix build with gawk 5.0
Fixes:

  http://autobuild.buildroot.net/results/e815bed0e7b3d9cbf50ebf605666a50e7032e5a1/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
(cherry picked from commit d503003c36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-17 22:56:34 +02:00
Giulio Benetti
2dffa1853d package/libnss: fix build failure on aarch64_be
Fixes:
http://autobuild.buildroot.net/results/bfd29593bb6c53d3e9e2d02d2ed6bea360d99c00/

In libnss there is a bug leading to build failure due to double declared
functions. This is due to 2 different #ifdef statements treating the
same function-set.

Add patch to fix this by making the 2 #ifdef statements equal.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 82187f9481)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-17 22:39:11 +02:00
Giulio Benetti
f09f5a8c72 package/libnss: security bump to version 3.46
Fixes the following security issues:

(3.44.1)
CVE-2019-11729: More thorough input checking
CVE-2019-11719: Don't unnecessarily strip leading 0's from key material
during PKCS11 import
CVE-2019-11727: Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3

Note:
This version requires nspr 4.22 or newer provided by the previous patch.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7e509333ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-17 22:39:05 +02:00
Giulio Benetti
8df739fc9c package/libnspr: bump to version 4.22
Rework all 3 patches to make that applicable to 4.22 version.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 385b5686a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-17 22:38:39 +02:00
Nylon Chen
ab857abea8 package/libnspr: add patch for nds32 support.
Fixes:

  http://autobuild.buildroot.net/results/9380435440c977eeaf98a1ffa80f411f07f62482/

Signed-off-by: Nylon Chen <nylon7@andestech.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3388027e0d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-17 22:38:33 +02:00
Thomas Petazzoni
3b3040442a DEVELOPERS: remove Kevin Joly, e-mail is bouncing
Kevin Joly (kevin.joly@sensefly.com)<mailto:kevin.joly@sensefly.com>
Your message couldn't be delivered to the recipient because you don't have permission to send to it.

Looking at his LinkedIn profile, he left SenseFly in January 2019,
which quite certainly explains why his @sensefly.com e-mail address is
no longer working.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 55814b8ef9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-17 22:30:49 +02:00
Romain Naour
04f1779cba configs/aarch64_efi: fix typo AARCH64 -> ARM64
There is no option BR2_TARGET_GRUB2_AARCH64_EFI but
BR2_TARGET_GRUB2_ARM64_EFI in grub2 package.

BR2_TARGET_GRUB2_ARM64_EFI was introduced by the commit [1].

[1] 273a27804a

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Erico Nunes <nunes.erico@gmail.com>
Reviewed-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0525ca4711)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-17 22:26:39 +02:00
Peter Korsgaard
c2c35ab857 package/asterisk: security bump to version 16.5.1
Fixes the following security issues:

AST-2019-004: Crash when negotiating for T.38 with a declined stream
When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint
responds with a declined media stream a crash will then occur in Asterisk.
https://downloads.asterisk.org/pub/security/AST-2019-004.pdf

AST-2019-005: Remote Crash Vulnerability in audio transcoding
When audio frames are given to the audio transcoding support in Asterisk the
number of samples are examined and as part of this a message is output to
indicate that no samples are present. A change was done to suppress this
message for a particular scenario in which the message was not relevant. This
change assumed that information about the origin of a frame will always exist
when in reality it may not.
https://downloads.asterisk.org/pub/security/AST-2019-005.pdf

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 965e26fd99)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-17 22:13:31 +02:00