Contains the following security related fixes:
- Race condition possibility; CWE-362: Concurrent Execution using
Shared Resource with Improper Synchronization ('Race Condition'):
36c8eae890
- Fix realloc error handling:
430043842e
Update hash of COPYING and remove MIT from licenses because sd-daemon
files were removed:
0984e0f4a0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pcsc-lite is not only licensed under BSD-3-Clause, so retrieve licenses
from COPYING (BSD-2-Clause, GPL-3.0+, MIT, ISC) and add GPL-3.0.txt to
license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch is not needed as static build has been disabled since
commit ad8c327053
Moreover, pthread dependency should be correctly retrieved from
libusb-1.0.pc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Applications build with a musl 1.1.20+ toolchain and linked with libupnpp will
crash at runtime with `Illegal instruction` as musl is more strict with
trying to detach an already detached thread resulting in undefined
behaviour.
Upstream status:
https://github.com/mrjimenez/pupnp/issues/102
Backported from:
04b454f693
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
On gentoo /run/lock is owned by uucp group because of historical
reasons. However uucp does not exist on buildroot by default, and
it makes more sense that 'daemon' group should own this directory.
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Busybox version of sysctl does not support --system argument, and
files need to be loaded one by one. This patch adds code to sysctl
service in openrc to recognize busybox sysctl and execute proper
function based on that.
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/pkg-generic.mk
Add <pkg>_INSTALL_INIT_OPENRC so packages can define their own steps
to install openrc service scripts.
* docs/manual/adding-packages-generic.txt
update documentation about new hook.
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is very basic settings for openrc init.
* system/Config.in
Allows to select openrc as init system (which auto selects
openrc-skeleton and openrc package).
* package/ifupdown-scripts/Config.in
openrc has its own service to bring up/down interfaces, so
ifupdown-scripts should not be enabled when openrc is enabled to
prevent service clash.
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
[Thomas: take into account the !BR2_STATIC_LIBS dependency]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This basic skeleton is similar to skeleton-init-sysv.
All links in /var are same as in skeleton-init-sysv to be compatible
with current default filesystem scheme.
Exceptions:
* /dev/shm and /dev/pts dirs were removed, since they are created by
openrc devfs service
* /etc/fstab does not need /dev/shm, /dev/pts and /sys entries
becuse they are mounted by devfs and sysfs services respectively
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This adds openrc init system package. This performs default openrc
installation with openrc-init that acts as pid1.
MKPKGCONFIG=no:
openrc does not use pkg-config per se, if MKPKGCONFIG is enabled,
it will just install *.pc files on rootfs for other programs to
find librc and libeinfo. These libs expose C api to control openrc
(al rc-* functions use it). From the looks of it, these libs would
be usefull if user wanted to write his own programs to manage
services, and vast majority of people using openrc won't need it.
Also, that's the reason why there is not INSTALL_STAGING=yes.
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit 6ebaef3818
("package/python-ipython: bump to version 7.4.0"), ipython is no
longer available for Python 2.x, as it requires Python 3.x.
However, the corresponding test case that was testing iPython under
Python 2.x was not removed at the same time, causing a failure of
TestIPythonPy2 test. Let's drop the test that is no longer relevant.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/210208754
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
From the help test of individual binaries:
With this option enabled, each applet is a separate binary, which is
needed for proper operation with SELinux
As such, it makes sense to select this option when SELinux support is
selected as well.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The cog package includes libraries and headers, so installing it
to the staging tree allows having those available for development.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to new released version:
https://github.com/netsniff-ng/netsniff-ng/releases/tag/v0.6.6
Changelog:
implement rotating capture files in netsniff-ng
fixed '--in -' to work again with STDIN in trafgen
fixed -t 0 option to use sendto in trafgen
checksum calculation for ICMP and TCP in astraceroute
fix for reading mirrors from file in astraceroute
use GZIP_ENV instead of GZIP in build system
added error handling for mismatched address families in mausezahn
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 5b3c7a3e78 added a
BR2_PACKAGE_HAS_LIBEGL_WAYLAND dependency to wpebackend-fdo but forget
to add it to wpewebkit
Fixes:
- http://autobuild.buildroot.net/results/49e04166de68358e69bce580b29ba3a25b313acf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file only got updated to 2019.
Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The project has been moved from the kergoth user account to the
libts organisation on github. While github seems to maintain redirects,
we should use the new location directly.
Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix infinite loop in cJSON_Minify (potential Denial of Service), see
https://github.com/DaveGamble/cJSON/issues/354
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
`NAME` is not set resulting in a pidfile without a basename:
`/var/run/.pid`. Use the correct variable `DAEMON` instead.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current URL no longer exists, so update it to what looks like the
main DHCP upstream site.
This issue was noticed by the upstream URL check added by Matt Weber
in the pkg-stats script, whose results are visible at
http://autobuild.buildroot.net/stats/.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2013-1752: Change use of readline() in :class:`imaplib.IMAP4_SSL` to limit line length
- CVE-2018-14647: The C accelerated _elementtree module now initializes hash
randomization salt from _Py_HashSecret instead of libexpat's default
CSPRNG.
For more details, see the NEWS file:
https://github.com/python/cpython/blob/v2.7.16/Misc/NEWS.d/2.7.16rc1.rst
Refresh patches, drop now upstream
package/python/0035-bpo-35746-Fix-segfault-in-ssl-s-cert-parser-GH-11569.patch
and adjust hash of LICENSE file for a change of copyright years.
run-tests results:
16:05:41 TestPython2 Starting
16:05:42 TestPython2 Building
16:11:26 TestPython2 Building done
16:11:32 TestPython2 Cleaning up
.
----------------------------------------------------------------------
Ran 1 test in 351.905s
OK
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now wpebackend-fdo depends only on HAS_LIBEGL but if libegl is not of
wayland type, build breaks due to different EGLNativeWindowType types
depending on backends(fb,x11,wl).
Modify:
'depend on BR2_PACKAGE_HAS_LIBEGL'
to:
'depend on BR2_PACKAGE_HAS_LIBEGL_WAYLAND'
in Config.in to avoid building if there is not a wayland egl backend.
Modify also comment in Config.in when package is not selectable
mentioning the need to have an OpenEGL-capable Wayland backend.
Fixes:
http://autobuild.buildroot.net/results/4f02b91f6ffffd194e09ed18c917b4f678b1a52d/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
