- Nov 17, 2020
-
-
Peter Korsgaard authored
Signed-off-by:
Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit a4832641bcab4e3487a986ac31110fb2c006b2c0) [Peter: drop Makefile changes] Signed-off-by:
-
- Nov 16, 2020
-
-
Peter Korsgaard authored
Signed-off-by: -
Peter Korsgaard authored
Signed-off-by:
-
Fabrice Fontaine authored
Fix build of qemu 5.0.0 and above with 64 bites time_t Fixes: - http://autobuild.buildroot.org/results/efd4474fb4b6c0ce0ab3838ce130429c51e43bbb Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/70c98e89b1d5e5b651d1f6928dc53f465103f57a Signed-off-by:
-
Garret Kelly authored
When using a custom git or mercurial repository for u-boot the error message indicating a version had not been provided incorrectly stated that the URL was missing. Update the error message to indicate that it's the version that's missing. Signed-off-by:
Garret Kelly <garret.kelly@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
This will avoid the following build failure with qemu 5.0.0 and above: /srv/storage/autobuild/run/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/8.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-2/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/lib/../lib64/libnuma.a(libnuma.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a PIE object; recompile with -fPIC Fixes: - http://autobuild.buildroot.org/results/616dff216a215dc0494c846d337e03e0795b2fb2 Signed-off-by:
-
Bernd Kuhls authored
Fix wrong path in usr/lib/dovecot-config which was copied from the dovecot staging dir. Fixes: http://autobuild.buildroot.net/results/5fb/5fb1cd57bc3fdf4f75019c7b25d65ef887eea539/ Signed-off-by:
Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by:
-
Romain Naour authored
The commit [1] added a second LIBPAM_TACPLUS_AUTORECONF because we are now patching configure.ac. But LIBPAM_TACPLUS_AUTORECONF was already used because the package is fetched from github. [1] bd85d82f Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/849509860 Signed-off-by:
Romain Naour <romain.naour@gmail.com> Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by:
-
Baruch Siach authored
Build fails when no yacc alternative is installed. Fixes: http://autobuild.buildroot.net/results/1ba8e339cbb5646663d0bf4e158d89e54433b242/ http://autobuild.buildroot.net/results/a00a53d6635c64e72c50d4841658155de5380110/ Signed-off-by:
Baruch Siach <baruch@tkos.co.il> Acked-by:
Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by:
-
Fabrice Fontaine authored
--disable-bzip2 is not a recognized option so replace it by --disable-libbz2 to match the target logic. Signed-off-by:
-
Thomas Petazzoni authored
We change Trent's e-mail address in commit 1c20802d, but it turns out the new one also doesn't work: <trent.piepho@synapse.com>: host synapse-com.mail.protection.outlook.com[104.47.57.138] said: 550 5.4.1 Recipient address rejected: Access denied. AS(201806281) [DM6NAM11FT063.eop-nam11.prod.protection.outlook.com] (in reply to RCPT TO command) So let's drop Trent entirely, which orphans the libp11 package. Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by:
-
Fabrice Fontaine authored
Fix the following CVEs: - CVE-2020-25695: Multiple features escape "security restricted operation" sandbox - CVE-2020-25694: Reconnection can downgrade connection security settings - CVE-2020-25696: psql's \gset allows overwriting specially treated variables https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111 Signed-off-by:
-
Fabrice Fontaine authored
This release fixes a potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc. See: https://github.com/redis/redis/pull/7963 https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES Signed-off-by:
-
- Nov 15, 2020
-
-
Yann E. MORIN authored
This reverts commit d2159da6. which should not have been applied to master, but to next... Signed-off-by:
-
Julien Olivain authored
Attempting to compile this package with newer Kernel version (e.g. v5.4) fails with message: Generating local configuration database from kernel ...Kernel version parse failed! Upgrading the package to 5.8 fixes this issue. Anyways, v4.4 is now rather old and beat the very purpose of having newer drivers in older kernels. Since backports tag v4.14-rc4-1, the requirement on minimal kernel version changed from 3.0 to 3.10. See commit [1]. The minimal kernel version check is changed accordingly. License files are also updated: the linux backports package copies the license files from the kernel version used for its generation. v5.8 is now "GPL-2.0 WITH Linux-syscall-note". However, there is no such SPDX identifier (contrary to what is said in the COPYING file), so we keep it as GPL-2.0 (which also keeps it aligned to what we have in linux.mk). [1] https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git/commit/?id=a0d05f9f9ca50ea8b1d60726fac6b54167257e76 Signed-off-by:
Julien Olivain <ju.o@free.fr> Reviewed-by:
Petr Vorel <petr.vorel@gmail.com> Tested-by:
-
- Nov 14, 2020
-
-
Peter Korsgaard authored
Signed-off-by: -
Bartosz Bilas authored
Since there is not necessary to have support of systemd within the host variant let's disable it unconditionally to solve the following errors: /usr/bin/install -c -m 644 data/rauc.service '/usr/lib/systemd/system' /usr/bin/install: cannot create regular file '/usr/lib/systemd/system/rauc.service': Permission denied /usr/bin/install -c -m 644 data/de.pengutronix.rauc.conf 'no' make[4]: *** [Makefile:1700: install-nodist_systemdunitDATA] Error 1 make[4]: *** Waiting for unfinished jobs.... Signed-off-by:
Bartosz Bilas <b.bilas@grinn-global.com> Signed-off-by:
-
Thomas Petazzoni authored
While testing Buildroot on a Cortex-A5 that doesn't provide NEON, we found out that a system generated with the ARM toolchain from Arm didn't boot. It turns out that this ARM toolchain is built with: --with-arch=armv7-a --with-fpu=neon --with-float=hard --with-mode=thumb So, it uses NEON as its FPU, which means it can only work on CPU cores that have NEON support. This commit adds the appropriate dependency to the toolchain-external-arm-arm package, and adjusts the Config.in help text accordingly. While at it, it also drops the part of the Config.in help text that says the code is tuned for Cortex-A9, as it is not the case: it was the case for the Linaro toolchain (built with --with-tune=cortex-a9), but not for the ARM toolchain, for which no specific --with-tune is passed. Signed-off-by:
-
Fabrice Fontaine authored
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/5c17226f12eba104d907693ec37fc101cc6d447f Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/4655626f1827245648a566a7223f247a130714c5 Signed-off-by:
-
Romain Naour authored
The commit [1] should fix a circular dependency by using util-linux-libs instead of util-linux if BR2_PACKAGE_UTIL_LINUX_LIBS is set. But util-linux is still in CRYPTSETUP_DEPENDENCIES. Remove it to really break the circular dependency. [1] e3c86f5c Signed-off-by:
-
- Nov 13, 2020
-
-
Julien Olivain authored
The commit 05fea6e4 "infra/pkg-kconfig: do not rely on package's .config as a timestamp" broke the kernel version check of this linux-backports package (it was no longer executed). Since linux-4.19, the kernel's build system internally touches its .config file, so it can no longer be used as a stamp file. The stamp file defined in KCONFIG_STAMP_DOTCONFIG variable of pkg-kconfig infra need to be used instead. This commit fixes the kernel version check. Signed-off-by:
-
Romain Naour authored
The commit [1] enabled riscv32 and riscv64 for uClibc-ng internal toolchain backend but only riscv64 is curently supported by uClibc-ng. The initial patch [2] from Mark Corbin is only about riscv64. Remove riscv32 from uClibc-ng supported architecture list. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/830981656 [1] 209a0824 [2] bd9810e1 Signed-off-by:
-
Fabrice Fontaine authored
Fix build of suricata 6.0.0 with mips32r6 app-layer-ftp.o: In function `FTPCheckMemcap': app-layer-ftp.c:(.text+0x284): undefined reference to `__atomic_load_8' app-layer-ftp.c:(.text+0x2d8): undefined reference to `__atomic_fetch_add_8' Fixes: - http://autobuild.buildroot.org/results/f574005204905250702df32b61c85d427ab4feda Signed-off-by:
-
Bartosz Bilas authored
Add -p argument that ignore that specified directory already exists. Fixes: mkdir: cannot create directory ‘/home/bartekk/buildroot-2020.11-rc1/output/target/usr/lib/systemd/system/rauc.service.d’: File exists Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - math/big: panic during recursive division of very large numbers A number of math/big.Int methods (Div, Exp, DivMod, Quo, Rem, QuoRem, Mod, ModInverse, ModSqrt, Jacobi, and GCD) can panic when provided crafted large inputs. For the panic to happen, the divisor or modulo argument must be larger than 3168 bits (on 32-bit architectures) or 6336 bits (on 64-bit architectures). Multiple math/big.Rat methods are similarly affected. crypto/rsa.VerifyPSS, crypto/rsa.VerifyPKCS1v15, and crypto/dsa.Verify may panic when provided crafted public keys and signatures. crypto/ecdsa and crypto/elliptic operations may only be affected if custom CurveParams with unusually large field sizes (several times larger than the largest supported curve, P-521) are in use. Using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don’t chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server that accepts and verifies client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected. Moreover, an application might crash invoking crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate request or during a golang.org/x/crypto/otr conversation. Parsing a golang.org/x/crypto/openpgp Entity or verifying a signature may crash. Finally, a golang.org/x/crypto/ssh client can panic due to a malformed host key, while a server could panic if either PublicKeyCallback accepts a malformed public key, or if IsUserAuthority accepts a certificate with a malformed public key. Thanks to the Go Ethereum team and the OSS-Fuzz project for reporting this. Thanks to Rémy Oudompheng and Robert Griesemer for their help developing and validating the fix. This issue is CVE-2020-28362 and Go issue golang.org/issue/42552. - cmd/go: arbitrary code execution at build time through cgo The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code. This can be caused by malicious gcc flags specified via a #cgo directive, or by a malicious symbol name in a linked object file. Thanks to Imre Rad and to Chris Brown and Tempus Ex respectively for reporting these issues. These issues are CVE-2020-28367 and CVE-2020-28366, and Go issues golang.org/issue/42556 and golang.org/issue/42559 respectively. Signed-off-by: -
Peter Korsgaard authored
Fixes a build issue with linux 5.4.76+. For details, see the announcement: https://lists.zx2c4.com/pipermail/wireguard/2020-November/005997.html Signed-off-by:
-
Peter Korsgaard authored
Including the fix for CVE-2020-8694: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html Signed-off-by:
-
Bernd Kuhls authored
Release notes: https://blog.torproject.org/node/1952 Fixes TROVE-2020-005. Signed-off-by:
-
- Nov 12, 2020
-
-
Romain Naour authored
The rock64 defconfig is currently broken [1][2] since a while due to incompatibility between uboot-2017.09-rockchip-ayufan fork and pylibfdt. Even with the latest uboot-2017.09-rockchip-ayufan fork version [3], it doesn't build. The original submitter tried the uboot upstream rock64-rk3328_defconfig but the board doesn't boot [4]. In order to not release 2020.05 with a broken defconfig, let's remove it. It can be re-added later once the uboot issue has been resolved. [1] 2020.05-rc2: https://gitlab.com/buildroot.org/buildroot/-/jobs/563613273 [2] 2020.02: https://gitlab.com/buildroot.org/buildroot/-/jobs/548596102 [3] https://github.com/ayufan-rock64/linux-u-boot/releases/tag/2017.09-rockchip-ayufan-1065-g95f6152134 [4] http://lists.busybox.net/pipermail/buildroot/2020-May/282164.html Signed-off-by:
-
Romain Naour authored
This version fix the runtime issue with python 3.9 since _Py_ForgetReference() was removed from the limited C API [1]. $ python sample_python_crossbar.py /usr/bin/python3.9: symbol '_Py_ForgetReference': can't resolve symbol python-lmbd 0.99 contain a refactoring removing _Py_ForgetReference() from the code. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/830981961 https://gitlab.com/buildroot.org/buildroot/-/jobs/830981979 [1] https://docs.python.org/3/whatsnew/3.9.html#id3 [2] https://github.com/jnwatson/py-lmdb/commit/22a3724bdcda62853e8a250094f512eb20abe01f Signed-off-by:
-
Romain Naour authored
Since commit [1] in cpython, an exception is raised when an encryption method is not available. This eception is handled only if errno is set to EINVAL by crypt() but uClibc-ng doesn't set errno in crypt() [2]. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/830981961 https://gitlab.com/buildroot.org/buildroot/-/jobs/830981979 [1] https://github.com/python/cpython/commit/0d3fe8ae4961bf551e7d5e42559e2ede1a08fd7c [2] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libcrypt/crypt.c?h=v1.0.36#n29 Signed-off-by:
-
Peter Seiderer authored
Fixes: - https://bugs.busybox.net/show_bug.cgi?id=13306 .../wpewebkit-2.30.2/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp:242:30: error: ‘class WebCore::Settings’ has no member named ‘setGenericCueAPIEnabled’; did you mean ‘setBeaconAPIEnabled’? page->settings().setGenericCueAPIEnabled(enabled); ^~~~~~~~~~~~~~~~~~~~~~~ setBeaconAPIEnabled Signed-off-by:
Peter Seiderer <ps.report@gmx.net> Signed-off-by:
-
Julien Olivain authored
Upstream backports package does not define the LEX/YACC Makefile variables, contrary to the Kernel which is defining those in [1]. The default "lex" and "yacc" are then used. On some systems, "yacc" is Berkeley Yacc. Kconfig parser files are using non-Posix Bison constructs. Attempting to generate the parser with byacc fails with error: yacc: e - line 97 of "zconf.y", syntax error %destructor { ^ This patch defines the LEX and YACC Makefile variable to use flex and bison, to fix this issue. The host-bison and host-flex dependencies are added only if the host does not have them, following the same logic of the Kernel. [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73a4f6dbe70a1b93c11e2d1d6ca68f3522daf434 Signed-off-by: -
Klaus Heinrich Kiwi authored
Pick the below patch from upstream, in order to fix 'settimeofday: Invalid argument' introduced by using glibc v2.31+. (busybox hasn't tagged a new version since). See https://bugs.busybox.net/show_bug.cgi?id=12756 for more info. Signed-off-by:
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - AST-2020-001: Remote crash in res_pjsip_session Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. - AST-2020-002: Outbound INVITE loop on challenge with different nonce If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. For details, see the announcement: https://www.asterisk.org/asterisk-news/asterisk-13-37-1-16-14-1-17-8-1-18-0-1-and-16-8-cert5-now-available-security/ Signed-off-by:
-
Stefan Agner authored
Avoid setting executable bits for apparmor.service. This gets rid of a corresponding warning during installation: Configuration file ../target/usr/lib/systemd/system/apparmor.service is marked executable. Please remove executable permission bits. Proceeding anyway. Signed-off-by:
Stefan Agner <stefan@agner.ch> Signed-off-by:
-
Fabrice Fontaine authored
Signed-off-by:
-
