- Fix CVE-2020-11100: In hpack_dht_insert in hpack-tbl.c in the HPACK
decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can
write arbitrary bytes around a certain location on the heap via a
crafted HTTP/2 request, possibly causing remote code execution.
https://www.mail-archive.com/haproxy@formilux.org/msg36877.html
- Update indentation of hash file (two spaces)
Furthermore, 2.0.11..2.0.13 contains a number of bugfixes.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
* CVE-2020-11501: It was found that GnuTLS 3.6.3 introduced a
regression in the DTLS protocol implementation. This caused the DTLS
client to not contribute any randomness to the DTLS negotiation
breaking the security guarantees of the DTLS protocol.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 170d06cfc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gcc fails to build in debug build with debug optimisations:
BR2_x86_corei7=y
BR2_ENABLE_DEBUG=y
BR2_DEBUG_3=y
BR2_OPTIMIZE_G=y
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
which fails with:
../../../../libsanitizer/libbacktrace/../../libbacktrace/elf.c:772:21: error: ‘st.st_mode’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
return S_ISLNK (st.st_mode);
^
Upstream has been unable to reproduce/fix properly, details:
https://gcc.gnu.org/legacy-ml/gcc-patches/2019-03/threads.html#00827
Upstream recommends passing -Wno-error as a workaround, see:
https://gcc.gnu.org/pipermail/gcc-patches/2019-April/519867.html
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: add the reproducing defconfig]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit dcaf6e75ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
After the staging installation, we replace a number of paths in libtool
.la files so that those paths point to STAGING_DIR instead of a location
in the build machine.
However, we replace only paths that start with /usr. And it turns out
that the linux-pam package is configured with --libdir=/lib (linux-pam
seems to always be installed in /lib rather than /usr/lib).
Due to this, libpam.la contains the following line:
libdir='/lib'
When building a configuration that has:
- BR2_ROOTFS_MERGED_USR=y
- BR2_PACKAGE_LINUX_PAM=y
- BR2_PACKAGE_POLKIT=y
on a system that has its system-wide PAM library installed in /lib,
the build fails with:
/lib/libpam.so: file not recognized: File format not recognized
For some reason, libtool searches only in STAGING_DIR/usr/lib, but
when BR2_ROOTFS_MERGED_USR=y, STAGING_DIR/lib points to
STAGING_DIR/usr/lib, so libtool finds libpam.la. And this libpam.la
contains a bogus libdir='/lib' path. libtool then goes on, finds
/lib/libpam.so, and links with it, causing the build failure.
By doing the proper replacement of libdir='/lib', we have a correct
libpam.la, and solve the build issue.
There is no autobuilder failure associated to this issue, as it
requires /lib/libpam.so to exist. This is the case on ArchLinux, on
which Xogium reported the issue, which can also be reproduced in an
ArchLinux container.
Reported-by: Xogium <contact@xogium.me>
Cc: Xogium <contact@xogium.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr:
- tested by manually creating a symlink to libpam.so in /lib
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7ae7c82dd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The following defconfig:
BR2_x86_i686=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://toolchains.bootlin.com/downloads/releases/toolchains/x86-i686/tarballs/x86-i686--glibc--bleeding-edge-2018.11-1.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_8=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_14=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_INIT_NONE=y
BR2_TARGET_SYSLINUX=y
BR2_TARGET_SYSLINUX_EFI=y
fails to build due to missing setjmp/longjmp definitions, which is a
consequence of a change introduced between gnu-efi 3.0.9 and 3.0.10.
This build failure is fixed by adding another syslinux paytch, which
has been submitted upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6d5da6d916)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The cgit URL is a mirror of the gitlab repository.
The README.md file of the kmscube project also points
to the gitlab repository, so switch the URL accordingly.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8ab9acbed8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The sysdig homepage we have points to an "on-sale" domain, that is
purportedly serving malware while at it. Update to point to the wiki on
github instead.
Fixes#12746.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- use wiki instead of git repo
- expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ca3166da48)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
"This release fixes three security issues in ntpd and provides 46
bugfixes and addresses 4 other issues." [1]
NONE: Sec 3610: process_control() should bail earlier on short packets.
MEDIUM: Sec 3596: Unauthenticated ntpd may be susceptible to IPv4 spoof
attack from highly predictable transmit timestamps.
MEDIUM: Sec 3592: DoS Attack on unauthenticated client.
The fix for https://bugs.ntp.org/3445 introduced a bug whereby a system that
is running ntp-4.2.8p12 (possibly earlier) or p13 that only has one
unauthenticated time source can be attacked in a way that causes the
victim's next poll to its source to be delayed, for as long as the attack is
maintained.
[1] http://support.ntp.org/bin/view/Main/SecurityNotice#March_2020_ntp_4_2_8p14_NTP_Rele
The copyright year has changed in the COPYRIGHT file, so adjust the hash to
match and adjust the spacing to match recent agreements:
@@ -3,7 +3,7 @@
jpg "Clone me," says Dolly sheepishly.
- Last update: 2-Jan-2017 11:58 UTC
+ Last update: 4-Feb-2020 23:47 UTC
__________________________________________________________________
The following copyright notice applies to all files collectively called
@@ -32,7 +32,7 @@
Burnicki is:
***********************************************************************
* *
-* Copyright (c) Network Time Foundation 2011-2017 *
+* Copyright (c) Network Time Foundation 2011-2020 *
* *
* All Rights Reserved *
* *
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Peter: clarify security impact, document COPYRIGHT change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9daf7483e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues (1.1.1e):
CVE-2019-1551 [Low severity]: There is an overflow bug in the x64_64
Montgomery squaring procedure used in exponentiation with 512-bit moduli.
No EC algorithms are affected. Analysis suggests that attacks against
2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect
would be very difficult to perform and are not believed likely. Attacks
against DH512 are considered just feasible. However, for an attack the
target would have to re-use the DH512 private key, which is not recommended
anyway. Also applications directly using the low level API BN_mod_exp may
be affected if they use BN_FLG_CONSTTIME. Reported by OSS-Fuzz and Guido
Vranken.
https://www.openssl.org/news/secadv/20191206.txt
CVE-2019-1563 [Low severity]: In situations where an attacker receives
automated notification of the success or failure of a decryption attempt an
attacker, after sending a very large number of messages to be decrypted, can
recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted
message that was encrypted with the public RSA key, using a Bleichenbacher
padding oracle attack. Applications are not affected if they use a
certificate together with the private RSA key to the CMS_decrypt or
PKCS7_decrypt functions to select the correct recipient info to decrypt.
Reported by Bernd Edlinger.
https://www.openssl.org/news/secadv/20190910.txt
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d397b231b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect
indication of disconnection in certain situations because source address
validation is mishandled. This is a denial of service that should have
been prevented by PMF (aka management frame protection). The attacker
must send a crafted 802.11 frame from a location that is within the
802.11 communications range.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 650d907c13)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect
indication of disconnection in certain situations because source address
validation is mishandled. This is a denial of service that should have
been prevented by PMF (aka management frame protection). The attacker
must send a crafted 802.11 frame from a location that is within the
802.11 communications range.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 749fbab0bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2017-6892: In libsndfile version 1.0.28, an error in the
"aiff_read_chanmap()" function (aiff.c) can be exploited to cause an
out-of-bounds read memory access via a specially crafted AIFF file.
- Fix CVE-2017-8361: The flac_buffer_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted audio file.
- Fix CVE-2017-8362: The flac_buffer_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(invalid read and application crash) via a crafted audio file.
- Fix CVE-2017-8363: The flac_buffer_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted
audio file.
- Fix CVE-2017-8365: The i2les_array function in pcm.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(buffer over-read and application crash) via a crafted audio file.
- Fix CVE-2017-12562: Heap-based Buffer Overflow in the
psf_binheader_writef function in common.c in libsndfile through 1.0.28
allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 76d5ab4d17)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
make-4.3 shipped with a backward incompatible change in how sharp signs
are handled in macros. Previously, up to make 4.2, the sharp sign would
always start a comment, unless backslash-escaped, even in a macro or a
fucntion call.
Now, the sharp sign is no longer starting a comment when it appears
inside such a macro or function call. This behaviour was supposed to be
in force since 3.81, but was not; 4.3 fixed the code to match the doc.
As such, use of external toolchains is broken, as we use the sharp sign
in the copy_toolchain_sysroot macro, in shell variable expansion to
strip off any leading /: ${target\#/}.
Fix that by applying the workaround suggested in the release annoucement
[0], by using a variable to hold a sharp sign.
[0] https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00004.html
Signed-off-by: Yaroslav Syrytsia <me@ys.lc>
[yann.morin.1998@free.fr:
- move the SHARP_SIGN definition out of Makefile and into support/
- expand the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 35c5cf56d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 xkb_state_key_get_layout (state=state@entry=0x0, kc=kc@entry=50) at ../src/state.c:217
Program terminated with signal SIGSEGV, Segmentation fault.
#0 XkbKey (kc=kc@entry=45, keymap=0x0) at ../src/keymap.h:430
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 75fbc58f3f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x
before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server
socket without configuring an authorization rule. A local attacker could
connect to this server socket and issue D-Bus method calls. (Note that
the server socket only accepts a single connection, so the attacker
would have to discover the server and connect to the socket before its
owner does.)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a9f38acbf2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles a file's user and group ownership
during move (and copy with G_FILE_COPY_ALL_METADATA) operations from
admin:// to file:// URIs, because root privileges are unavailable.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fc42ac086a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is
not used.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 062d0f6913)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c has race conditions because the admin backend
doesn't implement query_info_on_read/write.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e49aa31f5c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An incorrect permission check in the admin backend in gvfs before
version 1.39.4 was found that allows reading and modify arbitrary files
by privileged users without asking for password when no authentication
agent is running. This vulnerability can be exploited by malicious
programs running under privileges of users belonging to the wheel group
to further escalate its privileges by modifying system files without
user's knowledge. Successful exploitation requires uncommon system
configuration.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 346040e269)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add double quotes around the $@ variable to prevent word splitting.
Reported-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: s/globbing/word splitting/]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 30b6db05cb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libical allows remote attackers to cause a denial of service
(use-after-free) and possibly read heap memory via a crafted ics file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 69b51259a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer
vulnerability has been detected in the diraliases linked list. When the
*lookup_alias(const char alias) or print_aliases(void) function is
called, they fail to correctly detect the end of the linked list and try
to access a non-existent list member. This is related to init_aliases in
diraliases.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1d8426b32c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-7105: async.c and dict.c in libhiredis.a in hiredis
through 0.14.0 allow a NULL pointer dereference because malloc return
values are unchecked.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 40bc86afe9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It was searching for CONFIG_ASH=y and CONFIG_HUSH=y at $(@D)/.config,
which does not contain the package build path at the target-finalize
step. Use $(BUSYBOX_DIR), instead.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9ab1d565ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
$(TARGET_DIR)/usr/share/collectd/postgresql_default.conf
should not be removed when postgresql support is enabled,
as that module tries to load that file by default.
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 35e845700f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-0556: Improper access control in subsystem for BlueZ before
version 5.54 may allow an unauthenticated user to potentially enable
escalation of privilege and denial of service via adjacent access
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
Changes since version 5.52:
5.54:
Fix issue with HOGP to accept data only from bonded devices.
Fix issue with A2DP sessions being connected at the same time.
Fix issue with class UUID matches before connecting profile.
Add support for handling MTU auto-tuning option for AVDTP.
Add support for new policy for Just-Works repairing.
Add support for Enhanced ATT bearer (EATT).
5.53:
Fix issue with handling unregistration for advertisment.
Fix issue with A2DP and handling recovering process.
Fix issue with udpating input device information.
Add support for loading blocked keys.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3a678c952f)
[Peter: mention security issue]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The external toolchain configure step calls the
check_kernel_headers_version make function to compare the kernel
headers version declared in the configuration with the actual kernel
headers of the toolchain.
This function takes 4 arguments, but due to a missing comma what
should be the first two arguments are both passed into the first
argument. Due to this, when check_kernel_headers_version does:
if ! support/scripts/check-kernel-headers.sh $(1) $(2) $(3) \
$(if $(BR2_TOOLCHAIN_HEADERS_LATEST),$(4),strict); \
Then:
$(1) contains "$(BUILD_DIR) $$(call toolchain_find_sysroot,$$(TOOLCHAIN_EXTERNAL_CC))"
$(2) contains "$$(call qstrip,$$(BR2_TOOLCHAIN_HEADERS_AT_LEAST))"
$(3) contains "$$(if $$(BR2_TOOLCHAIN_EXTERNAL_CUSTOM),loose,strict))"
So from the point of view of check-kernel-headers.sh, it already has
four arguments, and therefore the additional argument passed by:
$(if $(BR2_TOOLCHAIN_HEADERS_LATEST),$(4),strict); \
is ignored, defeating the $(BR2_TOOLCHAIN_HEADERS_LATEST) test.
The practical consequence is that a toolchain that has 5.4 kernel
headers but declared as using 5.3 kernel headers does not abort the
build, because the check is considered "loose" while it should be
"strict".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 96f8d0bb46)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Radvd has its own main(), and does not use yywrap() from libfl.so,
because scanner.l module contains noyywrap option. So, none of the
functions exported by libfl.so are used, and there's no need to have
the flex runtime on target.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6274868bd1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- Fix a denial-of-service bug that could be used by anyone to
consume a bunch of CPU on any Tor relay or authority, or by
directories to consume a bunch of CPU on clients or hidden
services. Because of the potential for CPU consumption to
introduce observable timing patterns, we are treating this as a
high-severity security issue. Fixes bug 33119; bugfix on
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
as TROVE-2020-002 and CVE-2020-10592.
- Avoid a remotely triggered memory leak in the case that a circuit
padding machine is somehow negotiated twice on the same circuit.
Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
This is also tracked as TROVE-2020-004 and CVE-2020-10593.
For more details, see the changelog:
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.1.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When barebox, and thus barebox-aux, are downloaded from a git tree, then
barebox-aux download fails because a hash check is attempted on the
downloaded archive:
Could not fetch special ref 'v2020.03.0'; assuming it is not special.
ERROR: No hash found for barebox-aux-v2020.03.0.tar.gz
This is because we only exclude from the check the archive of the bare
barebox:
BR_NO_CHECK_HASH_FOR += $(BAREBOX_SOURCE)
However, the default name of an archive is based on the package name,
which for barebox-aux is not 'barebox'.
Since barebox-aux really uses the exact same source as the bare barebox,
it should also share the archive name.
This has two direct consequences and advantages:
- the hash check is completely avoided for the barebox-aux archive;
- the barebox-aux archive is not downloaded as it is already
downloaded for barebox.
Reported-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 451ee6fa54)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
perf auto-detects and uses the libbfd (from binutils) and openssl
libraries if they are detected and happen to be built before perf is,
but if they're not, or if per-package directories are enabled, it won't
detect these libraries. Explicitly add dependencies on these packages if
they are enabled, and disable the feature if not, so that the behavior
is deterministic.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 013cc68bf7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
================================================================================
Redis 5.0.8 Released Thu Mar 12 16:05:41 CET 2020
================================================================================
Upgrade urgency HIGH: This release fixes security issues.
[FIX] revisit CVE-2015-8080 vulnerability
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit caed3878a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
LLVM builds bindings for other languages such as Go and OCaml when the
appropriate dependencies can be found. We currently don't support
building these bindings in Buildroot, as they're currently unused by any
package.
Building these bindings was originally disabled by overriding the
dependencies with values indicating that they were not found.
Newer versions of LLVM no longer disable the OCaml bindings when overriding
OCAMLFIND. Consequently, the build process attempts to install the bindings
to the default location on the host of /usr/lib/ocaml/llvm, causing a
permissions error and build failure.
Additionally, LLVM has since added the variable LLVM_ENABLE_BINDINGS to
control whether bindings are enabled, so we override that to disable the
bindings.
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e6a1ee9a8a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The initramfs is not a reall filesystem, so it does not use the
$(rootfs) infrastructure.
As a consequence, the usual rootfs-related variables are not set,
especially the name, type, and dependencies of the (non-)filesystem.
Yet, it is present in the list of rootfs to build, and thus we end
up including it in the output of show-info. But the missing variables
yield an incorrect json:
"": {
"type": "",
"virtual": false,
"version": "",
"licenses": "",
"dl_dir": "",
"install_target": ,
"install_staging": ,
"install_images": ,
"downloads": [ ],
"dependencies": [ ],
"reverse_dependencies": [ ]
},
First, the object key is empty; second, the install_target,
install_staging, and install_images values are empty, which is not
valid (if they were null, that be OK though). Third, this is clearly
the layout of a 'package' entry, not that of a 'rootfs' entry.
An option to fix that would be to actually make use of the rootfs
infra. However, that would mean doing a lot of work for nothing
(there is actually nothing to do, yet the infra would still do a lot
of preparatory and clean up work).
The alternative is pretty simple: declare and set the variables as if
it were a real filesystem, so that show-info can filter it to the
proper layout and can spit out appropriate content (even if fake).
The third option would be to teach show-info (and its internal
implementation, the macro json-info) to ignore specific cases, like
no-name items, or replace empty values with null, or whatnots. This
again would be quite a lot of work for a single occurence.
So we go for the simple faked variables.
We add linux as a dependency, so that the graph-depends also properly
represent the dependency chain, which ends up with something liKe:
ALL
|
v
rootfs-initramfs
| |
v v
linux rootfs-cpio
which is pretty fitting in the end.
Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b42db7db9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If syslog-ng is selected in Buildroot and net-snmp is not, but net-snmp is
found on the host machine (at least its net-snmp-config script) then
compilation of syslog-ng fails with:
CC modules/snmp-dest/modules_snmp_dest_libsnmpdest_la-snmpdest-grammar.lo
CC modules/snmp-dest/modules_snmp_dest_libsnmpdest_la-snmpdest.lo
CC modules/snmp-dest/modules_snmp_dest_libsnmpdest_la-snmpdest-plugin.lo
arm-none-linux-gnueabi-gcc: ERROR: unsafe header/library path used in cross-compilation: '-I/usr/include'
make[3]: *** [Makefile:17397: modules/snmp-dest/modules_snmp_dest_libsnmpdest_la-snmpdest-grammar.lo] Error 1
make[3]: *** Waiting for unfinished jobs....
arm-none-linux-gnueabi-gcc: ERROR: unsafe header/library path used in cross-compilation: '-I/usr/include'
make[3]: *** [Makefile:17404: modules/snmp-dest/modules_snmp_dest_libsnmpdest_la-snmpdest.lo] Error 1
arm-none-linux-gnueabi-gcc: ERROR: unsafe header/library path used in cross-compilation: '-I/usr/include'
make[3]: *** [Makefile:17411: modules/snmp-dest/modules_snmp_dest_libsnmpdest_la-snmpdest-plugin.lo] Error 1
make[2]: *** [Makefile:21428: all-recursive] Error 1
make[1]: *** [Makefile:8740: all] Error 2
make[1]: Leaving directory '.../buildroot/output/build/syslog-ng-3.25.1'
make: *** [package/pkg-generic.mk:269: .../buildroot/output/build/syslog-ng-3.25.1/.stamp_built] Error 2
The path /usr/include is obtained via /usr/bin/net-snmp-config.
The fix comprises two parts:
1. only enable net-snmp support in syslog-ng if the net-snmp package is
enabled in Buildroot
2. for the case where net-snmp is selected in Buildroot, fix the configure
script of syslog-ng to allow parsing --with-netsnmp=<path> correctly.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4ff6e52392)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
