arm64 systems support SMBIOS, so update the dmidecode config
to allow building dmidecode for arm64.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6e00a671bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently makedevs silently ignores extended attributes with leading
whitespace, for example those added to a <PACKAGE>_PERMISSIONS following
the recommended style from check-package.
Makedevs already ignores leading whitespace for normal entries (file
permission changes and device files creation). Do the same for extended
attributes.
Fixes: #11191.
Reported-by: Jean-pierre Cartal <jpcartal@free.fr>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2d8d5ced10)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
*) SECURITY: CVE-2018-8011 (cve.mitre.org)
mod_md: DoS via Coredumps on specially crafted requests
*) SECURITY: CVE-2018-1333 (cve.mitre.org)
mod_http2: DoS for HTTP/2 connections by specially crafted requests
Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.34
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8ef1aaa084)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the output directory is nested under a long path name, calling the
gdbus-codegen, glib-genmarshal, or glib-mkenums scripts throws the
error:
> '/usr/bin/env: /...: No such file or directory'
This is because libglib2 uses the absolute path to the python
interpreter for its shebang statements, and shebangs have a max length
of 127 chars[1]. A long absolute path will be cut off and appear as a
missing file.
Since the host Python is present in the $PATH passed to all packages, we
can copy the workaround from Yocto and just use the python interpreter
in $PATH[2]. However, 'python' is used instead of 'python3' as the
scripts are compatible with both.
[1] https://linux.die.net/man/2/execve
[2] http://cgit.openembedded.org/openembedded-core/commit/?id=eef7883587acc933d6f34b559ec03ff84d18573b
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: David Owens <david.owens@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3ab5dfb548)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Starting from kernel version 4.15, Linux supports loading
regulatory.db and regulatory.db.p7s files directly from /lib/firmware,
without the need of crda. If the kernel can't load those files it'll
fallback to using crda, but the direct way is preferred.
This patch copies those those files under /lib/firmware. The use of
crda shouldn't be necessary with kernels of 4.15 or later.
Signed-off-by: Christoph Engelbert <me@noctarius.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 39e4b46748)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The bind configure.in now checks for "${with_zlib}/include/zlib.h".
Remove the redundant "include/".
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ba3c7e806d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-5738: When recursion is enabled but the allow-recursion
and allow-query-cache ACLs are not specified, they should be limited to
local networks, but they were inadvertently set to match the default
allow-query, thus allowing remote queries.
Update license file hash; copyright year update.
Add reference to tarball signature key.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b36577a266)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Host GDB suffers a serious problem: pressing backspace (or ^W ^U or any other
"delete" key) results in a plain space being printed instead, making the
command prompt almost completely unusable.
That's because it's using host-ncurses, which embeds a path for the terminfo
database into the library itself. That path ends up being something like
/home/hollisb/buildroot.git/output/host/share/terminfo, which obviously doesn't
generally exist other hosts. ('relocate-sdk.sh' cannot and does not edit
binaries like libncurses.so.6, so doesn't resolve this problem.)
/usr/share/terminfo is a far better path to use, since it almost certainly
exists on the host. Theoretically, it could be from a different ncurses version
with incompatible terminfo database format, but this doesn't seem to be a
problem in practice. (Future patches could address the theoretical problem if
it actually appears in real life.)
This change allows buildroot's host gdb, which uses ncurses 6.x, to work on
RHEL5, RHEL6, and RHEL7, which all provide terminfo from ncurses 5.x.
Signed-off-by: Hollis Blanchard <hollis_blanchard@mentor.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b35ad5d0b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-0500: curl might overflow a heap based memory buffer when
sending data over SMTP and using a reduced read buffer.
Drop upstream patch.
Add reference to tarball signature key.
Drop CRYPTO_lock seed. Removed from configure script since 7.45.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf79731153)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* chacha20poly1305: use slow crypto on -rt kernels on arm too
Leftover from the last commit of the previous snapshot that we forgot to
handle.
* tools: getentropy requires macOS 10.12
Small build time fixup for old versions of macOS.
* queueing: remove useless spinlocks on sc
* queueing: re-enable preemption periodically to lower latency
* simd: encapsulate fpu amortization into nice functions
* simd: no need to restore fpu state when no preemption
This will improve general system latency on preempt-enabled systems, like
desktops.
* dns-hatchet: apply resolv.conf's selinux context to new resolv.conf
Fixes wg-quick's dns hatchet on CentOS.
* qemu: bump default kernel
By bumping to 4.17.2, we actually uncovered a bug in the SLUB allocator, which
upstream is now fixing: https://lkml.org/lkml/2018/6/18/1407
* noise: take locks for ss precomputation
* netlink: maintain static_identity lock over entire private key update
Minor locking correctness fixes and optimizations.
* noise: wait for crng before taking locks
We now make sure that an outgoing packet which needs a potentially unseeded
rng won't block a call to wg(8), which takes similar locks for retrieving
data.
* receive: drop handshake packets if rng is not initialized
If the rng is unseeded, we drop incoming handshake packets, so that it's not
possible for an attacker to fill the handshake queue thereby provoking
cookies.
* ratelimiter: mitigate reference underflow
* ratelimiter: do not allow concurrent init and uninit
Minor correctness and hardening fixes, which don't fix anything particular in
WireGuard, but might be useful if our ratelimiter is ever used elsewhere.
* compat: use stabler lkml links
* poly1305: add missing string.h header
Minor fixups.
* receive: don't toggle bh
The last snapshot caused a big performance regression, which we partially
revert here. This general matter, though, will be revisited in the future,
perhaps by switching to NAPI.
* main: test poly1305 before chacha20poly1305
* poly1305: give linker the correct constant data section size
While the default bfd linker did the right thing, gold would sometimes merge
section incorrectly because of an incorrect section length field, resulting in
wrong calculations.
* simd: add missing header
Fixes a compile error on a few odd kernels.
* global: fix a few typos
* manpages: eliminate whitespace at the end of the line
* tools: fix misspelling of strchrnul in comment
Cosmetic fixups.
* global: use ktime boottime instead of jiffies
* global: use fast boottime instead of normal boottime
* compat: more robust ktime backport
We now use the equivalent of clock_gettime(CLOCK_BOOTTIME) for doing age
checks on time-limited objects, such as ephemeral keys, so that on systems
where we don't clear before sleep (like Android), we make sure to invalidate
the objects after the proper amount of time, taking into account time spent
asleep.
* wg-quick: android: prevent outgoing handshake packets from being dropped
Recent android phones block outgoing packets using iptables while the system
is asleep. This makes sense for most services, but not for a tunnel device
itself, so we work around this by inserting our own iptables rule.
* device: print daddr not saddr in missing peer error
* receive: style
Debug messages now make sense again.
* wg-quick: android: support excluding applications
Android now supports excluding certain apps (uids) from the tunnel.
* selftest: ratelimiter: improve chance of success via retry
* qemu: bump default kernel version
* qemu: decide debug kernel based on KERNEL_VERSION
Some improvements to our testing infrastructure.
* receive: use NAPI on the receive path
This is a big change that should both improve preemption latency (by not
disabling it unconditionally) and vastly improve rx performance on most
systems by using NAPI. The main purpose of this snapshot is to test out this
technique.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 150fa57ed0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When json-c is enabled but libcurl is disabled, clamav tries to build
the clamsubmit program, which fails with:
CC clamsubmit.o
clamsubmit.c:6:23: fatal error: curl/curl.h: No such file or directory
#include <curl/curl.h>
This is due to an incorrect curl-config detection logic, leading to
/bin/curl-config being present making the configure script believe
that curl is available, even when --without-libcurl is explicitly
passed.
This commit adds a patch, submitted upstream, which fixes this
problem.
Fixes:
http://autobuild.buildroot.net/results/c43d2ebd8ab30016969d642dbd71c297dc5f6bab/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 037572ee56)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We need to install polkit before systemd if we want to enable
polkit integration, because systemd will not install polkit
policy files unless it finds polkit-gobject-1.
Signed-off-by: Asgeir Bjarni Ingvarsson <asgeir@appdynamic.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 0fe0c50d36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The original site www.liblogging.org has been taken down because of the
new European data protection regulation (GDPR), to which it was not
compliant.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9d1d513c65)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Perf profiling cannot be used if CONFIG_PERF_EVENTS is not enabled in the
kernel configuration. Similar to other tools, like ktap, we can enable the
right options automatically.
Signed-off-by: Jan Heylen <jan.heylen@nokia.com>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 63d76c6f2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit 52282828f0
("package/network-manager: add patches to build with kernel headers
3.2"), network-manager was changed to build with kernel headers as old
as 3.2, instead of 3.7 before. The dependency was changed accordingly,
but the Config.in comment was not.
This commit fixes this inconsistency.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 760dc48e15)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-9918: mishandle certain "expected dictionary key but
found non-name object" cases, allowing remote attackers to cause a
denial of service (stack exhaustion)
https://github.com/qpdf/qpdf/issues/202
Drop local SHA256 hash since we use upstream provided SHA512.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 473390a30c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
