The proftpd configure script doesn't use pkg-config to detect openssl
libraries. Instead, it just adds -lcrypto. Since openssl may be linked
with pthread, it tries to detect that by calling 'openssl version -f',
which gives the arguments with which openssl was compiled.
Since the openssl executable used is either host-openssl or the system
installed openssl, the output of 'openssl version -f' is useless in
Buildroot context. If the target toolchain doesn't have threads support,
it will wrongly pick up -pthread from host-openssl.
Fortunately there is a simple workaround: --without-openssl-cmdline says
that there is no openssl executable and skips the test, so -pthread is
not added. It turns out -pthread is never needed, even in static linking
cases, because openssl/libressl puts the thread support in a separate
object file that only gets linked in if the program actually uses
threads (which proftpd doesn't).
Fixes:
http://autobuild.buildroot.net/results/9c25c3cb3cf93b76c0538c5376a803641bf6575b
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Rewrite commit log, after additional analysis and testing]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 51bb23652f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
COPYING contains only the license for GPL-2.0 so use the new license
files that have been added in the Licenses directory since version
2018.03 and
32c1f98eac
Also update GPL-2.0+ to "GPL-2.0+ with OpenSSL exception" and add
Exceptions file, see:
66d0dbe80f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d5f4b3621d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add -lz to id3tag.pc, this fix is needed to be able to use pkg-config in
madplay to find id3tag dependencies
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit aa813cd9ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The MPD project dropped autotools support in version 0.21.x in favor of
meson. While adapting the package to the meson build infrastructure, the
recognition of libid3tag failed, as only pkg-config is used to detect
the library. Note, that the version bump of the mpd package to 0.21.x is
not submitted, yet.
To help finding the build system to detect libid3tag with pkg-config
properly, add a .pc file and install it to staging.
This is exactly what Debian and Fedora do as well.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d6b68e6b6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
madplay uses a very old configure script.
When the toolchain lacks C++ and the build machine lacks /lib/cpp, this
old configure script fails because it can't find a C++ preprocessor that
is valid:
checking for arm-buildroot-linux-uclibcgnueabi-g++... no
checking whether we are using the GNU C++ compiler... no
checking whether no accepts -g... no
checking dependency style of no... none
checking how to run the C++ preprocessor... /lib/cpp
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
See `config.log' for more details.
This is yet another case that was tentatively fixed by bd39d11d2e
(core/infra: fix build on toolchain without C++), further amended by
4cd1ab1588 (core: alternate solution to disable C++).
However, this only works on libtool scripts that are recent enough, and
thus we need to autoreconf to get it.
We also need to patch configure.ac so that it does not fail on the
missing, GNU-specific files: NEWS, AUTHORS, and Changelog.
Finally, remove also patch on ltmain.sh and MADPLAY_LIBTOOL_PATCH=NO as
autoreconf will create an up to date ltmain.sh
Fixes:
- http://autobuild.buildroot.org/results/fc927de0e9a42095789fb0a631d5facf14076f6e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c05cc5de86)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()
If django.utils.numberformat.format() – used by contrib.admin as well as the
the floatformat, filesizeformat, and intcomma templates filters – received a
Decimal with a large number of digits or a large exponent, it could lead to
significant memory usage due to a call to '{:f}'.format().
To avoid this, decimals with more than 200 digits are now formatted using
scientific notation.
https://docs.djangoproject.com/en/2.1/releases/1.11.19/
1.11.19 contained a packaging error, fixed by 1.11.20:
https://docs.djangoproject.com/en/2.1/releases/1.11.20/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e4bbdeec9d)
[Peter: drop 4.19.x/4.20.x, linux / hash changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2019-1000019: Crash when parsing some 7zip archives.
CVE-2019-1000020: A corrupted or malicious ISO9660 image can cause
read_CE() to loop forever.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0526c9f781)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
v3.2.0 has a bug in the configure step which causes it to fail when being
built against libressl. As libopenssl is selected as the default, the
autobuilders have not uncovered this failure. The issue has been confirmed
in LTS 2018.02.10 (probably broken prior to that as well) and is not
related to the Openssl bump to 1.1.x.
Thread with more details
http://lists.busybox.net/pipermail/buildroot/2019-February/243133.html
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 886f3109a5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2018-20330: Integer overflow causing segfault occurred when
attempting to load a BMP file with more than 1 billion pixels using the
`tjLoadImage()` function.
CVE-2018-19664: Buffer overrun occurred when attempting to decompress a
specially-crafted malformed JPEG image to a 256-color BMP using djpeg.
Cc: Murat Demirten <mdemirten@yh.com.tr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f60925beda)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Define CMAKE_INSTALL_RPATH only if ENABLE_SHARED is set otherwise the
following error is raised when installing binaries:
CMake Error at cmake_install.cmake:73 (file):
file RPATH_CHANGE could not write new RPATH:
/usr/lib
to the file:
/home/fabrice/buildroot/output/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/bin/rdjpgcom
No valid ELF RPATH or RUNPATH entry exists in the file;
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7f905250bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2019-6109: Due to missing character encoding in the progress
display, a malicious server (or Man-in-The-Middle attacker) can employ
crafted object names to manipulate the client output, e.g., by using
ANSI control codes to hide additional files being transferred. This
affects refresh_progress_meter() in progressmeter.c.
CVE-2019-6111: Due to the scp implementation being derived from 1983
rcp, the server chooses which files/directories are sent to the client.
However, the scp client only performs cursory validation of the object
name returned (only directory traversal attacks are prevented). A
malicious scp server (or Man-in-The-Middle attacker) can overwrite
arbitrary files in the scp client target directory. If recursive
operation (-r) is performed, the server can manipulate subdirectories as
well (for example, to overwrite the .ssh/authorized_keys file).
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7fe3741bc4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE identifiers: CVE-2019-6212,
CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226,
CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, and CVE-2019-6234.
Additionally, it contains a few minor fixes.
Release notes can be found in the announcement:
https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html
More details on the issues covered by securit fixes can be found
in the corresponding security advisory:
https://webkitgtk.org/security/WSA-2019-0001.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 971afefaab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, fixing a number of issues discovered post-1.5.6.
Drop patches as they are now included upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 640153775b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be treated as
valid. This typically means that the malformed data becomes a username and
no password. If this occurs, clients can circumvent authentication and get
access to the broker by using the malformed username. In particular, a
blank line will be treated as a valid empty username. Other security
measures are unaffected. Users who have only used the mosquitto_passwd
utility to create and modify their password files are unaffected by this
vulnerability. Affects version 1.0 to 1.5.5 inclusive.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined, which
means that no topic access is denied. Although denying access to all topics
is not a useful configuration, this behaviour is unexpected and could lead
to access being incorrectly granted in some circumstances. Affects versions
1.0 to 1.5.5 inclusive.
CVE-2018-12546: If a client publishes a retained message to a topic that
they have access to, and then their access to that topic is revoked, the
retained message will still be delivered to future subscribers. This
behaviour may be undesirable in some applications, so a configuration option
check_retain_source has been introduced to enforce checking of the retained
message source on publish.
Add two upstream post-1.5.6 patches to fix a build error in the bridge code
when ADNS is enabled and when building with older toolchains not defaulting
to C99 mode.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e478977071)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit 7fb6e78254 (core/instrumentation: shave minutes off the
build time), the built stampfile is used as a reference to detect files
installed by a package.
However, packages may install files keeping their mtime intact, and we
end up not detecting this. For example, the internal skeleton package
will install (e.g.) /etc/passwd with an mtime of when the file was
created in $(TOP_DIR), which could be the time the git repository was
checked out; that mtime is always older than the build stamp file, so
files installed by the skeleton package are never accounted for to that
package, or to any other package for that matters.
We switch to an alternate solution, which consists of storing some extra
metadata per file, so that we can more reasily detect modifications to
the files. Then we compare the state before the package is installed (by
reusing the existing list) and after the package is installed, compare
that to list any new file or modified files (in reality, ignoring
untouched and removed files). Finally, we store the file->package
association in the global list and store the new stat list as the global
list.
The format used for the .stat file is:
mtime:inode:perms:filetype:size,filename
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Trent Piepho <tpiepho@impinj.com>
[Peter: rename files, reformat, only look for files and symlinks and pass
LC_ALL=C to comm as pointed out by Thomas De Schampheleire]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3c8f0d9efa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Whether using the new sysusers.d snippet, or adding an entry to
/etc/password, set the service's home directory to /var/empty.
See README.privsep included as part of the openssh distribution.
Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9acbf811cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a runtime bug on compilers where unsigned char is the default.
Fixes a runtime bug where _state variable in the encoder and decoder
c++ objects where not initialized by the constructors.
Signed-off-by: Mikael Eliasson <mikael@robomagi.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3d76bde1a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When NetworkManager and dhcpcd packages are both enabled, dhcpcd
services and NetworkManager both spawn dhcpcd. This causes the network
port to retrieve an IP address and later lose it a few seconds after
startup.
This patch prevents dhcpcd services from launching dhcpcd if
NetworkManager is enabled.
Signed-off-by: Jim Brennan <jbrennan@impinj.com>
[Thomas: add a comment in the code to explain the seemingly strange
condition.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4b530daf42)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without support for vconsole, systemd will abruptly kill anything
spawned on the console, thus preventing users from loging in from
the console, effectively locking them out if the target does not
have another mean of logging in (no sshd, no serial line...)
We fix that by making support for vconsole default to y, since
logging in from the console if more frequent than not. Users can
still de-activate it when they know they don't need it.
Note that logging from a serial line is not impacted, and still
works whether vconsole is enabled or not.
Signed-off-by: David Fogle <david.j.fogle@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fc0787e76e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
trusted certificate with missing username field
(ssl_cert_username_field), under some configurations Dovecot
mistakenly trusts the username provided via authentication instead
of failing.
* ssl_cert_username_field setting was ignored with external SMTP AUTH,
because none of the MTAs (Postfix, Exim) currently send the
cert_username field. This may have allowed users with trusted
certificate to specify any username in the authentication. This bug
didn't affect Dovecot's Submission service.
For more details, see the announcement:
https://www.dovecot.org/list/dovecot-news/2019-February/000393.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The openssh privilege separation feature, enabled by default,
requires that the path /var/empty exists and has certain permissions
(not writable by the sshd user). Note that nothing ever gets writting
in this directory, so it works fine on a readonly rootfs.
See README.privsep included as part of the openssh distribution.
Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f85665c585)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Overriding variables in packages recipes is an error-prone practice.
Current behavior of installing either only as a script or only as a
binary is intended, as describe in the commit log of "d3e4db4e34
usb_modeswitch: bump to version 1.2.6" from 2013.
Rewrite the code to keep the same behavior while replacing variable
override [1] by conditional assignments [2].
[1]
VAR = ...
if ...
VAR = ...
[2]
if ...
VAR = ...
else
VAR = ...
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e25040d31a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "a554109af8 package/usb_modeswitch: disable parallel build" added
a unicode space in a comment. Replace it with a normal ASCII space for
consistency with elsewhere.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8be8c72c2b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit d1f545004b from 2014
because the added variables already existed. The real problem at the
time was that one of the pre-existent variables had a typo, fixed in a
later commit.
Currently AVRDUDE_LICENSE and AVRDUDE_LICENSE_FILES are declared twice
with the same values for each one. So remove one of them.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Wojciech M. Zabolotny <wzab01@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d6bce837ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since "57ace26b6c package/sdl_sound: add optional support for
libmodplug" from 2016, optional CONF_OPTS are added but they do not
really take effect because there is an unconditional override below the
conditional append.
Currently this does not cause build failures, but it can lead to wrong
detection of dependencies because many explicit --enable/--disable are
not passed to configure.
Fix this by moving the unconditional code to the top.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit df0d7d1371)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit "c5b85231fb s6-networking: enable SSL if libressl is selected"
actually dropped the dependency on s6-dns and s6 when libressl is
enabled.
Fix this by using += inside the conditional code.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 30ff614a03)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add backported patches for the following four security issues in libarchive.
There is no new release yet including these patches.
- CVE-2018-1000877 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000877)
"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(),
realloc(rar->lzss.window, new_size) with new_size = 0 that can result in
Crash/DoS. This attack appear to be exploitable via the victim must open a
specially crafted RAR archive."
- CVE-2018-1000878 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000878)
"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c that can result
in Crash/DoS - it is unknown if RCE is possible. This attack appear to be
exploitable via the victim must open a specially crafted RAR archive."
- CVE-2018-1000879 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000879)
"libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards
(release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference
vulnerability in ACL parser - libarchive/archive_acl.c,
archive_acl_from_text_l() that can result in Crash/DoS. This attack appear
to be exploitable via the victim must open a specially crafted archive
file."
- CVE-2018-1000880 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000880)
"libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards
(release v3.2.0 onwards) contains a CWE-20: Improper Input Validation
vulnerability in WARC parser -
libarchive/archive_read_support_format_warc.c, _warc_read() that can result
in DoS - quasi-infinite run time and disk usage from tiny file. This attack
appear to be exploitable via the victim must open a specially crafted WARC
file."
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 17ba24bac1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
