rpcbind is only used by nfsd to export nfs share supporting older
v2, v3 protocols.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- move the select to the corresponding symbol
- tweak the commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 95fdf09731)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://www.python.org/downloads/release/python-387/
Changelog:
https://docs.python.org/release/3.8.7/whatsnew/changelog.html
Fixes the following security issues:
- bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when
processing malformed Apple Property List files in binary format.
- bpo-42051: The plistlib module no longer accepts entity declarations in
XML plist files to avoid XML vulnerabilities. This should not affect
users as entity declarations are not used in regular plist files.
- bpo-40791: Add volatile to the accumulator variable in
hmac.compare_digest, making constant-time-defeating optimizations less
likely.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add -p argument that ignore that specified directory already exists.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9c5ef6018e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add -p argument that ignore that specified directory already exists.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d2d629ecd8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- use $(INSTALL), not "mkdir -p + cp"
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 25bd8ba690)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 2008 pcre is a hard-dependency of php:
aa64c6727c
Instead of optionally depending on the pcre2 package and building the
bundled pcre2 code of php in case BR2_PACKAGE_PCRE2 was not selected
we let php depend on pcre2.
While being at it rename the pcre-related configure option due to
upstream commit:
c1a22f3d4e
Fixes:
http://autobuild.buildroot.net/results/4a5/4a582af6b66c59a61b75a7047d8530202972ebdd/
because the pcre2 package already contains the fix for mips r6.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: keep the JIT option]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fabb1243ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An 'else' or 'elif' clause inside a make conditional should not be indented
in the same way as the if/endif clause. check-package did not recognize the
else statement and expected an indentation.
For example:
ifdef FOOBAR
interesting
else
more interesting
endif
would, according to check-package, need to become:
ifdef FOOBAR
interesting
else
more interesting
endif
Treat 'else' and 'elif' the same as if-like keywords in the Indent test, but
take into account that 'else' is also valid shell, so we need to correctly
handle line continuation to prevent complaining about the 'else' in:
ifdef FOOBAR
if true; \
... \
else \
... \
fi
endif
We don't add the 'else' and 'elif' statements to start_conditional, because
it would cause incorrect nesting counting in class OverriddenVariable.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a1bb132a81)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 7105e65cd6 ("package/openvpn:
adds target install of systemd unit files") added the installation of
systemd unit files. But in fact, they can be installed by openvpn's
build system. It was simply not working due to the custom install step
implemented in openvpn.mk.
So instead, let's have the autotools-package infra call "make
install", which properly installs everything that's needed for
openvpn, including systemd units, but also plugins, etc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 30bc58d376)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Dependency on threads comes from libllcp itself not from libusb (which
is not even selected)
While at it, also add a comment about this dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b9dc970909)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The upstream git tree has disappeared, but a ZIP file is still hosted
somewhere at NXP. The content of that zip file has been verified to be
100% identical to the tarball we hosted on s.b.o.
As this is a zip file, we can't use the generic extract commands, and
must come up with our own. As such, it no longer makes sense to fix the
CRLF as a post-extract hook; this is moved to the extract command.
Add a hash file while at it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bd560b6da5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the folloing build failure with protobuf (enabled since commit
31c68a449e) and gcc 5.3.0:
[ 53%] Building CXX object modules/dnn/CMakeFiles/opencv_dnn.dir/opencv-caffe.pb.cc.o
In file included from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/atomic:38:0,
from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/google/protobuf/io/coded_stream.h:115,
from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.h:23,
from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.cc:4:
/home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/bits/c++0x_warning.h:32:2: error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support must be enabled with the -std=c++11 or -std=gnu++11 compiler options.
#error This file requires compiler and library support \
^
Fixes:
- http://autobuild.buildroot.org/results/7caf175af039054a032b8f63b458b3940d9ec0f3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf96f4e8d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenCV-3's buildsystem will try to detect ccache and use it if
available. This may yield a system-installed ccache.
However, in Buildroot, ccache is entirely hidden away and handled in the
toolchain wrapper.
Forcibly disable detection of ccache.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 505e7f4771)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In buildroot, stripping for the target is configured and implemented
with the global `BR2_STRIP_strip` option that drive the stripping in
the target-finalize step.
So, we explicitly disable stripping at build time for the target
variants.
For the host variants, however, we don't much care about symbols and
stuff, but smaller executables will hopefully load faster than bigger
ones (disputable, given that sections in ELF files are paged-in
on-demand), so we explictly enable stripping.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
- add burb about the target-finalize step
- enable stripping for host variants
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3f39f902b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server
and was fixed in openldap 2.4.55, during a request for renaming RDNs. An
unauthenticated attacker could remotely crash the slapd process by sending
a specially crafted request, causing a Denial of Service.
- CVE-2020-25709: Assertion failure in CSN normalization with invalid input
- CVE-2020-25710: Assertion failure in CSN normalization with invalid input
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 09a565d940)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
application that allows an attacker to trigger a DNS request for a host of
their choice could trigger a Denial of Service by getting the application
to resolve a DNS record with a larger number of responses.
https://nodejs.org/en/blog/release/v12.19.1/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f359580796)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will avoid the following build failure with xtensa:
[ 62%] Linking CXX executable ../../guids_test
[ 62%] Building CXX object retrace/CMakeFiles/retrace_common.dir/retrace.cpp.o
CMakeFiles/guids_test.dir/guids_test.cpp.o:(.debug_line+0xf7b): dangerous relocation: overflow after relaxation
collect2: error: ld returned 1 exit status
lib/guids/CMakeFiles/guids_test.dir/build.make:85: recipe for target 'guids_test' failed
Fixes:
- http://autobuild.buildroot.org/results/8fea93a88bb34e98e391a048c3b996b45ebac803
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0d209dce35)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In a Linux system without IPv6 support (or booted with "ipv6.disable=1")
file /proc/net/snmp6 is not present. If such file is not present an allocated
memory is not freed. Memory leak occurs even without snmp queries.
Problem seen at least since netsnmp 5.7.3 (probably even v5.6.1).
Patch backported from netsnmp 5.9, where the problem does not appear any more.
Signed-off-by: Adam Wujek <dev_public@wujek.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5e6f6e0745)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that
$ssl_force_tls was processed if an IMAP server's initial server response
was invalid. The connection was not properly closed, and the code could
continue attempting to authenticate. This could result in authentication
credentials being exposed on an unencrypted connection, or to a
machine-in-the-middle.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 89a9f74fa8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_QT5BASE_OPENSSL was dropped by commit 4be1f9b9873
(package/qt5enginio: drop qt 5.6 support), but python-pyqt5 not updated to
match. Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 54854dc44e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before
7.0.10-40 mishandles the -authenticate option, which allows setting a
password for password-protected PDF files. The user-controlled password
was not properly escaped/sanitized and it was therefore possible to
inject additional shell commands via coders/pdf.c.
- Update license hash (correct wording to match Apache 2 license:
45e5d2493c)
https://github.com/ImageMagick/ImageMagick/blob/7.0.10-51/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b898e80639)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-14318: Crypto++ 8.2.0 and earlier contains a timing side
channel in ECDSA signature generation. This allows a local or remote
attacker, able to measure the duration of hundreds to thousands of
signing operations, to compute the private key used. The issue occurs
because scalar multiplication in ecp.cpp (prime field curves, small
leakage) and algebra.cpp (binary field curves, large leakage) is not
constant time and leaks the bit length of the scalar among other
information. For details, see:
https://github.com/weidai11/cryptopp/issues/869
- Update license hash due to the addition of ARM SHA1 and SHA256 asm
implementation from Cryptogams
1a63112faf4c9ca6b723https://www.cryptopp.com/release830.html
[Peter: adjust CVE info, issue is fixes in 8.3.0]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e7c789d48f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
