| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| | |
Simple DNS resolver for asyncio.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Python interface for c-ares.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove the --without-* options from the yes side of the TLS libraries
selection checks.
Since the --without-* option is now specified when the corresponding TLS
library is not being used, it's no longer necessary when enabling a TLS
library to explicity list all the other TLS libs that curl should not
use.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| | |
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Indent with tabs.
- Use a function for start.
- Pass "-q" to iucode_tool to inhibit usual output that would otherwise
interfere with the operation status report.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
[Peter: drop dummy function with sed invocation not compatible with busybox]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Brings several fixes and enhancements. Check the change log at
https://gitlab.com/iucode-tool/iucode-tool/raw/v2.3.1/ChangeLog
Tested on an equipment with Intel C3000 processor.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The big "intel-microcode.dat" text file is gone. Only binary files are
provided, in the "intel-ucode" directory. Install it at /lib/firmware/,
like linux-firmware does, and update the iucode-tool init script to use
that path.
We don't install the microcode under "intel-ucode-with-caveats", since
it needs special commits in the Linux kernel (see "relnotes" for more
information).
Tested on an equipment with Intel C3000 processor.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We already turn on kernel features for several packages, so let's do it
for intel-microcode too, otherwise it's impossible to load the microcode
(by means of iucode-tools).
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of defaulting to OpenSSL, allow selection of package to use
through a choice in libcurl's config. The default will be to select the
first enabled TLS provider in the same preference order as is used now,
i.e. no change from current behavior.
Some of the alternative libraries have advantages over OpenSSL in
certain areas.
For example, gnutls has vastly superior PKCS11 support. One can use
client TLS private keys by supplying a PKCS11 URI instead of a private
key file name. The TLS server cert trust store can be a PKCS11 URI,
e.g. configure libcurl with a ca-bundle of "pkcs11:model=p11-kit-trust".
Now server certs can be stored in a software and/or hardware HSM(s).
This doesn't work with OpenSSL.
However, some software only supports OpenSSL for TLS or other crypto
functions. So it might be necessary to enable OpenSSL for that reason.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
[Peter: add BR2_PACKAGE_LIBCURL_TLS_SUPPORT and use it to hide choice &
comment, explitly pass --without-foo if option is not enabled,
only do .pc fixup if BR2_PACKAGE_LIBCURL_OPENSSL is enabled]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace $(BR2_KERNEL_MIRROR) by https://git.kernel.org/pub, which
fixes the download of this package:
>>> trace-cmd trace-cmd-v2.6.1 Downloading
Initialized empty Git repository in /home/thomas/dl/trace-cmd/git/.git/
Fetching all references
fatal: repository 'https://cdn.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git/' not found
Detected a corrupted git cache.
Removing it and starting afresh.
Initialized empty Git repository in /home/thomas/dl/trace-cmd/git/.git/
Fetching all references
fatal: repository 'https://cdn.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git/' not found
Detected a corrupted git cache.
This is the second time in a row; bailing out
--2018-11-11 21:08:00-- http://sources.buildroot.net/trace-cmd/trace-cmd-trace-cmd-v2.6.1.tar.gz
Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.210.19, 104.25.211.19, 2606:4700:20::6819:d313, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.210.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1859835 (1.8M) [application/x-gtar-compressed]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Update "basic set" help to include the new "choom" utility.
- Re-generate checksums for license files, whose names now follow the
SPDX License List.
- Pull a patch already applied upstream that make rtcwake use poweroff
if shutdown is not found (e.g. Busybox, which the default init system
on Buldroot).
- Pull a patch already submitted upstream to fix the output of escaped
characters by agetty.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| | |
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| | |
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| | |
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
c-ares has a LICENSE.md file since version 1.12 and
https://github.com/c-ares/c-ares/commit/4e861351d9deaef7b78aee50ce9229325f4fc59a
So use it instead of one of the source file and add its hash
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use pkg-config to find libxml2 to fix static build of squid
Add SQUID_AUTORECONF = YES and remove ac_cv_libxml2_include (not needed
anymore)
Fixes:
- http://autobuild.buildroot.org/results/7f23eb98c311b294c7f0e165279fa26909a5ff93
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Since bump to version 0.99.21 and commit
b20c77321fa87f880ead2f27ecf19fd7c4f436da, BR2_PACKAGE_QUAGGA_TCP_ZEBRA
has been wrongly rename into BR2_PACKAGE_QUAGGA_TCP_ZERBRA
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| | |
| |
| |
| | |
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes the following security vulnerability:
CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
denial of service due to resource exhaustion when processing getaddrinfo
calls with crafted host names. Reported by Guido Vranken.
Adhemerval Zanella (2):
Fix misreported errno on preadv2/pwritev2 (BZ#23579)
x86: Fix Haswell CPU string flags (BZ#23709)
Alexandra Hájková (1):
Add an additional test to resolv/tst-resolv-network.c
Andreas Schwab (2):
Fix stack overflow in tst-setcontext9 (bug 23717)
libanl: properly cleanup if first helper thread creation failed (bug 22927)
DJ Delorie (2):
malloc: tcache double free check
malloc: tcache double free check
Florian Weimer (9):
conform: XFAIL siginfo_t si_band test on sparc64
stdlib/test-bz22786: Avoid spurious test failures using alias mappings
stdlib/test-bz22786: Avoid memory leaks in the test itself
support_blob_repeat: Call mkstemp directory for the backing file
stdlib/tst-strtod-overflow: Switch to support_blob_repeat
nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]
support: Print timestamps in timeout handler
Revert "malloc: tcache double free check" [BZ #23907]
CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]
H.J. Lu (2):
i386: Use _dl_runtime_[resolve|profile]_shstk for SHSTK [BZ #23716]
Check multiple NT_GNU_PROPERTY_TYPE_0 notes [BZ #23509]
Ilya Yu. Malakhov (1):
signal: Use correct type for si_band in siginfo_t [BZ #23562]
Istvan Kurucsai (1):
malloc: Additional checks for unsorted bin integrity I.
Joseph Myers (2):
Update syscall-names.list for Linux 4.18.
Update kernel version in syscall-names.list to 4.19.
Moritz Eckert (1):
malloc: Mitigate null-byte overflow attacks
Paul Eggert (1):
Fix tzfile low-memory assertion failure
Paul Pluzhnikov (2):
Fix BZ#23400 (creating temporary files in source tree), and undefined behavior in test.
[BZ #20271] Add newlines in __libc_fatal calls.
Pochang Chen (1):
malloc: Verify size of top chunk.
Rafal Luzynski (1):
kl_GL: Fix spelling of Sunday, should be "sapaat" (bug 20209).
Stefan Liebler (2):
Fix race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP [BZ #23275]
Test stdlib/test-bz22786 exits now with unsupported if malloc fails.
Szabolcs Nagy (2):
i64: fix missing exp2f, log2f and powf symbols in libm.a [BZ #23822]
Increase timeout of libio/tst-readline
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes [1]:
/tmp/ccD2Tule.s: Assembler messages:
/tmp/ccD2Tule.s:682: Error: opcode not supported on this processor: mips32r6 (mips32r6) `movn $2,$4,$7'
/tmp/ccD2Tule.s:2767: Error: opcode not supported on this processor: mips32r6 (mips32r6) `movn $2,$4,$7'
[1] http://autobuild.buildroot.net/results/f0253d1ed11021d3e5914a5161360de3ef3d1641
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Debug build of qsgtexture fails on uclibc since version 5.11 and
https://github.com/qt/qtdeclarative/commit/7c507eaac3f848f92f2ebdafe8ded4a064d68351:
scenegraph/util/qsgtexture.cpp:69:22: fatal error: execinfo.h: No such file or directory
#include <execinfo.h>
Indeed, !defined(__UCLIBC__) has been replaced by defined(__GBLIBC__) to
fix build on musl but as a result, build fails on uclibc because uclibc
also defines __GLIBC__ (and it does not have execinfo like musl)
This error is raised only when building in debug mode because
CAN_BACKTRACE_EXECINFO is undefined if QT_NO_DEBUG is set
So keep defined(__GLIBC__), but put back !defined(__UCLIBC__)
Fixes:
- http://autobuild.buildroot.org/results/6fce0ce5aea943e097532efbbc8d1e28f41e5866
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
getArgTypeList is defined both in ext/intl/msgformat/msgformat_helpers.cpp
and icu library so add a !BR2_STATIC_LIBS dependency to
BR2_PACKAGE_PHP_EXT_INTL
Fixes:
- http://autobuild.buildroot.org/results/628b677d1ceb8b404265d89357225e0a1dce1407
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There is currently no version of gdbserver for RISC-V. Until this
is implemented we will prevent both the direct and indirect
selection of gdbserver for RISC-V builds. In practice this means
that 'cross gdb for the host' cannot be selected and that
'full debugger' must be automatically selected for the gdb target
package.
[Peter: simplify logic, add comment]
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The following error is raised by minizip:
[100%] Linking C executable minizip
/home/peko/autobuild/instance-0/output/host/m68k-buildroot-uclinux-uclibc/sysroot/usr/lib/libbsd.a(arc4random.o):
In function `_rs_init.part.1':
arc4random.c:(.text+0xaa): undefined reference to `__register_atfork'
collect2: error: ld returned 1 exit status
As specified in openssl/Config.in, uClibc on noMMU doesn't provide
__register_atfork() so add a dependency on
!(BR2_TOOLCHAIN_USES_UCLIBC && !BR2_USE_MMU) on libbsd and minizip
Don't add this dependency to netcat-opensd as it already depends on
glibc
Don't add this dependency to BR2_PACKAGE_BLUEZ_ALSA_HCITOP because
bluez-alsa already depends on BR2_USE_MMU
Concerning fwts, just update comment on BR2_USE_MMU
Fixes:
- http://autobuild.buildroot.org/results/df2dcbdceaa01a2ae37bf09140e4dbef0a5b9489
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If BR2_PACKAGE_LAPACK is enabled (without BR2_PACKAGE_CLAPACK), build of
python-numpy will fail if lapack is built before python-numpy because
lapack does not provide blas library
So disable BLAS and LAPACK through PYTHON_NUMPTY_ENV if
BR2_PACKAGE_CLAPACK is not set
Fixes:
- http://autobuild.buildroot.org/results/41671976c7be7883f31ee5f51ca0eb90b81262fd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes:
http://autobuild.buildroot.org/results/020/02039969b16534d4020ecd4574bae71b91c1e6b8/ (flannel)
http://autobuild.buildroot.org/results/e95/e9528b06b350ef84c1e2cb59fba87b4db77b4660/ (docker-engine)
[...]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By default, the go compiler will spawn as many jobs as there are CPUs
available, thus possibily over-shooting the limits set by the user.
Make it abide by the user's wish, and specify the number of jobs allowed
to run.
We can do so without fear of a package failing to build in parallel,
because they were already all building in parallel, as that is the
default for the go compiler.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pass -Werror=shadow in args of cc.compiles in meson.build otherwise test
will always succeed, causing -Werror=shadow to be passed, even on older gcc versions.
GCC 4.8 changed the behaviour of -Werror=shadow to no longer complain about
local variable declariations shadowing functions, which systemd has. From
the changelog:
The option -Wshadow no longer warns if a declaration shadows a function
declaration, unless the former declares a function or pointer to function,
because this is a common and valid case in real-world code.
https://www.gnu.org/software/gcc/gcc-4.8/changes.html
Fixes:
- http://autobuild.buildroot.org/results/ffd71c473d3b29618c18cd2e04705370266696f2
[Peter: extend commit message, add gcc 4.8 link]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes the following security vulnerabilities:
- CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to
bypass a sandbox protection mechanism via vectors involving errorhandler
setup. NOTE: this issue exists because of an incomplete fix for
CVE-2018-17183.
- CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to
bypass a sandbox protection mechanism via vectors involving the 1Policy
operator.
- CVE-2018-19409: An issue was discovered in Artifex Ghostscript before
9.26. LockSafetyParams is not checked correctly if another device is
used.
- CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended access restrictions because available
stack space is not checked when the device remains the same.
- CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended access restrictions because of a
setcolorspace type confusion.
- CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended access restrictions because of a
JBIG2Decode type confusion.
For more details, see the release notes:
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
this dependency was accidentally removed
by https://git.busybox.net/buildroot/commit/package/perl-net-ssleay?id=da9e06cabc578bf9138e100d1492a2d5f2038415
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
According to [1]:
- fixes CVE-2018-6942: A NULL pointer dereference in the Ins_GETVARIATION()
function within ttinterp.c could lead to DoS via a crafted font file
- needs '--enable-freetype-config' for freetype-config installation
[1] https://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?id=86bc8a95056c97a810986434a3f268cbe67f2902
[Peter: also pass --enable-freetype-config for host variant]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
domoticz will fail to build with python and older cmake
Indeed, find_package(PythonLibs 3.4) will not recognize python 3.7 until
cmake 3.7 and the following commit:
https://github.com/Kitware/CMake/commit/c31573b9641e0f1bc7a34149506db51f3494323b
To fix this, add a call to find_package(PythonInterp). Indeed, if
FindPythonInterp has already found the major and minor version, that
version will be inserted between the user supplied versions and the
stock version list since cmake in version 3.1 and
https://github.com/Kitware/CMake/commit/3816cd2dc7a7cc220e4f1b1e87fee986545b9cb3
Fixes:
- http://autobuild.buildroot.org/results/8e82501a7b49da628ec026132ffca44c0c813040
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes the following security vulnerabilities:
*) Microarchitecture timing vulnerability in ECC scalar multiplication
OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
shown to be vulnerable to a microarchitecture timing side channel attack.
An attacker with sufficient access to mount local timing attacks during
ECDSA signature generation could recover the private key.
This issue was reported to OpenSSL on 26th October 2018 by Alejandro
Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
Nicola Tuveri.
(CVE-2018-5407)
[Billy Brumley]
*) Timing vulnerability in DSA signature generation
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]
For more information, see the changelog:
https://www.openssl.org/news/cl102.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
PLATFORM is an environment variable used by xfsprogs' configure script
to determine the platform for which the applications are being built. If
we set some incorrect/unsupported value through e.g: export, this will
be picked up by xfsprogs' configure script and used as-is and assigned
to PKG_PLATFORM, which will lead to build failures.
If PLATFORM was empty/unset, then uname on the host building xfsprogs
gets used to determine the build platform, which again could be
incorrect if we e.g: built xfsprogs on a Darwin system.
Since we are obviously building for Linux, let's just make sure we
define it that way which solves both issues.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes the following security vulnerabilities:
- CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
- CVE-2018-16841:
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16851:
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16852:
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
- CVE-2018-16857:
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.9.3.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| | |
This patch bumps the Linux CIP kernel to version v4.4.154-cip28
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Disable gcc march mips64r2 detection (use compile flags already
set by buildroot only), avoids double setting like '-march=mips64
... -march=mips64r2 -mabi=64'.
Fixes [1]:
error: '-mips64r2' conflicts with the other architecture options, which specify a mips64 processor
[1] http://autobuild.buildroot.net/results/34f6e2352f1559f98c724fe5394db0035b42ddb1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add ${LTLIBICONV} to popt.pc.in so applications such as shairport-sync
will know that they must link with -liconv when building statically
Fixes:
- http://autobuild.buildroot.org/results/c5b0d1d2867e49c022a2ad971dd9f358ff0f3865
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
tests are enabled if gperf and zlib are found and they fail on:
/home/buildroot/autobuild/run/instance-0/output/build/msgpack-2.1.5/include/msgpack/v1/object.hpp:652:34:
error: 'void* memcpy(void*, const void*, size_t)' copying an object of non-trivial type 'struct msgpack::v2::object' from an array of 'const msgpack_object' {aka 'const struct msgpack_object'} [-Werror=class-memaccess]
std::memcpy(&o, &v, sizeof(v));
So disable them.
Fixes:
- http://autobuild.buildroot.org/results/7d7aa9723f02f9bc78dbf6248674be4d402199bf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
libid3tag uses a very old configure script.
When the toolchain lacks C++ and the build machine lacks /lib/cpp, this
old configure script fails because it can't find a C++ preprocessor that
is valid:
checking for arm-buildroot-linux-uclibcgnueabi-g++... no
checking whether we are using the GNU C++ compiler... no
checking whether no accepts -g... no
checking dependency style of no... none
checking how to run the C++ preprocessor... /lib/cpp
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
See `config.log' for more details.
This is yet another case that was tentatively fixed by bd39d11d2e
(core/infra: fix build on toolchain without C++), further amended by
4cd1ab15886 (core: alternate solution to disable C++).
However, this only works on libtool scripts that are recent enough, and
thus we need to autoreconf to get it.
We also need to patch configure.ac so that it does not fail on the
missing, GNU-specific files: NEWS, AUTHORS, and Changelog.
Fixes:
http://autobuild.buildroot.org/results/ac3/ac3870208aab6001db6b790b6c5dde64d08f7669/
http://autobuild.buildroot.org/results/cc1/cc18397f38dfd4f1e6605f7a6f58edab49b396ac/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have a patch that touches a .m4 file, so we need to regenerate the
configure script. Otherwise, this is done during the build step, and
some environment variables are thus missing and the build may fail when
the host machine does not have the expected autostuff tools.
Fixes:
http://autobuild.buildroot.org/results/e37/e37e61bae1d81a7956e2843be70fea84b0bbb64b/
http://autobuild.buildroot.org/results/f96/f969718402cae71446d6280ec1f66d357a155293/
...
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/125631911
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/125631916
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/125631915
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| | |
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
