OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build 2018-09-01T13:49:46+00:00 2018-09-01T13:49:46+00:00 Thomas Petazzoni thomas.petazzoni@bootlin.com 2018-09-01T13:49:46+00:00 urn:sha1:cd7e62cf4ed6e760b14d6e34c71ff8db1f214be4 For no reason, the tld-parser.py script was changed from using "python" to using "python3" in upstream commit 4b924e573da307436169d5ef7e04c0ab85b36ef9. This patch reverts this change to fix the build of libsoup on systems that don't have Python 3.x installed. It avoids the need to add host-python3 as a dependency. Furthermore, the tld-parser.py script has anyway been removed upstream, and replaced by a dependency on a separate library providing TLD information. Therefore, there is no risk of this particular script becoming Python 3 only. Fixes: http://autobuild.buildroot.net/results/91c2d6a1ca011787130db06695d6cd9e882f7258 http://autobuild.buildroot.net/results/a318e595f02937534b3f8698ef4c04194a8b34af Thanks to Asaf Kahlon <asafka7@gmail.com> for some initial work/research on this build issue. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-08-28T20:38:10+00:00 Baruch Siach baruch@tkos.co.il 2018-08-28T09:27:26+00:00 urn:sha1:91d65f300016517eee95cc7f0bdf719a124a2af5 Fixes CVE-2018-12910: The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-07-03T19:39:10+00:00 Baruch Siach baruch@tkos.co.il 2018-07-03T16:56:21+00:00 urn:sha1:adf2cf0b42b346cfa7e50e615b66d0e8756fcf59 Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-06-30T16:41:41+00:00 Baruch Siach baruch@tkos.co.il 2018-06-29T10:44:04+00:00 urn:sha1:caddfa6237c75096fb6d883101d6ce161acc56a6 This reverts commit 694cdb9273433e8a1278e2e3bb2a7fe2004aa813. Just like commit 68c3f5257d94 (Revert "gnutls: make it non-wchar friendly") before. It turns out that gnulib expects some other library to provide a wctomb() implementation. So when the C library does not provide one it is left as undefined symbol in libgnutls.so. Add a comment to reduce the chance of repeating the same mistake again. Fixes: http://autobuild.buildroot.net/results/86f/86f08276fcb0cc557ab3cc5f57229b2c0c6ac2d7/ http://autobuild.buildroot.net/results/7c4/7c4bcb839f0ad5bc0496b4115ff391a3b312581a/ http://autobuild.buildroot.net/results/1c3/1c353f542c49bbe5520266c0ebb6a58589032453/ Reported-by: Matt Weber <matthew.weber@rockwellcollins.com> Cc: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-06-22T09:43:33+00:00 Baruch Siach baruch@tkos.co.il 2018-06-22T05:38:41+00:00 urn:sha1:694cdb9273433e8a1278e2e3bb2a7fe2004aa813 Commit 19448f40a0 (gnutls: use included unistring unless libunistring is selected) made libunistring an optional dependency. So now gnutls no longer depend on wchar. Drop wchar dependency of libmicrohttpd and libsoup, which are gnutls reverse dependencies that do not depend themselves on wchar. Update the comments in libsoup and taskd; the wchar dependency is now not due to gnutls. Cc: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-09-08T09:14:09+00:00 Peter Korsgaard peter@korsgaard.com 2017-09-07T15:07:54+00:00 urn:sha1:0f5398f0e61992bd836474b7350c16f00459d0a5 Fixes CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding For more details, see https://bugzilla.gnome.org/show_bug.cgi?id=785774 While we're at it, add a hash for the license file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-05-29T20:52:34+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2017-05-25T16:34:43+00:00 urn:sha1:30ed9de2fd8a572ffce26f7a9c8187335c567668 The gnutils code uses __attribute__((constructor)) and __attribute__((destructor)) to call constructor/desctructor when a shared library is loaded. Constructor/desctructor are not used when a static library is used (except when if -Wl,--whole-archive -lgnutls -Wno-whole-archive is used, not tested). Even if gnutls initialization (_gnutls_global_init()) may be called manually, the gnutls maintainer said it's not supported [1]. "Note that static linking applications with gnutls is not something supported. gnutls relies on library constructors and destructors which are not loaded when linking statically." Now the gnutls script warns about static linking [2]. So disable gnutls statically by adding "depends on !BR2_STATIC_LIBS" at Kconfig level and --disable-static in GNUTLS_CONF_OPTS. Fixes: [taskd] http://autobuild.buildroot.net/results/c2d/c2dd5c1c9dc87d2943c15e58ee56e67d7375368c [ffmpeg] http://autobuild.buildroot.net/results/892/8926d319d6d1cd1ee72239ad7d9ca869d2355628 [sngrep] http://autobuild.buildroot.net/results/f7f/f7fb42d3742f6f01000a0d181e0c785640284405 [1] https://gitlab.com/gnutls/gnutls/issues/203 [2] https://gitlab.com/gnutls/gnutls/commit/6b748886799f88ddee9721dba4fc4d52854832ae Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> [Romain: merge our two patches together add some option comment disable static libgnutls.a add sngrep autobuilder reference] Signed-off-by: Romain Naour <romain.naour@gmail.com> Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de> [Thomas: do not disable libgnutls.a] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-04-01T13:19:13+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:37+00:00 urn:sha1:9254f022669e1494e5c6c6ee9a4bed9265a5aaa4 We want to use SPDX identifier for license string as much as possible. SPDX short identifier for LGPLv2/LGPLv2+ is LGPL-2.0/LGPL-2.0+. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2(\+)?/LGPL-2.0\1/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-09-20T18:07:55+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-09-20T15:01:33+00:00 urn:sha1:a557b95f98ff24073b0fa9deddafc09365194613 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-04-26T19:55:37+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-04-26T16:58:24+00:00 urn:sha1:41de39f3bc927e2998c30d783fc4e70b3b9dc283 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>