Compare commits

...

118 Commits

Author SHA1 Message Date
Peter Korsgaard b6a0f0d08d Update for 2020.08.3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 16:30:20 +01:00
Fabrice Fontaine c768514db9 package/opencv3: fix build with protobuf and gcc < 6
Fix the folloing build failure with protobuf (enabled since commit
31c68a449e) and gcc 5.3.0:

[ 53%] Building CXX object modules/dnn/CMakeFiles/opencv_dnn.dir/opencv-caffe.pb.cc.o
In file included from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/atomic:38:0,
                 from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/google/protobuf/io/coded_stream.h:115,
                 from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.h:23,
                 from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.cc:4:
/home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/bits/c++0x_warning.h:32:2: error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support must be enabled with the -std=c++11 or -std=gnu++11 compiler options.
 #error This file requires compiler and library support \
  ^

Fixes:
 - http://autobuild.buildroot.org/results/7caf175af039054a032b8f63b458b3940d9ec0f3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf96f4e8d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 14:45:20 +01:00
Yann E. MORIN 76736ca80a package/opencv3: do not detect ccache
OpenCV-3's buildsystem will try to detect ccache and use it if
available. This may yield a system-installed ccache.

However, in Buildroot, ccache is entirely hidden away and handled in the
toolchain wrapper.

Forcibly disable detection of ccache.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 505e7f4771)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 14:20:23 +01:00
Romain Naour bcac3a16da package/freescale-imx/imx-gpu-viv: install Vendor ICDs file (Vivante.icd)
Without this file, the clinfo binary provided by the package doesn't
detect the opencl support.

Fixes:
https://github.com/boundarydevices/buildroot-external-boundary/issues/5

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b37cd79daf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 09:33:43 +01:00
Romain Naour 24016d8ad5 board/boundarydevices: promote buildroot-external-boundary project
It may be useful for users using Boundary Devices boards to find
more advanced defconfigs than the one provided by Buildroot.

See:
https://github.com/boundarydevices/buildroot-external-boundary#configurations-details

Update the readme.txt to add the link to the br2_external maintained
by Boundary Devices.

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7554332284)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 09:30:21 +01:00
Gleb Mazovetskiy 84bbcbae7a package/pkg-meson: force-disable binary stripping
In buildroot, stripping for the target is configured and implemented
with the global `BR2_STRIP_strip` option that drive the stripping in
the target-finalize step.

So, we explicitly disable stripping at build time for the target
variants.

For the host variants, however, we don't much care about symbols and
stuff, but smaller executables will hopefully load faster than bigger
ones (disputable, given that sections in ELF files are paged-in
on-demand), so we explictly enable stripping.

Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
  - add burb about the target-finalize step
  - enable stripping for host variants
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3f39f902b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 09:20:41 +01:00
Fabrice Fontaine 6d02ca1550 package/dhcpcd: add udev optional dependency
udev is an optional dependency (enabled by default) since version 6.1.0:
https://github.com/rsmarples/dhcpcd/commit/12bbc8cb5c7507be15a7e0af4140c3d81125c46c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 580eac9468)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 09:10:28 +01:00
Fabrice Fontaine bb5d61cf2b package/dhcpcd: create dhcpcd user
privsep is supported since version 9.0.0 and
https://github.com/rsmarples/dhcpcd/commit/d5786118da1bad4c247631cae86344f1b249a8cb
It is enabled by default since
https://github.com/rsmarples/dhcpcd/commit/3a4c2e5604d72151b06ed365aa71493740a3ad75

So use --privsepuser to avoid that the detection mechanism finds a wrong
value from host and create it on the target

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13416

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9e20f09109)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 09:08:09 +01:00
Fabrice Fontaine cdf90d4cdb package/dhcpcd: enhance syntax
Add all configure options through DHCP_CONFIG_OPTS and avoid splitting
lines when they are less than 80 characters

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 909432e0bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 09:08:05 +01:00
Fabrice Fontaine 91ab8a90a8 package/mutt: add zlib optional dependency
zlib is an optional dependency which is enabled by default since version
1.14.1 and
https://gitlab.com/muttmua/mutt/-/commit/136ae0add512f21bc418f9e31a2f1b970ad1a490

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 554610803c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 09:01:47 +01:00
Fabrice Fontaine 8c47c1aa2e package/mutt: fix activation of openssl on imap
Activation of openssl for imap is broken since commit
0fcd010a2d because of the following typo:
BR2_PACKAGET_MUTT_IMAP

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dc1ec5b78b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 09:01:06 +01:00
Baruch Siach 65d54a269d libcurl: security bump to version 7.74.0
Fixes security issues:

CVE-2020-8286: Inferior OCSP verification

CVE-2020-8285: FTP wildcard stack overflow

CVE-2020-8284: trusting FTP PASV responses

Drop upstream patch.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 365ab82008)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 08:49:27 +01:00
Baruch Siach ffedd4dfa7 package/libcurl: fix build with libssh2 and disabled proxy
Add patch fixing build of libssh2 support when
BR2_PACKAGE_LIBCURL_PROXY_SUPPORT is disabled.

Fixes:
http://autobuild.buildroot.net/results/113407c1721b601cf2b721d0b78392622000cc3f/
http://autobuild.buildroot.net/results/a5abdcc6a12d2326da0fe3daf9ecbb96e5c6cac3/
http://autobuild.buildroot.net/results/ab1f7b9837ac74fad359e6c239f45ed25ad31df3/

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0fa9af8be0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 08:49:20 +01:00
Baruch Siach cf27826be9 package/libcurl: bump to version 7.73.0
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2d0be6577e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-27 08:49:16 +01:00
Asaf Kahlon b53c9554e1 package/{libuv, uvw}: bump to versions 1.40.0, 2.8.0_libuv_v1.40
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1931f9abf9)
[Peter: needed for nodejs]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-26 11:41:04 +01:00
Francois Perrad 7345f5bdf9 package/openldap: security bump to version 2.4.56
Fixes the following security issue:

- CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server
  and was fixed in openldap 2.4.55, during a request for renaming RDNs.  An
  unauthenticated attacker could remotely crash the slapd process by sending
  a specially crafted request, causing a Denial of Service.

- CVE-2020-25709: Assertion failure in CSN normalization with invalid input

- CVE-2020-25710: Assertion failure in CSN normalization with invalid input

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 09a565d940)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-24 12:48:52 +01:00
Marcin Niestroj 3d13c2d099 package/python-crc16: allow to build with python3
python3 is officially supported by package, as there is a usage example
at [1]. Simply remove dependency on BR2_PACKAGE_PYTHON.

[1] https://pypi.org/project/crc16/

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a7fdc5686b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-24 12:48:09 +01:00
Fabrice Fontaine 6ef77ae290 package/rauc: fix build with headers < 4.14
Fixes:
 - http://autobuild.buildroot.org/results/829ae7ed66686c11a941ac99bd08a06f754affb4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 45a09e9041)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-24 09:49:44 +01:00
Peter Korsgaard 5db1085529 package/nodejs: security bump to version 12.19.1
Fixes the following security issue:

- CVE-2020-8277: Denial of Service through DNS request (High).  A Node.js
  application that allows an attacker to trigger a DNS request for a host of
  their choice could trigger a Denial of Service by getting the application
  to resolve a DNS record with a larger number of responses.

https://nodejs.org/en/blog/release/v12.19.1/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f359580796)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-24 09:46:12 +01:00
Fabrice Fontaine 84e76715f7 package/apitrace: disable unit tests
This will avoid the following build failure with xtensa:

[ 62%] Linking CXX executable ../../guids_test
[ 62%] Building CXX object retrace/CMakeFiles/retrace_common.dir/retrace.cpp.o
CMakeFiles/guids_test.dir/guids_test.cpp.o:(.debug_line+0xf7b): dangerous relocation: overflow after relaxation
collect2: error: ld returned 1 exit status
lib/guids/CMakeFiles/guids_test.dir/build.make:85: recipe for target 'guids_test' failed

Fixes:
 - http://autobuild.buildroot.org/results/8fea93a88bb34e98e391a048c3b996b45ebac803

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0d209dce35)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-24 09:44:02 +01:00
Fabrice Fontaine a8015bbbf1 package/mongodb: bump to version 4.2.11
https://docs.mongodb.com/master/release-notes/4.2-changelog/#id1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5a4f13b8a8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-24 09:38:34 +01:00
Adam Wujek ec6f098e71 package/netsnmp: fix memory leak in IP-MIB when running without IPv6
In a Linux system without IPv6 support (or booted with "ipv6.disable=1")
file /proc/net/snmp6 is not present. If such file is not present an allocated
memory is not freed. Memory leak occurs even without snmp queries.

Problem seen at least since netsnmp 5.7.3 (probably even v5.6.1).
Patch backported from netsnmp 5.9, where the problem does not appear any more.

Signed-off-by: Adam Wujek <dev_public@wujek.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5e6f6e0745)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-24 09:36:54 +01:00
Fabrice Fontaine 478919b1a0 package/mutt: fix CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that
$ssl_force_tls was processed if an IMAP server's initial server response
was invalid. The connection was not properly closed, and the code could
continue attempting to authenticate. This could result in authentication
credentials being exposed on an unencrypted connection, or to a
machine-in-the-middle.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 89a9f74fa8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-23 23:06:38 +01:00
Fabrice Fontaine 65fee6362f package/mutt: bump to version 1.14.7
This is a bug-fix release, fixing a variety of small issues.

https://gitlab.com/muttmua/mutt/raw/stable/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit af757d9594)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-23 23:06:30 +01:00
Sergio Prado e1ac38480a package/mutt: bump version to 1.14.6
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b9f31a32ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-23 23:06:27 +01:00
Peter Korsgaard 9e7fc6024c package/rauc: security bump to version 1.5
Fixes the following security issue:

- CVE-2020-25860: Time-of-Check-Time-of-Use Vulnerability in code that
  checks and installs a firmware bundle.
  For more details, see the advisory:
  https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 41bbe8df54)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 15:16:22 +01:00
Peter Korsgaard 1126cdf639 package/python-pyqt5: fix qt5 openssl conditional
BR2_PACKAGE_QT5BASE_OPENSSL was dropped by commit 4be1f9b9873
(package/qt5enginio: drop qt 5.6 support), but python-pyqt5 not updated to
match.  Fix that.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 54854dc44e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 15:15:43 +01:00
Peter Korsgaard aab4f35a22 package/ti-sgx-*: fix s/correpsonds/corresponds/ typo
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 292475976f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 15:15:09 +01:00
Fabrice Fontaine 9870aa3528 package/ghostscript: bump to version 9.53.3
https://www.ghostscript.com/doc/9.53.3/News.htm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d1c5397e9e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 13:51:01 +01:00
Fabrice Fontaine f78858b9ea package/imagemagick: security bump to version 7.10.51
- Fix CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before
  7.0.10-40 mishandles the -authenticate option, which allows setting a
  password for password-protected PDF files. The user-controlled password
  was not properly escaped/sanitized and it was therefore possible to
  inject additional shell commands via coders/pdf.c.
- Update license hash (correct wording to match Apache 2 license:
  https://github.com/ImageMagick/ImageMagick/commit/45e5d2493c08e7cb49f7268c01d847e88f78fd6c)

https://github.com/ImageMagick/ImageMagick/blob/7.0.10-51/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b898e80639)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 11:54:22 +01:00
Fabrice Fontaine a0e2723447 package/cryptopp: security bump to version 8.3.0
- Fix CVE-2019-14318: Crypto++ 8.2.0 and earlier contains a timing side
  channel in ECDSA signature generation. This allows a local or remote
  attacker, able to measure the duration of hundreds to thousands of
  signing operations, to compute the private key used. The issue occurs
  because scalar multiplication in ecp.cpp (prime field curves, small
  leakage) and algebra.cpp (binary field curves, large leakage) is not
  constant time and leaks the bit length of the scalar among other
  information. For details, see:
  https://github.com/weidai11/cryptopp/issues/869

- Update license hash due to the addition of ARM SHA1 and SHA256 asm
  implementation from Cryptogams
  https://github.com/weidai11/cryptopp/commit/1a63112faf5af60e0ebcc60654eef806e7f6f11a
  https://github.com/weidai11/cryptopp/commit/4c9ca6b723b5ec5aab7eec720ad4d22598abe941

https://www.cryptopp.com/release830.html

[Peter: adjust CVE info, issue is fixes in 8.3.0]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e7c789d48f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 11:53:25 +01:00
Thomas De Schampheleire d407dcd104 package/ncurses: don't attempt calling ldconfig in host-ncurses
The host-ncurses install step attempts to run ldconfig, causing a permission
failure:

cd /buildroot/output/host/lib && (ln -s -f libncurses.so.6.0 libncurses.so.6; ln -s -f libncurses.so.6 libncurses.so; )
test -z "" && /sbin/ldconfig
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
make[3]: [/buildroot/output/host/lib/libncurses.so.6.0] Error 1 (ignored)

The error is non-fatal and ignored, but confusing.

The ncurses makefiles already avoid calling ldconfig when DESTDIR is set
(target case) but for host-ncurses DESTDIR is empty and the output/host path
is passed via --prefix.

Pass an empty ac_cv_path_LDCONFIG to the configure step, so than ldconfig is
not called.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 389f48fe90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 11:51:49 +01:00
Thomas De Schampheleire 8d80efb38b package/opkg-utils: needs Python3 on the host
The 'opkg.py' script installed by host-opkg-utils has as shebang:
    #!/usr/bin/env python3

which may not be available on all host machines.
Add a potential dependency on host-python3 via BR2_PYTHON3_HOST_DEPENDENCY,
which will only add the host-python3 dependency if no python3 is already
available on the host.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7dcd20f9d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 11:51:18 +01:00
Thomas Petazzoni b46fe00c03 DEVELOPERS: remove Thomas Davis
His e-mail has been bouncing for quite a while:

<sunsetbrew@sunsetbrew.com>: connect to
    sunsetbrew.com[2a05:d014:9da:8c10:306e:3e07:a16f:a552]:25: Network is
    unreachable

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd5eeabac0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 11:49:57 +01:00
Thomas Petazzoni faada8a71d DEVELOPERS: remove Owen Walpole
His e-mail has been bouncing for quite a while:

<owen@walpole.dev>: connect to mail.walpole.dev[99.91.194.115]:25: Connection
    timed out

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d98e906dfc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 11:49:53 +01:00
Tian Yuanhao 9d8c5d4166 package/pkg-golang.mk: postpone evaluation of TARGET_DIR and HOST_DIR
When BR2_PER_PACKAGE_DIRECTORIES=y, $(TARGET_DIR) is evaluated as
$(BASE_DIR)/target, but $$(TARGET_DIR) is evaluated as
$(BASE_DIR)/per-package/$(PKG)_NAME/target.

Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8d595c0d92)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 11:48:49 +01:00
Fabrice Fontaine 3f15816d79 package/tinycbor: fix build on musl
Fixes:
 - http://autobuild.buildroot.org/results/c23b694442e7f86cbdd14d8789b12e6a8fd26a70

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eaff5c39c1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 11:39:38 +01:00
Peter Korsgaard 901ea2b3bd package/wireshark: security bump to version 3.2.10
The following vulnerabilities have been fixed:
- wnpa-sec-2020-16 Kafka dissector memory leak. Bug 16739.
  CVE-2020-26418.
- wnpa-sec-2020-17 USB HID dissector crash. Bug 16958. CVE-2020-26421.
- wnpa-sec-2020-18 RTPS dissector memory leak. Bug 16994.
  CVE-2020-26420.

https://www.wireshark.org/docs/relnotes/wireshark-3.2.9.html
https://www.wireshark.org/docs/relnotes/wireshark-3.2.10.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 10:30:40 +01:00
Bernd Amend 866db91ae2 pkg-cmake.mk: fix host ccache support for CMake 3.19
Starting with CMake 3.4 CMake supports setting a compiler launcher
like ccache. The feature is described in
https://cmake.org/cmake/help/latest/variable/CMAKE_LANG_COMPILER_LAUNCHER.html
This should be safe since everything is built for the host using make or ninja.
The use of *_ARG1 is discouraged by the cmake developers
https://cmake-developers.cmake.narkive.com/OTa9EKfj/cmake-c-compiler-arg-not-documented .

Without this patch I get the following error message with CMake 3.19.1 on Arch Linux.
Disabling BR2_CCACHE also resolves the issue.

/usr/bin/cmake [~]/buildroot/build/host-lzo-2.10/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="[...]" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_P
ATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="[...]" -DCMAKE_C_FLAGS="-O2 -I[...]/include" -DCMAKE_CXX_FLAGS="-O2 -I[...]/include" -DCMAKE_EXE_LINKER_FLAGS="-L[...]/lib -Wl,-rpath,[...]/lib" -DCMAKE_SHARED_LINKER_FLAGS="-L[...]/l
ib -Wl,-rpath,[...]/lib" -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="[...]/bin/ccache" -DCMAKE_CXX_COMPILER="[...]/bin/ccache"
-DCMAKE_C_COMPILER_ARG1="/usr/bin/gcc" -DCMAKE_CXX_COMPILER_ARG1="/usr/bin/g++"  -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=O
FF  -DENABLE_SHARED=ON -DENABLE_STATIC=OFF )
-- The C compiler identification is unknown
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - failed
-- Check for working C compiler: [...]/bin/ccache
-- Check for working C compiler: [...]/bin/ccache - broken
CMake Error at /usr/share/cmake-3.19/Modules/CMakeTestCCompiler.cmake:66 (message):
The C compiler

Signed-off-by: Bernd Amend <bernd.amend@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0e310b4fd0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 09:22:26 +01:00
Peter Korsgaard 31f0dd7a9e {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 9}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0675498b5d)
[Peter: drop 5.9.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-22 00:02:59 +01:00
Fabrice Fontaine 41bd2e0009 package/shadowsocks-libev: fix static build with netfilter_conntrack
Fixes:
 - http://autobuild.buildroot.org/results/6cad497a7ab941a0ee3fd7007defc81e30cdcbe0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1294447142)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 15:19:45 +01:00
Christoph Müllner 325e8e89f6 boot/arm-trusted-firmware: Forward stack protection configuration
TF-A supports stack smashing protection (-fstack-protector-*).
However, that feature is currently silently disabled because
ENABLE_STACK_PROTECTOR is not set during build time.

As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR
is required to enable stack protection support. When enabled the symbols
for the stack protector (e.g. __stack_chk_guard) are built.
This needs to be done because TF-A does not link against an external
library that provides that symbols (e.g. libc).

So in case we see that BR2_SSP_* is enabled, let's enable the corresponding
ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide.

This patch also fixes a the following linker errors with older TF-A versions
if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag)
and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing
stack protector symbols:

  [...]
  params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail'
  aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend':
  pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard'
  [...]

TF-A releases after Nov 2019, that include 7af195e29a4, will circumvent
these issue by explicitliy and silently disabling the stack protector
by appending '-fno-stack-protector' to the compiler flags in case
ENABLE_STACK_PROTECTOR is not set.

Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master).

Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7b3fcbcdaa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 15:16:08 +01:00
Fabrice Fontaine 10def0dc85 package/haproxy: bump to version 2.2.6
Two major bugs were fixed in this versions, both leading to a memory
corruption and random crashes.

https://www.mail-archive.com/haproxy@formilux.org/msg39068.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ed5082f012)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 14:51:33 +01:00
Fabrice Fontaine 899a548c82 package/haproxy: bump to version 2.2.5
https://www.mail-archive.com/haproxy@formilux.org/msg38809.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 17a220d154)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 14:51:29 +01:00
Fabrice Fontaine fc8e5d2124 package/haproxy: bump to version 2.2.4
https://www.mail-archive.com/haproxy@formilux.org/msg38543.html
http://www.haproxy.org/download/2.2/src/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b5881e19e4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 14:51:25 +01:00
Thomas De Schampheleire b53e870548 package/libglib2: correct upstream status for patch 0001
Patch '0001-fix-compile-time-atomic-detection.patch' claims to be Merged but
this is not true. The linked issue is closed with 'Needs information', and
the code itself is effectively not merged.

Clarify the 'Upstream-status' line to make this more clear.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 43021dfb77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 14:46:06 +01:00
Fabrice Fontaine 067d922b69 package/unbound: security bump to version 1.13.0
This version has fixes to connect for UDP sockets, slowing down
potential ICMP side channel leakage. The fix can be controlled with the
option udp-connect: yes, it is enabled by default.

Additionally CVE-2020-28935 is fixed, this solves a problem where the
pidfile is altered by a symlink, and fails if a symlink is encountered.
See https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt for more
information.

https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4eb3201120)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 14:43:20 +01:00
Stefan Ott c5bb00629f package/unbound: bump version to 1.12.0
Signed-off-by: Stefan Ott <stefan@ott.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit eb4ff9f11f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 14:43:13 +01:00
Peter Korsgaard fb729aa9b0 package/python-lxml: security bump to version 4.6.2
Fixes the following security issues:

* 4.6.2: A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner
  by Yaniv Nizry, which allowed JavaScript to pass through.  The cleaner now
  removes more sneaky "style" content.

* 4.6.1: A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
  which allowed JavaScript to pass through.  The cleaner now removes more
  sneaky "style" content.

For more details, see the changes file:
https://github.com/lxml/lxml/blob/lxml-4.6.2/CHANGES.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ea41a5faab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 14:41:47 +01:00
Fabrice Fontaine 22cf9bf486 package/sqlcipher: security bump to version 4.4.2
Fix CVE-2020-27207: Zetetic SQLCipher 4.x before 4.4.1 has a
use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in
sqlite3.c. A remote denial of service attack can be performed. For
example, a SQL injection can be used to execute the crafted SQL command
sequence. After that, some unexpected RAM data is read.

https://www.zetetic.net/blog/2020/11/25/sqlcipher-442-release

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f38893f8dd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 14:40:49 +01:00
Yann E. MORIN aa189a6277 package/dtv-scan-tables: switch upstream location
The old git tree is unreachable now, switch to using the new one.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c7bd3805bd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 14:13:36 +01:00
Yann E. MORIN d71fc330fe package/qt5base: fix build with TI SGX GL stack
qt5base FTBFS with TI SGX GL stack because it defines a type that is
incompatible with that expected by Qt.

Fix that by adapting a mix of upstream bug reports, upstream tentative
patch, and various comments on various Qt forums, none of which were
satisfying for various reasons explained in each resource:

  - https://bugreports.qt.io/browse/QTBUG-72567
  - https://codereview.qt-project.org/c/qt/qtbase/+/248270
  - https://forum.qt.io/topic/88588/qtbase-compilation-error-with-device-linux-rasp-pi3-g-qeglfskmsgbmwindow-cpp/8
  - https://forum.qt.io/topic/91596/raspberry-pi-3-compiling-qt-5-11-0-problem/6
  - https://patchwork.ozlabs.org/project/buildroot/patch/20200702201125.3639873-1-aduskett@gmail.com/#2579598

... which, mixed together with my little understanding of Qt, GL, and
C++, gave a relatively simple patch that overcomes the build failure on
TI's SGX, while at the same time keeping buildability and functionality
on other platforms.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Markus <zehnder@live.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cf7f3112f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 11:05:45 +01:00
Adam Duskett e407761975 package/ti-sgx-demos: use KMS-based demos
Weston does not work with the ti-sgx SDK, so switch to using the
KMS-based demos.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: split off into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 29ff603f08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 10:57:09 +01:00
Adam Duskett 025ae8d50f configs/beaglebone_qt5: switch to using KMS instead of wayland+weston
weston does not work on the ti-sgx SDK, so switch to using KMS directly,
and drop the wayland-related config options.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: split into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8efc5dce98)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 10:54:07 +01:00
Peter Korsgaard bc099a6215 package/ruby: add upstream security fix for CVE-2020-25613
For details, see the advisory:
https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-19 08:37:16 +01:00
Peter Korsgaard 032baed755 package/libressl: security bump to version 3.1.5
Fixes the following security issues:

    * Malformed ASN.1 in a certificate revocation list or a timestamp
      response token can lead to a NULL pointer dereference.

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.5-relnotes.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 23:38:15 +01:00
Fabrice Fontaine 6cf6ab205c package/mbedtls: security bump to version 2.16.9
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 455387fa3a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 11:20:58 +01:00
Marcin Niestroj 3c15128c8f package/python-pyparsing: update link to project
Old link no longer works, so replace that with link to GitHub.

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1cec1e3f7f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 11:17:25 +01:00
Julien Grossholtz c35793d861 package/paho-mqtt-c: bump to version 1.3.7
Paho-mqtt-c maintainance release. It fixes some bugs including client
times out and buffer overflow:

https://github.com/eclipse/paho.mqtt.c/milestone/9?closed=1

Signed-off-by: Julien Grossholtz <julien.grossholtz@openest.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 71e0d12ed1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 11:14:08 +01:00
Fabrice Fontaine 62791dd994 package/paho-mqtt-c: bump to version 1.3.6
Update LICENSE hash, EDL version has been fixed with
https://github.com/eclipse/paho.mqtt.c/commit/34ec96cac554c4ae1527b92433730233f1bdca40

https://github.com/eclipse/paho.mqtt.c/milestone/11?closed=1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6eba48124e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 11:14:02 +01:00
Michael Vetter 01a5a3cd27 package/jasper: security bump to 2.0.23
Changes:
* Fix CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ac9f50f204)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 11:12:44 +01:00
Fabrice Fontaine 4214bc1cd3 package/jasper: fix tarball name in hash file
tarball name was not updated by commit
0ca16ace62

While at it also update indentation in hash file (two spaces)

Fixes:
 - http://autobuild.buildroot.org/results/1356d309d45b5eedeec375e2fdc0cf2ad7839a55

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 245c643fc7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 11:12:37 +01:00
Michael Vetter 7fe64df7fb package/jasper: bump to version 2.0.22
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0ca16ace62)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 11:12:30 +01:00
Michael Vetter d360c7759f package/jasper: bump to version 2.0.21
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3c133b50b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 11:12:26 +01:00
Michael Vetter c81576410f package/jasper: bump to version 2.0.20
Bump JasPer to 2.0.20

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a108bbf38e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 11:12:22 +01:00
Bernd Kuhls 8668693227 package/ca-certificates: bump version to 20200601
Reformatted hashes.

Updated license hash due to upstream commit:
https://salsa.debian.org/debian/ca-certificates/-/commit/1e2be69b0823dfb56dc3981b7547afd181e066cc

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dae3159221)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 11:03:04 +01:00
Bernd Kuhls ba01d0943d package/libopenssl: security bump version to 1.1.1i
Rebased patches 0001 & 0004.

Fixes CVE-2020-1971.

Changelog: https://www.openssl.org/news/changelog.html#openssl-111

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5cf57efbd3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 10:59:24 +01:00
Peter Korsgaard a74406f091 package/libopenssl: bump to version 1.1.1h
For details, see the release notes:
https://www.openssl.org/news/openssl-1.1.1-notes.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 35fad96c2c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 10:59:20 +01:00
Romain Naour e20a1c0e3e package/flare-engine: require sdl2_image with png support
flare-engine fail to start if sdl2_image library is build without
libpng support.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6c4328a5ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 10:45:38 +01:00
Bernd Kuhls a6b563576a package/x11r7/xserver_xorg-server: bump version to 1.20.10
Release notes:
https://lists.x.org/archives/xorg-announce/2020-December/003067.html

Remove patches which were applied upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5f6e3c0962)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-13 00:18:24 +01:00
Fabrice Fontaine cf8b28b686 package/x11vnc: fix CVE-2020-29074
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which
allows access by actors other than the current user.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3b6a105af8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-12 12:02:38 +01:00
Peter Korsgaard 952cd0c608 package/docker-containerd: security bump to version 1.4.3
Fixes the following security issue:

- CVE-2020-15257: Access controls for the shim’s API socket verified that
  the connecting process had an effective UID of 0, but did not otherwise
  restrict access to the abstract Unix domain socket.  This would allow
  malicious containers running in the same network namespace as the shim,
  with an effective UID of 0 but otherwise reduced privileges, to cause new
  processes to be run with elevated privileges.

For more details, see the advisory:
https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1e1d1278c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-12 11:04:30 +01:00
Christian Stewart 6674a00d97 package/docker-containerd: bump to version 1.4.1
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 87a8cbe617)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-12 11:04:18 +01:00
Christian Stewart ac7ba1968f package/docker-containerd: bump to version 1.4.0
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 04b2afc65b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-12 11:03:39 +01:00
Fabrice Fontaine 8df445cfdd package/netsurf: fix build with gcc 10
Fixes:
 - http://autobuild.buildroot.org/results/e81568c2b4f5ef5d055c9b94e624ba2d23f50d16

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8137735818)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-12 10:54:09 +01:00
Fabrice Fontaine 9a0ba6d725 package/netsurf: renumber patches
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 16bc610e51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-12 10:54:00 +01:00
Fabrice Fontaine 226803e213 package/libcap: fix libcap.pc
libcap builds an incorrect libcap.pc because libdir is pulled from the
host os:

ifndef lib
lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2)
endif

Fix this error by passing lib=lib and prefix in
{HOST_LIBCAP,LIBCAP}_BUILD_CMDS

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13276

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 07f8ea3913)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-12 09:22:05 +01:00
Peter Korsgaard f87af06db7 package/x11r7/xserver_xorg-server: add upstream security fixes for CVE-2020-14360 / 25712
Fixes the following security issues:

* CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access

  Insufficient checks on the lengths of the XkbSetMap request can lead to
  out of bounds memory accesses in the X server.

* CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow

  Insufficient checks on input of the XkbSetDeviceInfo request can lead to a
  buffer overflow on the head in the X server.

For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/12/01/3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c773336463)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-12 00:17:27 +01:00
Bernd Kuhls 172de8c9d9 package/setserial: add license hash
Also reformatted hash file.

Fixes:
http://autobuild.buildroot.net/results/d1c/d1ccecc74755155664cd17c8d33721c804a37b25/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 23d8b04295)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 22:31:29 +01:00
Peter Korsgaard a177ef40e1 package/privoxy: security bump to version 3.0.29
From the release notes:

- Security/Reliability:
  - Fixed memory leaks when a response is buffered and the buffer
    limit is reached or Privoxy is running out of memory.
    Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
    Sponsored by: Robert Klemme
  - Fixed a memory leak in the show-status CGI handler when
    no action files are configured. Commit c62254a686.
    OVE-20201118-0002.
    Sponsored by: Robert Klemme
  - Fixed a memory leak in the show-status CGI handler when
    no filter files are configured. Commit 1b1370f7a8a.
    OVE-20201118-0003.
    Sponsored by: Robert Klemme
  - Fixes a memory leak when client tags are active.
    Commit 245e1cf32. OVE-20201118-0004.
    Sponsored by: Robert Klemme
  - Fixed a memory leak if multiple filters are executed
    and the last one is skipped due to a pcre error.
    Commit 5cfb7bc8fe. OVE-20201118-0005.
  - Prevent an unlikely dereference of a NULL-pointer that
    could result in a crash if accept-intercepted-requests
    was enabled, Privoxy failed to get the request destination
    from the Host header and a memory allocation failed.
    Commit 7530132349. CID 267165. OVE-20201118-0006.
  - Fixed memory leaks in the client-tags CGI handler when
    client tags are configured and memory allocations fail.
    Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
  - Fixed memory leaks in the show-status CGI handler when memory
    allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
    CID 305233. OVE-20201118-0008.

For more details, see the announcement:
https://www.openwall.com/lists/oss-security/2020/11/29/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9ef54b7d0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 22:30:24 +01:00
Fabrice Fontaine 3fa7961fec package/libplist: drop duplicated COPYING hash
Commit 762119b4c5 resulted in a duplicated
line for COPYING hash so drop it

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 26c2db20d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 22:29:43 +01:00
Peter Korsgaard 5a1a715bd1 package/lynx: fix reproducible build issues
Fixes (part of) http://autobuild.buildroot.net/results/23fe4365ca65f37eace8265a70fbfb9723b8ee9d/

Lynx by default contains logic to generate a "configuration info" HTML page,
which leaks build paths, and adds the build timestamp to the version output.
Disable both when building in reproducible mode.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3fb7c63687)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 22:28:18 +01:00
Peter Korsgaard a4048e001b package/jemalloc: add jemalloc-config to _CONFIG_SCRIPTS handling
Fixes (part of) http://autobuild.buildroot.net/results/23fe4365ca65f37eace8265a70fbfb9723b8ee9d/

jemalloc installs a jemalloc-config script, leaking build paths and breaking
reproducible builds (and per-package builds).

Add it to _CONFIG_SCRIPTS so the paths get fixed up for staging and the
script removed from target.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 288ece60bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 22:27:57 +01:00
Peter Korsgaard 69c1d54fa3 package/mariadb: security bump to version 10.3.27
Fixes the following security issues:

- CVE-2020-15180: during SST a joiner sends an sst method name to the donor.
  Donor then appends it to the "wsrep_sst_" string to get the name of the
  sst script to use, e.g.  wsrep_sst_rsync.  There is no validation or
  filtering here, so if the malicious joiner sends, for example, "rsync `rm
  -rf /`" the donor will execute that too.

- CVE-2020-14812: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: Server: Locking).  Supported versions that are affected are
  5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior.  Easily
  exploitable vulnerability allows high privileged attacker with network
  access via multiple protocols to compromise MySQL Server.  Successful
  attacks of this vulnerability can result in unauthorized ability to cause
  a hang or frequently repeatable crash (complete DOS) of MySQL Server.

- CVE-2020-14765: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: Server: FTS).  Supported versions that are affected are 5.6.49
  and prior, 5.7.31 and prior and 8.0.21 and prior.  Easily exploitable
  vulnerability allows low privileged attacker with network access via
  multiple protocols to compromise MySQL Server.  Successful attacks of this
  vulnerability can result in unauthorized ability to cause a hang or
  frequently repeatable crash (complete DOS) of MySQL Server.

- CVE-2020-14776: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: InnoDB).  Supported versions that are affected are 5.7.31 and
  prior and 8.0.21 and prior.  Easily exploitable vulnerability allows high
  privileged attacker with network access via multiple protocols to
  compromise MySQL Server.  Successful attacks of this vulnerability can
  result in unauthorized ability to cause a hang or frequently repeatable
  crash (complete DOS) of MySQL Server.

- CVE-2020-14789: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: Server: FTS).  Supported versions that are affected are 5.7.31
  and prior and 8.0.21 and prior.  Easily exploitable vulnerability allows
  high privileged attacker with network access via multiple protocols to
  compromise MySQL Server.  Successful attacks of this vulnerability can
  result in unauthorized ability to cause a hang or frequently repeatable
  crash (complete DOS) of MySQL Server.

- CVE-2020-28912:
  https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-bui.pdf
  describes a named pipe privilege vulnerability, specifically for MySQL,
  where an unprivileged user, located on the same machine as the server, can
  act as man-in-the-middle between server and client.

Additionally, 10.3.27 fixes a regression added in 10.3.26.

Drop weak md5/sha1 checksums.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 163334a707)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 22:26:57 +01:00
Fabrice Fontaine 62f2a66ea4 package/bustle: fix license
bustle binaries are licensed under GPL-3.0:
https://gitlab.freedesktop.org/bustle/bustle/-/blob/bustle-0.7.5/LICENSE

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f3ca4f1086)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 22:26:14 +01:00
Fabrice Fontaine ba3cf130ef package/proftpd: security bump to version 1.3.6e
1.3.6e
---------
  + Fixed null pointer deference in mod_sftp when using SCP incorrectly
    (Issue #1043).

1.3.6d
---------
  + Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).

1.3.6c
---------
  + Fixed regression in directory listing latency (Issue #863).
  + Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for
    converting them to supported format.
  + Fixed use-after-free vulnerability during data transfers (Issue #903)
    [CVE-2020-9273]
  + Fixed out-of-bounds read in mod_cap by updating the bundled libcap
    (Issue #902) [CVE-2020-9272]

http://proftpd.org/docs/RELEASE_NOTES-1.3.6e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: mark as security bump, add CVEs]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7ba4aa9298)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 22:24:54 +01:00
Peter Korsgaard 0ac9e8c074 package/slirp: add upstream security fix for CVE-2020-29129 / CVE-2020-29130
While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input'
routines, ensure that pkt_len is large enough to accommodate the
respective protocol headers, lest it should do an OOB access.
Add check to avoid it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 282fc60ed4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 17:13:55 +01:00
Fabrice Fontaine ebe7d3544c package/qemu: use a system-wide slirp
Use a system-wide slirp now that we switched to the up to date
https://gitlab.freedesktop.org/slirp/libslirp

qemu already depends on libglib2 so we don't need to add any new
dependencies

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7e237b79ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 14:54:32 +01:00
Peter Korsgaard f9d0104655 package/vsftpd: S70vsftpd: correct -x argument to start-stop-daemon
Fixes #13341

The -x / --exec start-stop-daemon option expects the path to the executable,
not just the name, leading to errors when running the init script:

Starting vsftpd: start-stop-daemon: unable to stat //vsftpd (No such file or directory)

Reported-by: tochansky@tochlab.net
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 405f76425d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 13:59:48 +01:00
Bernd Kuhls b40c56dc94 package/minidlna: security bump version to 1.3.0
Changelog:
https://sourceforge.net/p/minidlna/git/ci/master/tree/NEWS

Fixes CVE-2020-28926 & CVE-2020-12695.

Removed patch 0001 which was applied upstream:
https://sourceforge.net/p/minidlna/git/ci/b5e75ff7d160a02632cab416ff0af66504c7db8b/

Removed patch 0002 which was not applied upstream, upstream applied
a different fix for CVE-2020-12695:
https://sourceforge.net/p/minidlna/git/ci/06ee114731612462eb1eb1266f0431ccf59269d2/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 30f6776c79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 13:58:26 +01:00
Bernd Kuhls 51e6514743 package/php: security bump version to 7.4.13
Rebased patches.

Changelog: https://www.php.net/ChangeLog-7.php#7.4.13

According to the release notes this is a "security bug fix release":
https://news-web.php.net/php.announce/301

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8c38262066)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 13:57:51 +01:00
Peter Korsgaard 352f15afad {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 9}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6ca12d89f1)
[Peter: drop 5.9.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 13:44:48 +01:00
Peter Seiderer 99334b61d1 package/thermald: fix time_t related compile failure
Add upstream patch [1] to fix (musl) time_t related compile failure.

Fixes:

  - https://bugs.busybox.net/show_bug.cgi?id=13336

  src/thd_trip_point.cpp: In member function ‘bool cthd_trip_point::thd_trip_point_check(int, unsigned int, int, bool*)’:
  src/thd_trip_point.cpp:250:19: error: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Werror=format=]
    250 |      thd_log_info("Too early to act zone:%d index %d tm %ld\n",
        |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    251 |        zone_id, cdev->thd_cdev_get_index(),
    252 |        tm - cdevs[i].last_op_time);
        |        ~~~~~~~~~~~~~~~~~~~~~~~~~~
        |           |
        |           time_t {aka long long int}
  src/thermald.h:82:57: note: in definition of macro ‘thd_log_info’
     82 | #define thd_log_info(...) g_log(NULL, G_LOG_LEVEL_INFO, __VA_ARGS__)
        |                                                         ^~~~~~~~~~~
  src/thd_trip_point.cpp:250:59: note: format string is defined here
    250 |      thd_log_info("Too early to act zone:%d index %d tm %ld\n",
        |                                                         ~~^
        |                                                           |
        |                                                           long int
        |                                                         %lld

[1] https://github.com/intel/thermal_daemon/commit/a7136682b9e6ebdb53c3c8b472bcd5039d62dc78.patch

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1672e25010)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 13:42:13 +01:00
Heiko Thiery 5cb72fa937 package/openrc: add upstream security fix for CVE-2018-21269
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2d38c5a4e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 13:21:28 +01:00
Heiko Thiery 126dc4c66e package/openrc: fix build with gcc 10
Fixes:
 - https://bugs.busybox.net/show_bug.cgi?id=13331

Cc: mscdex@mscdex.net
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9d40f49dbb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 11:34:53 +01:00
Paul Cercueil 6d4c34750c package/cage: package does not require locale support
Drop dependency on BR2_ENABLE_LOCALE, which was marked as a dependency
of wlroots, but wlroots does not depend on it anymore.

Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 210e9b7b24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 11:32:44 +01:00
Paul Cercueil 0ca7795750 package/wlroots: package does not require locale support
Drop dependency on BR2_ENABLE_LOCALE, which was marked as a dependency of
libinput which is selected by wlroots.  However, libinput does not depend on
BR2_ENABLE_LOCALE since commit bef6b92b67 (package/libinput: remove
dependency on BR2_ENABLE_LOCALE).

Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ae9d6fc6f4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 11:32:38 +01:00
Peter Korsgaard e2bc50775a package/xinetd: add upstream security fix for CVE-2013-4342
xinetd does not enforce the user and group configuration directives for
TCPMUX services, which causes these services to be run as root and makes it
easier for remote attackers to gain privileges by leveraging another
vulnerability in a service.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d5abf5ff61)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 11:22:26 +01:00
Bartosz Bilas f3a2e285c9 package/python-pip: needs hashlib module
Without hashlib module pip returns the following errors:

# pip
ValueError: unsupported hash type sha224
ERROR:root:code for hash sha256 was not found.
Traceback (most recent call last):
  File "/usr/lib/python2.7/hashlib.py", line 147, in <module>
  File "/usr/lib/python2.7/hashlib.py", line 97, in __get_builtin_constructor
ValueError: unsupported hash type sha256
ERROR:root:code for hash sha384 was not found.
Traceback (most recent call last):
  File "/usr/lib/python2.7/hashlib.py", line 147, in <module>
  File "/usr/lib/python2.7/hashlib.py", line 97, in __get_builtin_constructor
ValueError: unsupported hash type sha384
ERROR:root:code for hash sha512 was not found.
Traceback (most recent call last):
  File "/usr/lib/python2.7/hashlib.py", line 147, in <module>
  File "/usr/lib/python2.7/hashlib.py", line 97, in __get_builtin_constructor
ValueError: unsupported hash type sha512
Traceback (most recent call last):
  File "/usr/bin/pip", line 11, in <module>
    load_entry_point('pip==20.0.2', 'console_scripts', 'pip')()
  File "/usr/lib/python2.7/site-packages/pip/_internal/cli/main.py", line 73, in main
  File "/usr/lib/python2.7/site-packages/pip/_internal/commands/__init__.py", line 96, in create_command
  File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
  File "/usr/lib/python2.7/site-packages/pip/_internal/commands/install.py", line 24, in <module>
  File "/usr/lib/python2.7/site-packages/pip/_internal/cli/req_command.py", line 15, in <module>
  File "/usr/lib/python2.7/site-packages/pip/_internal/index/package_finder.py", line 21, in <module>
  File "/usr/lib/python2.7/site-packages/pip/_internal/index/collector.py", line 12, in <module>
  File "/usr/lib/python2.7/site-packages/pip/_vendor/requests/__init__.py", line 43, in <module>
  File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/__init__.py", line 7, in <module>
  File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/connectionpool.py", line 29, in <module>
  File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/connection.py", line 40, in <module>
  File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/util/__init__.py", line 7, in <module>
  File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/util/ssl_.py", line 8, in <module>
ImportError: cannot import name md5

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d5e3e1144e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 11:00:26 +01:00
Peter Korsgaard d306007496 package/ncurses: mark CVE-2019-1759{4, 5} as fixed by 20191012 patch
According to the NVE data, these are fixes in the 20191012 patch - So mark
them as such.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f7fc4bf1b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 10:59:01 +01:00
Peter Seiderer fa9da1687b package/wireless-regdb: bump version to 2020.11.20
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f457760f54)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-11 10:46:41 +01:00
Peter Korsgaard 30a54b65a4 package/libkrb5: security bump to version 1.18.3
Fixes the following security issues:

- CVE-2020-28196: MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before
  1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message
  because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite
  lengths lacks a recursion limit.

Also fix .hash file indentation.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9b92253b7a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-09 09:28:28 +01:00
Fabrice Fontaine 47bebf8ddb package/jpeg-turbo: bump to version 2.0.6
Update hash of README.ijg (URLs updated and Usenet info removed with
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/26e3aedbe569329d8ab005bad5481bcbd1f43ac8)

https://sourceforge.net/projects/libjpeg-turbo/files/2.0.6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 74cce093b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-09 09:26:22 +01:00
Peter Korsgaard a47b278d32 package/raptor: fix CVE-2017-18926
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the
XML writer, leading to heap-based buffer overflows (sometimes seen in
raptor_qname_format_as_xml).

For more details, see the oss-security discussion:
https://www.openwall.com/lists/oss-security/2020/11/13/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8a683a54cc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-08 10:59:41 +01:00
Peter Korsgaard f9f31ae261 package/xen: security bump to version 4.13.2
Includes XSA-327..XSA-347 security fixes.  For details, see the
announcement:

https://xenproject.org/downloads/xen-project-archives/xen-project-4-13-series/xen-project-4-13-2/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-08 10:35:29 +01:00
Fabrice Fontaine fa7ee975dc package/cdrkit: fix static build with libmagic
libmagic is an optional dependency of gensoimage that can raise the
following build failure:

/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: /home/buildroot/autobuild/instance-0/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libmagic.a(compress.o): in function `uncompressbuf':
compress.c:(.text+0x7bc): undefined reference to `lzma_auto_decoder'
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x828): undefined reference to `lzma_code'
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x848): undefined reference to `lzma_end'
collect2: error: ld returned 1 exit status
genisoimage/CMakeFiles/genisoimage.dir/build.make:628: recipe for target 'genisoimage/genisoimage' failed

Fixes:
 - http://autobuild.buildroot.org/results/7e06edc363817c9c9a1687ec89e9984a90a2012d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6ca1b3ee2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-07 21:51:23 +01:00
Peter Korsgaard 1b9f6628fe package/musl: add upstream security fix for CVE-2020-28928
The wcsnrtombs function has been found to have multiple bugs in handling of
destination buffer size when limiting the input character count, which can
lead to infinite loop with no forward progress (no overflow) or writing past
the end of the destination buffer.

For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/11/20/4

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 09caefda2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-07 21:49:06 +01:00
Fabrice Fontaine bf3cdaf0e4 package/monkey: drop wrong comment
Commit 5fea6e2a2f forgot to remove the
generic-package comment

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c4ea32d006)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-07 21:38:04 +01:00
Baruch Siach 7760a59d07 support/dependencies: clarify intended use of host bison/flex
We should not rely on host installed bison/flex for target code. This
ensures better reproducibility of generated code.

http://lists.busybox.net/pipermail/buildroot/2020-November/296786.html

Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1b1c049af2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-07 21:36:00 +01:00
Peter Korsgaard e3ca66fa4c package/python-flask-cors: security bump to version 3.0.9
Fixes the following security issue:

- CVE-2020-25032: An issue was discovered in Flask-CORS (aka CORS Middleware
  for Flask) before 3.0.9.  It allows ../ directory traversal to access
  private resources because resource matching does not ensure that pathnames
  are in a canonical format.

Also drop outdated md5 checksum and fix .hash indentation.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c356b20ba8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-06 23:26:08 +01:00
Peter Seiderer 72578f6ebb package/libcamera: fix BR2_PACKAGE_LIBCAMERA_ARCH_SUPPORTS handling
Fix BR2_PACKAGE_LIBCAMERA_ARCH_SUPPORTS handling, change from
'depends on BR2_m68k' to 'depends on !BR2_m68k'.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ff60c4c533)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-06 23:25:19 +01:00
Michael Nosthoff cdf955f265 package/gvfs: show warning when BR2_STATIC_LIBS=y
Commit 4266c9f54f (package/gvfs: needs dynamic library) updated the
dependency of gvfs, but inverted the comment dependency, causing it to only
be shown if !static - Fix that.

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Reviewed-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c8a6d3aa6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-06 23:24:04 +01:00
Pierre-Jean Texier ffd0177b5b DEVELOPERS: update email address for Pierre-Jean Texier
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 248c2e909e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-06 23:23:06 +01:00
Fabrice Fontaine 997199c2a6 package/jpeg-turbo: fix license hash
Commit 105d61c850 forgot to update hash of
LICENSE.md (update in year:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/00607ec260efa4cfe10f9b36d6e3d3590ae92d79)

While at it, also update indentation in hash file (two spaces)

Fixes:
 - http://autobuild.buildroot.org/results/66fb5c0171af73d4c1c93241b285fac8f8f494f7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c9ca2a596e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-06 23:19:24 +01:00
Heiko Stuebner 86aca735d6 package/jpeg-turbo: security bump to version 2.0.5
Fixes the following security issue:

- CVE-2020-13790: ibjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based
  buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input
  file

For more details, see the release notes:
https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.5

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
[Peter: mark as security bump / extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 105d61c850)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-06 23:19:16 +01:00
Fabrice Fontaine 538ab0a11e package/c-ares: fix install
c-ares 1.17.0 removed install of ares_dns.h which will result in build
failures with libeXosip and resiprocate

Fixes:
 - http://autobuild.buildroot.org/results/51573434303118fd92f32819e038971edee8bc28
 - http://autobuild.buildroot.org/results/cbf158f0c037d44ef293a8804d18c84e3b731059

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b359d0e7e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-06 23:18:27 +01:00
Fabrice Fontaine 1d2281d8ec package/c-ares: security bump to version 1.17.0
- avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
  fuzzing
- Avoid theoretical buffer overflow in RC4 loop comparison
- Empty hquery->name could lead to invalid memory access
- ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
  passed in

https://c-ares.haxx.se/changelog.html#1_17_0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c7a369a907)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-06 23:18:25 +01:00
Michael Nosthoff e26656b53c package/libgpiod: bump version to 1.4.5
* add a comment about the kernel header dependencies when bumping
versions
* set url to kernel.org as github is unmaintained and outdated
* use two spaces in hash-file

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ff30bab611)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-11-20 18:14:32 +01:00
157 changed files with 1499 additions and 393 deletions
+36
View File
@@ -1,3 +1,39 @@
2020.08.3, released December 27th, 2020
Important / security related fixes.
Infrastructure:
- cmake: fix host ccache handling for CMake 3.19
- meson: Forcibly disable binary stripping for
target builds, enable for host builds
- golang: Fix HOST / TARGET directories for per-package builds
Defconfigs: Beaglebone Qt5: Fix ti-sgx related issues
Updated/fixed packages: apitrace, arm-trusted-firmware,
bustle, c-ares, ca-certificates, cage, cdrkit, cryptopp,
dhcpcd, docker-containerd, dtv-scan-tables, flare-engine,
ghostscript, gvfs, haproxy, imagemagick, imx-gpu-viv, jasper,
jemalloc, jpeg-turbo, libcamera, libcap, libcurl, libglib2,
libgpiod, libkrb5, libopenssl, libplist, libressl, libuv,
libuvw, lynx, mariadb, mbedtls, minidlna, mongodb, monkey,
musl, mutt, ncurses, netsnmp, netsurf, nodejs, opencv3,
openldap, openrc, opkg-utils, paho-mqtt-c, php, privoxy,
proftpd, python-crc16, python-flask-cors, python-lxml,
python-pip, python-pyparsing, python-pyqt5, qemu, qt5base,
raptor, rauc, ruby, setserial, shadowsocks-libev, slirp,
sqlcipher, thermald, ti-sgx-demos, tinycbor, unbound, vsftpd,
wireless-regdb, wireshark, wlroots, x11vnc, xen, xinetd,
xserver_xorg-server
Issues resolved (http://bugs.uclibc.org):
#13276: libcap builds libcap.pc incorrectly
#13316: beaglebone_qt5_defconfig: PowerVR fails to start
#13336: thermald-1.9.1 compilation failure with musl 1.2.1
#13341: Mistake in /etc/init.d/S70vsftpd
#13416: dhcpcd start warning message: no such user dhcpcd
2020.08.2, released November 16th, 2020
Important / security related fixes.
+1 -7
View File
@@ -1946,9 +1946,6 @@ F: package/openjpeg/
N: Olivier Singla <olivier.singla@gmail.com>
F: package/shellinabox/
N: Owen Walpole <owen@walpole.dev>
F: package/parprouted/
N: Parnell Springmeyer <parnell@digitalmentat.com>
F: package/scrypt/
@@ -2108,7 +2105,7 @@ F: package/kf5/
N: Pierre Floury <pierre.floury@gmail.com>
F: package/trace-cmd/
N: Pierre-Jean Texier <pjtexier@koncepto.io>
N: Pierre-Jean Texier <texier.pj2@gmail.com>
F: package/fping/
F: package/genimage/
F: package/haveged/
@@ -2457,9 +2454,6 @@ N: Thomas Claveirole <thomas.claveirole@green-communications.fr>
F: package/fcgiwrap/
F: package/openlayers/
N: Thomas Davis <sunsetbrew@sunsetbrew.com>
F: package/civetweb/
N: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
F: docs/manual/
F: package/cereal/
+2 -2
View File
@@ -92,9 +92,9 @@ all:
.PHONY: all
# Set and export the version string
export BR2_VERSION := 2020.08.2
export BR2_VERSION := 2020.08.3
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1602507000
BR2_VERSION_EPOCH = 1609083000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
+11 -1
View File
@@ -7,7 +7,7 @@ Description
This configuration will build a complete image for the beaglebone and
the TI AM335x-EVM, the board type is identified by the on-board
EEPROM. The configuration is based on the
ti-processor-sdk-02.00.00.00. Device tree blobs for beaglebone
ti-processor-sdk-06.01.00.08. Device tree blobs for beaglebone
variants and the evm-sk are built too.
For Qt5 support support use the beaglebone_qt5_defconfig.
@@ -43,10 +43,20 @@ output/images/
To copy the image file to the sdcard use dd:
$ dd if=output/images/sdcard.img of=/dev/XXX
Running Qt5 hellowindow opengl demo:
===================
# export QT_QPA_EGLFS_KMS_CONFIG=/etc/qt5/eglfs_kms_cfg.json
# export QT_QPA_PLATFORM=eglfs
# export QT_QPA_EGLFS_INTEGRATION=none
# /usr/lib/qt/examples/opengl/hellowindow/hellowindow
Tested hardware
===============
am335x-evm (rev. 1.1A)
beagleboneblack (rev. A5A)
beaglebone (rev. A6)
2020, Adam Duskett <aduskett@gmail.com>
2016, Lothar Felten <lothar.felten@gmail.com>
@@ -0,0 +1,15 @@
{
"device": "/dev/dri/card0",
"hwcursor": false,
"pbuffers": true,
"outputs": [
{
"name": "VGA1",
"mode": "off"
},
{
"name": "HDMI1",
"mode": "1024x768"
}
]
}
+6
View File
@@ -40,3 +40,9 @@ Where 'sdX' is the device node of the uSD partition.
To upgrade u-boot, cancel autoboot and type:
> run upgradeu
See Boundary Devices's buildroot-external-boundary project
for additional and advanced defconfigs using Qt5, gstreamer,
NXP proprietary packages with demo applications:
https://github.com/boundarydevices/buildroot-external-boundary
@@ -100,6 +100,14 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
endif
ifeq ($(BR2_SSP_REGULAR),y)
ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
else ifeq ($(BR2_SSP_STRONG),y)
ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
else ifeq ($(BR2_SSP_ALL),y)
ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
endif
ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP),y)
+1 -4
View File
@@ -20,11 +20,8 @@ BR2_PACKAGE_FBV=y
BR2_PACKAGE_QT5=y
BR2_PACKAGE_QT5BASE_EXAMPLES=y
BR2_PACKAGE_QT5BASE_EGLFS=y
BR2_PACKAGE_QT5BASE_DEFAULT_QPA="wayland"
BR2_PACKAGE_QT5BASE_DEFAULT_QPA="eglfs"
BR2_PACKAGE_QT5QUICKCONTROLS=y
BR2_PACKAGE_QT5WAYLAND=y
BR2_PACKAGE_QT5WAYLAND_COMPOSITOR=y
BR2_PACKAGE_WESTON=y
BR2_PACKAGE_TI_SGX_DEMOS=y
BR2_PACKAGE_TI_SGX_KM=y
BR2_PACKAGE_TI_SGX_UM=y
+5 -5
View File
@@ -1,11 +1,11 @@
# From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
sha256 419c6248b9ae4dfead4599787aecbfd202e88bc4124523adfa6dd2d642b99fe7 linux-5.7.19.tar.xz
sha256 a3e03e6970240dddc8174bf9f49b56d774c40125eabe1582d2ebe85b01addbf7 linux-5.4.77.tar.xz
sha256 beec970bbb93de8ab839f27930f7ab00c7bd65af0ffa07a50e765affdc2561c6 linux-5.4.83.tar.xz
# From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
sha256 95de46b6bd72f66169629eb0e343b005778539864598eae76c3ca999645d58b5 linux-4.4.243.tar.xz
sha256 d3aa189ca7fcc6e52d6c0333a0d7acd8789e9a492b32dbf9476e926ffaa73984 linux-4.9.243.tar.xz
sha256 1c233efaa5063983293a02d4692acc9ced9c03e18857364855d4f612347086ac linux-4.14.206.tar.xz
sha256 76dca365255c1a13778c3b24f0eae14f4e66bc12fe79f5e6592b116fc57ef755 linux-4.19.157.tar.xz
sha256 e52a49ceb639d871478a143c314648c35e22222c317ecdf49866830fea5c3dfc linux-4.4.248.tar.xz
sha256 4687268061c9933c298b30d28e4bf1a30dfbab7c0da4bee194968e4f81ffeccf linux-4.9.248.tar.xz
sha256 0e1bc32c4842c3bbee3a15454408f528acd4d3c5e83312b93008d5ee2e9a0c79 linux-4.14.212.tar.xz
sha256 3eeec4e5eb8a129be3536357ecb028fae7d82fac933dcfac0b6089ee398fc5fc linux-4.19.163.tar.xz
# Locally computed
sha256 d2a06f52143deb929b8d513cf9afc9bd065951389a80fa70bc4d63025b5b3fb9 linux-cip-4.19.152-cip37.tar.gz
sha256 bc1dacd3d0f526de3e8754a444e8e02a54521527af639ddb907cb35cda775a8c linux-cip-4.19.152-cip37-rt16.tar.gz
@@ -0,0 +1,104 @@
From 7f0f1e7e34f997eef697856804dd478b54bb365e Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Tue, 22 Dec 2020 10:45:21 +0100
Subject: [PATCH] CMakeLists.txt: respect BUILD_TESTING=OFF
Allow the user to disable unit tests through BUILD_TESTING=OFF:
https://cmake.org/cmake/help/latest/command/enable_testing.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/apitrace/apitrace/pull/698]
---
CMakeLists.txt | 6 +++++-
gui/CMakeLists.txt | 6 ++++--
lib/guids/CMakeLists.txt | 6 ++++--
lib/os/CMakeLists.txt | 6 ++++--
lib/trace/CMakeLists.txt | 6 ++++--
5 files changed, 21 insertions(+), 9 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4a07f069..ee401887 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -41,6 +41,8 @@ option (ENABLE_FRAME_POINTER "Disable frame pointer omission" ON)
option (ENABLE_ASAN "Enable Address Sanitizer" OFF)
+option (BUILD_TESTING "Enable unit tests" ON)
+
option (ENABLE_TESTS "Enable additional tests" OFF)
if (ANDROID)
@@ -433,7 +435,9 @@ endmacro ()
# which subdirectory they are declared
set (CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR})
-enable_testing ()
+if (BUILD_TESTING)
+ enable_testing ()
+endif ()
if (CMAKE_CROSSCOMPILING)
add_custom_target (check)
elseif (DEFINED CMAKE_BUILD_TYPE)
diff --git a/gui/CMakeLists.txt b/gui/CMakeLists.txt
index 5baf3552..ad6ee501 100644
--- a/gui/CMakeLists.txt
+++ b/gui/CMakeLists.txt
@@ -13,8 +13,10 @@ add_library (qubjson STATIC
qubjson.cpp
)
-add_gtest (qubjson_test qubjson_test.cpp)
-target_link_libraries (qubjson_test qubjson)
+if (BUILD_TESTING)
+ add_gtest (qubjson_test qubjson_test.cpp)
+ target_link_libraries (qubjson_test qubjson)
+endif ()
set(qapitrace_SRCS
apisurface.cpp
diff --git a/lib/guids/CMakeLists.txt b/lib/guids/CMakeLists.txt
index ce0f86da..ea28a18f 100644
--- a/lib/guids/CMakeLists.txt
+++ b/lib/guids/CMakeLists.txt
@@ -5,5 +5,7 @@ add_library (guids STATIC
guids.hpp
)
-add_gtest (guids_test guids_test.cpp)
-target_link_libraries (guids_test guids)
+if (BUILD_TESTING)
+ add_gtest (guids_test guids_test.cpp)
+ target_link_libraries (guids_test guids)
+endif ()
diff --git a/lib/os/CMakeLists.txt b/lib/os/CMakeLists.txt
index 222411e0..b7134b57 100644
--- a/lib/os/CMakeLists.txt
+++ b/lib/os/CMakeLists.txt
@@ -36,5 +36,7 @@ if (APPLE)
)
endif ()
-add_gtest (os_thread_test os_thread_test.cpp)
-target_link_libraries (os_thread_test os)
+if (BUILD_TESTING)
+ add_gtest (os_thread_test os_thread_test.cpp)
+ target_link_libraries (os_thread_test os)
+endif ()
diff --git a/lib/trace/CMakeLists.txt b/lib/trace/CMakeLists.txt
index c68bd00f..d95df978 100644
--- a/lib/trace/CMakeLists.txt
+++ b/lib/trace/CMakeLists.txt
@@ -34,5 +34,7 @@ target_link_libraries (common
brotli_dec brotli_common
)
-add_gtest (trace_parser_flags_test trace_parser_flags_test.cpp)
-target_link_libraries (trace_parser_flags_test common)
+if (BUILD_TESTING)
+ add_gtest (trace_parser_flags_test trace_parser_flags_test.cpp)
+ target_link_libraries (trace_parser_flags_test common)
+endif ()
--
2.29.2
+1 -1
View File
@@ -6,7 +6,7 @@
BUSTLE_VERSION = 0.7.5
BUSTLE_SITE = https://www.freedesktop.org/software/bustle/$(BUSTLE_VERSION)
BUSTLE_LICENSE = LGPL-2.1+
BUSTLE_LICENSE = LGPL-2.1+, GPL-3.0 (binaries)
BUSTLE_LICENSE_FILES = LICENSE
BUSTLE_DEPENDENCIES = libglib2 libpcap host-pkgconf
@@ -0,0 +1,37 @@
From e2180d95fb67f57b6ffba01fefb4844a1ca4f792 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Wed, 18 Nov 2020 08:12:45 +0100
Subject: [PATCH] src/lib/Makefile.am: install ares_dns.h
This will avoid the following build failure with resiprocate:
In file included from dns/DnsCnameRecord.cxx:7:
dns/AresCompat.hxx:5:10: fatal error: ares_dns.h: No such file or directory
#include "ares_dns.h"
^~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/cbf158f0c037d44ef293a8804d18c84e3b731059
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/c-ares/c-ares/pull/376]
---
src/lib/Makefile.am | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index c918667..92a4152 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -14,6 +14,8 @@ lib_LTLIBRARIES = libcares.la
man_MANS = $(MANPAGES)
+include_HEADERS = ares_dns.h
+
# adig and ahost are just sample programs and thus not mentioned with the
# regular sources and headers
EXTRA_DIST = Makefile.inc config-win32.h CMakeLists.txt \
--
2.29.2
+1 -1
View File
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
sha256 d08312d0ecc3bd48eee0a4cc0d2137c9f194e0a28de2028928c0f6cae85f86ce c-ares-1.16.1.tar.gz
sha256 1cecd5dbe21306c7263f8649aa6e9a37aecb985995a3489f487d98df2b40757d c-ares-1.17.0.tar.gz
# Hash for license file
sha256 db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c LICENSE.md
+3 -1
View File
@@ -4,12 +4,14 @@
#
################################################################################
C_ARES_VERSION = 1.16.1
C_ARES_VERSION = 1.17.0
C_ARES_SITE = http://c-ares.haxx.se/download
C_ARES_INSTALL_STAGING = YES
C_ARES_CONF_OPTS = --with-random=/dev/urandom
C_ARES_LICENSE = MIT
C_ARES_LICENSE_FILES = LICENSE.md
# We're patching src/lib/Makefile.am
C_ARES_AUTORECONF = YES
$(eval $(autotools-package))
$(eval $(host-autotools-package))
+3 -3
View File
@@ -1,6 +1,6 @@
# hashes from: $(CA_CERTIFICATES_SITE)/ca-certificates_$(CA_CERTIFICATES_VERSION).dsc :
sha1 47d4584eae85fc905e4994766eb3930a8a84e2e1 ca-certificates_20190110.tar.xz
sha256 ee4bf0f4c6398005f5b5ca4e0b87b82837ac5c3b0280a1cb3a63c47555c3a675 ca-certificates_20190110.tar.xz
sha1 f17235bc9c3aec538065a655681815c242a6d7d5 ca-certificates_20200601.tar.xz
sha256 43766d5a436519503dfd65ab83488ae33ab4d4ca3d0993797b58c92eb9ed4e63 ca-certificates_20200601.tar.xz
# Locally computed
sha256 80fd11117df5543d5cf17bfd951b0ead213f7867d0b09f09c6d5a5eca3ff7422 debian/copyright
sha256 e85e1bcad3a915dc7e6f41412bc5bdeba275cadd817896ea0451f2140a93967c debian/copyright
+2 -2
View File
@@ -4,9 +4,9 @@
#
################################################################################
CA_CERTIFICATES_VERSION = 20190110
CA_CERTIFICATES_VERSION = 20200601
CA_CERTIFICATES_SOURCE = ca-certificates_$(CA_CERTIFICATES_VERSION).tar.xz
CA_CERTIFICATES_SITE = http://snapshot.debian.org/archive/debian/20190513T145054Z/pool/main/c/ca-certificates
CA_CERTIFICATES_SITE = http://snapshot.debian.org/archive/debian/20200602T145955Z/pool/main/c/ca-certificates
CA_CERTIFICATES_DEPENDENCIES = host-openssl
# ca-certificates can be built with either python 2 or python 3
# but it must be at least python 2.7
+1 -3
View File
@@ -3,16 +3,14 @@ comment "cage needs udev, mesa3d w/ EGL and GLES support"
!BR2_PACKAGE_MESA3D_OPENGL_ES || \
!BR2_PACKAGE_HAS_UDEV
comment "cage needs a toolchain w/ threads, locale, dynamic library"
comment "cage needs a toolchain w/ threads, dynamic library"
depends on !BR2_TOOLCHAIN_HAS_THREADS || \
!BR2_ENABLE_LOCALE || \
BR2_STATIC_LIBS
config BR2_PACKAGE_CAGE
bool "cage"
depends on !BR2_STATIC_LIBS # wlroots
depends on BR2_TOOLCHAIN_HAS_THREADS # wlroots
depends on BR2_ENABLE_LOCALE # wlroots
depends on BR2_PACKAGE_HAS_UDEV # wlroots
depends on BR2_PACKAGE_MESA3D_OPENGL_EGL # wlroots
depends on BR2_PACKAGE_MESA3D_OPENGL_ES # wlroots
+9
View File
@@ -18,5 +18,14 @@ else
CDRKIT_CONF_OPTS += -DBITFIELDS_HTOL=0
endif
ifeq ($(BR2_PACKAGE_FILE),y)
CDRKIT_DEPENDENCIES += host-pkgconf file
CDRKIT_CONF_OPTS += \
-DUSE_MAGIC=ON \
-DEXTRA_LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs libmagic`"
else
CDRKIT_CONF_OPTS += -DUSE_MAGIC=OFF
endif
$(eval $(cmake-package))
$(eval $(host-cmake-package))
+3 -3
View File
@@ -1,5 +1,5 @@
# Hash from: https://www.cryptopp.com/release820.html:
sha256 03f0e2242e11b9d19b28d0ec5a3fa8ed5cc7b27640e6bed365744f593e858058 cryptopp820.zip
# Hash from: https://www.cryptopp.com/release830.html:
sha512 ad5219a66c5924d330d3646d0ff996dd235006f6812074bc4eb9e8c662a4f000ba20449d377f24b133d19ce682f7b2a3b2eb4c08857ce0f5bb39743d1d425147 cryptopp830.zip
# Hash for license file:
sha256 f29d65ae3f0c8e327284f193524643ffb4d682fcca3e1740a5c6cbab0e720583 License.txt
sha256 e668af8c73a38a66a1e8951d14ec24e7582fee5254dd6c3dae488a416d105d5f License.txt
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
CRYPTOPP_VERSION = 8.2.0
CRYPTOPP_VERSION = 8.3.0
CRYPTOPP_SOURCE = cryptopp$(subst .,,$(CRYPTOPP_VERSION)).zip
CRYPTOPP_SITE = https://cryptopp.com
CRYPTOPP_LICENSE = BSL-1.0, BSD-3-Clause (CRYPTOGAMS), Public domain (ChaCha SSE2 and AVX)
+18 -7
View File
@@ -11,6 +11,18 @@ DHCPCD_DEPENDENCIES = host-pkgconf
DHCPCD_LICENSE = BSD-2-Clause
DHCPCD_LICENSE_FILES = LICENSE
DHCPCD_CONFIG_OPTS = \
--libexecdir=/lib/dhcpcd \
--os=linux \
--privsepuser=dhcpcd
ifeq ($(BR2_PACKAGE_HAS_UDEV),y)
DHCPCD_CONFIG_OPTS += --with-udev
DHCPCD_DEPENDENCIES += udev
else
DHCPCD_CONFIG_OPTS += --without-udev
endif
ifeq ($(BR2_STATIC_LIBS),y)
DHCPCD_CONFIG_OPTS += --enable-static
endif
@@ -20,16 +32,11 @@ DHCPCD_CONFIG_OPTS += --disable-fork --disable-privsep
endif
define DHCPCD_CONFIGURE_CMDS
(cd $(@D); \
$(TARGET_CONFIGURE_OPTS) ./configure \
--os=linux \
--libexecdir=/lib/dhcpcd \
$(DHCPCD_CONFIG_OPTS) )
(cd $(@D); $(TARGET_CONFIGURE_OPTS) ./configure $(DHCPCD_CONFIG_OPTS))
endef
define DHCPCD_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) \
-C $(@D) all
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) all
endef
define DHCPCD_INSTALL_TARGET_CMDS
@@ -51,6 +58,10 @@ define DHCPCD_INSTALL_INIT_SYSTEMD
endef
endif
define DHCPCD_USERS
dhcpcd -1 dhcpcd -1 * - - - dhcpcd user
endef
# NOTE: Even though this package has a configure script, it is not generated
# using the autotools, so we have to use the generic package infrastructure.
@@ -1,3 +1,3 @@
# Computed locally
sha256 80ea55655612d7d9f9e8e10df5993a3636b088390e1a372962687d70ef265d97 docker-containerd-1.2.14.tar.gz
sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4 LICENSE
sha256 bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018 docker-containerd-1.4.3.tar.gz
sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4 LICENSE
@@ -4,7 +4,7 @@
#
################################################################################
DOCKER_CONTAINERD_VERSION = 1.2.14
DOCKER_CONTAINERD_VERSION = 1.4.3
DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,v$(DOCKER_CONTAINERD_VERSION))
DOCKER_CONTAINERD_LICENSE = Apache-2.0
DOCKER_CONTAINERD_LICENSE_FILES = LICENSE
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
DTV_SCAN_TABLES_VERSION = 6d019038cd04e837d9dd58701202c15924c1c654
DTV_SCAN_TABLES_SITE = http://git.linuxtv.org/cgit.cgi/dtv-scan-tables.git
DTV_SCAN_TABLES_SITE = https://git.linuxtv.org/dtv-scan-tables.git
DTV_SCAN_TABLES_SITE_METHOD = git
# This package only contains the transponders data. This is not a 'work'
+1
View File
@@ -2,6 +2,7 @@ config BR2_PACKAGE_FLARE_ENGINE
bool "flare-engine"
depends on BR2_INSTALL_LIBSTDCPP
depends on !BR2_STATIC_LIBS # SDL2
select BR2_PACKAGE_LIBPNG # SDL2_IMAGE needs libpng support
select BR2_PACKAGE_SDL2
select BR2_PACKAGE_SDL2_IMAGE
select BR2_PACKAGE_SDL2_MIXER
@@ -118,6 +118,7 @@ define IMX_GPU_VIV_INSTALL_TARGET_CMDS
$(IMX_GPU_VIV_INSTALL_EXAMPLES)
$(IMX_GPU_VIV_INSTALL_GMEM_INFO)
cp -a $(@D)/gpu-core/usr/lib $(TARGET_DIR)/usr
$(INSTALL) -D -m 0644 $(@D)/gpu-core/etc/Vivante.icd $(TARGET_DIR)/etc/OpenCL/vendors/Vivante.icd
for lib in EGL GAL GLESv2 VDK; do \
for f in $(TARGET_DIR)/usr/lib/lib$${lib}-*.so; do \
case $$f in \
+2 -2
View File
@@ -1,5 +1,5 @@
# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9532/SHA512SUMS
sha512 73aa6013aeecbd1345317a40349089a2f19a2205fc11b8ca0b619df1e91f2ca8b03efc09be9e079cb5ab8e1b838aa2236349cd1c177217c14308242f99138ae4 ghostscript-9.53.2.tar.gz
# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/SHA512SUMS
sha512 c142ef9d83896aa8fd18c8e412220fe8f4950614be00d327d27ab051fe85e16524bf2ee00f46c2aca7a352ce47bc3acf2c4de0f7bbea7e4c55474b8af6cdc0a6 ghostscript-9.53.3.tar.gz
# Hash for license file:
sha256 6f852249f975287b3efd43a5883875e47fa9f3125e2f1b18b5c09517ac30ecf2 LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
GHOSTSCRIPT_VERSION = 9.53.2
GHOSTSCRIPT_VERSION = 9.53.3
GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs$(subst .,,$(GHOSTSCRIPT_VERSION))
GHOSTSCRIPT_LICENSE = AGPL-3.0
GHOSTSCRIPT_LICENSE_FILES = LICENSE
+1 -1
View File
@@ -20,4 +20,4 @@ config BR2_PACKAGE_GVFS
comment "gvfs needs a toolchain w/ wchar, threads, dynamic library"
depends on BR2_USE_MMU
depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
!BR2_STATIC_LIBS
BR2_STATIC_LIBS
+2 -2
View File
@@ -1,5 +1,5 @@
# From: http://www.haproxy.org/download/2.2/src/haproxy-2.2.2.tar.gz.sha256
sha256 391c705a46c6208a63a67ea842c6600146ca24618531570c89c7915b0c6a54d6 haproxy-2.2.2.tar.gz
# From: http://www.haproxy.org/download/2.2/src/haproxy-2.2.6.tar.gz.sha256
sha256 be1c6754cbaceafc4837e0c6036c7f81027a3992516435cbbbc5dc749bf5a087 haproxy-2.2.6.tar.gz
# Locally computed:
sha256 0717ca51fceaa25ac9e5ccc62e0c727dcf27796057201fb5fded56a25ff6ca28 LICENSE
sha256 5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a doc/lgpl.txt
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
HAPROXY_VERSION_MAJOR = 2.2
HAPROXY_VERSION = $(HAPROXY_VERSION_MAJOR).2
HAPROXY_VERSION = $(HAPROXY_VERSION_MAJOR).6
HAPROXY_SITE = http://www.haproxy.org/download/$(HAPROXY_VERSION_MAJOR)/src
HAPROXY_LICENSE = GPL-2.0+ and LGPL-2.1+ with exceptions
HAPROXY_LICENSE_FILES = LICENSE doc/lgpl.txt doc/gpl.txt
+2 -2
View File
@@ -1,3 +1,3 @@
# Locally computed
sha256 9f2b8b131222354b196c640fca4e53eb0bbf62246621b9d467f223366272d7a7 imagemagick-7.0.10-28.tar.gz
sha256 e2d364de83dd9e7c866bd99ee7dac2fe92071fb70e9b187293353fb285cf09ac LICENSE
sha256 fa993169a06052267eaf81cf85bbf5a30c0bf243511017d986f47abbe65ff262 imagemagick-7.0.10-51.tar.gz
sha256 7b43ee798e835f5e0dc03c92c52d288b46a771c4561d57ef2a9a8b2c76bf33cb LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
IMAGEMAGICK_VERSION = 7.0.10-28
IMAGEMAGICK_VERSION = 7.0.10-51
IMAGEMAGICK_SITE = $(call github,ImageMagick,ImageMagick,$(IMAGEMAGICK_VERSION))
IMAGEMAGICK_LICENSE = Apache-2.0
IMAGEMAGICK_LICENSE_FILES = LICENSE
+2 -2
View File
@@ -1,3 +1,3 @@
# Locally calculated
sha256 b9d16162a088617ada36450f2374d72165377cb64b33ed197c200bcfb73ec76c jasper-2.0.19.tar.gz
sha256 4ad1bb42aff888c4403d792e6e2c5f1716d6c279fea70b296333c9d577d30b81 LICENSE
sha256 20facc904bd9d38c20e0c090b1be3ae02ae5b2703b803013be2ecad586a18927 jasper-2.0.23.tar.gz
sha256 4ad1bb42aff888c4403d792e6e2c5f1716d6c279fea70b296333c9d577d30b81 LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
JASPER_VERSION = 2.0.19
JASPER_VERSION = 2.0.23
JASPER_SITE = $(call github,jasper-software,jasper,version-$(JASPER_VERSION))
JASPER_INSTALL_STAGING = YES
JASPER_LICENSE = JasPer-2.0
+1
View File
@@ -10,6 +10,7 @@ JEMALLOC_SITE = https://github.com/jemalloc/jemalloc/releases/download/$(JEMALLO
JEMALLOC_LICENSE = BSD-2-Clause
JEMALLOC_LICENSE_FILES = COPYING
JEMALLOC_INSTALL_STAGING = YES
JEMALLOC_CONFIG_SCRIPTS = jemalloc-config
# gcc bug internal compiler error: in merge_overlapping_regs, at
# regrename.c:304. This bug is fixed since gcc 6.
+6 -6
View File
@@ -1,7 +1,7 @@
# From https://sourceforge.net/projects/libjpeg-turbo/files/2.0.4/
sha1 163d8f96d0999526a117de0388624241b54dcd67 libjpeg-turbo-2.0.4.tar.gz
md5 d01d9e0c28c27bc0de9f4e2e8ff49855 libjpeg-turbo-2.0.4.tar.gz
# From https://sourceforge.net/projects/libjpeg-turbo/files/2.0.6/
sha1 5406c7676d7df89fb4da791ad5af51202910fb25 libjpeg-turbo-2.0.6.tar.gz
md5 4cada3f0bdc93d826fa31bf9e4469ef6 libjpeg-turbo-2.0.6.tar.gz
# Locally computed
sha256 33dd8547efd5543639e890efbf2ef52d5a21df81faf41bb940657af916a23406 libjpeg-turbo-2.0.4.tar.gz
sha256 69e570a251515ced17d4492256d57c89db77ed949652f88a44c80c1ca9607920 LICENSE.md
sha256 82fece2bff2669c476495f0fe70096b154e8bc5b40916a64e99836d9a01c3110 README.ijg
sha256 d74b92ac33b0e3657123ddcf6728788c90dc84dcb6a52013d758af3c4af481bb libjpeg-turbo-2.0.6.tar.gz
sha256 0b7a24c3906d26dfbe24e96e9415549b387c3227140dc6b7ab2fb924254e37a1 LICENSE.md
sha256 01ccef626ec864773c681d4a4056f72af9052d619e0609df0d369117f8b3efdf README.ijg
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
JPEG_TURBO_VERSION = 2.0.4
JPEG_TURBO_VERSION = 2.0.6
JPEG_TURBO_SOURCE = libjpeg-turbo-$(JPEG_TURBO_VERSION).tar.gz
JPEG_TURBO_SITE = https://downloads.sourceforge.net/project/libjpeg-turbo/$(JPEG_TURBO_VERSION)
JPEG_TURBO_LICENSE = IJG (libjpeg), BSD-3-Clause (TurboJPEG), Zlib (SIMD)
+1 -1
View File
@@ -2,7 +2,7 @@ config BR2_PACKAGE_LIBCAMERA_ARCH_SUPPORTS
bool
default y
# Invalid packing size of ControlValue struct on m68k
depends on BR2_m68k
depends on !BR2_m68k
menuconfig BR2_PACKAGE_LIBCAMERA
bool "libcamera"
+13 -7
View File
@@ -28,7 +28,9 @@ endif
LIBCAP_MAKE_FLAGS = \
BUILD_CC="$(HOSTCC)" \
BUILD_CFLAGS="$(HOST_CFLAGS)"
BUILD_CFLAGS="$(HOST_CFLAGS)" \
lib=lib \
prefix=/usr
ifeq ($(BR2_PACKAGE_LIBCAP_TOOLS),y)
define LIBCAP_BUILD_TOOLS_CMDS
@@ -51,23 +53,27 @@ endef
define LIBCAP_INSTALL_STAGING_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/libcap $(LIBCAP_MAKE_FLAGS) \
DESTDIR=$(STAGING_DIR) prefix=/usr lib=lib $(LIBCAP_MAKE_INSTALL_TARGET)
DESTDIR=$(STAGING_DIR) $(LIBCAP_MAKE_FLAGS) $(LIBCAP_MAKE_INSTALL_TARGET)
endef
define LIBCAP_INSTALL_TARGET_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/libcap $(LIBCAP_MAKE_FLAGS) \
DESTDIR=$(TARGET_DIR) prefix=/usr lib=lib $(LIBCAP_MAKE_INSTALL_TARGET)
DESTDIR=$(TARGET_DIR) $(LIBCAP_MAKE_FLAGS) $(LIBCAP_MAKE_INSTALL_TARGET)
$(LIBCAP_INSTALL_TOOLS_CMDS)
endef
HOST_LIBCAP_MAKE_FLAGS = \
lib=lib \
prefix=$(HOST_DIR) \
RAISE_SETFCAP=no
define HOST_LIBCAP_BUILD_CMDS
$(HOST_MAKE_ENV) $(HOST_CONFIGURE_OPTS) $(MAKE) -C $(@D)\
RAISE_SETFCAP=no
$(HOST_MAKE_ENV) $(HOST_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
$(HOST_LIBCAP_MAKE_FLAGS)
endef
define HOST_LIBCAP_INSTALL_CMDS
$(HOST_MAKE_ENV) $(MAKE) -C $(@D) prefix=$(HOST_DIR) \
RAISE_SETFCAP=no lib=lib install
$(HOST_MAKE_ENV) $(MAKE) -C $(@D) $(HOST_LIBCAP_MAKE_FLAGS) install
endef
$(eval $(generic-package))
+2 -2
View File
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
# https://curl.haxx.se/download/curl-7.72.0.tar.xz.asc
# https://curl.haxx.se/download/curl-7.74.0.tar.xz.asc
# signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
sha256 0ded0808c4d85f2ee0db86980ae610cc9d165e9ca9da466196cc73c346513713 curl-7.72.0.tar.xz
sha256 999d5f2c403cf6e25d58319fdd596611e455dd195208746bc6e6d197a77e878b curl-7.74.0.tar.xz
sha256 db3c4a3b3695a0f317a0c5176acd2f656d18abc45b3ee78e50935a78eb1e132e COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBCURL_VERSION = 7.72.0
LIBCURL_VERSION = 7.74.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
@@ -5,7 +5,7 @@ Subject: [PATCH] Fix compile time atomic detection
Improved compile-time detection of atomic support in the compiler.
Upstream-Status: Merged
Upstream-Status: 'Needs information'
See : https://gitlab.gnome.org/GNOME/glib/issues/1063
Signed-off-by: Brendan Heading <brendanheading@gmail.com>
+1 -1
View File
@@ -5,7 +5,7 @@ config BR2_PACKAGE_LIBGPIOD
This is a C library that abstracts the GPIO character
device operations on linux.
https://github.com/brgl/libgpiod
https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git/
if BR2_PACKAGE_LIBGPIOD
+2 -2
View File
@@ -1,4 +1,4 @@
# From https://www.kernel.org/pub/software/libs/libgpiod/sha256sums.asc
sha256 21ae8fd1f8dafc2eb2ba50e652390cf533d21351419a7426255895cb52e21b1c libgpiod-1.4.1.tar.xz
sha256 a041b06907c956dd1c77836cccf4d392af29b9fe09c8ad18449a6da707b5ba2d libgpiod-1.4.5.tar.xz
# Hash for license file
sha256 ce64d5f7b49ea6d80fdb6d4cdee6839d1a94274f7493dc797c3b55b65ec8e9ed COPYING
sha256 ce64d5f7b49ea6d80fdb6d4cdee6839d1a94274f7493dc797c3b55b65ec8e9ed COPYING
+3 -1
View File
@@ -4,7 +4,9 @@
#
################################################################################
LIBGPIOD_VERSION = 1.4.1
# be careful when bumping versions, newer branches (e.g. >= 1.6)
# depend on pretty recent kernel headers
LIBGPIOD_VERSION = 1.4.5
LIBGPIOD_SOURCE = libgpiod-$(LIBGPIOD_VERSION).tar.xz
LIBGPIOD_SITE = https://www.kernel.org/pub/software/libs/libgpiod
LIBGPIOD_LICENSE = LGPL-2.1+
+2 -2
View File
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
sha256 02a4e700f10936f937cd1a4c303cab8687a11abecc6107bd4b706b9329cd5400 krb5-1.18.1.tar.gz
sha256 e61783c292b5efd9afb45c555a80dd267ac67eebabca42185362bee6c4fbd719 krb5-1.18.3.tar.gz
# Hash for license file:
sha256 b7a5f14a8719bce5e49a761998aa55438fc890fb40f71228d6a49546f6d5690d NOTICE
sha256 b7a5f14a8719bce5e49a761998aa55438fc890fb40f71228d6a49546f6d5690d NOTICE
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
LIBKRB5_VERSION_MAJOR = 1.18
LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).1
LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).3
LIBKRB5_SITE = https://web.mit.edu/kerberos/dist/krb5/$(LIBKRB5_VERSION_MAJOR)
LIBKRB5_SOURCE = krb5-$(LIBKRB5_VERSION).tar.gz
LIBKRB5_SUBDIR = src
@@ -9,6 +9,8 @@ Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
[rebased on openssl-1.1.0h]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[rebased on openssl-1.1.1i]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
Configurations/unix-Makefile.tmpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
@@ -17,7 +19,7 @@ diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tm
index 40cf2c3..777d9ca 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -268,7 +268,7 @@ list-tests:
@@ -491,7 +491,7 @@ list-tests:
@echo "Tests are not supported with your chosen Configure options"
@ : {- output_on() if !$disabled{tests}; "" -}
@@ -11,6 +11,8 @@ Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8883)
[vfazio: fixup for 1.1.1d]
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
[rebased on openssl-1.1.1i]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
Configure | 4 ++++
1 file changed, 4 insertions(+)
@@ -19,7 +21,7 @@ diff --git a/Configure b/Configure
index 5a699836f3..f9152b1702 100755
--- a/Configure
+++ b/Configure
@@ -1413,6 +1413,10 @@ my %predefined_CXX = $config{CXX}
@@ -1417,6 +1417,10 @@ my %predefined_CXX = $config{CXX}
? compiler_predefined($config{CROSS_COMPILE}.$config{CXX})
: ();
+2 -2
View File
@@ -1,5 +1,5 @@
# From https://www.openssl.org/source/openssl-1.1.1g.tar.gz.sha256
sha256 ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46 openssl-1.1.1g.tar.gz
# From https://www.openssl.org/source/openssl-1.1.1i.tar.gz.sha256
sha256 e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242 openssl-1.1.1i.tar.gz
# License files
sha256 c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBOPENSSL_VERSION = 1.1.1g
LIBOPENSSL_VERSION = 1.1.1i
LIBOPENSSL_SITE = https://www.openssl.org/source
LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
LIBOPENSSL_LICENSE = OpenSSL or SSLeay
-1
View File
@@ -1,4 +1,3 @@
# Locally calculated
sha256 4b33f9af3f9208d54a3c3e1a8c149932513f451c98d1dd696fe42c06e30b7f03 libplist-2.1.0.tar.gz
sha256 7619c753cac95d4740220223bde48a032606fcaccde5e546f9bc444c81ab356d COPYING
sha256 7619c753cac95d4740220223bde48a032606fcaccde5e546f9bc444c81ab356d COPYING
+1 -1
View File
@@ -1,4 +1,4 @@
# From https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/SHA256
sha256 414c149c9963983f805a081db5bd3aec146b5f82d529bb63875ac941b25dcbb6 libressl-3.1.4.tar.gz
sha256 2c13ddcec5081c0e7ba7f93d8370a91911173090f1922007e1d90de274500494 libressl-3.1.5.tar.gz
# Locally computed
sha256 5c63613f008f16a9c0025c096bbd736cecf720494d121b5c5203e0ec6e5955b1 COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBRESSL_VERSION = 3.1.4
LIBRESSL_VERSION = 3.1.5
LIBRESSL_SITE = https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
LIBRESSL_LICENSE = ISC (new additions), OpenSSL or SSLeay (original OpenSSL code)
LIBRESSL_LICENSE_FILES = COPYING
+1 -1
View File
@@ -1,3 +1,3 @@
# Locally calculated
sha256 2cd9a757fe6c512440933e2bdcab21143d4aa6249b2541399908ce038b756c9d libuv-1.38.0.tar.gz
sha256 70fe1c9ba4f2c509e8166c0ca2351000237da573bb6c82092339207a9715ba6b libuv-1.40.0.tar.gz
sha256 6d20216ae022fbeed23916f48508fd807ece3d8464992330643b0e64e5c0c24b LICENSE
+1 -1
View File
@@ -6,7 +6,7 @@
# When bumping libuv, check if a new version of uvw is available
# and bump it too.
LIBUV_VERSION = 1.38.0
LIBUV_VERSION = 1.40.0
LIBUV_SITE = $(call github,libuv,libuv,v$(LIBUV_VERSION))
LIBUV_DEPENDENCIES = host-pkgconf
LIBUV_INSTALL_STAGING = YES
+5 -5
View File
@@ -334,11 +334,11 @@ endchoice
config BR2_DEFAULT_KERNEL_HEADERS
string
default "4.4.243" if BR2_KERNEL_HEADERS_4_4
default "4.9.243" if BR2_KERNEL_HEADERS_4_9
default "4.14.206" if BR2_KERNEL_HEADERS_4_14
default "4.19.157" if BR2_KERNEL_HEADERS_4_19
default "5.4.77" if BR2_KERNEL_HEADERS_5_4
default "4.4.248" if BR2_KERNEL_HEADERS_4_4
default "4.9.248" if BR2_KERNEL_HEADERS_4_9
default "4.14.212" if BR2_KERNEL_HEADERS_4_14
default "4.19.163" if BR2_KERNEL_HEADERS_4_19
default "5.4.83" if BR2_KERNEL_HEADERS_5_4
default "5.7.19" if BR2_KERNEL_HEADERS_5_7
default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
default "custom" if BR2_KERNEL_HEADERS_CUSTOM_TARBALL
+8 -1
View File
@@ -12,6 +12,13 @@ LYNX_LICENSE_FILES = COPYING
LYNX_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES)
ifeq ($(BR2_REPRODUCIBLE),y)
# configuration info leaks build paths
LYNX_CONF_OPTS += --disable-config-info
# disable build timestamp
LYNX_CFLAGS += -DNO_BUILDSTAMP
endif
ifeq ($(BR2_PACKAGE_NCURSES),y)
LYNX_DEPENDENCIES += ncurses
LYNX_CONF_OPTS += --with-screen=ncurses$(if $(BR2_PACKAGE_NCURSES_WCHAR),w)
@@ -41,6 +48,6 @@ LYNX_DEPENDENCIES += libidn
LYNX_LIBS += `$(PKG_CONFIG_HOST_BINARY) --libs libidn`
endif
LYNX_CONF_ENV = LIBS="$(LYNX_LIBS)"
LYNX_CONF_ENV = LIBS="$(LYNX_LIBS)" CFLAGS="$(TARGET_CFLAGS) $(LYNX_CFLAGS)"
$(eval $(autotools-package))
+3 -5
View File
@@ -1,8 +1,6 @@
# From https://downloads.mariadb.org/mariadb/10.3.23
md5 473950893d29805d9384ec0ed5d7c276 mariadb-10.3.23.tar.gz
sha1 c95b6d4cff5e6d63eed05da20561802b9c83e717 mariadb-10.3.23.tar.gz
sha256 fc405022457d8eec5991b870cc1c9a07b83b551d6165c414c4d8f31523aa86ae mariadb-10.3.23.tar.gz
sha512 535cd2ce80a95b6c0a1aa559cc3275dfcd559c3a4f958fab3382923190a16e6bc5b4ad79acaa518244512ff618568c239c0edef8a701d958362ede19a29c2986 mariadb-10.3.23.tar.gz
# From https://downloads.mariadb.org/mariadb/10.3.27
sha256 0dadc1650ab2ff40caab58210e93b106ae1e3d1a82e5b0fd92c795b8b43e4619 mariadb-10.3.27.tar.gz
sha512 1ebfdfa3ef6e13e92615ac2fb6995362ca60fe78f57ff3cf9e384517f95eaf4c701e60fe0977b1eee73889cdfe3367720da9a9bae3dd1a09a4558114ba593369 mariadb-10.3.27.tar.gz
# Hash for license files
sha256 a4665c1189fe31e0bbc27e9b55439df7dad6e99805407fe58d78da7aabe678f8 README.md
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
MARIADB_VERSION = 10.3.23
MARIADB_VERSION = 10.3.27
MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
MARIADB_LICENSE = GPL-2.0 (server), GPL-2.0 with FLOSS exception (GPL client library), LGPL-2.0 (LGPL client library)
# Tarball no longer contains LGPL license text
+2 -2
View File
@@ -1,4 +1,4 @@
# From https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8:
sha256 fe9e3b15c3375943bdfebbbb20dd6b4f1147b3b5d926248bd835d73247407430 mbedtls-2.16.8.tar.gz
# From https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9:
sha256 fc17ff7d8c11d08f23ae2800a18269408ad2c24ea6bb8b9363e41a01c2425697 mbedtls-2.16.9.tar.gz
# Locally calculated
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 apache-2.0.txt
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
MBEDTLS_VERSION = 2.16.8
MBEDTLS_VERSION = 2.16.9
MBEDTLS_SITE = $(call github,ARMmbed,mbedtls,v$(MBEDTLS_VERSION))
MBEDTLS_CONF_OPTS = \
-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS_PROGRAMS),ON,OFF) \
@@ -1,49 +0,0 @@
From 90e88764f0fb3d981cd0c3cfd07d63323cc64090 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Tue, 1 Sep 2020 22:55:24 +0200
Subject: [PATCH] fix build with gcc 10
Define setjmp_buffer as static to avoid the following build failure with
gcc 10 (which defaults to -fno-common):
/home/buildroot/autobuild/instance-1/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/10.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: image_utils.o:(.bss+0x0): multiple definition of `setjmp_buffer'; metadata.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
Fixes:
- http://autobuild.buildroot.org/results/8754bb4f7d749f999d5f8ddfec587470ceec4476
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
image_utils.c | 2 +-
metadata.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/image_utils.c b/image_utils.c
index 24cfd08..e8d9635 100644
--- a/image_utils.c
+++ b/image_utils.c
@@ -190,7 +190,7 @@ jpeg_memory_src(j_decompress_ptr cinfo, const unsigned char * buffer, size_t buf
src->pub.bytes_in_buffer = bufsize;
}
-jmp_buf setjmp_buffer;
+static jmp_buf setjmp_buffer;
/* Don't exit on error like libjpeg likes to do */
static void
libjpeg_error_handler(j_common_ptr cinfo)
diff --git a/metadata.c b/metadata.c
index 9cd86dc..4781db7 100644
--- a/metadata.c
+++ b/metadata.c
@@ -502,7 +502,7 @@ GetAudioMetadata(const char *path, const char *name)
}
/* For libjpeg error handling */
-jmp_buf setjmp_buffer;
+static jmp_buf setjmp_buffer;
static void
libjpeg_error_handler(j_common_ptr cinfo)
{
--
2.28.0
@@ -1,133 +0,0 @@
From 51bfbee51fd0376b5a66c944134af3e9972d8592 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 6 Sep 2020 11:22:48 +0200
Subject: [PATCH] upnphttp.c: fix CallStranger a.k.a. CVE-2020-12695
Import CheckCallback function from miniupnpd source code:
https://github.com/miniupnp/miniupnp/commit/0d9634658860c3c8c209e466cc0ef7002bad3b0a
IPv6 code was kept even if minidlna does not support it currently.
This code is licensed under BSD-3-Clause like minidlna.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status:
https://sourceforge.net/p/minidlna/support-requests/71]
---
upnphttp.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 82 insertions(+), 10 deletions(-)
diff --git a/upnphttp.c b/upnphttp.c
index 974434e..3be793e 100644
--- a/upnphttp.c
+++ b/upnphttp.c
@@ -742,6 +742,70 @@ check_event(struct upnphttp *h)
return type;
}
+/**
+ * returns 0 if the callback header value is not valid
+ * 1 if it is valid.
+ */
+static int
+checkCallbackURL(struct upnphttp * h)
+{
+ char addrstr[48];
+ int ipv6;
+ const char * p;
+ int i;
+
+ if(!h->req_Callback || h->req_CallbackLen < 8)
+ return 0;
+ if(memcmp(h->req_Callback, "http://", 7) != 0)
+ return 0;
+ ipv6 = 0;
+ i = 0;
+ p = h->req_Callback + 7;
+ if(*p == '[') {
+ p++;
+ ipv6 = 1;
+ while(*p != ']' && i < (sizeof(addrstr)-1)
+ && p < (h->req_Callback + h->req_CallbackLen))
+ addrstr[i++] = *(p++);
+ } else {
+ while(*p != '/' && *p != ':' && i < (sizeof(addrstr)-1)
+ && p < (h->req_Callback + h->req_CallbackLen))
+ addrstr[i++] = *(p++);
+ }
+ addrstr[i] = '\0';
+ if(ipv6) {
+ struct in6_addr addr;
+ if(inet_pton(AF_INET6, addrstr, &addr) <= 0)
+ return 0;
+#ifdef ENABLE_IPV6
+ if(!h->ipv6
+ || (0!=memcmp(&addr, &(h->clientaddr_v6), sizeof(struct in6_addr))))
+ return 0;
+#else
+ return 0;
+#endif
+ } else {
+ struct in_addr addr;
+ if(inet_pton(AF_INET, addrstr, &addr) <= 0)
+ return 0;
+#ifdef ENABLE_IPV6
+ if(h->ipv6) {
+ if(!IN6_IS_ADDR_V4MAPPED(&(h->clientaddr_v6)))
+ return 0;
+ if(0!=memcmp(&addr, ((const char *)&(h->clientaddr_v6) + 12), 4))
+ return 0;
+ } else {
+ if(0!=memcmp(&addr, &(h->clientaddr), sizeof(struct in_addr)))
+ return 0;
+ }
+#else
+ if(0!=memcmp(&addr, &(h->clientaddr), sizeof(struct in_addr)))
+ return 0;
+#endif
+ }
+ return 1;
+}
+
static void
ProcessHTTPSubscribe_upnphttp(struct upnphttp * h, const char * path)
{
@@ -759,17 +823,25 @@ ProcessHTTPSubscribe_upnphttp(struct upnphttp * h, const char * path)
* - respond HTTP/x.x 200 OK
* - Send the initial event message */
/* Server:, SID:; Timeout: Second-(xx|infinite) */
- sid = upnpevents_addSubscriber(path, h->req_Callback,
- h->req_CallbackLen, h->req_Timeout);
- h->respflags = FLAG_TIMEOUT;
- if (sid)
- {
- DPRINTF(E_DEBUG, L_HTTP, "generated sid=%s\n", sid);
- h->respflags |= FLAG_SID;
- h->req_SID = sid;
- h->req_SIDLen = strlen(sid);
+ /* Check that the callback URL is on the same IP as
+ * the request, and not on the internet, nor on ourself (DOS attack ?) */
+ if(checkCallbackURL(h)) {
+ sid = upnpevents_addSubscriber(path, h->req_Callback,
+ h->req_CallbackLen, h->req_Timeout);
+ h->respflags = FLAG_TIMEOUT;
+ if (sid)
+ {
+ DPRINTF(E_DEBUG, L_HTTP, "generated sid=%s\n", sid);
+ h->respflags |= FLAG_SID;
+ h->req_SID = sid;
+ h->req_SIDLen = strlen(sid);
+ }
+ BuildResp_upnphttp(h, 0, 0);
+ } else {
+ DPRINTF(E_WARN, L_HTTP, "Invalid Callback in SUBSCRIBE %.*s",
+ h->req_CallbackLen, h->req_Callback);
+ BuildResp2_upnphttp(h, 412, "Precondition Failed", 0, 0);
}
- BuildResp_upnphttp(h, 0, 0);
}
else if (type == E_RENEW)
{
--
2.28.0
+3 -4
View File
@@ -1,7 +1,6 @@
# From https://sourceforge.net/projects/minidlna/files/minidlna/1.2.1/
md5 a968d3d84971322471cabda3669cc0f8 minidlna-1.2.1.tar.gz
sha1 79d0032c7055aefd4c8e5178bc86fbf258d449d2 minidlna-1.2.1.tar.gz
# From https://sourceforge.net/projects/minidlna/files/minidlna/1.3.0/
sha1 6563a881884879b2aef52611934e08bb42985964 minidlna-1.3.0.tar.gz
# Locally computed
sha256 67388ba23ab0c7033557a32084804f796aa2a796db7bb2b770fb76ac2a742eec minidlna-1.2.1.tar.gz
sha256 47d9b06b4c48801a4c1112ec23d24782728b5495e95ec2195bbe5c81bc2d3c63 minidlna-1.3.0.tar.gz
sha256 79146b7f558e56510b9a714ff75318c05ab93aeccfd6597497b9bce212cf92ea COPYING
sha256 94876d7886116e176e702b4902bd9f19731a6883db5f229ac2a7058a22aa6529 LICENCE.miniupnpd
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
MINIDLNA_VERSION = 1.2.1
MINIDLNA_VERSION = 1.3.0
MINIDLNA_SITE = https://downloads.sourceforge.net/project/minidlna/minidlna/$(MINIDLNA_VERSION)
MINIDLNA_LICENSE = GPL-2.0, BSD-3-Clause
MINIDLNA_LICENSE_FILES = COPYING LICENCE.miniupnpd
+1 -1
View File
@@ -1,4 +1,4 @@
# Locally computed:
sha256 f44a846514f8db8be2a662210ad7fefc059d8e17ab2c59aceeae8b0b173d8286 mongodb-src-r4.2.10.tar.gz
sha256 ab5a8b6e967614a8ad67c0ca87124c4f380d4a476508973a7995d54ed902b02e mongodb-src-r4.2.11.tar.gz
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 APACHE-2.0.txt
sha256 09d99ca61eb07873d5334077acba22c33e7f7d0a9fa08c92734e0ac8430d6e27 LICENSE-Community.txt
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
MONGODB_VERSION = 4.2.10
MONGODB_VERSION = 4.2.11
MONGODB_SITE = https://fastdl.mongodb.org/src
MONGODB_SOURCE = mongodb-src-r$(MONGODB_VERSION).tar.gz
-4
View File
@@ -10,10 +10,6 @@ MONKEY_SITE = http://monkey-project.com/releases/$(MONKEY_VERSION_MAJOR)
MONKEY_LICENSE = Apache-2.0
MONKEY_LICENSE_FILES = LICENSE
# This package has a configure script, but it's not using
# autoconf/automake, so we're using the generic-package
# infrastructure.
MONKEY_CONF_OPTS = \
-DINSTALL_SYSCONFDIR=/etc/monkey \
-DINSTALL_WEBROOTDIR=/var/www \
@@ -0,0 +1,114 @@
From 3ab2a4e02682df1382955071919d8aa3c3ec40d4 Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Thu, 19 Nov 2020 17:12:43 -0500
Subject: [PATCH] rewrite wcsnrtombs to fix buffer overflow and other bugs
the original wcsnrtombs implementation, which has been largely
untouched since 0.5.0, attempted to build input-length-limiting
conversion on top of wcsrtombs, which only limits output length. as
best I recall, this choice was made out of a mix of disdain over
having yet another variant function to implement (added in POSIX 2008;
not standard C) and preference not to switch things around and
implement the wcsrtombs in terms of the more general new function,
probably over namespace issues. the strategy employed was to impose
output limits that would ensure the input limit wasn't exceeded, then
finish up the tail character-at-a-time. unfortunately, none of that
worked correctly.
first, the logic in the wcsrtombs loop was wrong in that it could
easily get stuck making no forward progress, by imposing an output
limit too small to convert even one character.
the character-at-a-time loop that followed was even worse. it made no
effort to ensure that the converted multibyte character would fit in
the remaining output space, only that there was a nonzero amount of
output space remaining. it also employed an incorrect interpretation
of wcrtomb's interface contract for converting the null character,
thereby failing to act on end of input, and remaining space accounting
was subject to unsigned wrap-around. together these errors allow
unbounded overflow of the destination buffer, controlled by input
length limit and input wchar_t string contents.
given the extent to which this function was broken, it's plausible
that most applications that would have been rendered exploitable were
sufficiently broken not to be usable in the first place. however, it's
also plausible that common (especially ASCII-only) inputs succeeded in
the wcsrtombs loop, which mostly worked, while leaving the wildly
erroneous code in the second loop exposed to particular non-ASCII
inputs.
CVE-2020-28928 has been assigned for this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/multibyte/wcsnrtombs.c | 46 ++++++++++++++++----------------------
1 file changed, 19 insertions(+), 27 deletions(-)
diff --git a/src/multibyte/wcsnrtombs.c b/src/multibyte/wcsnrtombs.c
index 676932b5..95e25e70 100644
--- a/src/multibyte/wcsnrtombs.c
+++ b/src/multibyte/wcsnrtombs.c
@@ -1,41 +1,33 @@
#include <wchar.h>
+#include <limits.h>
+#include <string.h>
size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st)
{
- size_t l, cnt=0, n2;
- char *s, buf[256];
const wchar_t *ws = *wcs;
- const wchar_t *tmp_ws;
-
- if (!dst) s = buf, n = sizeof buf;
- else s = dst;
-
- while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) {
- if (n2>=n) n2=n;
- tmp_ws = ws;
- l = wcsrtombs(s, &ws, n2, 0);
- if (!(l+1)) {
- cnt = l;
- n = 0;
+ size_t cnt = 0;
+ if (!dst) n=0;
+ while (ws && wn) {
+ char tmp[MB_LEN_MAX];
+ size_t l = wcrtomb(n<MB_LEN_MAX ? tmp : dst, *ws, 0);
+ if (l==-1) {
+ cnt = -1;
break;
}
- if (s != buf) {
- s += l;
+ if (dst) {
+ if (n<MB_LEN_MAX) {
+ if (l>n) break;
+ memcpy(dst, tmp, l);
+ }
+ dst += l;
n -= l;
}
- wn = ws ? wn - (ws - tmp_ws) : 0;
- cnt += l;
- }
- if (ws) while (n && wn) {
- l = wcrtomb(s, *ws, 0);
- if ((l+1)<=1) {
- if (!l) ws = 0;
- else cnt = l;
+ if (!*ws) {
+ ws = 0;
break;
}
- ws++; wn--;
- /* safe - this loop runs fewer than sizeof(buf) times */
- s+=l; n-=l;
+ ws++;
+ wn--;
cnt += l;
}
if (dst) *wcs = ws;
--
2.20.1
@@ -0,0 +1,48 @@
From 04b06aaa3e0cc0022b9b01dbca2863756ebbf59a Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Mon, 16 Nov 2020 10:20:21 -0800
Subject: [PATCH] Ensure IMAP connection is closed after a connection error.
During connection, if the server provided an illegal initial response,
Mutt "bailed", but did not actually close the connection. The calling
code unfortunately relied on the connection status to decide to
continue with authentication, instead of checking the "bail" return
value.
This could result in authentication credentials being sent over an
unencrypted connection, without $ssl_force_tls being consulted.
Fix this by strictly closing the connection on any invalid response
during connection. The fix is intentionally small, to ease
backporting. A better fix would include removing the 'err_close_conn'
label, and perhaps adding return value checking in the caller (though
this change obviates the need for that).
This addresses CVE-2020-28896. Thanks to Gabriel Salles-Loustau for
reporting the problem, and providing test cases to reproduce.
[Retrieved from:
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
imap/imap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/imap/imap.c b/imap/imap.c
index b24e8a3f..b13dd54d 100644
--- a/imap/imap.c
+++ b/imap/imap.c
@@ -561,9 +561,9 @@ int imap_open_connection (IMAP_DATA* idata)
#if defined(USE_SSL)
err_close_conn:
- imap_close_connection (idata);
#endif
bail:
+ imap_close_connection (idata);
FREE (&idata->capstr);
return -1;
}
--
GitLab
+1 -1
View File
@@ -1,3 +1,3 @@
# Locally calculated
sha256 ca8e56f8210b4fffa91ea08958b62b811cce552fe4fd7d726111cf53079ed3c3 mutt-1.14.4.tar.gz
sha256 e4f507b133253cb5eef27996b8668956cdf9caac622cf8adad13f0f9a4eda864 mutt-1.14.7.tar.gz
sha256 732f24b69a6c71cd8e01e4672bb8e12cc1cbb88a50a4665e6ca4fd95000a57ee GPL
+12 -2
View File
@@ -4,13 +4,16 @@
#
################################################################################
MUTT_VERSION = 1.14.4
MUTT_VERSION = 1.14.7
MUTT_SITE = https://bitbucket.org/mutt/mutt/downloads
MUTT_LICENSE = GPL-2.0+
MUTT_LICENSE_FILES = GPL
MUTT_DEPENDENCIES = ncurses
MUTT_CONF_OPTS = --disable-doc --disable-smtp
# 0001-Ensure-IMAP-connection-is-closed-after-a-connection-error.patch
MUTT_IGNORE_CVES += CVE-2020-28896
ifeq ($(BR2_PACKAGE_LIBICONV),y)
MUTT_DEPENDENCIES += libiconv
MUTT_CONF_OPTS += --enable-iconv
@@ -40,7 +43,7 @@ MUTT_CONF_OPTS += --disable-pop
endif
# SSL support is only used by imap or pop3 module
ifneq ($(BR2_PACKAGET_MUTT_IMAP)$(BR2_PACKAGE_MUTT_POP3),)
ifneq ($(BR2_PACKAGE_MUTT_IMAP)$(BR2_PACKAGE_MUTT_POP3),)
ifeq ($(BR2_PACKAGE_OPENSSL),y)
MUTT_DEPENDENCIES += openssl
MUTT_CONF_OPTS += --with-ssl=$(STAGING_DIR)/usr
@@ -58,6 +61,13 @@ else
MUTT_CONF_OPTS += --without-sqlite3
endif
ifeq ($(BR2_PACKAGE_ZLIB),y)
MUTT_DEPENDENCIES += zlib
MUTT_CONF_OPTS += --with-zlib=$(STAGING_DIR)/usr
else
MUTT_CONF_OPTS += --without-zlib
endif
# Avoid running tests to check for:
# - target system is *BSD
# - C99 conformance (snprintf, vsnprintf)
+6
View File
@@ -50,6 +50,9 @@ NCURSES_PATCH = \
ncurses-6.1-20200118.patch.gz \
)
# ncurses-6.1-20191012.patch.gz
NCURSES_IGNORE_CVES += CVE-2019-17594 CVE-2019-17595
NCURSES_CONF_OPTS = \
--without-cxx \
--without-cxx-binding \
@@ -184,6 +187,9 @@ define HOST_NCURSES_BUILD_CMDS
$(HOST_MAKE_ENV) $(MAKE) -C $(@D)/progs tic
endef
HOST_NCURSES_CONF_ENV = \
ac_cv_path_LDCONFIG=""
HOST_NCURSES_CONF_OPTS = \
--with-shared \
--without-gpm \
@@ -0,0 +1,37 @@
From 7c073e3a1b736689135fd2ed44ede5b83790bd37 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 26 Aug 2019 18:32:08 -0700
Subject: IP-MIB, Linux: Fix a memory leak in an error path
When a Linux system is booted with "ipv6.disable=1" in the kernel command
line, the file "/proc/net/snmp6" is not created. Fix the memory leak in
_systemstats_v6_load_systemstats() that is triggered with IPv6 disabled.
See also https://sourceforge.net/p/net-snmp/bugs/2976/.
Reported-by: Mark E Rusk <marker55@users.sourceforge.net>
---
agent/mibgroup/ip-mib/data_access/systemstats_linux.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
index e28ff93..f68d122 100644
--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
+++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
@@ -560,10 +560,12 @@ _systemstats_v6_load_systemstats(netsnmp_container* container, u_int load_flags)
* try to open file. If we can't, that's ok - maybe the module hasn't
* been loaded yet.
*/
- if (!(devin = fopen(filename, "r"))) {
+ devin = fopen(filename, "r");
+ if (!devin) {
DEBUGMSGTL(("access:systemstats",
"Failed to load Systemstats Table (linux1), cannot open %s\n",
filename));
+ netsnmp_access_systemstats_entry_free(entry);
return 0;
}
--
2.7.4
@@ -0,0 +1,37 @@
From 434f6c3fe7d1d2c6a3e6ae6338608a4a4421ab1b Mon Sep 17 00:00:00 2001
From: Michael Drake <michael.drake@codethink.co.uk>
Date: Fri, 13 Nov 2020 11:12:58 +0000
Subject: framebuffer: Fix internal font generated source for GCC 10.
[Retrieved (and backported) from:
https://git.netsurf-browser.org/netsurf.git/commit/?id=434f6c3fe7d1d2c6a3e6ae6338608a4a4421ab1b]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
tools/convert_font.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/netsurf/frontends/framebuffer/convert_font.c b/netsurf/frontends/framebuffer/convert_font.c
index 9f5734b71..d22c85920 100644
--- a/netsurf/frontends/framebuffer/convert_font.c
+++ b/netsurf/frontends/framebuffer/convert_font.c
@@ -290,14 +290,14 @@ static bool generate_font_header(const char *path, struct font_data *data)
for (s = 0; s < 4; s++) {
- fprintf(fp, "const uint8_t *%s_section_table;\n",
+ fprintf(fp, "extern const uint8_t *%s_section_table;\n",
var_lables[s]);
- fprintf(fp, "const uint16_t *%s_sections;\n",
+ fprintf(fp, "extern const uint16_t *%s_sections;\n",
var_lables[s]);
}
- fprintf(fp, "const uint8_t *font_glyph_data;\n");
+ fprintf(fp, "extern const uint8_t *font_glyph_data;\n");
fprintf(fp, "\n\n");
--
cgit v1.2.1
+2 -2
View File
@@ -1,5 +1,5 @@
# From https://nodejs.org/dist/v12.18.4/SHASUMS256.txt
sha256 25f03cb18e53b6d0959d0c219e701a85eb4693f526bdda7c72bc6199b364f609 node-v12.18.4.tar.xz
# From https://nodejs.org/dist/v12.19.1/SHASUMS256.txt
sha256 74077e0cc3db000a6f3cc685b220e609807b61adc8e7d8243e8511d478d1b17d node-v12.19.1.tar.xz
# Hash for license file
sha256 0dc03af08b95ea0c1e27f8fd591dee4383eb6f2c304db6eb6cdfb6751f7da87b LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
NODEJS_VERSION = 12.18.4
NODEJS_VERSION = 12.19.1
NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz
NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION)
NODEJS_DEPENDENCIES = host-python host-nodejs c-ares \
+3
View File
@@ -46,6 +46,7 @@ endif
# OpenCV build options
OPENCV3_CONF_OPTS += \
-DBUILD_WITH_STATIC_CRT=OFF \
-DENABLE_CCACHE=OFF \
-DENABLE_COVERAGE=OFF \
-DENABLE_FAST_MATH=ON \
-DENABLE_IMPL_COLLECTION=OFF \
@@ -287,7 +288,9 @@ OPENCV3_CONF_OPTS += -DWITH_PNG=OFF
endif
ifeq ($(BR2_PACKAGE_OPENCV3_WITH_PROTOBUF),y)
# protobuf needs c++11 (since 3.6.0)
OPENCV3_CONF_OPTS += \
-DENABLE_CXX11=ON \
-DPROTOBUF_UPDATE_FILES=ON \
-DWITH_PROTOBUF=ON
OPENCV3_DEPENDENCIES += protobuf
+1 -1
View File
@@ -44,7 +44,7 @@ diff -rupN openldap-2.4.40/clients/tools/Makefile.in openldap-2.4.40-br/clients/
diff -rupN openldap-2.4.40/configure.in openldap-2.4.40-br/configure.in
--- openldap-2.4.40/configure.in 2014-09-18 21:48:49.000000000 -0400
+++ openldap-2.4.40-br/configure.in 2015-01-16 15:50:48.874816786 -0500
@@ -669,6 +669,15 @@ if test -z "${AR}"; then
@@ -668,6 +668,15 @@ if test -z "${AR}"; then
fi
fi
+2 -2
View File
@@ -15,7 +15,7 @@ Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
diff -durN openldap-2.4.40.orig/configure openldap-2.4.40/configure
--- openldap-2.4.40.orig/configure 2014-09-19 03:48:49.000000000 +0200
+++ openldap-2.4.40/configure 2015-01-25 18:44:54.216879362 +0100
@@ -23478,7 +23478,7 @@
@@ -23431,7 +23431,7 @@
if test "$ac_cv_header_openssl_bn_h" = "yes" &&
test "$ac_cv_header_openssl_crypto_h" = "yes" &&
@@ -27,7 +27,7 @@ diff -durN openldap-2.4.40.orig/configure openldap-2.4.40/configure
diff -durN openldap-2.4.40.orig/configure.in openldap-2.4.40/configure.in
--- openldap-2.4.40.orig/configure.in 2014-09-19 03:48:49.000000000 +0200
+++ openldap-2.4.40/configure.in 2015-01-25 18:44:37.628676446 +0100
@@ -2367,7 +2367,7 @@
@@ -2383,7 +2383,7 @@
AC_CHECK_HEADERS(openssl/crypto.h)
if test "$ac_cv_header_openssl_bn_h" = "yes" &&
test "$ac_cv_header_openssl_crypto_h" = "yes" &&
+5 -5
View File
@@ -1,7 +1,7 @@
# From https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.50.md5
md5 f9ed44ef373abed04c9e4c8586260f9e openldap-2.4.50.tgz
# From https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.50.sha1
sha1 82f576e0d0d334e9e798d9de8936683546247bb9 openldap-2.4.50.tgz
# From https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.56.md5
md5 82a7dcf7aeaf95fdad16017c0ed9983a openldap-2.4.56.tgz
# From https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.56.sha1
sha1 4c617b87bd50ef8d071e7deb7525af79b08d4910 openldap-2.4.56.tgz
# Locally computed
sha256 5cb57d958bf5c55a678c6a0f06821e0e5504d5a92e6a33240841fbca1db586b8 openldap-2.4.50.tgz
sha256 25520e0363c93f3bcb89802a4aa3db33046206039436e0c7c9262db5a61115e0 openldap-2.4.56.tgz
sha256 310fe25c858a9515fc8c8d7d1f24a67c9496f84a91e0a0e41ea9975b1371e569 LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
OPENLDAP_VERSION = 2.4.50
OPENLDAP_VERSION = 2.4.56
OPENLDAP_SOURCE = openldap-$(OPENLDAP_VERSION).tgz
OPENLDAP_SITE = https://www.openldap.org/software/download/OpenLDAP/openldap-release
OPENLDAP_LICENSE = OpenLDAP Public License
@@ -0,0 +1,52 @@
From 375ef42393f3dc6edbaa2cb70c79b2366072db38 Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <slyfox@gentoo.org>
Date: Sun, 19 Jan 2020 15:24:20 +0000
Subject: [PATCH] src/rc/rc-logger.h: fix build failure against gcc-10
On gcc-10 (and gcc-9 -fno-common) build fails as:
```
cc -L../librc -L../libeinfo -O2 -g -std=c99 -Wall -Wextra -Wimplicit -Wshadow \
-Wformat=2 -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn \
-Wmissing-format-attribute -Wnested-externs -Winline -Wwrite-strings \
-Wcast-align -Wcast-qual -Wpointer-arith -Wdeclaration-after-statement \
-Wsequence-point -Werror=implicit-function-declaration \
-Wl,-rpath=/lib -o openrc rc.o rc-logger.o rc-misc.o rc-plugin.o _usage.o -lutil -lrc -leinfo -Wl,-Bdynamic -ldl
ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:16:
multiple definition of `rc_logger_pid'; rc.o:openrc/src/rc/rc-logger.h:16: first defined here
ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:17:
multiple definition of `rc_logger_tty'; rc.o:openrc/src/rc/rc-logger.h:17: first defined here
```
gcc-10 will change the default from -fcommon to fno-common:
https://gcc.gnu.org/PR85678.
The error also happens if CFLAGS=-fno-common passed explicitly.
This fixes #348.
[Patch taken from upstream:
https://github.com/OpenRC/openrc/commit/375ef42393f3dc6edbaa2cb70c79b2366072db38]
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
---
src/rc/rc-logger.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/rc/rc-logger.h b/src/rc/rc-logger.h
index bf6e3e57..1da294b0 100644
--- a/src/rc/rc-logger.h
+++ b/src/rc/rc-logger.h
@@ -13,8 +13,8 @@
#ifndef RC_LOGGER_H
#define RC_LOGGER_H
-pid_t rc_logger_pid;
-int rc_logger_tty;
+extern pid_t rc_logger_pid;
+extern int rc_logger_tty;
extern bool rc_in_logger;
void rc_logger_open(const char *runlevel);
--
2.20.1
@@ -0,0 +1,251 @@
From b6fef599bf8493480664b766040fa9b0d4b1e335 Mon Sep 17 00:00:00 2001
From: William Hubbs <w.d.hubbs@gmail.com>
Date: Fri, 20 Nov 2020 09:15:59 -0600
Subject: [PATCH] checkpath: fix CVE-2018-21269
This walks the directory path to the file we are going to manipulate to make
sure that when we create the file and change the ownership and permissions
we are working on the same file.
Also, all non-terminal symbolic links must be owned by root. This will
keep a non-root user from making a symbolic link as described in the
bug. If root creates the symbolic link, it is assumed to be trusted.
On non-linux platforms, we no longer follow non-terminal symbolic links
by default. If you need to do that, add the -s option on the checkpath
command line, but keep in mind that this is not secure.
This fixes #201.
[Patch taken from upstream:
https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335]
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
---
man/openrc-run.8 | 6 +++
src/rc/checkpath.c | 103 ++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 102 insertions(+), 7 deletions(-)
diff --git a/man/openrc-run.8 b/man/openrc-run.8
index 1102daaa..ec4b88de 100644
--- a/man/openrc-run.8
+++ b/man/openrc-run.8
@@ -461,6 +461,7 @@ Mark the service as inactive.
.Op Fl p , -pipe
.Op Fl m , -mode Ar mode
.Op Fl o , -owner Ar owner
+.Op Fl s , -symlinks
.Op Fl W , -writable
.Op Fl q , -quiet
.Ar path ...
@@ -481,6 +482,11 @@ or with names, and are separated by a colon.
The truncate options (-D and -F) cause the directory or file to be
cleared of all contents.
.Pp
+If -s is not specified on a non-linux platform, checkpath will refuse to
+allow non-terminal symbolic links to exist in the path. This is for
+security reasons so that a non-root user can't create a symbolic link to
+a root-owned file and take ownership of that file.
+.Pp
If -W is specified, checkpath checks to see if the first path given on
the command line is writable. This is different from how the test
command in the shell works, because it also checks to make sure the file
diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c
index 448c9cf8..ff54a892 100644
--- a/src/rc/checkpath.c
+++ b/src/rc/checkpath.c
@@ -16,6 +16,7 @@
* except according to the terms contained in the LICENSE file.
*/
+#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/stat.h>
@@ -23,6 +24,7 @@
#include <fcntl.h>
#include <getopt.h>
#include <grp.h>
+#include <libgen.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
@@ -44,7 +46,7 @@ typedef enum {
const char *applet = NULL;
const char *extraopts ="path1 [path2] [...]";
-const char *getoptstring = "dDfFpm:o:W" getoptstring_COMMON;
+const char *getoptstring = "dDfFpm:o:sW" getoptstring_COMMON;
const struct option longopts[] = {
{ "directory", 0, NULL, 'd'},
{ "directory-truncate", 0, NULL, 'D'},
@@ -53,6 +55,7 @@ const struct option longopts[] = {
{ "pipe", 0, NULL, 'p'},
{ "mode", 1, NULL, 'm'},
{ "owner", 1, NULL, 'o'},
+ { "symlinks", 0, NULL, 's'},
{ "writable", 0, NULL, 'W'},
longopts_COMMON
};
@@ -64,15 +67,92 @@ const char * const longopts_help[] = {
"Create a named pipe (FIFO) if not exists",
"Mode to check",
"Owner to check (user:group)",
+ "follow symbolic links (irrelivent on linux)",
"Check whether the path is writable or not",
longopts_help_COMMON
};
const char *usagestring = NULL;
+static int get_dirfd(char *path, bool symlinks) {
+ char *ch;
+ char *item;
+ char *linkpath = NULL;
+ char *path_dupe;
+ char *str;
+ int components = 0;
+ int dirfd;
+ int flags = 0;
+ int new_dirfd;
+ struct stat st;
+ ssize_t linksize;
+
+ if (!path || *path != '/')
+ eerrorx("%s: empty or relative path", applet);
+ dirfd = openat(dirfd, "/", O_RDONLY);
+ if (dirfd == -1)
+ eerrorx("%s: unable to open the root directory: %s",
+ applet, strerror(errno));
+ path_dupe = xstrdup(path);
+ ch = path_dupe;
+ while (*ch) {
+ if (*ch == '/')
+ components++;
+ ch++;
+ }
+ item = strtok(path_dupe, "/");
+#ifdef O_PATH
+ flags |= O_PATH;
+#endif
+ if (!symlinks)
+ flags |= O_NOFOLLOW;
+ flags |= O_RDONLY;
+ while (dirfd > 0 && item && components > 1) {
+ str = xstrdup(linkpath ? linkpath : item);
+ new_dirfd = openat(dirfd, str, flags);
+ if (new_dirfd == -1)
+ eerrorx("%s: %s: could not open %s: %s", applet, path, str,
+ strerror(errno));
+ if (fstat(new_dirfd, &st) == -1)
+ eerrorx("%s: %s: unable to stat %s: %s", applet, path, item,
+ strerror(errno));
+ if (S_ISLNK(st.st_mode) ) {
+ if (st.st_uid != 0)
+ eerrorx("%s: %s: synbolic link %s not owned by root",
+ applet, path, str);
+ linksize = st.st_size+1;
+ if (linkpath)
+ free(linkpath);
+ linkpath = xmalloc(linksize);
+ memset(linkpath, 0, linksize);
+ if (readlinkat(new_dirfd, "", linkpath, linksize) != st.st_size)
+ eerrorx("%s: symbolic link destination changed", applet);
+ /*
+ * now follow the symlink.
+ */
+ close(new_dirfd);
+ } else {
+ close(dirfd);
+ dirfd = new_dirfd;
+ free(linkpath);
+ linkpath = NULL;
+ item = strtok(NULL, "/");
+ components--;
+ }
+ }
+ free(path_dupe);
+ if (linkpath) {
+ free(linkpath);
+ linkpath = NULL;
+ }
+ return dirfd;
+}
+
static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
- inode_t type, bool trunc, bool chowner, bool selinux_on)
+ inode_t type, bool trunc, bool chowner, bool symlinks, bool selinux_on)
{
struct stat st;
+ char *name = NULL;
+ int dirfd;
int fd;
int flags;
int r;
@@ -93,14 +173,16 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
#endif
if (trunc)
flags |= O_TRUNC;
- readfd = open(path, readflags);
+ xasprintf(&name, "%s", basename_c(path));
+ dirfd = get_dirfd(path, symlinks);
+ readfd = openat(dirfd, name, readflags);
if (readfd == -1 || (type == inode_file && trunc)) {
if (type == inode_file) {
einfo("%s: creating file", path);
if (!mode) /* 664 */
mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
u = umask(0);
- fd = open(path, flags, mode);
+ fd = openat(dirfd, name, flags, mode);
umask(u);
if (fd == -1) {
eerror("%s: open: %s", applet, strerror(errno));
@@ -122,7 +204,7 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
strerror (errno));
return -1;
}
- readfd = open(path, readflags);
+ readfd = openat(dirfd, name, readflags);
if (readfd == -1) {
eerror("%s: unable to open directory: %s", applet,
strerror(errno));
@@ -140,7 +222,7 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
strerror (errno));
return -1;
}
- readfd = open(path, readflags);
+ readfd = openat(dirfd, name, readflags);
if (readfd == -1) {
eerror("%s: unable to open fifo: %s", applet,
strerror(errno));
@@ -259,6 +341,7 @@ int main(int argc, char **argv)
int retval = EXIT_SUCCESS;
bool trunc = false;
bool chowner = false;
+ bool symlinks = false;
bool writable = false;
bool selinux_on = false;
@@ -293,6 +376,11 @@ int main(int argc, char **argv)
eerrorx("%s: owner `%s' not found",
applet, optarg);
break;
+ case 's':
+#ifndef O_PATH
+ symlinks = true;
+#endif
+ break;
case 'W':
writable = true;
break;
@@ -320,7 +408,8 @@ int main(int argc, char **argv)
while (optind < argc) {
if (writable)
exit(!is_writable(argv[optind]));
- if (do_check(argv[optind], uid, gid, mode, type, trunc, chowner, selinux_on))
+ if (do_check(argv[optind], uid, gid, mode, type, trunc, chowner,
+ symlinks, selinux_on))
retval = EXIT_FAILURE;
optind++;
}
--
2.20.1
+3
View File
@@ -9,6 +9,9 @@ OPENRC_SITE = $(call github,OpenRC,openrc,$(OPENRC_VERSION))
OPENRC_LICENSE = BSD-2-Clause
OPENRC_LICENSE_FILES = LICENSE
# 0007-checkpath-fix-CVE-2018-21269.patch
OPENRC_IGNORE_CVES += CVE-2018-21269
OPENRC_DEPENDENCIES = ncurses
# set LIBNAME so openrc puts files in proper directories and sets proper
+2
View File
@@ -10,6 +10,8 @@ OPKG_UTILS_SITE_METHOD = git
OPKG_UTILS_LICENSE = GPL-2.0+
OPKG_UTILS_LICENSE_FILES = COPYING
HOST_OPKG_UTILS_DEPENDENCIES += $(BR2_PYTHON3_HOST_DEPENDENCY)
define HOST_OPKG_UTILS_BUILD_CMDS
$(MAKE) -C $(@D) $(HOST_CONFIGURE_OPTS)
endef
+2 -2
View File
@@ -1,5 +1,5 @@
# Locally computed:
sha256 996eef9e498519da79108f58a887a34abc50cd76770b19b0300b27783706c71f paho-mqtt-c-1.3.5.tar.gz
sha256 19e9f04ddf244ab8c937d7e631ca15cedce7df95712c554107600e80efdaf277 paho-mqtt-c-1.3.7.tar.gz
sha256 83bbba033dc985487e321b6dfde111772affb73460be48726299fed3da684b1c edl-v10
sha256 0becf16567beb77fa252b7664631dd177c8f9a1889e48995b45379c7130e5303 epl-v20
sha256 99d3a5c5cc2812f0593a85ec7c1b6dd83e8477b5090c01d9de0d49d49f367a4a LICENSE
sha256 bc0f3f447097eb82a29ad6c2f4929572bb548b6bd4c9e38fde1bf131a771b7a0 LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
PAHO_MQTT_C_VERSION = 1.3.5
PAHO_MQTT_C_VERSION = 1.3.7
PAHO_MQTT_C_SITE = $(call github,eclipse,paho.mqtt.c,v$(PAHO_MQTT_C_VERSION))
PAHO_MQTT_C_LICENSE = EPL-2.0 or BSD-3-Clause
PAHO_MQTT_C_LICENSE_FILES = epl-v20 edl-v10 LICENSE
@@ -16,7 +16,7 @@ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[aduskett@gmail.com: Update for 7.3.0]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Bernd: rebased for 7.4.10]
[Bernd: rebased for 7.4.10 & 7.4.13]
---
build/php.m4 | 2 +-
ext/iconv/config.m4 | 22 ----------------------
@@ -26,7 +26,7 @@ diff --git a/build/php.m4 b/build/php.m4
index 9586c490..8b3d47ed 100644
--- a/build/php.m4
+++ b/build/php.m4
@@ -1965,7 +1965,7 @@ AC_DEFUN([PHP_SETUP_ICONV], [
@@ -1967,7 +1967,7 @@ AC_DEFUN([PHP_SETUP_ICONV], [
dnl Check external libs for iconv funcs.
if test "$found_iconv" = "no"; then
@@ -13,7 +13,7 @@ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Aduskett: update for 7.3.0]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Bernd: rebased for 7.4.10]
[Bernd: rebased for 7.4.10 & 7.4.13]
---
configure.ac | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
@@ -22,7 +22,7 @@ diff --git a/configure.ac b/configure.ac
index 0dfab302..6026fb66 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1453,13 +1453,8 @@ CFLAGS="\$(CFLAGS_CLEAN) $standard_libtool_flag"
@@ -1454,13 +1454,8 @@ CFLAGS="\$(CFLAGS_CLEAN) $standard_libtool_flag"
INLINE_CFLAGS="$INLINE_CFLAGS $standard_libtool_flag"
CXXFLAGS="$CXXFLAGS $standard_libtool_flag \$(PROF_FLAGS)"
+1 -1
View File
@@ -1,5 +1,5 @@
# From https://www.php.net/downloads.php
sha256 e82d2bcead05255f6b7d2ff4e2561bc334204955820cabc2457b5239fde96b76 php-7.4.12.tar.xz
sha256 aead303e3abac23106529560547baebbedba0bb2943b91d5aa08fff1f41680f4 php-7.4.13.tar.xz
# License file
sha256 0967ad6cf4b7fe81d38709d7aaef3fecb3bd685be7eebb37b864aa34c991baa7 LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
PHP_VERSION = 7.4.12
PHP_VERSION = 7.4.13
PHP_SITE = http://www.php.net/distributions
PHP_SOURCE = php-$(PHP_VERSION).tar.xz
PHP_INSTALL_STAGING = YES
+7 -7
View File
@@ -22,10 +22,10 @@
# Set compiler variables.
ifeq ($(BR2_CCACHE),y)
CMAKE_HOST_C_COMPILER = $(HOST_DIR)/bin/ccache
CMAKE_HOST_CXX_COMPILER = $(HOST_DIR)/bin/ccache
CMAKE_HOST_C_COMPILER_ARG1 = $(HOSTCC_NOCCACHE)
CMAKE_HOST_CXX_COMPILER_ARG1 = $(HOSTCXX_NOCCACHE)
CMAKE_HOST_C_COMPILER = $(HOSTCC_NOCCACHE)
CMAKE_HOST_CXX_COMPILER = $(HOSTCXX_NOCCACHE)
CMAKE_HOST_C_COMPILER_LAUNCHER = $(HOST_DIR)/bin/ccache
CMAKE_HOST_CXX_COMPILER_LAUNCHER = $(HOST_DIR)/bin/ccache
else
CMAKE_HOST_C_COMPILER = $(HOSTCC)
CMAKE_HOST_CXX_COMPILER = $(HOSTCXX)
@@ -134,9 +134,9 @@ define $(2)_CONFIGURE_CMDS
-DCMAKE_ASM_COMPILER="$$(HOSTAS)" \
-DCMAKE_C_COMPILER="$$(CMAKE_HOST_C_COMPILER)" \
-DCMAKE_CXX_COMPILER="$$(CMAKE_HOST_CXX_COMPILER)" \
$(if $$(CMAKE_HOST_C_COMPILER_ARG1),\
-DCMAKE_C_COMPILER_ARG1="$$(CMAKE_HOST_C_COMPILER_ARG1)" \
-DCMAKE_CXX_COMPILER_ARG1="$$(CMAKE_HOST_CXX_COMPILER_ARG1)" \
$(if $$(CMAKE_HOST_C_COMPILER_LAUNCHER),\
-DCMAKE_C_COMPILER_LAUNCHER="$$(CMAKE_HOST_C_COMPILER_LAUNCHER)" \
-DCMAKE_CXX_COMPILER_LAUNCHER="$$(CMAKE_HOST_CXX_COMPILER_LAUNCHER)" \
) \
-DCMAKE_COLOR_MAKEFILE=OFF \
-DBUILD_DOC=OFF \
+2 -2
View File
@@ -141,7 +141,7 @@ endif
ifndef $(2)_INSTALL_TARGET_CMDS
define $(2)_INSTALL_TARGET_CMDS
$$(foreach d,$$($(2)_INSTALL_BINS),\
$(INSTALL) -D -m 0755 $$(@D)/bin/$$(d) $(TARGET_DIR)/usr/bin/$$(d)
$(INSTALL) -D -m 0755 $$(@D)/bin/$$(d) $$(TARGET_DIR)/usr/bin/$$(d)
)
endef
endif
@@ -150,7 +150,7 @@ endif
ifndef $(2)_INSTALL_CMDS
define $(2)_INSTALL_CMDS
$$(foreach d,$$($(2)_INSTALL_BINS),\
$(INSTALL) -D -m 0755 $$(@D)/bin/$$(d) $(HOST_DIR)/bin/$$(d)
$(INSTALL) -D -m 0755 $$(@D)/bin/$$(d) $$(HOST_DIR)/bin/$$(d)
)
endef
endif
+2
View File
@@ -87,6 +87,7 @@ define $(2)_CONFIGURE_CMDS
--default-library=$(if $(BR2_STATIC_LIBS),static,shared) \
--buildtype=$(if $(BR2_ENABLE_DEBUG),debug,release) \
--cross-file=$$($$(PKG)_SRCDIR)/build/cross-compilation.conf \
-Dstrip=false \
-Dbuild.pkg_config_path=$$(HOST_DIR)/lib/pkgconfig \
$$($$(PKG)_CONF_OPTS) \
$$($$(PKG)_SRCDIR) $$($$(PKG)_SRCDIR)/build
@@ -105,6 +106,7 @@ define $(2)_CONFIGURE_CMDS
--localstatedir=$$(HOST_DIR)/var \
--default-library=shared \
--buildtype=release \
-Dstrip=true \
$$($$(PKG)_CONF_OPTS) \
$$($$(PKG)_SRCDIR) $$($$(PKG)_SRCDIR)/build
endef
+4 -4
View File
@@ -1,6 +1,6 @@
# From http://sourceforge.net/projects/ijbswa/files/Sources/3.0.28%20%28stable%29/
md5 c7e8900d5aff33d9a5fc37ac28154f21 privoxy-3.0.28-stable-src.tar.gz
sha1 fa8f9f355a48afe94afcaef31c5404b2294c1043 privoxy-3.0.28-stable-src.tar.gz
# From http://sourceforge.net/projects/ijbswa/files/Sources/3.0.28%20%29stable%29/
md5 493a3a643247e6c8bc60725e9993d4ee privoxy-3.0.29-stable-src.tar.gz
sha1 59873a122729b1b03e1d202d663036d2b5fa1120 privoxy-3.0.29-stable-src.tar.gz
# Locally computed
sha256 b5d78cc036aaadb3b7cf860e9d598d7332af468926a26e2d56167f1cb6f2824a privoxy-3.0.28-stable-src.tar.gz
sha256 25c6069efdaf577d47c257da63b03cd6d063fb790e19cc39603d82e5db72489d privoxy-3.0.29-stable-src.tar.gz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 LICENSE

Some files were not shown because too many files have changed in this diff Show More