- Oct 12, 2020
-
-
Peter Korsgaard authored
Signed-off-by:Peter Korsgaard <peter@korsgaard.com>
-
Charles Hardin authored
The fakeroot script does not appear to be used in any of the checked in defconfig targets, but it seems that most often the post fakeroot script should be done after all the packages rules have been applied instead of before. Given that a change in systemd moved the SYSTEMD_PRESET_ALL hook to a ROOTFS_PRE_CMD_HOOKS, there was no way to use a FAKEROOT script to disable a service or fixup a systemd configuration. The systemd move makes sense, and this just tries to preserve the same ability to fixup a rootfs after all the cmd hooks are processed. Refer to commit 65b63785 for the change that instigated this reordering. Signed-off-by:
Charles Hardin <ckhardin@gmail.com> Signed-off-by:
Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit 4bc4dbd6) Signed-off-by:
-
Peter Korsgaard authored
Fixes #13251 json-c >= 0.14.0 has a name clash with internal cryptsetup functions, causing a runtime issue. Backport an upstream patch to rename the internal functions to fix this. Signed-off-by: -
Peter Korsgaard authored
sentry-sdk has a set of optional "integrations", some of which use asyncio. pycompile unfortunately errors out on these files when running under Python 2.x: ../scripts/pycompile.py .. error: File "/usr/lib/python2.7/site-packages/sentry_sdk/integrations/sanic.py", line 64 async def sentry_handle_request(self, request, *args, **kwargs): ^ SyntaxError: invalid syntax As a workaround, simply drop the unusable files from TARGET_DIR if building for python 2.x. Fixes: http://autobuild.buildroot.net/results/9e4/9e47ee2a56153379e4e7bc839be5972a2302ba9f/ Signed-off-by: -
Peter Korsgaard authored
Pymodbus has optional support for asyncio. Pycompile unfortunately errors out on these files when running under Python 2.x: ../scripts/pycompile.py .. error: File "/usr/lib/python2.7/site-packages/pymodbus/client/asynchronous/asyncio/__init__.py", line 257 yield from self._connect() ^ SyntaxError: invalid syntax As a workaround, simply drop the unusable files from TARGET_DIR if building for python 2.x. Fixes: http://autobuild.buildroot.net/results/cc4/cc48927cbe9ae6c2d8b12d65467ec40df82febf6/ Signed-off-by: -
Peter Korsgaard authored
Fixes a regression introduced in patch level 16. Rename the 2 uClibc patches so the upstream patch numbering matches ours. Signed-off-by:
-
Peter Korsgaard authored
Signed-off-by:
-
Fabrice Fontaine authored
SERVER-50463 Make PooledLDAPConnection::refresh take self-ownership https://docs.mongodb.com/manual/release-notes/4.2-changelog/#id1 Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit a836c09a) Signed-off-by:
-
Fabrice Fontaine authored
- Fix CVE-2020-25862: In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. - Fix CVE-2020-25863: In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. - Fix CVE-2020-25866: In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. https://www.wireshark.org/docs/relnotes/wireshark-3.2.7.html Signed-off-by:
-
- Oct 11, 2020
-
-
Peter Korsgaard authored
Fixes: http://autobuild.buildroot.net/results/829/8293529a72ac4c8e93919b8bc0ea758fbb4bc444/ Python 2.x gets confused by rb"string", but not br"string", so add an upstream patch changing the former to the latter to fix a pycompile issue with python 2.x: error: File "/usr/lib/python2.7/site-packages/scapy/tools/generate_ethertypes.py", line 23 reg = rb".*ETHERTYPE_([^\s]+)\s.0x([0-9A-Fa-f]+).*\/\*(.*)\*\/" ^ SyntaxError: invalid syntax Signed-off-by:
-
Ryan Barnett authored
Signed-off-by:
Ryan Barnett <ryanbarnett3@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
These are the second releases after Suricata joined the Oss-Fuzz program, leading to discovery of a number of (potential) security issues. We recommend upgrading as soon as possible. https://suricata-ids.org/2020/10/08/suricata-4-1-9-and-5-0-4-released Signed-off-by:
-
Fabrice Fontaine authored
Drop patch (already in version) Signed-off-by:
-
Maxim Kochetkov authored
Some external packages call pg_config to determine the installed PostgreSQL server includedir and configure options. Add this output to Buildroots own pg_config, so these packages correctly compile. Signed-off-by:
Maxim Kochetkov <fido_max@inbox.ru> Signed-off-by:
-
- Oct 10, 2020
-
-
Peter Korsgaard authored
Fixes (reproducible): http://autobuild.buildroot.net/results/50f/50f199bfe06d054cc6770760e73ac0de594a0670/diffoscope-results.txt Fail2ban installs the fail2ban-python symlink pointing to the host python intepreter used to run setup.py, which is naturally not valid at runtime and breaks the reproducible tests as shown in the diffoscope results: │ -lrwxrwxrwx 0 0 0 0 2020-10-04 10:50:38.000000 ./usr/bin/fail2ban-python -> /home/naourr/work/instance-0/output-1/host/bin/python │ +lrwxrwxrwx 0 0 0 0 2020-10-04 10:50:38.000000 ./usr/bin/fail2ban-python -> /home/naourr/work/instance-0/output-2/host/bin/python As a workaround, update the symlink after installation to point to the correct target python. Signed-off-by:
-
Peter Korsgaard authored
engineio has conditional logic to load asyncio files when running under Python 3.x: if sys.version_info >= (3, 5): # pragma: no cover from .asyncio_server import AsyncServer from .asyncio_client import AsyncClient from .async_drivers.asgi import ASGIApp try: from .async_drivers.tornado import get_tornado_handler except ImportError: get_tornado_handler = None else: # pragma: no cover AsyncServer = None AsyncClient = None get_tornado_handler = None ASGIApp = None pycompile unfortunately errors out on these files when running under Python 2.x: ../scripts/pycompile.py .. error: File "/usr/lib/python2.7/site-packages/engineio/asyncio_socket.py", line 13 async def poll(self): ^ SyntaxError: invalid syntax As a workaround, simply drop the unusable file from TARGET_DIR if building for python 2.x. Fixes: http://autobuild.buildroot.net/results/72c/72cfdffeb4d0fb7c3032b52f0a26a4758eea6762/ Signed-off-by: -
Peter Korsgaard authored
socketio has conditional logic to load asgi/asyncio files when running under Python 3.x: if sys.version_info >= (3, 5): # pragma: no cover from .asyncio_client import AsyncClient from .asyncio_server import AsyncServer from .asyncio_manager import AsyncManager from .asyncio_namespace import AsyncNamespace, AsyncClientNamespace from .asyncio_redis_manager import AsyncRedisManager from .asyncio_aiopika_manager import AsyncAioPikaManager from .asgi import ASGIApp else: # pragma: no cover AsyncClient = None AsyncServer = None AsyncManager = None AsyncNamespace = None AsyncRedisManager = None AsyncAioPikaManager = None pycompile unfortunately errors out on these files when running under Python 2.x: ../scripts/pycompile.py .. error: File "/usr/lib/python2.7/site-packages/socketio/asyncio_server.py", line 84 async def emit(self, event, data=None, to=None, room=None, skip_sid=None, ^ SyntaxError: invalid syntax As a workaround, simply drop the unusable file from TARGET_DIR if building for python 2.x. Fixes: http://autobuild.buildroot.net/results/455f3e09a590f7a6724ab8cd1b86bdf2bba8071a/ Signed-off-by: -
Peter Korsgaard authored
apply-patches currently blindly removes *.orig / .*.orig files as GNU patch by default writes these as backup files when patches only apply with fuzz. This is unfortunate as package sources may contain files ending in .orig as well, breaking the build. Luckily GNU patch can be told to not write these backup files using the --no-backup-if-mismatch option, so used that instead of the .orig removal step. --no-backup-if-mismatch is supported since GNU patch 2.3.8 (1997-06-17) and busybox patch if built with CONFIG_DESKTOP, but E.G. isn't supported by the BSD patch, so add logic to dependencies.sh to error out if patch doesn't support the flag. Signed-off-by:
-
Yann E. MORIN authored
This partially reverts commit a3aac6d8, just dropping the atomic dependency. That dependency would introduce a "recursive dependency" chain in Kconfig. However, r100 is only available on i386 and x86-64, and they both have sync4, which means libdrm's HAS_ATOMICS is always 'y' when r100 is available. So, like we did in 00c1a8c3 (package/mesa3d: propagate missing libdrm-freedreno deps), we just add a fat comment that explains why the dependency is not propagated. Reported-by:
-
James Hilliard authored
Propagate libdrm dependencies. Add r100 to menu name to differentiate from r200 dri driver. Signed-off-by:
James Hilliard <james.hilliard1@gmail.com> Reviewed-by:
Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by:
-
Fabrice Fontaine authored
brotli pkg-config files are broken since version 1.0.8 and https://github.com/google/brotli/commit/31754d4ffce14153b5c2addf7a11019ec23f51c1 This raise static build failures with all packages using brotli, fontconfig or freetype such as fbterm: -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -static -static -static -o fbterm fbterm-fbconfig.o fbterm-fbio.o fbterm-fbshell.o fbterm-fbshellman.o fbterm-fbterm.o fbterm-font.o fbterm-input.o fbterm-mouse.o fbterm-screen.o fbterm-improxy.o fbterm-screen_render.o fbterm-fbdev.o fbterm-vesadev.o lib/libshell.a -L/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib -lfreetype -lbz2 -L/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib -L/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib -lz -lpng16 -lz -R/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib -lbrotlidec -L/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib -R/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buil droot-linux-uclibcgnueabihf/sysroot/usr/lib -lbrotlicommon -L/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib -lfontconfig -lfreetype -lbz2 -L/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib -L/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib -lz -lpng16 -lz -R/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib -lbrotlidec -L/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib -R/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib -lbrotlicommon -L/srv/storage/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib -luuid -lexpat -lutil -lutil arm-linux-g++.br_real: error: unrecognized command line option '-R' Fixes: - http://autobuild.buildroot.org/results/21ede59686d4998c9e643ea874396a11b1c0df93 Signed-off-by:
-
Antoine Tenart authored
Signed-off-by:
Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by:
-
Peter Seiderer authored
The buildroot custom bareboxenv compile command misses the additional include path 'scripts/include' to gain access to the local copy of the kernel header files (which leads to compile error when using an older toolchain). This could be fixed by enhancing the custom bareboxenv compile command (see [1]) or by using the barebox build system by simply enabling the CONFIG_BAREBOXENV_TARGET option (available since April 2012, see [2]) instead (as suggested by Yann E. MORIN). Fixes (with BR2_TARGET_BAREBOX_BAREBOXENV enabled): build/barebox-2019.12.0/scripts/bareboxenv.c:100:10: fatal error: linux/list.h: No such file or directory [1] http://lists.busybox.net/pipermail/buildroot/2020-January/270942.html [2] https://git.pengutronix.de/cgit/barebox/commit/?id=afb03d7a554a2911a3742e316f011319fcb416f1 Note: a user who would previously provide a barebox config file which had CONFIG_BAREBOXENV_TARGET=y, but a Buildroot config file which did not have BR2_TARGET_BAREBOX_BAREBOXENV=y, would have bareboxenv-target built, but it would not be installed in the target. Now, and unset BR2_TARGET_BAREBOX_BAREBOXENV will not even build it, but his is not a regression: it was anyway previously not installed. Reported-by:
Frederick Gotham <cauldwell.thomas@gmail.com> Signed-off-by:
Peter Seiderer <ps.report@gmx.net> [yann.morin.1998@free.fr: - also explicitly disable it when not selected - rewrap commit log ] Signed-off-by:
-
Fabrice Fontaine authored
Pass -DNO_OPENSSL to avoid a build failure with live555 but without openssl Fixes: - http://autobuild.buildroot.org/results/70ca93aa5c9488a4657c7bcafa40bfb2e974a5b3 Signed-off-by:
-
Romain Naour authored
Ensure that squirrel is compiled with -fPIC to allow linking the static libraries with dynamically linked programs. This is not a requirement for most architectures but is mandatory for ARM. Fixes: http://autobuild.buildroot.org/results/46e8f5e622ce450a89bc6d70f4bfd38182557901 http://autobuild.buildroot.org/results/a43720492d817e4555d728546da9114e3ccba952 Signed-off-by:
Romain Naour <romain.naour@gmail.com> Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
This reverts commit 80be0408 because libsquirrel.so.0 and libsqstdlib.so.0 are missing in TARGET_DIR. Signed-off-by:
-
- Oct 05, 2020
-
-
Fabrice Fontaine authored
- Fix CVE-2020-7069: In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. - Fix CVE-2020-7070: In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. https://www.php.net/ChangeLog-7.php#7.4.11 Signed-off-by:
-
Peter Korsgaard authored
All the python packages are inside a if BR2_PACKAGE_PYTHON || BR2_PACKAGE_PYTHON3 conditional, so no need to repeat it in the Config.in. Signed-off-by:
-
Thomas De Schampheleire authored
Commit 9e4ffdc8 modified the output of 'setlocalversion' so that the Buildroot version tag is included in the output, the version part was added in Makefile. Due to differences in behavior of the used git and Mercurial commands, this caused different output for the Mercurial case, in BR2_VERSION_FULL and thus /etc/os-release and 'make print-version'. Assuming the official Buildroot releases are tagged and no project-specific tags are present, the output after commit 9e4ffdc8 is: -hg<commit> whereas it is expected to be something like: 2020.02.6-hg<commit> Change the Mercurial case in setlocalversion to behave similar to git, looking up the latest tag if the current revision is not itself tagged. The number of commits after the latest tag is not added, unlike in git, as this value is not commonly present in Mercurial output, and its added value can be disputed in this context. Even one commit could bring a huge change to the sources, so in order to interpret the number one has to look at the repository anyhow, in which case the commit ID can just be used. Signed-off-by:
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by:
-
Francois Perrad authored
The content of the license file (doc/readme.html) differs between lua 5.3 and 5.4, so we cannot use a shared .hash file for all versions. Signed-off-by:
Francois Perrad <francois.perrad@gadz.org> [Peter: extend commit message] Signed-off-by:
-
Peter Korsgaard authored
Fixes: http://autobuild.buildroot.net/results/72e0cc78194a1b93bf26a50742e59a1e93bde1d1/ fire has conditional logic to load test_components_py3.py when running under Python 3.x: if six.PY3: from fire import test_components_py3 as py3 pycompile unfortunately errors out on it: ../scripts/pycompile.py .. error: File "/usr/lib/python2.7/site-packages/fire/test_components_py3.py", line 18 def identity(arg1, arg2: int, arg3=10, arg4: int = 20, *arg5, ^ SyntaxError: invalid syntax As a workaround, simply drop the unusable _py3 file from TARGET_DIR if building for python 2.x. Signed-off-by:
-
Peter Korsgaard authored
Fixes: http://autobuild.buildroot.net/results/4ca459d54545c0e20b0f0cdc63bd81844ecd7f36/ aenum has conditional logic to load python 3.x code located in test_v3.py: if pyver >= 3.0: from aenum.test_v3 import TestEnumV3, TestOrderV3, TestNamedTupleV3 And contains logic in setup.py to drop that file during setup.py install if building for python 2.x: py3_only = ('aenum/test_v3.py', ) .. if __name__ == '__main__': if 'install' in sys.argv: import os, sys .. if sys.version_info[0] != 3: for file in py3_only: try: os.unlink(file) But this doesn't work in Buildroot as pkg-python.dk first does setup.py build (which copies test_v3.py to the build directory) before setup.py install, so test_v3.py gets installed, leading to errors from pycompile: error: File "/usr/lib/python2.7/site-packages/aenum/test_v3.py", line 12 class MagicAutoNumberEnum(Enum, settings=AutoNumber): ^ SyntaxError: invalid syntax As a workaround, add a hook to drop it from the target directory when building for python 2.x. Signed-off-by:
-
- Oct 04, 2020
-
-
Fabrice Fontaine authored
- Fix a security issue: When enabling SASL authentication for binary protocol, enabling UDP mode would allow bypassing SASL. Now refuses to start with both UDP and SASL enabled. Text mode authentication was not vulnerable. - Drop patches (already in version) and so autoreconf - Update indentation in hash file (two spaces) https://github.com/memcached/memcached/wiki/ReleaseNotes1522 Signed-off-by:
-
- Oct 03, 2020
-
-
Peter Korsgaard authored
Signed-off-by:
-
Peter Korsgaard authored
Contains a number of bugfixes. For details, see the changelog: https://docs.python.org/release/3.8.6/whatsnew/changelog.html#changelog Update the license hash for the addition of a note stating that the examples and documentation is now dual licensed under the PSF and a Zero-Clause BSD license since: https://github.com/python/cpython/commit/9fef7c54a0adfade5ec94259d97f22e05fe9e3e3 Signed-off-by:
-
Fabrice Fontaine authored
Commit 939e7143 added an optional harfbuzz dependency to freetype but this creates a circular dependency so unconditionally disable it Fixes: - http://autobuild.buildroot.org/results/3cc4ce3207a253186a9c4f8f5151ea0fc0854a28 Signed-off-by:
-
Fabrice Fontaine authored
harfbuzz is an optional dependency (enabled by default) since version 2.5.3 and https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=86026a47b345a8c254dd5e6be77bf116737cdafb Signed-off-by:
-
Fabrice Fontaine authored
libpng workaround which has been added with commit f7313cad is not needed since version 2.5.3 and https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=00c79ed9680a0d7a367c6914adc7485391299542 Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This can lead to HTTP Request Smuggling as it is a non-standard interpretation of the header. Impacts: All versions of the 14.x and 12.x releases line - CVE-2020-8252: fs.realpath.native may cause buffer overflow libuv's realpath implementation incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. Impacts: All versions of the 10.x release line All versions of the 12.x release line For more details, see the advisory: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/ Adjust license hash for the addition of the BSD-3c licensed highlight.js: https://github.com/nodejs/node/commit/6f8b7a85d239129273948386c34775810f2dc4a3 Signed-off-by: -
Thomas Petazzoni authored
We used to have a conditional patch applied on PowerPC soft-float, but this logic was dropped in commit 0c82f3f6 ("package/gcc: remove powerpc conditional patching logic"). However, we still have some related leftovers in the calculation of the hashes for ccache, which can now be dropped. Signed-off-by:
-
