dahdi-linux needs a linux with CRC CCITT since the addition of the
package in commit d959966b41 as stated in
the README:
- CONFIG_CRC_CCITT must be enabled ('y' or 'm'). On 2.6 kernels this can
be selected These can be selected from the "Library Routines" submenu
during kernel configuration via "make menuconfig".
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b22ec4bd95)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-40114: Multiple Cisco products are affected by a
vulnerability in the way the Snort detection engine processes ICMP
traffic that could allow an unauthenticated, remote attacker to cause a
denial of service (DoS) condition on an affected device. The
vulnerability is due to improper memory resource management while the
Snort detection engine is processing ICMP packets. An attacker could
exploit this vulnerability by sending a series of ICMP packets through
an affected device. A successful exploit could allow the attacker to
exhaust resources on the affected device, causing the device to reload.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UUhttps://www.snort.org/downloads/snort/changelog_2.9.18.1.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5afa2320ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenJDK 17 is a new LTS release, which leaves the Buildroot Config option of
"LTS" and "LATEST" as a misnomer because both 11 and 17 are LTS releases.
There are two options in this case:
1) Remove "LATEST" and update OpenJDK 11 to 17, and only support 17.
2) Change "LTS" to "11" and "LATEST" to "17" and only support the latest 2 LTS
OpenJDK releases.
After some discussion with Thomas Petazzoni and Peter Korsgaard, and testing,
option 2 is the best course of action for a few reasons:
- OpenJDK 11 and 17 have very long support cycles:
- OpenJDK 11 has two years of Active and five years of security support left.
- OpenJDK 17 has five years of Active and ten years of security support left.
- Both OpenJDK versions build with the same parameters.
- The maintenance cost of both versions is meager.
- Both versions pass tests.package.test_openjdk without issue.
Changes:
- Change BR2_OPENJDK_VERSION_LATEST -> BR2_OPENJDK_VERSION_17
- Change BR2_OPENJDK_VERSION_LTS -> BR2_OPENJDK_VERSION_11
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Peter: add Config.in.legacy, use BR2_PACKAGE_OPENJDK_ prefix]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a610bf9967)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.16.10 (released 2021-11-04) includes security fixes to the archive/zip
and debug/macho packages, as well as bug fixes to the compiler, linker,
runtime, the misc/wasm directory, and to the net/http package.
https://golang.org/doc/devel/release#go1.16.minor
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with uclibc raised since bump to version
8.2.3565 in commit 5650439b92 and
0a7984af56:
In file included from vim.h:27,
from fileio.c:14:
fileio.c: In function 'time_differs':
auto/config.h:149:22: error: 'stat_T' {aka 'struct stat'} has no member named 'st_mtim'; did you mean 'st_mtime'?
149 | #define ST_MTIM_NSEC st_mtim.tv_nsec
| ^~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/2132f9aa1b0bc618c91f7bf44fbd1b71b9d6ba05
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0b518033e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail is no longer responding:
** Address not found **
Your message wasn't delivered to mirza.krak@northern.tech because the address couldn't be found, or is unable to receive mail.
Learn more here: https://support.google.com/mail/?p=NoSuchUser
The response from the remote server was:
550 5.1.1 The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces. Learn more at https://support.google.com/mail/?p=NoSuchUser bi21si292758edb.0 - gsmtp
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2b2478dfdb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 377aa3b117)
[Peter: drop 5.14.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add Giulio Benetti to all Olimex Allwinner boards' defconfigs since I've
recently updated and tested them all and I'd like to receive possible
build failure from gitlab CI/CD.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1b31b4b9ce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since I'm the upstream maintainer, it'd be nice to get Cc:ed on any
issues with the package.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6e3c73bcaf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit
40bb37bd70 ("utils/getdeveloperlib.py:
use relative paths for files"), the Developer class was changed to use
relative paths, including for its .hasfile() method.
However the check_developers() function of getdeveloperlib.py was not
updated accordingly, and continued to pass absolute paths. This caused
"get-developers -c" to return the entire list of files in Buildroot as
being unmaintained, as none of them were matching the file listed in
the DEVELOPERS file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 79cba4056b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Python 3.x, check_output() returns a "bytes" array, and not a
string. Its result needs to be decoded to be turned into a
string. Without this fix, "get-developers -c" bails out with:
Traceback (most recent call last):
File "/home/thomas/projets/buildroot/./utils/get-developers", line 105, in <module>
__main__()
File "/home/thomas/projets/buildroot/./utils/get-developers", line 53, in __main__
files = getdeveloperlib.check_developers(devs)
File "/home/thomas/projets/buildroot/utils/getdeveloperlib.py", line 280, in check_developers
files = subprocess.check_output(cmd).strip().split("\n")
TypeError: a bytes-like object is required, not 'str'
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 53da6a7c05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-25219: Lame cache can be abused to severely degrade resolver
performance
For details, see the advisory:
https://kb.isc.org/docs/cve-2021-25219
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4e4bf1cf09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This option is only available in master and not any release.
Fixes:
output/build/libpsl-0.21.1/meson.build:1:0: ERROR: Unknown options: "docs"
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit bcde80febd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove efi-ldsdir meson config option which is no longer used.
Meson config variable systemd-analyze is renamed to analyze.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 63b3a3c6d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current documentation was poorly organized, with for example the
"Here is an example walk through of running a test case" sentence
followed by the explanation of how to list available test cases, but
not how to run one.
Many other aspects of the wording were confusing, or not really
accurate.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a9dc2de551)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current Gitlab CI mechanism allows to trigger all tests in a CI
pipeline by pushing a branch named <something>-runtime-tests, or to
trigger a single test in a CI pipeline by pushing a branch name
<something>-tests.<name of test>.
However, there are cases where it is useful to run a suite of tests,
for example to run all tests in tests.init.test_busybox.
This commit makes that possible by extending the current semantic of
<something>-tests.<name of test> to not expect a complete test name,
but instead to accept all tests that starts with the given pattern.
This allows to do:
git push gitlab HEAD:foobar-tests.init.test_busybox.TestInitSystemBusyboxRo
like it was the case before. But it now also allows to do:
git push gitlab HEAD:foobar-tests.init.test_busybox
to run all Busybox tests.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 23186356a1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The directory that containts tests is "support/testing/tests/", not
"supporting/testing/test".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 18bbeefb99)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cc26ee8e1b)
[Peter: drop 5.14.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
output/build/pango-1.48.10/meson.build:1:0: ERROR: Unknown options: "use_fontconfig"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 15a7be2c12)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
output/build/gst1-vaapi-1.18.5/meson.build:1:0: ERROR: Unknown options: "test"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d352ae7121)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
output/build/gst1-plugins-ugly-1.18.5/meson.build:1:0: ERROR: Unknown options: "examples"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c98ca5f44f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix teletextdec name and remove vdpau which is no longer available.
Fixes:
output/build/gst1-plugins-bad-1.18.5/meson.build:1:0: ERROR: Unknown options: "teletextdec, vdpau"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 87505ba947)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fixed a denial-of-service vulnerability in the gmp plugin that was
caused by an integer overflow when processing RSASSA-PSS signatures
with very large salt lengths. This vulnerability has been registered
as CVE-2021-41990.
- Fixed a denial-of-service vulnerability in the in-memory certificate
cache if certificates are replaced and a very large random value
caused an integer overflow. This vulnerability has been registered as
CVE-2021-41991.
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).htmlhttps://github.com/strongswan/strongswan/blob/5.9.4/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c12e8a15f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-27347: Use after free in lzma_decompress_buf function in
stream.c in Irzip 0.631 allows attackers to cause Denial of Service
(DoS) via a crafted compressed file.
- Fix CVE-2021-27345: A null pointer dereference was discovered in
ucompthread in stream.c in Irzip 0.631 which allows attackers to cause
a denial of service (DOS) via a crafted compressed file.
- Fix CVE-2020-25467: A null pointer dereference was discovered
lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker
to cause a denial of service (DOS) via a crafted compressed file.
- lz4 is a mandatory dependency since version 0.640 and
3345a239b77f3bf46203...v0.641
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3332c143c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-3872: vim is vulnerable to Heap-based Buffer Overflow
Fix CVE-2021-3875: vim is vulnerable to Heap-based Buffer Overflow
https://github.com/vim/vim/compare/v8.2.3432...v8.2.3565
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5650439b92)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use LICENSE file which is available since version 8.2.0105 and
c838626fea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1f5ed26e18)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
The http parser accepts requests with a space (SP) right after the header
name before the colon. This can lead to HTTP Request Smuggling (HRS).
- CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
The http parser ignores chunk extensions when parsing the body of chunked
requests. This leads to HTTP Request Smuggling (HRS) under certain
conditions.
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- disable doc generation (via sphinx) for host build
Reduces host-qemu build time from (on a system with sphinx installed):
real 2m5,522s
user 9m41,292s
sys 1m9,732s
to:
real 1m9,183s
user 8m40,131s
sys 1m9,533s
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit df857f6e0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Seen with the IconvGNU transcoder when parsing "<aaa.xsdopengis.net/gml\x96".
The reason is that XMLString::transcode(repText2, manager) throws a TranscodingException
which causes the tmp1 string to leak.
Upstream: 1bdf6d8ba8
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a2c02a8c2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
16.15.0:
- ASTERISK-29057: pjsip: Crash on call rejection during high load
16.15.1:
- AST-2020-003: Remote crash in res_pjsip_diversion
A crash can occur in Asterisk when a SIP message is received that has a
History-Info header, which contains a tel-uri.
https://downloads.asterisk.org/pub/security/AST-2020-003.pdf
- AST-2020-004: Remote crash in res_pjsip_diversion
A crash can occur in Asterisk when a SIP 181 response is received that has
a Diversion header, which contains a tel-uri.
https://downloads.asterisk.org/pub/security/AST-2020-004.pdf
16.16.0:
- ASTERISK-29219: res_pjsip_diversion: Crash if Tel URI contains History-Info
16.16.1:
- AST-2021-001: Remote crash in res_pjsip_diversion
If a registered user is tricked into dialing a malicious number that sends
lots of 181 responses to Asterisk, each one will cause a 181 to be sent
back to the original caller with an increasing number of entries in the
“Supported” header. Eventually the number of entries in the header
exceeds the size of the entry array and causes a crash.
https://downloads.asterisk.org/pub/security/AST-2021-001.pdf
- AST-2021-002: Remote crash possible when negotiating T.38
When re-negotiating for T.38 if the initial remote response was delayed
just enough Asterisk would send both audio and T.38 in the SDP. If this
happened, and the remote responded with a declined T.38 stream then
Asterisk would crash.
https://downloads.asterisk.org/pub/security/AST-2021-002.pdf
- AST-2021-003: Remote attacker could prematurely tear down SRTP calls
An unauthenticated remote attacker could replay SRTP packets which could
cause an Asterisk instance configured without strict RTP validation to
tear down calls prematurely.
https://downloads.asterisk.org/pub/security/AST-2021-003.pdf
- AST-2021-004: An unsuspecting user could crash Asterisk with multiple
hold/unhold requests
Due to a signedness comparison mismatch, an authenticated WebRTC client
could cause a stack overflow and Asterisk crash by sending multiple
hold/unhold requests in quick succession.
https://downloads.asterisk.org/pub/security/AST-2021-004.pdf
- AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver
Given a scenario where an outgoing call is placed from Asterisk to a
remote SIP server it is possible for a crash to occur.
https://downloads.asterisk.org/pub/security/AST-2021-005.pdf
16.16.2:
- AST-2021-006: Crash when negotiating T.38 with a zero port
When Asterisk sends a re-invite initiating T.38 faxing and the endpoint
responds with a m=image line and zero port, a crash will occur in
Asterisk.
This is a reoccurrence of AST-2019-004.
https://downloads.asterisk.org/pub/security/AST-2021-006.pdf
16.17.0:
- ASTERISK-29203 / AST-2021-002 — Another scenario is causing a crash
- ASTERISK-29260: sRTP Replay Protection ignored; even tears down long calls
- ASTERISK-29227: res_pjsip_diversion: sending multiple 181 responses causes
memory corruption and crash
16.19.1:
- AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver
When Asterisk receives a re-INVITE without SDP after having sent a BYE
request a crash will occur. This occurs due to the Asterisk channel no
longer being present while code assumes it is.
https://downloads.asterisk.org/pub/security/AST-2021-007.pdf
- AST-2021-008: Remote crash when using IAX2 channel driver
If the IAX2 channel driver receives a packet that contains an unsupported
media format it can cause a crash to occur in Asterisk.
https://downloads.asterisk.org/pub/security/AST-2021-008.pdf
- AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during
handshake
Depending on the timing, it’s possible for Asterisk to crash when using a
TLS connection if the underlying socket parent/listener gets destroyed
during the handshake.
https://downloads.asterisk.org/pub/security/AST-2021-009.pdf
16.20.0:
- ASTERISK-29415: Crash in PJSIP TLS transport
- ASTERISK-29381: chan_pjsip: Remote denial of service by an authenticated
user
In addition, a large number of bugfixes.
Drop now upstreamed
0006-AC_HEADER_STDC-causes-a-compile-failure-with-autoconf-2-70.patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 289a15f33b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump of autoconf to version
2.71 in commit ecd54b65c1:
configure: error: *** ANSI C header files not found.
Fixes:
- http://autobuild.buildroot.org/results/e7dc47da7863a5dc492154f620c4fcebafccf6ea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ae68285509)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-41159: Improper client input validation for gateway
connections allows to overwrite memory
- Fix CVE-2021-41160: Improper region checks in all clients allow out of
bound write to memory
https://github.com/FreeRDP/FreeRDP/releases/tag/2.4.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f5dc5f47f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- the last version bump of package/python-cffi (790c10d) ignored
the comment 'Please keep in sync with package/python3-cffi/python3-cffi.mk',
so catch up now
Fixes:
ERROR: No hash found for cffi-1.14.2.tar.gz
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 777b1f9135)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Link with -latomic if needed to avoid the following build failure since
bump to version 2.0.1 in commit 0f8d4a6ecd
and
5528267b54:
/tmp/instance-0/output-1/per-package/gensio/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: ../lib/.libs/libgensio.so: undefined reference to `__atomic_fetch_add_4'
Fixes:
- http://autobuild.buildroot.org/results/2114f9cb3d820fc620932e793f53341a0c1f10bc
- http://autobuild.buildroot.org/results/c1b397eea1c2eda19149844cec4a87d55651862d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 92f367b474)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
