Add Giulio Benetti to all Olimex Allwinner boards' defconfigs since I've
recently updated and tested them all and I'd like to receive possible
build failure from gitlab CI/CD.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1b31b4b9ce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since I'm the upstream maintainer, it'd be nice to get Cc:ed on any
issues with the package.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6e3c73bcaf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit
40bb37bd70 ("utils/getdeveloperlib.py:
use relative paths for files"), the Developer class was changed to use
relative paths, including for its .hasfile() method.
However the check_developers() function of getdeveloperlib.py was not
updated accordingly, and continued to pass absolute paths. This caused
"get-developers -c" to return the entire list of files in Buildroot as
being unmaintained, as none of them were matching the file listed in
the DEVELOPERS file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 79cba4056b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Python 3.x, check_output() returns a "bytes" array, and not a
string. Its result needs to be decoded to be turned into a
string. Without this fix, "get-developers -c" bails out with:
Traceback (most recent call last):
File "/home/thomas/projets/buildroot/./utils/get-developers", line 105, in <module>
__main__()
File "/home/thomas/projets/buildroot/./utils/get-developers", line 53, in __main__
files = getdeveloperlib.check_developers(devs)
File "/home/thomas/projets/buildroot/utils/getdeveloperlib.py", line 280, in check_developers
files = subprocess.check_output(cmd).strip().split("\n")
TypeError: a bytes-like object is required, not 'str'
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 53da6a7c05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-25219: Lame cache can be abused to severely degrade resolver
performance
For details, see the advisory:
https://kb.isc.org/docs/cve-2021-25219
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4e4bf1cf09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This option is only available in master and not any release.
Fixes:
output/build/libpsl-0.21.1/meson.build:1:0: ERROR: Unknown options: "docs"
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit bcde80febd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove efi-ldsdir meson config option which is no longer used.
Meson config variable systemd-analyze is renamed to analyze.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 63b3a3c6d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current documentation was poorly organized, with for example the
"Here is an example walk through of running a test case" sentence
followed by the explanation of how to list available test cases, but
not how to run one.
Many other aspects of the wording were confusing, or not really
accurate.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a9dc2de551)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current Gitlab CI mechanism allows to trigger all tests in a CI
pipeline by pushing a branch named <something>-runtime-tests, or to
trigger a single test in a CI pipeline by pushing a branch name
<something>-tests.<name of test>.
However, there are cases where it is useful to run a suite of tests,
for example to run all tests in tests.init.test_busybox.
This commit makes that possible by extending the current semantic of
<something>-tests.<name of test> to not expect a complete test name,
but instead to accept all tests that starts with the given pattern.
This allows to do:
git push gitlab HEAD:foobar-tests.init.test_busybox.TestInitSystemBusyboxRo
like it was the case before. But it now also allows to do:
git push gitlab HEAD:foobar-tests.init.test_busybox
to run all Busybox tests.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 23186356a1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The directory that containts tests is "support/testing/tests/", not
"supporting/testing/test".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 18bbeefb99)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cc26ee8e1b)
[Peter: drop 5.14.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
output/build/pango-1.48.10/meson.build:1:0: ERROR: Unknown options: "use_fontconfig"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 15a7be2c12)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
output/build/gst1-vaapi-1.18.5/meson.build:1:0: ERROR: Unknown options: "test"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d352ae7121)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
output/build/gst1-plugins-ugly-1.18.5/meson.build:1:0: ERROR: Unknown options: "examples"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c98ca5f44f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix teletextdec name and remove vdpau which is no longer available.
Fixes:
output/build/gst1-plugins-bad-1.18.5/meson.build:1:0: ERROR: Unknown options: "teletextdec, vdpau"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 87505ba947)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fixed a denial-of-service vulnerability in the gmp plugin that was
caused by an integer overflow when processing RSASSA-PSS signatures
with very large salt lengths. This vulnerability has been registered
as CVE-2021-41990.
- Fixed a denial-of-service vulnerability in the in-memory certificate
cache if certificates are replaced and a very large random value
caused an integer overflow. This vulnerability has been registered as
CVE-2021-41991.
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).htmlhttps://github.com/strongswan/strongswan/blob/5.9.4/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c12e8a15f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-27347: Use after free in lzma_decompress_buf function in
stream.c in Irzip 0.631 allows attackers to cause Denial of Service
(DoS) via a crafted compressed file.
- Fix CVE-2021-27345: A null pointer dereference was discovered in
ucompthread in stream.c in Irzip 0.631 which allows attackers to cause
a denial of service (DOS) via a crafted compressed file.
- Fix CVE-2020-25467: A null pointer dereference was discovered
lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker
to cause a denial of service (DOS) via a crafted compressed file.
- lz4 is a mandatory dependency since version 0.640 and
3345a239b77f3bf46203...v0.641
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3332c143c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-3872: vim is vulnerable to Heap-based Buffer Overflow
Fix CVE-2021-3875: vim is vulnerable to Heap-based Buffer Overflow
https://github.com/vim/vim/compare/v8.2.3432...v8.2.3565
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5650439b92)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use LICENSE file which is available since version 8.2.0105 and
c838626fea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1f5ed26e18)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
The http parser accepts requests with a space (SP) right after the header
name before the colon. This can lead to HTTP Request Smuggling (HRS).
- CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
The http parser ignores chunk extensions when parsing the body of chunked
requests. This leads to HTTP Request Smuggling (HRS) under certain
conditions.
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- disable doc generation (via sphinx) for host build
Reduces host-qemu build time from (on a system with sphinx installed):
real 2m5,522s
user 9m41,292s
sys 1m9,732s
to:
real 1m9,183s
user 8m40,131s
sys 1m9,533s
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit df857f6e0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Seen with the IconvGNU transcoder when parsing "<aaa.xsdopengis.net/gml\x96".
The reason is that XMLString::transcode(repText2, manager) throws a TranscodingException
which causes the tmp1 string to leak.
Upstream: 1bdf6d8ba8
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a2c02a8c2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
16.15.0:
- ASTERISK-29057: pjsip: Crash on call rejection during high load
16.15.1:
- AST-2020-003: Remote crash in res_pjsip_diversion
A crash can occur in Asterisk when a SIP message is received that has a
History-Info header, which contains a tel-uri.
https://downloads.asterisk.org/pub/security/AST-2020-003.pdf
- AST-2020-004: Remote crash in res_pjsip_diversion
A crash can occur in Asterisk when a SIP 181 response is received that has
a Diversion header, which contains a tel-uri.
https://downloads.asterisk.org/pub/security/AST-2020-004.pdf
16.16.0:
- ASTERISK-29219: res_pjsip_diversion: Crash if Tel URI contains History-Info
16.16.1:
- AST-2021-001: Remote crash in res_pjsip_diversion
If a registered user is tricked into dialing a malicious number that sends
lots of 181 responses to Asterisk, each one will cause a 181 to be sent
back to the original caller with an increasing number of entries in the
“Supported” header. Eventually the number of entries in the header
exceeds the size of the entry array and causes a crash.
https://downloads.asterisk.org/pub/security/AST-2021-001.pdf
- AST-2021-002: Remote crash possible when negotiating T.38
When re-negotiating for T.38 if the initial remote response was delayed
just enough Asterisk would send both audio and T.38 in the SDP. If this
happened, and the remote responded with a declined T.38 stream then
Asterisk would crash.
https://downloads.asterisk.org/pub/security/AST-2021-002.pdf
- AST-2021-003: Remote attacker could prematurely tear down SRTP calls
An unauthenticated remote attacker could replay SRTP packets which could
cause an Asterisk instance configured without strict RTP validation to
tear down calls prematurely.
https://downloads.asterisk.org/pub/security/AST-2021-003.pdf
- AST-2021-004: An unsuspecting user could crash Asterisk with multiple
hold/unhold requests
Due to a signedness comparison mismatch, an authenticated WebRTC client
could cause a stack overflow and Asterisk crash by sending multiple
hold/unhold requests in quick succession.
https://downloads.asterisk.org/pub/security/AST-2021-004.pdf
- AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver
Given a scenario where an outgoing call is placed from Asterisk to a
remote SIP server it is possible for a crash to occur.
https://downloads.asterisk.org/pub/security/AST-2021-005.pdf
16.16.2:
- AST-2021-006: Crash when negotiating T.38 with a zero port
When Asterisk sends a re-invite initiating T.38 faxing and the endpoint
responds with a m=image line and zero port, a crash will occur in
Asterisk.
This is a reoccurrence of AST-2019-004.
https://downloads.asterisk.org/pub/security/AST-2021-006.pdf
16.17.0:
- ASTERISK-29203 / AST-2021-002 — Another scenario is causing a crash
- ASTERISK-29260: sRTP Replay Protection ignored; even tears down long calls
- ASTERISK-29227: res_pjsip_diversion: sending multiple 181 responses causes
memory corruption and crash
16.19.1:
- AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver
When Asterisk receives a re-INVITE without SDP after having sent a BYE
request a crash will occur. This occurs due to the Asterisk channel no
longer being present while code assumes it is.
https://downloads.asterisk.org/pub/security/AST-2021-007.pdf
- AST-2021-008: Remote crash when using IAX2 channel driver
If the IAX2 channel driver receives a packet that contains an unsupported
media format it can cause a crash to occur in Asterisk.
https://downloads.asterisk.org/pub/security/AST-2021-008.pdf
- AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during
handshake
Depending on the timing, it’s possible for Asterisk to crash when using a
TLS connection if the underlying socket parent/listener gets destroyed
during the handshake.
https://downloads.asterisk.org/pub/security/AST-2021-009.pdf
16.20.0:
- ASTERISK-29415: Crash in PJSIP TLS transport
- ASTERISK-29381: chan_pjsip: Remote denial of service by an authenticated
user
In addition, a large number of bugfixes.
Drop now upstreamed
0006-AC_HEADER_STDC-causes-a-compile-failure-with-autoconf-2-70.patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 289a15f33b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump of autoconf to version
2.71 in commit ecd54b65c1:
configure: error: *** ANSI C header files not found.
Fixes:
- http://autobuild.buildroot.org/results/e7dc47da7863a5dc492154f620c4fcebafccf6ea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ae68285509)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-41159: Improper client input validation for gateway
connections allows to overwrite memory
- Fix CVE-2021-41160: Improper region checks in all clients allow out of
bound write to memory
https://github.com/FreeRDP/FreeRDP/releases/tag/2.4.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f5dc5f47f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- the last version bump of package/python-cffi (790c10d) ignored
the comment 'Please keep in sync with package/python3-cffi/python3-cffi.mk',
so catch up now
Fixes:
ERROR: No hash found for cffi-1.14.2.tar.gz
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 777b1f9135)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Link with -latomic if needed to avoid the following build failure since
bump to version 2.0.1 in commit 0f8d4a6ecd
and
5528267b54:
/tmp/instance-0/output-1/per-package/gensio/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: ../lib/.libs/libgensio.so: undefined reference to `__atomic_fetch_add_4'
Fixes:
- http://autobuild.buildroot.org/results/2114f9cb3d820fc620932e793f53341a0c1f10bc
- http://autobuild.buildroot.org/results/c1b397eea1c2eda19149844cec4a87d55651862d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 92f367b474)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The pkg-stats script queries release-monitoring.org to find the latest
upstream versions of our packages. However, up until recently,
release-monitoring.org had no notion of stable
vs. development/release-candidate versions, so for some packages the
"latest" version was in fact a development/release-candidate version
that we didn't want to package in Buildroot.
However, in recent time, release-monitoring.org has gained support for
differentiating stable vs. development releases of upstream
projects. See for example
https://release-monitoring.org/project/10024/ for the glib library,
which has a number of versions marked "Pre-release".
The JSON blurb returned by release-monitoring.org has 3 relevant
fields:
- "version", which we are using currently, which is a string
containing the reference of the latest version, including
pre-release.
- "versions", which is an array of strings listing all versions,
pre-release or not.
- "stable_versions", which is an array of string listing only
non-pre-release versions. It is ordered newest first to oldest
last.
So, this commit changes from using 'version' to using
'stable_versions[0]'.
As an example, before this change, pkg-stats reports that nfs-utils
needs to be bumped to 2.5.5rc3, while after this patch, it reports
that nfs-utils is already at 2.5.4, and that this is the latest stable
version (modulo an issue where Buildroot has 2.5.4 and
release-monitoring.org has 2-5-4, this will be addressed separately).
Note that part of this change was already done in commit f7b0e0860, but
it was incomplete.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 11efcb39b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The pkg-stats scripts tries to match packages against
release-monitoring.org in two ways:
- First by using the "Buildroot" distribution registered on
release-monitoring.org, in which we have added a lot of mappings
between Buildroot package names and release-monitoring.org package
names. If there is a match using this distribution, the package
status is RM_API_STATUS_FOUND_BY_DISTRO, which means that the
resulting HTML has a "found by distro" statement.
- Then, if the first solution didn't work, by using the pattern
matching, as done in the check_package_get_latest_version_by_guess()
function.
However, there is a bug in this later case: it sets the package status
to RM_API_STATUS_FOUND_BY_DISTRO as well, while it should have been
RM_API_STATUS_FOUND_BY_PATTERN. Due to this bug, in the resulting HTML
file from a pkg-stats run, all packages are marked as "found by
distro" even the ones that are "found by guess".
This commit fixes that by setting the correct package status.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9602fd94e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For example with libpng: 1.6.37 instead of 1.7.0beta89
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[yann.morin.1998@free.fr: coalesce into a single line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f7b0e08605)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The dbus-next package uses the Python type annotation for dbus types. This is
not compatible with the python typing assumption that flake8 makes.
Exclude F821 from this line.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/1687009829
partially:
support/testing/tests/package/sample_python_dbus_next.py:17:36: F821 undefined name 's'
support/testing/tests/package/sample_python_dbus_next.py:17:48: F821 undefined name 's'
support/testing/tests/package/sample_python_dbus_next.py:17:56: F821 undefined name 's'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1217817ac2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-41089: Create parent directories inside a chroot during docker
cp to prevent a specially crafted container from changing permissions of
existing files in the host’s filesystem.
- CVE-2021-41091: Lock down file permissions to prevent unprivileged users
from discovering and executing programs in /var/lib/docker.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ce45136df0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
