jeans/operating-system
jeans/operating-system
1
0
Fork 0
mirror of https://github.com/home-assistant/operating-system.git synced 2025-07-28 15:36:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bump linux buildroot (#1032)

Browse Source 
* Update buildroot to 2020.11-rc3

Signed-off-by: Stefan Agner <stefan@agner.ch>

* ODROID: Update kernel 5.9.11

* Remove patch which has been applied upstream

* Linux: Update kernel 5.4.80
This commit is contained in:
Stefan Agner 2020-11-28 16:19:21 +01:00 committed by GitHub
parent bda9c3d715
commit 18cc261e35
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
93 changed files with 1219 additions and 407 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Documentation/kernel.md
View File

@ -5,15 +5,15 @@ Default Kernel tree: 5.4
| Board | Version |
|-------|---------|
| Open Virtual Appliance | 5.4.63 |
| Open Virtual Appliance | 5.4.80 |
| Raspberry Pi | 5.4.79 |
| Raspberry Pi 0-W | 5.4.79 |
| Raspberry Pi 2 | 5.4.79 |
| Raspberry Pi 3 | 5.4.79 |
| Raspberry Pi 4 | 5.4.79 |
| Tinker Board | 5.4.63 |
| Odroid-C2 | 5.9.6 |
| Odroid-C4 | 5.9.6 |
| Odroid-N2 | 5.9.6 |
| Odroid-XU4 | 5.9.6 |
| Intel NUC | 5.4.63 |
| Tinker Board | 5.4.80 |
| Odroid-C2 | 5.9.11 |
| Odroid-C4 | 5.9.11 |
| Odroid-N2 | 5.9.11 |
| Odroid-XU4 | 5.9.11 |
| Intel NUC | 5.4.80 |

38
buildroot-external/board/hardkernel/patches/linux/0004-arm64-dts-meson-add-missing-g12-rng-clock.patch
View File

@ -1,38 +0,0 @@
From f2eead311d9dd9ff7ee0846914147250d7711f98 Mon Sep 17 00:00:00 2001
Message-Id: <f2eead311d9dd9ff7ee0846914147250d7711f98.1603528796.git.stefan@agner.ch>
In-Reply-To: <734f52f38625ce29c964517255538b3b0b546e8d.1603528796.git.stefan@agner.ch>
References: <734f52f38625ce29c964517255538b3b0b546e8d.1603528796.git.stefan@agner.ch>
From: Scott K Logan <logans@cottsay.net>
Date: Fri, 25 Sep 2020 01:43:53 -0700
Subject: [PATCH 4/7] arm64: dts: meson: add missing g12 rng clock
This adds the missing perpheral clock for the RNG for Amlogic G12. As
stated in amlogic,meson-rng.yaml, this isn't always necessary for the
RNG to function, but is better to have in case the clock is disabled for
some reason prior to loading.
Signed-off-by: Scott K Logan <logans@cottsay.net>
Suggested-by: Neil Armstrong <narmstrong@baylibre.com>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Kevin Hilman <khilman@baylibre.com>
Link: https://lore.kernel.org/r/520a1a8ec7a958b3d918d89563ec7e93a4100a45.camel@cottsay.net
---
arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi b/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi
index 1e83ec5b8c91..81f490e404ca 100644
--- a/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi
+++ b/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi
@@ -282,6 +282,8 @@ apb_efuse: bus@30000 {
hwrng: rng@218 {
compatible = "amlogic,meson-rng";
reg = <0x0 0x218 0x0 0x4>;
+ clocks = <&clkc CLKID_RNG0>;
+ clock-names = "core";
};
};
--
2.28.0

2
buildroot-external/configs/intel_nuc_defconfig
View File

@ -22,7 +22,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh"
BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/intel/nuc $(BR2_EXTERNAL_HASSOS_PATH)/board/intel/nuc/hassos-hook.sh"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.4.63"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.4.80"
BR2_LINUX_KERNEL_DEFCONFIG="x86_64"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config $(BR2_EXTERNAL_HASSOS_PATH)/board/intel/nuc/kernel.config"
BR2_LINUX_KERNEL_LZ4=y

2
buildroot-external/configs/odroid_c2_defconfig
View File

@ -22,7 +22,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh"
BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-c2 $(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-c2/hassos-hook.sh"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.6"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.11"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/kernel-amlogic.config"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config"

2
buildroot-external/configs/odroid_c4_defconfig
View File

@ -22,7 +22,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh"
BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-c4 $(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-c4/hassos-hook.sh"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.6"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.11"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/kernel-amlogic.config"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config"

2
buildroot-external/configs/odroid_n2_defconfig
View File

@ -22,7 +22,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh"
BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-n2 $(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-n2/hassos-hook.sh"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.6"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.11"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/kernel-amlogic.config"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config $(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-n2/kernel.config"

2
buildroot-external/configs/odroid_xu4_defconfig
View File

@ -23,7 +23,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh"
BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-xu4 $(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-xu4/hassos-hook.sh"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.6"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.11"
BR2_LINUX_KERNEL_DEFCONFIG="exynos"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config"
BR2_LINUX_KERNEL_LZ4=y

2
buildroot-external/configs/ova_defconfig
View File

@ -23,7 +23,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh"
BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/intel/ova $(BR2_EXTERNAL_HASSOS_PATH)/board/intel/ova/hassos-hook.sh"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.4.63"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.4.80"
BR2_LINUX_KERNEL_DEFCONFIG="x86_64"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config $(BR2_EXTERNAL_HASSOS_PATH)/board/intel/ova/kernel.config"
BR2_LINUX_KERNEL_LZ4=y

2
buildroot-external/configs/tinker_defconfig
View File

@ -24,7 +24,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh"
BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/asus/tinker $(BR2_EXTERNAL_HASSOS_PATH)/board/asus/hassos-hook.sh"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.4.63"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.4.80"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSOS_PATH)/board/asus/tinker/kernel.config"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config"

68
buildroot/CHANGES
View File

@ -1,3 +1,23 @@
2020.11-rc3, released November 28th, 2020
Fixes all over the tree.
Updated/fixed packages: c-ares, cage, cdrkit,
dovecot-pigeonhole, efl, gvfs, harfbuzz, jpeg-turbo,
libcamera, libkrb5, libpam-tacplus, libxkbcommon, minidlna,
modem-manager, monkey, musl, ncurses, numactl, openntpd,
openrc, postgresql, proftpd, python-flask-cors, python-pip,
qemu, raptor, redis, slirp, spandsp, thermald, uhd, vsftpd,
webkitgtk, wireless-regdb, wlroots, wpewebkit, xen, xinetd,
xorriso
Issues resolved (http://bugs.uclibc.org):
#13296: host-libcap failed to build
#13331: openrc-0.42.1 compilation failure on gcc-10
#13336: thermald-1.9.1 compilation failure with musl 1.2.1
#13341: Mistake in /etc/init.d/S70vsftpd
2020.11-rc2, released November 14th, 2020
Fixes all over the tree.
@ -106,6 +126,34 @@
#13236: Can't compile linux 5.4.8 (with gcc 10 on host)
#13286: The system hangs in vmware workstation on the line..
2020.08.2, released November 16th, 2020
Important / security related fixes.
Toolchain-wrapper: Pass -fno-tree-loop-distribute-patterns to
fix kernel build on microblaze with gcc 10.x when
optimizations are enabled.
Updated/fixed packages: apparmor, argp-standalone, asterisk,
bandwidthd, binutils, bitcoin, busybox, collectd, cryptsetup,
cups-filters, darkhttpd, davfs2, docker-cli,
docker-containerd, docker-engine, dovecot-pigeonhole,
dvb-apps, elf2flt, fastd, fbset, fbtft, freetype, gcc,
ghostscript, grpc, gst1-plugins-bad, jsoncpp,
kernel-module-imx-gpu-viv, keepalived, kmscube, libass,
libexif, libiqrf, libnetfilter_conntrack, libpam-tacplus,
libraw, linux-backports, linux-firmware, lzlib, mp4v2,
netsnmp, nginx, numactl, oniguruma, opencv3, openntpd,
patchelf, php, pistache, postgresql, python-pyqt5, qemu,
qt5base, rauc, redis, samba4, slirp, systemd, tcpdump,
tinyproxy, tmux, tor, waf, webkitgtk, wine,
wireguard-linux-compat, wireshark, wpewebkit, xen, xorriso,
xvisor, zeromq, zxing-cpp
Issues resolved (http://bugs.uclibc.org):
#11931: Bugs in support/scripts/apply-patches.sh
2020.08.1, released October 12th, 2020
Important / security related fixes.
@ -612,6 +660,26 @@
#12796: Update OpenSSL to Version 1.1.1g to patch CVE-2020-1967
#12811: bootstrap stuck and no login prompt
2020.02.8, released November 16th, 2020
Important / security related fixes.
Updated/fixed packages: angularjs, argp-standalone, asterisk,
bandwidthd, bitcoin, busybox, cryptsetup, darkhttpd, davfs2,
docker-cli, docker-containerd, docker-engine,
dovecot-pigeonhole, fastd, fbset, fbtft, freetype, gcc,
ghostscript, gnuradio, grpc, gst1-plugins-bad, jsoncpp,
keepalived, libass, libexif, libiqrf, libpam-tacplus, libraw,
linux-backports, linux-firmware, lzlib, netsnmp, nginx,
oniguruma, opencv3, openntpd, patchelf, php, postgresql,
python-pyqt5, qt5base, rauc, redis, samba4, slirp, systemd,
tcpdump, tmux, tor, webkitgtk, wireguard-linux-compat,
wireshark, wpewebkit, xen, xorriso, zeromq, zxing-cpp
Issues resolved (http://bugs.uclibc.org):
#11931: Bugs in support/scripts/apply-patches.sh
2020.02.7, released October 12th, 2020
Important / security related fixes.

5
buildroot/DEVELOPERS
View File

@ -2127,7 +2127,7 @@ F: package/kf5/
N: Pierre Floury <pierre.floury@gmail.com>
F: package/trace-cmd/
N: Pierre-Jean Texier <pjtexier@koncepto.io>
N: Pierre-Jean Texier <texier.pj2@gmail.com>
F: package/fping/
F: package/genimage/
F: package/haveged/
@ -2606,9 +2606,6 @@ F: package/waf/
F: support/testing/tests/package/test_crudini.py
F: support/testing/tests/package/test_redis.py
N: Trent Piepho <trent.piepho@synapse.com>
F: package/libp11/
N: Tudor Holton <buildroot@tudorholton.com>
F: package/openjdk/

4
buildroot/Makefile
View File

@ -92,9 +92,9 @@ all:
.PHONY: all
# Set and export the version string
export BR2_VERSION := 2020.11-rc2
export BR2_VERSION := 2020.11-rc3
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1605361000
BR2_VERSION_EPOCH = 1606558000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)

2
buildroot/boot/uboot/uboot.mk
View File

@ -477,7 +477,7 @@ ifeq ($(call qstrip,$(BR2_TARGET_UBOOT_CUSTOM_REPO_URL)),)
$(error No custom U-Boot repository URL specified. Check your BR2_TARGET_UBOOT_CUSTOM_REPO_URL setting)
endif # qstrip BR2_TARGET_UBOOT_CUSTOM_CUSTOM_REPO_URL
ifeq ($(call qstrip,$(BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION)),)
$(error No custom U-Boot repository URL specified. Check your BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION setting)
$(error No custom U-Boot repository version specified. Check your BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION setting)
endif # qstrip BR2_TARGET_UBOOT_CUSTOM_CUSTOM_REPO_VERSION
endif # BR2_TARGET_UBOOT_CUSTOM_GIT || BR2_TARGET_UBOOT_CUSTOM_HG

6
buildroot/docs/manual/manual.html
View File

File diff suppressed because one or more lines are too long

BIN
buildroot/docs/manual/manual.pdf
View File

Binary file not shown.

6
buildroot/docs/manual/manual.text
View File

@ -174,13 +174,13 @@ List of Examples
---------------------------------------------------------------------
Buildroot 2020.11-rc2 manual generated on 2020-11-14 13:52:52 UTC
from git revision 6a33ea03b4
Buildroot 2020.11-rc3 manual generated on 2020-11-28 10:11:23 UTC
from git revision a418d0ac51
The Buildroot manual is written by the Buildroot developers. It is
licensed under the GNU General Public License, version 2. Refer to
the COPYING [http://git.buildroot.org/buildroot/tree/COPYING?id=
6a33ea03b469a35f0dddcabd6e378819dc731024] file in the Buildroot
a418d0ac51e192adc54300f16b46b12a42b2b117] file in the Buildroot
sources for the full text of this license.
Copyright © 2004-2020 The Buildroot developers

54
buildroot/docs/website/download.html
View File

@ -8,105 +8,105 @@
<div class="panel-heading">Download</div>
<div class="panel-body">
<h3 style="text-align: center;">Latest long term support release: <b>2020.02.7</b></h3>
<h3 style="text-align: center;">Latest long term support release: <b>2020.02.8</b></h3>
<div class="row mt centered">
<div class="col-sm-6">
<div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
<div class="flipper">
<div class="front">
<a href="/downloads/buildroot-2020.02.7.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2020.02.8.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
</div>
<div class="back">
<a href="/downloads/buildroot-2020.02.7.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2020.02.8.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
</div>
</div>
</div>
<h3><a href="/downloads/buildroot-2020.02.7.tar.gz">buildroot-2020.02.7.tar.gz</a></h3>
<p><a href="/downloads/buildroot-2020.02.7.tar.gz.sign">PGP signature</a></p>
<h3><a href="/downloads/buildroot-2020.02.8.tar.gz">buildroot-2020.02.8.tar.gz</a></h3>
<p><a href="/downloads/buildroot-2020.02.8.tar.gz.sign">PGP signature</a></p>
</div>
<div class="col-sm-6">
<div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
<div class="flipper">
<div class="front">
<a href="/downloads/buildroot-2020.02.7.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2020.02.8.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
</div>
<div class="back">
<a href="/downloads/buildroot-2020.02.7.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2020.02.8.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
</div>
</div>
</div>
<h3><a href="/downloads/buildroot-2020.02.7.tar.bz2">buildroot-2020.02.7.tar.bz2</a></h3>
<p><a href="/downloads/buildroot-2020.02.7.tar.bz2.sign">PGP signature</a></p>
<h3><a href="/downloads/buildroot-2020.02.8.tar.bz2">buildroot-2020.02.8.tar.bz2</a></h3>
<p><a href="/downloads/buildroot-2020.02.8.tar.bz2.sign">PGP signature</a></p>
</div>
</div>
<h3 style="text-align: center;">Latest stable release: <b>2020.08.1</b></h3>
<h3 style="text-align: center;">Latest stable release: <b>2020.08.2</b></h3>
<div class="row mt centered">
<div class="col-sm-6">
<div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
<div class="flipper">
<div class="front">
<a href="/downloads/buildroot-2020.08.1.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2020.08.2.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
</div>
<div class="back">
<a href="/downloads/buildroot-2020.08.1.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2020.08.2.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
</div>
</div>
</div>
<h3><a href="/downloads/buildroot-2020.08.1.tar.gz">buildroot-2020.08.1.tar.gz</a></h3>
<p><a href="/downloads/buildroot-2020.08.1.tar.gz.sign">PGP signature</a></p>
<h3><a href="/downloads/buildroot-2020.08.2.tar.gz">buildroot-2020.08.2.tar.gz</a></h3>
<p><a href="/downloads/buildroot-2020.08.2.tar.gz.sign">PGP signature</a></p>
</div>
<div class="col-sm-6">
<div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
<div class="flipper">
<div class="front">
<a href="/downloads/buildroot-2020.08.1.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2020.08.2.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
</div>
<div class="back">
<a href="/downloads/buildroot-2020.08.1.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2020.08.2.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
</div>
</div>
</div>
<h3><a href="/downloads/buildroot-2020.08.1.tar.bz2">buildroot-2020.08.1.tar.bz2</a></h3>
<p><a href="/downloads/buildroot-2020.08.1.tar.bz2.sign">PGP signature</a></p>
<h3><a href="/downloads/buildroot-2020.08.2.tar.bz2">buildroot-2020.08.2.tar.bz2</a></h3>
<p><a href="/downloads/buildroot-2020.08.2.tar.bz2.sign">PGP signature</a></p>
</div>
</div>
<h3 style="text-align: center;">Latest release candidate: <b>2020.11-rc2</b></h3>
<h3 style="text-align: center;">Latest release candidate: <b>2020.11-rc3</b></h3>
<div class="row mt centered">
<div class="col-sm-6">
<div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
<div class="flipper">
<div class="front">
<a href="/downloads/buildroot-2020.11-rc2.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2020.11-rc3.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
</div>
<div class="back">
<a href="/downloads/buildroot-2020.11-rc2.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2020.11-rc3.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
</div>
</div>
</div>
<h3><a href="/downloads/buildroot-2020.11-rc2.tar.gz">buildroot-2020.11-rc2.tar.gz</a></h3>
<p><a href="/downloads/buildroot-2020.11-rc2.tar.gz.sign">PGP signature</a></p>
<h3><a href="/downloads/buildroot-2020.11-rc3.tar.gz">buildroot-2020.11-rc3.tar.gz</a></h3>
<p><a href="/downloads/buildroot-2020.11-rc3.tar.gz.sign">PGP signature</a></p>
</div>
<div class="col-sm-6">
<div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
<div class="flipper">
<div class="front">
<a href="/downloads/buildroot-2020.11-rc2.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2020.11-rc3.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
</div>
<div class="back">
<a href="/downloads/buildroot-2020.11-rc2.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2020.11-rc3.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
</div>
</div>
</div>
<h3><a href="/downloads/buildroot-2020.11-rc2.tar.bz2">buildroot-2020.11-rc2.tar.bz2</a></h3>
<p><a href="/downloads/buildroot-2020.11-rc2.tar.bz2.sign">PGP signature</a></p>
<h3><a href="/downloads/buildroot-2020.11-rc3.tar.bz2">buildroot-2020.11-rc3.tar.bz2</a></h3>
<p><a href="/downloads/buildroot-2020.11-rc3.tar.bz2.sign">PGP signature</a></p>
</div>
</div>

59
buildroot/docs/website/news.html
View File

@ -9,6 +9,65 @@
<h2>News</h2>
<ul class="timeline">
<li>
<div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
<div class="timeline-panel">
<div class="timeline-heading">
<h4 class="timeline-title">2020.11-rc3 released</h4>
<p><small class="text-muted"><i class="glyphicon glyphicon-time"></i>28 November 2020</small></p>
</div>
<div class="timeline-body">
<p>Another week, another release candidate with more cleanups and build fixes. See the
<a href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2020.11-rc3">CHANGES</a>
file for details.</p>
<p>Head to the <a href="/downloads/">downloads page</a> to pick up the
<a href="/downloads/buildroot-2020.11-rc3.tar.bz2">2020.11-rc3
release candidate</a>, and report any problems found to the
<a href="support.html">mailing list</a> or
<a href="https://bugs.buildroot.org">bug tracker</a>.</p>
</div>
</div>
</li>
<li class="timeline-inverted">
<div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
<div class="timeline-panel">
<div class="timeline-heading">
<h4 class="timeline-title">2020.02.8 released</h4>
<p><small class="text-muted"><i class="glyphicon glyphicon-time"></i>17 November 2020</small></p>
</div>
<div class="timeline-body">
<p>The 2020.02.8 bugfix release is out, fixing a number of important /
security related issues discovered since the 2020.02.7 release. See the
<a href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2020.02.8">CHANGES</a>
file for more details, read the
<a href="http://lists.busybox.net/pipermail/buildroot/2020-November/296838.html">announcement</a>
and go to the <a href="/downloads/">downloads page</a> to pick up the
<a href="/downloads/buildroot-2020.02.8.tar.bz2">2020.02.8 release</a>.</p>
</div>
</div>
</li>
<li>
<div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
<div class="timeline-panel">
<div class="timeline-heading">
<h4 class="timeline-title">2020.08.2 released</h4>
<p><small class="text-muted"><i class="glyphicon glyphicon-time"></i>16 November 2020</small></p>
</div>
<div class="timeline-body">
<p>The 2020.08.2 bugfix release is out, fixing a number of important /
security related issues discovered since the 2020.08.1 release. See the
<a href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2020.08.2">CHANGES</a>
file for more details, read the
<a href="http://lists.busybox.net/pipermail/buildroot/2020-November/296830.html">announcement</a>
and go to the <a href="/downloads/">downloads page</a> to pick up the
<a href="/downloads/buildroot-2020.08.2.tar.bz2">2020.08.2 release</a>.</p>
</div>
</div>
</li>
<li class="timeline-inverted">
<div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
<div class="timeline-panel">

2
buildroot/linux/Config.in
View File

@ -125,7 +125,7 @@ endif
config BR2_LINUX_KERNEL_VERSION
string
default "5.9.8" if BR2_LINUX_KERNEL_LATEST_VERSION
default "5.9.11" if BR2_LINUX_KERNEL_LATEST_VERSION
default "4.19.152-cip37" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
default "4.19.152-cip37-rt16" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \

12
buildroot/linux/linux.hash
View File

@ -1,12 +1,12 @@
# From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
sha256 7656733b316562662026ac82a7c0be41440e16bbf1bdc5447b119e34ff3b86a6 linux-5.9.8.tar.xz
sha256 5eb20a65a410669928f94b3975872e493fa6d0fe441c6a78b7564affa2a5d260 linux-5.9.11.tar.xz
sha256 4ab4a3f694b7b4cfbe78871eab34c8039ad33692144c45c669827a594da85534 linux-5.8.18.tar.xz
sha256 a3e03e6970240dddc8174bf9f49b56d774c40125eabe1582d2ebe85b01addbf7 linux-5.4.77.tar.xz
sha256 49da425c1f3c530fd3ff31d85a0461f6b6dc6e459f7faf3eee23e49a98ce64c7 linux-5.4.80.tar.xz
# From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
sha256 95de46b6bd72f66169629eb0e343b005778539864598eae76c3ca999645d58b5 linux-4.4.243.tar.xz
sha256 d3aa189ca7fcc6e52d6c0333a0d7acd8789e9a492b32dbf9476e926ffaa73984 linux-4.9.243.tar.xz
sha256 1c233efaa5063983293a02d4692acc9ced9c03e18857364855d4f612347086ac linux-4.14.206.tar.xz
sha256 76dca365255c1a13778c3b24f0eae14f4e66bc12fe79f5e6592b116fc57ef755 linux-4.19.157.tar.xz
sha256 9e0bdebf18a12d0c899e5e4042e715e24a70ab0fd986a3f4c67c8ec2710bad97 linux-4.4.246.tar.xz
sha256 49e266c7d72d388e8ce6aa486a1018cc0595ae1b9e99934bce5b484fd8dba9f5 linux-4.9.246.tar.xz
sha256 cb02465cc8f1972cc14707b25d779c8668d220c39e68a24bb23afd4c58182b9c linux-4.14.209.tar.xz
sha256 18345206f9c61e8adafa5204d0ca0b8619f1d9aafd70cbd5cb0fbf1faf521585 linux-4.19.160.tar.xz
# Locally computed
sha256 d2a06f52143deb929b8d513cf9afc9bd065951389a80fa70bc4d63025b5b3fb9 linux-cip-4.19.152-cip37.tar.gz
sha256 bc1dacd3d0f526de3e8754a444e8e02a54521527af639ddb907cb35cda775a8c linux-cip-4.19.152-cip37-rt16.tar.gz

37
buildroot/package/c-ares/0001-src-lib-Makefile.am-install-ares_dns.h.patch Normal file
View File

@ -0,0 +1,37 @@
From e2180d95fb67f57b6ffba01fefb4844a1ca4f792 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Wed, 18 Nov 2020 08:12:45 +0100
Subject: [PATCH] src/lib/Makefile.am: install ares_dns.h
This will avoid the following build failure with resiprocate:
In file included from dns/DnsCnameRecord.cxx:7:
dns/AresCompat.hxx:5:10: fatal error: ares_dns.h: No such file or directory
#include "ares_dns.h"
^~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/cbf158f0c037d44ef293a8804d18c84e3b731059
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/c-ares/c-ares/pull/376]
---
src/lib/Makefile.am | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index c918667..92a4152 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -14,6 +14,8 @@ lib_LTLIBRARIES = libcares.la
man_MANS = $(MANPAGES)
+include_HEADERS = ares_dns.h
+
# adig and ahost are just sample programs and thus not mentioned with the
# regular sources and headers
EXTRA_DIST = Makefile.inc config-win32.h CMakeLists.txt \
--
2.29.2

2
buildroot/package/c-ares/c-ares.hash
View File

@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
sha256 d08312d0ecc3bd48eee0a4cc0d2137c9f194e0a28de2028928c0f6cae85f86ce c-ares-1.16.1.tar.gz
sha256 1cecd5dbe21306c7263f8649aa6e9a37aecb985995a3489f487d98df2b40757d c-ares-1.17.0.tar.gz
# Hash for license file
sha256 db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c LICENSE.md

4
buildroot/package/c-ares/c-ares.mk
View File

@ -4,12 +4,14 @@
#
################################################################################
C_ARES_VERSION = 1.16.1
C_ARES_VERSION = 1.17.0
C_ARES_SITE = http://c-ares.haxx.se/download
C_ARES_INSTALL_STAGING = YES
C_ARES_CONF_OPTS = --with-random=/dev/urandom
C_ARES_LICENSE = MIT
C_ARES_LICENSE_FILES = LICENSE.md
# We're patching src/lib/Makefile.am
C_ARES_AUTORECONF = YES
$(eval $(autotools-package))
$(eval $(host-autotools-package))

4
buildroot/package/cage/Config.in
View File

@ -3,16 +3,14 @@ comment "cage needs udev, mesa3d w/ EGL and GLES support"
!BR2_PACKAGE_MESA3D_OPENGL_ES || \
!BR2_PACKAGE_HAS_UDEV
comment "cage needs a toolchain w/ threads, locale, dynamic library"
comment "cage needs a toolchain w/ threads, dynamic library"
depends on !BR2_TOOLCHAIN_HAS_THREADS || \
!BR2_ENABLE_LOCALE || \
BR2_STATIC_LIBS
config BR2_PACKAGE_CAGE
bool "cage"
depends on !BR2_STATIC_LIBS # wlroots
depends on BR2_TOOLCHAIN_HAS_THREADS # wlroots
depends on BR2_ENABLE_LOCALE # wlroots
depends on BR2_PACKAGE_HAS_UDEV # wlroots
depends on BR2_PACKAGE_MESA3D_OPENGL_EGL # wlroots
depends on BR2_PACKAGE_MESA3D_OPENGL_ES # wlroots

9
buildroot/package/cdrkit/cdrkit.mk
View File

@ -18,5 +18,14 @@ else
CDRKIT_CONF_OPTS += -DBITFIELDS_HTOL=0
endif
ifeq ($(BR2_PACKAGE_FILE),y)
CDRKIT_DEPENDENCIES += host-pkgconf file
CDRKIT_CONF_OPTS += \
-DUSE_MAGIC=ON \
-DEXTRA_LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs libmagic`"
else
CDRKIT_CONF_OPTS += -DUSE_MAGIC=OFF
endif
$(eval $(cmake-package))
$(eval $(host-cmake-package))

8
buildroot/package/dovecot-pigeonhole/dovecot-pigeonhole.mk
View File

@ -13,4 +13,12 @@ DOVECOT_PIGEONHOLE_DEPENDENCIES = dovecot
DOVECOT_PIGEONHOLE_CONF_OPTS = --with-dovecot=$(STAGING_DIR)/usr/lib
ifeq ($(BR2_PER_PACKAGE_DIRECTORIES),y)
define DOVECOT_PIGEONHOLE_FIXUP_DOVECOT_CONFIG
$(SED) 's,$(PER_PACKAGE_DIR)/dovecot/,$(PER_PACKAGE_DIR)/dovecot-pigeonhole/,g' \
$(STAGING_DIR)/usr/lib/dovecot-config
endef
DOVECOT_PIGEONHOLE_PRE_CONFIGURE_HOOKS = DOVECOT_PIGEONHOLE_FIXUP_DOVECOT_CONFIG
endif
$(eval $(autotools-package))

1
buildroot/package/efl/Config.in
View File

@ -256,6 +256,7 @@ config BR2_PACKAGE_EFL_TIFF
config BR2_PACKAGE_EFL_WEBP
bool "libevas webp image loader"
select BR2_PACKAGE_WEBP
select BR2_PACKAGE_WEBP_DEMUX
help
This enables the loader code that loads images using WebP.

2
buildroot/package/gvfs/Config.in
View File

@ -20,4 +20,4 @@ config BR2_PACKAGE_GVFS
comment "gvfs needs a toolchain w/ wchar, threads, dynamic library"
depends on BR2_USE_MMU
depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
!BR2_STATIC_LIBS
BR2_STATIC_LIBS

49
buildroot/package/harfbuzz/0002-meson.build-check-for-pthread.h.patch Normal file
View File

@ -0,0 +1,49 @@
From 96bbf3a3af45d86f790afdf91a6686c37421e92b Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 15 Nov 2020 10:57:37 +0100
Subject: [PATCH] meson.build: check for pthread.h
Check for pthread.h otherwise the build will fail with some toolchains
that have libphtread.so but not pthread.h:
Run-time dependency threads found: YES
../src/hb-mutex.hh:53:10: fatal error: pthread.h: No such file or directory
#include <pthread.h>
^~~~~~~~~~~
Moreover, fix detection of pthread fallback
Fixes:
- http://autobuild.buildroot.org/results/70c98e89b1d5e5b651d1f6928dc53f465103f57a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
meson.build | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meson.build b/meson.build
index bf3925db..6d263d48 100644
--- a/meson.build
+++ b/meson.build
@@ -284,13 +284,15 @@ endif
# threads
thread_dep = null_dep
if host_machine.system() != 'windows'
- thread_dep = dependency('threads', required: false)
+ if cpp.has_header('pthread.h')
+ thread_dep = dependency('threads', required: false)
+ endif
if thread_dep.found()
conf.set('HAVE_PTHREAD', 1)
else
check_headers += ['sched.h']
- check_funcs += ['sched_yield', {'link_with': 'rt'}]
+ check_funcs += [['sched_yield', {'link_with': 'rt'}]]
endif
endif
--
2.29.2

12
buildroot/package/jpeg-turbo/jpeg-turbo.hash
View File

@ -1,7 +1,7 @@
# From https://sourceforge.net/projects/libjpeg-turbo/files/2.0.4/
sha1 163d8f96d0999526a117de0388624241b54dcd67 libjpeg-turbo-2.0.4.tar.gz
md5 d01d9e0c28c27bc0de9f4e2e8ff49855 libjpeg-turbo-2.0.4.tar.gz
# From https://sourceforge.net/projects/libjpeg-turbo/files/2.0.6/
sha1 5406c7676d7df89fb4da791ad5af51202910fb25 libjpeg-turbo-2.0.6.tar.gz
md5 4cada3f0bdc93d826fa31bf9e4469ef6 libjpeg-turbo-2.0.6.tar.gz
# Locally computed
sha256 33dd8547efd5543639e890efbf2ef52d5a21df81faf41bb940657af916a23406 libjpeg-turbo-2.0.4.tar.gz
sha256 69e570a251515ced17d4492256d57c89db77ed949652f88a44c80c1ca9607920 LICENSE.md
sha256 82fece2bff2669c476495f0fe70096b154e8bc5b40916a64e99836d9a01c3110 README.ijg
sha256 d74b92ac33b0e3657123ddcf6728788c90dc84dcb6a52013d758af3c4af481bb libjpeg-turbo-2.0.6.tar.gz
sha256 0b7a24c3906d26dfbe24e96e9415549b387c3227140dc6b7ab2fb924254e37a1 LICENSE.md
sha256 01ccef626ec864773c681d4a4056f72af9052d619e0609df0d369117f8b3efdf README.ijg

2
buildroot/package/jpeg-turbo/jpeg-turbo.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
JPEG_TURBO_VERSION = 2.0.4
JPEG_TURBO_VERSION = 2.0.6
JPEG_TURBO_SOURCE = libjpeg-turbo-$(JPEG_TURBO_VERSION).tar.gz
JPEG_TURBO_SITE = https://downloads.sourceforge.net/project/libjpeg-turbo/$(JPEG_TURBO_VERSION)
JPEG_TURBO_LICENSE = IJG (libjpeg), BSD-3-Clause (TurboJPEG), Zlib (SIMD)

2
buildroot/package/libcamera/Config.in
View File

@ -2,7 +2,7 @@ config BR2_PACKAGE_LIBCAMERA_ARCH_SUPPORTS
bool
default y
# Invalid packing size of ControlValue struct on m68k
depends on BR2_m68k
depends on !BR2_m68k
menuconfig BR2_PACKAGE_LIBCAMERA
bool "libcamera"

4
buildroot/package/libkrb5/libkrb5.hash
View File

@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
sha256 02a4e700f10936f937cd1a4c303cab8687a11abecc6107bd4b706b9329cd5400 krb5-1.18.1.tar.gz
sha256 e61783c292b5efd9afb45c555a80dd267ac67eebabca42185362bee6c4fbd719 krb5-1.18.3.tar.gz
# Hash for license file:
sha256 b7a5f14a8719bce5e49a761998aa55438fc890fb40f71228d6a49546f6d5690d NOTICE
sha256 b7a5f14a8719bce5e49a761998aa55438fc890fb40f71228d6a49546f6d5690d NOTICE

2
buildroot/package/libkrb5/libkrb5.mk
View File

@ -5,7 +5,7 @@
################################################################################
LIBKRB5_VERSION_MAJOR = 1.18
LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).1
LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).3
LIBKRB5_SITE = https://web.mit.edu/kerberos/dist/krb5/$(LIBKRB5_VERSION_MAJOR)
LIBKRB5_SOURCE = krb5-$(LIBKRB5_VERSION).tar.gz
LIBKRB5_SUBDIR = src

3
buildroot/package/libpam-tacplus/libpam-tacplus.mk
View File

@ -12,10 +12,9 @@ LIBPAM_TACPLUS_DEPENDENCIES = \
linux-pam \
$(if $(BR2_PACKAGE_OPENSSL),openssl)
# Fetching from github, we need to generate the configure script
# 0001-Add-an-option-to-disable-Werror.patch
LIBPAM_TACPLUS_AUTORECONF = YES
LIBPAM_TACPLUS_INSTALL_STAGING = YES
# We're patching configure.ac
LIBPAM_TACPLUS_AUTORECONF = YES
LIBPAM_TACPLUS_CONF_ENV = \
ax_cv_check_cflags___fstack_protector_all=$(if $(BR2_TOOLCHAIN_HAS_SSP),yes,no)
LIBPAM_TACPLUS_CONF_OPTS = --disable-werror

4
buildroot/package/libxkbcommon/libxkbcommon.hash
View File

@ -1,5 +1,5 @@
# From https://lists.freedesktop.org/archives/wayland-devel/2020-September/041609.html
sha256 ab68b25341c99f2218d7cf3dad459c1827f411219901ade05bbccbdb856b6c8d libxkbcommon-1.0.1.tar.xz
# From https://lists.freedesktop.org/archives/wayland-devel/2020-November/041659.html
sha256 0ea2f88f4472bbf8170c5a7112f5af8848a908ca15df9e9086c3de0189612b2b libxkbcommon-1.0.2.tar.xz
# License file:
sha256 086caee279449369d41c1157911ec7696e707b93feba7280de757d3c470b2dfb LICENSE

2
buildroot/package/libxkbcommon/libxkbcommon.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
LIBXKBCOMMON_VERSION = 1.0.1
LIBXKBCOMMON_VERSION = 1.0.2
LIBXKBCOMMON_SITE = http://xkbcommon.org/download
LIBXKBCOMMON_SOURCE = libxkbcommon-$(LIBXKBCOMMON_VERSION).tar.xz
LIBXKBCOMMON_LICENSE = MIT/X11

12
buildroot/package/linux-headers/Config.in.host
View File

@ -346,13 +346,13 @@ endchoice
config BR2_DEFAULT_KERNEL_HEADERS
string
default "4.4.243" if BR2_KERNEL_HEADERS_4_4
default "4.9.243" if BR2_KERNEL_HEADERS_4_9
default "4.14.206" if BR2_KERNEL_HEADERS_4_14
default "4.19.157" if BR2_KERNEL_HEADERS_4_19
default "5.4.77" if BR2_KERNEL_HEADERS_5_4
default "4.4.246" if BR2_KERNEL_HEADERS_4_4
default "4.9.246" if BR2_KERNEL_HEADERS_4_9
default "4.14.209" if BR2_KERNEL_HEADERS_4_14
default "4.19.160" if BR2_KERNEL_HEADERS_4_19
default "5.4.80" if BR2_KERNEL_HEADERS_5_4
default "5.8.18" if BR2_KERNEL_HEADERS_5_8
default "5.9.8" if BR2_KERNEL_HEADERS_5_9
default "5.9.11" if BR2_KERNEL_HEADERS_5_9
default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
default "custom" if BR2_KERNEL_HEADERS_CUSTOM_TARBALL
default BR2_KERNEL_HEADERS_CUSTOM_REPO_VERSION \

49
buildroot/package/minidlna/0001-fix-build-with-gcc-10.patch
View File

@ -1,49 +0,0 @@
From 90e88764f0fb3d981cd0c3cfd07d63323cc64090 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Tue, 1 Sep 2020 22:55:24 +0200
Subject: [PATCH] fix build with gcc 10
Define setjmp_buffer as static to avoid the following build failure with
gcc 10 (which defaults to -fno-common):
/home/buildroot/autobuild/instance-1/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/10.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: image_utils.o:(.bss+0x0): multiple definition of `setjmp_buffer'; metadata.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
Fixes:
- http://autobuild.buildroot.org/results/8754bb4f7d749f999d5f8ddfec587470ceec4476
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
image_utils.c | 2 +-
metadata.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/image_utils.c b/image_utils.c
index 24cfd08..e8d9635 100644
--- a/image_utils.c
+++ b/image_utils.c
@@ -190,7 +190,7 @@ jpeg_memory_src(j_decompress_ptr cinfo, const unsigned char * buffer, size_t buf
src->pub.bytes_in_buffer = bufsize;
}
-jmp_buf setjmp_buffer;
+static jmp_buf setjmp_buffer;
/* Don't exit on error like libjpeg likes to do */
static void
libjpeg_error_handler(j_common_ptr cinfo)
diff --git a/metadata.c b/metadata.c
index 9cd86dc..4781db7 100644
--- a/metadata.c
+++ b/metadata.c
@@ -502,7 +502,7 @@ GetAudioMetadata(const char *path, const char *name)
}
/* For libjpeg error handling */
-jmp_buf setjmp_buffer;
+static jmp_buf setjmp_buffer;
static void
libjpeg_error_handler(j_common_ptr cinfo)
{
--
2.28.0

133
buildroot/package/minidlna/0002-upnphttp.c-fix-CallStranger-a.k.a.-CVE-2020-12695.patch
View File

@ -1,133 +0,0 @@
From 51bfbee51fd0376b5a66c944134af3e9972d8592 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 6 Sep 2020 11:22:48 +0200
Subject: [PATCH] upnphttp.c: fix CallStranger a.k.a. CVE-2020-12695
Import CheckCallback function from miniupnpd source code:
https://github.com/miniupnp/miniupnp/commit/0d9634658860c3c8c209e466cc0ef7002bad3b0a
IPv6 code was kept even if minidlna does not support it currently.
This code is licensed under BSD-3-Clause like minidlna.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status:
https://sourceforge.net/p/minidlna/support-requests/71]
---
upnphttp.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 82 insertions(+), 10 deletions(-)
diff --git a/upnphttp.c b/upnphttp.c
index 974434e..3be793e 100644
--- a/upnphttp.c
+++ b/upnphttp.c
@@ -742,6 +742,70 @@ check_event(struct upnphttp *h)
return type;
}
+/**
+ * returns 0 if the callback header value is not valid
+ * 1 if it is valid.
+ */
+static int
+checkCallbackURL(struct upnphttp * h)
+{
+ char addrstr[48];
+ int ipv6;
+ const char * p;
+ int i;
+
+ if(!h->req_Callback || h->req_CallbackLen < 8)
+ return 0;
+ if(memcmp(h->req_Callback, "http://", 7) != 0)
+ return 0;
+ ipv6 = 0;
+ i = 0;
+ p = h->req_Callback + 7;
+ if(*p == '[') {
+ p++;
+ ipv6 = 1;
+ while(*p != ']' && i < (sizeof(addrstr)-1)
+ && p < (h->req_Callback + h->req_CallbackLen))
+ addrstr[i++] = *(p++);
+ } else {
+ while(*p != '/' && *p != ':' && i < (sizeof(addrstr)-1)
+ && p < (h->req_Callback + h->req_CallbackLen))
+ addrstr[i++] = *(p++);
+ }
+ addrstr[i] = '\0';
+ if(ipv6) {
+ struct in6_addr addr;
+ if(inet_pton(AF_INET6, addrstr, &addr) <= 0)
+ return 0;
+#ifdef ENABLE_IPV6
+ if(!h->ipv6
+ || (0!=memcmp(&addr, &(h->clientaddr_v6), sizeof(struct in6_addr))))
+ return 0;
+#else
+ return 0;
+#endif
+ } else {
+ struct in_addr addr;
+ if(inet_pton(AF_INET, addrstr, &addr) <= 0)
+ return 0;
+#ifdef ENABLE_IPV6
+ if(h->ipv6) {
+ if(!IN6_IS_ADDR_V4MAPPED(&(h->clientaddr_v6)))
+ return 0;
+ if(0!=memcmp(&addr, ((const char *)&(h->clientaddr_v6) + 12), 4))
+ return 0;
+ } else {
+ if(0!=memcmp(&addr, &(h->clientaddr), sizeof(struct in_addr)))
+ return 0;
+ }
+#else
+ if(0!=memcmp(&addr, &(h->clientaddr), sizeof(struct in_addr)))
+ return 0;
+#endif
+ }
+ return 1;
+}
+
static void
ProcessHTTPSubscribe_upnphttp(struct upnphttp * h, const char * path)
{
@@ -759,17 +823,25 @@ ProcessHTTPSubscribe_upnphttp(struct upnphttp * h, const char * path)
* - respond HTTP/x.x 200 OK
* - Send the initial event message */
/* Server:, SID:; Timeout: Second-(xx|infinite) */
- sid = upnpevents_addSubscriber(path, h->req_Callback,
- h->req_CallbackLen, h->req_Timeout);
- h->respflags = FLAG_TIMEOUT;
- if (sid)
- {
- DPRINTF(E_DEBUG, L_HTTP, "generated sid=%s\n", sid);
- h->respflags |= FLAG_SID;
- h->req_SID = sid;
- h->req_SIDLen = strlen(sid);
+ /* Check that the callback URL is on the same IP as
+ * the request, and not on the internet, nor on ourself (DOS attack ?) */
+ if(checkCallbackURL(h)) {
+ sid = upnpevents_addSubscriber(path, h->req_Callback,
+ h->req_CallbackLen, h->req_Timeout);
+ h->respflags = FLAG_TIMEOUT;
+ if (sid)
+ {
+ DPRINTF(E_DEBUG, L_HTTP, "generated sid=%s\n", sid);
+ h->respflags |= FLAG_SID;
+ h->req_SID = sid;
+ h->req_SIDLen = strlen(sid);
+ }
+ BuildResp_upnphttp(h, 0, 0);
+ } else {
+ DPRINTF(E_WARN, L_HTTP, "Invalid Callback in SUBSCRIBE %.*s",
+ h->req_CallbackLen, h->req_Callback);
+ BuildResp2_upnphttp(h, 412, "Precondition Failed", 0, 0);
}
- BuildResp_upnphttp(h, 0, 0);
}
else if (type == E_RENEW)
{
--
2.28.0

7
buildroot/package/minidlna/minidlna.hash
View File

@ -1,7 +1,6 @@
# From https://sourceforge.net/projects/minidlna/files/minidlna/1.2.1/
md5 a968d3d84971322471cabda3669cc0f8 minidlna-1.2.1.tar.gz
sha1 79d0032c7055aefd4c8e5178bc86fbf258d449d2 minidlna-1.2.1.tar.gz
# From https://sourceforge.net/projects/minidlna/files/minidlna/1.3.0/
sha1 6563a881884879b2aef52611934e08bb42985964 minidlna-1.3.0.tar.gz
# Locally computed
sha256 67388ba23ab0c7033557a32084804f796aa2a796db7bb2b770fb76ac2a742eec minidlna-1.2.1.tar.gz
sha256 47d9b06b4c48801a4c1112ec23d24782728b5495e95ec2195bbe5c81bc2d3c63 minidlna-1.3.0.tar.gz
sha256 79146b7f558e56510b9a714ff75318c05ab93aeccfd6597497b9bce212cf92ea COPYING
sha256 94876d7886116e176e702b4902bd9f19731a6883db5f229ac2a7058a22aa6529 LICENCE.miniupnpd

2
buildroot/package/minidlna/minidlna.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
MINIDLNA_VERSION = 1.2.1
MINIDLNA_VERSION = 1.3.0
MINIDLNA_SITE = https://downloads.sourceforge.net/project/minidlna/minidlna/$(MINIDLNA_VERSION)
MINIDLNA_LICENSE = GPL-2.0, BSD-3-Clause
MINIDLNA_LICENSE_FILES = COPYING LICENCE.miniupnpd

2
buildroot/package/modem-manager/modem-manager.hash
View File

@ -1,4 +1,4 @@
# Locally computed
sha256 783d5da925b2ca69f6233fcead691dd0f5cba06aa479d71495efdc07053fc0fd ModemManager-1.14.6.tar.xz
sha256 fe1a26ba51b4bda7abd09ad4dadedd87d8b8154809fc9d88e94f75fdfff19295 ModemManager-1.14.8.tar.xz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB

3
buildroot/package/modem-manager/modem-manager.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
MODEM_MANAGER_VERSION = 1.14.6
MODEM_MANAGER_VERSION = 1.14.8
MODEM_MANAGER_SOURCE = ModemManager-$(MODEM_MANAGER_VERSION).tar.xz
MODEM_MANAGER_SITE = http://www.freedesktop.org/software/ModemManager
MODEM_MANAGER_LICENSE = GPL-2.0+ (programs, plugins), LGPL-2.0+ (libmm-glib)
@ -12,7 +12,6 @@ MODEM_MANAGER_LICENSE_FILES = COPYING COPYING.LIB
MODEM_MANAGER_DEPENDENCIES = host-pkgconf libglib2 $(TARGET_NLS_DEPENDENCIES)
MODEM_MANAGER_INSTALL_STAGING = YES
MODEM_MANAGER_CONF_OPTS = --disable-more-warnings
MODEM_MANAGER_CONF_ENV = ac_cv_prog_XSLTPROC_CHECK=yes
ifeq ($(BR2_PACKAGE_MODEM_MANAGER_LIBQMI),y)
MODEM_MANAGER_DEPENDENCIES += libqmi

4
buildroot/package/monkey/monkey.mk
View File

@ -10,10 +10,6 @@ MONKEY_SITE = http://monkey-project.com/releases/$(MONKEY_VERSION_MAJOR)
MONKEY_LICENSE = Apache-2.0
MONKEY_LICENSE_FILES = LICENSE
# This package has a configure script, but it's not using
# autoconf/automake, so we're using the generic-package
# infrastructure.
MONKEY_CONF_OPTS = \
-DINSTALL_SYSCONFDIR=/etc/monkey \
-DINSTALL_WEBROOTDIR=/var/www \

114
buildroot/package/musl/0003-rewrite-wcsnrtombs-to-fix-buffer-overflow-and-other-.patch Normal file
View File

@ -0,0 +1,114 @@
From 3ab2a4e02682df1382955071919d8aa3c3ec40d4 Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Thu, 19 Nov 2020 17:12:43 -0500
Subject: [PATCH] rewrite wcsnrtombs to fix buffer overflow and other bugs
the original wcsnrtombs implementation, which has been largely
untouched since 0.5.0, attempted to build input-length-limiting
conversion on top of wcsrtombs, which only limits output length. as
best I recall, this choice was made out of a mix of disdain over
having yet another variant function to implement (added in POSIX 2008;
not standard C) and preference not to switch things around and
implement the wcsrtombs in terms of the more general new function,
probably over namespace issues. the strategy employed was to impose
output limits that would ensure the input limit wasn't exceeded, then
finish up the tail character-at-a-time. unfortunately, none of that
worked correctly.
first, the logic in the wcsrtombs loop was wrong in that it could
easily get stuck making no forward progress, by imposing an output
limit too small to convert even one character.
the character-at-a-time loop that followed was even worse. it made no
effort to ensure that the converted multibyte character would fit in
the remaining output space, only that there was a nonzero amount of
output space remaining. it also employed an incorrect interpretation
of wcrtomb's interface contract for converting the null character,
thereby failing to act on end of input, and remaining space accounting
was subject to unsigned wrap-around. together these errors allow
unbounded overflow of the destination buffer, controlled by input
length limit and input wchar_t string contents.
given the extent to which this function was broken, it's plausible
that most applications that would have been rendered exploitable were
sufficiently broken not to be usable in the first place. however, it's
also plausible that common (especially ASCII-only) inputs succeeded in
the wcsrtombs loop, which mostly worked, while leaving the wildly
erroneous code in the second loop exposed to particular non-ASCII
inputs.
CVE-2020-28928 has been assigned for this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/multibyte/wcsnrtombs.c | 46 ++++++++++++++++----------------------
1 file changed, 19 insertions(+), 27 deletions(-)
diff --git a/src/multibyte/wcsnrtombs.c b/src/multibyte/wcsnrtombs.c
index 676932b5..95e25e70 100644
--- a/src/multibyte/wcsnrtombs.c
+++ b/src/multibyte/wcsnrtombs.c
@@ -1,41 +1,33 @@
#include <wchar.h>
+#include <limits.h>
+#include <string.h>
size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st)
{
- size_t l, cnt=0, n2;
- char *s, buf[256];
const wchar_t *ws = *wcs;
- const wchar_t *tmp_ws;
-
- if (!dst) s = buf, n = sizeof buf;
- else s = dst;
-
- while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) {
- if (n2>=n) n2=n;
- tmp_ws = ws;
- l = wcsrtombs(s, &ws, n2, 0);
- if (!(l+1)) {
- cnt = l;
- n = 0;
+ size_t cnt = 0;
+ if (!dst) n=0;
+ while (ws && wn) {
+ char tmp[MB_LEN_MAX];
+ size_t l = wcrtomb(n<MB_LEN_MAX ? tmp : dst, *ws, 0);
+ if (l==-1) {
+ cnt = -1;
break;
}
- if (s != buf) {
- s += l;
+ if (dst) {
+ if (n<MB_LEN_MAX) {
+ if (l>n) break;
+ memcpy(dst, tmp, l);
+ }
+ dst += l;
n -= l;
}
- wn = ws ? wn - (ws - tmp_ws) : 0;
- cnt += l;
- }
- if (ws) while (n && wn) {
- l = wcrtomb(s, *ws, 0);
- if ((l+1)<=1) {
- if (!l) ws = 0;
- else cnt = l;
+ if (!*ws) {
+ ws = 0;
break;
}
- ws++; wn--;
- /* safe - this loop runs fewer than sizeof(buf) times */
- s+=l; n-=l;
+ ws++;
+ wn--;
cnt += l;
}
if (dst) *wcs = ws;
--
2.20.1

3
buildroot/package/ncurses/ncurses.mk
View File

@ -50,6 +50,9 @@ NCURSES_PATCH = \
ncurses-6.1-20200118.patch.gz \
)
# ncurses-6.1-20191012.patch.gz
NCURSES_IGNORE_CVES += CVE-2019-17594 CVE-2019-17595
NCURSES_CONF_OPTS = \
--without-cxx \
--without-cxx-binding \

1
buildroot/package/numactl/numactl.mk
View File

@ -10,5 +10,6 @@ NUMACTL_LICENSE = LGPL-2.1 (libnuma), GPL-2.0 (programs)
NUMACTL_LICENSE_FILES = README.md
NUMACTL_INSTALL_STAGING = YES
NUMACTL_AUTORECONF = YES
NUMACTL_CONF_ENV = CFLAGS="$(TARGET_CFLAGS) -fPIC"
$(eval $(autotools-package))

1
buildroot/package/openntpd/openntpd.mk
View File

@ -8,6 +8,7 @@ OPENNTPD_VERSION = 6.2p3
OPENNTPD_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenNTPD
OPENNTPD_LICENSE = MIT-like, BSD-2-Clause, BSD-3-Clause
OPENNTPD_LICENSE_FILES = COPYING
OPENNTPD_DEPENDENCIES = host-bison
# Need to autoreconf for our libtool patch to apply properly
OPENNTPD_AUTORECONF = YES

52
buildroot/package/openrc/0006-src-rc-rc-logger.h-fix-build-failure-against-gcc-10.patch Normal file
View File

@ -0,0 +1,52 @@
From 375ef42393f3dc6edbaa2cb70c79b2366072db38 Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <slyfox@gentoo.org>
Date: Sun, 19 Jan 2020 15:24:20 +0000
Subject: [PATCH] src/rc/rc-logger.h: fix build failure against gcc-10
On gcc-10 (and gcc-9 -fno-common) build fails as:
```
cc -L../librc -L../libeinfo -O2 -g -std=c99 -Wall -Wextra -Wimplicit -Wshadow \
-Wformat=2 -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn \
-Wmissing-format-attribute -Wnested-externs -Winline -Wwrite-strings \
-Wcast-align -Wcast-qual -Wpointer-arith -Wdeclaration-after-statement \
-Wsequence-point -Werror=implicit-function-declaration \
-Wl,-rpath=/lib -o openrc rc.o rc-logger.o rc-misc.o rc-plugin.o _usage.o -lutil -lrc -leinfo -Wl,-Bdynamic -ldl
ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:16:
multiple definition of `rc_logger_pid'; rc.o:openrc/src/rc/rc-logger.h:16: first defined here
ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:17:
multiple definition of `rc_logger_tty'; rc.o:openrc/src/rc/rc-logger.h:17: first defined here
```
gcc-10 will change the default from -fcommon to fno-common:
https://gcc.gnu.org/PR85678.
The error also happens if CFLAGS=-fno-common passed explicitly.
This fixes #348.
[Patch taken from upstream:
https://github.com/OpenRC/openrc/commit/375ef42393f3dc6edbaa2cb70c79b2366072db38]
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
---
src/rc/rc-logger.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/rc/rc-logger.h b/src/rc/rc-logger.h
index bf6e3e57..1da294b0 100644
--- a/src/rc/rc-logger.h
+++ b/src/rc/rc-logger.h
@@ -13,8 +13,8 @@
#ifndef RC_LOGGER_H
#define RC_LOGGER_H
-pid_t rc_logger_pid;
-int rc_logger_tty;
+extern pid_t rc_logger_pid;
+extern int rc_logger_tty;
extern bool rc_in_logger;
void rc_logger_open(const char *runlevel);
--
2.20.1

251
buildroot/package/openrc/0007-checkpath-fix-CVE-2018-21269.patch Normal file
View File

@ -0,0 +1,251 @@
From b6fef599bf8493480664b766040fa9b0d4b1e335 Mon Sep 17 00:00:00 2001
From: William Hubbs <w.d.hubbs@gmail.com>
Date: Fri, 20 Nov 2020 09:15:59 -0600
Subject: [PATCH] checkpath: fix CVE-2018-21269
This walks the directory path to the file we are going to manipulate to make
sure that when we create the file and change the ownership and permissions
we are working on the same file.
Also, all non-terminal symbolic links must be owned by root. This will
keep a non-root user from making a symbolic link as described in the
bug. If root creates the symbolic link, it is assumed to be trusted.
On non-linux platforms, we no longer follow non-terminal symbolic links
by default. If you need to do that, add the -s option on the checkpath
command line, but keep in mind that this is not secure.
This fixes #201.
[Patch taken from upstream:
https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335]
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
---
man/openrc-run.8 | 6 +++
src/rc/checkpath.c | 103 ++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 102 insertions(+), 7 deletions(-)
diff --git a/man/openrc-run.8 b/man/openrc-run.8
index 1102daaa..ec4b88de 100644
--- a/man/openrc-run.8
+++ b/man/openrc-run.8
@@ -461,6 +461,7 @@ Mark the service as inactive.
.Op Fl p , -pipe
.Op Fl m , -mode Ar mode
.Op Fl o , -owner Ar owner
+.Op Fl s , -symlinks
.Op Fl W , -writable
.Op Fl q , -quiet
.Ar path ...
@@ -481,6 +482,11 @@ or with names, and are separated by a colon.
The truncate options (-D and -F) cause the directory or file to be
cleared of all contents.
.Pp
+If -s is not specified on a non-linux platform, checkpath will refuse to
+allow non-terminal symbolic links to exist in the path. This is for
+security reasons so that a non-root user can't create a symbolic link to
+a root-owned file and take ownership of that file.
+.Pp
If -W is specified, checkpath checks to see if the first path given on
the command line is writable. This is different from how the test
command in the shell works, because it also checks to make sure the file
diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c
index 448c9cf8..ff54a892 100644
--- a/src/rc/checkpath.c
+++ b/src/rc/checkpath.c
@@ -16,6 +16,7 @@
* except according to the terms contained in the LICENSE file.
*/
+#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/stat.h>
@@ -23,6 +24,7 @@
#include <fcntl.h>
#include <getopt.h>
#include <grp.h>
+#include <libgen.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
@@ -44,7 +46,7 @@ typedef enum {
const char *applet = NULL;
const char *extraopts ="path1 [path2] [...]";
-const char *getoptstring = "dDfFpm:o:W" getoptstring_COMMON;
+const char *getoptstring = "dDfFpm:o:sW" getoptstring_COMMON;
const struct option longopts[] = {
{ "directory", 0, NULL, 'd'},
{ "directory-truncate", 0, NULL, 'D'},
@@ -53,6 +55,7 @@ const struct option longopts[] = {
{ "pipe", 0, NULL, 'p'},
{ "mode", 1, NULL, 'm'},
{ "owner", 1, NULL, 'o'},
+ { "symlinks", 0, NULL, 's'},
{ "writable", 0, NULL, 'W'},
longopts_COMMON
};
@@ -64,15 +67,92 @@ const char * const longopts_help[] = {
"Create a named pipe (FIFO) if not exists",
"Mode to check",
"Owner to check (user:group)",
+ "follow symbolic links (irrelivent on linux)",
"Check whether the path is writable or not",
longopts_help_COMMON
};
const char *usagestring = NULL;
+static int get_dirfd(char *path, bool symlinks) {
+ char *ch;
+ char *item;
+ char *linkpath = NULL;
+ char *path_dupe;
+ char *str;
+ int components = 0;
+ int dirfd;
+ int flags = 0;
+ int new_dirfd;
+ struct stat st;
+ ssize_t linksize;
+
+ if (!path || *path != '/')
+ eerrorx("%s: empty or relative path", applet);
+ dirfd = openat(dirfd, "/", O_RDONLY);
+ if (dirfd == -1)
+ eerrorx("%s: unable to open the root directory: %s",
+ applet, strerror(errno));
+ path_dupe = xstrdup(path);
+ ch = path_dupe;
+ while (*ch) {
+ if (*ch == '/')
+ components++;
+ ch++;
+ }
+ item = strtok(path_dupe, "/");
+#ifdef O_PATH
+ flags |= O_PATH;
+#endif
+ if (!symlinks)
+ flags |= O_NOFOLLOW;
+ flags |= O_RDONLY;
+ while (dirfd > 0 && item && components > 1) {
+ str = xstrdup(linkpath ? linkpath : item);
+ new_dirfd = openat(dirfd, str, flags);
+ if (new_dirfd == -1)
+ eerrorx("%s: %s: could not open %s: %s", applet, path, str,
+ strerror(errno));
+ if (fstat(new_dirfd, &st) == -1)
+ eerrorx("%s: %s: unable to stat %s: %s", applet, path, item,
+ strerror(errno));
+ if (S_ISLNK(st.st_mode) ) {
+ if (st.st_uid != 0)
+ eerrorx("%s: %s: synbolic link %s not owned by root",
+ applet, path, str);
+ linksize = st.st_size+1;
+ if (linkpath)
+ free(linkpath);
+ linkpath = xmalloc(linksize);
+ memset(linkpath, 0, linksize);
+ if (readlinkat(new_dirfd, "", linkpath, linksize) != st.st_size)
+ eerrorx("%s: symbolic link destination changed", applet);
+ /*
+ * now follow the symlink.
+ */
+ close(new_dirfd);
+ } else {
+ close(dirfd);
+ dirfd = new_dirfd;
+ free(linkpath);
+ linkpath = NULL;
+ item = strtok(NULL, "/");
+ components--;
+ }
+ }
+ free(path_dupe);
+ if (linkpath) {
+ free(linkpath);
+ linkpath = NULL;
+ }
+ return dirfd;
+}
+
static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
- inode_t type, bool trunc, bool chowner, bool selinux_on)
+ inode_t type, bool trunc, bool chowner, bool symlinks, bool selinux_on)
{
struct stat st;
+ char *name = NULL;
+ int dirfd;
int fd;
int flags;
int r;
@@ -93,14 +173,16 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
#endif
if (trunc)
flags |= O_TRUNC;
- readfd = open(path, readflags);
+ xasprintf(&name, "%s", basename_c(path));
+ dirfd = get_dirfd(path, symlinks);
+ readfd = openat(dirfd, name, readflags);
if (readfd == -1 || (type == inode_file && trunc)) {
if (type == inode_file) {
einfo("%s: creating file", path);
if (!mode) /* 664 */
mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
u = umask(0);
- fd = open(path, flags, mode);
+ fd = openat(dirfd, name, flags, mode);
umask(u);
if (fd == -1) {
eerror("%s: open: %s", applet, strerror(errno));
@@ -122,7 +204,7 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
strerror (errno));
return -1;
}
- readfd = open(path, readflags);
+ readfd = openat(dirfd, name, readflags);
if (readfd == -1) {
eerror("%s: unable to open directory: %s", applet,
strerror(errno));
@@ -140,7 +222,7 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
strerror (errno));
return -1;
}
- readfd = open(path, readflags);
+ readfd = openat(dirfd, name, readflags);
if (readfd == -1) {
eerror("%s: unable to open fifo: %s", applet,
strerror(errno));
@@ -259,6 +341,7 @@ int main(int argc, char **argv)
int retval = EXIT_SUCCESS;
bool trunc = false;
bool chowner = false;
+ bool symlinks = false;
bool writable = false;
bool selinux_on = false;
@@ -293,6 +376,11 @@ int main(int argc, char **argv)
eerrorx("%s: owner `%s' not found",
applet, optarg);
break;
+ case 's':
+#ifndef O_PATH
+ symlinks = true;
+#endif
+ break;
case 'W':
writable = true;
break;
@@ -320,7 +408,8 @@ int main(int argc, char **argv)
while (optind < argc) {
if (writable)
exit(!is_writable(argv[optind]));
- if (do_check(argv[optind], uid, gid, mode, type, trunc, chowner, selinux_on))
+ if (do_check(argv[optind], uid, gid, mode, type, trunc, chowner,
+ symlinks, selinux_on))
retval = EXIT_FAILURE;
optind++;
}
--
2.20.1

3
buildroot/package/openrc/openrc.mk
View File

@ -9,6 +9,9 @@ OPENRC_SITE = $(call github,OpenRC,openrc,$(OPENRC_VERSION))
OPENRC_LICENSE = BSD-2-Clause
OPENRC_LICENSE_FILES = LICENSE
# 0007-checkpath-fix-CVE-2018-21269.patch
OPENRC_IGNORE_CVES += CVE-2018-21269
OPENRC_DEPENDENCIES = ncurses
# set LIBNAME so openrc puts files in proper directories and sets proper

4
buildroot/package/php/0002-iconv-tweak-iconv-detection.patch
View File

@ -16,7 +16,7 @@ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[aduskett@gmail.com: Update for 7.3.0]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Bernd: rebased for 7.4.10]
[Bernd: rebased for 7.4.10 & 7.4.13]
---
build/php.m4 | 2 +-
ext/iconv/config.m4 | 22 ----------------------
@ -26,7 +26,7 @@ diff --git a/build/php.m4 b/build/php.m4
index 9586c490..8b3d47ed 100644
--- a/build/php.m4
+++ b/build/php.m4
@@ -1965,7 +1965,7 @@ AC_DEFUN([PHP_SETUP_ICONV], [
@@ -1967,7 +1967,7 @@ AC_DEFUN([PHP_SETUP_ICONV], [
dnl Check external libs for iconv funcs.
if test "$found_iconv" = "no"; then

4
buildroot/package/php/0003-configure-disable-the-phar-tool.patch
View File

@ -13,7 +13,7 @@ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Aduskett: update for 7.3.0]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Bernd: rebased for 7.4.10]
[Bernd: rebased for 7.4.10 & 7.4.13]
---
configure.ac | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
@ -22,7 +22,7 @@ diff --git a/configure.ac b/configure.ac
index 0dfab302..6026fb66 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1453,13 +1453,8 @@ CFLAGS="\$(CFLAGS_CLEAN) $standard_libtool_flag"
@@ -1454,13 +1454,8 @@ CFLAGS="\$(CFLAGS_CLEAN) $standard_libtool_flag"
INLINE_CFLAGS="$INLINE_CFLAGS $standard_libtool_flag"
CXXFLAGS="$CXXFLAGS $standard_libtool_flag \$(PROF_FLAGS)"

2
buildroot/package/php/php.hash
View File

@ -1,5 +1,5 @@
# From https://www.php.net/downloads.php
sha256 e82d2bcead05255f6b7d2ff4e2561bc334204955820cabc2457b5239fde96b76 php-7.4.12.tar.xz
sha256 aead303e3abac23106529560547baebbedba0bb2943b91d5aa08fff1f41680f4 php-7.4.13.tar.xz
# License file
sha256 0967ad6cf4b7fe81d38709d7aaef3fecb3bd685be7eebb37b864aa34c991baa7 LICENSE

2
buildroot/package/php/php.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
PHP_VERSION = 7.4.12
PHP_VERSION = 7.4.13
PHP_SITE = http://www.php.net/distributions
PHP_SOURCE = php-$(PHP_VERSION).tar.xz
PHP_INSTALL_STAGING = YES

8
buildroot/package/postgresql/postgresql.hash
View File

@ -1,7 +1,7 @@
# From https://ftp.postgresql.org/pub/source/v12.4/postgresql-12.4.tar.bz2.md5
md5 80ebbf0e55193b123760e5f8e48c6cff postgresql-12.4.tar.bz2
# From https://ftp.postgresql.org/pub/source/v12.4/postgresql-12.4.tar.bz2.sha256
sha256 bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc postgresql-12.4.tar.bz2
# From https://ftp.postgresql.org/pub/source/v12.5/postgresql-12.5.tar.bz2.md5
md5 f19e48090bbd59ea81826b5fd99e7e97 postgresql-12.5.tar.bz2
# From https://ftp.postgresql.org/pub/source/v12.5/postgresql-12.5.tar.bz2.sha256
sha256 bd0d25341d9578b5473c9506300022de26370879581f5fddd243a886ce79ff95 postgresql-12.5.tar.bz2
# License file, Locally calculated
sha256 739e5d454d81d31a482469338b7c856f1f5c6b4cdda1551cea6f0f6d18eef62c COPYRIGHT

2
buildroot/package/postgresql/postgresql.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
POSTGRESQL_VERSION = 12.4
POSTGRESQL_VERSION = 12.5
POSTGRESQL_SOURCE = postgresql-$(POSTGRESQL_VERSION).tar.bz2
POSTGRESQL_SITE = https://ftp.postgresql.org/pub/source/v$(POSTGRESQL_VERSION)
POSTGRESQL_LICENSE = PostgreSQL

2
buildroot/package/proftpd/proftpd.hash
View File

@ -1,3 +1,3 @@
# Locally calculated
sha256 fa3541c4b34136a7b80cb12a2f6f9a0cab5118a5b0a1653d40af49c6479c35ad proftpd-1.3.6c.tar.gz
sha256 2dbe684034ab592742ebdb778a8a234b70f959efeb30feedee3ea77f26f74fbb proftpd-1.3.6e.tar.gz
sha256 391a473d755c29b5326fb726326ff3c37e42512f53a8f5789fc310232150bf80 COPYING

2
buildroot/package/proftpd/proftpd.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
PROFTPD_VERSION = 1.3.6c
PROFTPD_VERSION = 1.3.6e
PROFTPD_SITE = $(call github,proftpd,proftpd,v$(PROFTPD_VERSION))
PROFTPD_LICENSE = GPL-2.0+
PROFTPD_LICENSE_FILES = COPYING

7
buildroot/package/python-flask-cors/python-flask-cors.hash
View File

@ -1,5 +1,4 @@
# md5, sha256 from https://pypi.org/pypi/flask-cors/json
md5 551cc4c0305a171d28caa2b3bc838867 Flask-Cors-3.0.8.tar.gz
sha256 72170423eb4612f0847318afff8c247b38bd516b7737adfc10d1c2cdbb382d16 Flask-Cors-3.0.8.tar.gz
# sha256 from https://pypi.org/pypi/flask-cors/json
sha256 6bcfc100288c5d1bcb1dbb854babd59beee622ffd321e444b05f24d6d58466b8 Flask-Cors-3.0.9.tar.gz
# Locally computed sha256 checksums
sha256 6e1a1bdc54834c1e0740cbce5d5f6f2cae1c846fd2a7f482b11649594fafbd5d LICENSE
sha256 6e1a1bdc54834c1e0740cbce5d5f6f2cae1c846fd2a7f482b11649594fafbd5d LICENSE

4
buildroot/package/python-flask-cors/python-flask-cors.mk
View File

@ -4,9 +4,9 @@
#
################################################################################
PYTHON_FLASK_CORS_VERSION = 3.0.8
PYTHON_FLASK_CORS_VERSION = 3.0.9
PYTHON_FLASK_CORS_SOURCE = Flask-Cors-$(PYTHON_FLASK_CORS_VERSION).tar.gz
PYTHON_FLASK_CORS_SITE = https://files.pythonhosted.org/packages/9e/11/ca8b95c5bf9644471601e425f0de8cbd09a506bb6c24842cb17a6cd1eea8
PYTHON_FLASK_CORS_SITE = https://files.pythonhosted.org/packages/99/fc/cd117ea122e28037a5ec60356a7ffae8b77af527713f7b5e4eb63089f669
PYTHON_FLASK_CORS_SETUP_TYPE = setuptools
PYTHON_FLASK_CORS_LICENSE = MIT
PYTHON_FLASK_CORS_LICENSE_FILES = LICENSE

1
buildroot/package/python-pip/Config.in
View File

@ -1,5 +1,6 @@
config BR2_PACKAGE_PYTHON_PIP
bool "python-pip"
select BR2_PACKAGE_PYTHON_HASHLIB if BR2_PACKAGE_PYTHON # runtime
select BR2_PACKAGE_PYTHON_SETUPTOOLS # runtime
select BR2_PACKAGE_PYTHON_SSL if BR2_PACKAGE_PYTHON # runtime
select BR2_PACKAGE_PYTHON3_SSL if BR2_PACKAGE_PYTHON3 # runtime

98
buildroot/package/qemu/0002-Fix-build-with-64-bits-time_t.patch Normal file
View File

@ -0,0 +1,98 @@
From 839e51aa452345b440f8d2d0df84ab58bdedfcd1 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sat, 14 Nov 2020 21:54:17 +0100
Subject: [PATCH] Fix build with 64 bits time_t
time element is deprecated on new input_event structure in kernel's
input.h [1]
This will avoid the following build failure:
hw/input/virtio-input-host.c: In function 'virtio_input_host_handle_status':
hw/input/virtio-input-host.c:198:28: error: 'struct input_event' has no member named 'time'
198 | if (gettimeofday(&evdev.time, NULL)) {
| ^
Fixes:
- http://autobuild.buildroot.org/results/a538167e288c14208d557cd45446df86d3d599d5
- http://autobuild.buildroot.org/results/efd4474fb4b6c0ce0ab3838ce130429c51e43bbb
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=152194fe9c3f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
contrib/vhost-user-input/main.c | 10 +++++++++-
hw/input/virtio-input-host.c | 10 +++++++++-
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/contrib/vhost-user-input/main.c b/contrib/vhost-user-input/main.c
index 6020c6f33a..e688c3e0a9 100644
--- a/contrib/vhost-user-input/main.c
+++ b/contrib/vhost-user-input/main.c
@@ -17,6 +17,11 @@
#include "standard-headers/linux/virtio_input.h"
#include "qapi/error.h"
+#ifndef input_event_sec
+#define input_event_sec time.tv_sec
+#define input_event_usec time.tv_usec
+#endif
+
enum {
VHOST_USER_INPUT_MAX_QUEUES = 2,
};
@@ -115,13 +120,16 @@ vi_evdev_watch(VuDev *dev, int condition, void *data)
static void vi_handle_status(VuInput *vi, virtio_input_event *event)
{
struct input_event evdev;
+ struct timeval tval;
int rc;
- if (gettimeofday(&evdev.time, NULL)) {
+ if (gettimeofday(&tval, NULL)) {
perror("vi_handle_status: gettimeofday");
return;
}
+ evdev.input_event_sec = tval.tv_sec;
+ evdev.input_event_usec = tval.tv_usec;
evdev.type = le16toh(event->type);
evdev.code = le16toh(event->code);
evdev.value = le32toh(event->value);
diff --git a/hw/input/virtio-input-host.c b/hw/input/virtio-input-host.c
index 85daf73f1a..2e261737e1 100644
--- a/hw/input/virtio-input-host.c
+++ b/hw/input/virtio-input-host.c
@@ -16,6 +16,11 @@
#include <sys/ioctl.h>
#include "standard-headers/linux/input.h"
+#ifndef input_event_sec
+#define input_event_sec time.tv_sec
+#define input_event_usec time.tv_usec
+#endif
+
/* ----------------------------------------------------------------- */
static struct virtio_input_config virtio_input_host_config[] = {
@@ -193,13 +198,16 @@ static void virtio_input_host_handle_status(VirtIOInput *vinput,
{
VirtIOInputHost *vih = VIRTIO_INPUT_HOST(vinput);
struct input_event evdev;
+ struct timeval tval;
int rc;
- if (gettimeofday(&evdev.time, NULL)) {
+ if (gettimeofday(&tval, NULL)) {
perror("virtio_input_host_handle_status: gettimeofday");
return;
}
+ evdev.input_event_sec = tval.tv_sec;
+ evdev.input_event_usec = tval.tv_usec;
evdev.type = le16_to_cpu(event->type);
evdev.code = le16_to_cpu(event->code);
evdev.value = le32_to_cpu(event->value);
--
2.29.2

1
buildroot/package/qemu/Config.in
View File

@ -58,6 +58,7 @@ comment "Networking options"
config BR2_PACKAGE_QEMU_SLIRP
bool "Enable user mode networking (SLIRP)"
select BR2_PACKAGE_SLIRP
help
Enable user mode network stack, which is the default
networking backend. It requires no administrator privileges

6
buildroot/package/qemu/qemu.mk
View File

@ -51,8 +51,10 @@ endif
endif
# There is no "--enable-slirp"
ifeq ($(BR2_PACKAGE_QEMU_SLIRP),)
ifeq ($(BR2_PACKAGE_QEMU_SLIRP),y)
QEMU_OPTS += --enable-slirp=system
QEMU_DEPENDENCIES += slirp
else
QEMU_OPTS += --disable-slirp
endif

47
buildroot/package/raptor/0002-Calcualte-max-nspace-declarations-correctly-for-XML-.patch Normal file
View File

@ -0,0 +1,47 @@
From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001
From: Dave Beckett <dave@dajobe.org>
Date: Sun, 16 Apr 2017 23:15:12 +0100
Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer
(raptor_xml_writer_start_element_common): Calculate max including for
each attribute a potential name and value.
Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617
and #0000618 http://bugs.librdf.org/mantis/view.php?id=618
[Peter: fixes CVE-2017-18926, upstream:
https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/raptor_xml_writer.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
index 693b9468..0d3a36a5 100644
--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
size_t nspace_declarations_count = 0;
unsigned int i;
- /* max is 1 per element and 1 for each attribute + size of declared */
if(nstack) {
- int nspace_max_count = element->attribute_count+1;
+ int nspace_max_count = element->attribute_count * 2; /* attr and value */
+ if(element->name->nspace)
+ nspace_max_count++;
if(element->declared_nspaces)
nspace_max_count += raptor_sequence_size(element->declared_nspaces);
if(element->xml_language)
@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
}
}
- /* Add the attribute + value */
+ /* Add the attribute's value */
nspace_declarations[nspace_declarations_count].declaration=
raptor_qname_format_as_xml(element->attributes[i],
&nspace_declarations[nspace_declarations_count].length);
--
2.20.1

3
buildroot/package/raptor/raptor.mk
View File

@ -15,6 +15,9 @@ RAPTOR_INSTALL_STAGING = YES
# Flag is added to make sure the patch is applied for the configure.ac of raptor.
RAPTOR_AUTORECONF = YES
# 0002-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
RAPTOR_IGNORE_CVES += CVE-2017-18926
RAPTOR_CONF_OPTS =\
--with-xml2-config=$(STAGING_DIR)/usr/bin/xml2-config \
--with-xslt-config=$(STAGING_DIR)/usr/bin/xslt-config

4
buildroot/package/redis/0001-uclibc.patch
View File

@ -10,6 +10,8 @@ Signed-off-by: Daniel Price <daniel.price@gmail.com>
Signed-off-by: Martin Bark <martin@barkynet.com>
[Titouan: adapt to 5.0.4]
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
[Fabrice: update for 6.0.9]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
=========================================================================
diff -ur old/src/config.h new/src/config.h
@ -21,6 +23,6 @@ diff -ur old/src/config.h new/src/config.h
/* Test for backtrace() */
-#if defined(__APPLE__) || (defined(__linux__) && defined(__GLIBC__)) || \
+#if defined(__APPLE__) || (defined(__linux__) && defined(__GLIBC__) && !defined(__UCLIBC__)) || \
defined(__FreeBSD__) || (defined(__OpenBSD__) && defined(USE_BACKTRACE))\
defined(__FreeBSD__) || ((defined(__OpenBSD__) || defined(__NetBSD__)) && defined(USE_BACKTRACE))\
|| defined(__DragonFly__)
#define HAVE_BACKTRACE 1

2
buildroot/package/redis/redis.hash
View File

@ -1,5 +1,5 @@
# From https://github.com/redis/redis-hashes/blob/master/README
sha256 04fa1fddc39bd1aecb6739dd5dd73858a3515b427acd1e2947a66dadce868d68 redis-6.0.8.tar.gz
sha256 dc2bdcf81c620e9f09cfd12e85d3bc631c897b2db7a55218fd8a65eaa37f86dd redis-6.0.9.tar.gz
# Locally calculated
sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING

2
buildroot/package/redis/redis.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
REDIS_VERSION = 6.0.8
REDIS_VERSION = 6.0.9
REDIS_SITE = http://download.redis.io/releases
REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components)
REDIS_LICENSE_FILES = COPYING

60
buildroot/package/slirp/0001-slirp-check-pkt_len-before-reading-protocol-header.patch Normal file
View File

@ -0,0 +1,60 @@
From 2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 26 Nov 2020 19:27:06 +0530
Subject: [PATCH] slirp: check pkt_len before reading protocol header
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input'
routines, ensure that pkt_len is large enough to accommodate the
respective protocol headers, lest it should do an OOB access.
Add check to avoid it.
CVE-2020-29129 CVE-2020-29130
QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets
-> https://www.openwall.com/lists/oss-security/2020/11/27/1
Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20201126135706.273950-1-ppandit@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/ncsi.c | 4 ++++
src/slirp.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/src/ncsi.c b/src/ncsi.c
index 3c1dfef..75dcc08 100644
--- a/src/ncsi.c
+++ b/src/ncsi.c
@@ -148,6 +148,10 @@ void ncsi_input(Slirp *slirp, const uint8_t *pkt, int pkt_len)
uint32_t checksum;
uint32_t *pchecksum;
+ if (pkt_len < ETH_HLEN + sizeof(struct ncsi_pkt_hdr)) {
+ return; /* packet too short */
+ }
+
memset(ncsi_reply, 0, sizeof(ncsi_reply));
memset(reh->h_dest, 0xff, ETH_ALEN);
diff --git a/src/slirp.c b/src/slirp.c
index 9bead0c..abb6f9a 100644
--- a/src/slirp.c
+++ b/src/slirp.c
@@ -860,6 +860,10 @@ static void arp_input(Slirp *slirp, const uint8_t *pkt, int pkt_len)
return;
}
+ if (pkt_len < ETH_HLEN + sizeof(struct slirp_arphdr)) {
+ return; /* packet too short */
+ }
+
ar_op = ntohs(ah->ar_op);
switch (ar_op) {
case ARPOP_REQUEST:
--
2.20.1

3
buildroot/package/slirp/slirp.mk
View File

@ -14,4 +14,7 @@ SLIRP_LICENSE_FILES = COPYRIGHT
SLIRP_INSTALL_STAGING = YES
SLIRP_DEPENDENCIES = libglib2
# 0001-slirp-check-pkt_len-before-reading-protocol-header.patch
SLIRP_IGNORE_CVES += CVE-2020-29129 CVE-2020-29130
$(eval $(meson-package))

60
buildroot/package/spandsp/0001-configure.ac-fix-AVX-SSE-and-MMX-options.patch Normal file
View File

@ -0,0 +1,60 @@
From e7330bfe63efd0062fa51d50a4aaa0f1abd5ff75 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 22 Nov 2020 17:02:43 +0100
Subject: [PATCH] configure.ac: fix AVX, SSE and MMX options
AVX, SSE and MMX options are broken since
https://github.com/freeswitch/spandsp/commit/87a900c70df73e128a5926587047f529105f5f64
For example, when the user enables SSE, it will also enable MMX and the
user can't disable MMX
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/freeswitch/spandsp/pull/20]
---
configure.ac | 8 --------
1 file changed, 8 deletions(-)
diff --git a/configure.ac b/configure.ac
index 83fb3fd..ac2592e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -486,35 +486,27 @@ armv7[bl] | armv7-*)
x86_64-* | i386-* | i686-*)
if test "$enable_avx2" = "yes" ; then
AC_DEFINE([SPANDSP_USE_AVX2], [1], [Use the AVX2 instruction set (i386 and x86_64 only).])
- enable_avx="yes"
fi
if test "$enable_avx" = "yes" ; then
AC_DEFINE([SPANDSP_USE_AVX], [1], [Use the AVX instruction set (i386 and x86_64 only).])
- enable_sse4_2="yes"
fi
if test "$enable_sse4_2" = "yes" ; then
AC_DEFINE([SPANDSP_USE_SSE4_2], [1], [Use the SSE4.2 instruction set (i386 and x86_64 only).])
- enable_sse4_1="yes"
fi
if test "$enable_sse4_1" = "yes" ; then
AC_DEFINE([SPANDSP_USE_SSE4_1], [1], [Use the SSE4.1 instruction set (i386 and x86_64 only).])
- enable_ssse3="yes"
fi
if test "$enable_ssse3" = "yes" ; then
AC_DEFINE([SPANDSP_USE_SSSE3], [1], [Use the SSSE3 instruction set (i386 and x86_64 only).])
- enable_sse3="yes"
fi
if test "$enable_sse3" = "yes" ; then
AC_DEFINE([SPANDSP_USE_SSE3], [1], [Use the SSE3 instruction set (i386 and x86_64 only).])
- enable_sse2="yes"
fi
if test "$enable_sse2" = "yes" ; then
AC_DEFINE([SPANDSP_USE_SSE2], [1], [Use the SSE2 instruction set (i386 and x86_64 only).])
- enable_sse="yes"
fi
if test "$enable_sse" = "yes" ; then
AC_DEFINE([SPANDSP_USE_SSE], [1], [Use the SSE instruction set (i386 and x86_64 only).])
- enable_mmx="yes"
fi
if test "$enable_mmx" = "yes" ; then
AC_DEFINE([SPANDSP_USE_MMX], [1], [Use the MMX instruction set (i386 and x86_64 only).])
--
2.29.2

5
buildroot/package/spandsp/spandsp.mk
View File

@ -8,14 +8,17 @@ SPANDSP_VERSION = 3.0.0-6ec23e5a7e
SPANDSP_SITE = https://files.freeswitch.org/downloads/libs
SPANDSP_LICENSE = LGPL-2.1 (library), GPL-2.0 (test suite)
SPANDSP_LICENSE_FILES = COPYING
# We're patching configure.ac
SPANDSP_AUTORECONF = YES
SPANDSP_DEPENDENCIES = tiff host-pkgconf
SPANDSP_INSTALL_STAGING = YES
SPANDSP_CONF_ENV = LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs libtiff-4`"
# MMX on i686 raises a build failure
SPANDSP_CONF_OPTS = \
--disable-builtin-tiff \
$(if $(BR2_X86_CPU_HAS_MMX),--enable-mmx,--disable-mmx) \
$(if $(BR2_x86_64),--enable-mmx,--disable-mmx) \
$(if $(BR2_X86_CPU_HAS_SSE),--enable-sse,--disable-sse) \
$(if $(BR2_X86_CPU_HAS_SSE2),--enable-sse2,--disable-sse2) \
$(if $(BR2_X86_CPU_HAS_SSE3),--enable-sse3,--disable-sse3) \

53
buildroot/package/thermald/0001-thd_trip_point-fix-32-bit-build-error-with-musl-v1.2.patch Normal file
View File

@ -0,0 +1,53 @@
From 074575bf3640485ab6d43ae1efed3eff9cebae13 Mon Sep 17 00:00:00 2001
From: Naveen Saini <naveen.kumar.saini@intel.com>
Date: Thu, 5 Mar 2020 13:45:57 +0800
Subject: [PATCH] thd_trip_point: fix 32-bit build error with musl v1.2.0
Error log:
../git/src/thd_trip_point.cpp: In member function 'bool cthd_trip_point::thd_trip_point_check(int, unsigned int, int, bool*)':
| ../git/src/thd_trip_point.cpp:250:19: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'time_t' {aka 'long long int'} [-Werror=format=]
| 250 | thd_log_info("Too early to act zone:%d index %d tm %ld\n",
musl 1.2.0 have new feature:
time_t is now 64-bit on all archs (not just 64-bit archs)
Commit id:
https://git.musl-libc.org/cgit/musl/commit/?id=38143339646a4ccce8afe298c34467767c899f51
Release note link for musl 1.2.0:
https://git.musl-libc.org/cgit/musl/diff/
use %jd and typecast with intmax_t which is maximum width integer type
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
[Upstream: https://github.com/intel/thermal_daemon/commit/a7136682b9e6ebdb53c3c8b472bcd5039d62dc78.patch]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
src/thd_trip_point.cpp | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/src/thd_trip_point.cpp b/src/thd_trip_point.cpp
index 46f692d..6358c27 100644
--- a/src/thd_trip_point.cpp
+++ b/src/thd_trip_point.cpp
@@ -242,15 +242,9 @@ bool cthd_trip_point::thd_trip_point_check(int id, unsigned int read_temp,
time_t tm;
time(&tm);
if ((tm - cdevs[i].last_op_time) < cdevs[i].sampling_priod) {
-#if defined __x86_64__ && defined __ILP32__
- thd_log_info("Too early to act zone:%d index %d tm %lld\n",
+ thd_log_info("Too early to act zone:%d index %d tm %jd\n",
zone_id, cdev->thd_cdev_get_index(),
- tm - cdevs[i].last_op_time);
-#else
- thd_log_info("Too early to act zone:%d index %d tm %ld\n",
- zone_id, cdev->thd_cdev_get_index(),
- tm - cdevs[i].last_op_time);
-#endif
+ (intmax_t)tm - cdevs[i].last_op_time);
break;
}
cdevs[i].last_op_time = tm;
--
2.29.2

2
buildroot/package/uhd/uhd.mk
View File

@ -23,7 +23,7 @@ UHD_CONF_OPTS = \
-DRUNTIME_PYTHON_EXECUTABLE=/usr/bin/python \
-DENABLE_C_API=ON \
-DENABLE_DOXYGEN=OFF \
-DENABLE_DPKD=OFF \
-DENABLE_DPDK=OFF \
-DENABLE_LIBUHD=ON \
-DENABLE_N230=OFF \
-DENABLE_N300=OFF \

4
buildroot/package/vsftpd/S70vsftpd
View File

@ -9,12 +9,12 @@ DAEMON=/usr/sbin/$NAME
case "$1" in
start)
printf "Starting $DESC: "
start-stop-daemon -S -b -x $NAME
start-stop-daemon -S -b -x $DAEMON
echo "OK"
;;
stop)
printf "Stopping $DESC: "
start-stop-daemon -K -x $NAME
start-stop-daemon -K -x $DAEMON
echo "OK"
;;
restart|force-reload)

8
buildroot/package/webkitgtk/webkitgtk.hash
View File

@ -1,7 +1,7 @@
# From https://webkitgtk.org/releases/webkitgtk-2.30.2.tar.xz.sums
md5 2163f1f982c63cb8fa75bf1b36396304 webkitgtk-2.30.2.tar.xz
sha1 e27d336570226645f861b5a00116c17da39f9df4 webkitgtk-2.30.2.tar.xz
sha256 c467e0bc2bc610c2570928e3fd63cedaadc4719cbf9b04aa99f79dd71ad5682a webkitgtk-2.30.2.tar.xz
# From https://webkitgtk.org/releases/webkitgtk-2.30.3.tar.xz.sums
md5 3db32cffeab82efcade1ce77f94865c2 webkitgtk-2.30.3.tar.xz
sha1 6eed6e8a3c2f47533821169679fe381ceb0550be webkitgtk-2.30.3.tar.xz
sha256 6dea14f03916882816f2fed9497a5103fc54b2ab8602ab145ca991e4951e5e7f webkitgtk-2.30.3.tar.xz
# Hashes for license files:
sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE

2
buildroot/package/webkitgtk/webkitgtk.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
WEBKITGTK_VERSION = 2.30.2
WEBKITGTK_VERSION = 2.30.3
WEBKITGTK_SITE = https://www.webkitgtk.org/releases
WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
WEBKITGTK_INSTALL_STAGING = YES

2
buildroot/package/wireless-regdb/wireless-regdb.hash
View File

@ -1,4 +1,4 @@
# From https://www.kernel.org/pub/software/network/wireless-regdb/sha256sums.asc
sha256 89fd031aed5977c219a71501e144375a10e7c90d1005d5d086ea7972886a2c7a wireless-regdb-2020.04.29.tar.xz
sha256 b4164490d82ff7b0086e812ac42ab27baf57be24324d4c0ee1c5dd6ba27f2a52 wireless-regdb-2020.11.20.tar.xz
# Locally computed
sha256 678b0df753c86198fc496d1f1033429bbd57f101472132ee7eaaf9f5e0a7fae1 LICENSE

2
buildroot/package/wireless-regdb/wireless-regdb.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
WIRELESS_REGDB_VERSION = 2020.04.29
WIRELESS_REGDB_VERSION = 2020.11.20
WIRELESS_REGDB_SOURCE = wireless-regdb-$(WIRELESS_REGDB_VERSION).tar.xz
WIRELESS_REGDB_SITE = $(BR2_KERNEL_MIRROR)/software/network/wireless-regdb
WIRELESS_REGDB_LICENSE = ISC

4
buildroot/package/wlroots/Config.in
View File

@ -3,16 +3,14 @@ comment "wlroots needs udev, mesa3d w/ EGL and GLES support"
!BR2_PACKAGE_MESA3D_OPENGL_ES || \
!BR2_PACKAGE_HAS_UDEV
comment "wlroots needs a toolchain w/ threads, locale, dynamic library"
comment "wlroots needs a toolchain w/ threads, dynamic library"
depends on !BR2_TOOLCHAIN_HAS_THREADS || \
!BR2_ENABLE_LOCALE || \
BR2_STATIC_LIBS
config BR2_PACKAGE_WLROOTS
bool "wlroots"
depends on !BR2_STATIC_LIBS # wayland
depends on BR2_TOOLCHAIN_HAS_THREADS # libdrm, wayland
depends on BR2_ENABLE_LOCALE # libinput
depends on BR2_PACKAGE_HAS_UDEV # libinput
# Technically wlroots should work with any OpenGL implementation
# which provides EGL, GLES2, and libgbm; but in practice only

42
buildroot/package/wpewebkit/0002-WebProcess-InjectedBundle-fix-compile-without-video-.patch
View File

@ -1,42 +0,0 @@
From 1ca7dea56db25969844699bc82fe7c78cb3d2eda Mon Sep 17 00:00:00 2001
From: Peter Seiderer <ps.report@gmx.net>
Date: Tue, 10 Nov 2020 23:06:45 +0100
Subject: [PATCH] WebProcess/InjectedBundle: fix compile without video support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes:
.../wpewebkit-2.30.2/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp:242:30: error: class WebCore::Settings has no member named setGenericCueAPIEnabled; did you mean setBeaconAPIEnabled?
page->settings().setGenericCueAPIEnabled(enabled);
^~~~~~~~~~~~~~~~~~~~~~~
setBeaconAPIEnabled
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp b/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp
index 61326f2e..d7776997 100644
--- a/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp
+++ b/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp
@@ -236,12 +236,14 @@ void InjectedBundle::overrideBoolPreferenceForTestRunner(WebPageGroupProxy* page
RuntimeEnabledFeatures::sharedFeatures().setWebRTCMDNSICECandidatesEnabled(enabled);
#endif
+#if ENABLE(VIDEO)
if (preference == "WebKitGenericCueAPIEnabled") {
WebPreferencesStore::overrideBoolValueForKey(WebPreferencesKey::genericCueAPIEnabledKey(), enabled);
for (auto* page : pages)
page->settings().setGenericCueAPIEnabled(enabled);
return;
}
+#endif
#if ENABLE(GPU_PROCESS)
if (preference == "WebKitUseGPUProcessForMedia" || preference == "WebKitCaptureAudioInGPUProcessEnabledKey") {
--
2.29.2

8
buildroot/package/wpewebkit/wpewebkit.hash
View File

@ -1,7 +1,7 @@
# From https://wpewebkit.org/releases/wpewebkit-2.30.2.tar.xz.sums
md5 5b0fed3333b53dbb36e572935fd54a7b wpewebkit-2.30.2.tar.xz
sha1 a143723fb77c2ea20bad888b95ccc37a7dd5b375 wpewebkit-2.30.2.tar.xz
sha256 c94925ca2d655c7fc07dbc2d4b7a47a822c7699816a8cca35ed9efd676b5ba86 wpewebkit-2.30.2.tar.xz
# From https://wpewebkit.org/releases/wpewebkit-2.30.3.tar.xz.sums
md5 75f6ef1819b182043a25b916272ebec6 wpewebkit-2.30.3.tar.xz
sha1 2ed723f779513205449e0c5b7c080eb19d635aee wpewebkit-2.30.3.tar.xz
sha256 f2dfc1a6279810353f601bb9bd0d8ef671b41b38352d679b93d01631c2bf7b4b wpewebkit-2.30.3.tar.xz
# Hashes for license files:
sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE

2
buildroot/package/wpewebkit/wpewebkit.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
WPEWEBKIT_VERSION = 2.30.2
WPEWEBKIT_VERSION = 2.30.3
WPEWEBKIT_SITE = http://www.wpewebkit.org/releases
WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz
WPEWEBKIT_INSTALL_STAGING = YES

24
buildroot/package/xen/xen.hash
View File

@ -1,3 +1,27 @@
# Locally computed
sha256 06839f68ea7620669dbe8b67861213223cc2a7d02ced61b56e5249c50e87f035 xen-4.14.0.tar.gz
sha256 ecca9538e9d3f7e3c2bff827502f4495e2ef9e22c451298696ea08886b176c2c COPYING
# https://xenbits.xenproject.org/xsa/advisory-333.html
sha256 8edec914fbdf036fba8cb54a75d3a9b025fac936e0af35512954a2dc2b12a26f xsa333.patch
# https://xenbits.xenproject.org/xsa/advisory-334.html
sha256 323cd9d24b2e95643833865a9943172c56edd25dfd170e4741034d28dfd0d4bd xsa334.patch
# https://xenbits.xenproject.org/xsa/advisory-336.html
sha256 ecb59876fb92cfe0916ed5f3227a30efe038224c1f6ec36bc3706c4e2214552c xsa336.patch
# https://xenbits.xenproject.org/xsa/advisory-337.html
sha256 98c48781dd46bf6ff6cc46246c6c9f2e2be6ec696c0e7918d4b82845588ce04e xsa337-1.patch
sha256 9e8ae24222371379f2ea62e14fcc7f7282e01c356dff230c22c9ab1d2fb941e2 xsa337-2.patch
# https://xenbits.xenproject.org/xsa/advisory-338.html
sha256 7345eac1cbad23b082523e9cbd0331f8a9f16c6e459fb2a686606253f5514c9b xsa338.patch
# https://xenbits.xenproject.org/xsa/advisory-339.html
sha256 b6ffa7671d905aa12498ad64915be3b7cba74ce1c5bf6bce18b1f106ebf6d715 xsa339.patch
# https://xenbits.xenproject.org/xsa/advisory-340.html
sha256 2bb088fcc1f8f79bf5ddb7b4e101cb1db76a343d2fb1cdafb7cd54612e4009da xsa340.patch
# https://xenbits.xenproject.org/xsa/advisory-342.html
sha256 060caee3fb5971fca0f2fbdef622c52d9bc6e0ed9efad33de5b6b504651c2112 xsa342.patch
# https://xenbits.xenproject.org/xsa/advisory-343.html
sha256 d714a542bae9d96b6a061c5a8f754549d699dcfb7bf2a766b721f6bbe33aefd2 xsa343-1.patch
sha256 657c44c8ea13523d2e59776531237bbc20166c9b7c3960e0e9ad381fce927344 xsa343-2.patch
sha256 2b275e3fa559167c1b59e6fd4a20bc4d1df9d9cb0cbd0050a3db9c3d0299b233 xsa343-3.patch
# https://xenbits.xenproject.org/xsa/advisory-344.html
sha256 5f9dbdc48bed502d614a76e5819afa41a72cec603c5a2c9491d73873a991a5ed xsa344-1.patch
sha256 381ca5c51bc120bfd5c742be3988f570abb870c4b75c8a48cf49ae4fa1046d73 xsa344-2.patch

37
buildroot/package/xen/xen.mk
View File

@ -6,6 +6,43 @@
XEN_VERSION = 4.14.0
XEN_SITE = https://downloads.xenproject.org/release/xen/$(XEN_VERSION)
XEN_PATCH = \
https://xenbits.xenproject.org/xsa/xsa333.patch \
https://xenbits.xenproject.org/xsa/xsa334.patch \
https://xenbits.xenproject.org/xsa/xsa336.patch \
https://xenbits.xenproject.org/xsa/xsa337/xsa337-1.patch \
https://xenbits.xenproject.org/xsa/xsa337/xsa337-2.patch \
https://xenbits.xenproject.org/xsa/xsa338.patch \
https://xenbits.xenproject.org/xsa/xsa339.patch \
https://xenbits.xenproject.org/xsa/xsa340.patch \
https://xenbits.xenproject.org/xsa/xsa342.patch \
https://xenbits.xenproject.org/xsa/xsa343/xsa343-1.patch \
https://xenbits.xenproject.org/xsa/xsa343/xsa343-2.patch \
https://xenbits.xenproject.org/xsa/xsa343/xsa343-3.patch \
https://xenbits.xenproject.org/xsa/xsa344/xsa344-1.patch \
https://xenbits.xenproject.org/xsa/xsa344/xsa344-2.patch
# xsa333.patch
XEN_IGNORE_CVES += CVE-2020-25602
# xsa334.patch
XEN_IGNORE_CVES += CVE-2020-25598
# xsa336.patch
XEN_IGNORE_CVES += CVE-2020-25604
# xsa337-1.patch, xsa337-2.patch
XEN_IGNORE_CVES += CVE-2020-25595
# xsa338.patch
XEN_IGNORE_CVES += CVE-2020-25597
# xsa339.patch
XEN_IGNORE_CVES += CVE-2020-25596
# xsa340.patch
XEN_IGNORE_CVES += CVE-2020-25603
# xsa342.patch
XEN_IGNORE_CVES += CVE-2020-25600
# xsa343-1.patch, xsa-343-2.patch, xsa-343-3.patch
XEN_IGNORE_CVES += CVE-2020-25599
# xsa344-1.patch, xsa344-2.patch
XEN_IGNORE_CVES += CVE-2020-25601
XEN_LICENSE = GPL-2.0
XEN_LICENSE_FILES = COPYING
XEN_DEPENDENCIES = host-acpica host-python3

29
buildroot/package/xinetd/0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch Normal file
View File

@ -0,0 +1,29 @@
From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
From: Thomas Swan <thomas.swan@gmail.com>
Date: Wed, 2 Oct 2013 23:17:17 -0500
Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
TCPMUX services
Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
xinetd/builtins.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xinetd/builtins.c b/xinetd/builtins.c
index 3b85579..34a5bac 100644
--- a/xinetd/builtins.c
+++ b/xinetd/builtins.c
@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
if( SC_IS_INTERNAL( scp ) ) {
SC_INTERNAL(scp, nserp);
} else {
- exec_server(nserp);
+ child_process(nserp);
}
}
--
2.20.1

3
buildroot/package/xinetd/xinetd.mk
View File

@ -9,6 +9,9 @@ XINETD_SITE = $(call github,xinetd-org,xinetd,xinetd-$(XINETD_VERSION))
XINETD_LICENSE = xinetd license
XINETD_LICENSE_FILES = COPYRIGHT
# 0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch
XINETD_IGNORE_CVES += CVE-2013-4342
XINETD_CFLAGS = $(TARGET_CFLAGS)
# Three cases here:

2
buildroot/package/xorriso/xorriso.mk
View File

@ -14,7 +14,7 @@ XORRISO_LICENSE_FILES = COPYING COPYRIGHT
HOST_XORRISO_CONF_OPTS = \
--disable-xattr-h-pref-attr \
--disable-zlib \
--disable-bzip2 \
--disable-libbz2 \
--disable-libcdio \
--disable-libreadline \
--disable-libedit \

4
buildroot/support/dependencies/check-host-bison-flex.mk
View File

@ -1,5 +1,9 @@
# If the system lacks bison or flex, add
# dependencies to suitable host packages
#
# BR2_{BISON,FLES}_HOST_DEPENDENCY should only be used to build code
# that runs on host, e.g. Kconfig. To build code for target use plain
# host-{bison,flex}.
ifeq ($(shell which bison 2>/dev/null),)
BR2_BISON_HOST_DEPENDENCY = host-bison

1
buildroot/utils/getdeveloperlib.py
View File

@ -126,6 +126,7 @@ class Developer:
def hasfile(self, f):
f = os.path.abspath(f)
for fs in self.files:
fs = os.path.abspath(fs)
if f.startswith(fs):
return True
return False