The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining tools which have a CPE ID.
Not every tool has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Fixed -no-pie compilation warning on MacOS
Fixed errors related to using absolute addressing on MacOS arm64
Based on upstream patch from Jessica Clarke and suggestions from Ronny Kotzschmar
Link to original patch and discussion:
3b142045e8
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 8261b85844)
Updating CMake to latest patched version 3.19.8 which is fixing issue with ccache.
Related issue: https://github.com/openwrt/openwrt/issues/8555
Compile-tested: arm64
Signed-off-by: Adam Konrad <git@adamkonrad.com>
Use a make variable pattern for the url
so that only one version number needs to be changed
when version is bumped.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit 1e726ba015)
It shouldn't be needed anymore as we've now `scripts/xxdi.pl`, which
should be self contained and fully compatible `xxd -i` replacement.
Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 88c9056a70)
Prevents ./configure "checking build system" test fail on Alpine linux.
Signed-off-by: Isaev Ruslan <legale.legale@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [commit description]
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt
```
It includes the following security fix:
* A malicious certificate can cause an infinite loop.
Reported by and fix from Tavis Ormandy and David Benjamin, Google.
(CVE-2022–0778)
```
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 25534d5cc2)
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt
```
It includes the following security fix:
* A malicious certificate can cause an infinite loop.
Reported by and fix from Tavis Ormandy and David Benjamin, Google.
(CVE-2022–0778)
```
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 25534d5cc2)
Makes sure that Ninja from staging_dir is used and nowhere else.
Reported by reproducible builds project. Builds have been failing ever
since tools/cmake started using Ninja.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0d25db7f17)
Compile with Ninja. Ninja compiles faster and is more stable with
parallel builds. Routines copied from cmake.mk.
Speed improves from:
Executed in 127.47 secs fish external
usr time 17.02 mins 446.00 micros 17.02 mins
sys time 1.18 mins 40.00 micros 1.18 mins
to:
Executed in 118.91 secs fish external
usr time 17.28 mins 499.00 micros 17.28 mins
sys time 1.13 mins 45.00 micros 1.13 mins
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 5cff6c1abb)
Make cmake depend on ninja, so that other cmake based tools also depend on it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d45baa860f)
ninja is faster at building cmake packages than make, and according to reports
also more reliable at handling parallel builds
This commit includes a patch that adds GNU make jobserver support, in order to
allow more precise control over the number of parallel tasks
Enable parallel build by default for packages using ninja
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 97258f5363)
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.
Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.
Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b3aa2909a7)
(cherry picked from commit 3965dda0fa70dc9408f1a2e55a3ddefde78bd50e)
Don't download all of vim just to build xxd. Use a tight tarball
containing only xxd sources instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2b94aac7a1)
U-Boot requires xxd to create the default environment from an external
file as done in uboot-mediatek.
Build xxd (only, not the rest of vim) as part of tools to make sure it
is present on the buildhost.
Reported-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c4dd2441e7)
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt
```
It includes the following security fix
* In some situations the X.509 verifier would discard an error on an
unverified certificate chain, resulting in an authentication bypass.
Thanks to Ilya Shipitsin and Timo Steinlein for reporting.
```
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 495c4f4e19)
The $INODE64 symbol variants are not present, since the base system
always uses 64-bit file offsets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 53ebacacf9)
Added patch for MacOS without 32 bit inodes support
(__DARWIN_ONLY_64_BIT_INO_T is true)
This patch based on discussion https://github.com/archmac/bootstrap/issues/4
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry-picked from commit 8fedc17d01)
For some reason, the generated configure script fails to properly set up
the internal preprocessor command variable, causing the host OS check for
Darwin to fail after the last update.
Explicitly setting CPP fixes this issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 48e209e5c5)
Apply the same fix that was previously done for the Archer C7v5 to the
A7v5 as well to make the web UI accept our images again.
This is a backport of firmware-utils
commit 84dbf8ee49f522d3a4528763c9473cf3dd7c8c52.
Tested-by: Luflosi <luflosi@luflosi.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Update ccache to 4.2.1
While compiling on Gentoo, the ccache can not be compiled due to this
error:
/openwrt/build_dir/host/ccache-4.1/unittest/../src/third_party/doctest.h:4084:47: error: size of array 'altStackMem' is not an integral constant-expression
4084 | static char altStackMem[4 * SIGSTKSZ];
| ^
This was fixed in ccache version 4.2.1 [1] by upgrading doctest [2].
[1] https://github.com/ccache/ccache/issues/825
[2] https://github.com/doctest/doctest/issues/473
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patch]
(cherry picked from commit 3ebfd0078d)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[improved commit message]
isl.gforge.inria.fr has been dead since early this month [1]. Switch to
libisl.sourceforge.io for the time being.
[1] https://groups.google.com/g/isl-development/c/JGaMo2VUu_8
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit dd0ad9b661)
CPExxx and WBSxxx boards with AR9344 SOC
use the OKLI lzma kernel loader
with the offset of 3 blocks of length 4k (0x3000)
in order to have a fake "kernel" that cannot grow larger
than how it is defined in the now static OEM partition table.
Before recent changes to the mtdsplit driver,
the uImage parser for OKLI only supported images
that started exactly on an eraseblock boundary.
The mtdsplit parser for uImage now supports identifying images
with any magic number value
and at any offset from the eraseblock boundary
using DTS properties to define those values.
So, it is no longer necessary to use fixed sizes
for kernel and rootfs
Tested-by: Andrew Cameron <apcameron@softhome.net> [CPE510 v2]
Tested-by: Bernhard Geier <freifunk@geierb.de> [WBS210 v2]
Tested-by: Petrov <d7c48mWsPKx67w2@gmail.com> [CPE210 v1]
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit 7b9a0c264c)
