Bump buildroot to 2020.11-rc1 (#985)

* Update buildroot-patches for 2020.11-rc1 buildroot * Update buildroot to 2020.11-rc1 Signed-off-by: Stefan Agner <stefan@agner.ch> * Don't rely on sfdisk --list-free output The --list-free (-F) argument does not allow machine readable mode. And it seems that the output format changes over time (different spacing, using size postfixes instead of raw blocks). Use sfdisk json output and calculate free partition space ourselfs. This works for 2.35 and 2.36 and is more robust since we rely on output which is meant for scripts to parse. * Migrate defconfigs for Buildroot 2020.11-rc1 In particular, rename BR2_TARGET_UBOOT_BOOT_SCRIPT(_SOURCE) to BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT(_SOURCE). * Rebase/remove systemd patches for systemd 246 * Drop apparmor/libapparmor from buildroot-external * hassos-persists: use /run as directory for lockfiles The U-Boot tools use /var/lock by default which is not created any more by systemd by default (it is under tmpfiles legacy.conf, which we no longer install). * Disable systemd-update-done.service The service is not suited for pure read-only systems. In particular the service needs to be able to write a file in /etc and /var. Remove the service. Note: This is a static service and cannot be removed using systemd-preset. * Disable apparmor.service for now The service loads all default profiles. Some might actually cause problems. E.g. the profile for ping seems not to match our setup for /etc/resolv.conf: [85503.634653] audit: type=1400 audit(1605286002.684:236): apparmor="DENIED" operation="open" profile="ping" name="/run/resolv.conf" pid=27585 comm="ping" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2020-11-13 18:25:44 +01:00
parent 25a0dd3082
commit a0871be6c0
4024 changed files with 68095 additions and 47900 deletions
--- a/buildroot/package/python-markdown2/0001-Fix-for-issue-348-incomplete-tags-with-punctuation-after-as-part-of.patch
+++ b/buildroot/package/python-markdown2/0001-Fix-for-issue-348-incomplete-tags-with-punctuation-after-as-part-of.patch
@@ -1,53 +0,0 @@
-From 9144d0fc5d5249cc4d81287ee79091806e6dde52 Mon Sep 17 00:00:00 2001
-From: Gareth Simpson <gareth.simpson@zoodigital.com>
-Date: Fri, 1 May 2020 19:31:21 +0100
-Subject: [PATCH] Fix for issue 348 - incomplete tags with punctuation after as
- part of the tag name are a source of XSS
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Retrieved from:
-https://github.com/trentm/python-markdown2/commit/9144d0fc5d5249cc4d81287ee79091806e6dde52]
---
- lib/markdown2.py                           | 2 +-
- test/tm-cases/issue348_incomplete_tag.html | 1 +
- test/tm-cases/issue348_incomplete_tag.opts | 1 +
- test/tm-cases/issue348_incomplete_tag.text | 1 +
- 4 files changed, 4 insertions(+), 1 deletion(-)
- create mode 100644 test/tm-cases/issue348_incomplete_tag.html
- create mode 100644 test/tm-cases/issue348_incomplete_tag.opts
- create mode 100644 test/tm-cases/issue348_incomplete_tag.text
-
-diff --git a/lib/markdown2.py b/lib/markdown2.py
-index 3a5d5d9..636bf07 100755
--- a/lib/markdown2.py
-+++ b/lib/markdown2.py
-@@ -2164,7 +2164,7 @@ def _encode_amps_and_angles(self, text):
-         text = self._naked_gt_re.sub('&gt;', text)
-         return text
- 
-    _incomplete_tags_re = re.compile("<(/?\w+[\s/]+?)")
-+    _incomplete_tags_re = re.compile("<(/?\w+?(?!://).?[\s/]+?)")
- 
-     def _encode_incomplete_tags(self, text):
-         if self.safe_mode not in ("replace", "escape"):
-diff --git a/test/tm-cases/issue348_incomplete_tag.html b/test/tm-cases/issue348_incomplete_tag.html
-new file mode 100644
-index 0000000..46059cc
--- /dev/null
-+++ b/test/tm-cases/issue348_incomplete_tag.html
-@@ -0,0 +1 @@
-+<p>&lt;lol@/ //id="pwn"//onclick="alert(1)"//<strong>abc</strong></p>
-diff --git a/test/tm-cases/issue348_incomplete_tag.opts b/test/tm-cases/issue348_incomplete_tag.opts
-new file mode 100644
-index 0000000..ad487c0
--- /dev/null
-+++ b/test/tm-cases/issue348_incomplete_tag.opts
-@@ -0,0 +1 @@
-+{"safe_mode": "escape"}
-diff --git a/test/tm-cases/issue348_incomplete_tag.text b/test/tm-cases/issue348_incomplete_tag.text
-new file mode 100644
-index 0000000..bb4a0de
--- /dev/null
-+++ b/test/tm-cases/issue348_incomplete_tag.text
-@@ -0,0 +1 @@
-+<lol@/ //id="pwn"//onclick="alert(1)"//**abc**
--- a/buildroot/package/python-markdown2/0002-Better-fix-for-issue-348.patch
+++ b/buildroot/package/python-markdown2/0002-Better-fix-for-issue-348.patch
@@ -1,32 +0,0 @@
-From 0c0543846fa54281e2269b0bff841a0b9ffe23fe Mon Sep 17 00:00:00 2001
-From: Gareth Simpson <gareth.simpson@zoodigital.com>
-Date: Sat, 2 May 2020 21:22:36 +0100
-Subject: [PATCH] Better fix for issue 348
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Retrieved from:
-https://github.com/trentm/python-markdown2/commit/0c0543846fa54281e2269b0bff841a0b9ffe23fe]
---
- lib/markdown2.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/lib/markdown2.py b/lib/markdown2.py
-index 636bf07..be86502 100755
--- a/lib/markdown2.py
-+++ b/lib/markdown2.py
-@@ -2164,11 +2164,14 @@ def _encode_amps_and_angles(self, text):
-         text = self._naked_gt_re.sub('&gt;', text)
-         return text
- 
-    _incomplete_tags_re = re.compile("<(/?\w+?(?!://).?[\s/]+?)")
-+    _incomplete_tags_re = re.compile("<(/?\w+?(?!\w).+?[\s/]+?)")
- 
-     def _encode_incomplete_tags(self, text):
-         if self.safe_mode not in ("replace", "escape"):
-             return text
-+            
-+        if text.endswith(">"):
-+            return text  # this is not an incomplete tag, this is a link in the form <http://x.y.z>
- 
-         return self._incomplete_tags_re.sub("&lt;\\1", text)
- 
--- a/buildroot/package/python-markdown2/python-markdown2.hash
+++ b/buildroot/package/python-markdown2/python-markdown2.hash
@@ -1,5 +1,5 @@
 # md5, sha256 from https://pypi.org/pypi/markdown2/json
-md5	a8dee88993d05a3e10765a57b1e1ea07  markdown2-2.3.8.tar.gz
-sha256	7ff88e00b396c02c8e1ecd8d176cfa418fb01fe81234dcea77803e7ce4f05dbe  markdown2-2.3.8.tar.gz
+md5  5c1f9002060cf534bde0bdd584d6b70a  markdown2-2.3.9.tar.gz
+sha256  89526090907ae5ece66d783c434b35c29ee500c1986309e306ce2346273ada6a  markdown2-2.3.9.tar.gz
 # Locally computed sha256 checksums
-sha256	f8c7c4d554409cf621b8d653dbfffb719745fd36f5c49b8305258649b403ef9c  LICENSE.txt
+sha256  f8c7c4d554409cf621b8d653dbfffb719745fd36f5c49b8305258649b403ef9c  LICENSE.txt
--- a/buildroot/package/python-markdown2/python-markdown2.mk
+++ b/buildroot/package/python-markdown2/python-markdown2.mk
@@ -4,15 +4,11 @@
 #
 ################################################################################

-PYTHON_MARKDOWN2_VERSION = 2.3.8
+PYTHON_MARKDOWN2_VERSION = 2.3.9
 PYTHON_MARKDOWN2_SOURCE = markdown2-$(PYTHON_MARKDOWN2_VERSION).tar.gz
-PYTHON_MARKDOWN2_SITE = https://files.pythonhosted.org/packages/e3/93/d37055743009d1a492b2670cc215831a388b3d6e4a28b7672fdf0f7854f5
+PYTHON_MARKDOWN2_SITE = https://files.pythonhosted.org/packages/14/69/c542025f80916457ff4fe962404a27ab6417d43822fe54bf88ee2dd1b36f
 PYTHON_MARKDOWN2_SETUP_TYPE = setuptools
 PYTHON_MARKDOWN2_LICENSE = MIT
 PYTHON_MARKDOWN2_LICENSE_FILES = LICENSE.txt

-# 0001-Fix-for-issue-348-incomplete-tags-with-punctuation-after-as-part-of.patch
-# 0002-Better-fix-for-issue-348.patch
-PYTHON_MARKDOWN2_IGNORE_CVES += CVE-2020-11888
-
 $(eval $(python-package))