- Retrieve official tarball
- Fix CVE-2021-45769: A NULL pointer dereference in
AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850
v1.5.0 can lead to a segmentation fault or application crash.
- Fix many other vulnerabilities:
https://libiec61850.com/new-release-1-5-1-of-libiec61850
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 52c372446f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When supporting multiple hardware targets, overlay_map.dtb might
be needed to map overlay names to one of several implementations [1].
If the correct overlay names are specified in config.txt, the map file
is not needed, but it also doesn't hurt.
[1] https://github.com/raspberrypi/documentation/blob/develop/documentation/asciidoc/computers/configuration/device-tree.adoc#the-overlay-map-file
Signed-off-by: Rutger Sassen <rsassen@comecer.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[Arnout: always install overlay_map.dtb]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit da38cdead9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-odb installs the ODB compiler, which when executed at runtime,
needs access to the libodb headers. This is a runtime dependency,
normally added in Config.in, but for host packages there is no way to
express a runtime dependency. In order to have them installed, add a
dependency on host-libodb.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
[Kamel: Add optional host-libodb-boost dependency]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 88471fe4fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add host variant of libodb-boost required by the ODB compiler.
The libodb-boost headers are needed at compile time, and
therefore installed in $(HOST_DIR).
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
[Arnout: add -std=c++11]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e2f1f28efd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit ac9855e761 ("package/odb: fix
build with gcc 11") already fixed some gcc 11.x issues, but not all of
them. This commit backports two upstream patches fixing the remaining
issues, ensuring host-odb can be built on a gcc 11.x machine.
Fixes:
http://autobuild.buildroot.net/results/d37c4271e66d923f7af6a4e3dbad603fcd1c8119/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2d6e5a8501)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A malformed input file can lead to a segfault due to an out of bounds
array access in raptor_xml_writer_start_element_common.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2fca33462b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-24128: Timescale TimescaleDB 1.x and 2.x before 2.5.2 may
allow privilege escalation during extension installation. The
installation process uses commands such as CREATE x IF NOT EXIST that
allow an unprivileged user to precreate objects. These objects will be
used by the installer (which executes as Superuser), leading to
privilege escalation. In order to be able to take advantage of this, an
unprivileged user would need to be able to create objects in a database
and then get a Superuser to install TimescaleDB into their database. (In
the fixed versions, the installation aborts when it finds that an object
already exists.)
"This release contains bug fixes since the 2.5.1 release.
This release is high priority for upgrade. We strongly recommend that
you upgrade as soon as possible."
https://github.com/timescale/timescaledb/releases/tag/2.5.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3398e8e6d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version adds support for PostgreSQL 14.
Release notes:
https://github.com/timescale/timescaledb/releases/tag/2.5.0
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f250847551)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Switched _SITE to https and _SOURCE to .gz because upstream does not
provide a .xz tarball anymore.
Fixes CVE 2022-0547, changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f9c448a016)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1
allows a remote web server to exfiltrate media files.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c7520b7ea1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
introspection needs host-doxygen and host-python-lxml since the addition
of the package in commit c9a3c10417 and
2e5b13f970
../output-1/build/wireplumber-0.4.8/docs/meson.build:14:0: ERROR: python3 is missing modules: lxml
Doxygen is required to build just the bare minimal (not the full
documentation) since
93c2e7d686
Fixes:
- http://autobuild.buildroot.org/results/24c524d86a3e2e67305f698644be9b15d4562488
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3e1de2ef06)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV
files. This issue triggered in function WavpackPackSamples of file
src/pack_utils.c, tainted variable cnt is too large, that makes pointer
sptr read beyond heap bound.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a9bff8a0b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable sample and tests (which are built by default since version 2.1:
530b272350)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e1d0ac062c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 5c05744eca.
This doesn't work with the gnupg v1/v2 handling here:
package/gcr/Config.in:1:error: recursive dependency detected!
package/gcr/Config.in:1: symbol BR2_PACKAGE_GCR depends on BR2_PACKAGE_GNUPG
package/gnupg/Config.in:1: symbol BR2_PACKAGE_GNUPG is selected by BR2_PACKAGE_GNUPG2
package/gnupg2/Config.in:5: symbol BR2_PACKAGE_GNUPG2 is selected by BR2_PACKAGE_GCR
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The check_package_get_latest_version_by_distro() function analyzes the
data returned by release-monitoring.org. For two of our
packages (bento4 and qextserialport), release-monitoring.org returns
something that is a bit odd: it returns an entry with a
"stable_versions" field that contains an empty array. Our code was
ready to have or not have a "stable_versions" entry, but when it is
present, we assumed it was not an empty array. These two packages, for
some reason, break this assumption.
In order to solve this problem, this commit is more careful, and uses
the stable_versions field only if it exists and it has at least one
entry. The code is also reworked as a sequence of "if...elif...else"
to be more readable.
This fixes the following exception when running pkg-stats on the full
package set:
Task exception was never retrieved
future: <Task finished name='Task-10772' coro=<check_package_latest_version_get() done, defined at ./support/scripts/pkg-stats:532> exception=IndexError('list index out of range')>
Traceback (most recent call last):
File "./support/scripts/pkg-stats", line 535, in check_package_latest_version_get
if await check_package_get_latest_version_by_distro(session, pkg):
File "./support/scripts/pkg-stats", line 489, in check_package_get_latest_version_by_distro
version = data['stable_versions'][0] if 'stable_versions' in data else data['version'] if 'version' in data else None
IndexError: list index out of range
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: non-sequence tests as True]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c72f3f2b43)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
for non-prime moduli.
Internally this function is used when parsing certificates that contain
elliptic curve public keys in compressed form or explicit elliptic curve
parameters with a base point encoded in compressed form.
It is possible to trigger the infinite loop by crafting a certificate that
has invalid explicit curve parameters.
Since certificate parsing happens prior to verification of the certificate
signature, any process that parses an externally supplied certificate may
thus be subject to a denial of service attack. The infinite loop can also
be reached when parsing crafted private keys as they can contain explicit
elliptic curve parameters.
Thus vulnerable situations include:
- TLS clients consuming server certificates
- TLS servers consuming client certificates
- Hosting providers taking certificates or private keys from customers
- Certificate authorities parsing certification requests from subscribers
- Anything else which parses ASN.1 elliptic curve parameters
Also any other applications that use the BN_mod_sqrt() where the attacker
can control the parameter values are vulnerable to this DoS issue.
(CVE-2022-0778)
[Tomáš Mráz]
*) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
to the list of ciphersuites providing Perfect Forward Secrecy as
required by SECLEVEL >= 3.
[Dmitry Belyavskiy, Nicola Tuveri]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 66868e9fab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In the list of full distribution, the FAQ contains a link to Emdebian.
This project stopped receiving updates in 2014 and the main web page does not exist anymore.
This replace the entry with a link to the Debian ports page.
Signed-off-by: Yannick Brosseau <yannick.brosseau@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit db2b8a1ce2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libfcgi raises the following build failure with glibc 2.34 and gcc
11.2.0:
In file included from /home/peko/autobuild/instance-1/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/features.h:488,
from /home/peko/autobuild/instance-1/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/bits/libc-header-start.h:33,
from /home/peko/autobuild/instance-1/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/stdio.h:27,
from /home/peko/autobuild/instance-1/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/fcgi_stdio.h:18,
from boinc_fcgi.h:19,
from coproc.cpp:22:
/home/peko/autobuild/instance-1/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/wchar.h:582:24: error: 'malloc' attribute argument 1 is ambiguous
582 | __attribute_malloc__ __attr_dealloc_fclose;
| ^~~~~~~~~~~~~~~~~~~~~
RawTherapee has the same kind of issue:
- https://github.com/Beep6581/RawTherapee/issues/6324
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101747
Fixes:
- http://autobuild.buildroot.org/results/232dae62570ed7927a10864d83dccaf9b6214500
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 54cb3b506d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since gcr selects gnupg2, it's incompatible with gnupg. Add this
dependency and corresponding comment.
While we're at it, also hide the existing comment when
!BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5783a418f4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openssl handling needs shared library support since commit
67cebbdf5f however this is not needed
since version 2 and
333fa84e8e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 19294eb352)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
samba:ppp, added by commit 63332c33aa, has
been deprecated in February 2020:
<cpe-item name="cpe:/a:samba:ppp:2.4.7" deprecated="true" deprecation_date="2020-02-24T15:55:39.787Z">
<cpe-23:cpe23-item name="cpe:2.3🅰️samba:ppp:2.4.7:*:*:*:*:*:*:*">
cpe:2.3🅰️point-to-point_protocol_project:point-to-point_protocol is the
correct CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apoint-to-point_protocol_project%3Apoint-to-point_protocol
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9051a63221)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Technologic Systems has rebranded as embeddedTS with the current
domain eventually going offline. Update web/doc URLs to correct
resource locations.
Signed-off-by: Kris Bahnsen <kris@embeddedTS.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0b058e15f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a patch release for version 2 & 2.4, fixing a regression
introduced in 2.4.1.
https://github.com/cisco/libsrtp/releases/tag/v2.4.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 232868ffd3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop custom install rules which were added since commit
676797d57f. Indeed, they result in a
broken installation. Especially, they are trying to "guess" what must
be installed based on BR2_ARCH but oprofile has its own logic. For
example, goldmont microarchitecture files must be installed in i386
directory even if this architecture is 64 bits:
0ad5a9e6af
This will result in the following runtime failure:
oprofile: could not open unit mask description file /usr/share/oprofile//i386/goldmont/unit_masks
Unable to find info for event cpu_clk_unhalted
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=14641
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5259807318)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When enabling MariaDB (BR2_PACKAGE_MARIADB=y) and systemd
(BR2_INIT_SYSTEMD=y) in buildroot, the mysqld.service fail to start
with a permission error. See output of command:
journalctl --unit=mysqld
Which shows:
systemd[1]: Starting MySQL database server...
install[102]: install: can't create directory '/var/log/mysql': Permission denied
systemd[1]: mysqld.service: Control process exited, code=exited, status=1/FAILURE
Since the service file includes the "User=mysql" directive, the
"ExecStartPre=" is executed as this user, which does not have
permission to create a directory in "/var/log".
This commit fixes this issue by adding the "!" prefix, which will
execute the command with full privileges. See the systemd.service manual
page entry for "ExecStart=", table "Special executable prefixes":
https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
or https://github.com/systemd/systemd/blob/v250/man/systemd.service.xml#L339
Moreover, the "mysql_install_db" invocation does not need this special
prefix, as the "/var/lib/mysql" directory on target is already owned
by the "mysql" user. The "chown" command is also useless and is
removed in this commit.
Reported-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Tested-By: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit fd03d4f057)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gdb's AC_LIB_HAVE_LINKFLAGS macro hardcodes a search starting with
/usr/lib/ which can lead to libgmp from the wrong architecture with the
result that the test fails. Even if a libgmp is found there it is now
the one that should be used.
This is the same macro used for expat and lzma for which there are
already specific CONF_OPTS flags added here. Add the same flag for
libgmp and move the handling down so that it is logically grouped with
the other similar options.
Note that there is no --with(out)-gmp flag to configure, as the
dependency is mandatory, so only the --with-libgmp-prefix option is
specified.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9fa5d641ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using uboot's legacy build system, the 'make uboot-menuconfig'
and 'make uboot-savedefconfig' targets are not available as they
are created by 'kconfig-package'.
Signed-off-by: Simon Doppler <dopsi@dopsi.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca9e55ad11)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Dependency on sqlite has been removed since v17.04.0-ce.
See: https://github.com/moby/moby/pull/30208
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Tested-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6105ad3f72)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The http://www.directfb.org/ has been down since 2015.
Use the Buildroot backup download site.
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=13126
Signed-off-by: Andrei Gherghescu <andrei.gherghescu@protonmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 89ab2a5a3f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Links were aimed at the methods.co.nz domain, which is now returning
404s. The current situation of AsciiDoc is unclear to me: the Fedora
package points to this website, they own asciidoc.org, Wikipedia points
to this project as well but their Git repo's README includes the
following paragraph:
> AsciiDoc.py is a legacy processor for this syntax, handling an older
> rendition of AsciiDoc. As such, this will not properly handle the
> current AsciiDoc specification. It is suggested that unless you
> specifically require the AsciiDoc.py toolchain, you should find a
> processor that handles the modern AsciiDoc syntax.
https://github.com/asciidoc-py/asciidoc-py/blob/10.1.3/README.md
"AsciiDoc specification" pointing towards:
https://projects.eclipse.org/projects/asciidoc.asciidoc-lang
Signed-off-by: Théo Lebrun <theo.lebrun@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit efcb7eeabc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a bug fix release which addresses quite a number of issues
https://www.mail-archive.com/haproxy@formilux.org/msg41404.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f82a835825)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop custom install rules which have been added since the addition of
the package in commit 2d837933e5 but are
now resulting in a broken installion
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=14636
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d1debbb4c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- fix CVE-2021-30560
- remove merged patch, drop autoreconf
- moved from xmlsoft.org to gnome.org
- spaces in hash file
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[yann.morin.1998@free.fr:
- drop autoreconf as no longer patching
- also switch home in Config.in
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit acf5b437cc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without libvirtd raised since the
addition of the package in commit
ccfc90e101 and
89064c9e37:
../output-1/build/libvirt-7.10.0/meson.build:1518:2: ERROR: Problem encountered: Requested the Interface driver without netcf or udev and libvirtd support
Fixes:
- http://autobuild.buildroot.org/results/e43101c6d7f626439ef800263b8f5dfa99ce850b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 87f1dd7b52)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove override of FOO_{CONF_OPTS,DEPENDENCIES} in conditional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3d7f852ac5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 949aee6377)
[Peter: drop 5.16.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a minor corrective release over GDB 11.1, fixing the following issues:
PR sim/28302 (gdb fails to build with glibc 2.34)
PR build/28318 (std::thread support configure check does not use
CXX_DIALECT)
PR gdb/28405 (arm-none-eabi: internal-error: ptid_t
remote_target::select_thread_for_ambiguous_stop_reply(const
target_waitstatus*): Assertion `first_resumed_thread != nullptr'
failed)
PR tui/28483 ([gdb/tui] breakpoint creation not displayed)
PR build/28555 (uclibc compile failure since commit 4655f8509fd44e6efabefa373650d9982ff37fd6)
PR rust/28637 (Rust characters will be encoded using DW_ATE_UTF)
PR gdb/28758 (GDB 11 doesn't work correctly on binaries with a SHT_RELR (.relr.dyn) section)
PR gdb/28785 (Support SHT_RELR (.relr.dyn) section)
Drop patch 0006-sim-filter-out-SIGSTKSZ-PR-sim-28302.patch, which was
merged upstream as commit 17d6f2152b583cdc7defafa7813b727a304bac5b.
Drop patch 0008-Fix-build-on-rhES5.patch, which was merged upstream as
commit df9ebc472a162306dee8ba6e02b99963c2babb7c?
Drop patch 0009-gdbserver-aarch64-support.patch, which was merged
upstream as commit eb79b2318066cafb75ffdce310e3bbd44f7c79e3.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8cfbda109f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.17.8 includes a security fix to the regexp/syntax package, as well as bug
fixes to the compiler, runtime, the go command, and the crypto/x509, and net
packages.
https://go.dev/doc/devel/release#go1.17.minor
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1cd8faa8d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gdk-pixbuf-xlib dependency is needed since bump of gdk-pixbuf to version
2.42.2 in commit a7b51ed301 to avoid the
following "hidden" warnings:
Warning: GTK version 2.24.33 was found, but at least one supporting
library (gdk-pixbuf-xlib-2.0) was not, so GTK can't be used.
Perhaps some of the development packages are not installed?
Warning: The GTK libraries do not seem to be available; the
`xscreensaver-demo' program requires them.
Warning: The GDK-Pixbuf library was not found.
The PNG library is being used instead.
Some of the demos will not use images as much as they could.
You should consider installing GDK-Pixbuf and re-running
configure.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 35f02050be)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Deprecated Xlib integration for GdkPixbuf.
gdk-pixbuf-xlib has been deprecated and split off of gdk-pixbuf since
version 2.42.0 and
3362e94c25
resulting in the following "hidden" warnings with xscreensaver since
commit a7b51ed3013c919b293deb95299e33363fb9df70:
Warning: GTK version 2.24.33 was found, but at least one supporting
library (gdk-pixbuf-xlib-2.0) was not, so GTK can't be used.
Perhaps some of the development packages are not installed?
Warning: The GTK libraries do not seem to be available; the
`xscreensaver-demo' program requires them.
Warning: The GDK-Pixbuf library was not found.
The PNG library is being used instead.
Some of the demos will not use images as much as they could.
You should consider installing GDK-Pixbuf and re-running
configure.
https://gitlab.gnome.org/Archive/gdk-pixbuf-xlib
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 559df4ef28)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release contains a security fix in seatd-launch which prevents
removal of files that the calling user did not have privileges to
remove. Release notes:
https://git.sr.ht/~kennylevinsen/seatd/refs/0.6.4
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 41139cb099)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without threads raised since bump to
version 3.7.3 in commit 212b020bb43f13121d6cde464f871d5d1cf6cfbe:
kx.c: In function '_gnutls_nss_keylog_write':
kx.c:164:33: error: 'keylog_mutex' undeclared (first use in this function); did you mean 'keylog_once'?
164 | if (gnutls_static_mutex_lock(&keylog_mutex) < 0) {
| ^~~~~~~~~~~~
| keylog_once
Fixes:
- http://autobuild.buildroot.org/results/e092bc11ce4b5908cb6285aa77a3594b8626eeec
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2f4f57b62b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-0554: Use of Out-of-range Pointer Offset in GitHub
repository vim/vim prior to 8.2.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 28c9cb5ff3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following security issues (i.e. CVE-2021-37706, CVE-2021-41141,
CVE-2021-43804, CVE-2021-43845, CVE-2022-21722 and CVE-2022-21723):
- Potential integer underflow upon receiving STUN message
(GHSA-2qpg-f6wf-w984)
- Use after free of dialog set (GHSA-ffff-m5fm-qm62)
- Missing unreleased of locks in failure cases (GHSA-8fmx-hqw7-6gmc)
- Potential out-of-bounds read when parsing RTCP BYE message
(GHSA-3qx3-cg72-wrh9)
- Prevent OOB read for RTCP XR block (GHSA-r374-qrwv-86hh)
- Potential buffer overflow in pjsua_player_create(),
pjsua_recorder_create(), pjmedia_wav_player_create(), and
pjsua_call_dump() (GHSA-qcvw-h34v-c7r9)
- Potential out-of-bound read during RTP/RTCP parsing
(GHSA-m66q-q64c-hv36)
- Prevent OOB read in multipart parsing (GHSA-7fw8-54cv-r7pm)
- Use after free of dialog set (GHSA-ffff-m5fm-qm62)
https://github.com/pjsip/pjproject/releases/tag/2.12
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5ed26bb378)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following security issues:
- [CVE-2022-23308] Use-after-free of ID and IDREF attributes
- Use-after-free in xmlXIncludeCopyRange
- Fix Null-deref-in-xmlSchemaGetComponentTargetNs
- Fix memory leak in xmlXPathCompNodeTest
- Fix null pointer deref in xmlStringGetNodeList
- Fix several memory leaks found by Coverity
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.13
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4b67038473)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-24130: xterm through Patch 370, when Sixel support is
enabled, allows attackers to trigger a buffer overflow in set_sixel in
graphics_sixel.c via crafted text.
Update hash of COPYING (update in year)
https://invisible-island.net/xterm/xterm.log.html#xterm_371
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2de5cd8542)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
U-Boot looks for the environment variable DEVICE_TREE and uses its value if
set instead of the CONFIG_DEFAULT_DEVICE_TREE configuration option since
v2021.01, more specifically commit c0f1ebe9c1b9745e (binman: Allow selecting
default FIT configuration) - So unexport it like we do for other
"troublesome" environment variables to ensure consistent behaviour.
Reported-by: Neal Frager <nealf@xilinx.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d3910057c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release mostly fixes (security related) bugs including:
- Fix 12 decoder bugs found by oss-fuzz, including CVE-2020-0499
- Fix encoder bug CVE-2021-0561
Also:
- Replace first patch which was reverted by
4fbb6d4f2e
- Disable stack protection (enabled by default since
f706f28322)
- Drop md5 which is not provided anymore
- Update indentation in hash file (two spaces)
https://github.com/xiph/flac/releases/tag/1.3.4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c7e250c69)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-21699: IPython (Interactive Python) is a command shell for
interactive computing in multiple programming languages, originally
developed for the Python programming language. Affected versions are
subject to an arbitrary code execution vulnerability achieved by not
properly managing cross user temporary files. This vulnerability allows
one user to run code as another on the same machine. All users are
advised to upgrade.
Also update indentation in hash file (two spaces)
https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aeb138911e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-librsvg install a gdk-pixbuf module (aka plugin). As such, it needs
to update [0] the modules cache (a kind of registry of which modules are
installed and what the can handle). To that effect, it calls the utility
gdk-pixbuf-queryloaders, which generates the cache of existing modules.
gdk-pixbuf-queryloaders, from the gdk-pixbuf package, has been
configured to be relocatable. However, it still embeds the path to where
it was instaled, and thus where to look modules from. If it is run from
its install location, then gdk-pixbuf-queryloaders looks modules in that
location, and generates a modules cache with relative paths; otherwise,
it still looks at that location, but generates a cache with absolute
paths. In the later case, it will miss the modules that have not been
installed by gdk-pixbuf itself.
In the case of host-librsvg, that will miss the fact that librsvg just
happened to have installed a module. Further down the road, packages
that depend on host-librsvg, will get their PPD prepared, the path fixup
hook run, so that the cache properly points to the current package's
PPD, but the cache will not include the SVG module, which causes
failures to load CVG images:
Can't load file: Unrecognized image file format
So, we need to tell gdk-pixbuf-queryloaders where the module path is,
which restores the relativity of the paths it reports, by specifying the
modules path pointing to the current package's PPD, passed in the
environement variable GDK_PIXBUF_MODULEDIR.
We need to do that at install time, so that the SVG module is properly
listed in the cache, so that dependees can use it.
A temporary cache is also generated at build time, but its usefullness
is dubious; it seem to only be used by the test tool, which we do not
run. However, for consistency-sake, we also fix that.
Fixes:
- http://autobuild.buildroot.org/results/0e00059b09b4445eaaec1030997883187c6a80d6
[0] This will trigger file-overwrite detection in the future... But we
currently do not have infrastructure to properly handle such a cache.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: reword and extend an already-good commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 63b780f5e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
# python sample_python_txtorcon.py
Traceback (most recent call last):
File "/root/sample_python_txtorcon.py", line 1, in <module>
import txtorcon # noqa
File "/usr/lib/python3.10/site-packages/txtorcon/__init__.py", line 11, in <module>
File "/usr/lib/python3.10/site-packages/txtorcon/router.py", line 10, in <module>
File "/usr/lib/python3.10/site-packages/txtorcon/util.py", line 17, in <module>
File "/usr/lib/python3.10/site-packages/twisted/internet/defer.py", line 42, in <module>
ModuleNotFoundError: No module named 'typing_extensions'
python typing_extensions is required since python-twisted 22.1.0 [1]
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/2116202537
[1] 6e768da0a1
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b43ba475cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-21712: twisted is an event-driven networking engine written
in Python. In affected versions twisted exposes cookies and
authorization headers when following cross-origin redirects. This issue
is present in the `twited.web.RedirectAgent` and `twisted.web.
BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There
are no known workarounds.
Update hash of license file (author added and update in year:
13aa59746aadfdf234777e65fbeed3)
https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvxhttps://github.com/twisted/twisted/releases/tag/twisted-22.1.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit af37e96f3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gdk-pixbuf is based on plugins (modules in gdk-pixbuf parlance) that are
provided either by the gdk-pixbuf package itself, or be installed by
third-party packages, like librsvg. At runtime, those plugins get loaded
by helper function in the gdk-pixbuf library.
The location where to find those modules is currently hard-coded at
build time, to the location where gdb-pixbuf is installed.. This means
that host-packages that install image-conversion utilities will try to
look in the path where gdk-pixbuf was installed.
With per-package directories, this fails to find any module that was
installed bu a third-party package. For example, the module for loading
an SVG provided by librsvg, so it is not present in the PPD of
gdk-pixbuf, and thus loading an SVG (e.g. to convert it to another
format, like adwaita-icon-theme does) will fail with:
Can't load file: Unrecognized image file format
However, gdk-pixbuf can be configured so as to look for the modules
relative to where the program is run from, rather than hard-coding the
location at build time. This is exactly what we need in the PPD case
Additionally, even without PPD, this would fail in a similar manner in
the SDK, as that can be relocated too.
So we unconditionally enable the relocatable option, but only for the
host variant (there is no reason to enable it for the target, as it is
not going to be relocated).
Fixes:
- http://autobuild.buildroot.org/results/0e00059b09b4445eaaec1030997883187c6a80d6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: reword the already-good commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 75361a9aba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-45444: In zsh before 5.8.1, an attacker can achieve code
execution if they control a command output inside the prompt, as
demonstrated by a %F argument. This occurs because of recursive
PROMPT_SUBST expansion.
The 5.8.1 release is not listed in MD5SUM, so drop the md5 hash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca6c2ee3da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (since 2021.08.28, [1]):
e061299 wireless-regdb: Raise DFS TX power limit to 250 mW (24 dBm) for the US
2ce78ed wireless-regdb: Update regulatory rules for Croatia (HR) on 6GHz
0d39f4c wireless-regdb: Update regulatory rules for South Korea (KR)
acad231 wireless-regdb: Update regulatory rules for France (FR) on 6 and 60 GHz
ea83a82 wireless-regdb: add support for US S1G channels
4408149 wireless-regdb: add 802.11ah bands to world regulatory domain
5f3cadc wireless-regdb: Update regulatory rules for Spain (ES) on 6GHz
e0ac69b Revert "wireless-regdb: Update regulatory rules for South Korea (KR)"
40e5e80 wireless-regdb: Update regulatory rules for South Korea (KR)
e427ff2 wireless-regdb: Update regulatory rules for China (CN)
0970116 wireless-regdb: Update regulatory rules for the Netherlands (NL) on 6GHz
4dac44b wireless-regdb: update regulatory database based on preceding changes
[1] https://lore.kernel.org/linux-wireless/YhBCKWNw3IMfGs0L@ubuntu-x1/
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 324f055252)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security fixes:
#562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
sequences (e.g. from start tag names) to the XML
processing application on top of Expat can cause
arbitrary damage (e.g. code execution) depending
on how invalid UTF-8 is handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
#561 CVE-2022-25236 -- Passing (one or more) namespace separator
characters in "xmlns[:prefix]" attribute values
made Expat send malformed tag names to the XML
processor on top of Expat which can cause
arbitrary damage (e.g. code execution) depending
on such unexpectable cases are handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
#558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
that could be triggered by e.g. a 2 megabytes
file with a large number of opening braces.
Expected impact is denial of service or potentially
arbitrary code execution.
#560 CVE-2022-25314 -- Fix integer overflow in function copyString;
only affects the encoding name parameter at parser creation
time which is often hardcoded (rather than user input),
takes a value in the gigabytes to trigger, and a 64-bit
machine. Expected impact is denial of service.
#559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
needs input in the gigabytes and a 64-bit machine.
Expected impact is denial of service or potentially
arbitrary code execution.
https://blog.hartwork.org/posts/expat-2-4-5-released/https://github.com/libexpat/libexpat/blob/R_2_4_5/expat/Changes
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 21c07c0aaa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit ab71ac15dd forgot to update sha256
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: update hash for real ;-)]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 59a813d2a8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Default 60M for rootfs are not enough and generate a build failure, so
let's expand rootfs size to 120M.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5194113331)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gcc bug 99140 exhibits with gcc versions:
- up to 7.x
- 9.x
- 10.x
and doesn't show up with gcc versions:
- 8.x
- 11.x
then moving BR2_TOOLCHAIN_GCC_AT_LEAST_9 to BR2_TOOLCHAIN_GCC_AT_LEAST_10
makes gcc version 9 set as working but it's not. So let's back substitute
BR2_TOOLCHAIN_GCC_AT_LEAST_10 with BR2_TOOLCHAIN_GCC_AT_LEAST_9.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 33ea4d7887)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
License is Apache-2.0 since bump to version 2021.4.4 in commit
d973fac7ca and
b693a1fba7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 261bb9a17a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cpe:2.3🅰️mpd_project:mpd:*:*:*:*:*:*:*:* is not a valid CPE
identifier for mpd (musicpd.org); this string refers to
MPD /FreeBSD PPP daemon (sourceforge.net/projects/mpd)
Since mpd does not have entries in the CVE database, put these
two CVE identifiers on the mpd ignore list:
https://nvd.nist.gov/vuln/detail/CVE-2020-7465https://nvd.nist.gov/vuln/detail/CVE-2020-7466
Signed-off-by: Andreas Ziegler <br015@umbiko.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 210e6bd559)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building galileo_defconfig throws error:
```
/usr/bin/ld: arch/x86/tools/relocs_64.o:(.bss+0x0): multiple definition of `per_cpu_load_addr'; arch/x86/tools/relocs_32.o:(.bss+0x0): first defined here
```
To fix this let's add an upstreamed patch[1] and add BR2_GLOBAL_PATCH_DIR
to galileo_defconfig to point to where patch is.
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eeeda4cd06e828b331b15741a204ff9f5874d28d.patch
Fixes:
https://gitlab.com/ymorin/buildroot/-/jobs/2035821039
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9dd5382d79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Martin Hicks asked to not maintain cryptsetup anymore:
https://lists.buildroot.org/pipermail/buildroot/2022-February/635413.html
Also he doesn't mantain any other package, so let's remove him from this
file.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d06bf4a9d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As suggested by Peter Seiderer package util-linux doesn't need raw support
when built for host, so let's remove:
HOST_UTIL_LINUX_POST_PATCH_HOOKS += UTIL_LINUX_FIX_DISK_UTILS_COMPILE
in favor of:
HOST_UTIL_LINUX_CONF_OPTS += --disable-raw
This is a better approach than my commit:
https://git.buildroot.net/buildroot/commit/?id=d895bd973b35fde10d3dd7db530d9e4782926497
Suggested-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 498117df12)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The UTIL_LINUX_FIX_DISK_UTILS_COMPILE workaround is needed for host
building too. So let's add it to HOST_UTIL_LINUX_POST_PATCH_HOOKS.
host-util-linux is used a lot, so this patch fixes a lot of future
builds.
Fixes:
http://autobuild.buildroot.net/results/b8c/b8cb40efc036a01802c914544cd4fc29dfd67af6//
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d895bd973b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- add 'touch' workaround for missing disk-utils/raw.8 file ([1], [2]) in
util-linux-2.37.3 release download package
For details see [1].
[1] https://www.spinics.net/lists/util-linux-ng/msg17037.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout: put fix in POST_PATCH instead of PRE_COMPILE hook]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b292f1d41a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some older versions of linux, or custom versions (like forks for some
boards), fail to build with host-gcc 10+, because of redefined symbols:
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition
of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
Since this has been fixed in recent-ish versions, we can't use an
unconditionaly patch, so we must have a conditional patch. However, a
patch may not always apply to arbitrary Linux versions or forks.
Upstream just dropped that line altogether:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e33a814e772cdc36436c8c188d8c42d019fda639
So, we use a little sed-grep combo to do the exact same change.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Tested-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9b41b54be0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some older versions of U-Boot, or custom versions (like forks for some
boards), fail to build with host-gcc 10+, because of redefined symbols:
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition
of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
make[4]: *** [scripts/Makefile.host:106: scripts/dtc/dtc] E
Since this has been fixed in recent-ish versions, we can't use an
unconditionaly patch, so we must have a conditional patch. However, a
patch may not always apply to arbitrary U-Boot versions or forks.
Upstream just dropped that line altogether:
018921ee79
So, we use a little sed-grep combo to do the exact same change.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Tested-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 3b3859cc7d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To support building in the wireless regulatory database files (regulatory.db*)
into the kernel using the CONFIG_EXTRA_FIRMWARE option, we need to ensure that
the database files are installed before the Linux kernel is built.
The dependency is harmless if CONFIG_EXTRA_FIRMWARE isn't actually set.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit de0f5ba17a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Old project homepage was removed, so switch to github, already in use to
download the sources.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1ddced072a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.17.7 includes security fixes to the crypto/elliptic, math/big packages and
to the go command, as well as bug fixes to the compiler, linker, runtime, the go
command, and the debug/macho, debug/pe, and net/http/httptest packages.
https://github.com/golang/go/issues?q=milestone%3AGo1.17.7+label%3ACherryPickApproved
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 362b2822ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 11cb72be57 forgot to drop
autoreconf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5f703276e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Libarchive 3.5.3 is a security release
Security Fixes:
- extended fix for following symlinks when processing the fixup list
(CVE-2021-31566)
- fix invalid memory access and out of bounds read in RAR5 reader
(CVE-2021-36976)
https://github.com/libarchive/libarchive/releases/tag/v3.5.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 99d3d6afe7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package was updated to support python3 in commit 4a8bedc51d
(python-pyzmq: enable PyZMQ for Python 3), but the comment dependency was
missed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6e9ecaa0c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroot uses variable LINUX_ARCH_PATH to refer to the arch-specific
directory in the Linux tree, which may not necessarily be arch/$(KERNEL_ARCH).
Buildroot already accounts for the case of KERNEL_ARCH=i386 and
KERNEL_ARCH=x86_64, but does not for KERNEL_ARCH=sparc64, in which case the
correct directory is arch/sparc.
Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 0ecfdc0932)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop celt comment which is not needed since removal of celt051 in commit
b32efbdb03
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c6e200383c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update LM_SENSORS_VERSION to make it match what is returned by
https://release-monitoring.org
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 521afeab9b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
nfsiostat is a python3 script, so keep it if python3 is enabled and not
python2:
head -n 1 target/usr/sbin/nfsiostat
#!/usr/bin/python3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cee035e439)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gcc bug 99410 reappeared in gcc 10.x while building belle-sip, but it's
fixed on gcc 11.x, so let's update bug conditions.
Fixes:
http://autobuild.buildroot.net/results/846597f3573d3b0d52e80627a9577d14b9348547/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 88f79aead8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Pedro Aguilar <paguilar@paguilar.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 437543c7d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
python-six is not a dependency since version 1.0.0 and
3aae6a0bb6
which dropped python 2 support
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 66192c66b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in
certain situations involving a custom tag and 0x0200 as the second word
of the DE field.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7ec5f99b3a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dc66c5901c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ce4bc45000)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aa87c2e168)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 56c0d7b886)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aef9027773)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8de78f3da0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit efd9eac4d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4d02d512f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ed2f427fd2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8741ac0e50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 58be19b028)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2022-22818: Possible XSS via {% debug %} template tag
The {% debug %} template tag didn't properly encode the current context,
posing an XSS attack vector.
In order to avoid this vulnerability, {% debug %} no longer outputs
information when the DEBUG setting is False, and it ensures all context
variables are correctly escaped when the DEBUG setting is True.
- CVE-2022-23833: Denial-of-service possibility in file uploads
Passing certain inputs to multipart forms could result in an infinite loop
when parsing files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2022-23219: Passing an overlong file name to the clnt_create
legacy function could result in a stack-based buffer overflow when
using the "unix" protocol. Reported by Martin Sebor.
CVE-2022-23218: Passing an overlong file name to the svcunix_create
legacy function could result in a stack-based buffer overflow.
CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath
function could result in a memory leak and potential access of
uninitialized memory. Reported by Qualys.
CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd
function may result in an off-by-one buffer underflow and overflow
when the current working directory is longer than PATH_MAX and also
corresponds to the / directory through an unprivileged mount
namespace. Reported by Qualys.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1983d2e6a3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backported from upstream GDB geb79b23, with ChangeLogs stripped so the
patch applies properly on Buildroot.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eb79b23
Fixes the following issue:
# gdbserver /dev/hvc1 inadyn -n -l debug
Process inadyn created; pid = 675
Remote debugging using /dev/hvc1
../../gdbserver/regcache.cc:257: A problem internal to GDBserver has been detected.
Unknown register tag_ctl requested
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: add SoB in patch, provided live on IRC]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4353c71646)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This clarifies that custom DTSI files can be passed too,
and that the files are compiled after being copied to the
Linux kernel source tree.
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8ef413b59a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The rtl8723b_fw.bin file installed by this package is not actually used
by this driver at all. It is used by the btrtl Bluetooth driver in the
mainline kernel. The mainline btrtl driver looks for the file in
/lib/firmware/rtl_bt rather than /lib/firmware/rtlwifi. This driver's
Makefile has an install target that confirms the correct destination
firmware directory. It was like that since the very first version that
was added to Buildroot.
Signed-off-by: Doug Brown <doug@schmorgal.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 657d9731cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version fixes a bug that prevents the user from switching from one
access point to another.
Signed-off-by: Doug Brown <doug@schmorgal.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 89211450c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pass needed CMake options to disable generating documentations. The
documentation is built using python-sphinx, which is not packaged in
Buildroot.
Prior to this change, if the build host would have a Python installation
with the sphinx module installed the automatic detection tried to build
documentation, which would fail in cases where the sphinxcontrib-qthelp
package is missing from the host Python installation. The error message
in this case was:
Extension error:
Could not import extension ecm (exception: cannot import name
'htmlescape' from 'sphinx.util.pycompat'
(/usr/lib/python3.10/site-packages/sphinx/util/pycompat.py))
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b341f0c91f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
avahi-client is an optional dependency which is enabled by default since
version 2.2.0 and
5ab117c974
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f0a1d47f6f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
see https://prosody.im/doc/release/0.11.13
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 800e53cf7e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2022-23096: An issue was discovered in the DNS proxy in Connman
through 1.40. The TCP server reply implementation lacks a check for the
presence of sufficient Header Data, leading to an out-of-bounds read.
- CVE-2022-23097: An issue was discovered in the DNS proxy in Connman
through 1.40. forward_dns_reply mishandles a strnlen call, leading to an
out-of-bounds read.
- CVE-2022-23098: An issue was discovered in the DNS proxy in Connman
through 1.40. The TCP server reply implementation has an infinite loop if
no data is received.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2022/01/25/1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 35a3c01824)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- drop 0001-LOGCXX-528.patch (from upstream [1])
- renumber remainnig patch
Changelog (for deteils see [2]):
- This is a minor bugfix release to fix issues found with 0.12.0. Notably,
this version fixes a bug where a multithreaded application would crash
when using a rolling file.
[LOGCXX-534] - Crashed in log->forcedLog function when running with multi-thread
[LOGCXX-528] - log4cxx fails to build on Centos 7.6 / g++ 4.8.5 / Boost 1.53
[1] 249dd85494
[2] https://logging.apache.org/log4cxx/latest_stable/changelog.html#0.12.1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 38659ff0cb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- add patch 0002-boost-fallback-only-check-for-boost-if-really-needed.patch
to check for boost if really needed (in case of legacy c++ standard < c++17)
Fixes:
- http://autobuild.buildroot.net/results/8d49ab7cd9952f6a13bdd330e875012d0601f1d2
-- Found Boost: .../host/x86_64-buildroot-linux-uclibc/sysroot/usr/include (found version "1.78.0") found components: thread chrono missing components: date_time atomic
CMake Error at .../build/log4cxx-0.12.0/boost-fallback-compile-tests/CMakeFiles/CMakeTmp/CMakeLists.txt:19 (add_executable):
Target "cmTC_aac37" links to target "Boost::date_time" but the target was
not found. Perhaps a find_package() call is missing for an IMPORTED
target, or an ALIAS target is missing?
CMake Error at .../build/log4cxx-0.12.0/boost-fallback-compile-tests/CMakeFiles/CMakeTmp/CMakeLists.txt:19 (add_executable):
Target "cmTC_aac37" links to target "Boost::atomic" but the target was not
found. Perhaps a find_package() call is missing for an IMPORTED target, or
an ALIAS target is missing?
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d76301be85)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- change download URL to https
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0876da5ea1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Package pistache is affected by binutils bug 27597 (Nios II), so let's
disable it when BR2_TOOLCHAIN_HAS_BINUTILS_BUG_27597=y. Let's also
indent the comment dependencies.
Fixes:
http://autobuild.buildroot.net/results/0e7b74c5a07ced2bbae1a0a8c7d7ba26dfa04031/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d5b08f37a4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
apitrace uses very big switch statements, which causes the build to fail
on m68k, because the offsets there are only 16-bit.
We fix that by using -mlong-jump-table-offsets on m68k, to use 32-bit
offsets for switch statements. That flag is available on gcc version >= 7
but apitrace package already depends on BR2_TOOLCHAIN_GCC_AT_LEAST_7, so
we can use it with no problem.
Fixes:
http://autobuild.buildroot.net/results/7306bf05962fec30fbe98b1eb8ee09b3162b8080/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fdee6c9f39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
autoreconf is not needed since commit
dbf8047f64 as the official tarball already
ships a configure file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 59f8a971ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add patch to fix linux bug:
```
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
```
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/2021478164
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3529e8c21c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From [1]:
"Even though the ordering has absolutely no consequences in Kconfig, it
is not logical (when reading). It is more logical and far easier to
understand when depends come first, followed by the selects."
Also, the Config.in example in the manual suggests to use this coding
style [2]."
Use the correct coding style in the chapter "Choosing depends on or select"
in the manual.
[1] http://lists.busybox.net/pipermail/buildroot/2015-October/142955.html
[2] https://nightly.buildroot.org/manual.html#_coding_style
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 39458e33c1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We are currently using the fork by Adam, with support for duktape as a
JS engine. But upstream has finally merged that just a day ago. Woohoo!
Between the fork we were using and upstream, there are very little
changes, mostly centered around:
- translations
- buildsystem
- duktape
- CVE-2021-4034
So, we just switch to using the HEAD of the repo: it has not much more
than the two important changes: duktape and the CVE fix.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Marek Belisko <marek.belisko@open-nandra.com>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4aecb964af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is needed for polkit to work with SELinux.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b89163a067)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop upstreamed patches
- change the location of polkit.its and polkit.loc to match their
new locations.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 079528bb9c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-20330: An attacker with basic CRUD permissions on a
replicated collection can run the applyOps command with specially
malformed oplog entries, resulting in a potential denial of service on
secondaries. This issue affects MongoDB Server v4.0 versions prior to
4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server
v4.4 versions prior to 4.4.6.
Drop third patch (already in version)
https://docs.mongodb.com/master/release-notes/4.2/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 49bbf644d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ClamAV 0.103.5 is a critical patch release with the following fix:
- CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with
libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the
clamscan --gen-json option) is enabled.
https://github.com/Cisco-Talos/clamav/blob/clamav-0.103.5/NEWS.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f92c093c7a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 70d1858353)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 64cf3dc6c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2021-43816: "Unprivileged pod using `hostPath` can side-step active LSM when
it is SELinux"
Containers launched through containerd’s CRI implementation on Linux systems
which use the SELinux security module and containerd versions since v1.5.0 can
cause arbitrary files and directories on the host to be relabeled to match the
container process label through the use of specially-configured bind mounts in a
hostPath volume. This relabeling elevates permissions for the container,
granting full read/write access over the affected files and directories.
Kubernetes and crictl can both be configured to use containerd’s CRI
implementation.
https://github.com/advisories/GHSA-mvff-h3cj-wj9chttps://github.com/containerd/containerd/releases/tag/v1.5.9
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 935bd589a3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pjsip:pjsip has been deprecated by teluu:pjsip since September 2021:
<cpe-23:cpe23-item name="cpe:2.3🅰️pjsip:pjsip:2.7.1:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3🅰️teluu:pjsip:2.7.1:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
<cpe-item name="cpe:/a:pjsip:pjsip:2.7.2" deprecated="true" deprecation_date="2021-09-02T14:49:19.527Z">
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c99d84fb96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
RK3399_ROCKPRO64 has been picked from pine64/rockpro64 but here we deal
with orangepi-rk3399, so let's change the label to RK3399_ORANGEPI.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 07a0d71657)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (since 1.1.7):
8b70f08 Add definition of new event GstAppSinkCallbacks for interpipesink element
ddaa9b5 Add conditional build according to GST_VERSION_MINOR
730dea6 Bump project version
8718b12 Add initialization for the GstAppSinkCallbacks struct
f015ff7 Remove redundant initialization of new_event callback
530da92 Update copyright year in README file
e8ce826 Add explanatory comment on the memset of GstAppSinkCallbacks struct
f0f3b8e Fix README copyright date to 2016-2022
814982e Merge branch 'hotfix/add-new-event-callback'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0872ac72b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in
tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by
a crafted XML message and leads to a denial of service.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b23ef21029)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mod_compress has been subsumed by mod_deflate since version 1.4.56 and
dab212b5f5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 653dc2e710)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch added by commit eee96b0f0a on gcc
9.3.0 must also be applied on gcc 10 and 11 to avoid the following build
failure on numerous packages (babeltrace2, pcsc-lite, tpm2-pkcs11,
etc.):
configure:13774: checking whether pthreads work with -pthread
configure:13868: /home/giuliobenetti/autobuild/run/instance-0/output-1/host/bin/or1k-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g2 -std=gnu99 -pthread -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
conftest.c:27:26: error: #error "_REENTRANT must be defined"
27 | # error "_REENTRANT must be defined"
| ^~~~~
It should be noted that external bootlins will have to be rebuilt.
Fixes:
- http://autobuild.buildroot.org/results/cb58d4fbaeb08d188c2f8bf05ef1604789fa8766
- http://autobuild.buildroot.org/results/7af9d4b68bd46ed260ed66ba2cc3c9c21482e741
- http://autobuild.buildroot.org/results/6f926bec146752873f8032b593f0de1cb222ea46
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 98e39dc80e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
rdgif.c, cderror.h: add sanity check for GIF image dimensions.
Thank to Casper Sun for cjpeg potential vulnerability report.
- Update hash of README (changes not related to license)
- Update indentation in hash file (two spaces)
https://jpegclub.org/reference/reference-sources/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b5e36f80a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5.15.2 is the last public release of 5.15 and does not contain this CVE
fix. However, >=6.1.2 and >5.12.12 all contain the necessary patches so
let's port them to 5.15.2.
Technically only the first two patches are required to patch the CVE.
However, the second patch introduces a regression that is fixed in the third
patch.
The patches are taken from KDE kde/5.15 git branch.
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9151eab3c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: also change in Config.in]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f6297befe1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is
specifically defined to use a particular SAN type, can result in bypassing
name-constrained intermediates. Node.js was accepting URI SAN types, which
PKIs are often not defined to use. Additionally, when a protocol allows URI
SANs, Node.js did not match the URI correctly.
Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
Node.js converts SANs (Subject Alternative Names) to a string format. It
uses this string to check peer certificates against hostnames when
validating connections. The string format was subject to an injection
vulnerability when name constraints were used within a certificate chain,
allowing the bypass of these name constraints.
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
Node.js did not handle multi-value Relative Distinguished Names correctly.
Attackers could craft certificate subjects containing a single-value
Relative Distinguished Name that would be interpreted as a multi-value
Relative Distinguished Name, for example, in order to inject a Common Name
that would allow bypassing the certificate subject verification.
Prototype pollution via console.table properties (Low)(CVE-2022-21824)
Due to the formatting logic of the console.table() function it was not safe
to allow user controlled input to be passed to the properties parameter
while simultaneously passing a plain object with at least one property as
the first parameter, which could be __proto__. The prototype pollution has
very limited control, in that it only allows an empty string to be assigned
numerical keys of the object prototype.
For details, see the advisory:
https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9096036f00)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer
overflow in sampled_data_finish (called from sampled_data_continue and
interp).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c817641331)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in
sampled_data_sample (called from sampled_data_continue and interp).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 70910c4092)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-13867: Open-iSCSI targetcli-fb through 2.1.52 has weak
permissions for /etc/target (and for the backup directory and backup
files).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 488f92a1c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-4192: vim is vulnerable to Use After Free
Fix CVE-2021-4193: vim is vulnerable to Out-of-bounds Read
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 33a3f1f30d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit 2f50686401 added a patch for
util-linux, but forgot to create a symlink to util-linux-libs. This
results in inconsistent libblkid.so builds from util-linux and
util-linux-libs.
If you enable BR2_PER_PACKAGE_DIRECTORIES, you will find that different
libblkid.so is used in different
$(BASE_DIR)/per-package/$(PKG)_NAME/target.
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 93d23ef91f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with introspection:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/riscv32-buildroot-linux-gnu/sysroot/usr/bin/g-ir-compiler gst/rtsp-server/GstRtspServer-1.0.gir --output gst/rtsp-server/GstRtspServer-1.0.typelib --includedir=/usr/share/gir-1.0
Could not find GIR file 'Gst-1.0.gir'; check XDG_DATA_DIRS or use --includedir
error parsing file gst/rtsp-server/GstRtspServer-1.0.gir: Failed to parse included gir Gst-1.0
If the above error message is about missing .so libraries, then setting up GIR_EXTRA_LIBS_PATH in the .mk file should help.
Typically like this: PKG_MAKE_ENV += GIR_EXTRA_LIBS_PATH="$(@D)/.libs"
Fixes:
- http://autobuild.buildroot.org/results/04af6b22cfa0cffb6a3109a3b32b27137ad2e0b0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fa3e7a63b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit db14f7d715)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop third patch (already in version)
- Fix build failure with autoconf >= 2.70 raised since commit
ecd54b65c1
Fixes:
- http://autobuild.buildroot.org/results/4f52b2f194dcfd619fefb192d1c0fd070d5bd408
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2ad6a3a428)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
He has privately requested to no longer be notified regarding this
package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f51be73f25)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit f81242ae4f forgot to drop C++
comment
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fb9a65d98b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 4dff1be05e (package/libvirt: libvirtd needs C++ for nmap-ncat)
introduce a recursive dependency (really: a circular dependency):
package/busybox/Config.in:33:error: recursive dependency detected!
package/busybox/Config.in:33: symbol BR2_PACKAGE_BUSYBOX_SHOW_OTHERS is selected by BR2_PACKAGE_EBTABLES_UTILS_SAVE
package/ebtables/Config.in:11: symbol BR2_PACKAGE_EBTABLES_UTILS_SAVE depends on BR2_PACKAGE_EBTABLES
package/ebtables/Config.in:1: symbol BR2_PACKAGE_EBTABLES is selected by BR2_PACKAGE_LIBVIRT_DAEMON
package/libvirt/Config.in:44: symbol BR2_PACKAGE_LIBVIRT_DAEMON depends on BR2_PACKAGE_NETCAT_OPENBSD
package/netcat-openbsd/Config.in:1: symbol BR2_PACKAGE_NETCAT_OPENBSD depends on BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
As usual with this kind of circular depednency, it is not trivial to see
what the real cuplrit is, or where to cut the circle.
A simple solution in this case is to drop the C++ dependency, and switch
the netcat-openbsd and nmap-ncat dependencies conditions.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f81242ae4f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since commit
fbf25acfbfd5a73b3560918bea081768abbe5723:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_NMAP
Depends on [n]: BR2_INSTALL_LIBSTDCPP [=n] && BR2_USE_MMU [=y] && BR2_TOOLCHAIN_HAS_THREADS [=y]
Selected by [y]:
- BR2_PACKAGE_LIBVIRT_DAEMON [=y] && BR2_PACKAGE_LIBVIRT [=y] && !BR2_PACKAGE_NETCAT_OPENBSD [=n]
Fixes:
- No autobuilder failures (yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: C++ only needed without NETCAT_OPENBSD]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4dff1be05e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
sasl depends on libsasl2 (https://github.com/cyrusimap/cyrus-sasl) which
is not packaged yet in buildroot and will result in the following build
failure raised since commit fbf25acfbfd5a73b3560918bea081768abbe5723:
output/build/libvirt-7.7.0/meson.build:1212:2: ERROR: Dependency "libsasl2" not found, tried pkgconfig
Fixes:
- No autobuilder failures (yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ba2016dc04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
support/scripts/pkg-stats:1171:8: E713 test for membership should be 'not in'
support/scripts/pkg-stats:1175:8: E713 test for membership should be 'not in'
support/scripts/pkg-stats:1179:8: E713 test for membership should be 'not in'
3 E713 test for membership should be 'not in'
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/1955772278
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 02e679d8bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When debugging pkg-stats, it's quite useful to be able to disable some
features that are quite long (checking upstream URL, checking latest
version, checking CVE). This commit adds a --disable option, which can
take a comma-separated list of features to disable, such as:
./support/scripts/pkg-stats --disable url,upstream
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b102352b62)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The .affects() method of the CVE class in support/scripts/cve.py can
return 3 values: CVE_AFFECTS, CVE_DOESNT_AFFECT and CVE_UNKNOWN.
We of course properly account for CVEs where .affects() return
CVE_AFFECTS, but the ones for which CVE_UNKNOWN is returned are
currently ignored, and therefore treated as if they did not affect the
package.
However CVE_UNKNOWN in fact indicates that the v_start/v_end fields of
the CPE entry could not be parsed by
distutils.version.LooseVersion(). Instead of ignoring such cases, this
commit adds support for the concept of "unsure CVEs", which will be
listed next to CVEs known to affect the package, so that we are aware
of them and can investigate the version issue.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a206bbc5fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
s/interperter/interpreter/ and drop 'use use' / 'depend on use'.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 65054d1a19)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add "Linux" before kernel in comment to be consistent with other
packages and manual
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 956cd5b9b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add "Linux" before kernel in comment to be consistent with other
packages and manual
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e0de6291e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add "Linux" before kernel in comment to be consistent with other
packages and manual
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0730b8b822)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop duplicated sentence from Config.in
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 59bbe7cc74)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
riscv64gc was made available for BR2_riscv, but RISC-V can be 32-bit
or 64-bit, so we need to restrict it to BR2_RISCV_64. There's no need
to keep the BR2_riscv dependency, as BR2_RISCV_64 can only be true
when BR2_riscv is true.
Also, BR2_PACKAGE_HOST_RUSTC_ARCH needs to be set to riscv64gc to
allow rust-bin to download its pre-compiled standard library
correctly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 79c5639597)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_HOST_RUSTC_ARCH only had a special value for
BR2_ARM_CPU_ARMV7A, but it also needs a special value for
BR2_ARM_CPU_ARMV5, as the pre-compiled Rust standard library for
ARMv5TE is identified with the "armv5te" architecture name, see
https://doc.rust-lang.org/nightly/rustc/platform-support.html.
We noticed this because Rust binaries wouldn't work on an ARMv5
platform (Illegal instruction). This was due to the usage of the
arm-unknown-linux-gnueabi variant of the Rust standard library, which
is for ARMv6. Thanks to this commit, we correctly use the
armv5te-unknown-linux-gnueabi variant, and Rust binaries work properly
on ARMv5TE.
A better approach would be to do the conversion from architecture
options to Rust tuples in a single string symbol that also defines the
supported architectures, similar to how it's done in e.g. openblas.
However, that's a much bigger change. So for now, just do the easy thing
and fix this one issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1ed4147e76)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The comments were *after* the option they applied to, which was
confusing, so bring back the comments before the option they apply to.
In addition, instead of saying "this option", explicitly name the
option to clear any ambiguity.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2b5f7ce292)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit ead2afda13, gettext is
wrongly disabled when BR2_SYSTEM_ENABLE_NLS is set
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5630e83c84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-41105: FreeSWITCH susceptible to Denial of Service via invalid
SRTP packets
When handling SRTP calls, FreeSWITCH is susceptible to a DoS where calls
can be terminated by remote attackers. This attack can be done
continuously, thus denying encrypted calls during the attack.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36
- CVE-2021-41157: FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default
By default, SIP requests of the type SUBSCRIBE are not authenticated in
the affected versions of FreeSWITCH.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj
- CVE-2021-37624: FreeSWITCH does not authenticate SIP MESSAGE requests,
leading to spam and message spoofing
By default, SIP requests of the type MESSAGE (RFC 3428) are not
authenticated in the affected versions of FreeSWITCH. MESSAGE requests
are relayed to SIP user agents registered with the FreeSWITCH server
without requiring any authentication. Although this behaviour can be
changed by setting the auth-messages parameter to true, it is not the
default setting.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
- CVE-2021-41145: FreeSWITCH susceptible to Denial of Service via SIP flooding
When flooding FreeSWITCH with SIP messages, it was observed that after a
number of seconds the process was killed by the operating system due to
memory exhaustion
https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
- CVE-2021-41158: FreeSWITCH vulnerable to SIP digest leak for configured gateways
An attacker can perform a SIP digest leak attack against FreeSWITCH and
receive the challenge response of a gateway configured on the FreeSWITCH
server. This is done by challenging FreeSWITCH's SIP requests with the
realm set to that of the gateway, thus forcing FreeSWITCH to respond with
the challenge response which is based on the password of that targeted
gateway.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4
Release notes:
https://github.com/signalwire/freeswitch/releases/tag/v1.10.7
Removed patch, upstream applied a different fix:
e9fde845de
Added optional dependency to libks, needed due to upstream commit
ed98516666
Added upstream patches to fix build errors.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 829777c1c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Needed to bump freeswitch to 1.10.7.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 30b2dbeae3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 1bf512e9ff wrongly added that
BR2_USE_WCHAR is due to flac dependency but flac is optional so remove
this comment and add boost instead
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 20584d1ef2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Single hyphen commands has been removed since Mender 3.0.0 [1]
[1] fd838ec1b0
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 97daba5781)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
View the release notes for more information:
https://go.dev/doc/devel/release.html#go1.17.minor
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7af6659cb2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fixed: [CVE-2021-46141]
Fix a bug affecting both uriNormalizeSyntax* and uriMakeOwner*
functions where the text range in .hostText would not be duped using
malloc but remain unchanged (and hence "not owned") for URIs with
an IPv4 or IPv6 address hostname; depending on how an application
uses uriparser, this could lead the application into a use-after-free
situation.
As the second half, fix uriFreeUriMembers* functions that would not
free .hostText memory for URIs with an IPv4 or IPv6 address host;
also, calling uriFreeUriMembers* multiple times on a URI of this
very nature would result in trying to free pointers to stack
(rather than heap) memory.
- Fixed: [CVE-2021-46142]
Fix functions uriNormalizeSyntax* for out-of-memory situations
(i.e. malloc returning NULL) for URIs containing empty segments
(any of user info, host text, query, or fragment) where previously
pointers to stack (rather than heap) memory were freed.
https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e00379361e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mutt 2.1.5 was released on December 30, 2021. This is a bug-fix release,
fixing two SMTP authentication issues, a crash bug on NetBSD, and a
couple other issues.
https://gitlab.com/muttmua/mutt/-/blob/mutt-2-1-5-rel/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit db156d693a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pyqt5 uses qmake internally, but is python package rather than a qmake
package. Therefore, we need to manually apply the same fixup as for
qmake packages.
Without this, top-level parallel build may fail because dependencies are
looked for in the qt5 per-package staging directory instead of the
python-pyqt5 one.
Signed-off-by: Florent AUMAITRE <florent.aumaitre@medianesysteme.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 51c22b4ba9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set PYTHON_EXECUTABLE to avoid the following build failure when
BR2_PACKAGE_PYTHON is enabled but libiio finds python3 without
setuptools on host:
-- Found Python: /usr/bin/python3.5 (found version "3.5.3") found components: Interpreter
-- new
-- Python_EXECUTABLE /usr/bin/python3.5
[...]
Traceback (most recent call last):
File "/home/buildroot/autobuild/instance-0/output-1/build/libiio-0.23/bindings/python/setup.py", line 15, in <module>
from setuptools import setup
ImportError: No module named 'setuptools'
Fixes:
- http://autobuild.buildroot.org/results/d80e56e4ad84c8e7f244cf6d1cb96c116e8eb734
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f384de4f4e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The LXC 4.0 branch is supported until June 2025.
Only bugfixes and securitiy issues get included into the stable bugfix
releases, so it's always safe and recommended to keep up and run the
latest bugfix release.
https://discuss.linuxcontainers.org/t/lxc-4-0-11-has-been-released/12427
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 97a504ed30)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 593683b45f (package/tpm2-tss: remove unused dependency)
removed the build-time dependency (in the .mk), but forgot to
remove it from the Config.in.
Signed-off-by: Tilman Keskinöz <arved@arved.at>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cbb70493af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The last reference of uriparser was removed in:
17a670dd4c
Signed-off-by: Erik Larsson <who+buildroot@cnackers.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 593683b45f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Make 4.3 is buggy and when parallel building host-libnss/libnss we end up
with a failure thrown by make itself. So let's work-around this by don't
parallel build the package if Make version is 4.3.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 540029eb45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This bump will fix the following build failure raised since bump of
python3 to version 3.10.1 in commit
25b1fc2898d68ddf2674b14c738045875fc5a2dc:
Please use python3.9 or python3.8 or python3.7 or python3.6 or python3.5 or python2.7.
/usr/bin/python3.7 ./configure
/usr/bin/python3.5 ./configure
/home/peko/autobuild/instance-1/output-1/host/bin/python2.7 ./configure
Node.js configure: Found Python 3.10.1...
https://github.com/nodejs/node/releases/tag/v14.18.2
Fixes:
- http://autobuild.buildroot.org/results/9e2ebb9c3681ec0485eaa042fa838c8ee62f649b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 06735b085f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The previous version bump [1] added the hash of LICENSE.txt but
forgot to update FLARE_GAME_LICENSE_FILES.
[1] 4d09d1b476
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7684604188)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Flare games use OGG audio file format througt SDL2-mixer.
Without OGG support, flare-engine trigger a lot of errors in its
log and fail to start the game.
ERROR: SoundManager: ItemManager: Loading sound /usr/share/flare/mods/fantasycore/soundfx/inventory/inventory_gem.ogg (soundfx/inventory/inventory_gem.ogg) failed: Unrecognized audio format
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1f66c3557a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_V4L2CODECS option has a
dependency on BR2_PACKAGE_HAS_UDEV, but no Config.in comment was added
about this dependency. This commit addresses that.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 029a3c3ed7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit creates a symlink that ensures fontconfig will find the
fonts installed by the font-awesome package.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0979a9e13c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build fails on systems without /usr/bin/msgfmt. This has been an issue
that exists since at least vlc 3.0.7, with build failures that can be
found as early as August 2019.
Fixes:
http://autobuild.buildroot.net/results/3c9893dd92d784a0520a287c4d4a5e760393c95f/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 153d028303)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-4136: vim is vulnerable to Heap-based Buffer Overflow
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f5ec93be3c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set HOSTCC_NOCCACHE and HOSTCXX_NOCCACHE only if they are not
set. This allows recursive calls to "make" to work as intended in the
presence of ccache. Such recursive calls to "make" can for example
happen if one calls "make legal-info" from within a post-build script,
to integrate some results of the legal-info output into the root
filesystem.
Without guarding these variables, a recursive invocation of make would
re-define
HOSTCC_NOCCACHE := $(HOSTCC)
and
HOSTCXX_NOCCACHE := $(HOSTCXX)
at a point in time when HOSTCC and HOSTCXX already point to ccache.
It used to work by "accident" until
ca6a2907c2 ("make: support: use `command
-v' instead of `which'"), due to how "which" was behaving when invoked
with multiple arguments. After switching to "command -v", which
behaves different with multiple arguments, this HOSTCC_NOCCACHE
redefinition problem surfaced. Even though
ca6a2907c2 has since then been reverted
for other reasons, it does make sense to guard the definition of
HOSTCC_NOCCACHE and HOSTCXX_NOCCACHE to not rely on a side-effect of
using "which".
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c5912e7db3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libdbi needs dynamic library to avoid the following build failure raised
since the addition of the package in commit
c6aac6ebdbbd3873110a9e19de1957e49cb9344e:
dbi_main.c:84:2: error: #error no dynamic loading support
84 | #error no dynamic loading support
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/9cd56a625cbd52b0c070e2d462e02f5161d9631d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a24f0e8eee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add patch to fix linking failure while creating shared library. As
explained in the patch itself, there is no specific variable for when we
link a shared library and rebar itself rely on the default LDFLAGS. Since
by default every CFLAGS is filled with -fPIC we need to make sure that
every LDFLAGS is the same, so not having any other *_LDFLAGS variable to
fille with -fPIC let's add it to the main LDFLAGS.
Fixes:
http://autobuild.buildroot.net/results/602/60296a48210e7ffc6bc9fa50ee586441a8957e85/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b00c034fe5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following musl build failure raised since bump to version 6.14
in commit 5292d1cf9ad0605cc264fedc75c1b9a169aa183b:
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i586-buildroot-linux-musl/9.3.0/../../../../i586-buildroot-linux-musl/bin/ld: rngd-rngd_jitter.o: in function `rngd_notime_start':
rngd_jitter.c:(.text+0xdc2): undefined reference to `pthread_attr_setaffinity_np'
Fixes:
- http://autobuild.buildroot.org/results/3ec7df86856aa9bee2f18a8faa44fd58bc8a6657
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d94e2b6dd4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the gcc arc version was bumped to a version using gcc
10.x (arc-2020.09-release) in commit 0791abfba0 (toolchain: update ARC
tools to arc-2020.09-release), the select of BR2_GCC_VERSION_ARC on the
appropriate BR2_TOOLCHAIN_GCC_AT_LEAST_xyz was not updated.
Commit 0b4c7ba01c (toolchain: update option descriptions for ARC tools
arc-2020.09-release) fixed the prompt, but still forgot to update the
appropriate BR2_TOOLCHAIN_GCC_AT_LEAST_xyz.
This commit eventually fixes this issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 81662cf228)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As explained in the patch itself, there is a bug in the handling of
__pselect32() in glibc for the Microblaze architecture. There a
special Microblaze variant that was added to support kernels older
than < 3.15, but it "hides" a generic implementation that is needed to
support kernels newer than 3.15 but older than 5.1 (which is when the
time64 support for 32-bit architectures was added, making __pselect32
no longer needed).
This bug causes a glibc build failure for kernels >= 3.15 but < 5.1,
on Microblaze.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 17ebb6ffae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
IWD is a runtime dependency for the connman iwd plugin.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9892fd8f06)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 60acafc806)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 35cf2a00b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select BR2_TARGET_UBOOT_NEEDS_OPENSSL to fix the following build
error:
include/image.h:1178:12: fatal error: openssl/evp.h: No such file or directory
1178 | # include <openssl/evp.h>
| ^~~~~~~~~~~~~~~
Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/1915006189
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d9f72e37bd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select BR2_TARGET_UBOOT_NEEDS_OPENSSL to fix the following build
error:
include/image.h:1178:12: fatal error: openssl/evp.h: No such file or directory
1178 | # include <openssl/evp.h>
| ^~~~~~~~~~~~~~~
Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/1915006257
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 635f4b8b5a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select BR2_TARGET_UBOOT_NEEDS_OPENSSL to fix the following build
error:
include/image.h:1178:12: fatal error: openssl/evp.h: No such file or directory
1178 | # include <openssl/evp.h>
| ^~~~~~~~~~~~~~~
Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/1915006500
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f7071471ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When binutils 2.37 was introduced in commit
62f0232980 ("package/binutils: add
version 2.37"), the patch
0008-or1k-fix-pc-relative-relocation-against-dynamic-on-P.patch was
not properly updated. Indeed, between binutils 2.36 and 2.37, binutils
has switched to using the standard "bool" type, so instead of using
TRUE/FALSE, true/false must be used.
With this change, the binutils patch matches the one that was merged
upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b032faa401)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Configuring coreutils with gl_cv_func_fstatat_zero_flag=no results in
non-functional lchmod library function which causes 'mkfifo -m' to
always complete with the message 'cannot set permissions of ...: Invalid
argument' and an error exit code. gl_cv_func_fstatat_zero_flag=no is not
needed when building coreutils-9.0 for linux and its setting should be
correctly determined by the configure script.
Drop gl_cv_func_fstatat_zero_flag=no from the coreutils configure
environment.
For more details see
https://lists.buildroot.org/pipermail/buildroot/2021-December/631388.html
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fef5d9fbda)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail address is bouncing (and we have some private information
that explains why):
Ryan Barnett (ryan.barnett@collins.com)<mailto:ryan.barnett@collins.com>
The recipient won't be able to receive this message because it's too large.
The maximum message size that's allowed is 1 KB. This message is 7 KB.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 287601459e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Cage requires wlroots to be built with X11 enabled
in order to enable XWayland, otherwise it will fail
with error:
"ERROR: Problem encountered: Cannot build Cage with
XWayland support: wlroots has been built without it"
Signed-off-by: Yunhao Tian <t123yh.xyz@gmail.com>
[yann.morin.1998@free.fr:
- drop explicit _XORG7, as _WLROOTS_X11 depends on it
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3e4c2d6213)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit b3b6070622 (arch/xtensa: allow specifying path to tarball file)
missed a place where the xtensa overlay was referenced, thus breaking
the calculation for the ccache hash.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b98ed34072)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable documentation which is available (and enabled by default) since
bump to version 0.31 in commit 0186da2923
and
60e173c019
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8a78e215c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
*) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
multipart content in mod_lua of Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A carefully crafted request body can cause a buffer overflow in
the mod_lua multipart parser (r:parsebody() called from Lua
scripts).
The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credits: Chamal
*) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
For more details, see the changes file:
https://downloads.apache.org/httpd/CHANGES_2.4.52
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bdc3f6888f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
janus-gateway is vulnerable to Improper Neutralization of Input During
Web Page Generation ('Cross-site Scripting')
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2fd3c2cf43)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking
script content through SVG images (CVE-2021-43818).
- A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking
script content through CSS imports and other crafted constructs
(CVE-2021-43818).
https://github.com/lxml/lxml/blob/lxml-4.6.5/CHANGES.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ad6321660c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Evan has privately requested to no longer receive e-mails related to
this Buildroot package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit acc0d51c53)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS dependency was wrongly added to
BR2_PACKAGE_HOST_IMAGEMAGICK by commit
df20e45463, indeed host-librsvg is only
needed by BR2_PACKAGE_HOST_IMAGEMAGICK_SVG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 38f6b42d31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV,
DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0,
as also used in OpenBLAS before version 0.3.18. Specially crafted inputs
passed to these functions could cause an application using lapack to
crash or possibly disclose portions of its memory.
It should be noted that commit 59a1fcc696
wrongly assumed that this CVE was fixed in version 3.10.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 83134027a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with glibc >= 2.34:
In file included from timerobj.c:32:
In function 'threadobj_set_current',
inlined from 'server_prologue' at timerobj.c:94:2:
../../include/copperplate/threadobj.h:252:9: error: 'pthread_setspecific' expecting 1 byte in a region of size 0 [-Werror=stringop-overread]
252 | pthread_setspecific(threadobj_tskey, thobj);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/ed93f916eda304b30f320816c85d1b0d4488c699
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1b3055cc8d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current configuration fails to boot on the stm32f469-disco board.
Make it bootable again by reverting the DRAM patches.
Also change the kernel load address from 0x8010000 to 0x800C000 to
allocate more space to the kernel, since 32kB for the device tree is
enough.
Also clean up the rootfs a bit with the common stm32-post-build.sh
script.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 82c1a43792)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
They are currently expressed as such:
depends on (BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
which is not the common practice in Buildroot. We prefer to use:
depends on BR2_ENABLE_LOCALE
depends on BR2_USE_WCHAR
This commit ensures linux-pam is consistent with this best practice.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ac9261edec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_LINUX_PAM depends on BR2_USE_MMU, but this dependency is
not taken into account in the Config.in comment, which this commit
fixes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8f0df6609a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with help2man raised since bump to
version 1.26.0 in commit be76508af2b2253f95137a28198139732be2dcb3:
FAILED: docs/man/mbimcli.1
/usr/bin/help2man --output=docs/man/mbimcli.1 '--name=Control MBIM devices' '--help-option="--help-all"' /home/peko/autobuild/instance-1/output-1/build/libmbim-1.26.0/build/src/mbimcli/mbimcli
help2man: can't get `"--help-all"' info from /home/peko/autobuild/instance-1/output-1/build/libmbim-1.26.0/build/src/mbimcli/mbimcli
Try `--no-discard-stderr' if option outputs to stderr
Fixes:
- http://autobuild.buildroot.org/results/eaa2ba54b9c74f07292d3cad4fa96c80e6079702
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a315d7c98b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ICU build scripting adds some host libraries to LD_LIBRARY_PATH by
using constructs of the following form:
LD_LIBRARY_PATH="custom-path:${LD_LIBRARY_PATH}"
If the original LD_LIBRARY_PATH is empty, this causes the last search
directory be an empty string, i.e. the working directory.
ICU build runs some basic host commands (e.g. "rm") in $(TARGET_DIR)/lib
under such an LD_LIBRARY_PATH, causing target libraries (e.g. libc) to
possibly get loaded instead of host system libraries if they are
compatible enough (e.g. arch matches).
Since the target libraries may not actually be ABI compatible with host
system binaries (e.g. target has an old libc), this can cause crashes
or other errors.
Observed errors include:
(1) rm: libc.so.6: version `GLIBC_2.33' not found (required by rm)
(2) sh: line 1: 1362670 Segmentation fault (core dumped) rm -f libicudata.so.65
Workaround the issue by setting a dummy LD_LIBRARY_PATH when it would
otherwise be empty.
https://unicode-org.atlassian.net/browse/ICU-21417
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ac1c781149)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised with help2man since bump to
version 1.30.0 in commit 50c5495f81d3418a0f63fc642dc6beb41cd316e0:
FAILED: docs/man/qmicli.1
/usr/bin/help2man --output=docs/man/qmicli.1 '--name=Control QMI devices' '--help-option="--help-all"' /home/peko/autobuild/instance-1/output-1/build/libqmi-1.30.2/build/src/qmicli/qmicli
help2man: can't get `"--help-all"' info from /home/peko/autobuild/instance-1/output-1/build/libqmi-1.30.2/build/src/qmicli/qmicli
Try `--no-discard-stderr' if option outputs to stderr
Fixes:
- http://autobuild.buildroot.org/results/15818b6de7378cd75c59b1d6dc732ed9a20c092a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7f38ce2103)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following vulnerabilities:
* CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds
access
The handler for the CompositeGlyphs request of the Render extension does
not properly validate the request length leading to out of bounds memory
write.
* CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds
access
The handler for the CreatePointerBarrier request of the XFixes extension
does not properly validate the request length leading to out of bounds
memory write.
* CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access
The handler for the Suspend request of the Screen Saver extension does not
properly validate the request length leading to out of bounds memory
write.
* CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access
The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write.
For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV,
DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0,
as also used in OpenBLAS before version 0.3.18. Specially crafted
inputs passed to these functions could cause an application using
lapack to crash or possibly disclose portions of its memory.
- Update license hash, year changed:
f67034373e
- Update indentation in hash file (two spaces)
http://netlib.org/lapack/lapack-3.10.0.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 59a1fcc696)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition...
scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Tested on beaglebone black and beaglebone white (A6)
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7b55cb018d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Minor bugfix release:
Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
*) Avoid loading of a dynamic engine twice.
[Bernd Edlinger]
*) Fixed building on Debian with kfreebsd kernels
[Mattias Ellert]
*) Prioritise DANE TLSA issuer certs over peer certs
[Viktor Dukhovni]
*) Fixed random API for MacOS prior to 10.12
These MacOS versions don't support the CommonCrypto APIs
[Lenny Primak]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2b906b975a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- cgi_error_no_template(): Encode the template name to prevent
XSS (cross-site scripting) when Privoxy is configured to servce
the user-manual itself.
Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543.
Reported by: Artem Ivanov
- get_url_spec_param(): Free memory of compiled pattern spec
before bailing.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.
- process_encrypted_request_headers(): Free header memory when
failing to get the request destination.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541.
- send_http_request(): Prevent memory leaks when handling errors
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 44a97dcb93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-44420: Potential bypass of an upstream access control based on
URL paths
HTTP requests for URLs with trailing newlines could bypass an upstream
access control based on URL paths.
This issue has low severity, according to the Django security policy.
https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
In addition, 3.2.8 / 3.2.9 fixes a number of bugs.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 086d357dfb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop 0030-Fix-cross-compiling-the-uuid-module.patch as the patched code has
been reworked upstream and python3 is built with --disable-uuid:
91a51c5ffc
Rework 0033-configure.ac-fixup-CC-print-multiarch-output-for-mus.patch as
the MULTIARCH code is now conditional on !darwin:
9901d153c2
Refresh and renumber remaining patches.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ce81a6e6d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
connman might depend on iptables or nftables, and those dependencies
are already selected later in this file as required.
Config.in already only selects iptables if BR2_PACKAGE_CONNMAN_IPTABLES.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit edc46a56f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TARGET_LDFLAGS is overriden since the addition of the package in commit
8d66bc940d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 6deb6bdc7c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release fixes two bugs introduced in release 3.10.0 and fixes the
conversion of std::filesystem::path. All changes are backward-compatible.
https://github.com/nlohmann/json/releases/tag/v3.10.4
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 87577a92aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop spurious "depends on WCHAR" added with commit
ccfc90e101 and adds missing wchar comment
While at it, drop BR2_USE_MMU from comment as it is already added by
BR2_PACKAGE_LIBVIRT_ARCH_SUPPORTS and fix indentation before
(BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_11 || !BR2_aarch64))
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 250e965803)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace libvirtd by driver_libvirtd to avoid the following build failure
raised since the addition of the package in commit
ccfc90e1010e42e6529afae3a5ea8bf7226dabc1:
../output-1/build/libvirt-7.7.0/meson.build:1:0: ERROR: Unknown options: "libvirtd"
Fixes:
- http://autobuild.buildroot.org/results/3a20db6cb39c0d91213adbe82934274659df43e7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 86f91e14b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Beaglebone Black Wireless needs a specific DT, which u-boot tries to
load based on the board name. Make sure we ship the DT so that we can
boot on that platform.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1984222c84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
to monitor issues and changes.
Signed-off-by: Andreas Ziegler <br015@umbiko.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f9ae224604)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mutt 2.1.4 was released on December 11, 2021. This is a bug-fix release,
fixing a performance issue when used with DavMail.
Mutt 2.1.3 was released on September 10, 2021. This is a bug-fix
release, fixing some of the fixes in the last release. IMAP and
QRESYNC users are advised to upgrade.
Mutt 2.1.2 was released on August 24, 2021. This is an important bug-fix
release, fixing a potential data-loss IMAP bug, a couple QRESYNC bugs,
and a few other issues. IMAP users are strongly advised to upgrade.
http://www.mutt.orghttps://gitlab.com/muttmua/mutt/-/blob/mutt-2-1-4-rel/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7686a1382f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
<roman.gorbenkov@ens2m.org>: host mxd.relay.renater.fr[194.214.200.9] said: 550
5.5.0 Requested actions not taken as the mailbox is unavailable (in reply
to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 656f4a3718)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.17.4 (released 2021-12-02) includes fixes to the compiler, linker, runtime,
and the go/types, net/http, and time packages.
go1.17.5 (released 2021-12-09) includes security fixes to the syscall and
net/http packages:
- CVE-2021-44716
- CVE-2021-44717
https://go.dev/doc/devel/release#go1.17
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit eb92bb01b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
First patch is not needed since bump to version 0.99.1 in commit
2c8e5dd69f and
6890053176
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 3d565a831d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The copy command for /usr/share/alsa missing an asterisk cause it to copy to
/usr/share/alsa/alsa instead of /usr/share/alsa where it should be.
Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 6c71b52235)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The eighth patch release for containerd 1.5 contains a mitigation for
CVE-2021-41190 as well as several fixes and updates.
https://github.com/containerd/containerd/releases/tag/v1.5.8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit fc24c5c30a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently
restrict the message destination, allowing any user to inspect and
manipulate any property. This leads to access-control bypass in some
situations in which an unrelated D-Bus system service has a settable
(writable) property
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e4464fabb6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some of the third party code is BSD-licensed. In addition, the roots.pem
certificate store is MPL-licensed.
This was probably already the case in earlier versions as well, but it
was only noticed while updating to 1.42.0 because the LICENSE file was
adapted for it.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 50c4fd9363)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It is possible that some users of buildroot have put it in a repository
and call into it from another Makefile such as:
.DEFAULT:
$(MAKE) O=$(abspath $(O)) -C buildroot $(@)
This technique works well except that Make tells us that it changes into
the buildroot directory:
make[1]: Entering directory 'buildroot'
Because this line doesn't have an equals within it, python raises a
ValueError exception within pkg-stats.
This patch has python tell the invoked make not to print directories
Signed-off-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c988867fd2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, by following the instructions in the manual and querying for
developers for a patch that changes path
package/foobar
the script reports both developers that have these entries in the
DEVELOPERS file:
F: package/foo/
F: package/foobar/
Starting from commit "afc112b0e4 utils/getdeveloperlib.py: fix issue
with hasfile()" get-developers script uses os.path.abspath() and
os.path.relpath().
The catch is that those functions return the absolute path and the
relative path without the trailing slash.
When the paths associated to a developer are then compared to the paths
a patch touches, using the string.startswith(), any substring returns
True, leading to developers for package/foo/ being wrongly reported
for package/foobar/ .
Fix this by re-adding the trailing slash after using relpath().
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: James Knight <james.d.knight@live.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 29bb478a49)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-4069: vim is vulnerable to Use After Free
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7600ca7960)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-43784: runc is a CLI tool for spawning and running
containers on Linux according to the OCI specification. In runc, netlink
is used internally as a serialization system for specifying the relevant
container configuration to the `C` portion of the code (responsible for
the based namespace setup of containers). In all versions of runc prior
to 1.0.3, the encoder did not handle the possibility of an integer
overflow in the 16-bit length field for the byte array attribute type,
meaning that a large enough malicious byte array attribute could result
in the length overflowing and the attribute contents being parsed as
netlink messages for container configuration. This vulnerability
requires the attacker to have some control over the configuration of the
container and would allow the attacker to bypass the namespace
restrictions of the container by simply adding their own netlink payload
which disables all namespaces. The main users impacted are those who
allow untrusted images with untrusted configurations to run on their
machines (such as with shared cloud infrastructure). runc version 1.0.3
contains a fix for this bug. As a workaround, one may try disallowing
untrusted namespace paths from your container. It should be noted that
untrusted namespace paths would allow the attacker to disable namespace
protections entirely even in the absence of this bug.
https://github.com/opencontainers/runc/releases/tag/v1.0.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0acaad1be2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently this .mk snippet results in unexpected behavior from
check-package:
|VAR_1 = VALUE1
|ifeq (condition)
|VAR_1 := $(VAR_1), VALUE2
|endif
Fix commit "163f160a8e utils/{check-package, checkpackagelib}:
consistently use raw strings for re.compile" that ended up doing this:
- CONCATENATING = re.compile("^([A-Z0-9_]+)\s*(\+|:|)=\s*\$\(\\1\)")
+ CONCATENATING = re.compile(r"^([A-Z0-9_]+)\s*(\+|:|)=\s*\$\(\\1\)")
But raw strings do not expect escaping when referencing \1 and the
pattern ends up searching for a raw '\\1' instead of an occurrence of
the first pattern inside parenthesis.
|$ python3
|Python 3.8.10 (default, Sep 28 2021, 16:10:42)
|[GCC 9.3.0] on linux
|Type "help", "copyright", "credits" or "license" for more information.
|>>> import re
|>>> p1 = re.compile('(foo)bar\\1')
|>>> p2 = re.compile(r'(foo)bar\\1')
|>>> p3 = re.compile(r'(foo)bar\1')
|>>> s1 = 'foobarfoo'
|>>> s2 = 'foobar\\1'
|>>> print(p1.search(s1))
|<re.Match object; span=(0, 9), match='foobarfoo'>
|>>> print(p2.search(s1))
|None
|>>> print(p3.search(s1))
|<re.Match object; span=(0, 9), match='foobarfoo'>
|>>> print(p1.search(s2))
|None
|>>> print(p2.search(s2))
|<re.Match object; span=(0, 8), match='foobar\\1'>
|>>> print(p3.search(s2))
|None
|>>>
So use '\1' instead of '\\1' in the raw string.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5bbedea9c2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As stated on www.pcre.org:
You can download the current release of the PCRE2 library from its
official home on GitHub
[...]
Note that the former ftp.pcre.org FTP site is no longer available.
Update _SITE URL to the official home on Github.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
[yann.morin.1998@free.fr: use Github, not SourceForge]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cc570eff96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The following are runtime dependencies for host-python-requests:
host-python-certifi
host-python-charset-normalizer
host-python-idna
host-python-urllib3
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b48d10f40a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A host variant of the python-urllib3 package will be needed for the
host-python-requests package.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit dccfefafd4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A host variant of the python-idna package will be needed for the
host-python-requests package.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7c4a52e087)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A host variant of the python-charset-normalizer package will be needed
for the host-python-requests package.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 07fc2fb1a5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The message attribute does not exist in python3, see PEP-0352:
https://www.python.org/dev/peps/pep-0352/
Fixes:
Traceback (most recent call last):
File "utils/scanpypi", line 743, in <module>
main()
File "utils/scanpypi", line 693, in main
if 'buildutils' in err.message:
AttributeError: 'ImportError' object has no attribute 'message'
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c3029878c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV,
DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0,
as also used in OpenBLAS before version 0.3.18. Specially crafted
inputs passed to these functions could cause an application using
lapack to crash or possibly disclose portions of its memory.
- Drop first and second patches (already in version)
https://github.com/xianyi/OpenBLAS/blob/v0.3.18/Changelog.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-01-09 11:38:49 +01:00
467 changed files with 4042 additions and 2236 deletions
ld: otp/lib/erl_interface/obj/x86_64-unknown-linux-gnu/libei.a(eirecv.o):otp/lib/erl_interface/src/misc/ei_portio.h:50: multiple definition of `ei_default_socket_callbacks'; otp/lib/erl_interface/obj/x86_64-unknown-linux-gnu/libei.a(ei_connect.o):otp/lib/erl_interface/src/misc/ei_portio.h:50: first defined here
ld: otp/lib/erl_interface/obj/x86_64-unknown-linux-gnu/libei.a(send.o):otp/lib/erl_interface/src/misc/ei_portio.h:50: multiple definition of `ei_default_socket_callbacks'; otp/lib/erl_interface/obj/x86_64-unknown-linux-gnu/libei.a(ei_connect.o):otp/lib/erl_interface/src/misc/ei_portio.h:50: first defined here
ld: otp/lib/erl_interface/obj/x86_64-unknown-linux-gnu/libei.a(send_reg.o):otp/lib/erl_interface/src/misc/ei_portio.h:50: multiple definition of `ei_default_socket_callbacks'; otp/lib/erl_interface/obj/x86_64-unknown-linux-gnu/libei.a(ei_connect.o):otp/lib/erl_interface/src/misc/ei_portio.h:50: first defined here
ld: otp/lib/erl_interface/obj/x86_64-unknown-linux-gnu/libei.a(epmd_port.o):otp/lib/erl_interface/src/misc/ei_portio.h:50: multiple definition of `ei_default_socket_callbacks'; otp/lib/erl_interface/obj/x86_64-unknown-linux-gnu/libei.a(ei_connect.o):otp/lib/erl_interface/src/misc/ei_portio.h:50: first defined here
ld: otp/lib/erl_interface/obj/x86_64-unknown-linux-gnu/libei.a(ei_portio.o):otp/lib/erl_interface/src/misc/ei_portio.h:50: multiple definition of `ei_default_socket_callbacks'; otp/lib/erl_interface/obj/x86_64-unknown-linux-gnu/libei.a(ei_connect.o):otp/lib/erl_interface/src/misc/ei_portio.h:50: first defined here