update buildroot #5
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jesse Van Gavere <[email protected]> Signed-off-by: Angelo Compagnucci <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
…lation Even though it works, overriding --prefix at installation time is a bit weird. In order to be more consistent with what is done with other build systems, use DESTDIR instead at installation time. Note that $(DESTDIR) comes in addition to the -DCMAKE_INSTALL_PREFIX=/usr that is passed at configure time, so with this commit, the files continue to be installed in $(STAGING_DIR)/usr and $(TARGET_DIR)/usr as they should be. Signed-off-by: Thomas Petazzoni <[email protected]>
i3-compatible Wayland compositor This Wayland compositor can be used as a kiosk compositor like cage, but with the advantage of better configuration of multiple monitor and windows. For example, move a window by title to the output X or set the resolution of Y to Z. Signed-off-by: Raphael Pavlidis <[email protected]> [Peter: Fix white space, add gdk-pixbuf to _DEPENDENCIES] Signed-off-by: Peter Korsgaard <[email protected]>
In utils/brmake line 6:
local found ret start d h m mf
^---^ SC2034: found appears unused. Verify use (or export if used externally).
In utils/brmake line 16:
> >( while read line; do
^--^ SC2162: read without -r will mangle backslashes.
For both, the suggestions from shellcheck can be applied.
Signed-off-by: Arnout Vandecappelle <[email protected]>
In utils/config line 54:
ARG="`echo $ARG | tr a-z- A-Z_`"
^------------------------^ SC2006: Use $(...) notation instead of legacy backticked `...`.
^--^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
ARG="$(echo "$ARG" | tr a-z- A-Z_)"
In utils/config line 87:
local tmpfile="$infile.swp"
^-----^ SC2034: tmpfile appears unused. Verify use (or export if used externally).
In utils/config line 182:
if [ $? != 0 ] ; then
^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly with $?.
For more information:
https://www.shellcheck.net/wiki/SC2034 -- tmpfile appears unused. Verify us...
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
https://www.shellcheck.net/wiki/SC2006 -- Use $(...) notation instead of le...
The suggestions from shellcheck can be applied.
The unused variable tmpfile in fact occurs in several functions, all of
them can be removed.
For the check exit code, the condition is swapped to avoid negative
logic.
Signed-off-by: Arnout Vandecappelle <[email protected]>
In utils/docker-run line 10:
--user $(id -u):$(id -g) \
^------^ SC2046: Quote this to prevent word splitting.
^------^ SC2046: Quote this to prevent word splitting.
The suggestions from shellcheck can be applied.
Signed-off-by: Arnout Vandecappelle <[email protected]>
In utils/test-pkg line 8:
if [ ! -z "${TEMP_CONF}" ]; then
^-- SC2236: Use -n instead of ! -z.
In utils/test-pkg line 75:
TEMP_CONF=$(mktemp /tmp/test-${pkg}-config.XXXXXX)
^----^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
TEMP_CONF=$(mktemp /tmp/test-"${pkg}"-config.XXXXXX)
In utils/test-pkg line 76:
echo "${pkg_br_name}=y" > ${TEMP_CONF}
^----------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
echo "${pkg_br_name}=y" > "${TEMP_CONF}"
In utils/test-pkg line 86:
if [ ${random} -gt 0 ]; then
^-------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
if [ "${random}" -gt 0 ]; then
In utils/test-pkg line 90:
if [ ${number} -gt 0 ]; then
^-------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
if [ "${number}" -gt 0 ]; then
In utils/test-pkg line 109:
toolchains=($(sed -r -e 's/,.*//; /internal/d; /^#/d; /^$/d;' "${toolchains_csv}" \
^-- SC2207: Prefer mapfile or read -a to split command output (or quote to avoid splitting).
In utils/test-pkg line 110:
|if [ ${random} -gt 0 ]; then \
^-------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
|if [ "${random}" -gt 0 ]; then \
In utils/test-pkg line 111:
sort -R |head -n ${random}
^-------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
sort -R |head -n "${random}"
In utils/test-pkg line 121:
if [ ${nb_tc} -eq 0 ]; then
^------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
if [ "${nb_tc}" -eq 0 ]; then
In utils/test-pkg line 134:
printf "%40s [%*d/%d]: " "${toolchain}" ${#nb_tc} ${nb} ${nb_tc}
^---^ SC2086: Double quote to prevent globbing and word splitting.
^------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
printf "%40s [%*d/%d]: " "${toolchain}" ${#nb_tc} "${nb}" "${nb_tc}"
In utils/test-pkg line 146:
${nb} ${nb_skip} ${nb_fail} ${nb_legal} ${nb_show}
^---^ SC2086: Double quote to prevent globbing and word splitting.
^--------^ SC2086: Double quote to prevent globbing and word splitting.
^--------^ SC2086: Double quote to prevent globbing and word splitting.
^---------^ SC2086: Double quote to prevent globbing and word splitting.
^--------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
"${nb}" "${nb_skip}" "${nb_fail}" "${nb_legal}" "${nb_show}"
In utils/test-pkg line 160:
CONFIG_= support/kconfig/merge_config.sh -O "${dir}" \
^-- SC1007: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
In utils/test-pkg line 181:
if [ ${prepare_only} -eq 1 ]; then
^-------------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
if [ "${prepare_only}" -eq 1 ]; then
For more information:
https://www.shellcheck.net/wiki/SC1007 -- Remove space after = if trying to...
https://www.shellcheck.net/wiki/SC2207 -- Prefer mapfile or read -a to spli...
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
The suggestions from shellcheck can be applied.
This script already uses bash so we can rely on mapfile.
The warning about CONFIG_= assignment misinterpreted the intention: we
don't want to assign to CONFIG_, we want to clear it from the
environment. Spell this as CONFIG_="".
Signed-off-by: Arnout Vandecappelle <[email protected]>
All the errors in existing scripts in utils/ have been fixed, so nothing needs to be added to .checkpackageignore. Signed-off-by: Ricardo Martincoski <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
The update to v1.67.0 of rust broke the bootstrap build. This patch applies an upstream patch to fix this: rust-lang/rust@3fe64eb Fixes: http://autobuild.buildroot.org/results/214/214fcbb3458893784b7f85b60f7ee1edb428c77f/build-end.log Signed-off-by: Sebastian Weyer <[email protected]> Cc: Eric Le Bihan <[email protected]> Cc: James Hilliard <[email protected]> Reviewed-by: Romain Naour <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Commit bed21bb added a patch to change configure.ac but failed to update configure which caused build failures due to the timestamp difference between configure and configure.ac and the makefile attempting to run aclocal. XZ_AUTORECONF = YES creates a circular dependency where the host autotools need host-xz which also gets patched. Because of this, we need to patch xz's configure script manually and NOT patch configure.ac so its timestamp stays older than Makefile.in. While we're doing this, correct the language in the commit body of the patch, remove a stray whitespace, and fix the offset for configure.ac Fixes: bed21bb ("package/xz: fix microblaze compiles") Fixes: http://autobuild.buildroot.net/results/958/9586f21e447ef9923606b1385ff333138406b685/ Signed-off-by: Vincent Fazio <[email protected]> [Peter: Only patch configure] Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: TIAN Yuanhao <[email protected]> Cc: Thomas Petazzoni <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Disable stack-protector to avoid the following build failure: /home/autobuild/autobuild/instance-14/output-1/host/bin/arm-buildroot-linux-gnueabi-ld -T stm32f429.lds --gc-sections -o stm32f469i-disco.elf stm32f469i-disco.o gpio.o mpu.o qspi.o start_kernel.o usart-f4.o /home/autobuild/autobuild/instance-14/output-1/host/bin/arm-buildroot-linux-gnueabi-ld: stm32f469i-disco.o: in function `main': stm32f469i-disco.c:(.text.startup.main+0x3b0): undefined reference to `__stack_chk_guard' /home/autobuild/autobuild/instance-14/output-1/host/bin/arm-buildroot-linux-gnueabi-ld: stm32f469i-disco.c:(.text.startup.main+0x4c0): undefined reference to `__stack_chk_fail' /home/autobuild/autobuild/instance-14/output-1/host/bin/arm-buildroot-linux-gnueabi-ld: stm32f469i-disco.c:(.text.startup.main+0x4ec): undefined reference to `__stack_chk_guard' Fixes: - http://autobuild.buildroot.org/results/fa6ffab24c3998f21034ab24e8d2852cacde08c1 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
- additional disable new FEATURE_avx512vbmi2/FEATURE_vaes (added with upstream commit [1]) [1] https://code.qt.io/cgit/qt/qtbase.git/commit/?id=38e6b637b71fae274caedc1d326f641b904e00a4 Signed-off-by: Peter Seiderer <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Changelog (for details see [1] and [2]):
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
[1] https://www.openssl.org/news/cl111.txt
[2] https://www.openssl.org/news/vulnerabilities.html
Signed-off-by: Peter Seiderer <[email protected]>
Signed-off-by: Thomas Petazzoni <[email protected]>
Signed-off-by: Frank Vanbever <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Signed-off-by: Frank Vanbever <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
This version allows to build with Linux 6.1 Fixes: Still not reported Signed-off-by: Giulio Benetti <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Instead of undefining endiannes CFLAGS let's change the approach. Let's disable the CONFIG_PLATFORM_I386_PC that is set to y by default involving the endianness to be set to little. This way we can set the CFLAGS according to architecture with some default define like: -DCONFIG_IOCTL_CFG80211 -DRTW_USE_CFG80211_STA_EVENT -Wno-error Suggested-by: Arnout Vandecappelle <[email protected]> Signed-off-by: Giulio Benetti <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Release notes: https://github.com/sctp/lksctp-tools/blob/v1.0.19/ChangeLog Signed-off-by: Maxim Kochetkov <[email protected]> Tested-by: Maksim Kiselev <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Explicitly set installed_tests to disabled. Drop patch which is now upstream. Signed-off-by: James Hilliard <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
cpe:2.3:a:open-iscsi_project:open-iscsi is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopen-iscsi_project%3Aopen-iscsi Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
cpe:2.3:a:opensuse:libsolv is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopensuse%3Alibsolv Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Version 2.3.0 of ply now requires Linux headers >= 5.5 This was missing in commit b961260 ("package/ply: bump to version 2.3.0") Fixes: http://autobuild.buildroot.net/results/ce37039991cb0fb02b97d341d78327e54d0e1d26 http://autobuild.buildroot.net/results/c00714847ae92dd609bc8990df318bee58be38b8 http://autobuild.buildroot.net/results/8210bd2b9c67d6d7616ada525019b2658195416a Signed-off-by: Andreas Klinger <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Waf requires that the version of the waf script matches the version of waflib, so drop any bundled waf/waflib if _NEEDS_EXTERNAL_WAF is used, as otherwise waf errors out with errors like: Waf script '2.0.24' and library '1.9.3' do not match Signed-off-by: Peter Korsgaard <[email protected]> Reviewed-by: Romain Naour <[email protected]> [Peter: Run as a post-patch hook as suggested by Yann] Signed-off-by: Peter Korsgaard <[email protected]>
As that is now handled by the waf-package infrastructure. Signed-off-by: Peter Korsgaard <[email protected]> Reviewed-by: Romain Naour <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Fixes: http://autobuild.buildroot.net/results/bbd/bbd90f11975b691f694412a6fc3446f37dd7c0aa/ The bundled waf script is too old (1.9.3) for python >= 3.11 as it uses the 'U' modifier to open (universal newlines), which have been deprecated since python 3.3 and finally removed in 3.11. Signed-off-by: Peter Korsgaard <[email protected]>
Fixes: http://autobuild.buildroot.net/results/5ce/5ce5ebd20e0e509b31b51d2ec1aed56fdb8f45aa/ The bundled waf script is too old (2.0.12) for python >= 3.11 as it uses the 'U' modifier to open (universal newlines), which have been deprecated since python 3.3 and finally removed in 3.11. Jack unfortunately uses a modified waf, so we cannot just set JACK2_NEEDS_EXTERNAL_WAF, so instead backport an upstream patch fixing the compatibility issue: jackaudio/jack2#884 Signed-off-by: Peter Korsgaard <[email protected]>
Fixes: http://autobuild.buildroot.net/results/ee1/ee15cadf8af10dee6c83b9726a034367e8ae81a7/ The bundled waf script is too old (2.0.7) for python >= 3.11 as it uses the 'U' modifier to open (universal newlines), which have been deprecated since python 3.3 and finally removed in 3.11. Signed-off-by: Peter Korsgaard <[email protected]>
Release notes: https://www.postgresql.org/docs/release/15.2/ Signed-off-by: Maxim Kochetkov <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Webkitgtk needs cmake >= 3.20 when building with the make backend since webkitgtk 3.8.0. Cmake 3.20 is above our minimal version in support/dependencies/check-host-cmake.mk, so this breaks builds on hosts with cmake >= 3.18 < 3.20 - So use the ninja backend instead. WebKit/WebKit@6cd8969 Signed-off-by: Peter Korsgaard <[email protected]>
uccp420wlan is not maintained anymore (no commit since 2017) and fails to build with any "recent" kernel (e.g. >= 4.7 which includes torvalds/linux@57fbcce or torvalds/linux@8552a43): /home/thomas/autobuild/instance-1/output-1/build/uccp420wlan-6.9.1/./src/tx.c: In function ‘uccp420wlan_tx_free_buff_req’: /home/thomas/autobuild/instance-1/output-1/build/uccp420wlan-6.9.1/./src/tx.c:1142:49: error: ‘IEEE80211_BAND_2GHZ’ undeclared (first use in this function); did you mean ‘IEEE80211_CHAN_2GHZ’? 1142 | if (ets_band == IEEE80211_BAND_2GHZ) | ^~~~~~~~~~~~~~~~~~~ | IEEE80211_CHAN_2GHZ [...] /home/thomas/autobuild/instance-1/output-1/build/uccp420wlan-6.9.1/./src/core.c:428:29: error: implicit declaration of function ‘ieee80211_csa_is_complete’; did you mean ‘ieee80211_scan_completed’? [-Werror=implicit-function-declaration] 428 | if (ieee80211_csa_is_complete(uvif->vif)) | ^~~~~~~~~~~~~~~~~~~~~~~~~ | ieee80211_scan_completed Fixes: - http://autobuild.buildroot.org/results/7cd7151e390b8f7a0df3e647fe4cd5d6319a830b Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Fix the following build failure without NPTL raised since the addition of the package in commit 1e64fa2: /tmp/instance-7/output-1/build/gdal-3.5.2/port/cpl_multiproc.cpp: In function 'CPLSpinLock* CPLCreateSpinLock()': /tmp/instance-7/output-1/build/gdal-3.5.2/port/cpl_multiproc.cpp:2265:9: error: 'pthread_spin_init' was not declared in this scope; did you mean 'pthread_cond_init'? 2265 | pthread_spin_init(&(psSpin->spin), PTHREAD_PROCESS_PRIVATE) == 0 ) | ^~~~~~~~~~~~~~~~~ | pthread_cond_init Fixes: - http://autobuild.buildroot.org/results/aa2a88990a07e551c40efb0c2180768add600c4f Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
xlib_libxshmfence is mandatory, not optional, since the addition of the package in commit 05c3177: ../miext/sync/misyncshm.c:36:10: fatal error: X11/xshmfence.h: No such file or directory 36 | #include <X11/xshmfence.h> | ^~~~~~~~~~~~~~~~~ Fixes: - http://autobuild.buildroot.org/results/cccc8f97d452ed2adbcbc4624f159a00287a3d38 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Fix CVE-2023-23934 and CVE-2023-25577 GHSA-px8h-6qxv-m22q GHSA-xg9f-g7g7-2323 https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
- Fix CVE-2022-3094, CVE-2022-3736 and CVE-2022-3924 - Update hash of COPYRIGHT (year updated with https://gitlab.isc.org/isc-projects/bind9/-/commit/1a5d707f52282117c9912a27dcc89f2ec412577a) https://downloads.isc.org/isc/bind9/9.16.38/doc/arm/html/notes.html Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Fix CVE-2023-25725 https://www.mail-archive.com/[email protected]/msg43229.html https://www.mail-archive.com/[email protected]/msg43224.html Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Set -fPIC to avoid the following build failure with some architectures such as mips or aarch64 raised since bump to version 4.14 in commit 35953d1 and rofl0r/proxychains-ng@35a674b: checking what's the option to use in linker to set library name ... cannot find an option to set library name Fixes: - http://autobuild.buildroot.org/results/8ed1481e29321ed3da40251f700cb3bd66f62c94 - http://autobuild.buildroot.org/results/fd01df6eb9a37257894740d44a33eece9123355a Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
…eries Signed-off-by: Daniel Lang <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
pcm-tools needs NPTL since its addition in commit 60eb2ce: cpucounters.cpp: In constructor 'pcm::TemporalThreadAffinity::TemporalThreadAffinity(pcm::uint32, bool)': cpucounters.cpp:252:9: error: 'pthread_getaffinity_np' was not declared in this scope; did you mean 'sched_getaffinity'? 252 | pthread_getaffinity_np(pthread_self(), set_size, old_affinity); | ^~~~~~~~~~~~~~~~~~~~~~ | sched_getaffinity Fixes: - http://autobuild.buildroot.org/results/8bbf9c36af332bbf5e7c1abcbb594a0b231ef97e Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
- Use official tarball - This bump will fix the following build failure raised since bump of php to version 8.2.1 in commit 90ab065: checking Check for supported PHP versions... configure: error: not supported. Need a PHP version >= 7.2.0 and < 8.2.0 (found 8.2.1) https://xdebug.org/announcements/2022-12-08 https://xdebug.org/updates#x_3_2_0 Fixes: - http://autobuild.buildroot.org/results/092a6d388fc6801c109eb46635e8df80d06a803e Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
xmms-plugin has been dropped since version 1.4.2 and xiph/flac@8fbeff2 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Fix the following build failure raised since the addition of the package in commit 7689b72: configure: error: Could not find DTB file: /home/autobuild/autobuild/instance-9/output-1/build/linux-6.1.9/arch/arm64/boot/dts/.dtb Fixes: - http://autobuild.buildroot.org/results/44287ccc8cc9767704642919e6d928d1f57b436d Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
At the moment module is build but not installed to target/. To fix this let's bump package to 2023-02-18 version on master branch to fix module installation. Signed-off-by: Giulio Benetti <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Fix the following build failure raised since the addition of the package in commit 2a636d1: sed -i 's,[^ *]power_prep.*;,\tpower_prep="/home/autobuild/autobuild/instance-9/output-1/build/mxs-bootlets-10.12.01/power_prep/power_prep";,' /home/autobuild/autobuild/instance-9/output-1/build/mxs-bootlets-10.12.01/ sed: couldn't edit /home/autobuild/autobuild/instance-9/output-1/build/mxs-bootlets-10.12.01/: not a regular file Fixes: - http://autobuild.buildroot.org/results/b4b26f6b02fd1991f46eba5db240e5050b96d333 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Fix the following openssl static build failure with -latomic raised since bump to version 8.1.0 in commit 7e60888: /home/autobuild/autobuild/instance-8/output-1/host/lib/gcc/sparc-buildroot-linux-uclibc/10.4.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /home/autobuild/autobuild/instance-8/output-1/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libssl.a(ssl_cert.o): in function `ssl_cert_free': ssl_cert.c:(.text+0x53c): undefined reference to `__atomic_fetch_sub_4' Fixes: - http://autobuild.buildroot.org/results/f606bb15bf4f88ba29ef0795413e13acc9cd0976 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Peter Korsgaard <[email protected]>
Bugfix release fixing a number of issues introduced in 7.88.0: https://curl.se/changes.html#7_88_1 https://daniel.haxx.se/blog/2023/02/20/7-88-1-the-second-final-one/ Signed-off-by: Peter Korsgaard <[email protected]>
Contains a fix for a possible race condition that can lead to use after free: eclipse/paho.mqtt.c@911488a https://github.com/eclipse/paho.mqtt.c/milestone/19?closed=1 https://github.com/eclipse/paho.mqtt.c/releases/tag/v1.3.12 Signed-off-by: Daniel Lang <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
GHSA-9pfh-r8x4-w26w GHSA-cxwq-5g9x-x7fr Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 71ddf1a) [Peter: drop Makefile change] Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 6fbe4b3) [Peter: drop Makefile change] Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Peter Korsgaard <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR ports most of the changes to the latest version of buildroot, as of me writing this the 2023.02.x release comes out this month, so I'm porting to that version (currently the master version)
What I did besides port changes:
httpdto busybox (and init script for it)nukefrom busybox (its just an alias forrm -rfanyway)findto delete filesWhat needs to be done:
Things to note: