Django 5.0.7 fixes the following CVEs:
* CVE-2024-38875: Potential denial-of-service vulnerability in django.utils.html.urlize()
* CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords
* CVE-2024-39330: Potential directory-traversal via Storage.save()
* CVE-2024-39614: Potential denial-of-service vulnerability in get_supported_language_variant()
Django 5.0.8 fixes the following CVEs:
* CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
* CVE-2024-41990: Potential denial-of-service vulnerability in django.utils.html.urlize()
* CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
* CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
Further release Notes: https://docs.djangoproject.com/en/5.0/releases/
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f777ce1fd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9696d27756 "package/gpsd: condition python stuff to the proper
kconfig option" changed the condition in which the gpsd python scripts
are installed. After that change, the "gpsfake" command (which is a
python script) is no longer found and the runtime test is failing.
This commit fixes the issue by reflecting the change in the runtime
test Buildroot configuration.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b6f4d79df2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This didn't work out as planned, neither the restriction of muting
unregistered users, nor the exception for matrix users worked as planned.
The channel mode has been reverted to +R (meaning only registered users
are allowed to join) and an exception for *that* has been introduced for
matrix users via +e. The channel modes are documented in [1].
[1] https://www.oftc.net/ChannelModes/
This reverts commit d1e6d7845b.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bede54c774)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps gcc-bare-metal to gcc 14.2.0.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f00b18c48a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 03505e3457)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For change log since v2.3.5, see:
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.3.6
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f9f2ade9bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit allows the package patches to be applied with fuzz factor 0.
The fuzz factor specifies how many lines of the patch can be inexactly
matched, so the value 0 requires all lines to be exactly matched.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 06b5ce9f04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See here for a Changelog and CVE's:
http://nginx.org/en/CHANGES-1.26
Patch 0006 is no longer required as the openssl library is found without
this patch, which does not apply anymore.
Patch 0009 is no longer required as it was fixed in another way upstream:
https://hg.nginx.org/nginx/rev/fb989e24c60a
Patch 0011 is upstream:
https://hg.nginx.org/nginx/rev/f58b6f636238
Reorder the remaining patches and update .checkpackageignore accordingly.
The LICENSE file is changed, the year changed from 2022 to 2024.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 761259c934)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See here for a Changelog:
https://openldap.org/software/release/changes_lts.html
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 61ad551648)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Let's disable Security flags for the Buildsystem and
let it handled by Buildroot itself.
Fixes:
- http://autobuild.buildroot.net/results/c9e/c9ed27a51a68429b2ed2d8eebb1afc919ecbead1/
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f6a975f24e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See also: https://github.com/swaywm/swaybg/releases/tag/v1.2.1
Signed-off-by: James Knight <james.d.knight@live.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2143e8f835)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The mysql virtual package was removed in commit 8708f3a23a
"package/mysql: drop virtual package".
The mariadb runtime test was authored before this mysql virtual
package removal, but was merged after it, in commit 5356754d1e
"support/testing: add mariadb runtime test". Due to this, this test
always failed with the error:
Makefile.legacy:9: *** "You have legacy configuration in your .config! Please check your configuration.". Stop.
This commit fixes the issue by removing the legacy
BR2_PACKAGE_MYSQL=y configuration directive.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/7540345406
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3da3361a1b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Maeva told me personally she will no longer contribute to Buildroot
for the time being. This commit removes all the associated DEVELOPERS
entries.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 92d652df48)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mokutil unconditionally uses X509_get0_subject_key_id resulting in the
following build failure with libressl since its addition in commit
2e6e121496:
/home/autobuild/autobuild/instance-18/output-1/host/lib/gcc/i686-buildroot-linux-uclibc/13.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: mokutil-efi_x509.o: in function `get_cert_skid':
efi_x509.c:(.text+0x4e6): undefined reference to `X509_get0_subject_key_id'
Fixes: 2e6e121496
- http://autobuild.buildroot.org/results/88b549734eae4b25de1b8e1c4f04bace0a7e7418
- http://autobuild.buildroot.org/results/05ac319bfb2a252f3dcdc5d04761f276afb53b6f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1941fe3d82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The comment does not follow the coding style, so update it appropriately.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b88d2b51a4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, we have a Kconfig symbol to enable the python support in
gpsd, but the condition at configure time is based on whether the python
package is enabled. So, if a user does not enable python support in
gpsd, they still get it.
Switch to using the proper symbol.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Bernd Kuhls <bernd@kuhls.net>
Reviewed-by: Jan Havran <havran.jan@email.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9696d27756)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pass USE_LIBDRM=OFF to the wpewebkit CMake configuration step when the
libdrm package has not been selected.
WPE WebKit can be built without libdrm support, and it will still work
with backends that use other platform-specific methods to handle
graphics buffers and/or presenting content onto an output. For example
this is the case with wpebackend-rdk configured to use rpi-userland,
which uses dispmanx to produce the output instead of DRM/KMS.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 65f8174648)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patch (already in version)
- This bump will fix the following build failure with musl >= 1.2.5
thanks to
eb6394c3d8:
/home/autobuild/autobuild/instance-22/output-1/build/rtty-8.1.0/src/file.c: In function 'start_upload_file':
/home/autobuild/autobuild/instance-22/output-1/build/rtty-8.1.0/src/file.c:156:24: error: implicit declaration of function 'basename' [-Werror=implicit-function-declaration]
156 | const char *name = basename(path);
| ^~~~~~~~
https://github.com/zhaojh329/rtty/releases/tag/v8.1.2https://github.com/zhaojh329/rtty/releases/tag/v8.1.1
Fixes:
- http://autobuild.buildroot.org/results/382405b421a8ea7b5b3beb553f47fa20427fa3c3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ca742a985c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pistache needs NPTL as it unconditionally uses pthread_setname_np since
b283c32963
resulting in the following uclibc build failure since commit
82e61bed82:
../src/common/reactor.cc: In lambda function:
../src/common/reactor.cc:512:25: error: 'pthread_setname_np' was not declared in this scope; did you mean 'pthread_setcanceltype'?
512 | pthread_setname_np(pthread_self(),
| ^~~~~~~~~~~~~~~~~~
| pthread_setcanceltype
Fixes: 82e61bed82
- http://autobuild.buildroot.org/results/b2b22e4f9684aca0246650673fd8c33019712ddf
- http://autobuild.buildroot.org/results/1597bfe2a57cd3aef54d331447dd81cae020d434
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b6db4e2a79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With GCC 14.x as the host compiler, bcusdk fails to build as follows:
configure: error: Specified CC_FOR_BUILD doesn't seem to work
This is due to missing includes in the test programs used in the
configure script to check the host compiler. We fix this with patch
0003.
However, this patch requires to autoreconf the package, and autoreconf
would need the definition of AM_PATH_XML2, which would require libxml2
even though we don't have libxml2 as a dependency of this package (we
don't enable the features that requires libxml2). As it turns out that
the AM_PATH_XML2 macro is in fact deprecated, we replaced it by its
equivalent using PKG_CHECK_MODULES(), which is in fact exactly how
AM_PATH_XML2 is implemented in upstream libxml2.
Fixes:
http://autobuild.buildroot.net/results/458880bd6c207e5bb7afce1a1186f204c30c0941/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e4109c1d2d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patch 0001 has been submitted upstream, but the formatting of the
tag was not correct, let's fix this.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 668867bfed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc >= 14:
led.c: In function 'wmplugin_exec':
led.c:86:42: error: assignment to 'struct cwiid_btn_message *' from incompatible pointer type 'struct cwiid_btn_mesg *' [-Wincompatible-pointer-types]
86 | btn_mesg = &mesg[i].btn_mesg;
| ^
Fixes:
- http://autobuild.buildroot.org/results/a3bde74ff2137d088f4261e62930859bfe460cb9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f0877f5f9d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mdio-tools depends on CONFIG_MDIO_DEVICE in order for mdiobus driver to
be built, but CONFIG_MDIO_DEVICE depends on CONFIG_NETDEVICES which we
are not enabling so on platforms without it enabled in kernel config
building mdio-tools will fail with:
ERROR: modpost: "mdio_find_bus" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
ERROR: modpost: "__mdiobus_c45_read" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
ERROR: modpost: "__mdiobus_read" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
ERROR: modpost: "__mdiobus_c45_write" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
ERROR: modpost: "__mdiobus_write" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
So enable CONFIG_NETDEVICES as well to make sure CONFIG_MDIO_DEVICE can be enabled.
Fixes: http://autobuild.buildroot.net/results/edf47df96cde6094c890c0b74034cced90335a39/
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b95fff0185)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All patches of the odb package already contained relevant Upstream
information, just not formatted according to how we expect it. Let's
fix that, and drop the .checkpackageignore entries that are no longer
needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 84ae3b04fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds more information to the Udoo Neo's readme, e.g., UART
pins and baudrate.
Signed-off-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 008e37b3ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add automatic JACK audio sound server support to ffmpeg if either JACK
or JACK2 are enabled.
Signed-off-by: Thomas Bonnefille <thomas.bonnefille@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 15e411d800)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See release announce:
https://www.freerdp.com/2024/04/22/2_11_7-release
Note: this release is flagged as a "security" bump from the upstream
release note. While there is no allocated CVEs, commits in this release
are backported fixes from oss-fuzz. See:
https://github.com/FreeRDP/FreeRDP/compare/2.11.6...2.11.7
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b382ede065)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On the architectures that supports libsanitizer (part of gcc), the
build is currently failing with BR2_TIME_BITS_64=y. This is because
some code in libsanitizer unsets _FILE_OFFSET_BITS, but building code
with _FILE_OFFSET_BITS unset, but _TIME_BITS set isn't legal.
To fix this, this commit backports two changes:
- One change to also unset _TIME_BITS in
sanitizer_platform_limits_posix.cpp. This change is upstream in
LLVM, and already part of GCC 14.x, so we only bringing it to GCC
12.x and GCC 13.x.
- A second change doing the same modification, but in
sanitizer_procmaps_solaris.cpp, which as crazy as it might sound,
also gets compiled on Linux platforms (but to basically an empty
file). This change has been submitted upstream to both LLVM and gcc.
Notes:
- the special PowerPC SPE version of GCC cannot be affected, as only
uClibc-ng is used for this architecture, and uClibc-ng doesn't use
_TIME_BITS=64 (but now default to 64-bit time_t on 32-bit
architectures, like musl does).
- the special ARC version doesn't need patching because libsanitizer
doesn't support the ARC architecture, so it doesn't get built
Fixes:
http://autobuild.buildroot.net/results/ff2dbfdabf0bb6a0d82ea8a80122ab97fd75bd3f/https://gitlab.com/buildroot.org/buildroot/-/issues/16
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 81a4b6e7b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kconfig infra defines a 'PKG_KCONFIG_MAKE' var that wraps all the
standard kconfig options. Switch to this so we aren't duplicating the
logic.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 009d31b438)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'linux-diff-config' target fails with the below error when
PER_PACKAGE_DIRECTORIES is enabled and the 'host-finalize' target hasn't
run yet.
scripts/Kconfig.include:39: C compiler '.../buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-gcc' not found
The 'PPD' variable isn't defined for this target, so 'BR_PATH' falls
back to the final host directory.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 641084bfb3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'linux-savedefconfig' target fails with the below error when
PER_PACKAGE_DIRECTORIES is enabled and the 'host-finalize' target hasn't
run yet.
scripts/Kconfig.include:39: C compiler '.../buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-gcc' not found
The 'PPD' variable isn't defined for this target, so 'BR_PATH' falls
back to the final host directory.
Reported-by: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit de11afaa34)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
open-isns is optional, not mandatory, since bump to version 2.1.9 in
commit 2314928cf8 and
713524df80
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 948b183042)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I am not using this package anymore.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c79ec67bc8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Runtime tests running on test runners are subject to a high
variability in term of performance and timing. Most or the runtime
test commands are executed with a timeout, in pexpect.
Slow or very loaded test runners can use the timeout_multiplier to
globally increase those timeouts.
Some runtime test commands sometimes needs to poll or query a state,
rather than having purely sequential actions. It is sometimes hard to
know, from the test writer point of view, the maximum timeout to set, or
if a retry logic is needed.
In order to help debugging runtime tests failing due very slow
execution, this commit adds extra information on the host test runner
about its load in the run log. Relevant information are: number of
cpus, the load average at the moment the emulator is started and the
current timeout_multiplier.
Note: this change was discussed in:
https://lists.buildroot.org/pipermail/buildroot/2024-July/759119.html
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7a6edbc7b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit bfefed17a9 ("package/gdb: bump
14.x series from 14.1 to 14.2"), which upgraded the GDB 14.x series
from 14.1 to 14.2 forgot to rename the directory containing the
patches, causing them to no longer be applied.
The patches still apply properly with no change, so renaming the
directory is sufficient.
http://autobuild.buildroot.net/results/b8c6af95b244272220c63847e7cc929c9c58eee4/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 076f345acc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
