This clarifies that custom DTSI files can be passed too,
and that the files are compiled after being copied to the
Linux kernel source tree.
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8ef413b59a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The rtl8723b_fw.bin file installed by this package is not actually used
by this driver at all. It is used by the btrtl Bluetooth driver in the
mainline kernel. The mainline btrtl driver looks for the file in
/lib/firmware/rtl_bt rather than /lib/firmware/rtlwifi. This driver's
Makefile has an install target that confirms the correct destination
firmware directory. It was like that since the very first version that
was added to Buildroot.
Signed-off-by: Doug Brown <doug@schmorgal.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 657d9731cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version fixes a bug that prevents the user from switching from one
access point to another.
Signed-off-by: Doug Brown <doug@schmorgal.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 89211450c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pass needed CMake options to disable generating documentations. The
documentation is built using python-sphinx, which is not packaged in
Buildroot.
Prior to this change, if the build host would have a Python installation
with the sphinx module installed the automatic detection tried to build
documentation, which would fail in cases where the sphinxcontrib-qthelp
package is missing from the host Python installation. The error message
in this case was:
Extension error:
Could not import extension ecm (exception: cannot import name
'htmlescape' from 'sphinx.util.pycompat'
(/usr/lib/python3.10/site-packages/sphinx/util/pycompat.py))
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b341f0c91f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
avahi-client is an optional dependency which is enabled by default since
version 2.2.0 and
5ab117c974
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f0a1d47f6f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
see https://prosody.im/doc/release/0.11.13
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 800e53cf7e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2022-23096: An issue was discovered in the DNS proxy in Connman
through 1.40. The TCP server reply implementation lacks a check for the
presence of sufficient Header Data, leading to an out-of-bounds read.
- CVE-2022-23097: An issue was discovered in the DNS proxy in Connman
through 1.40. forward_dns_reply mishandles a strnlen call, leading to an
out-of-bounds read.
- CVE-2022-23098: An issue was discovered in the DNS proxy in Connman
through 1.40. The TCP server reply implementation has an infinite loop if
no data is received.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2022/01/25/1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 35a3c01824)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- drop 0001-LOGCXX-528.patch (from upstream [1])
- renumber remainnig patch
Changelog (for deteils see [2]):
- This is a minor bugfix release to fix issues found with 0.12.0. Notably,
this version fixes a bug where a multithreaded application would crash
when using a rolling file.
[LOGCXX-534] - Crashed in log->forcedLog function when running with multi-thread
[LOGCXX-528] - log4cxx fails to build on Centos 7.6 / g++ 4.8.5 / Boost 1.53
[1] 249dd85494
[2] https://logging.apache.org/log4cxx/latest_stable/changelog.html#0.12.1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 38659ff0cb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- add patch 0002-boost-fallback-only-check-for-boost-if-really-needed.patch
to check for boost if really needed (in case of legacy c++ standard < c++17)
Fixes:
- http://autobuild.buildroot.net/results/8d49ab7cd9952f6a13bdd330e875012d0601f1d2
-- Found Boost: .../host/x86_64-buildroot-linux-uclibc/sysroot/usr/include (found version "1.78.0") found components: thread chrono missing components: date_time atomic
CMake Error at .../build/log4cxx-0.12.0/boost-fallback-compile-tests/CMakeFiles/CMakeTmp/CMakeLists.txt:19 (add_executable):
Target "cmTC_aac37" links to target "Boost::date_time" but the target was
not found. Perhaps a find_package() call is missing for an IMPORTED
target, or an ALIAS target is missing?
CMake Error at .../build/log4cxx-0.12.0/boost-fallback-compile-tests/CMakeFiles/CMakeTmp/CMakeLists.txt:19 (add_executable):
Target "cmTC_aac37" links to target "Boost::atomic" but the target was not
found. Perhaps a find_package() call is missing for an IMPORTED target, or
an ALIAS target is missing?
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d76301be85)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- change download URL to https
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0876da5ea1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Package pistache is affected by binutils bug 27597 (Nios II), so let's
disable it when BR2_TOOLCHAIN_HAS_BINUTILS_BUG_27597=y. Let's also
indent the comment dependencies.
Fixes:
http://autobuild.buildroot.net/results/0e7b74c5a07ced2bbae1a0a8c7d7ba26dfa04031/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d5b08f37a4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
apitrace uses very big switch statements, which causes the build to fail
on m68k, because the offsets there are only 16-bit.
We fix that by using -mlong-jump-table-offsets on m68k, to use 32-bit
offsets for switch statements. That flag is available on gcc version >= 7
but apitrace package already depends on BR2_TOOLCHAIN_GCC_AT_LEAST_7, so
we can use it with no problem.
Fixes:
http://autobuild.buildroot.net/results/7306bf05962fec30fbe98b1eb8ee09b3162b8080/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fdee6c9f39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
autoreconf is not needed since commit
dbf8047f64 as the official tarball already
ships a configure file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 59f8a971ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add patch to fix linux bug:
```
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
```
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/2021478164
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3529e8c21c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From [1]:
"Even though the ordering has absolutely no consequences in Kconfig, it
is not logical (when reading). It is more logical and far easier to
understand when depends come first, followed by the selects."
Also, the Config.in example in the manual suggests to use this coding
style [2]."
Use the correct coding style in the chapter "Choosing depends on or select"
in the manual.
[1] http://lists.busybox.net/pipermail/buildroot/2015-October/142955.html
[2] https://nightly.buildroot.org/manual.html#_coding_style
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 39458e33c1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We are currently using the fork by Adam, with support for duktape as a
JS engine. But upstream has finally merged that just a day ago. Woohoo!
Between the fork we were using and upstream, there are very little
changes, mostly centered around:
- translations
- buildsystem
- duktape
- CVE-2021-4034
So, we just switch to using the HEAD of the repo: it has not much more
than the two important changes: duktape and the CVE fix.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Marek Belisko <marek.belisko@open-nandra.com>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4aecb964af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is needed for polkit to work with SELinux.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b89163a067)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop upstreamed patches
- change the location of polkit.its and polkit.loc to match their
new locations.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 079528bb9c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-20330: An attacker with basic CRUD permissions on a
replicated collection can run the applyOps command with specially
malformed oplog entries, resulting in a potential denial of service on
secondaries. This issue affects MongoDB Server v4.0 versions prior to
4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server
v4.4 versions prior to 4.4.6.
Drop third patch (already in version)
https://docs.mongodb.com/master/release-notes/4.2/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 49bbf644d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ClamAV 0.103.5 is a critical patch release with the following fix:
- CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with
libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the
clamscan --gen-json option) is enabled.
https://github.com/Cisco-Talos/clamav/blob/clamav-0.103.5/NEWS.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f92c093c7a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 70d1858353)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 64cf3dc6c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2021-43816: "Unprivileged pod using `hostPath` can side-step active LSM when
it is SELinux"
Containers launched through containerd’s CRI implementation on Linux systems
which use the SELinux security module and containerd versions since v1.5.0 can
cause arbitrary files and directories on the host to be relabeled to match the
container process label through the use of specially-configured bind mounts in a
hostPath volume. This relabeling elevates permissions for the container,
granting full read/write access over the affected files and directories.
Kubernetes and crictl can both be configured to use containerd’s CRI
implementation.
https://github.com/advisories/GHSA-mvff-h3cj-wj9chttps://github.com/containerd/containerd/releases/tag/v1.5.9
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 935bd589a3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pjsip:pjsip has been deprecated by teluu:pjsip since September 2021:
<cpe-23:cpe23-item name="cpe:2.3🅰️pjsip:pjsip:2.7.1:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3🅰️teluu:pjsip:2.7.1:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
<cpe-item name="cpe:/a:pjsip:pjsip:2.7.2" deprecated="true" deprecation_date="2021-09-02T14:49:19.527Z">
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c99d84fb96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
RK3399_ROCKPRO64 has been picked from pine64/rockpro64 but here we deal
with orangepi-rk3399, so let's change the label to RK3399_ORANGEPI.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 07a0d71657)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (since 1.1.7):
8b70f08 Add definition of new event GstAppSinkCallbacks for interpipesink element
ddaa9b5 Add conditional build according to GST_VERSION_MINOR
730dea6 Bump project version
8718b12 Add initialization for the GstAppSinkCallbacks struct
f015ff7 Remove redundant initialization of new_event callback
530da92 Update copyright year in README file
e8ce826 Add explanatory comment on the memset of GstAppSinkCallbacks struct
f0f3b8e Fix README copyright date to 2016-2022
814982e Merge branch 'hotfix/add-new-event-callback'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0872ac72b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in
tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by
a crafted XML message and leads to a denial of service.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b23ef21029)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mod_compress has been subsumed by mod_deflate since version 1.4.56 and
dab212b5f5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 653dc2e710)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch added by commit eee96b0f0a on gcc
9.3.0 must also be applied on gcc 10 and 11 to avoid the following build
failure on numerous packages (babeltrace2, pcsc-lite, tpm2-pkcs11,
etc.):
configure:13774: checking whether pthreads work with -pthread
configure:13868: /home/giuliobenetti/autobuild/run/instance-0/output-1/host/bin/or1k-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g2 -std=gnu99 -pthread -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
conftest.c:27:26: error: #error "_REENTRANT must be defined"
27 | # error "_REENTRANT must be defined"
| ^~~~~
It should be noted that external bootlins will have to be rebuilt.
Fixes:
- http://autobuild.buildroot.org/results/cb58d4fbaeb08d188c2f8bf05ef1604789fa8766
- http://autobuild.buildroot.org/results/7af9d4b68bd46ed260ed66ba2cc3c9c21482e741
- http://autobuild.buildroot.org/results/6f926bec146752873f8032b593f0de1cb222ea46
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 98e39dc80e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
rdgif.c, cderror.h: add sanity check for GIF image dimensions.
Thank to Casper Sun for cjpeg potential vulnerability report.
- Update hash of README (changes not related to license)
- Update indentation in hash file (two spaces)
https://jpegclub.org/reference/reference-sources/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b5e36f80a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5.15.2 is the last public release of 5.15 and does not contain this CVE
fix. However, >=6.1.2 and >5.12.12 all contain the necessary patches so
let's port them to 5.15.2.
Technically only the first two patches are required to patch the CVE.
However, the second patch introduces a regression that is fixed in the third
patch.
The patches are taken from KDE kde/5.15 git branch.
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9151eab3c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: also change in Config.in]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f6297befe1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is
specifically defined to use a particular SAN type, can result in bypassing
name-constrained intermediates. Node.js was accepting URI SAN types, which
PKIs are often not defined to use. Additionally, when a protocol allows URI
SANs, Node.js did not match the URI correctly.
Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
Node.js converts SANs (Subject Alternative Names) to a string format. It
uses this string to check peer certificates against hostnames when
validating connections. The string format was subject to an injection
vulnerability when name constraints were used within a certificate chain,
allowing the bypass of these name constraints.
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
Node.js did not handle multi-value Relative Distinguished Names correctly.
Attackers could craft certificate subjects containing a single-value
Relative Distinguished Name that would be interpreted as a multi-value
Relative Distinguished Name, for example, in order to inject a Common Name
that would allow bypassing the certificate subject verification.
Prototype pollution via console.table properties (Low)(CVE-2022-21824)
Due to the formatting logic of the console.table() function it was not safe
to allow user controlled input to be passed to the properties parameter
while simultaneously passing a plain object with at least one property as
the first parameter, which could be __proto__. The prototype pollution has
very limited control, in that it only allows an empty string to be assigned
numerical keys of the object prototype.
For details, see the advisory:
https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9096036f00)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer
overflow in sampled_data_finish (called from sampled_data_continue and
interp).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c817641331)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in
sampled_data_sample (called from sampled_data_continue and interp).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 70910c4092)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-13867: Open-iSCSI targetcli-fb through 2.1.52 has weak
permissions for /etc/target (and for the backup directory and backup
files).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 488f92a1c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
