This commit creates a symlink that ensures fontconfig will find the
fonts installed by the font-awesome package.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0979a9e13c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build fails on systems without /usr/bin/msgfmt. This has been an issue
that exists since at least vlc 3.0.7, with build failures that can be
found as early as August 2019.
Fixes:
http://autobuild.buildroot.net/results/3c9893dd92d784a0520a287c4d4a5e760393c95f/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 153d028303)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-4136: vim is vulnerable to Heap-based Buffer Overflow
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f5ec93be3c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set HOSTCC_NOCCACHE and HOSTCXX_NOCCACHE only if they are not
set. This allows recursive calls to "make" to work as intended in the
presence of ccache. Such recursive calls to "make" can for example
happen if one calls "make legal-info" from within a post-build script,
to integrate some results of the legal-info output into the root
filesystem.
Without guarding these variables, a recursive invocation of make would
re-define
HOSTCC_NOCCACHE := $(HOSTCC)
and
HOSTCXX_NOCCACHE := $(HOSTCXX)
at a point in time when HOSTCC and HOSTCXX already point to ccache.
It used to work by "accident" until
ca6a2907c2 ("make: support: use `command
-v' instead of `which'"), due to how "which" was behaving when invoked
with multiple arguments. After switching to "command -v", which
behaves different with multiple arguments, this HOSTCC_NOCCACHE
redefinition problem surfaced. Even though
ca6a2907c2 has since then been reverted
for other reasons, it does make sense to guard the definition of
HOSTCC_NOCCACHE and HOSTCXX_NOCCACHE to not rely on a side-effect of
using "which".
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c5912e7db3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libdbi needs dynamic library to avoid the following build failure raised
since the addition of the package in commit
c6aac6ebdb:
dbi_main.c:84:2: error: #error no dynamic loading support
84 | #error no dynamic loading support
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/9cd56a625cbd52b0c070e2d462e02f5161d9631d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a24f0e8eee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add patch to fix linking failure while creating shared library. As
explained in the patch itself, there is no specific variable for when we
link a shared library and rebar itself rely on the default LDFLAGS. Since
by default every CFLAGS is filled with -fPIC we need to make sure that
every LDFLAGS is the same, so not having any other *_LDFLAGS variable to
fille with -fPIC let's add it to the main LDFLAGS.
Fixes:
http://autobuild.buildroot.net/results/602/60296a48210e7ffc6bc9fa50ee586441a8957e85/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b00c034fe5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following musl build failure raised since bump to version 6.14
in commit 5292d1cf9a:
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i586-buildroot-linux-musl/9.3.0/../../../../i586-buildroot-linux-musl/bin/ld: rngd-rngd_jitter.o: in function `rngd_notime_start':
rngd_jitter.c:(.text+0xdc2): undefined reference to `pthread_attr_setaffinity_np'
Fixes:
- http://autobuild.buildroot.org/results/3ec7df86856aa9bee2f18a8faa44fd58bc8a6657
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d94e2b6dd4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the gcc arc version was bumped to a version using gcc
10.x (arc-2020.09-release) in commit 0791abfba0 (toolchain: update ARC
tools to arc-2020.09-release), the select of BR2_GCC_VERSION_ARC on the
appropriate BR2_TOOLCHAIN_GCC_AT_LEAST_xyz was not updated.
Commit 0b4c7ba01c (toolchain: update option descriptions for ARC tools
arc-2020.09-release) fixed the prompt, but still forgot to update the
appropriate BR2_TOOLCHAIN_GCC_AT_LEAST_xyz.
This commit eventually fixes this issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 81662cf228)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As explained in the patch itself, there is a bug in the handling of
__pselect32() in glibc for the Microblaze architecture. There a
special Microblaze variant that was added to support kernels older
than < 3.15, but it "hides" a generic implementation that is needed to
support kernels newer than 3.15 but older than 5.1 (which is when the
time64 support for 32-bit architectures was added, making __pselect32
no longer needed).
This bug causes a glibc build failure for kernels >= 3.15 but < 5.1,
on Microblaze.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 17ebb6ffae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
IWD is a runtime dependency for the connman iwd plugin.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9892fd8f06)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 60acafc806)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 35cf2a00b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select BR2_TARGET_UBOOT_NEEDS_OPENSSL to fix the following build
error:
include/image.h:1178:12: fatal error: openssl/evp.h: No such file or directory
1178 | # include <openssl/evp.h>
| ^~~~~~~~~~~~~~~
Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/1915006189
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d9f72e37bd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select BR2_TARGET_UBOOT_NEEDS_OPENSSL to fix the following build
error:
include/image.h:1178:12: fatal error: openssl/evp.h: No such file or directory
1178 | # include <openssl/evp.h>
| ^~~~~~~~~~~~~~~
Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/1915006257
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 635f4b8b5a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select BR2_TARGET_UBOOT_NEEDS_OPENSSL to fix the following build
error:
include/image.h:1178:12: fatal error: openssl/evp.h: No such file or directory
1178 | # include <openssl/evp.h>
| ^~~~~~~~~~~~~~~
Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/1915006500
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f7071471ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When binutils 2.37 was introduced in commit
62f0232980 ("package/binutils: add
version 2.37"), the patch
0008-or1k-fix-pc-relative-relocation-against-dynamic-on-P.patch was
not properly updated. Indeed, between binutils 2.36 and 2.37, binutils
has switched to using the standard "bool" type, so instead of using
TRUE/FALSE, true/false must be used.
With this change, the binutils patch matches the one that was merged
upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b032faa401)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Configuring coreutils with gl_cv_func_fstatat_zero_flag=no results in
non-functional lchmod library function which causes 'mkfifo -m' to
always complete with the message 'cannot set permissions of ...: Invalid
argument' and an error exit code. gl_cv_func_fstatat_zero_flag=no is not
needed when building coreutils-9.0 for linux and its setting should be
correctly determined by the configure script.
Drop gl_cv_func_fstatat_zero_flag=no from the coreutils configure
environment.
For more details see
https://lists.buildroot.org/pipermail/buildroot/2021-December/631388.html
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fef5d9fbda)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail address is bouncing (and we have some private information
that explains why):
Ryan Barnett (ryan.barnett@collins.com)<mailto:ryan.barnett@collins.com>
The recipient won't be able to receive this message because it's too large.
The maximum message size that's allowed is 1 KB. This message is 7 KB.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 287601459e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Cage requires wlroots to be built with X11 enabled
in order to enable XWayland, otherwise it will fail
with error:
"ERROR: Problem encountered: Cannot build Cage with
XWayland support: wlroots has been built without it"
Signed-off-by: Yunhao Tian <t123yh.xyz@gmail.com>
[yann.morin.1998@free.fr:
- drop explicit _XORG7, as _WLROOTS_X11 depends on it
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3e4c2d6213)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit b3b6070622 (arch/xtensa: allow specifying path to tarball file)
missed a place where the xtensa overlay was referenced, thus breaking
the calculation for the ccache hash.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b98ed34072)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable documentation which is available (and enabled by default) since
bump to version 0.31 in commit 0186da2923
and
60e173c019
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8a78e215c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
*) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
multipart content in mod_lua of Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A carefully crafted request body can cause a buffer overflow in
the mod_lua multipart parser (r:parsebody() called from Lua
scripts).
The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credits: Chamal
*) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
For more details, see the changes file:
https://downloads.apache.org/httpd/CHANGES_2.4.52
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bdc3f6888f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
janus-gateway is vulnerable to Improper Neutralization of Input During
Web Page Generation ('Cross-site Scripting')
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2fd3c2cf43)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking
script content through SVG images (CVE-2021-43818).
- A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking
script content through CSS imports and other crafted constructs
(CVE-2021-43818).
https://github.com/lxml/lxml/blob/lxml-4.6.5/CHANGES.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ad6321660c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Evan has privately requested to no longer receive e-mails related to
this Buildroot package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit acc0d51c53)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS dependency was wrongly added to
BR2_PACKAGE_HOST_IMAGEMAGICK by commit
df20e45463, indeed host-librsvg is only
needed by BR2_PACKAGE_HOST_IMAGEMAGICK_SVG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 38f6b42d31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV,
DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0,
as also used in OpenBLAS before version 0.3.18. Specially crafted inputs
passed to these functions could cause an application using lapack to
crash or possibly disclose portions of its memory.
It should be noted that commit 59a1fcc696
wrongly assumed that this CVE was fixed in version 3.10.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 83134027a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with glibc >= 2.34:
In file included from timerobj.c:32:
In function 'threadobj_set_current',
inlined from 'server_prologue' at timerobj.c:94:2:
../../include/copperplate/threadobj.h:252:9: error: 'pthread_setspecific' expecting 1 byte in a region of size 0 [-Werror=stringop-overread]
252 | pthread_setspecific(threadobj_tskey, thobj);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/ed93f916eda304b30f320816c85d1b0d4488c699
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1b3055cc8d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current configuration fails to boot on the stm32f469-disco board.
Make it bootable again by reverting the DRAM patches.
Also change the kernel load address from 0x8010000 to 0x800C000 to
allocate more space to the kernel, since 32kB for the device tree is
enough.
Also clean up the rootfs a bit with the common stm32-post-build.sh
script.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 82c1a43792)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
They are currently expressed as such:
depends on (BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
which is not the common practice in Buildroot. We prefer to use:
depends on BR2_ENABLE_LOCALE
depends on BR2_USE_WCHAR
This commit ensures linux-pam is consistent with this best practice.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ac9261edec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_LINUX_PAM depends on BR2_USE_MMU, but this dependency is
not taken into account in the Config.in comment, which this commit
fixes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8f0df6609a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with help2man raised since bump to
version 1.26.0 in commit be76508af2:
FAILED: docs/man/mbimcli.1
/usr/bin/help2man --output=docs/man/mbimcli.1 '--name=Control MBIM devices' '--help-option="--help-all"' /home/peko/autobuild/instance-1/output-1/build/libmbim-1.26.0/build/src/mbimcli/mbimcli
help2man: can't get `"--help-all"' info from /home/peko/autobuild/instance-1/output-1/build/libmbim-1.26.0/build/src/mbimcli/mbimcli
Try `--no-discard-stderr' if option outputs to stderr
Fixes:
- http://autobuild.buildroot.org/results/eaa2ba54b9c74f07292d3cad4fa96c80e6079702
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a315d7c98b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ICU build scripting adds some host libraries to LD_LIBRARY_PATH by
using constructs of the following form:
LD_LIBRARY_PATH="custom-path:${LD_LIBRARY_PATH}"
If the original LD_LIBRARY_PATH is empty, this causes the last search
directory be an empty string, i.e. the working directory.
ICU build runs some basic host commands (e.g. "rm") in $(TARGET_DIR)/lib
under such an LD_LIBRARY_PATH, causing target libraries (e.g. libc) to
possibly get loaded instead of host system libraries if they are
compatible enough (e.g. arch matches).
Since the target libraries may not actually be ABI compatible with host
system binaries (e.g. target has an old libc), this can cause crashes
or other errors.
Observed errors include:
(1) rm: libc.so.6: version `GLIBC_2.33' not found (required by rm)
(2) sh: line 1: 1362670 Segmentation fault (core dumped) rm -f libicudata.so.65
Workaround the issue by setting a dummy LD_LIBRARY_PATH when it would
otherwise be empty.
https://unicode-org.atlassian.net/browse/ICU-21417
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ac1c781149)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised with help2man since bump to
version 1.30.0 in commit 50c5495f81:
FAILED: docs/man/qmicli.1
/usr/bin/help2man --output=docs/man/qmicli.1 '--name=Control QMI devices' '--help-option="--help-all"' /home/peko/autobuild/instance-1/output-1/build/libqmi-1.30.2/build/src/qmicli/qmicli
help2man: can't get `"--help-all"' info from /home/peko/autobuild/instance-1/output-1/build/libqmi-1.30.2/build/src/qmicli/qmicli
Try `--no-discard-stderr' if option outputs to stderr
Fixes:
- http://autobuild.buildroot.org/results/15818b6de7378cd75c59b1d6dc732ed9a20c092a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7f38ce2103)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following vulnerabilities:
* CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds
access
The handler for the CompositeGlyphs request of the Render extension does
not properly validate the request length leading to out of bounds memory
write.
* CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds
access
The handler for the CreatePointerBarrier request of the XFixes extension
does not properly validate the request length leading to out of bounds
memory write.
* CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access
The handler for the Suspend request of the Screen Saver extension does not
properly validate the request length leading to out of bounds memory
write.
* CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access
The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write.
For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV,
DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0,
as also used in OpenBLAS before version 0.3.18. Specially crafted
inputs passed to these functions could cause an application using
lapack to crash or possibly disclose portions of its memory.
- Update license hash, year changed:
f67034373e
- Update indentation in hash file (two spaces)
http://netlib.org/lapack/lapack-3.10.0.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 59a1fcc696)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition...
scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Tested on beaglebone black and beaglebone white (A6)
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7b55cb018d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Minor bugfix release:
Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
*) Avoid loading of a dynamic engine twice.
[Bernd Edlinger]
*) Fixed building on Debian with kfreebsd kernels
[Mattias Ellert]
*) Prioritise DANE TLSA issuer certs over peer certs
[Viktor Dukhovni]
*) Fixed random API for MacOS prior to 10.12
These MacOS versions don't support the CommonCrypto APIs
[Lenny Primak]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2b906b975a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- cgi_error_no_template(): Encode the template name to prevent
XSS (cross-site scripting) when Privoxy is configured to servce
the user-manual itself.
Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543.
Reported by: Artem Ivanov
- get_url_spec_param(): Free memory of compiled pattern spec
before bailing.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.
- process_encrypted_request_headers(): Free header memory when
failing to get the request destination.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541.
- send_http_request(): Prevent memory leaks when handling errors
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 44a97dcb93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
