This release contains fixes for three minor memory safety problems.
None are believed to be exploitable, but we report most memory safety
problems as potential security vulnerabilities out of caution.
* ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
Reported by Qualys
* ssh-keygen(1): double free() in error path of file hashing step in
signing/verify code; GHPR333
* ssh-keysign(8): double-free in error path introduced in openssh-8.9
https://www.openssh.com/txt/release-9.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bb571dc3e8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, with security fixes for CVE-2022-32886 and CVE-2022-32912.
Release notes:
https://wpewebkit.org/release/wpewebkit-2.36.8.html
Accompanying security advisory:
https://wpewebkit.org/security/WSA-2022-0009.html
This also imports a build fix for ARM NEON targets.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fc523deaf9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ee62626e16)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Missed from commit 2b134f9549 ({toolchain, linux-headers}: add support for
5.17.x headers).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 484b50507f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ebc9beaa6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 2.5.1, volk has been undergoing a relicensing from GPL-3.0+ to the
LGPL-3.0+, which is still not completely done by some large margin), so
it is still covered by the GPL-3.0+, but has parts already covered by
the LGPL-3.0+.
We so far only listed GPL-3.0+, but we also had the license file for the
LGPL-3.0+.
Add LGPL-3.0+ to the list of licenses; the COPYING file is the text of
the GPL-3.0+, so we already had it listed (note: the package has a
COPYING-GPL, but i's a symlink to COPYING).
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[yann.morin.1998@free.fr:
- split out to its own patch
- explain why we don't add COPYING-GPL
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0a397fa638)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since volk 2.5.1, C++17 is required, and no Boost component is used
anymore.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[yann.morin.1998@free.fr: split out to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 66215faa52)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.
This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.
https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2e4c0e722f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We can't use BR2_PACKAGE_LIBOPENSSL to force selecting libopenssl, as
it is part of a choice. Instead, we have a symbol explicitly to force
libopenssl: BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL.
Use that.
Reported-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 60f97ad95a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
At the moment rtl8189es module has -DCONFIG_LITTLE_ENDIAN hardcoded and
there is no way to override it. So to do this let's add a patch that is
pending upstream[1] to allow to override CFLAGS and then let's undefine
CONFIG_LITTLE_ENDIAN and define the correct endianness in rtl8189es.mk
Fixes:
http://autobuild.buildroot.net/results/3bcad5e88876c86a2a3338961ed20f28b5953779/
[1]: https://github.com/jwrdegoede/rtl8189ES_linux/pull/83
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 79a1c5dcad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Nicolas Tran is apparently no longer at Smile:
The response from the remote server was:
450 4.1.1 <nicolas.tran@smile.fr>: Recipient address rejected: User unknown in virtual mailbox table
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e4ecf82f99)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail server is no longer responsive. Every single day, we get:
<joerg.krause@embedded.rocks>: connect to embedded.rocks[99.83.154.118]:25:
Connection timed out
when sending the daily autobuilder report.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c6b987f39d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop have_mfpu_neon which has been added by commit
b07de37540 but is not recognized:
CMake Warning:
Manually-specified variables were not used by the project:
BUILD_DOC
BUILD_DOCS
BUILD_EXAMPLE
BUILD_EXAMPLES
BUILD_TEST
BUILD_TESTING
BUILD_TESTS
CMAKE_INSTALL_RUNSTATEDIR
have_mfpu_neon
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 27f6c1ab38)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The features of the Cortex A7 CPU on the Aspeed AST2600 A3 SoC are :
half thumb fastmult vfp edsp vfpv3 vfpv3d16 tls vfpv4 idiva idivt lpae evtstrm
the vfpv3d16 feature bit is common to both vfpv3 and vfpv4.
Drop BR2_ARM_FPU_VFPV4 which activates the use of vpfd32 (and breaks
user space). Set BR2_ARM_FPU_VFPV4D16 instead.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7ccb318d80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
(https://github.com/redis/redis/blob/7.0.5/00-RELEASENOTES)
================================================================================
Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit af56cfe372)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is currently the latest version in the v16.x branch.
Patch 0001-add-qemu-wrapper-support.patch needs some minor adaptations
to resolve conflicts with other unrelated upstream changes. The other
patches are simply refreshed.
The license file is updates due to:
- Reformatting changes
- Addition of the mention of some files being under GPLv3, but it's
only the autoconf machinery: aclocal.m4 and config.guess, so it's
not relevant to add in our LICENSE variable.
- Addition of the mention of another file being under the MIT
license (install-sh), and MIT is already listed, and this file is
anyway only part of the autoconf machinery.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a8a65d0951)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 1facb09b94 ("package/nodejs:
build host-nodejs only if we're installing modules with NPM") forgot
to account for the dependency on Qemu. Now that nodejs no longer
depends on host-nodejs, but needs host-qemu, we need to make sure that
nodejs selects the relevant BR2_PACKAGE_HOST_QEMU options.
So this patch:
- Drops the dependency of BR2_PACKAGE_NODEJS_ARCH_SUPPORTS on
BR2_PACKAGE_QEMU_ARCH_SUPPORTS_TARGET, which was incorrect: we
don't care about running Qemu on the target. We care about
host-qemu supporting the emulation of the target architecture,
which is what BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS is for.
- Adds the dependency to the relevant BR2_PACKAGE_HOST_QEMU options
to BR2_PACKAGE_NODEJS, so that host-qemu is built with the
appropriate features needed to build the target nodejs.
- Removes the qemu related dependencies from host-nodejs, which does
not need Qemu at all.
Without this change the build of nodejs without npm enabled is broken
as the host-qemu that gets built does not have all the features that
are needed. There are no autobuild failures at this point, however.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a88ba1548a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building host-nodejs is no longer needed to build the target nodejs,
unless npm is needed during the build, which happens when
BR2_PACKAGE_NODEJS_MODULES_ADDITIONAL is used.
We need to make that host-python3 is built with bz2 and ssl
support. Until now, it was done by the BR2_PACKAGE_HOST_NODEJS option,
but now that the target nodejs no longer depends on host-nodejs, we
are no longer guaranteed to have a host-python3 with bz2/ssl. To make
sure it is the case, we select the relevant options from
BR2_PACKAGE_NODEJS.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1facb09b94)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The target nodejs package is building those tools, and running them
under Qemu, so it is not necessary for the host variant to install
them.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ec5589611a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since upstream commit 79da2534737bd090b7000beed68d225618606e53,
present since NodeJS 16.0.0, another call to the torque tool is done
in tools/v8_gypfiles/v8.gyp, but our patch to wrap calls to such tools
under Qemu forgot this addition. Due to this, the build of NodeJS is
broken since the bump to v16 in Buildroot commit
07408779cc ("package/nodejs: bump to
16.15.0"). This issue is not visible in the autobuilders as it was
hidden by a previous build issue, itself fixed by "package/nodejs: fix
'Duplicate v8 target errors when cross-compiling' error".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cf0ddc8970)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reported also via:
https://github.com/nodejs/node/issues/37441
Patched in:
5e533cb943
The error is:
```
ninja: Entering directory `out/Release'
ninja: error: obj.host/tools/v8_gypfiles/run_torque.ninja:1356: multiple rules generate gen/torque-generated/bit-fields.h [-w dupbuild=err]
make[2]: *** [Makefile:127: node] Error 1
make[1]: *** [package/pkg-generic.mk:293: <buildroot>/output/build/nodejs-16.15.0/.stamp_built] Error 2
make: *** [Makefile:84: _all] Error 2
```
Fixes:
http://autobuild.buildroot.net/results/7fe9132236ee8e3a86dd97fe96ffee42990c2d19/
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
[Thomas:
- regenerate patch as a git formatted patch, add a link to the
original location, add my own SoB to it
- improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5708c5b04f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is already another 0001 patch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f85e2cfc6e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tinyproxy commit 84f203f and earlier does not process HTTP request lines
in the process_request() function and is using uninitialized buffers.
This vulnerability allows attackers to access sensitive information at
system runtime.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit eedd93f010)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libgbm isn't output/target specific, only one version is included
in gpu-core/usr/lib/libgbm.so.
Similarly only gbm.pc is included and not gbm_x11.pc.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 711ec0ceaa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This uses a newer firmware implementation that is much faster at
booting. It is supported as of Qemu 7.0.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1fca098295)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, with a configuration with an internal toolchain, and no other
package is selected [0], especially when one wants to generate an SDK or
a pre-built, pre-installed toolchain, running 'make' will only build
glibc (and its dependencies), and not the full toolchain, as one would
have expected, so there would be no host-final-gcc.
The reason is that 'toolchain' is a virtual package, so it is excluded
from PACKAGES, the list of packages enabled in the configuration. so it
is not a dependency of target-finalize, and so nothing pulls it in the
build.
The reason for excluding virtual packages from that list is not obvious.
When virtual packages were introduced in 7439824412 (packages: add
infrastructure for virtual packages), there was no BR2_PACKAGE_FOO
symbol for virtual packages (but there was BR2_PACKAGE_HAS_FOO), so
there was no telling that the virtual package was enabled, like we had
for the other kinds of packages (normal, bootloader, toolchain, or linux
kernel).
That caused issues, so in f674c428c2 (core/pkg-virtual: do not check
they are neabled [sic]), and then 3e1b33a534 (pkg-generic: improve
incorrectly used package detection), we explicitly excluded the virtual
packages from causing a build failure when something depended on them,
as we could not yet now whether a virtual package was actually enabled
or not.
Then, in 842ba7ecef (pkg-generic: fix rdepends and phony targets of
virtual packages), we eventually associated a virtual package to is
BR2_PACKAGE_HAS_FOO, which allows treating virtual packages like the
other kinds of packages. There, we explicitly kept virtual packages out
of the list, though (the reasoning was that virtual packages install
nothing in host/ or target/, so they do not directly contribute to the
final content, so we do not need to rsync them, so this was an
optimisation).
However, virtual packages are in fact actual generic packages, and it is
possible for virtual packages to actually provide content for the final
image. Even though we do not have any virtual package that has actual
_INSTALL_CMDS, we still have udev that provides a user for example;
virtual packages in br2-external trees may also very well provide
install commands (e.g. to install files common to their various
implementations).
So, there is currently no technical reason to exclude virtual packages
from PACKAGES, the list of packages enabled in the configuration.
Drop the excluding condition, and always add enabled package, whatever
their kind, to the list of enabled packages.
[0] defconfig to reproduce the issue:
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
# BR2_PACKAGE_IFUPDOWN_SCRIPTS is not set
# BR2_TARGET_ROOTFS_TAR is not set
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 02fe7c747b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Our current heirloom-mailx package is affected by CVE-2014-7844. It
has been fixed by a Debian patch
0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch, but it does rely
on other Debian patches as well.
Instead of bringing those patches locally, we just update the package
to use version 12.5-5 from Debian, including its patches.
The local patch
0001-Patched-out-SSL2-support-since-it-is-no-longer-suppo.patch is
removed as it is part of the Debian patches.
The remaining patch 0002-fix-libressl-support.patch is renumbered.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 15972770cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the listed versions to match current status since commit
b4d9b51508 ("configs/solidrun_macchiatobin: bump BSP components").
All components are now from upstream so no need to state that for each
one.
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3f0ee52908)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Any .pyc files generated by the pycompile script during target
finalization are currently counted in the "Unknown" package,
because packages-file-list.txt only contains the source .py file.
If a .py file is added to filesdict, add the corresponding .pyc
file as well.
Signed-off-by: Michael Klein <m.klein@mvz-labor-lb.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It was fixed for musl during conversion to the new API in 0f519d0da
(released in 20220527).
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 68c32ce338)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This issue was reported by Firas Khalil Khana on a Github pull request
at https://github.com/buildroot/buildroot/pull/113/.
There is no --disable-static in m4. Research in the dark corners of
the Git history has shown that it was apparently added by Peter
Korsgaard back in 2009, in commit
3467cf7305 ("m4: cleanup"). At this
time, the version of m4 used was 1.4.9, but even looking at the
tarball of this old release shows that the ./configure did not support
--disable-static.
So let's drop this option.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bddc64e866)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit bf446513e7 (ncurses: fix hanging installation due to old
version of tic) introduced the build of the host tic, to be used by the
target ncurses. That commit purportedly built a static tic, but that is
(at least now) wrong: there is nothing that makes the build of tic
static.
Initially, host-ncurses was configured with --without-shared, but that
only drives whether to generate shared libs or not, it does not drive
whether to do a shared or static link of executables.
And in any case, in af23d762e5 (ncurses: enable shared library build
on the host) we explicitly stopped requesting the build of a static
library, to instead require the build of a shared library.
So, we never had a statically linked tic ever.
Furthermore, we override the _BUKLLD_CMDS, but we do not provide any
_INSTALL_CMDS. As a consequence, the full ncurses is installed, not just
tic. And since we override the _BUILD_CMDS, the libraries are not built,
so they get built during the install step.
And we do indeed need the libraries (host-gettext needs them), and not
just tic.
So, just drop our custom _BUILD_CMDS and just build the whole package
with the default settings. We keep the explicit use of --with-shared,
as this is not the standard flag (--enable-shared) and it is not obvious
what the default is.
The set of files installed before and after this change is exactly the
same, and tic still is an "ELF 64-bit LSB shared object" with a RUNPATH
that still correctly points to $(HOST_DIR)/lib
To be noted: there is no regressin in build time either, since we were
already building everything anyway.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8b15de20a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default package rtl8812au-aircrack-ng uses CONFIG_PLATFORM_I386_PC that
define -DCONFIG_LITTLE_ENDIAN and this can't be overridden since the
USER_EXTRA_CFLAGS are assigned to EXTRA_CFLAGS in the beginning of Makefile
while -DCONFIG_LITTLE_ENDIAN is assigned later.
Instead of using the default CONFIG_PLATFORM_I386_PC let's set it to 'n'
and let's use the same defines it uses:
-DCONFIG_IOCTL_CFG80211
-DRTW_USE_CFG80211_STA_EVENT
This way -DCONFIG_BIG_ENDIAN can be define without the conflict of being
defined with with the default -DCONFIG_LITTLE_ENDIAN.
Let's also add Linux config FIXUPS to build the module correctly.
Fixes:
http://autobuild.buildroot.net/results/2e4ee705d0e2b728f102aac4e6729f11ef22be36/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 003ed345b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2022-3204: The NRDelegation Attack can exploit resolvers by having a
malicious delegation with a considerable number of non responsive
nameservers. It can trigger high CPU usage in some resolver implementations
that continually look in the cache for resolved NS records in that
delegation. This can lead to degraded performance and eventually denial of
service in orchestrated attacks.
Unbound does not suffer from high CPU usage, but resources are still needed
for resolving the malicious delegation. Unbound 1.16.3 includes fixes for
better performance when under load.
https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt
Signed-off-by: Kyle Harding <kyle@balena.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5560bc6c16)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
v3.21 (2022-06-13)
xt_ECHO: support flowi6_to_flowi_common starting Linux 5.10.121
v3.20 (2022-04-10)
Support for Linux 5.17
v3.19 (2022-02-01)
bumped minimum supported kernel version from 4.15 to 4.16
xt_condition: make mutex per-net
xt_ipp2p: add IPv6 support
xt_ECHO, xt_TARPIT: do not build IPv6 parts if kernel has IPv6 build-time disabled
v3.18 (2021-03-11)
xt_pknock: fix a build failure on ARM 32-bit
https://fossies.org/linux/privat/xtables-addons-3.21.tar.xz/xtables-addons-3.21/doc/changelog.rst
Fixes:
- http://autobuild.buildroot.org/results/b8f5f65cec1bd5c859f4a1fae4508900df362add
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6e6ccf065d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
No review/patches from my side the last few months, so drop my
DEVELOPERS entry.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 094e87c805)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0de119a137)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
