This project is mirrored from https://git.buildroot.org/buildroot.git.
Pull mirroring updated .
- 19 Sep, 2021 7 commits
-
-
James Hilliard authored
Signed-off-by:
James Hilliard <james.hilliard1@gmail.com> [yann.morin.1998@free.fr: - do not default to 'y' - add comment ] Signed-off-by:
Yann E. MORIN <yann.morin.1998@free.fr>
-
Fabrice Fontaine authored
cpe:2.3:a:python-rsa_project:python-rsa is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython-rsa_project%3Apython-rsa Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
Giulio Benetti authored
mesa3d uses very big switch statements, which causes the build to fail on m68k, beause the offsets there are only 16-bit. We fix that by using -mlong-jump-table-offsets on m68k, to use 32-bit offsets for switch statements, but this is only available starting with gcc 7 [0] [1]. Fixes: http://autobuild.buildroot.net/results/60c4653c2a93125edbdd0beb43cd47301643464a/ Note: we have two packages that select mesa3d, but: package/intel-mediadriver/ -> already depends on x86_64, so implies !m68k package/x11r7/xdriver_xf86-video-imx-viv/ -> imx is an ARM, but xdriver_xf86-video-imx-viv is missing a depends on BR2_arm (although the comments do have that dependency). However, it depends on other imx related packages, and they depend on either arm or aarch64, so that implies !m68k. As such, we do not need to propagate that new dependency. [0] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57583#c15 [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57583#c16 Signed-off-by:
Giulio Benetti <giulio.benetti@benettiengineering.com> [yann.morin.1998@free.fr: - add comment - reword commit log, add BZ references, add non-propagation notes ] Signed-off-by:
-
James Hilliard authored
We need to backport a few upstream still-pending PRs, to fix cross-compilation, out-of-tree installation, and to relax requirements on some tools. The python support PR is backported too, but because python support was not tested, it is forcibly disabled. Signed-off-by:
-
James Hilliard authored
Signed-off-by:
-
Giulio Benetti authored
Bump libfuse3 to version 3.10.5 and remove local patch that has been upstreamed. Release notes: Various improvements to make unit tests more robust. Signed-off-by:
-
Fabrice Fontaine authored
Fix the following build failure with glibc >= 2.34: ulockmgr_server.c:127:12: error: conflicting types for 'closefrom'; have 'int(int)' 127 | static int closefrom(int minfd) | ^~~~~~~~~ In file included from ulockmgr_server.c:14: /home/buildroot/autobuild/instance-1/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/unistd.h:363:13: note: previous declaration of 'closefrom' with type 'void(int)' 363 | extern void closefrom (int __lowfd) __THROW; | ^~~~~~~~~ Fixes: - http://autobuild.buildroot.org/results/3769b18ca804fba3b5974af799972a7d889b39a6 Signed-off-by:
-
- 18 Sep, 2021 33 commits
-
-
Martin Elshuber authored
The AKA backend for 3GPP2 requires libgmp (see https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf ). Since the AKA backend for 3GPP2 is included by BR2_PACKAGE_STRONGSWAN_EAP, when selecting a crypto backend different from BR2_PACKAGE_STRONGSWAN_GMP, there is no guarantee the gmp package is selected as well. When doing so, make fails since the package is in the dependency chain but not selected: $ make Makefile:585: *** gmp is in the dependency chain of strongswan that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop. make: *** [Makefile:23: _all] Error 2 To fix this, select BR2_PACKAGE_GMP when selecting BR2_PACKAGE_STRONGSWAN_EAP. Signed-off-by:
Martin Elshuber <martin.elshuber@theobroma-systems.com> Signed-off-by:
-
Giulio Benetti authored
Add myself to trace-cmd package. Signed-off-by:
-
Giulio Benetti authored
Update to version 2.9.5 and remove local patches that have been upstreamed. Signed-off-by:
-
Giulio Benetti authored
Trace-cmd needs -fPIC for Sparc64 platform otherwise it fails on linking, so add -fPIC to CFLAGS when building for such platform. Fixes; http://autobuild.buildroot.net/results/c59/c596f6308b7f4d44d9ba009ed0c395396fc72f47/ Signed-off-by: -
Peter Seiderer authored
- change homepage url to https (and remove trailing slash) - change download url to https Signed-off-by:
Peter Seiderer <ps.report@gmx.net> Signed-off-by:
-
Michael Nosthoff authoredSigned-off-by:
Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: -
Fabrice Fontaine authored
autoreconf (and so AM_ICONV) is not needed since commit 2df32e0d Signed-off-by:
-
Fabrice Fontaine authored
AM_ICONV is not needed since drop of autoreconf in commit 03fbb81b Signed-off-by:
-
Fabrice Fontaine authored
This will fix the following build failure with kernel >= 5.14 thanks to https://github.com/axboe/fio/commit/382975557e632efb506836bc1709789e615c9094: In file included from crc/../os/os.h:39, from crc/crc32c-arm64.c:2: crc/../os/os-linux.h:17:10: fatal error: linux/raw.h: No such file or directory 17 | #include <linux/raw.h> | ^~~~~~~~~~~~~ Fixes: - http://autobuild.buildroot.org/results/d85c044263c76ff7ef0fe47921d893a472954da9 Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - CVE-2021-28902: In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. - CVE-2021-28903: A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash. - CVE-2021-28904: In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash. - CVE-2021-28905: In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617). - CVE-2021 -28906: In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. Signed-off-by:
Peter Korsgaard <peter@korsgaard.com> Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - CVE-2021-39272: Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. https://www.fetchmail.info/fetchmail-SA-2021-02.txt Update COPYING hash for a clarification of the license situation with openssl 3.x (which is Apache 2.0 licensed): fetchmail/fetchmail@8eed56c2 Signed-off-by:
-
Peter Seiderer authored
- add new optional wayland, wayland-protocoll and libx11 dependencies in case the debug gui is enabled (libgtk3 available) For details see [1], [2]. [1] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041971.html [2] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041977.html Signed-off-by:
-
Peter Seiderer authored
For details (since 1.1.0) see [1] [1] https://lists.freedesktop.org/archives/wayland-devel/2021-April/041762.html [2] https://lists.freedesktop.org/archives/wayland-devel/2021-May/041816.html [3] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041976.html Signed-off-by:
-
Peter Seiderer authored
- Changelog (since 1.14, from [1]): ver 1.17: Fix issue with sending additional and vendor IEs. Fix issue with IE ordering for 802.11-2020 support. Fix issue with frequency update on channel switch events. Fix issue with drivers and handling of IF_OPER_UP setting. ver 1.16: Fix issue with writing provisioning files with a passphrase. Add support for Authenticator & Supplicant RSN Extension elements. Add support for handling Transition Disable info. Add support for SAE Hash-to-Element feature. ver 1.15: Add support for FT-over-DS procedure with multiple BSS. Add support for estimation of VHT RX data rate. Add support for exporting Daemon information. [1] https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog Signed-off-by: -
Peter Seiderer authored
Signed-off-by:
-
Peter Seiderer authored
- Changelog (since 0.41, from [1]): ver 0.43: Add support for DHCP Rapid Commit feature. Add support for DHCP authoritative mode feature. ver 0.42: Add support for constant time security functions. Add support for manipulating DHCP leases. [1] https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ChangeLog Signed-off-by: -
Petr Vorel authored
Signed-off-by:
Petr Vorel <petr.vorel@gmail.com> Signed-off-by:
-
Michael Nosthoff authored
only build --with-boost when both required modules (filesystem and system) are also selected. Fixes: http://autobuild.buildroot.net/results/4fbf2a63f9ddfbc540ce7dabd10964b311477c06 Signed-off-by:
Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: -
Fabrice Fontaine authored
Fix the following build failure with glibc >= 2.34: /tmp/instance-0/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/10.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: CMakeFiles/egltrace.dir/dlsym.cpp.o: in function `dlsym': dlsym.cpp:(.text+0x34): undefined reference to `__libc_dlopen_mode' /tmp/instance-0/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/10.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: dlsym.cpp:(.text+0x46): undefined reference to `__libc_dlsym' Fixes: - http://autobuild.buildroot.org/results/ac5e5b1e30249ae0fb8b9179338b47c60c026bcc Signed-off-by:
-
Fabrice Fontaine authored
- Drop patch (already in version) - Update indentation in hash file (two spaces) https://github.com/a-j-wood/pv/releases/tag/v1.6.19 https://github.com/a-j-wood/pv/releases/tag/v1.6.20 Signed-off-by:
-
Peter Korsgaard authored
CVE-2021 -29221 is a Windows specific issue: A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions. So ignore it. Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issue: - CVE-2021-40529: The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP For more details, see the upstream bug and issue writeup: - https://github.com/randombit/botan/pull/2790 - https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - CVE-2021-37701: Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - CVE-2021-37712: Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - CVE-2021-37713: Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - CVE-2021-39134: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist - CVE-2021-39135: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist For more details, see the advisory: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ Signed-off-by:
-
Peter Seiderer authored
Signed-off-by:
-
Peter Seiderer authored
Signed-off-by:
-
Peter Seiderer authored
Signed-off-by:
-
Peter Seiderer authored
Signed-off-by:
-
Peter Seiderer authored
Signed-off-by:
-
Peter Seiderer authored
Signed-off-by:
-
Peter Seiderer authored
Signed-off-by:
-
Peter Seiderer authored
Signed-off-by:
-
Peter Seiderer authored
Signed-off-by:
-
Peter Seiderer authored
Signed-off-by:
-
