- Drop patch (not needed anymore)
- Switch to meson-package
- libabseil-cpp is a mandatory dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version) and so also drop autoreconf
- The sudoers plugin has been modified to make it more resilient to
ROWHAMMER attacks on authentication and policy matching. This
addresses CVE-2023-42465.
https://www.sudo.ws/releases/stable/#1.9.15p5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Drop patches (already in version)
- Update hash of license.txt (update in year:
4d03718167)
https://github.com/randombit/botan/blob/3.2.0/news.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop all patches except first one (already in version)
- This bump will fix the following build failure with kernel >= 6.6:
/home/autobuild/autobuild/instance-2/output-1/build/dahdi-linux-3.2.0/drivers/dahdi/wct4xxp/base.c: In function ‘free_wc’:
./include/linux/workqueue.h:639:9: error: call to ‘__warn_flushing_systemwide_wq’ declared with attribute warning: Please avoid flushing system-wide workqueues. [-Werror=attribute-warning]
639 | __warn_flushing_systemwide_wq(); \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/autobuild/autobuild/instance-2/output-1/build/dahdi-linux-3.2.0/drivers/dahdi/wct4xxp/base.c:2025:9: note: in expansion of macro ‘flush_scheduled_work’
2025 | flush_scheduled_work();
| ^~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
https://github.com/asterisk/dahdi-linux/releases/tag/v3.3.0
Fixes:
- http://autobuild.buildroot.org/results/e9755e1f4814b6b0c151c590b5c34acfd89556ad
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the most recent ARC GNU toolchain version released [1]
we may switch to its stable and verified components for Buildroot's
built-in toolchian.
And while for ARCompact (i.e. ARC700) & ARCv2 (ARC HS38 & HS48)
processors upstream components work just fine, in this new release
of ARC GNU toolchain we have also support for newer ARCv3 procesors.
And so that update is more of an enabler for introduction of ARCv3
in the next series of patches.
[1] https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2023.09-release
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Waldemar Brodkorb <mail@waldemar-brodkorb.de>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switch to new upstream.
Drop upstream patch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Update site to use https instead of http because of HSTS
- Drop patch (already in version)
https://sourceforge.net/projects/iperf2/files/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version)
- Rasdaman driver has been removed with
2464c76992
- This bump will fix the following build failure with libxml2 >= 2.12
raised since commit d8ac52108c thanks to
cbed9fc91d:
/home/buildroot/autobuild/instance-3/output-1/build/gdal-3.6.2/port/cpl_xml_validate.cpp: In function 'void CPLLibXMLWarningErrorCallback(void*, const char*, ...)':
/home/buildroot/autobuild/instance-3/output-1/build/gdal-3.6.2/port/cpl_xml_validate.cpp:917:48: error: invalid conversion from 'const xmlError*' {aka 'const _xmlError*'} to 'xmlErrorPtr' {aka '_xmlError*'} [-fpermissive]
917 | xmlErrorPtr pErrorPtr = xmlGetLastError();
| ~~~~~~~~~~~~~~~^~
| |
| const xmlError* {aka const _xmlError*}
https://github.com/OSGeo/gdal/blob/v3.8.2/NEWS.md
Fixes:
- http://autobuild.buildroot.org/results/e258305b42dcfdbefec656015929c384444f49b5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version)
- Update hash of manual.md (update in year:
53106f0b8a)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version)
- Update hash of web/license.html because SPDX identifier is used since
6bf68d3086
- COPYING has been replaced by LICENSE-LGPL and LICENSE-MIT since
1638416feehttps://github.com/OSGeo/shapelib/releases/tag/v1.6.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
After adding GDB 14.x and making GDB 13.x the new default, let's drop
support for GDB 11.x.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All patches are still relevant, and have been rebased on top of GDB
14.1.
GDB 14.1 now needs mpfr unconditionally, so it is added as a
dependency of host-gdb, and of gdb when the full debugger is built.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- add comment about selecting mpfr for 14.x or later
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Following the removal of gmpc, we can drop libmpd as well, which was
apparently developed/maintained by the same group of people. The URL
in Config.in, http://gmpcwiki.sarine.nl/index.php?title=Libmpd, no
longer works, and no new alternative upstream was found.
The reference MPD client library is libmpdclient, which is still
maintained.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For release announce on mailing list, see [1].
For release general news, see [2].
This commit removes all package patches, as they are all included in
this version.
The .checkpackageignore file is updated accordingly (the entry for
patch 0001 is removed).
This commit also removes GRUB2_AVOID_AUTORECONF hooks, since patch
0001 is removed.
This commit also removes the GRUB2_IGNORE_CVES entries associated to
the removed patches. The version bump should now explicitly exclude
those CVEs. For patches 8 and 9, the upstream commit IDs were
incorrectly recorded:
- patch 8 mentioned d5caac8ab79d068ad9a41030c772d03a4d4fbd7b while
the actual commit is 5bff31cdb6b93d738f850834e6291df1d0b136fa
- patch 9 mentioned 166a4d61448f74745afe1dac2f2cfb85d04909bf while
the actual commit is 347880a13c239b4c2811c94c9a7cf78b607332e3
Finally, this commit introduces a new patch, adding a missing file in
the release tarball.
[1] https://lists.gnu.org/archive/html/grub-devel/2023-12/msg00052.html
[2] https://git.savannah.gnu.org/gitweb/?p=grub.git;a=blob;f=NEWS;hb=refs/tags/grub-2.12
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Release notes:
https://www.openssl.org/blog/blog/2023/11/23/OpenSSL32/
Removed patch 0001 and added no-docs configure option due to
956b4c75dc
Removed patch 0003 due to
78634e8ac2
Removed patch 0006 which is included in this release
e1b6ecbab4
Renumbered remaining patches.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patches (already in version)
This bump will fix the following build failure raised since bump of
leptonica to version 1.83.1 in commit
a4e713558d thanks to
27b1827ccd:
src/textord/devanagari_processing.cpp: In member function 'bool tesseract::ShiroRekhaSplitter::Split(bool, tesseract::DebugPixa*)':
src/textord/devanagari_processing.cpp:130:19: error: invalid use of incomplete type 'struct Pixa'
130 | Box *box = ccs->boxa->box[i];
| ^~
In file included from /home/autobuild/autobuild/instance-5/output-1/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/leptonica/alltypes.h:52,
from /home/autobuild/autobuild/instance-5/output-1/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/leptonica/allheaders.h:35,
from src/textord/devanagari_processing.h:16,
from src/textord/devanagari_processing.cpp:25:
/home/autobuild/autobuild/instance-5/output-1/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/leptonica/bmf.h:48:12: note: forward declaration of 'struct Pixa'
48 | struct Pixa *pixa; /*!< pixa of bitmaps for 93 characters */
| ^~~~
https://github.com/tesseract-ocr/tesseract/blob/5.3.3/ChangeLog
Fixes:
- http://autobuild.buildroot.org/results/46d3ffc8885245ee9a56a528be055b0b27a18245
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The zynq_qmtech_defconfig has not been maintained for 3 years, and is now
using a very out of date u-boot and Linux kernel. Since there are 4 other
zynq7000 defconfigs available in buildroot and Julien no longer has a
functional board, drop the defconfig.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Acked-by: Julien Olivain <ju.o@free.fr>
[Peter: reword commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch site to get latest release
- Drop all patches (already in version)
- Update hash of COPYING-LGPL, empty lines removed with
cceb1b2d80
- Pass $(TARGET_CONFIGURE_OPTS) to install targets to avoid using wrong
values since
abdf4074c3https://github.com/johnsonjh/duma/blob/VERSION_2_5_21/CHANGELOG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update patch to fix the following musl build failure with m68k which is
only raised (for an unknown reason) since bump to version 2.7.1 in commit
3e48f8358e:
In file included from fp.c:6:
fp-gnum68k.c:21:10: fatal error: fpu_control.h: No such file or directory
21 | #include <fpu_control.h>
| ^~~~~~~~~~~~~~~
Add also upstream link to first patch iteration which was sent in
November 2022 but didn't get it any reply (like most of the other emails
sent to bug-gsl@gnu.org ...)
Fixes:
- http://autobuild.buildroot.org/results/e59636f6ac148807c1c67f09eef0e0a9f5d52303
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update README hash for changed not related to license.
Change patch 0001 to git format. socat is now hosted on git. Also,
update to apply to current version.
Add upstream status to both patches.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Stripping when cross-compiling and libtool static behavior are fixed in
2.5.16, so drop 0001-fix_cross_strip.patch and rename the remaining patches.
Signed-off-by: Hmaied Ben Abdellatif <hmaied.benabdellatif@etictelecom.com>
[Peter: extend commit message, update .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patch and associated CVE ignore which is now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: update .checkpackageignore]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop patch which is now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop first patch (already in version)
- Drop second patch (rejected): cups-config is deprecated in favor of pkg-config
- Drop autoreconf (no more patches)
- intltool has been replaced by gettext since
e653c1a860https://github.com/OpenPrinting/system-config-printer/blob/v1.5.18/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Switch to github to get latest release
- Drop first and second patches (already in version)
- Drop third patch (not needed anymore)
- Drop BSD-3-Clause and COPYING.slirpvde (slirpvde removed with
eda0a1bc1d14e1c9e06f)
- python removed with
2c57c25075
- kernel switch removed with
b196ecd5b7
- parallel build has been fixed with
7dd9ed46d5
- openssl has been replaced by wolfssl with
8599321526https://github.com/virtualsquare/vde-2/releases/tag/v2.3.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Badly introduced in
727c041a25 ("package/openjdk{-bin}: bump
versions to 17.0.9+9 and 21.0.1+12")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Move openjdk-bin.hash into separate directories, as the
legal/java.prefs/ASSEMBLY_EXCEPTION file has an upated URL for OpenJDK 21.
openjdk.java.net -> https://openjdk.org. The license type remains the same.
- Move 0001-Add-ARCv2-ISA-processors-support-to-Zero.patch into separate
directories as the list of architectures in src/hotspot/os/linux/os_linux.cpp
is no longer the same. 17 has LOONGARCH and 21 has LOONGARCH64.
Tested on Fedora39 and Debian 11 with:
./support/testing/run-tests tests.package.test_openjdk.TestOpenJdk.test_run
Tested-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch (already in version)
https://github.com/openSUSE/libsolv/blob/0.7.25/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Switch to github to get latest release
- Drop patch (already in version)
- Update RANGER_DO_NOT_GENERATE_BYTECODE_AT_RUNTIME as scripts/ranger
symlink to ranger.py has been removed
- Update hash of AUTHORS and add LICENSE file:
8263cbac88https://github.com/ranger/ranger/blob/v1.9.3/CHANGELOG.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version)
- host-pkgconf is a mandatory dependency to run autoreconf (even when
cmocka-based tests are disabled) since
b62ecd4218https://github.com/ibm-power-utilities/librtas/blob/v2.0.5/Changelog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to the latest release, remove fix that was merged upstream.
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop second patch (already in version)
- Update hash of README (DotPadd added with
5a9288c6bc
and year updated with
f21f2199166858917969)
- This bump will fix the following build failure raised since bump of
gettext-gnu to version 0.22 in commit f6a6e3a836
thanks to
31061173fd:
/home/thomas/autobuild/instance-2/output-1/host/bin/msgfmt --output-file zh.mo -- ./zh.po
/home/thomas/autobuild/instance-2/output-1/host/bin/msgfmt: input file doesn't contain a header entry with a charset specification
make[3]: *** [Makefile:86: ru.mo] Error 1
https://github.com/brltty/brltty/blob/BRLTTY-6.6/Documents/ChangeLog
Fixes:
- http://autobuild.buildroot.org/results/29f5ef8a52db4dd717fbaf1ade9d250dfcebe6ff
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump imx-mkimage to the latest version to gain i.MX9 support.
Patch 0001 and 0004 are merged upstream:
ff23c4fd84bce82912c8
Patch 0002 is no more needed, BUILD_LDFLAGS var is now available:
8185a000a7
Renumber the remaining patch.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
- Major upgrade, no API or ABI breaking changes (that we know of).
https://github.com/libnet/libnet/releases/tag/v1.3
Packaging:
- Verified builds on *all* test-pkg archs & toolchains
- Verified test-pkg also with ngrep, suricata, and mz
- Drop backported int64_t patch
- Disable doxygen (html docs) in build
- sha256sum of tarball now generated upstream
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes:
https://github.com/networkupstools/nut/blob/master/NEWS.adoc
Removed patch which is included in this release.
Updated license hash due to upstream commit:
3b37731950
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
OpenJDK 21 is out and with it, OpenJDK11 is now EOL.
See: https://endoflife.date/oracle-jdk As such, drop support for 11 and do the
following:
- The 0001-Add-ARCv2-ISA-processors-support-to-Zero.patch patch now applies to
both 17 and 21. Move it out of the version-specific directoriy.
- BR2_OPENJDK_VERSION_LTS is now set to 17.
- BR2_OPENJDK_VERSION_LATEST is now set to 21.
- Drop --disable-hotspot-gtest as it has been removed, and was ignored in 17.
- Add two separate HOST_OPENJDK_BIN_VERSION defines in openjdk-bin.mk as
there is not a point release yet for OpenJDK 21.
- Update the expectedVersion variable in JniTest.java from 0x000A0000 to
0x00150000
Tested with:
./support/testing/run-tests tests.package.test_openjdk.TestOpenJdk.test_run
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add Upstream link to patch (even if it was rejected)
https://github.com/namhyung/uftrace/blob/v0.14/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patches (already in version)
- C++14 is mandatory since version 7.1.0
https://github.com/DOCGroup/ACE_TAO/blob/ACE%2BTAO-7_1_1/ACE/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update Cage to version 0.1.5, which is a bug fix release that
supports using wlroots 0.16.x.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patches (already in version)
- tests can be disabled since version 1.2.3 and
e2e3d6b14e
- docs can be disabled since version 1.2.3 and
af6c10e8be
- Fix CVE-2023-46228: zchunk before 1.3.2 has multiple integer overflows
via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c,
lib/dl/multipart.c, or lib/header.c.
https://github.com/zchunk/zchunk/compare/1.2.2...1.3.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 0455f957a3 (package/network-manager: bump to version 1.44.2)
dropped the two patches but forgot to update .checkpackageignore.
Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 4cbc2af604 moved the nodejs patches
to the nodejs-src directory, but forgot to update .checkpackageignore
accordingly. Fix that, by running `make .checkpackageignore`.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This commit fixes the S10hyperv SysV init script which expects binaries
to be locate in /sbin while they are installed in /usr/sbin. Please
note, that the systemd init scripts correctly reference them.
Furthermore, the SysV init script did not check for an actual HyperV
environment to be present, which is also corrected. In addition, this
commit also fixes check-package warnings regarding a missing DAEMON
definition.
Signed-off-by: Jens Maus <mail@jens-maus.de>
[Peter: drop from .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch site to get latest version
- Replace patch by an upstreamable one
https://github.com/fenrus75/powertop/compare/v2.13...v2.15
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with gpsd >= 3.25 raised since commit
3c7fece853:
In file included from src/configuration.h:50,
from src/configuration.c:46:
src/gpsdclient.h:64:8: error: redefinition of 'struct fixsource_t'
64 | struct fixsource_t {
| ^~~~~~~~~~~
In file included from src/gpsdclient.h:49,
from src/configuration.h:50,
from src/configuration.c:46:
/tmp/instance-17/output-1/host/aarch64-buildroot-linux-gnu/sysroot/usr/include/gps.h:2714:8: note: originally defined here
2714 | struct fixsource_t
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/47a619686bb47debd525c92aa7e14bee5c40ca9e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 0c15169f5a (package/pppd: bump version to 2.5.0) forgot to drop
the check-package exclusion when it dropped the patches.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Patches (and so autoreconf) are not needed since bump to version 0.32.4
in commit f39ac8336e and
9924d4d315
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2023-35852: In Suricata before 6.0.13 (when there is an
adversary who controls an external source of rules), a dataset
filename, that comes from a rule, may trigger absolute or relative
directory traversal, and lead to write access to a local filesystem.
This is addressed in 6.0.13 by requiring allow-absolute-filenames and
allow-write (in the datasets rules configuration section) if an
installation requires traversal/writing in this situation.
- Fix CVE-2023-35853: In Suricata before 6.0.13, an adversary who
controls an external source of Lua rules may be able to execute Lua
code. This is addressed in 6.0.13 by disabling Lua unless allow-rules
is true in the security lua configuration section.
- Drop first patch (not needed since
c8a3aa608e)
https://github.com/OISF/suricata/blob/suricata-6.0.14/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Drop patches (already in version) and so drop autoreconf
- Update hash of BSD_LICENSE (update in year:
551657bfbf)
https://github.com/hreinecke/sg3_utils/blob/v1.48/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop all patches (already in version)
- Update hash of LICENSE file (year updated with
f035303b8a)
https://github.com/Cyan4973/xxHash/releases/tag/v0.8.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patch (already in version)
- Drop license comment and add REAMDE and libopeniscsiusr/COPYING as
license files due to
10d50ed4bchttps://github.com/open-iscsi/open-iscsi/blob/2.1.9/Changelog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security vulnerability:
- CVE-2023-27585: Heap buffer overflow when parsing DNS packet
https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
Drop now upstreamed security fixes for CVE-2022-23537 and CVE-2022-23547.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The commit 4e365d1768 "package/tcl: bump to version 8.6.13" did NOT
refreshed the package patch, because the patch was still applying
correctly and the package was working as expected.
It was refreshed in the previous bump, in commit 9cf314745a
"package/tcl: bump to version 8.6.12". This was part of 2022.02.
Looking closer at the patch content, the -/+ lines are exactly the
same. So this patch does not change anything. Since the file was kept
and the commit log mention a patch refresh, the intent was more
likely to carry over the old patch (which was declaring all libc
functions as "unbroken".
This commit actually refreshes this patch. It was regenerated with
git format-patch. Since the patch is renamed due to git format-patch,
the .checkpackageignore is updated accordingly.
Note:
This ancient patch will be removed soon, as an upstream commit [1],
not yet in a release, cleaned up and removed those old parts.
[1] 04d66a2571
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
- Drop patches (already in version) and so autoreconf
- Update COPYING hash (gpl mailing address updated with
9bd45cc06e6a5997fbd6)
- Fix CVE-2022-43634: This vulnerability allows remote attackers to
execute arbitrary code on affected installations of Netatalk.
Authentication is not required to exploit this vulnerability. The
specific flaw exists within the dsi_writeinit function. The issue
results from the lack of proper validation of the length of
user-supplied data prior to copying it to a fixed-length heap-based
buffer. An attacker can leverage this vulnerability to execute code in
the context of root. Was ZDI-CAN-17646.
- Fix CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl
heap-based buffer overflow resulting in code execution via a crafted
.appl file. This provides remote root access on some platforms such as
FreeBSD (used for TrueNAS).
- Fix CVE-2023-42464: Validate data type in dalloc_value_for_key()
https://github.com/Netatalk/netatalk/blob/netatalk-3-1-17/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The quoting around the expansion of ${relative_dir} was indeed incorrect
since it was introduced back in 8fe9894f65 (suport/download: fix git
wrapper with submodules on older git versions): it is in fact already
quoted as part of the whole sed expression.
${GIT} can contain more than one item, but we don't care about splitting
on spaces when we just print it for debug, so we can just quote it
rather than add an exception.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Several of our patches have been accepted upstream and are included in
elf2flt version 2023.09.
Patch 0001-elf2flt-handle-binutils-2.34.patch is upstream as of commit
c70b9f208979 ("elf2flt: handle binutils >= 2.34").
Patch 0002-elf2flt.ld-reinstate-32-byte-alignment-for-.data-sec.patch is
upstream as of commit 679c94adf27c ("elf2flt.ld: reinstate 32 byte
alignment for .data section").
Patch 0003-elf2flt-add-riscv-64-bits-support.patch is upstream as of
commit c5c8043c4d79 ("elf2flt: add riscv 64-bits support").
Patch 0008-riscv64-add-more-relocations-required-to-be-handled.patch was
squashed into upstream commit c5c8043c4d79 ("elf2flt: add riscv 64-bits
support") during upstreaming.
Patch 0006-xtensa-fix-text-relocations.patch is upstream as of commit
26dfb54a59c8 ("elf2flt: xtensa: fix text relocations").
Patch 0007-elf2flt-remove-use-of-BFD_VMA_FMT.patch is upstream as of
commit a36df7407d9e ("elf2flt: remove use of BFD_VMA_FMT").
Patch 0004-elf2flt-create-a-common-helper-function.patch simply added
a helper function to make the changes in the follow-up patch
0005-elf2flt-fix-fatal-error-regression-on-m68k-xtensa-ri.patch
less intrusive.
Patch 0005-elf2flt-fix-fatal-error-regression-on-m68k-xtensa-ri.patch
is no longer needed as upstream has reverted the commit that necessitated
this patch, see upstream commit 35c692ca4546 ("Revert "elf2flt: fix for
segfault on some ARM ELFs""). The problem that the reverted upstream patch
solved is now instead solved by the combination of upstream commits
7a59b265c2dc ("Revert "elf2flt: fix relocations for read-only data"") and
a934fb42cf59 ("elf2flt: force ARM.exidx section into text").
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Tested-By: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove 0001-add-disable-doc.patch (upstream applied, see [1])
For details see [2].
[1] 1dbc42684d
[2] https://github.com/brailcom/speechd/releases/tag/0.11.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit c1038fe47c renamed the patch, but didn't update
.checkpackageignore, leading to two failures:
.checkpackageignore:1055: ignored file package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch is missing
package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch:0: missing Upstream in the header (http://nightly.buildroot.org/#_additional_patch_documentation)
Rename the file in .checkpackageignore as well.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Grub 2.06 is affected by a number of CVEs, which have been fixed in
the master branch of Grub, but are not yet part of any release (there
is a 2.12-rc1 release, but nothing else between 2.06 and 2.12-rc1).
So this patch backports the relevant fixes for CVE-2022-28736,
CVE-2022-28735, CVE-2021-3695, CVE-2021-3696, CVE-2021-3697,
CVE-2022-28733, CVE-2022-28734, CVE-2022-2601 and CVE-2022-3775.
It should be noted that CVE-2021-3695, CVE-2021-3696, CVE-2021-3697
are not reported as affecting Grub by our CVE matching logic because
the NVD database uses an incorrect CPE ID in those CVEs: it uses
"grub" as the product instead of "grub2" like all other CVEs for
grub. This issue has been reported to the NVD maintainers.
This requires backporting a lot of patches, but jumping from 2.06 to
2.12-rc1 implies getting 592 commits, which is quite a lot.
All Grub test cases are working fine:
https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500585https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500679
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout: fix check-package warning in patch 0002]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Release notes:
https://forum.torproject.org/t/stable-release-0-4-8-4/8884
Removed all patches due to upstream commit adding compatibility with
LibreSSL 3.5:
f3dabd705f
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.han.de/~werner/ytree.html
Removed patch which was applied upstream in a slightly changed way.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
See release announce:
https://lists.gnu.org/archive/html/screen-users/2023-08/msg00000.html
Fixes:
CVE-2023-24626: https://www.cve.org/CVERecord?id=CVE-2023-24626
Note: Buildroot installs screen as setuid, so the described scenario
in CVE applies.
This commit also rebases all patches on this release. Patch were
regenerated with 'git format-patch -N', so patch file name changed in
this process. The file .checkpackageignore is also updated accordingly.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The changelog is available here:
https://github.com/analogdevicesinc/libiio/releases/tag/v0.25
Remove the 0001 patch as it is included in the v0.25 version.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removing upstreamed patch and force autoreconf
Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
