Fix CVE-2022-2085: A NULL pointer dereference vulnerability was found in
Ghostscript, which occurs when it tries to render a large number of bits
in memory. When allocating a buffer device, it relies on an
init_device_procs defined for the device that uses it as a prototype
that depends upon the number of bits per pixel. For bpp > 64,
mem_x_device is used and does not have an init_device_procs defined.
This flaw allows an attacker to parse a large number of bits (more than
64 bits per pixel), which triggers a NULL pointer dereference flaw,
causing an application to crash.
Drop patch (already in version)
https://www.ghostscript.com/doc/9.56.0/News.htmhttps://www.ghostscript.com/doc/9.56.1/News.htm
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch fixes the DP audio and video PLL configurations for the zynqmp-sm-k26-revA som.
It needs to be applied for both the kv260 and kr260 starter kits.
The Linux DP driver expects the DP to be using the following PLL config:
- DP video PLL should use the VPLL (0x0)
- DP audio PLL should use the RPLL (0x3)
- DP system time clock PLL should use RPLL (0x3)
Register 0xFD1A0070 configures the DP video PLL.
Register 0xFD1A0074 configures the DP audio PLL.
Register 0xFD1A007C configures the DP system time clock PLL.
This patch was build and run tested on a zynqmp-kria-kv260 target board.
Upstream-Status: submitted (https://lore.kernel.org/all/fa7e9abc419c9d7648405d1c62367dbe701d09b8.1652709736.git.michal.simek@amd.com/)
This patch will be removed from buildroot in a future release when no longer necessary.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch fixes an ATF issue by building the ATF for uart1 instead
of uart0 for the Kria KV260 Starter Kit.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch improves the documentation for kria k26 som qspi programming.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
[Peter: drop trailing spaces]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use official tarball and so drop UUU_SET_VERSION
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch site to get latest release
- Switch to meson-package (autotools dropped since version 0.99.14)
- libusb is not a dependency since
64582256a8
- Update indentation in hash file (two spaces)
https://gitlab.freedesktop.org/upower/upower/-/blob/v0.99.19/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: also update thermald dependencies]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
nginx has been replaced by f5 since February 2022:
<cpe-item name="cpe:/a:nginx:nginx:1.18.0" deprecated="true" deprecation_date="2022-02-22T19:26:32.967Z">
<reference href="https://nginx.org/en/CHANGES-1.18">Change Log</reference>
<cpe-23:cpe23-item name="cpe:2.3🅰️nginx:nginx:1.18.0:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3🅰️f5:nginx:1.18.0:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Af5%3Anginx
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-45386: tcpreplay 4.3.4 has a Reachable Assertion in
add_tree_ipv6() at tree.c
- Fix CVE-2021-45387: tcpreplay 4.3.4 has a Reachable Assertion in
add_tree_ipv4() at tree.c.
https://github.com/appneta/tcpreplay/blob/v4.4.1/docs/CHANGELOG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
PJSIP is a free and open source multimedia communication library written
in C language implementing standard based protocols such as SIP, SDP,
RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a
stack buffer overflow vulnerability affects PJSIP users that use STUN in
their applications, either by: setting a STUN server in their
account/media config in PJSUA/PJSUA2 level, or directly using
`pjlib-util/stun_simple` API.
https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to syslog-ng 3.37.1 and update sample config.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch to meson-package
- Add inih mandatory dependency
- COPYING has been removed because it was redundant with LICENSE file:
39a9c4bbda
- Update indentation in hash file (two spaces)
https://github.com/tio/tio/blob/v1.40/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
doc and examples can be disabled since
6e1c66a94c
so set BUILD_SANDBOX=OFF as BUILD_DOC=OFF is already passed by
cmake-infrastructure
https://github.com/USCiLab/cereal/releases/tag/v1.3.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Renumber patch
- Update hash of README.md (changes not related to license)
- FPIN support is fixed by setting LINUX_HEADERS_INCDIR and
63aa47d032
FPIN support is (wrongly) enabled if ELS_DTAG_LNK_INTEGRITY is defined
in /usr/include/scsi/fc/fc_els.h since bump to version 0.8.9 in commit
b790ff27d5 and
cfff03efbc
resulting in the following build failure:
In file included from /nvmedata/autobuild/instance-7/output-1/host/nios2-buildroot-linux-gnu/sysroot/usr/include/scsi/scsi_netlink_fc.h:25,
from fpin_handlers.c:6:
/nvmedata/autobuild/instance-7/output-1/host/nios2-buildroot-linux-gnu/sysroot/usr/include/scsi/scsi_netlink.h:44:2: error: unknown type name 'uint8_t'
44 | uint8_t version;
| ^~~~~~~
https://github.com/opensvc/multipath-tools/compare/0.8.9...0.9.0
Fixes:
- http://autobuild.buildroot.org/results/32f4ada6c49261924ca78f62dee43241bda379a3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
