Mutt 2.2.12 was released on September 9, 2023. This is a bug-fix
release, fixing two crash bugs. One is possible by viewing a crafted
message header, so upgrading is strongly recommended.
Fix CVE-2023-4874: Null pointer dereference when viewing a specially
crafted email in Mutt >1.5.2 <2.2.12
Fix CVE-2023-4875: Null pointer dereference when composing from a
specially crafted draft message in Mutt >1.5.2 <2.2.12
http://www.mutt.org/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Old links are no longer working, so use new links instead.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop patch and disable libseccomp when building statically to avoid the
following build failure raised since commit
29834d8a12:
src/seccomp_notify.c: In function 'seccomp_notify_plugins_load':
src/seccomp_notify.c:136:42: warning: implicit declaration of function 'dlopen'; did you mean 'popen'? [-Wimplicit-function-declaration]
136 | ctx->plugins[s].handle = dlopen(it, RTLD_NOW);
| ^~~~~~
| popen
src/seccomp_notify.c:136:53: error: 'RTLD_NOW' undeclared (first use in this function)
136 | ctx->plugins[s].handle = dlopen(it, RTLD_NOW);
| ^~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/13d3b46990720bba8621c922b5dce54ab650e96d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Does not install systemd unit if nodm or xdm is enabled.
Signed-off-by: Yanghao Cheng <yanghao.cheng@aioi-atg.com>
[yann.morin.1998@free.fr:
- don't use $(or ...)
- slightly reword comment
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
xdm package also installs a init script that utimately starts X server
Signed-off-by: Yanghao Cheng <yanghao.cheng@aioi-atg.com>
[yann.morin.1998@free.fr:
- don't use $(or ...)
- slightly reword comment
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
tests.package.test_python_pytest.TestPythonPy3Pytest runtime tests fails
now with following error:
======================================================================
FAIL: test_run (tests.package.test_python_pytest.TestPythonPy3Pytest.test_run)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/buildroot/support/testing/tests/package/test_python.py", line 137, in test_run
self.run_sample_scripts()
File "/buildroot/support/testing/tests/package/test_python_pytest.py", line 18, in run_sample_scripts
self.assertRunOk(cmd, timeout=self.timeout)
File "/buildroot/support/testing/infra/basetest.py", line 89, in assertRunOk
self.assertEqual(
AssertionError: 1 != 0 :
Failed to run: python -m pytest sample_python_pytest.py
output was:
Traceback (most recent call last):
File "<frozen runpy>", line 189, in _run_module_as_main
File "<frozen runpy>", line 148, in _get_module_details
File "<frozen runpy>", line 112, in _get_module_details
File "/usr/lib/python3.11/site-packages/pytest/__init__.py", line 5, in <module>
File "/usr/lib/python3.11/site-packages/_pytest/_code/__init__.py", line 2, in <module>
File "/usr/lib/python3.11/site-packages/_pytest/_code/code.py", line 36, in <module>
File "/usr/lib/python3.11/site-packages/pluggy/__init__.py", line 16, in <module>
File "/usr/lib/python3.11/site-packages/pluggy/_manager.py", line 10, in <module>
File "/usr/lib/python3.11/importlib/metadata/__init__.py", line 8, in <module>
File "/usr/lib/python3.11/zipfile.py", line 6, in <module>
ImportError: libz.so.1: cannot open shared object file: No such file or directory
Fix that by adding BR2_PACKAGE_PYTHON3_ZLIB dependency.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
[yann.morin.1998@free.fr: split long _DEPENDENCIES line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Old link is no longer working, so use new link instead.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2023-35790: An issue was discovered in dec_patch_dictionary.cc
in libjxl before 0.8.2. An integer underflow in patch decoding can lead
to a denial of service, such as an infinite loop.
https://github.com/libjxl/libjxl/releases/tag/v0.8.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Julien Olivain <ju.o@free.fr>
Tested-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Improved accuracy of MARK timer, optional, default: 20 minutes.
- Fix sub-second faking of kernel timestamps
- Fix reading kernel logs from /proc/kmsg, regression in v2.4.0.
Only relevant to really old kernels (pre 4.4?) or systems with
static device nodes and no auto-devtmpfs mounting in kernel
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Sync w/ OpenBSD upstream
- Fix key bindings, Home/End
- Fix buffer overflow on no match in i-search
- Fix mark reset
- Usability:
- persistent help in status bar
- F1 toggle quick-help buffer
- F2 save
- F3/F4 macro start/end + run, like GNU Emacs
Full ChangeLog https://github.com/troglobit/mg/releases/tag/v3.7
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- add upstream patch for Unordered available on the Release Page.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2023-29132: Irssi 1.3.x and 1.4.x before 1.4.4 has a
use-after-free because of use of a stale special collector reference.
This occurs when printing of a non-formatted line is concurrent with
printing of a formatted line.
https://irssi.org/NEWS/#news-v1-4-4https://irssi.org/NEWS/#news-v1-4-3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libjxl was failing to build for riscv targets, since commit ff7c37e57
"package/libjxl: security bump to version 0.8.1". Build was failing with
output:
/build/libjxl-0.8.1/lib/jxl/enc_xyb.cc: In function 'jxl::Image3F jxl::N_SCALAR::TransformToLinearRGB(const jxl::Image3F&, const jxl::ColorEncoding&, float, const JxlCmsInterface&, jxl::ThreadPool*)':
/build/libjxl-0.8.1/lib/jxl/enc_xyb.cc:223:21: error: variable 'std::atomic<bool> ok' has initializer but incomplete type
223 | std::atomic<bool> ok{true};
| ^~
This build failure was due to a missing <atomic> header inclusion. For
some reason, the build failure was observed only with RISC-V toolchains.
This commit fixes the issue by adding an upstream commit, not yet in a
package release. See [1].
Fixes:
http://autobuild.buildroot.org/results/121/12107bc7aea7afae1d2fb935d31b44eee6ea1501
[1] 22d12d74e7
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU
packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can
remotely force the lldpd daemon to perform an out-of-bounds read on heap
memory. This occurs in cdp_decode in daemon/protocols/cdp.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This version fix build failure on Linux version < 5.15.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The quoting around the expansion of ${relative_dir} was indeed incorrect
since it was introduced back in 8fe9894f65 (suport/download: fix git
wrapper with submodules on older git versions): it is in fact already
quoted as part of the whole sed expression.
${GIT} can contain more than one item, but we don't care about splitting
on spaces when we just print it for debug, so we can just quote it
rather than add an exception.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit b7efb43e86 (download/git: try to recover from
utterly-broken repositories), we catch errors through an ERR
trap, so we can try and recover from a broken repository. In
that commit, we switched from using "set -e" to "set -E", so
that trap is inherited in functions, command substitutions,
and subshells.
However, the trap is not defined until we have parsed the
options, created the cache directory, and eventually chdir()ed
into it. Athough improbable, it is possible for the git helper
to fail in any of those steps, and that would not get caught.
Fix that
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When we generate the taballs off a local working copy of a VCS tree,
the umask is the one that we enforce in out top-level Makefile.
However, it is possible that a user manually tinkers in said working
copy (e.g. to check an upstream bug fix, or regression). If the user
umask is different from the one Buildroot enfirces, such tinkering
can impact the mode bits of the files, even if their content is not
modified.
When we eventually need to create a tarball from said working copy,
the VCS (e.g. git) will only be interested in checking whether the
content of the files have changed before chcking them out, and will
not look at, and restore/fix the mode bits.
As a consequence, we may create non-reproducible archives.
We fix that by enforcing the mode bits on the files before we create
the tarball: we disable the write and execute bits, and only set the
execute bit if the user execute bit is set.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commits 4e8b5f9bee [0], 6cfbd51d98 [1], and d838a416c4 [2],
the repository we clone from is the cgit browser, and it does not serve
the git tree, only the browser:
$ git clone https://code.qt.io/cgit/qt/qtcoap.git
Cloning into 'qtcoap'...
fatal: repository 'https://code.qt.io/cgit/qt/qtcoap.git/' not found
Browsing there displays the cgit UI, which gives a proper URI to clone
from; switch to using that. Things happened to "work" so far thanks to
sources.buildroot.net.
[0] 4e8b5f9bee package/qt5/qt5mqtt: bump version to 5.15.2 (and fix download)
[1] 6cfbd51d98 package/qt5/qt5coap: bump version to 5.15.2 (and fix download)
[2] d838a416c4 package/qt5/qt5knx: bump version to 5.15.2 (and fix download)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
CC: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
