Fix CVE-2023-22432: Open redirect vulnerability exists in web2py
versions prior to 2.23.1. When using the tool, a web2py user may be
redirected to an arbitrary website by accessing a specially crafted URL.
As a result, the user may become a victim of a phishing attack.
https://github.com/web2py/web2py/compare/v2.23.0...v2.23.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 11f8c11dfb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fixed (security) [APP-70]: Memory leak in MibLeaf::set if same OID is set
twice in the same PDU.
- Fix the following build failure raised since bump of snmppp to version
3.5.0 in commit e011fa0415:
snmp_pp_ext.cpp: In member function 'int Agentpp::Snmpx::send(const Agentpp::Pdux&, Snmp_pp::SnmpTarget*)':
snmp_pp_ext.cpp:1172:47: error: binding reference of type 'Snmp_pp::Pdu&' to 'const Snmp_pp::Pdu' discards qualifiers
1172 | status = snmpmsg.loadv3(Snmp::get_mpv3(), pdu, engine_id, security_name,
|
Fixes:
- http://autobuild.buildroot.net/results/d7347b8b3953596b66da6ca6d85f084fb427934c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5f06ecf5e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2023-1161: ISO 15765 and ISO 10681 dissector crash in Wireshark
4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet
injection or crafted capture file
https://www.wireshark.org/security/wnpa-sec-2023-08.htmlhttps://www.wireshark.org/news/20230302.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9d39b2aed2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2023-27371: GNU libmicrohttpd before 0.9.76 allows remote DoS
(Denial of Service) due to improper parsing of a multipart/form-data
boundary in the postprocessor.c MHD_create_post_processor() method. This
allows an attacker to remotely send a malicious HTTP POST packet that
includes one or more '\0' bytes in a multipart/form-data boundary field,
which - assuming a specific heap layout - will result in an
out-of-bounds read and a crash in the find_boundary() function.
https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3b645ffda6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The impetus for this change was that wget fails to load pages signed by
Let's Encrypt due to missing root certs. This version has the updated and
correct certs.
0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
Patch dropped because the fix is incorporated upstream.
Signed-off-by: Steve Hay <me@stevenhay.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f5c8bd430)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
rtl8189fs branch is specific for rtl8189fs controller and diverged from
master so let's switch branch from master to rtl8189s to fix runtime
failure.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Tested-by: Indrek Kruusa <indrek.kruusa@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5b1e431500)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Use daemon name (bluetoothd) as file name.
- Script doesn't need to be executable.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 456204e7e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
- http://autobuild.buildroot.net/results/fdf2b2eb252a24e81bddad1c81c4fdfb03dc0afe
.../build/qt6base-6.4.2/src/plugins/tls/openssl/qdtls_openssl.cpp: In member function 'bool dtlsopenssl::DtlsState::initCtxAndConnection(QDtlsBasePrivate*)':
.../build/qt6base-6.4.2/src/plugins/tls/openssl/qdtls_openssl.cpp:669:9: error: 'q_SSL_set_psk_server_callback' was not declared in this scope; did you mean 'q_SSL_set_psk_use_session_callback'?
669 | q_SSL_set_psk_server_callback(newConnection.data(), dtlscallbacks::q_PSK_server_callback);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| q_SSL_set_psk_use_session_callback
.../build/qt6base-6.4.2/src/plugins/tls/openssl/qdtls_openssl.cpp:671:9: error: 'q_SSL_set_psk_client_callback' was not declared in this scope; did you mean 'q_SSL_set_info_callback'?
671 | q_SSL_set_psk_client_callback(newConnection.data(), dtlscallbacks::q_PSK_client_callback);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| q_SSL_set_info_callback
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 971ae7b266)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When running "make check-package" on a system with shellcheck 0.9.0,
the command fails with output:
make check-package
package/linux-tools/S10hyperv:0: run 'shellcheck' and fix the warnings
...
2 warnings generated
This commit fixes the warnings reported by the command:
shellcheck package/linux-tools/S10hyperv
This commit also fixes the four-space indent by a single tab on the
changed lines. Since this fixes the indentation warnings of
check-package, the Indent exclusion in .checkpackageignore is also
removed.
Fixes:
In package/linux-tools/S10hyperv line 27:
return $ret
^--^ SC2086 (info): Double quote to prevent globbing and word splitting.
In package/linux-tools/S10hyperv line 48:
return $ret
^--^ SC2086 (info): Double quote to prevent globbing and word splitting.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c4173d8b08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bagas is keen to maintain git package for Buildroot. However, due to
limited resources available, he can only do testing as far as
build testing. Other developers are needed to help him maintain the
package.
Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 562cf1fbdb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.19.7 (released 2023-03-07) includes a security fix to the
crypto/elliptic package, as well as bug fixes to the linker, the runtime,
and the crypto/x509 and syscall packages.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ensure time_t is defined to fix the following collectd build failure on
musl:
src/nut.c:40:2: error: #error "Unable to determine the UPS connection type."
40 | #error "Unable to determine the UPS connection type."
| ^~~~~
src/nut.c:46:3: error: unknown type name 'collectd_upsconn_t'
46 | collectd_upsconn_t *conn;
| ^~~~~~~~~~~~~~~~~~
libupsclient is an optional dependency of nut plugin since version
5.10.0 of collectd and
bc2d94024d
Fixes:
- http://autobuild.buildroot.org/results/22b758097e8fb72c68e41329cbc7abc748d81ca6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without threads raised since bump to
version 22.11 in commit 6f848c068f:
In file included from /home/buildroot/autobuild/instance-3/output-1/build/rtl_433-22.11/src/data_tag.c:17:
/home/buildroot/autobuild/instance-3/output-1/build/rtl_433-22.11/include/mongoose.h:407:10: fatal error: pthread.h: No such file or directory
407 | #include <pthread.h>
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/9f1677fc5a4568be0b9c121060c5d821ac2ae21b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without threads raised since bump to
version 1.26.0 in commit 5c6f32bd25:
ffi.c:(.text+0x9d8): undefined reference to `janet_abstract_threaded'
Fixes:
- http://autobuild.buildroot.org/results/20108e76990d8af7f47d474eadbbea8562ef6728
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
janet needs gcc >= 4.9 for stdatomic.h since version 1.26.0 and
bfcfd58259
resulting in the following build failure since commit
5c6f32bd25:
src/core/abstract.c:35:23: fatal error: stdatomic.h: No such file or directory
Fixes:
- http://autobuild.buildroot.org/results/a2b40adb93b751221ba2cdf9a705f86c30499021
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit cde69c668d bumped version where
Makefile changed CONFIG_PLATFORM_GENERIC to CONFIG_PLATFORM_AUTODETECT.
This way overriding the default platform doesn't work anymore resulting in
wrong CFLAGS including endianness macro and leading to a build failure.
So let's rename CONFIG_PLATFORM_GENERIC to CONFIG_PLATFORM_AUTODETECT to
fix.
Fixes:
http://autobuild.buildroot.net/results/2a8432646926b3b69383d204673c4113aae9de12
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ace needs FileHandle module:
Can't locate FileHandle.pm in @INC (you may need to install the FileHandle module) (@INC contains: /home/buildroot/autobuild/instance-0/output-1/host/lib/perl /usr/local/lib64/perl5/5.36 /usr/local/share/perl5/5.36 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /home/buildroot/autobuild/instance-0/output-1/build/ace-7.0.6/MPC/prj_install.pl line 17.
BEGIN failed--compilation aborted at /home/buildroot/autobuild/instance-0/output-1/build/ace-7.0.6/MPC/prj_install.pl line 17.
Fixes:
- http://autobuild.buildroot.org/results/9dee7c09fd7b41d276df0285a0f3dcae1a71f041
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with libressl raised since bump to
version 3.5.2 in commit 8b216927db:
/tmp/instance-17/output-1/build/ace-7.0.6/ace/SSL/SSL_Asynch_BIO.cpp:45:19: error: variable 'BIO_METHOD methods_ACE' has initializer but incomplete type
45 | static BIO_METHOD methods_ACE =
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/7f40d6dde03134238151c248fbbd66e4713546cb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
rdma-core unconditionally uses pthread_spin_lock since its addition in
commit ea47e177f0 resulting in the
following build failure:
/home/autobuild/autobuild/instance-9/output-1/host/lib/gcc/sh4-buildroot-linux-uclibc/12.2.0/../../../../sh4-buildroot-linux-uclibc/bin/ld: CMakeFiles/hfi1verbs-rdmav34.dir/verbs.c.o: in function `post_recv':
verbs.c:(.text+0xc4): undefined reference to `pthread_spin_lock'
Fixes:
- http://autobuild.buildroot.org/results/a943e03b79c4cc328b7712046ecff09706045f81
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
JIT sparc support has been dropped since version 10.41 and
b67d568201
resulting in the following build failure since bump to version 10.42 in
commit 64a03682cc:
src/pcre2_jit_compile.c:82:2: error: #error Unsupported architecture
82 | #error Unsupported architecture
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/d8246c9e3e54547cdb7d94dcdbf376d292dfd787
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
libbpf >1.0.0 defines libbpf_bpf_link_type_str(enum bpf_link_type) in
src/libbpf.h, which is included by host-pahole.
bpf_link_type is defined in linux/bpf.h, therefore the comment stating
that pahole doesn't need bpf.h is no longer valid.
The original reason to remove bpf.h has been solved with the previous
commit: the linux build will prefer the internal bpf.h over the one in
HOST_DIR (or in /usr/include). So we can safely keep bpf.h.
Fixes:
- http://autobuild.buildroot.net/results/d126a4b6eca786402dc362c86f8df3addec3d217/
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
A package might install headers that are incompatible with the kernel's
header. One example is the most recent version of pahole (1.24).
HOST_CC includes -I$(HOST_DIR)/include which comes before any include
logic the kernel might have thus forcing the kernel to prefer headers in
HOST_DIR.
The logic to substituting -I with -isystem is taken from
boot/uboot/uboot.mk.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Reviewed-by: Francis Laniel <flaniel@linux.microsoft.com>
Tested-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Fix the following build failure with glibc < 2.25 raised since bump to
version 2.6.0.0 in commit 5aac1d0105 and
ad5973028c:
src/minutils/rngseed.c:15:24: fatal error: sys/random.h: No such file or directory
#include <sys/random.h>
^
Fixes:
- http://autobuild.buildroot.org/results/214bcecfc389cb412b68627c831300478d614a3a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Fix the following build failure:
/tmp/ccHc3Awn.s:825: Error: selected processor does not support `mcr p15,0,r3,c7,c10,5' in Thumb mode
Fixes:
- http://autobuild.buildroot.org/results/1c597c9da724d6cac06b09b1ecd456a28440a3a3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Fix the following build failure:
/tmp/ccY5gl3z.s:2145: Error: selected processor does not support `mcr p15,0,r2,c7,c10,5' in Thumb mode
Fixes:
- http://autobuild.buildroot.org/results/9d18a0d360b2e2f9e87c55daedda62d6ce198bb9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Fix the following build failure:
/tmp/ccv8mDeW.s:93: Error: selected processor does not support `smull r6,r7,r3,r1' in Thumb mode
Fixes:
- http://autobuild.buildroot.org/results/92a3f19b4fa12a7724f9e3d99284da4ad2beecb2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Many of the C++ wrapper packages had API changes. These changes where
never introduced in gtkmm3, meaning that older, but still maintained
versions are needed to build gtkmm3.
Fixes:
- http://autobuild.buildroot.net/results/172/17263ac51f197031106eb7fd595126a2720f0397
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This is the version needed for gtkmm3.
Note that 2.28 is indeed the latest version before 2.36. They skipped
versions 2.30, 2.32 and 2.34.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
