Generating Bitcoins to an address can take longer than the current
timeout, on slow runners. This commit fixes this issue by increasing
the timeout on specific commands. This issue was also observed more
frequently on newer bitcoin-core version 28.0.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/7782083081
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 859c4ea5f74f713777ffa980f1627b46a311bdd4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=52afe563206e753f4c45c014fee2459ad0855826
postgrsql fails to build with toolchains without threads support:
misc.c: In function 'ecpg_gettext':
misc.c:541:51: error: 'PTHREAD_MUTEX_INITIALIZER' undeclared (first use in this function)
541 | static pthread_mutex_t binddomain_mutex = PTHREAD_MUTEX_INITIALIZER;
| ^~~~~~~~~~~~~~~~~~~~~~~~~
misc.c:541:51: note: each undeclared identifier is reported only once for each function it appears in
misc.c:552:24: warning: implicit declaration of function 'pthread_mutex_lock' [-Wimplicit-function-declaration]
552 | (void) pthread_mutex_lock(&binddomain_mutex);
| ^~~~~~~~~~~~~~~~~~
misc.c:569:24: warning: implicit declaration of function 'pthread_mutex_unlock' [-Wimplicit-function-declaration]
569 | (void) pthread_mutex_unlock(&binddomain_mutex);
| ^~~~~~~~~~~~~~~~~~~~
Option "--disable-thread-safety" will be dropped in PG 17, so
this patch is needed only for 16.x branch.
Fixes: 73dd1d6b96 ("package/postgresql: security bump version to 16.3")
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 747a41c19c3ab49981beff8166679a9f49acf0d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: He Haorui <hehaorui1999@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f3e805428302c16769da78ce6604d5db77fbc39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package homepage http url redirects to https. This commit updates
this url to directly use https.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5440d6c4464d8dd25c9315e49e97cd91884ccde2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package _SITE url only contains the latest version at a given point
in time. When a new version is published, it is replacing the old one.
This issue was not detected because the archive was downloaded from the
sources.buildroot.org backup mirror, when the primary source became
unavailable.
Since commit 559bb33ae "support/testing: do not use s.b.o" [1], the
runtime test infrastructure is disabling this backup mirror. This
makes the nmap runtime test failing [2], which is using liblinear as
a dependency.
The liblinear package author confirmed in a private email that all the
releases, including the latest version, are all kept in the "oldfiles"
directory.
This commit fixes this download issue by updating the _SITE url to that
location. While at it, this commit also change the url to use https
(since the http equivalent redirects to https).
Fixes:
- [2]
[1] 559bb33ae7
[2] https://gitlab.com/buildroot.org/buildroot/-/jobs/7948008007
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8b18c67f2651ac64e865a1dbd46de60ce8390959)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes the following runtime error when importing PyQt5 in python:
from PyQt5.QtCore import *
ModuleNotFoundError: No module named 'PyQt5.sip'
The problem was likely triggered by the atomic upgrade from 5.7 to
5.15 in b36ce7e. This commit is part of the 2022-2024 LTS.
Signed-off-by: Ralf Dragon <hypnotoad@lindra.de>
Tested-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit ba09a448f1e2e3b3123384ddddeb62d18bfa9461)
[Peter: reword commit summary]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version environment variable VERSION=$(VERSION) is set in the top level
Makefile of the sysvinit:
$(MAKE) VERSION=$(VERSION) -C src $@
Build command SYSVINIT_BUILD_CMDS doesn't use the top level Makefile, but
src/Makefile instead without setting the VERSION variable, which leads to
undefined VERSION macro in src/init.c.
Add VERSION=$(SYSVINIT_VERSION) to SYSVINIT_MAKE_OPTS to make the VERSION
environment variable available in the src/Makefile.
Signed-off-by: Cody Green <cody@londelec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 954098b1423d3095112f49a6ac236ddb98236292)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The check-package tool requires some PyPi package to be installed before
it can run. This is typically done by manually installing them into the
user's global Python environment or setting up a virtual environment,
then manually installing each dependency.
Python recently defined a format for managing script dependencies as
inline metadata[1]. This can be used with the `uv` tool to run a Python
script and automatically install the minimum required version of Python
and PyPi dependencies.
With this change, it's now possible to run check-package with
uv run -s ./utils/check-package
Note that, because check-package does not have the '.py' file extension
we must specify the `-s` or `--script` argument. That argument was added
very recently in release 0.4.19[2].
I set the minimum python to 3.9 as that is the oldest version still
supported[3]. I verified 3.9 works by running
uv run -p 3.9 -s ./utils/check-package `git ls-tree -r --name-only HEAD` --ignore-list=.checkpackageignore
[1] https://packaging.python.org/en/latest/specifications/inline-script-metadata/#script-type
[2] https://github.com/astral-sh/uv/releases/tag/0.4.19
[3] https://devguide.python.org/versions/
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6ffcdb52e80b63e68c890aed52ff7f4d00e079b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Call out the requirements to run check-package and mention that Docker
can be used to run check-package without installing dependencies.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 68de69c4d7f61ab5da4dd9cad221fb82e9e1abce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When compiling jailhouse with BR2_PACKAGE_JAILHOUSE_HELPER_SCRIPTS=y,
installation is failing with error:
/bin/sh: -c: line 1: syntax error near unexpected token ')'
This error is due to an extra ')' character in the macro
JAILHOUSE_INSTALL_HELPER_SCRIPTS.
This commit fixes this typo.
Signed-off-by: Raimundo Sagarzazu <rai.sagarzazu@outlook.com>
[Julien: reworded the commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 10d25d98edbc75d47f6a8838d91d39e48b12c895)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I still follow Buildroot development and use it for some personal
projects, but no longer have the time to be an active contributor.
Some of these are important defconfigs and packages to have up-to-date
in Buildroot, and mostly other developers have been doing that work, so
I am dropping them so that someone from the active contributors can be
the maintainer contact for them.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1dc370cc9009b5362aad5e2e481703f0ca76b4a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See here for a changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-20.10.0.md
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5ed6aa0fe30319e250fbe700895cfcd603c495ff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I am no longer actively involved in Buildroot.
Signed-off-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 91696fbcf1cefe35bf7134b981cdcc3175eb0770)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This vulnerability only affects libcurl deployments in Nest products
because of incorrect use.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7e739d49b235c1692edbb51dcc23671eaa79fd4f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When I initially made the CVE cells collapsible, I neglected to
count the unsure CVEs. This patch adds unsure CVEs to the cell collapsing
calcualation to ensure that cells with lots of unsure CVEs actually get collapsed.
This patch also removes the "+ 1" from the cve_total calculation,
which fixes the cve_total being off-by-one.
I'm not sure *why* I did that in the first place.
demo:
https://sen-h.codeberg.page/pkg-stats-demos/@pages/add-unsure_cves-to-cve_total-calc.html
Signed-off-by: Sen Hastings <sen@hastings.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 87b8428c4017b220afe950aae3a673870698d986)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We got following error with --enable-static:
checking whether to build static libraries... yes
configure: error: Static linking is not supported as it disables dlopen() and certain security features (e.g. RELRO, ASLR)
Fixes:
http://autobuild.buildroot.org/results/b55/b553898381ff0fdf5dd705fbb11b469b7564c6e6
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 7b43e248180ad3b3dd1804687bc4457f29a88137)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security fixes:
- gzip: prevent a hang when processing a malformed gzip inside a gzip
(#2366, OSS-Fuzz)
- tar: don't crash on truncated tar archives (#2364, OSS-Fuzz)
- tar: fix two leaks in tar header parsing (#2377)
Important bugfixes:
- 7-zip: read/write symlink paths as UTF-8 (#2252)
- cpio: exit with an error code if an entry could not be extracted (#2371)
- rar5: report encrypted entries (#2096)
- tar: fix truncation of entry pathnames in specific archives (#2360)
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 55d0c9a9a6f89ed5c4d2e0d25cf499f180a99ee1)
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The denx.de/wiki/U-Boot link now redirects to docs.u-boot.org/en/latest
Replace the link to the new location for the U-Boot documentation
Signed-off-by: Bryan Brattlof <bb@ti.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 164d9f0546372eb076506eebc8f88c6c4a544a36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Grab commit 778d326740f9893c398f959b419629935b613099 from upstream to
fix the build on mips64 and mips64el when the n32 ABI is used.
Fixes:
http://autobuild.buildroot.net/results/27123bf0ddc84599bceb02ac987327817d498659/
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 90167378de)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 2023.2 version forgets to populate the iHT structure before accessing
it, leading to a segfault. Add a patch submitted upstream to fix that.
Notice that this is fixed in the 2024.1 version as there ReadBinaryFile()
now calls ReadHeaderTableDetails():
3a0f879c61 (diff-404aa20e03f1035b725ac1ea6e64c28477bb65c1663da67f64ffdb1a60552cee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add patch to fix build failure introduced in bump to version 8.10.0.
Fixes:
https://autobuild.buildroot.org/results/2d553687a32651f81813c82d7bbf9bb11fd3eca5/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 16ce77ad7d3a05addc1962b455242199a93f3811)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For change log, see:
https://github.com/eclipse/mosquitto/blob/v2.0.19/ChangeLog.txt
The change log mention 2 security related fixes.
There is no allocated CVE.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bd127d0c3ffc57646f4908264728da4ea074241b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a test that runs the dtc commandline tools. To test devicetree
compilation, we use an example devicetree from the dtc project. The
example source is GPL-2.0+ licensed.
Signed-off-by: Brandon Maier <brandon.maier@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 9b690341602388b54c596c4510d770f58f4ad227)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
linux-pam 1.2.0 removed the use of yywrap, so the flex dependency is not
needed now (host-flex is still needed).
Fixes: #47
Signed-off-by: Damien Thébault <damien.thebault@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 600e273487baf76d4469bca43d42bd2c4b364db8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 86bb1b236 "boot/grub2: needs host-python3" [1] introduced a
dependency on host-python3.
Since grub does not have any specific requirements on host Python
modules, or recent host Python version, this commit replaces the
host-python3 dependency with BR2_PYTHON3_HOST_DEPENDENCY. This will
skip the host-python3 compilation if a sufficient version (3.4 or
greater at the time of this commit) is already present on host. This
will save build time.
This optimization was suggested by Peter, in [2].
Note 1: this commit was checked to ensure that grub is building with
Python 3.4.
Note 2: BR2_PYTHON3_HOST_DEPENDENCY was introduced in commit b60729784
"support/dependencies: add a check for python3" [3].
[1] 86bb1b2360
[2] https://lists.buildroot.org/pipermail/buildroot/2024-September/763967.html
[3] b60729784a
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8a71fda371c1785f9e4364f05ab0a632e1946c53)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The previous repo is not available anymore.
Fixes:
https://autobuild.buildroot.org/results/8c8b073ce163131763fca978b400e596fcf39e62
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4e5fd24c8b7438672c475d0559200ff72c4b1cc7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3.7.5 fixed a number of security issues:
fix multiple vulnerabilities identified by SAST (#2251, #2256)
cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
lzop: prevent integer overflow (#2174)
rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
rar4: fix CVE-2024-26256 (#2269, CVS-2024-26256)
rar4: fix OOB in delta and audio filter (#2148, #2149)
rar4: fix out of boundary access with large files (#2179)
rar4: add boundary checks to rgb filter (#2210)
rar4: fix OOB access with unicode filenames (#2203)
rar5: clear 'data ready' cache on window buffer reallocs (#2265)
rpm: calculate huge header sizes correctly (#2158)
unzip: unify EOF handling (#2175)
util: fix out of boundary access in mktemp functions (#2160)
uu: stop processing if lines are too long (#2168)
And 3.7.6 fixed a tar regression introduced in 3.7.5
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ab3c84e5e2391a7832f6baa2f20b28661f55dd2c)
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Doctoring a defconfig is tedious, and it is not easy to update a
defconfig, as it requires manual copy-pasting, adding comments and so
on...
Instead, just require defconfigs to be generated with 'savedefconfig'.
Any details can/must be provided in the commit log.
Reported-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 17bdd10cb350e9c45926c2a5a05f278d104ee4c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2024-35235: Cupsd Listen arbitrary chmod 0140777
https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6fhttps://www.openwall.com/lists/oss-security/2024/06/11/1
Drop cups hash patches which are now upstream.
Rebase remaining patches.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8d835ffc524e2dab66ce1421240b9eb93c8f8f6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes: https://www.python.org/downloads/release/python-31110/
Fixes CVE-2024-4032, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592,
CVE-2024-8088 and CVE-2023-27043.
The fixes for bundled libexpat are irrelevant for us because external expat
is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version fixes an out-of-bound reads in the MLSD command, so upgrading is recommended.
It also improves compatibility with various systems.
Update the COPYING hash because of a change in copyright year
Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5271e90a6a2cc7633f3f917391865d2f9df54142)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
