Drop APG_CFLAGS (which is empty) to correctly set CFLAGS with
TARGET_CFLAGS (which will contain -static) passed by
TARGET_CONFIGURE_OPTS. Moreover, pass TARGET_CFLAGS to FLAGS which is
used to build apgbfm. This will fix the following musl static build
failure raised since the addition of the package in commit
99eb1a7019:
/home/buildroot/autobuild/instance-2/output-1/host/lib/gcc/armeb-buildroot-linux-musleabi/10.3.0/../../../../armeb-buildroot-linux-musleabi/bin/ld: /home/buildroot/autobuild/instance-2/output-1/host/lib/gcc/armeb-buildroot-linux-musleabi/10.3.0/libgcc.a(_dvmd_lnx.o): in function `__aeabi_ldiv0':
/home/buildroot/autobuild/instance-2/output-1/build/host-gcc-final-10.3.0/build/armeb-buildroot-linux-musleabi/libgcc/../../../libgcc/config/arm/lib1funcs.S:1499: undefined reference to `raise'
Fixes:
- http://autobuild.buildroot.org/results/0e53957965363ceb7141bf8a612998abec893b17
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 35b35d90b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This bump will fix the following static build failure with berkeleydb
thanks to
31dac3e264:
/nvmedata/autobuild/instance-6/output-1/host/lib/gcc/mipsel-buildroot-linux-uclibc/10.3.0/../../../../mipsel-buildroot-linux-uclibc/bin/ld: lib/auto/DB_File/DB_File.a(DB_File.o): in function `ParseOpenInfo':
DB_File.c:(.text+0x7d30): undefined reference to `db_create'
Fixes:
- http://autobuild.buildroot.org/results/e01a042185b2221bee815bb9096c4419eeb6e558
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0425b12daf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
uClibc currently supports RISC-V with a soft-float or 64-bit
hard-float ABI, but not 32-bit hard-float. Selecting
BR2_RISCV_ABI_LP64F results in a build failure:
./include/sys/asm.h:42:4: error: #error unsupported FLEN
42 | # error unsupported FLEN
| ^~~~~
Change the conditions for BR2_PACKAGE_UCLIBC_ARCH_SUPPORTS
accordingly.
Fixes:
http://autobuild.buildroot.net/results/ac6e2c4369df46bad9a2ad46ce073e3f15f22ee6/
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
[Thomas: instead of !BR2_RISCV_ABI_LP64F, use BR2_RISCV_ABI_LP64 ||
BR2_RISCV_ABI_LP64D]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9a51381ced)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In this commit BR2_PACKAGE_UCLIBC_SUPPORTS looks redundant with
BR2_PACKAGE_UCLIBC_ARCH_SUPPORTS, but for other C libraries, like glibc,
it can be different.
To be consistent, we use the same pattern for uClibc.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4142dbe7f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since commit
4138151e44:
Makefile:576: *** musl-fts is in the dependency chain of tcpreplay that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
Fixes:
- http://autobuild.buildroot.org/results/629aabd00cebcad980bf707a70642a67ad4472ca
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 519b5ade92)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The cam application requires libevent. Since there's no Kconfig option
for it, cam building ability is checked by meson build system by default.
If libevent is present in the sysroot, cam is built.
The issue is that there's no explicit dependency on libevent in
libcamera package. This means that it is possible for libevent AND
libcamera to be built, but have libcamera be built before libevent.
Meaning that even if all requirements seem to be fulfilled, cam still
won't be enabled in some cases.
This fixes the possible race by expliciting the dependency to libevent
if the libevent package is enabled. Otherwise, explicitly disable cam
building as it's already known that it isn't going to build.
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 030baf89fc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixed broken logic added with ceedd670d8
back in 2015.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4f25bbb7a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix typo added by commit
86deafe863:
make: *** No rule to make target '--disable-pam', needed by '/nvmedata/autobuild/instance-0/output-1/build/lxc-4.0.12/.stamp_configured'. Stop.
Fixes:
- http://autobuild.buildroot.org/results/ce1be5a8152f7c9aa0f6e59abff035f97a3fd423
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6bb54bf835)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libressl can be built with uclibc on noMMU since bump to version 3.0.2
in commit 26f42106e8 and
f542e84c85
However, uclibc-ng doesn't provide __register_atfork without NPTL
resulting in the following libressl build failure:
/nvmedata/autobuild/instance-28/output-1/host/lib/gcc/arceb-buildroot-linux-uclibc/10.3.0/../../../../arceb-buildroot-linux-uclibc/bin/ld: ../../tls/libtls.a(arc4random.c.o): in function `_rs_stir':
arc4random.c:(.text+0x50c): undefined reference to `__register_atfork'
So fix the dependency and, while at it, drop the double negation for
readability
Fixes:
- http://autobuild.buildroot.org/results/2fa4fa10cf19f1f942b6b49b5f6f05339c008cd4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 33599d5f35)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Various security, performance, accuracy, and stability issues have been
fixed.
https://forum.suricata.io/t/suricata-6-0-6-and-5-0-10-released
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2092909249)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, fixes a WebKitWebProcess leak, MPRIS/MediaSession
support, adds a missing ATSPI a11y interface, and security patches
for CVE-2022-22677 and CVE-2022-26710.
Release notes:
https://webkitgtk.org/2022/07/05/webkitgtk2.36.4-released.html
Accompanying security advisory:
https://webkitgtk.org/security/WSA-2022-0006.html
One patch is now included in the packaged release, and another with a
build fix imported, which is actually a revert of a patch that made it
into the release but can cause linking issues when using LTO.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 008ab9474e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, fixes a WPEWebProcess leak, MPRIS/MediaSession support,
adds a missing ATSPI a11y interface, and security patches for
CVE-2022-22677 and CVE-2022-26710.
Release notes:
https://wpewebkit.org/release/wpewebkit-2.36.4.html
Accompanying security advisory:
https://wpewebkit.org/security/WSA-2022-0006.html
One patch is not included in the packaged release, and another with a
build fix imported, which is actually a revert of a patch that made it
into the release but can cause linking issues when using LTO.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8cd727c3af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-34903: GnuPG through 2.3.6, in unusual situations where an
attacker possesses any secret-key information from a victim's keyring
and other constraints (e.g., use of GPGME) are met, allows signature
forgery via injection into the status line.
https://lists.gnupg.org/pipermail/gnupg-announce/2022q3/000474.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5a0a9227ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5645990b88)
[Peter: drop 5.17.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a bug-fix release, fixing a variety of small issues.
https://gitlab.com/muttmua/mutt/-/blob/mutt-2-2-6-rel/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 14da23e861)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The previous location 'Libraries / Graphics' does not fit the purpose
of this package, we display it next to Pulseaudio instead.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c38ea2e43a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
AES OCB fails to encrypt some bytes (CVE-2022-2097)
===================================================
Severity: MODERATE
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation will not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9cf73b3fe1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Move kconfig comment below the "if BR2_PACKAGE_BIND...endif" block so
that the two sub-options are presented in menuconfig as subordinate to
"bind" package selection rather than equal to it as if they were
unrelated.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0d566b8cc7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The help section of "BR2_PACKAGE_HOST_UBOOT_TOOLS_ENVIMAGE_REDUNDANT"
refers to U-Boot configuration option "CONFIG_ENV_SIZE_REDUND" which is
removed since U-Boot v2020.01, so remove this reference.
We may replace this with a reference to "CONFIG_ENV_OFFSET_REDUND" as
another indicator that a redundant environment image should be created.
This also fixes a minor typo in the same file.
Signed-off-by: Dominik Michael Rauh <dmrauh@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c3ebeca440)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libsndfile is only used for examples and tests so disable it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit eb8bef884b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 5b679d7806 forgot to set
--{dis,en}able-alsa
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5ef445e84f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Open-Source IPA shlibs need to be signed in order to be runnable within
the same process, otherwise they are deemed Closed-Source and run in
another process and communicate over IPC.
The shlib installed on the target should be the same as the one signed
by libcamera during package creation otherwise the signature won't match
the shlib.
Buildroot sanitizes RPATH in a post build process. meson gets rid of
rpath while installing so we don't need to do it manually.
Buildroot may strip symbols, so we need to do the same before signing.
Signing the IPA shlibs is done by the meson install target, so we need
to strip the IPA shlibs, so after the build but before the install,
which a post-build hooks fits the best.
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
[yann.morin.1998@free.fr: slight rewording of commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bba4dad9aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release addresses several security problems including CVE-2022-30595.
https://github.com/python-pillow/Pillow/releases/tag/9.1.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 83548c33fa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The c_rehash script allows command injection (CVE-2022-2068)
============================================================
Severity: Moderate
In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the
shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
https://www.openssl.org/news/secadv/20220621.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 026f35d9e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gaël Portay is apparently no longer at Collabora:
<gael.portay@collabora.com>: host mail.collabora.co.uk[46.235.227.172] said:
550 5.1.1 <gael.portay@collabora.com>: Recipient address rejected: User
unknown in local recipient table (in reply to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 91562c9045)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=14881
The package provides a library and a .pc file, so install it into staging as
well.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit faeebe0858)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-2085: A NULL pointer dereference vulnerability was found in
Ghostscript, which occurs when it tries to render a large number of bits
in memory. When allocating a buffer device, it relies on an
init_device_procs defined for the device that uses it as a prototype
that depends upon the number of bits per pixel. For bpp > 64,
mem_x_device is used and does not have an init_device_procs defined.
This flaw allows an attacker to parse a large number of bits (more than
64 bits per pixel), which triggers a NULL pointer dereference flaw,
causing an application to crash.
Drop patch (already in version)
https://www.ghostscript.com/doc/9.56.0/News.htmhttps://www.ghostscript.com/doc/9.56.1/News.htm
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit df91a970b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf46a455bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog: https://github.com/jedisct1/pure-ftpd/blob/master/ChangeLog
Updated copyright hash due to copyright year bump:
cf1a9705c6
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ad54a80465)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without sched_yield raised since bump to
version 7.84.0 in commit b034109dd6:
In file included from easy.c:89:
easy_lock.h: In function 'curl_simple_lock_lock':
easy_lock.h:56:7: error: implicit declaration of function 'sched_yield' [-Werror=implicit-function-declaration]
56 | sched_yield();
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/fbc80a0002d640210c81a4c518856c02669059b7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Tested-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a5adc9b658)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
nginx has been replaced by f5 since February 2022:
<cpe-item name="cpe:/a:nginx:nginx:1.18.0" deprecated="true" deprecation_date="2022-02-22T19:26:32.967Z">
<reference href="https://nginx.org/en/CHANGES-1.18">Change Log</reference>
<cpe-23:cpe23-item name="cpe:2.3🅰️nginx:nginx:1.18.0:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3🅰️f5:nginx:1.18.0:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Af5%3Anginx
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3bd30f4a13)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
