Commit Graph

63844 Commits

Author SHA1 Message Date
Thomas Petazzoni
1713777f3a package/wolfssl: post-process wolfssl-config script
The wolfssl package installs $(STAGING_DIR)/usr/bin/wolfssl-config,
which needs to be post-processed to return correct results. Use
<pkg>_CONFIG_SCRIPTS to achieve this.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-01 23:04:57 +02:00
Thomas Petazzoni
549f5f0778 package/wolftpm: add missing license file hash
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-01 22:51:21 +02:00
Dimitar Tomov
4bb884a3c6 package/wolftpm: new package
wolfTPM is an open-source TPM 2.0 stack with backward API compatibility,
designed for embedded use. It is highly portable, and has native support
for Linux. wolfTPM has a compact code size with low resource usage.

Signed-off-by: Dimitar Tomov <dimi@tpm.dev>
[Thomas:
 - Fix ordering in the DEVELOPERS file, use full name
 - Add missing !BR2_STATIC_LIBS dependency
 - Use "select" and not "select on"
 - Make sure wolftpm-config script gets post-processed by using
   <pkg>_CONFIG_SCRIPTS
 - Add missing --with-wolfcrypt option.
 - Rename WOLFTPM_CONFIG_RPATH to WOLFTPM_TOUCH_CONFIG_RPATH and use
   mkdir -p to make the hook re-executable]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-01 22:43:27 +02:00
Angelo Compagnucci
dd018f78de package/rtl8723ds: new package
This package adds a driver for Realtek RTL8723DS wifi chip.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-01 21:34:00 +02:00
Fabrice Fontaine
6a1331ba01 package/samba4: needs iconv.h
samba4 needs iconv.h since bump to version 4.15.3 in commit
d33ad03e75 and
fc51b38ed8:

../../source3/lib/netapi/examples/common.c:13:10: fatal error: iconv.h: No such file or directory
   13 | #include <iconv.h>
      |          ^~~~~~~~~

Strangely enough, there is no autobuilder failures.

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=14821

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-01 15:24:36 +02:00
Fabrice Fontaine
1917fe2983 toolchain/Config.in: sh4{eb, a, aeb} are affected by GCC bug 101737
pixman fails to build with BR2_OPTIMIZE_S on sh4{eb,a,aeb}:

In file included from pixman-fast-path.c:33:
pixman-fast-path.c: In function 'fast_composite_scaled_nearest_8888_565_normal_OVER':
pixman-inlines.h:586:1: internal compiler error: Segmentation fault
  586 | }
      | ^

Since all SuperH variants are affected, use BR2_sh instead of BR2_sh4.

Fixes:
 - http://autobuild.buildroot.org/results/c9d35d5975311a191dfbe12291398503987e804e
 - http://autobuild.buildroot.org/results/d34b8672f6211d60af4122bdd94fa8c2f4f4bf6a
 - http://autobuild.buildroot.org/results/933c4a2e73c987573ecc97172f442b78199462d5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-01 14:43:19 +02:00
Fabrice Fontaine
ea79360907 package/rauc: fix build
Fix the following build failure raised since bump to version 1.5 in
commit 41bbe8df54 and
be55282d71:

In file included from /nvmedata/autobuild/instance-22/output-1/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/include/glib-2.0/glib.h:62,
                 from src/verity_hash.c:26:
src/verity_hash.c: In function 'verify_zero':
src/verity_hash.c:69:55: error: expected ')' before 'PRIu64'
   69 |    g_message("Spare area is not zeroed at position %" PRIu64 ".",
      |                                                       ^~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/1a093c0e194a061836884419d2f50506105db01e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-01 14:34:21 +02:00
Fabrice Fontaine
267e39413e package/libks: disable tests
Disables tests to avoid the following build failure with
BR2_SHARED_STATIC_LIBS:

[ 42%] Linking C executable teststring
../libks.so.1: undefined reference to `dlsym'

Fixes:
 - http://autobuild.buildroot.org/results/e61a683928795402375165adf686687f3305e0c2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-01 14:33:37 +02:00
Fabrice Fontaine
31a7427662 package/zlib-ng: fix version in zlib.pc when building statically
Fix the following static build failure with transmission:

checking for ZLIB... configure: error: Package requirements (zlib >= 1.2.3) were not met:

Package dependency requirement 'zlib >= 1.2.3' could not be satisfied.
Package 'zlib' has version '', required version is '>= 1.2.3'

Fixes:
 - http://autobuild.buildroot.org/results/b3b882482f517726e5c780ba4c37818bd379df82

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-01 14:28:38 +02:00
James Hilliard
4141e017e1 package/wireshark: drop !BR2_arc dependency
This is no longer a qt dependency as of:
16ffc65494

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:54:33 +02:00
Johan Oudinet
483b1105fd package/ejabberd: bump version to 21.12
And update the patches accordingly. Also add a patch to adjust the
includes to find the corresponding libraries.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:40:14 +02:00
Johan Oudinet
21273da96e package/erlang-p1-zlib: bump version to 1.0.10
The copyright year in the license file has been updated to 2022, hence
the new license hash.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:28 +02:00
Johan Oudinet
6d296aa2da package/erlang-p1-sip: bump version to 1.0.47
The copyright year in the license file has been updated to 2022, hence
the new license hash.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:27 +02:00
Johan Oudinet
117f85da8a package/erlang-p1-stun: bump version to 1.0.47
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:26 +02:00
Johan Oudinet
bfab22cb17 package/erlang-p1-acme: bump version to 1.0.16
and remove the unnecessary patch.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:25 +02:00
Johan Oudinet
4adef845d1 package/erlang-jose: bump version to 1.11.1
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:23 +02:00
Johan Oudinet
0a02fb5540 package/erlang-p1-mqtree: bump version to 1.0.14
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:22 +02:00
Johan Oudinet
d5b72f0d09 package/erlang-eimp: bump version to 1.0.21
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:21 +02:00
Johan Oudinet
0a059cfb89 package/erlang-p1-pkix: bump version to 1.0.8
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:20 +02:00
Johan Oudinet
0c1968df11 package/erlang-p1-oauth2: bump version to 0.6.10
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:19 +02:00
Johan Oudinet
93500eaa3f package/erlang-p1-yconf: bump version to 1.0.12
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:17 +02:00
Johan Oudinet
ad440eacbb package/erlang-p1-yaml: bump version to 1.0.32
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:16 +02:00
Johan Oudinet
9b00be972a package/erlang-p1-xmpp: bump version to 1.5.6
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:15 +02:00
Johan Oudinet
22db166944 package/erlang-p1-xml: bump version to 1.1.49
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:14 +02:00
Johan Oudinet
b680798eaa package/erlang-p1-stringprep: bump version to 1.0.27
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:12 +02:00
Johan Oudinet
541381a134 package/erlang-p1-tls: bump version to 1.1.13
The copyright year in the license file has been updated to 2022, hence
the new hash for the license.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:11 +02:00
Johan Oudinet
611e084a5e package/erlang-p1-cache-tab: bump version to 1.0.29
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:10 +02:00
Johan Oudinet
820bd7dee5 package/erlang-p1-utils: bump version to 1.0.23
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:09 +02:00
Johan Oudinet
4504ec7d4d package/erlang-lager: bump version to 3.9.1
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:07 +02:00
Johan Oudinet
63c5c26646 package/erlang-idna: bump version to 230a917
Remove the unicode_util_compat library, which is not needed for the
erlang version packaged in Buildroot.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:26:06 +02:00
Fabrice Fontaine
eb5e2d2d43 package/libcec: drop unrecognized option
HAVE_DATE_BIN has been dropped since version 4.0.5 and
d04037825e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:21:42 +02:00
Adrian Perez de Castro
c3c19e82b4 package/webkitgtk: allow building for risc-v
WebKitGTK works just fine on RISC-V. For the current stable version the
build system automatically picks the LLint JavaScript interpreter, and
the upcoming 2.38.x release series will include (and automatically
enable) JIT support.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:19:48 +02:00
Adrian Perez de Castro
9866e2e64a package/wpewebkit: allow building for risc-v
WPE WebKit works just fine on RISC-V. For the current stable version
the build system automatically picks the LLint JavaScript interpreter,
and the upcoming 2.38.x release series will include (and automatically
enable) JIT support.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 10:19:41 +02:00
Fabrice Fontaine
74a4bb58fe package/pipewire: fix uclibc build
Fix the following uclibc build failure:

/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mipsel-buildroot-linux-uclibc/10.3.0/../../../../mipsel-buildroot-linux-uclibc/bin/ld: src/pipewire/libpipewire-0.3.so.0.351.0.p/introspect.c.o: in function `pw_node_info_merge':
/home/buildroot/autobuild/instance-0/output-1/build/pipewire-0.3.51/build/../src/pipewire/introspect.c:216: undefined reference to `reallocarray'

Fixes:
 - http://autobuild.buildroot.org/results/374582f75713c4116ae23f972c5bc55214879502

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 09:03:22 +02:00
Adrian Perez de Castro
93f831bf5d package/webkitgtk: security bump to version 2.36.3
Bugfix release, mostly with build fixes, media playback improvements,
an important fix for when using threaded rendering, and security patches
for CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, and
CVE-2022-26719.

Release notes:

  https://webkitgtk.org/2022/05/28/webkitgtk2.36.3-released.html
  https://webkitgtk.org/2022/05/18/webkitgtk2.36.2-released.html

Accompanying security advisory:

  https://webkitgtk.org/security/WSA-2022-0005.html

This also imports a build fix which has not made it into the release.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 09:02:40 +02:00
Adrian Perez de Castro
bab6100b51 package/wpewebkit: security bump to version 2.36.3
Bugfix release, mostly with build fixes, media playback improvements,
an important fix for when using threaded rendering, and security patches
for CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, and
CVE-2022-26719.

Release notes:

  https://wpewebkit.org/release/wpewebkit-2.36.2.html
  https://wpewebkit.org/release/wpewebkit-2.36.3.html

Accompanying security advisory:

  https://wpewebkit.org/security/WSA-2022-0005.html

This also imports a build fix which has not made it into the release.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-31 09:02:40 +02:00
Waldemar Brodkorb
ceb3dae264 board/qemu/ppc-bamboo: use path to vmlinux image for copy and paste users
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-05-30 23:44:47 +02:00
Thomas Huth
2d8a4e1fdd package/kvm-unit-tests: fix build on big endian aarch64 targets
When building with BR2_cortex_a76 in big endian mode, the build of
the kvm-unit-tests is currently failing since the "--arch" option
of the configure script is not set right. We also have to look at
BR2_aarch64_be in this case to get this initialized properly.

Fixes: f7228dadd3 ("package/kvm-unit-tests: add more arm support")
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-30 23:44:14 +02:00
Fabrice Fontaine
2753d9ef82 package/gcr: put back BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS dependency
Commit 5452b58870 wrongly removed
BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS dependency resulting in the
following build failure:

Makefile:576: *** libgpg-error is in the dependency chain of libgcrypt that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in.  Stop.

Fixes:
 - http://autobuild.buildroot.org/results/261a137824109342fd83b766a299c1eeda6ff401

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-30 23:25:07 +02:00
Fabrice Fontaine
9e48c2d5f1 package/boinc: fix build with libexecinfo
Fix the following build failure raised on uclibc and musl since the
addition of libexecinfo package in commit
eea8ba446c:

/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: ../lib/.libs/libboinc.a(libboinc_la-diagnostics.o): in function `boinc_catch_signal':
diagnostics.cpp:(.text+0x8a): undefined reference to `backtrace'

Fixes:
 - http://autobuild.buildroot.org/results/4504379b464eb144a4c257001eb4d316bb1f5e44

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-30 23:09:44 +02:00
Fabrice Fontaine
07cc32898b package/boost: fix boost-log build
Fix the following build failure with boost-log raised since bump to
version 1.79.0 in commit 7fa88b8eb6 and
3cbc2585c3:

error: at libs/log/build/Jamfile.v2:59
error: Unable to find file or target named
error:     '/boost/architecture//mips'
error: referred to from project at
error:     'libs/log/build'

Fixes:
 - http://autobuild.buildroot.org/results/edcc7c7f3586993a77b6cc06ed02363a42c09a83

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-30 22:58:21 +02:00
Fabrice Fontaine
858a7fe4e5 package/libcec: fix build with gcc 10
Fix the following build failure with gcc 10:

/nvmedata/autobuild/instance-2/output-1/build/libcec-6.0.2/src/cec-client/../../include/cecloader.h: In function 'bool LibCecBootloader(const char*)':
/nvmedata/autobuild/instance-2/output-1/build/libcec-6.0.2/src/cec-client/../../include/cecloader.h:175:14: error: converting to 'bool' from 'std::nullptr_t' requires direct-initialization [-fpermissive]
  175 |       return NULL;
      |              ^~~~
/nvmedata/autobuild/instance-2/output-1/build/libcec-6.0.2/src/cec-client/../../include/cecloader.h:184:12: error: converting to 'bool' from 'std::nullptr_t' requires direct-initialization [-fpermissive]
  184 |     return NULL;
      |            ^~~~

Fixes:
 - http://autobuild.buildroot.org/results/e34bd78cc81e6da12a85c1e4ee76931818d91073

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-30 22:56:43 +02:00
Fabrice Fontaine
636f201062 package/openjpeg: security bump to version 2.5.0
Fix CVE-2021-29338: Integer Overflow in OpenJPEG v2.4.0 allows remote
attackers to crash the application, causing a Denial of Service (DoS).
This occurs when the attacker uses the command line option "-ImgDir" on
a directory that contains 1048576 files.

Fix CVE-2022-1122: A flaw was found in the opj2_decompress program in
openjpeg2 2.4.0 in the way it handles an input directory with a large
number of files. When it fails to allocate a buffer to store the
filenames of the input directory, it calls free() on an uninitialized
pointer, leading to a segmentation fault and a denial of service.

Drop patches (already in version)

https://github.com/uclouvain/openjpeg/blob/v2.5.0/NEWS.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-30 22:55:01 +02:00
Fabrice Fontaine
da66811e8e package/vim: security bump to version 8.2.4980
Fix CVE-2022-1619: Heap-based Buffer Overflow in function
cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This
vulnerabilities are capable of crashing software, modify memory, and
possible remote execution

Fix CVE-2022-1620: NULL Pointer Dereference in function
vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior
to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at
regexp.c:2729 allows attackers to cause a denial of service (application
crash) via a crafted input.

Fix CVE-2022-1621: Heap buffer overflow in vim_strncpy find_word in
GitHub repository vim/vim prior to 8.2.4919. This vulnerability is
capable of crashing software, Bypass Protection Mechanism, Modify
Memory, and possible remote execution

Fix CVE-2022-1629: Buffer Over-read in function find_next_quote in
GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are
capable of crashing software, Modify Memory, and possible remote
execution

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-30 22:54:48 +02:00
Peter Korsgaard
db14515e87 package/ruby: security bump to version 3.1.2
Fixes the following security issues:

- CVE-2022-28738: Double free in Regexp compilation
- CVE-2022-28739: Buffer overrun in String-to-Float conversion

For more details, see the announcement:
https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-By: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-30 22:40:18 +02:00
Fabrice Fontaine
7564f1de06 package/unrar: security bump to version 6.1.7
Fix CVE-2022-30333: RARLAB UnRAR before 6.12 on Linux and UNIX allows
directory traversal to write to files during an extract (aka unpack)
operation, as demonstrated by creating a ~/.ssh/authorized_keys file.

6.12 application version corresponds to 6.1.7 source version:
https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-30 22:32:47 +02:00
Romain Naour
e7da09eb6d boot/edk2: fix patch line ending
The patch 0001 from [1] has been corrupted on the
ML or patchwork.

[1] http://patchwork.ozlabs.org/project/buildroot/patch/20220527112146.387164-1-romain.naour@gmail.com/

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-05-30 22:28:41 +02:00
Fabrice Fontaine
55d164bf5d package/rsyslog: drop libee dependency
Extract from
1bc60d4ba2:

"NOTE TO MAINTAINERS: libee is not used by rsyslog for quite some while.
However, we never included this info into the changelog. So if you still
make rsyslog depend on libee (some do this), you should stop doing so
now. Libee is dead and no longer been maintained nor hosted by us."

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-30 22:28:02 +02:00
Fabrice Fontaine
bc469ee632 package/rsyslog: security bump to version 8.2204.1
Fix CVE-2022-24903: Modules for TCP syslog reception have a heap buffer
overflow when octet-counted framing is used. The attacker can corrupt
heap values, leading to data integrity issues and availability impact.
Remote code execution is unlikely to happen but not impossible.

https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243
https://github.com/rsyslog/rsyslog/blob/v8.2204.1/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-30 22:27:12 +02:00
Fabrice Fontaine
9eeb5cd96d package/fbv: fix build with giflib and gcc >= 10
Fix the following build failure with giflib and gcc >= 10:

/nvmedata/autobuild/instance-30/output-1/per-package/fbv/host/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/11.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: gif.o: in function `fh_gif_load':
gif.c:(.text+0x338): undefined reference to `m_rend_gif_decodecolormap'

Fixes:
 - http://autobuild.buildroot.org/results/dca603a61b1fd0558992b4a40152d23b5b9c0049

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-05-30 22:26:18 +02:00