Release note:
https://forums.openvpn.net/viewtopic.php?f=20&t=32497
CVE-2021-3606 fixed by this release is only relevant for Windows.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 04a0094f0e (configs/stm32f469_disco: fix kernel bootup) changed
the defconfig to build a vfat image, but forgot to add dosfstools/mtools
host utilities needed for this.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
================================================================================
Redis 6.2.4 Released Tue July 1 12:00:00 IST 2021
================================================================================
Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. MODERATE otherwise.
Fix integer overflow in STRALGO LCS (CVE-2021-32625)
Read the whole release note on:
https://github.com/redis/redis/blob/6.2.4/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Versions 2.0.11 and 1.6.15 of Mosquitto has been released.
These are a security and bugfix releases.
Read the full announcement on the blog:
https://mosquitto.org/blog/2021/06/version-2-0-11-released/
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Django 3.2.4 fixes two security issues and several bugs in 3.2.3.
- CVE-2021-33203: Potential directory traversal via ``admindocs``
- CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
since validators accepted leading zeros in IPv4 addresses
https://github.com/django/django/blob/3.2.4/docs/releases/3.2.4.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-22222: Infinite loop in DVB-S2-BB dissector in Wireshark
3.4.0 to 3.4.5 allows denial of service via packet injection or crafted
capture file
https://www.wireshark.org/security/wnpa-sec-2021-05.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libressl defaults to $prefix/etc/ssl for its "openssldir" setting, E.G.
the location where configuration files and certificates are searched:
openssl version -d
OPENSSLDIR: "/usr/etc/ssl"
Change it to /etc/ssl so it matches openssl and the expectations of packages
dealing with certificates (ca-certificates, libcurl, p11-kit)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also, since tinyproxy no longer uses a2x, remove its explicit disabling.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even if gcc 9.x is still maintained for some time (gcc 9.5 will be the
last), switch to gcc 10.x since it has been released since 2020-05-07
and gcc 11.x is available since 2021-04-27.
We have been having toolchains in the autobuilders with gcc 10.x since
mid-January 2021, so the vast majority of the problems should have
already been solved.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch allows to use an external toolchain based on gcc 11.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This new symbol will be used by architectures introduced with gcc 11.
[1] https://gcc.gnu.org/gcc-11/changes.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In order to add gcc 11 support for internal and external toolchain in
follow-up commits, introduce BR2_TOOLCHAIN_GCC_AT_LEAST_11 symbol.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
gcc-11 warns about what appears to be an out-of-range array access but
stop the build due to -Werror added to cflags:
arch/sparc/kernel/mdesc.c: In function 'mdesc_node_by_name':
arch/sparc/kernel/mdesc.c:647:22: error: 'strcmp' reading 1 or more bytes from a region of size 0 [-Werror=stringop-overread]
647 | if (!strcmp(names + ep[ret].name_offset, name))
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/sparc/kernel/mdesc.c:77:33: note: at offset 16 into source object 'mdesc' of size 16
77 | struct mdesc_hdr mdesc;
| ^~~~~
arch/sparc/kernel/mdesc.c: In function 'mdesc_get_property':
arch/sparc/kernel/mdesc.c:692:22: error: 'strcmp' reading 1 or more bytes from a region of size 0 [-Werror=stringop-overread]
692 | if (!strcmp(names + ep->name_offset, name)) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/sparc/kernel/mdesc.c:77:33: note: at offset 16 into source object 'mdesc' of size 16
77 | struct mdesc_hdr mdesc;
| ^~~~~
arch/sparc/kernel/mdesc.c: In function 'mdesc_next_arc':
arch/sparc/kernel/mdesc.c:719:21: error: 'strcmp' reading 1 or more bytes from a region of size 0 [-Werror=stringop-overread]
719 | if (strcmp(names + ep->name_offset, arc_type))
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/sparc/kernel/mdesc.c:77:33: note: at offset 16 into source object 'mdesc' of size 16
77 | struct mdesc_hdr mdesc;
| ^~~~~
cc1: all warnings being treated as errors
The issue was initially reported to gcc [1] where it was analized.
As suggested, change the struct mdesc_elem * accesses from the end
of mdesc to those from the beginning of the data array.
Update the prototype of node_block(), name_block() and data_block()
since the code really seems to want to do is to compute the address
somewhere into the chunk pointed to by hp.
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100262
Upstream status: Pending
https://www.spinics.net/lists/sparclinux/msg26385.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This version change does not include functional changes over 1.9.92, but
it is slated as stable (hence the even second version number). Release
notes:
https://wpewebkit.org/release/wpebackend-fdo-1.10.0.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This minor release fixes a build issue when Meson is running under
a version of Python older than 3.6; release notes:
https://wpewebkit.org/release/libwpe-1.10.1.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Always disable tls_check to avoid the following build failure since bump to
version 2.72.0 in commit 8e5f7f1cfc:
../output-1/build/libsoup-2.72.0/meson.build:184:4: ERROR: Can not run test applications in this cross environment.
Indeed, tls_check will run code since
5c45253243
That is the only thing that this option does: it runs code to check that
libgio is built with TLS support.
While at it, also drop glib-networking build-time dependency
Also mark gnutls as a runtime dependency (it already was used as such).
Fixes:
- http://autobuild.buildroot.org/results/9e539dc7185cfb81f18438dd36357cb49ef23a5a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
From this version, tests can be disabled, so we pass
"tests=false" as a Meson option.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Disable -Werror to avoid the following build failure with -DNDEBUG
raised since commit 5a8c50fe05
/srv/storage/autobuild/run/instance-2/output-1/build/openswan-3.0.0/programs/rsasigkey/rsasigkey.c:524:6: error: variable 'success' set but not used [-Werror=unused-but-set-variable]
524 | int success;
| ^~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/327a0f2b8f0c51bcbb3edb1c3671870d593e93b9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The patch introduced in commit
uses "defined(HAVE_SYS_AUXV_H)". However, ffmpeg configure is not GNU
autoconf, and it defines the symbol to 0 when not found. Use
HAVE_SYS_AUXV_H without defined() instead.
Fixes:
http://autobuild.buildroot.net/results/da0/da03909291e97c525eb1f53dfc743a1897f59d6e/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop 0002-meson.build-fix-build-with-uclibc-ng.patch which is not needed
since 0dda1a44a0 which has been merged in
master in commit 8d07baab43
While at it, renumber
0002-meson-fix-getrandom-detection-for-uclibc.patch to
0001-meson-fix-getrandom-detection-for-uclibc.patch (patch number was
wrong since its addition in commit
b003cb5d16) and also renumber remaining
patch
Fixes:
- http://autobuild.buildroot.org/results/4d442c61b137ca1bd2dd32c6802ff0251d39e7a5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add a dependency on wchar as both icu and libunistring needs wchar
Fixes:
- http://autobuild.buildroot.org/results/704d8e6f8b78015180e5b12c132495425637430a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
CMake options have been renamed: UHTTPD_ prefix was dropped,
BUILD_STATIC_LIBS renamed to BUILD_STATIC.
Also fix handling of BUILD_STATIC: it should only be given when building
static libs, otherwise no dynamic lib is built.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Remove 0001-ws2811.c-fix-build-with-gcc-4.8.patch,
it has been merged upstream.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop upstreamed patch fix-port-forwarding-with-ipv6.
Upstream commit: d29a55c6c344a536089d6b1bcd92be9cdea20641
Signed-off-by: Christian Stewart <christian@paral.in>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
usbguard is a software framework to implement USB
device blacklisting and whitelisting based on their
attributes.
More info. on: https://usbguard.github.io/
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Tested-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- correct indirect dependencies from protobuf instead of libglib2;
- say in Config.in help text that rules.conf has to be created]
libqb is a library providing features for client-server architecture,
such as logging, tracing, inter-process communication (IPC) and polling.
see: https://github.com/ClusterLabs/libqb
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
As described by [1], the kernel generated by the configuration for the
STM32f469 Discovery board is buggy. Using a newer kernel, as suggested
by [1], increases the dtb and Kernel image size. In particular, the
5.12 version of the kernel generates a dtb and a kernel image whose sum
exceeds the 2 MByte of the flash module.
So I decided to replace the afboot-stm32 bootloader in the flash with
U-boot to easily boot the system from sdcard without having to worry
about the size of dtb, kernel and rootfs generated by the configuration.
This solution allows you to fix the kernel boot issue and makes it
possible to use its future versions.
[1] http://buildroot-busybox.2317881.n4.nabble.com/Bug-11746-New-stm32f469-didn-t-work-correctly-td219644.html
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Tested-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- specify headers version explicitly, even though it's default;
- bump kernel to 5.12.11]
A (target [0]) package can independently declare installing in various
locations: target, staging, or images. The default is to only install
in target.
When a package opts out from installing to target, but does not opts
in to install in any other location, the package is not downloaded,
extracted, patched, configured, nor built at all. As a consequence, none
of the per-step instrumentation is executed, specifically the listing
of files before/after the package sequence.
Down the line, the package infra does not cope well with that situation,
because the gathering-install step, the one that synchronises all the
optional target, staging, or images install steps, still gets run.
And as #13836 shows, this does not go well:
/bin/sh: /home/tbuild/myboard/build/foo/.files-list.after: No such file or directory
make[1]: *** [/home/tbuild/myboard/build/foo/.stamp_installed] Error 1
make: *** [_all] Error 2
So, we should have ensured that the gathering-install step itself
depends on the build step, which would have solved the issue.
However, this bug really illustrates a more fundamental issue: does it
even make sense to have a package that installs nothing in any location?
Indeed, why even bother with that package to begin with if it will not
provide anything at all?
It turns out that yes, this makes sense. We have some packages, that
do not install anything at all, and do not even build anything; they are
there just to ensure that we can download something that will ultimately
be used by another package. This is the case for example for packages
that provide linux extensions, like aufs [1].
Additionally, some ugly out-of-tree packages could conceivably install
things during the build (or even configure!) steps. That's not unheard
of... [2]
So, the solution is to ensure that the gathering-install step does
depend on the build step, to trigger the proper dependency chain and
have the instrumentation hooks properly run even in that degenerate
case.
Fixes: #13836
[0] a host package can't opt out of installing anything.
[1] that one is actually missing AUFS_INSTALL_TARGET = NO, so this
hides the issue.
[2] even us are not 100% clean on that topic: gcc will install files in
staging and target as part of the same step (not the build, granted,
but still...)
Reported-by: "Weber, Matthew L Collins" <Matthew.Weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Matthew Weber <matthew.weber@collins.com
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Enable building Weston's libseat launcher, now that the seatd package
is available.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Enable selection of used weston shells. By default all available
shells are enabled to keep the old behavior. The new configuration
options enable the user to select them individually.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
[yann.morin.1998@free.fr:
- ensure at least one shell is enabled; desktop arbitrarily chosen
- s/BR2_PACKAGE_WESTON_SHELL_SELECTED/BR2_PACKAGE_WESTON_HAS_SHELL/
- reword associated comment
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Until commit 5c07dfcc1a
BR2_PACKAGE_LVM2_STANDARD_INSTALL would default to y. Indeed, the
default read:
default y if !BR2_PACKAGE_LVM2_DMSETUP_ONLY # legacy 2013.11
Since the legacy symbol is normally not selected, this defaults to y.
Commit 5c07dfcc1a inadvertedly removed the
entire line instead of just the condition.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=13846
For-stable: 2021.02, 2021.05
Cc: dominique.tronche@atos.net
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add daq3 package to be able to add the snort3 package.
daq3 is not compatatible with snort as daq_load_modules has been removed
daq3 package has been created from the daq package, here is a summary of
the changes:
- Drop patch (not needed anymore)
- Enable parallel build as there is no more tokdefs.h
- Drop libdnet dependency
- Drop host-bison and host-flex dependencies
- Drop libpcap workarounds
- ipq module dropped since version 3.0.0-alpha1 and
80c62799a9
- Add LICENSE file (same content than COPYING)
- Update hash of COPYING (project name and GPLv2 text updated with
46e8722da2)
- Add a dependency on gcc 4.9 for {t,u}h_{d,s}port that are protected on
glibc by _FAVOR_BSD (and so !defined _GNU_SOURCE) until version 2.19:
https://sourceware.org/git/?p=glibc.git;a=commit;h=7011c2622fe3e10a29dbe74f06aaebd07710127d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>