- Drop patches (already in version) and so autoreconf
- Update COPYING hash (gpl mailing address updated with
9bd45cc06e6a5997fbd6)
- Fix CVE-2022-43634: This vulnerability allows remote attackers to
execute arbitrary code on affected installations of Netatalk.
Authentication is not required to exploit this vulnerability. The
specific flaw exists within the dsi_writeinit function. The issue
results from the lack of proper validation of the length of
user-supplied data prior to copying it to a fixed-length heap-based
buffer. An attacker can leverage this vulnerability to execute code in
the context of root. Was ZDI-CAN-17646.
- Fix CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl
heap-based buffer overflow resulting in code execution via a crafted
.appl file. This provides remote root access on some platforms such as
FreeBSD (used for TrueNAS).
- Fix CVE-2023-42464: Validate data type in dalloc_value_for_key()
https://github.com/Netatalk/netatalk/blob/netatalk-3-1-17/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The quoting around the expansion of ${relative_dir} was indeed incorrect
since it was introduced back in 8fe9894f65 (suport/download: fix git
wrapper with submodules on older git versions): it is in fact already
quoted as part of the whole sed expression.
${GIT} can contain more than one item, but we don't care about splitting
on spaces when we just print it for debug, so we can just quote it
rather than add an exception.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Several of our patches have been accepted upstream and are included in
elf2flt version 2023.09.
Patch 0001-elf2flt-handle-binutils-2.34.patch is upstream as of commit
c70b9f208979 ("elf2flt: handle binutils >= 2.34").
Patch 0002-elf2flt.ld-reinstate-32-byte-alignment-for-.data-sec.patch is
upstream as of commit 679c94adf27c ("elf2flt.ld: reinstate 32 byte
alignment for .data section").
Patch 0003-elf2flt-add-riscv-64-bits-support.patch is upstream as of
commit c5c8043c4d79 ("elf2flt: add riscv 64-bits support").
Patch 0008-riscv64-add-more-relocations-required-to-be-handled.patch was
squashed into upstream commit c5c8043c4d79 ("elf2flt: add riscv 64-bits
support") during upstreaming.
Patch 0006-xtensa-fix-text-relocations.patch is upstream as of commit
26dfb54a59c8 ("elf2flt: xtensa: fix text relocations").
Patch 0007-elf2flt-remove-use-of-BFD_VMA_FMT.patch is upstream as of
commit a36df7407d9e ("elf2flt: remove use of BFD_VMA_FMT").
Patch 0004-elf2flt-create-a-common-helper-function.patch simply added
a helper function to make the changes in the follow-up patch
0005-elf2flt-fix-fatal-error-regression-on-m68k-xtensa-ri.patch
less intrusive.
Patch 0005-elf2flt-fix-fatal-error-regression-on-m68k-xtensa-ri.patch
is no longer needed as upstream has reverted the commit that necessitated
this patch, see upstream commit 35c692ca4546 ("Revert "elf2flt: fix for
segfault on some ARM ELFs""). The problem that the reverted upstream patch
solved is now instead solved by the combination of upstream commits
7a59b265c2dc ("Revert "elf2flt: fix relocations for read-only data"") and
a934fb42cf59 ("elf2flt: force ARM.exidx section into text").
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Tested-By: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove 0001-add-disable-doc.patch (upstream applied, see [1])
For details see [2].
[1] 1dbc42684d
[2] https://github.com/brailcom/speechd/releases/tag/0.11.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit c1038fe47c renamed the patch, but didn't update
.checkpackageignore, leading to two failures:
.checkpackageignore:1055: ignored file package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch is missing
package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch:0: missing Upstream in the header (http://nightly.buildroot.org/#_additional_patch_documentation)
Rename the file in .checkpackageignore as well.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Grub 2.06 is affected by a number of CVEs, which have been fixed in
the master branch of Grub, but are not yet part of any release (there
is a 2.12-rc1 release, but nothing else between 2.06 and 2.12-rc1).
So this patch backports the relevant fixes for CVE-2022-28736,
CVE-2022-28735, CVE-2021-3695, CVE-2021-3696, CVE-2021-3697,
CVE-2022-28733, CVE-2022-28734, CVE-2022-2601 and CVE-2022-3775.
It should be noted that CVE-2021-3695, CVE-2021-3696, CVE-2021-3697
are not reported as affecting Grub by our CVE matching logic because
the NVD database uses an incorrect CPE ID in those CVEs: it uses
"grub" as the product instead of "grub2" like all other CVEs for
grub. This issue has been reported to the NVD maintainers.
This requires backporting a lot of patches, but jumping from 2.06 to
2.12-rc1 implies getting 592 commits, which is quite a lot.
All Grub test cases are working fine:
https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500585https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500679
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout: fix check-package warning in patch 0002]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Release notes:
https://forum.torproject.org/t/stable-release-0-4-8-4/8884
Removed all patches due to upstream commit adding compatibility with
LibreSSL 3.5:
f3dabd705f
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.han.de/~werner/ytree.html
Removed patch which was applied upstream in a slightly changed way.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
See release announce:
https://lists.gnu.org/archive/html/screen-users/2023-08/msg00000.html
Fixes:
CVE-2023-24626: https://www.cve.org/CVERecord?id=CVE-2023-24626
Note: Buildroot installs screen as setuid, so the described scenario
in CVE applies.
This commit also rebases all patches on this release. Patch were
regenerated with 'git format-patch -N', so patch file name changed in
this process. The file .checkpackageignore is also updated accordingly.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The changelog is available here:
https://github.com/analogdevicesinc/libiio/releases/tag/v0.25
Remove the 0001 patch as it is included in the v0.25 version.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removing upstreamed patch and force autoreconf
Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes:
https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.htmlhttps://lists.gnu.org/archive/html/info-gnu/2023-06/msg00003.html
Removed patch 0001, the patched file is not present in this release.
Removed patch 0002 which was applied upstream.
Added comment to gettext-tiny.mk about version bumps.
Since upstream commit
785a89e5df
gettext-runtime is a build-dependency for gettext-tools so we are
building the complete package for the host from now on.
Doing so we can drop the _POST_INSTALL_HOOK, and we can rely of the
in-tree libtextstyle.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Patch 0003-libxfs-stop-overriding-MAP_SYNC-in-publicly-exported.patch is upstreamed.
See here for changes to the previous version:
https://fossies.org/linux/xfsprogs/doc/CHANGES
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gcc 12 added a warning that triggers on access to low addresses. Add a
patch to allow access since this is normal for low level code.
Rebase our existing patch on top. While at it, add also a proper
Upstream tag.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4795673785
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This package has dubious licensing conditions (not even documented in
the .mk file), and is a bootloader for very old platforms. The
defconfigs making use of it have been removed in Buildroot in 2014, in
commit c6a410964b ("configs: remove
lpc32xx defconfigs"), so let's get rid of the package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
[yann.morin.1998@free.fr: remove reference in test]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch cleans up the shellcheck issues in the versal post scripts.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 134900401f (support/scripts/fix-rpath: parallelize patching
files) broke the rpath fixup, because it improperly quoted or expanded
variables:
- $@ was expanded in the main() context, rather than in the sub-bash
as expected, propagating incorrect parameters to patch_file();
- an array was passed without array expansion, so only the first item
was passed; that was in turn assigned to a string, anyway loosign
the array. Liuckily, we only ever put a single item in that array,
so that worked by chance.
We fix that by inverting the parameters to patch_elf(), where the extra
args are passed last, so we can put as many we want in the future. We
also pass every variables as positional parameters outside the bash -c
command, which allows us proper quoting of all variables, specifically
of the extra args array which now comes last.
The ultralong line was split, too, in a hopefully easier-to-read form.
Fixing all that also required fixing the many shellcheck issues at the
same time (wome were pre-existing before 134900401f).
While at it, expand two TABs into spaces like the rest of the script.
Note: shellcheck does not seem to warn when a variable expansion will be
used as the command to run, i.e. ${PATCHELF} does not trigger the
quoting error. Still, for consistency, we also double-quote it (we know
it is a single word, as it is already double-quoted once in the script).
Fixes: 134900401f
Cc: Victor Dumas <dumasv.dev@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch bumps the zynqmp defconfigs to xilinx-v2023.1 which includes
the following updates:
- Linux v6.1.5
- U-Boot v2023.01
- ATF v2.8 (including mainline buildroot patches)
- PMUFW xilinx_v2023.1
- Updated pm_cfg_obj.c from Vitis v2023.1
- Removed kria u-boot patch which is included with xilinx-v2023.1
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that gdb 13.x has been added, and 12.x made the default, follow
our usual logic of dropping the oldest gdb version: 10.x.
Only the special ARC release still needs some special handling of the
GMP dependency.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sadly, the stack of patches remain exactly the same, none of the
changes have been upstreamed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bizarrely enough, the unquoted expansion of ${quiet} does not trigger
any warning from shellcheck, so we do not add any exception for it.
${SVN} can contain more than one item, but we don't care about splitting
on spaces when we just print it for debug, so we can just quote it
rather than add an exception.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some patches had some fuzz, and patch 0004 was no longer applicable
using "git am". Patch 0006 is renamed so that it matches the commit
log title, as generated automatically by git format-patch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch cleans up the shellcheck issues in the versal post scripts.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that 2.41.x has been added, that 2.40.x is the default version,
drop support for 2.38.x.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patch which is included in this release.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Switch to an active fork
- Switch to cmake-package
- Drop all patches (not needed anymore)
- Use LICENSE file instead of COPYING as COPYING is now a symlink to
LICENSE
- Handle libevent and openssl dependencies
https://awesomized.github.io/libmemcached/ChangeLog-1.1.html#v-1-1-4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patches included in upstream release.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For change log, see:
https://github.com/pocoproject/poco/blob/poco-1.12.4-release/CHANGELOG
This commit also drop the package patch, which was included upstream in
version 1.12.3:
3884c734c2
The file .checkpackageignore is also updated to reflect this patch
removal.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The weston patch was removed as part of commit
318f08715c ("package/weston: bump to
version 12.0.1"), but .checkpackageignore was not updated accordingly.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4758335423
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This new version is released under GPL-3.0. The patch can be removed
as it has been accepted upstream as of commit
86a38c688a.
Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For change log since 20220331, see:
- https://github.com/acpica/acpica/blob/R06_28_23/documents/changes.txt
This commit also drop the patch removing -Werror in CFLAGS, as an
alternative is now available upstream, merged in [1]. This commit is
included in release 20221020. The build commands are updated
accordingly to set the new NOWERROR=TRUE option to achieve the same
behavior.
With the patch removal, .checkpackageignore is also updated
accordingly.
Upstream commit [2] also introduced a use of wcslen() and <wchar.h>.
This commit was first included in tag R10_20_22 (version 20221020).
Therefore, this new version need wchar. The new depedency is added.
The _SOURCE file is also changed from acpica-unix2 to acpica-unix,
as the current acpica download page at [3] shows:
"""
Note: The unix2 source package is deprecated since the dual license is
now included in all source modules (along with the Intel
license). This package will be removed from future ACPICA releases.
"""
The _SITE url is also updated to the new download link, since the
acpica website now redirects to Intel:
curl -si https://www.acpica.org | grep Location:
Location: https://www.intel.com/content/www/us/en/developer/topic-technology/open/acpica/overview.html
The license file hash is also updated, due to the copyright year
update. It is also worth mentioning that the files in the new archive
have three alternative licenses in their headers: Intel, BSD-3-Clause
and GPL-2.0.
Finally, since a SHA1 hash is published on the download page, it is
added to the hash file.
This version bump is motivated by the introduction of RISC-V related
definitions.
[1] 3fd0f94040
[2] cd6a308975
[3] https://www.intel.com/content/www/us/en/developer/topic-technology/open/acpica/download.html
Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
