Fixes the following vulnerabilities:
* CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds
access
The handler for the CompositeGlyphs request of the Render extension does
not properly validate the request length leading to out of bounds memory
write.
* CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds
access
The handler for the CreatePointerBarrier request of the XFixes extension
does not properly validate the request length leading to out of bounds
memory write.
* CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access
The handler for the Suspend request of the Screen Saver extension does not
properly validate the request length leading to out of bounds memory
write.
* CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access
The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write.
For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
Builds without systemd unfortunately got broken. Add a patch fixing that
from an upstream merge request:
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/827
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* drop all upstreamed patches
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Fix CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV,
DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0,
as also used in OpenBLAS before version 0.3.18. Specially crafted
inputs passed to these functions could cause an application using
lapack to crash or possibly disclose portions of its memory.
- Update license hash, year changed:
f67034373e
- Update indentation in hash file (two spaces)
http://netlib.org/lapack/lapack-3.10.0.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition...
scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Tested on beaglebone black and beaglebone white (A6)
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
tftp and traceroute6 has been removed in this release [1][2].
Due that LICENSE file has been changed.
Also remove patch from this release.
[1] https://github.com/iputils/iputils/pull/369
[2] https://github.com/iputils/iputils/pull/362
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since bump to version 1.9.5 in
commit c7233ec2c3 and
6f8f170db3:
/home/giuliobenetti/autobuild/run/instance-2/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: pcscd-pcscdaemon.o: in function `signal_thread':
pcscdaemon.c:(.text+0x444): undefined reference to `HPReCheckSerialReaders'
Fixes:
- http://autobuild.buildroot.org/results/6cf323229f32967aa554418410dc94b7094d09af
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Minor bugfix release:
Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
*) Avoid loading of a dynamic engine twice.
[Bernd Edlinger]
*) Fixed building on Debian with kfreebsd kernels
[Mattias Ellert]
*) Prioritise DANE TLSA issuer certs over peer certs
[Viktor Dukhovni]
*) Fixed random API for MacOS prior to 10.12
These MacOS versions don't support the CommonCrypto APIs
[Lenny Primak]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add xxhash mandatory dependency to avoid the following build failure
with the embedded xxhash (in version 0.8.1) and uclibc raised since
bump to version 1.4.63 in commit
2a00246645 and
23b07fa3ef:
/home/buildroot/autobuild/instance-0/output-1/host/lib/gcc/arm-buildroot-linux-uclibcgnueabi/10.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: src/lighttpd.p/algo_xxhash.c.o: in function `XXH32_canonicalFromHash':
/home/buildroot/autobuild/instance-0/output-1/build/lighttpd-1.4.63/build/../src/algo_xxhash.h:2282: undefined reference to `static_assert'
Fixes:
- http://autobuild.buildroot.org/results/7b644dce244a1aa4a193a3196059a56b2c4c7591
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Install xxhash in staging to allow lighttpd to use it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Disable cunit to avoid the following build failure raised since bump to
version 8.1 in commit ca2753fd47 and
749714731e:
In file included from pceplib/test/pcep_utils_counters_test.c:33:
./pceplib/pcep_utils_counters.h:112:2: error: unknown type name 'time_t'
112 | time_t start_time;
| ^~~~~~
Fixes:
- http://autobuild.buildroot.org/results/b68d3e369e2925938bde39508988aa9b701f1045
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- cgi_error_no_template(): Encode the template name to prevent
XSS (cross-site scripting) when Privoxy is configured to servce
the user-manual itself.
Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543.
Reported by: Artem Ivanov
- get_url_spec_param(): Free memory of compiled pattern spec
before bailing.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.
- process_encrypted_request_headers(): Free header memory when
failing to get the request destination.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541.
- send_http_request(): Prevent memory leaks when handling errors
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- CVE-2021-44420: Potential bypass of an upstream access control based on
URL paths
HTTP requests for URLs with trailing newlines could bypass an upstream
access control based on URL paths.
This issue has low severity, according to the Django security policy.
https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
In addition, 3.2.8 / 3.2.9 fixes a number of bugs.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop 0030-Fix-cross-compiling-the-uuid-module.patch as the patched code has
been reworked upstream and python3 is built with --disable-uuid:
91a51c5ffc
Rework 0033-configure.ac-fixup-CC-print-multiarch-output-for-mus.patch as
the MULTIARCH code is now conditional on !darwin:
9901d153c2
Refresh and renumber remaining patches.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
connman might depend on iptables or nftables, and those dependencies
are already selected later in this file as required.
Config.in already only selects iptables if BR2_PACKAGE_CONNMAN_IPTABLES.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop patch (already in version) and so autoreconf
https://github.com/jirka-h/haveged/releases/tag/v1.9.15
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure with gcc 4.8 raised since the addition
of the package in commit e821078031:
In file included from framebuffer.cc:20:0:
framebuffer-internal.h:83:10: error: 'constexpr' does not name a type
static constexpr int kBitPlanes = 11;
^
framebuffer-internal.h:83:10: note: C++11 'constexpr' only available with -std=c++11 or -std=gnu++11
Fixes:
- http://autobuild.buildroot.org/results/c035da0d183f21343f19f7dee982e8e73ee781e4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix commit 075b01f2f7 which forgot to
always enable DES support in openssl resulting in the following build
failure with musl:
pppcrypt.c:65:22: error: 'DES_cblock' undeclared (first use in this function)
65 | DES_set_odd_parity((DES_cblock *)des_key);
| ^~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/3a7358de6199bb069bd38139747e2d50f9416fd0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
TARGET_LDFLAGS is overriden since the addition of the package in commit
8d66bc940d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 170f42eb6b)
[Peter: drop Makefile/Vagrantfile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a5f7844cbe)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release fixes two bugs introduced in release 3.10.0 and fixes the
conversion of std::filesystem::path. All changes are backward-compatible.
https://github.com/nlohmann/json/releases/tag/v3.10.4
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop spurious "depends on WCHAR" added with commit
ccfc90e101 and adds missing wchar comment
While at it, drop BR2_USE_MMU from comment as it is already added by
BR2_PACKAGE_LIBVIRT_ARCH_SUPPORTS and fix indentation before
(BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_11 || !BR2_aarch64))
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Replace libvirtd by driver_libvirtd to avoid the following build failure
raised since the addition of the package in commit
ccfc90e101:
../output-1/build/libvirt-7.7.0/meson.build:1:0: ERROR: Unknown options: "libvirtd"
Fixes:
- http://autobuild.buildroot.org/results/3a20db6cb39c0d91213adbe82934274659df43e7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
sparc and sparc64 are supported since version 2020.09 and
87ad486f3034e0fb55e3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- rebase (and change to git format) 0001-Fix-default-config-file.patch/
0001-Modify-the-default-lighttpd-configuration-file-to-ha.patch
For details see [1].
[1] https://www.lighttpd.net/2021/12/4/1.4.63/
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add patch to fix struct _Window::backStorage related compile failure.
Since xserver commit 'dix: Remove WindowRec::backStorage ' ([1])
struct _Window::backStorage is gone, use struct _Window::backingStore instead.
Fixes:
backing_store_tuner.c: In function 'xPostValidateTree':
backing_store_tuner.c:112:48: error: 'struct _Window' has no member named 'backStorage'
112 | if (!private->ForceBackingStore && focusWin->backStorage) {
| ^~
backing_store_tuner.c:128:20: error: 'struct _Window' has no member named 'backStorage'
128 | if (!curWin->backStorage && (private->ForceBackingStore ||
| ^~
backing_store_tuner.c: In function 'xReparentWindow':
backing_store_tuner.c:161:46: error: 'struct _Window' has no member named 'backStorage'
161 | if (pPriorParent == pScreen->root && pWin->backStorage) {
| ^~
[1] 6975807945
Reported-by: Jürgen Wack <juergen.wack@gmx.de>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- bump version to 1.71
- change home page and download URL to https
Changelog (since 1.71):
- 1.71, Added SMI bus support, courtesy of Benoit Bouchez, including new
functions: bcm2835_smi_begin(), bcm2835_smi_end(), bcm2835_smi_set_timing(),
bcm2835_smi_write(), bcm2835_smi_read().
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>