Fix the following build failure with glibc >= 2.34:
/tmp/instance-0/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/10.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: CMakeFiles/egltrace.dir/dlsym.cpp.o: in function `dlsym':
dlsym.cpp:(.text+0x34): undefined reference to `__libc_dlopen_mode'
/tmp/instance-0/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/10.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: dlsym.cpp:(.text+0x46): undefined reference to `__libc_dlsym'
Fixes:
- http://autobuild.buildroot.org/results/ac5e5b1e30249ae0fb8b9179338b47c60c026bcc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
CVE-2021-29221 is a Windows specific issue:
A local privilege escalation vulnerability was discovered in Erlang/OTP
prior to version 23.2.3. By adding files to an existing installation's
directory, a local attacker could hijack accounts of other users running
Erlang programs or possibly coerce a service running with "erlsrv.exe" to
execute arbitrary code as Local System. This can occur only under specific
conditions on Windows with unsafe filesystem permissions.
So ignore it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
- CVE-2021-40529: The ElGamal implementation in Botan through 2.18.1, as
used in Thunderbird and other products, allows plaintext recovery because,
during interaction between two cryptographic libraries, a certain
dangerous combination of the prime defined by the receiver's public key,
the generator defined by the receiver's public key, and the sender's
ephemeral exponents can lead to a cross-configuration attack against
OpenPGP
For more details, see the upstream bug and issue writeup:
- https://github.com/randombit/botan/pull/2790
- https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2021-37701: Arbitrary File Creation/Overwrite via insufficient symlink
protection due to directory cache poisoning using symbolic links
- CVE-2021-37712: Arbitrary File Creation/Overwrite via insufficient symlink
protection due to directory cache poisoning using symbolic links
- CVE-2021-37713: Arbitrary File Creation/Overwrite on Windows via
insufficient relative path sanitization
- CVE-2021-39134: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
- CVE-2021-39135: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes a segfault happening on Raspberry Pi4 on the fourth test
Signed-off-by: David Corbeil <david.corbeil@dynonavionics.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- fix compile without thread support (add configure option
'-DNO_THREADS=ON' as requested)
Fixes:
- http://autobuild.buildroot.net/results/2cca5952e7d677cd0d5fa97aa1a7bf3e722df3a2
CMake Error at CMakeLists.txt:409 (message):
Unable to find pthread dependency.
If you want to disable multi-threading support, set NO_THREADS=ON.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- storage: Unlock pool objects on ACL check failures in
storagePoolLookupByTargetPath (CVE-2021-3667)
A logic bug in storagePoolLookupByTargetPath where the storage pool
object was left locked after a failure of the ACL check could
potentially deprive legitimate users access to a storage pool object
by users who don't have access.
- svirt: fix MCS label generation (CVE-2021-3631)
A flaw in the way MCS labels were generated could result in a VM's
resource not being fully protected from access by another VM were
it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153
- Disable Cloud-Hypervisor driver added by
56fbabf1a1
- Update indentation in hash file (two spaces)
https://gitlab.com/libvirt/libvirt/-/blob/v7.7.0/NEWS.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libnl is an optional dependency (which is enabled by default) since the
addition of the package in commit
ccfc90e101
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Disable docs and tests which are enabled since the addition of the
package in commit ccfc90e101
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As the github repository has changed from github.com/AdoptOpenJDK/ to
github.com/adoptium, both versions are updated in the same patch.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- pthread_getname_np not available with musl libc, add patch to disable
usage for musl (patch inspired/ported from [1])
Fixes:
- http://autobuild.buildroot.net/results/ed372a4a8e50d9e20be589eeda40c92888d709bc
platform/default/thread.cpp: In function ‘std::string mbgl::platform::getCurrentThreadName()’:
platform/default/thread.cpp:14:5: error: ‘pthread_getname_np’ was not declared in this scope; did you mean ‘pthread_setname_np’?
14 | pthread_getname_np(pthread_self(), name, sizeof(name));
| ^~~~~~~~~~~~~~~~~~
| pthread_setname_np
[1] e64dd67f43/srcpkgs/qt5/patches/0014-musl-set_thread_name_np.patch
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: add uClibc]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For the i.MX8 often an Image.gz is built. With these changes, if
BR2_LINUX_KERNEL_IMAGEGZ=y, the correct Image.gz file is now put into
the generated image instead of falling back to the non-existent zImage.
Signed-off-by: Hanspeter Portner <dev@open-music-kontrollers.ch>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before
1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in
kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-33193: A crafted method sent through HTTP/2 will bypass
validation and be forwarded by mod_proxy, which can lead to request
splitting or cache poisoning. This issue affects Apache HTTP Server
2.4.17 to 2.4.48.
https://github.com/apache/httpd/blob/2.4.49/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 148e695e37 (package/kodi: bump version to 19.0-Matrix) extended
the set of required libraries for various "platform" backends, by
selecting those libraries from the blind options. For example, we have:
config BR2_PACKAGE_KODI_PLATFORM_SUPPORTS_GBM
bool
default y
depends on [...]
select BR2_PACKAGE_LIBINPUT
[...]
However, that option is true as soon as the requirements are met (the
depends on), even when Kodi itself is not enabled.
This means that extra libraries are pulled in to the build, even when
not required.
We fix that by moving the actual selects to the main symbol, along with
the proper conditions. This means that we have two lines that select
libxbcommon, under two different conditions; we could make that a single
select, but the codition would need to be on two lines anyway, so meh...
This is not an ideal solution, because it is a bit ugly, but:
1) adding three new blind options just for the select is kinda extreme
and superfluous;
2) our Kodi packaging is already a bit ugly anyway.
Fixes: #14206
Reported-by: Thomas Ruschival <t.ruschival@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
In order to add support for EFI-compatible ISO9660 images in future
patches, this commit switch the ISO9660 logic to use xorriso instead of
cdrkit. Indeed the genimageiso tool from cdrkit doesn't have the
--efi-boot option needed to generate an image compatible with EFI BIOS.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr: drop superfluous tool name from variable]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We will soon use xorriso in the ISO9660 image generation support, and
this requires having zlib support in host-xorriso.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 767a2da72f)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3466797ced)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
