Mosquitto 2.0.12 is a security and bugfix release, notably:
* Fix possible DoS in the broker with MQTTv5
* Fix CVE-2020-13849
* Fix CVE-2021-34434
Read the full announcement on
https://mosquitto.org/blog/2021/08/version-2-0-12-released/
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failures with gcc 11:
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/build/drivers/drivers.o: in function `psmouse_extensions':
/home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `lifebook_detect'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `alps_detect'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `ps2pp_init'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `trackpoint_detect'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `fsp_detect'
Fixes:
- http://autobuild.buildroot.org/results/69062b9c80567d135edd48890165e69881cf7295
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build with python 2 is broken since bump to version 0.22.0 in commit
0adb141d34:
error: File "/usr/lib/python2.7/site-packages/pyudev/_ctypeslib/utils.py", line 54
lib = cdll.LoadLibrary(f'lib{name}.so')
^
SyntaxError: invalid syntax
Fixes:
- http://autobuild.buildroot.org/results/8b35ca6910dfd881953968f8d88ac842d57c9262
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following uclibc build failure raised since at least bump to
version 0.11.0 in commit 0bc9c89612:
In file included from ../include/wlr/types/wlr_data_device.h:13,
from ../types/data_device/wlr_drag.c:7:
../include/wlr/types/wlr_seat.h:221:18: error: field 'last_event' has incomplete type
221 | struct timespec last_event;
| ^~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/3501ceb4290638b2f6d70aaa4d8ce74feec3a525
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fix the following build failure on riscv32:
In file included from thread/qmutex_linux.cpp:45,
from thread/qmutex.cpp:804:
thread/qfutex_p.h: In function 'int QtLinuxFutex::_q_futex(int*, int, int, quintptr, int*, int)':
thread/qfutex_p.h:116:30: error: '__NR_futex' was not declared in this scope; did you mean '_q_futex'?
116 | int result = syscall(__NR_futex, addr, op | FUTEX_PRIVATE_FLAG, val, val2, addr2, val3);
| ^~~~~~~~~~
| _q_futex
Fixes:
- http://autobuild.buildroot.org/results/ffedfc000029072d5d724e98ab4551fe973658ce
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fix the following build failure raised since bump of libglib2 to version
2.68.1 in commit c72524fb1b:
../gstreamer/gstreamermm/register.h: In function 'GType Gst::register_mm_type(const gchar*)':
/home/buildroot/autobuild/run/instance-2/output-1/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/glib-2.0/glib/gatomic.h:117:19: error: argument 2 of '__atomic_load' must not be a pointer to a 'volatile' type
117 | __atomic_load (gapg_temp_atomic, &gapg_temp_newval, __ATOMIC_SEQ_CST); \
| ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/1c75cdcc183642fd4c15d56825848b83f2ad11a5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
The configure script fails to detect libpcap in static build because it
does not take into account the libnl dependency on link. As a result the
configure script silently disables mausezahn build even when
BR2_PACKAGE_NETSNIFF_NG_MAUSEZAHN is enabled. Add upstream patch to use
pkg-config for libpcap link flags.
Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to
avoid a potential race condition.
- bpo-41180: Add auditing events to the marshal module, and stop raising
code.__init__ events for every unmarshalled code object. Directly
instantiated code objects will continue to raise an event, and audit event
handlers should inspect or collect the raw marshal data. This reduces a
significant performance overhead when loading from .pyc files.
- bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to
get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This
copy is most used on Windows and macOS.
- bpo-43124: Made the internal putcmd function in smtplib sanitize input for
presence of \r and \n characters to avoid (unlikely) command injection.
https://www.python.org/downloads/release/python-397/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with fortran raised since bump to
version 4.0.0 in commit 366e7f1ecb and
99730f798b:
checking size of Fortran type(test_mpi_handle)... (cached) 4
checking alignment of Fortran type(test_mpi_handle)... configure: error: Can not determine alignment of type(test_mpi_handle) when cross-compiling
Fixes:
- http://autobuild.buildroot.org/results/86ffde2f67ffc0bfaeebe72fe742a5c241bc580b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Though several cross-compilation patches exist in buildroot's nginx
package dir they do not seem to address endianness.
The test program generated by the configure script compiles but fails
to run (as it is built for another architecture) but the script does
not distinguish between the failure to run the program and an
indication of certain endianness. As such the fallback of big-endian
is used. This setting then causes http2 headers (anything not in the
static dictionary) to come out as undecipherable trash on 64bit
targets (see ngx_http_v2_huff_encode_buf()).
This commit includes a patch to the configure script to allow a
`--force-endianness=big|little` flag as well as setting that flag in
buildroot's package makefile.
Signed-off-by: Nevo Hed <nhed+buildroot@starry.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Find libxcryt through pkg-config to avoid the following build failure:
/home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/riscv64-buildroot-linux-musl/10.2.0/../../../../riscv64-buildroot-linux-musl/bin/ld: .libs/passverify.o: in function `.L30':
passverify.c:(.text+0x368): undefined reference to `crypt_checksalt'
Fixes:
- http://autobuild.buildroot.org/results/20b14e222b35c2d1269960075832b784ba81aa1a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Quoting https://www.php.net/
"This is a security fix release."
Changelog: https://www.php.net/ChangeLog-8.php#8.0.10
CVE-ID were not mentioned in any of the fixed bugs.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with nodejs raised since bump to version
12.22.5 in commit 7038b029d8:
../src/cares_wrap.cc:42:11: fatal error: ares_nameser.h: No such file or directory
42 | # include <ares_nameser.h>
| ^~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/a0f867d5e765fc1aa052de5e53ed350b3b20743f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- NodeJS passes NULL for addr and 0 for addrlen to
ares_parse_ptr_reply() on systems where malloc(0) returns NULL. This
would cause a crash.
- If ares_getaddrinfo() was terminated by an ares_destroy(), it would
cause a crash
- Crash in sortaddrinfo() if the list size equals 0 due to an unexpected
DNS response
- Expand number of escaped characters in DNS replies as per RFC1035 5.1
to prevent spoofing follow-up
- Perform validation on hostnames to prevent possible XSS due to
applications not performing valiation themselves
https://c-ares.haxx.se/changelog.html#1_17_2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some 3rd party vendor toolchains have multiple files which match
these glob patterns. In this case, the shell script failed.
Switching to use find and xargs solves the issue.
Signed-off-by: Jonah Petri <jonah@petri.us>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
rwmem is small tool to read & write device registers. Some of the
features include:
- support mmaped and i2c devices
- addressing with 8/16/32/64 bit addresses
- accessing 8/16/32/64 bit memory locations
- little and big endian addressess and accesses
- bitfields
- address ranges
- register description database
Python bindings are disabled for now.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The Qt OPC UA module implements a Qt API to interact with OPC UA on
top of a 3rd party OPC UA stack.
The default is open62541, which is bundled by qt5opcua in version 1.0,
so we dont need to provide/depend on br's own open62541 package.
Another dependency is mbedtls, but it's optional.
Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Vue Router is the official router for Vue.js.
Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
[Arnout: use comment instead of submenu]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This tests build a bogus package that installs a binary built for the
host architecture into $(TARGET_DIR), which should cause a build
failure, at least as long as the host architecture isn't ARM.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
[yann.morin.1998@free.fr: drop uneeded subprocess import to fix flake8]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some tests will need to grep through the build log to verify that some
features are working are expected. In order to allow them to open the
build log, we provide a new function called log_file_path(), which
returns the path to the log file if available.
We also use this function in open_log_file().
Note that open_log_file() cannot be used directly to grep through the
log file at the end of a build: because it opens in "a+" mode, it
greps starting from the end of the file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since commit 39d334faa5 (package/pkg-qmake: add <pkg>_SYNC_QT_HEADERS
support), the qmake-package infra recognises said variable but the
manual has the wrong variable name, which is missing the "_QT" part.
We fix that by amending the manual to document the proper variable name.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
QT5_QT_CONF_FIXUP tweaks files for per-package directory build.
This is typically the kind of operation expected to be in
post-prepare hook.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When using top level parallel build, independent qt5 packages may be
built in parallel. Because of their staging dirs being hardlinked, they
all use the same qt.conf file to manipulate during configure, while
another qt5 package might already use it. This leads to weird build failures
because the folders qmake is using are diverted in erratic ways.
Fix this by actually recreating a non-shared qt.conf file for every package.
Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Reviewed-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This release includes the following changes:
- New features
- New 'sessionResume' service-level option to allow or disallow session resumption
- Added support for the new SSL_set_options() values.
- Download fresh ca-certs.pem for each new release.
- Bugfixes
- Fixed 'redirect' with 'protocol'. This combination is not supported by 'smtp', 'pop3' and 'imap' protocols.
- Enforced minimum WIN32 log window size.
- Fixed support for password-protected private keys with OpenSSL 3.0 (thx to Dmitry Belyavskiy).
- Added missing TLS options supported in OpenSSL 1.1.1k.
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This release introduces meson build system support.
As meson files are only available in git, switch the location to
https://gitlab.freedesktop.org.
Add support for bash-completion.
Add an upstream patch fixing the compilation without gobject-intorspection.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use BR2_PACKAGE_MESA3D_GBM instead of BR2_PACKAGE_MESA3D_OPENGL_EGL as
GBM can also be provided by a DRI driver
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>