Import a patch that has been accepted upstream and fixes build failures
caused by a missing explicit cast to EGLNativeWindowType.
Fixes: http://autobuild.buildroot.net/results/92c5cc3134e92c263a0cbb4c05ef8956569e434b/
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0904d3a2ee4132b2611a86d14da60285080d1adb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changes with nginx 1.26.2 14 Aug 2024
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8f31fea6d038c3390ab480e4c27837b8c720597b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Compilation with -Os triggers this assembler problem.
The problematic C code contains a long switch statement, so
everything looks like GCC Bug 104028 is triggered.
Fixes:
- http://autobuild.buildroot.net/results/db5/db58215fb3c7f30b6c0f0764a84271010346edfb
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6362dd1d1416949cfccb2469f4da4c52b4ac8491)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without the unbound user the daemon does not start on bootup.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 67e6d0a3f1a0893183885b947f4472ef4c04bfc4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
(CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
- gh-115243: Fix possible crashes in collections.deque.index() when the
deque is concurrently modified.
- gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate
store, when the ssl.SSLContext is shared across multiple threads.
For more details, see the changelog:
https://docs.python.org/release/3.11.9/whatsnew/changelog.html#python-3-11-9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports an upstream patch to fix CVE-2024-39936.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports two upstream patches needed to fix
CVE-2023-34410. According to the CVE details, both patches are needed
for the fix.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports upstream patches that are needed to fix
CVE-2023-37369. The second one is the actual CVE fix, the first one is
needed to only backporting the second patch in a reasonable way.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports upstream patches that are needed to fix
CVE-2023-51714. The second one is the actual CVE fix, the first one is
needed to only backporting the second patch in a reasonable way.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports an upstream patch to fix CVE-2023-38197, which
requires 3 other patches to be backported in order to work properly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports some upstream commits to fix CVE-2023-32763.
To backport the CVE fix, we had to backport two other related patches
to make the backport reasonably clean/straightforward.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports an upstream patch that fixes CVE-2023-32762.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports an upstream patch that fixes CVE-2023-33285.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports an upstream patch fixing CVE-2023-32573.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/94fd27ea48c4128033ad10cf0dc5dba3f5d97a02/
Commit 4aff9fae45 (package/am335x-pru-package: fix download
issue) updated the filename and hash of the package, but something went
wrong when adjusting the hash for 2024.02.x.
Investigating the local tarball shows that the permissions in the tarball were
were wrong:
diffoscope old-dl/am335x-pru-package/am335x-pru-package-5f374*-br1.tar.gz \
dl/am335x-pru-package/am335x-pru-package-5f374*-br1.tar.gz | \
grep 96/.gitignore
│ │ --rw-rw-rw- 0 0 0 199 2016-02-10 20:56:25.000000 am335x-pru-package-5f374ad57cc195f28bf5e585c3d446aba6ee7096/.gitignore
│ │ +-rw-r--r-- 0 0 0 199 2016-02-10 20:56:25.000000 am335x-pru-package-5f374ad57cc195f28bf5e585c3d446aba6ee7096/.gitignore
And indeed, the file does have mode 666 in the git repo:
ls -lah old-dl/am335x-pru-package/git/.gitignore
-rw-rw-rw- 1 peko peko 199 Aug 31 18:16 old-dl/am335x-pru-package/git/.gitignore
It is unclear how this happened, maybe an issue with switching between
master/2024.05.x/2024.02.x.
Adjust the hash to match what is should have been instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The download and homepage URL for this project have been
updated. The old site no longer works.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2a547e2c424ac08d8741dc557aee968f1b659735)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed patch which is included in this release, autoreconf is not needed
anymore.
Updated license hash due to copyright year bump:
7b947051d5
Fixes CVE-2024-26306.
Release notes:
https://github.com/esnet/iperf/releases/tag/3.17.1https://github.com/esnet/iperf/releases/tag/3.17
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9d9a0db3d8b471ccf1721312450337ff53ed4a35)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9f94b3b354 "package/iperf3: bump to version 3.16" updated
the package but forgot to reflect a breaking change mentioned in
the release note [1], "iperf3 now requires pthreads and C atomic
variables to compile and run".
When the toolchain has no atomic support, or the libatomic is not
added in the linker flags, the compilation now fail with output:
arm-buildroot-linux-gnueabi/bin/ld: ./.libs/libiperf.so: undefined reference to '__atomic_load_8'
This issue can be seen when running the iperf3 runtime test, with
command:
support/testing/run-tests \
-d dl -o output_test \
tests.package.test_iperf3
This commit fixes the issue by adding a dependency on
BR2_TOOLCHAIN_HAS_ATOMIC and by adding an upstream patch to detect
if linking to libatomic is needed.
Fixes: [2]
[1] https://github.com/esnet/iperf/releases/tag/3.16
[2] https://gitlab.com/buildroot.org/buildroot/-/jobs/6466933622
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f10488a411)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/e613fc777051be6325d7e3c088d5f723fab518fa/
Signed-off-by: J. Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2a700617cc1aa14deb9f4e4f5c63e19c77901389)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 08edb3c22a61b6de28e1472faceaebc3399b6537)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
<ariel@vanguardiasur.com.ar>: host aspmx.l.google.com[2a00:1450:400c:c07::1a]
said: 550-5.2.1 The email account that you tried to reach is inactive. For
more 550-5.2.1 information, go to 550 5.2.1
https://support.google.com/mail/?p=DisabledUser
ffacd0b85a97d-36bbd075381si7797549f8f.548 - gsmtp (in reply to RCPT TO
command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 53116d091562fb260460382fa295738323decf3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Django 5.0.7 fixes the following CVEs:
* CVE-2024-38875: Potential denial-of-service vulnerability in django.utils.html.urlize()
* CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords
* CVE-2024-39330: Potential directory-traversal via Storage.save()
* CVE-2024-39614: Potential denial-of-service vulnerability in get_supported_language_variant()
Django 5.0.8 fixes the following CVEs:
* CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
* CVE-2024-41990: Potential denial-of-service vulnerability in django.utils.html.urlize()
* CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
* CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
Further release Notes: https://docs.djangoproject.com/en/5.0/releases/
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f777ce1fd6b9e0537593a70940dc23f4ca177054)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9696d27756 "package/gpsd: condition python stuff to the proper
kconfig option" changed the condition in which the gpsd python scripts
are installed. After that change, the "gpsfake" command (which is a
python script) is no longer found and the runtime test is failing.
This commit fixes the issue by reflecting the change in the runtime
test Buildroot configuration.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b6f4d79df21b2affa1ccc5133c44647072d21058)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This didn't work out as planned, neither the restriction of muting
unregistered users, nor the exception for matrix users worked as planned.
The channel mode has been reverted to +R (meaning only registered users
are allowed to join) and an exception for *that* has been introduced for
matrix users via +e. The channel modes are documented in [1].
[1] https://www.oftc.net/ChannelModes/
This reverts commit d1e6d7845b.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bede54c774ef59640cc1b4d9fd1dabfc69e4ecdb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 03505e34570d65ead565e13b0998b05a12ab95ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For change log since v2.3.5, see:
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.3.6
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f9f2ade9bb207d2481b12a325bba7cee5a3e9cbf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See here for a Changelog and CVE's:
http://nginx.org/en/CHANGES-1.26
Patch 0006 is no longer required as the openssl library is found without
this patch, which does not apply anymore.
Patch 0009 is no longer required as it was fixed in another way upstream:
https://hg.nginx.org/nginx/rev/fb989e24c60a
Patch 0011 is upstream:
https://hg.nginx.org/nginx/rev/f58b6f636238
Reorder the remaining patches and update .checkpackageignore accordingly.
The LICENSE file is changed, the year changed from 2022 to 2024.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 761259c93400bc806611a242c7dc3df7ff67c231)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building with GCC 14 fails at the configure step with:
./configure: error: libatomic_ops library was not found.
The error is not caused by a missing library, but by an unrelated
"incompatible pointer type" error in the test program:
...
checking for atomic_ops library
objs/autotest.c: In function 'main':
objs/autotest.c:9:48: error: passing argument 1 of 'AO_compare_and_swap' from incompatible pointer type [-Wincompatible-pointer-types]
This used to be a warning, but it is an error since GCC 14.[1]
Fix this by patching the test program in order to use the correct
pointer types.
Fixes: http://autobuild.buildroot.net/results/a3d/a3d8c6fd631b31e272e4d8cc6c3318f2e4151882
[1] https://gcc.gnu.org/gcc-14/porting_to.html#incompatible-pointer-types
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 7d249dab51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See here for a Changelog:
https://openldap.org/software/release/changes_lts.html
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 61ad5516485a1b4518c4997c9a146a5faa96e6d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See also: https://github.com/swaywm/swaybg/releases/tag/v1.2.1
Signed-off-by: James Knight <james.d.knight@live.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2143e8f8351c177d7fce87ccacba042afea94f93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The mysql virtual package was removed in commit 8708f3a23a
"package/mysql: drop virtual package".
The mariadb runtime test was authored before this mysql virtual
package removal, but was merged after it, in commit 5356754d1e
"support/testing: add mariadb runtime test". Due to this, this test
always failed with the error:
Makefile.legacy:9: *** "You have legacy configuration in your .config! Please check your configuration.". Stop.
This commit fixes the issue by removing the legacy
BR2_PACKAGE_MYSQL=y configuration directive.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/7540345406
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3da3361a1b9cafb274dac776693720fe20f6681b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Maeva told me personally she will no longer contribute to Buildroot
for the time being. This commit removes all the associated DEVELOPERS
entries.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 92d652df4869d073e383d9d44b5c43e338d83c29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The comment does not follow the coding style, so update it appropriately.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b88d2b51a4bd2d825d71730bde934dc9991fc6cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, we have a Kconfig symbol to enable the python support in
gpsd, but the condition at configure time is based on whether the python
package is enabled. So, if a user does not enable python support in
gpsd, they still get it.
Switch to using the proper symbol.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Bernd Kuhls <bernd@kuhls.net>
Reviewed-by: Jan Havran <havran.jan@email.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9696d277565159029e74efb9eae16b4a670bf945)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pass USE_LIBDRM=OFF to the wpewebkit CMake configuration step when the
libdrm package has not been selected.
WPE WebKit can be built without libdrm support, and it will still work
with backends that use other platform-specific methods to handle
graphics buffers and/or presenting content onto an output. For example
this is the case with wpebackend-rdk configured to use rpi-userland,
which uses dispmanx to produce the output instead of DRM/KMS.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 65f8174648a3df922892cfac1ad15279d1bffde3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pistache needs NPTL as it unconditionally uses pthread_setname_np since
b283c32963
resulting in the following uclibc build failure since commit
82e61bed82:
../src/common/reactor.cc: In lambda function:
../src/common/reactor.cc:512:25: error: 'pthread_setname_np' was not declared in this scope; did you mean 'pthread_setcanceltype'?
512 | pthread_setname_np(pthread_self(),
| ^~~~~~~~~~~~~~~~~~
| pthread_setcanceltype
Fixes: 82e61bed82
- http://autobuild.buildroot.org/results/b2b22e4f9684aca0246650673fd8c33019712ddf
- http://autobuild.buildroot.org/results/1597bfe2a57cd3aef54d331447dd81cae020d434
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b6db4e2a79da7aadcbe2beda3e00381afb9e3f28)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mdio-tools depends on CONFIG_MDIO_DEVICE in order for mdiobus driver to
be built, but CONFIG_MDIO_DEVICE depends on CONFIG_NETDEVICES which we
are not enabling so on platforms without it enabled in kernel config
building mdio-tools will fail with:
ERROR: modpost: "mdio_find_bus" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
ERROR: modpost: "__mdiobus_c45_read" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
ERROR: modpost: "__mdiobus_read" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
ERROR: modpost: "__mdiobus_c45_write" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
ERROR: modpost: "__mdiobus_write" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
So enable CONFIG_NETDEVICES as well to make sure CONFIG_MDIO_DEVICE can be enabled.
Fixes: http://autobuild.buildroot.net/results/edf47df96cde6094c890c0b74034cced90335a39/
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b95fff0185803bac5c8cfb558d60234e59a1469b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
