LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in
certain situations involving a custom tag and 0x0200 as the second word
of the DE field.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7ec5f99b3a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dc66c5901c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ce4bc45000)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aa87c2e168)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 56c0d7b886)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aef9027773)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8de78f3da0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit efd9eac4d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4d02d512f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ed2f427fd2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8741ac0e50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 58be19b028)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2022-22818: Possible XSS via {% debug %} template tag
The {% debug %} template tag didn't properly encode the current context,
posing an XSS attack vector.
In order to avoid this vulnerability, {% debug %} no longer outputs
information when the DEBUG setting is False, and it ensures all context
variables are correctly escaped when the DEBUG setting is True.
- CVE-2022-23833: Denial-of-service possibility in file uploads
Passing certain inputs to multipart forms could result in an infinite loop
when parsing files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This clarifies that custom DTSI files can be passed too,
and that the files are compiled after being copied to the
Linux kernel source tree.
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8ef413b59a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The rtl8723b_fw.bin file installed by this package is not actually used
by this driver at all. It is used by the btrtl Bluetooth driver in the
mainline kernel. The mainline btrtl driver looks for the file in
/lib/firmware/rtl_bt rather than /lib/firmware/rtlwifi. This driver's
Makefile has an install target that confirms the correct destination
firmware directory. It was like that since the very first version that
was added to Buildroot.
Signed-off-by: Doug Brown <doug@schmorgal.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 657d9731cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version fixes a bug that prevents the user from switching from one
access point to another.
Signed-off-by: Doug Brown <doug@schmorgal.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 89211450c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pass needed CMake options to disable generating documentations. The
documentation is built using python-sphinx, which is not packaged in
Buildroot.
Prior to this change, if the build host would have a Python installation
with the sphinx module installed the automatic detection tried to build
documentation, which would fail in cases where the sphinxcontrib-qthelp
package is missing from the host Python installation. The error message
in this case was:
Extension error:
Could not import extension ecm (exception: cannot import name
'htmlescape' from 'sphinx.util.pycompat'
(/usr/lib/python3.10/site-packages/sphinx/util/pycompat.py))
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b341f0c91f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
avahi-client is an optional dependency which is enabled by default since
version 2.2.0 and
5ab117c974
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f0a1d47f6f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
see https://prosody.im/doc/release/0.11.13
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 800e53cf7e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2022-23096: An issue was discovered in the DNS proxy in Connman
through 1.40. The TCP server reply implementation lacks a check for the
presence of sufficient Header Data, leading to an out-of-bounds read.
- CVE-2022-23097: An issue was discovered in the DNS proxy in Connman
through 1.40. forward_dns_reply mishandles a strnlen call, leading to an
out-of-bounds read.
- CVE-2022-23098: An issue was discovered in the DNS proxy in Connman
through 1.40. The TCP server reply implementation has an infinite loop if
no data is received.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2022/01/25/1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 35a3c01824)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- change download URL to https
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0876da5ea1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Package pistache is affected by binutils bug 27597 (Nios II), so let's
disable it when BR2_TOOLCHAIN_HAS_BINUTILS_BUG_27597=y. Let's also
indent the comment dependencies.
Fixes:
http://autobuild.buildroot.net/results/0e7b74c5a07ced2bbae1a0a8c7d7ba26dfa04031/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d5b08f37a4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add patch to fix linux bug:
```
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
```
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/2021478164
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3529e8c21c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From [1]:
"Even though the ordering has absolutely no consequences in Kconfig, it
is not logical (when reading). It is more logical and far easier to
understand when depends come first, followed by the selects."
Also, the Config.in example in the manual suggests to use this coding
style [2]."
Use the correct coding style in the chapter "Choosing depends on or select"
in the manual.
[1] http://lists.busybox.net/pipermail/buildroot/2015-October/142955.html
[2] https://nightly.buildroot.org/manual.html#_coding_style
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 39458e33c1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-20330: An attacker with basic CRUD permissions on a
replicated collection can run the applyOps command with specially
malformed oplog entries, resulting in a potential denial of service on
secondaries. This issue affects MongoDB Server v4.0 versions prior to
4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server
v4.4 versions prior to 4.4.6.
Drop third patch (already in version)
https://docs.mongodb.com/master/release-notes/4.2/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 49bbf644d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ClamAV 0.103.5 is a critical patch release with the following fix:
- CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with
libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the
clamscan --gen-json option) is enabled.
https://github.com/Cisco-Talos/clamav/blob/clamav-0.103.5/NEWS.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f92c093c7a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 70d1858353)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 64cf3dc6c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pjsip:pjsip has been deprecated by teluu:pjsip since September 2021:
<cpe-23:cpe23-item name="cpe:2.3🅰️pjsip:pjsip:2.7.1:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3🅰️teluu:pjsip:2.7.1:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
<cpe-item name="cpe:/a:pjsip:pjsip:2.7.2" deprecated="true" deprecation_date="2021-09-02T14:49:19.527Z">
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c99d84fb96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
RK3399_ROCKPRO64 has been picked from pine64/rockpro64 but here we deal
with orangepi-rk3399, so let's change the label to RK3399_ORANGEPI.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 07a0d71657)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (since 1.1.7):
8b70f08 Add definition of new event GstAppSinkCallbacks for interpipesink element
ddaa9b5 Add conditional build according to GST_VERSION_MINOR
730dea6 Bump project version
8718b12 Add initialization for the GstAppSinkCallbacks struct
f015ff7 Remove redundant initialization of new_event callback
530da92 Update copyright year in README file
e8ce826 Add explanatory comment on the memset of GstAppSinkCallbacks struct
f0f3b8e Fix README copyright date to 2016-2022
814982e Merge branch 'hotfix/add-new-event-callback'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0872ac72b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in
tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by
a crafted XML message and leads to a denial of service.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b23ef21029)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mod_compress has been subsumed by mod_deflate since version 1.4.56 and
dab212b5f5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 653dc2e710)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch added by commit eee96b0f0a on gcc
9.3.0 must also be applied on gcc 10 and 11 to avoid the following build
failure on numerous packages (babeltrace2, pcsc-lite, tpm2-pkcs11,
etc.):
configure:13774: checking whether pthreads work with -pthread
configure:13868: /home/giuliobenetti/autobuild/run/instance-0/output-1/host/bin/or1k-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g2 -std=gnu99 -pthread -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
conftest.c:27:26: error: #error "_REENTRANT must be defined"
27 | # error "_REENTRANT must be defined"
| ^~~~~
It should be noted that external bootlins will have to be rebuilt.
Fixes:
- http://autobuild.buildroot.org/results/cb58d4fbaeb08d188c2f8bf05ef1604789fa8766
- http://autobuild.buildroot.org/results/7af9d4b68bd46ed260ed66ba2cc3c9c21482e741
- http://autobuild.buildroot.org/results/6f926bec146752873f8032b593f0de1cb222ea46
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 98e39dc80e)
[Peter: drop 11.2.0 patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
