Fixes CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds read
that results in use of uninitialized memory for a conditional jump.
Exploitation to change the flow of control has not been demonstrated. The
issue occurs in from_header in list.c via a V7 archive in which mtime has
approximately 11 whitespace characters.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: add _IGNORE_CVES entry]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit d4d483451f.
Tar 1.35 unfortunately changes the behaviour for the devmajor/devminor
fields, breaking the download hash validation. From the release notes:
* Leave the devmajor and devminor fields empty (rather than zero) for
non-special files, as this is more compatible with traditional tar.
https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html
So revert the bump for now.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 7f1088f9ca.
We're going back to tar 1.34, so this needs to be reverted as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds support for Xilinx Zynq ZC702 starter kit.
ZC702 features can be found here:
https://www.xilinx.com/products/boards-and-kits/ek-z7-zc702-g.html
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 083e65a67c introduced tests for the
various read-only root options under systemd, but while applying the
fs-overlay that is used in one of the tests wasn't included. Include it
now.
Fixes: 083e65a67c
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Fixes:
http://autobuild.buildroot.net/results/98f/98fedf4969c260f73a01b937b9625e66dcd86b3c
When BR2_TOOLCHAIN_HAS_LIBATOMIC is "n", there is no gcc libatomic.so
library to install. For configurations with such settings, compilation
fails as gcc-final.mk unconditionally adds libatomic as an installation
target. This error, for instance, shows for all Canaan K210 riscv
configs, as they all use uclibc flat binary format which disabled
libatomic:
Fix this by modifying package/gcc/gcc-final/gcc-final.mk to add
libatomic to GCC_FINAL_LIBS only for configurations that have
BR2_TOOLCHAIN_HAS_LIBATOMIC set to "y".
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://github.com/nxp-imx/mfgtools/releases/tag/uuu_1.5.139
The changes to README.md are not related to license modifications.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Stripping when cross-compiling and libtool static behavior are fixed in
2.5.16, so drop 0001-fix_cross_strip.patch and rename the remaining patches.
Signed-off-by: Hmaied Ben Abdellatif <hmaied.benabdellatif@etictelecom.com>
[Peter: extend commit message, update .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a script to manage the .hash files in the BR2_GLOBAL_PATCH_DIR for
packages using custom versions.
To use it, run in a configured Buildroot directory, E.G.
make foo_defconfig; ./utils/add-custom-hashes
We support multiple patch directories in BR2_GLOBAL_PATCH_DIR. If multiple
directories are specified then use the last one as that is likely to be the
most specific one.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: silence command -v invocation]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump version of Linux to 6.1.61 and U-Boot to 2023.10.
U-Boot requires enabling pylibfdt and pyelftools
We need to increase the size of the rootfs, and we get rid of a
64bit warning on `mke2fs` by passing `-O 64bit` as an argument.
Signed-off-by: Roberto Medina <robertoxmed@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc 5 raised since bump to version
0.17 in commit 725580a26e:
/home/thomas/autobuild/instance-2/output-1/build/json-c-0.17/json_pointer.c: In function 'json_pointer_result_get_recursive':
/home/thomas/autobuild/instance-2/output-1/build/json-c-0.17/json_pointer.c:193:25: error: 'idx' may be used uninitialized in this function [-Werror=maybe-uninitialized]
res->index_in_parent = idx;
^
Fixes:
- http://autobuild.buildroot.org/results/523b35a979d59121fe4e18c38171792b06233940
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default dhcpcd installed with 555 permissions as it is
configured in its Makefile.inc. Since 'w' bit is missing,
strip fails and dhcpcd binary installed non-stripped.
On ARM GCC 12 glibc configuration strip saves over 1MB of disk space.
Signed-off-by: Oleg Lyovin <ovlevin@salutedevices.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch to setuptools
- Update License hash due to a year change: 2019 -> 2021
- Install the packages to the site-packages directory, or else packages using
scons fail to build with import errors.
Tested with benejson, gpsd, and mongodb.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This package now requires host-python-versioneer to build.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Used with the latest version of python-constantly. It is only needed as a
host package.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Remove the "# Should be kept in sync with $(SYSTEMD_VERSION)" line from
python-systemd.mk, as this package is not updated on a regular basis and does
not keep up to date with systemd.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Drop no longer required python-pyrsistent runtime dependency.
Add new python-jsonschema-specifications runtime dependency.
Add new python-referencing runtime dependency.
Add new python-rpds-py runtime dependency.
Propagate python-rpds-py target rust support requirement to
python-jsonschema reverse dependencies.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The last time python-pyxb was updated according to pypi.org is in 2017.
As there are no maintainers listed for the package, and the package uses
distutils which has been removed in Python 3.12.0, remove the package.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
distutils will be dropped with python 3.12.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 2add559e50 (package/python-kmod: new package) listed LGPL-2.1+
(aka -or-later) as the licensed applicable. However, thode contains the
following blurbs:
# python-kmod is free software: you can redistribute it and/or modify it under
# the terms of the GNU Lesser General Public License version 2.1 as published
# by the Free Software Foundation.
There is no mention of the usual "or, at your option, any later
version".
As such, the license is reall LGPL-2.1-only.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This package is currently used in Fedora39 to provide python bindings
for kmod, and it is Python 3.12.0 compatible.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: LGPL in in COPYING.LESSER]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The python bindings provided by kmod were last updated 9 years ago.
- They are not compatible with Python 3.12.
- No major distribution uses this option.
Remove the option.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
