Fixes a potential memory corruption with negative memmove() size. For
details, see (NVD not yet updated):
https://security-tracker.debian.org/tracker/CVE-2021-3520
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit c577eac16e forgot to add
dependencies of BR2_PACKAGE_UHD_USB to BR2_PACKAGE_UHD_USRP1
Fixes:
- http://autobuild.buildroot.org/results/eaae6548fb536e2b0ea539c236cd7579e63fa21e
Note: threads dependency is already guaranteed as uhd itself depends on
NPTL already.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure:
In file included from /data/buildroot-autobuilder/instance-0/output-1/build/host-llvm-9.0.1/utils/benchmark/src/benchmark_register.cc:15:
/data/buildroot-autobuilder/instance-0/output-1/build/host-llvm-9.0.1/utils/benchmark/src/benchmark_register.h: In function 'void AddRange(std::vector<T>*, T, T, int)':
/data/buildroot-autobuilder/instance-0/output-1/build/host-llvm-9.0.1/utils/benchmark/src/benchmark_register.h:17:30: error: 'numeric_limits' is not a member of 'std'
17 | static const T kmax = std::numeric_limits<T>::max();
| ^~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/68581aad7c622a1fc74bb5556799e3c681425b2a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes CVE-2021-30465: runc 1.0.0-rc94 and earlier are vulnerable to a symlink
exchange attack whereby an attacker can request a seemingly-innocuous container
configuration that actually results in the host filesystem being bind-mounted
into the container, allowing for a container escape.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-32055: Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt
2019-10-25 through 2021-05-04) has a $imap_qresync issue in which
imap/util.c has an out-of-bounds read in situations where an IMAP
sequence set ends with a comma. NOTE: the $imap_qresync setting for
QRESYNC is not enabled by default.
https://gitlab.com/muttmua/mutt/-/blob/mutt-2-0-7-rel/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes: CVE-2021-22207 Excessive memory consumption in MS-WSP dissector
in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service
via packet injection or crafted capture file
See also: https://www.wireshark.org/security/wnpa-sec-2021-04.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: add CVE reference]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Select a few missing multimedia related dependencies:
- BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_AUTODETECT is needed for
"autoaudiosink"; not having this element can cause a crash as
it is used unconditionally.
- BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_MATROSKA and
BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_VPX are needed for
WebM video playback.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Select BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_AUTODETECT when multimedia
support is enabled. This is needed at runtime to automatically select
a suitable audio output element, otherwise WebKit will crash at an
assertion due to the missing "autoaudiosink" element. More here:
https://wpewebkit.org/about/faq.html#why-does-the-browser%2Flauncher-(e.g.-cog)-crash-when-trying-to-play-audio%3F
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit f289b1b36f (legacy: drop options removed more than 5 years ago
now) forgot to remove a legacy default.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: propagate the dependency to kodi]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
python-bluezero selects python-gobject but fails to include its arch and
toolchain dependencies. Add them now, as well as the corresponding
comment.
dbus-python also has some dependencies, but all of them are covered by
the python3 dependency, so don't bother with those.
Fixes: 8bdc5e7c4d
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
As of version 0.4.0 observer.py uses dbus-python (to comunicate with BlueZ)
instead of python-aioblescan. Thus, all modules now depend on dbus-python.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
ebtables 2.0.11 no longer works correctly when userland is 32-bit and the
kernel is 64-bit. This used to work correctly in version 2.0.10-4.
Problem is twofold:
- ebtables itself was broken and needs to be patched
- buildroot needs to pass the correct flag again to indicate when we are in
this situation
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If libglib2 is not build before building the dbus plugin, mender fails to
compile with the following error:
Package 'gio-2.0', required by 'virtual:world', not found
- Add a check for libglib2 in addition to dbus when enabling the dbus plugin.
- Depend on libglib2 if both packages are selected.
Fixes:
http://autobuild.buildroot.org/results/1bc5893b88db08612059ad899c2bc3b2abb291fb
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Let's add upstream patches introducing -mcmodel=large or1k gcc option that
works in conjunction with previous binutils patch. That option fix binutils
bug 21464[1] allowing to build libgeos with no problem. This way we can
consider buildroot toolchain binutils bug 21464 free.
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=21464
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: remove the PATCH M/N parts - cfr. check-package]
Add upstream backported patches that allows using -mcmodel=large gcc option
that in order allows fixing build failure due to binutils bug 21464:
https://sourceware.org/bugzilla/show_bug.cgi?id=21464
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: remove the PATCH M/N parts - cfr. check-package]
Actual patches are stubs suggested but now they are available as upstream.
So let's substitute them since they make part of a or1k patchset and next
patch will add the others.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: remove the PATCH M/N parts - cfr. check-package]
DHCP package may silently fail to install binaries to the target image.
The problem occurs when buildroot output/host and build server provide
different flavors of awk. For instance, mawk on build server and gawk
in buildroot output/host. In this case isc-dhcp configure script detects
gawk in output/host and generates Makefiles specifying gawk without
absolute path. During Buildroot installation phase, those Makefiles
are used to install dhcp binaries. They attempt to use gawk without
absolute path. However build host does not have gawk.
To resolve the issue add host-gawk to dependencies and specify absolute
path to host-gawk in dhcp configure script using DHCP_CONF_ENV.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit a8fbe67b9b ("package/wpa_supplicant: add upstream patch to fix
CVE-2021-30004") added security patch from hostapd upstream without
required ASN.1 helpers. Backport and adapt two commits from the
hostapd upstream to add missing headers and helpers.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
assimp doesn't build with zlib-ng because Z_EXPORT and z_crc_t are used
by the bundled unzip source code
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This reverts commit b529a582ba as it
raises a build failure with hiawatha because assimp installs its own
zlib library in staging directory.
Fixes:
- http://autobuild.buildroot.org/results/9cac31962d48245a5579da692dbc9488292a397e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Static build of gnuplot with gd and libiconv is broken since bump to
version 2.3.1 in commit 970b2ca3cc:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/9.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: /home/giuliobenetti/autobuild/run/instance-3/output-1/host/bin/../powerpc-buildroot-linux-uclibc/sysroot/usr/lib/libgd.a(gdkanji.o): in function `do_convert':
gdkanji.c:(.text+0x148): undefined reference to `libiconv_open'
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/9.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: gdkanji.c:(.text+0x1d0): undefined reference to `libiconv'
This build failure is raised because LIBS has been replaced by
LIBS_PRIVATES in gdlib.pc.in since
28ecfe77c8
Fixes:
- http://autobuild.buildroot.org/results/5ab5f4744adfd8d8be483204a9c7f59e34ce26c6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
On hosts where gawk is not available, it is not possible to build the
package with server option (BR2_PACKAGE_DHCP_SERVER).
The build goes through without errors but the binaries are not created
and installed. The reason is that autotools cannot find gawk.
Fixes: Bug 13781
Reported-by: Kay Jeschonneck <kay.jeschonneck@airbus.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit d65586f45a ("package/hostapd: add upstream patch to fix
CVE-2021-30004") added security patch from hostapd upstream without
required ASN.1 helpers. Backport and adapt two commits from the
hostapd upstream to add missing headers and helpers.
Fixes:
http://autobuild.buildroot.net/results/8f56cf556efbf447633ce873a21635f5adbc3cd2/
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr: slightly reformat the patches]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libraw needs __sync_fetch_and_add since version 0.20.0 and
d1975cb0e0
This will fix the following build failure with imagemagick which is
raised since commit 2f47cfade4:
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /home/buildroot/autobuild/run/instance-0/output-1/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libraw_r.so: undefined reference to `__sync_fetch_and_add_4'
Fixes:
- http://autobuild.buildroot.org/results/900df43bd418d2da0c3ec875db1c5564dd857e94
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
