janus-gateway is vulnerable to Improper Neutralization of Input During
Web Page Generation ('Cross-site Scripting')
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking
script content through SVG images (CVE-2021-43818).
- A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking
script content through CSS imports and other crafted constructs
(CVE-2021-43818).
https://github.com/lxml/lxml/blob/lxml-4.6.5/CHANGES.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure without stack-protector raised since
bump to version 3.3.1 in commit 3965f09cb4
and
5b3cb7f35e:
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
If stack-protector is enabled in the Buildroot config, the toolchain
wrapper will make sure it is used, so there's no need for the
jitterentropy-library Makefile to handle it.
Fixes:
- http://autobuild.buildroot.org/results/8de/8dee462d16d934dd173d58f17933c6911e4336bf/build-end.log
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Switch to meson-package
- gdk-pixbuf and gupnp-dlna are now mandatory
- gstreamer1-editing-services is mandatory with gstreamer engine
https://gitlab.gnome.org/GNOME/rygel/-/blob/rygel-0.40.2/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- GStreamer 0.10 back-end has been dropped with
af50a8ac98
- Switch to meson-package (to avoid autoreconf as no configure is
shipped anymore)
- Update indention in hash file (two spaces)
https://gitlab.gnome.org/GNOME/gupnp-dlna/-/blob/gupnp-dlna-0.12.0/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- introspection support is needed to build latest rygel version
- build vala bindings to avoid a build failure as already done in other
packages such as gssdp in commit
d513e55930
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
support/testing/tests/package/test_php_lua.py:35:1: E302 expected 2 blank lines, found 1
Add the missing line before class definition.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Evan has privately requested to no longer receive e-mails related to
this Buildroot package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS dependency was wrongly added to
BR2_PACKAGE_HOST_IMAGEMAGICK by commit
df20e45463, indeed host-librsvg is only
needed by BR2_PACKAGE_HOST_IMAGEMAGICK_SVG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
License is GPL-3.0+, not GPL-3.0 since the addition of the package in
commit 1e4050b2d0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since commit
3db4d486d6:
../output-1/build/libmediaart-1.9.5/libmediaart/meson.build:63:2: ERROR: Program 'vapigen' not found
Fixes:
- http://autobuild.buildroot.org/results/189e12686b059ddadf84ced40efcd9875e5e1521
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV,
DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0,
as also used in OpenBLAS before version 0.3.18. Specially crafted inputs
passed to these functions could cause an application using lapack to
crash or possibly disclose portions of its memory.
It should be noted that commit 59a1fcc696
wrongly assumed that this CVE was fixed in version 3.10.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix dependencies which are wrong since the addition of the package in
commit e13c9ccf43 resulting in the
following build failure:
Makefile:587: *** duktape is in the dependency chain of polkit that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
Fixes:
- http://autobuild.buildroot.org/results/706a09b245880e99109a4cc99faffe83f458afc4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with glibc >= 2.34:
In file included from timerobj.c:32:
In function 'threadobj_set_current',
inlined from 'server_prologue' at timerobj.c:94:2:
../../include/copperplate/threadobj.h:252:9: error: 'pthread_setspecific' expecting 1 byte in a region of size 0 [-Werror=stringop-overread]
252 | pthread_setspecific(threadobj_tskey, thobj);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/ed93f916eda304b30f320816c85d1b0d4488c699
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The kernel now has support for dma, ethernet, i2c, mmc, pinctrl, regulator,
so enable drivers for those, change to a ext4 rootfs and enable DHCP on
eth0.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 494807e28d (configs/stm32f4{2|6}9_*_defconfig: rename
configurations) forgot to also rename the corresponding entries
in the DEVELOPERS file.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Dario Binacchi <dariobin@libero.it>
Cc: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
fix the following error:
ERROR: hdimage(sdcard.img): partition [MBR] (offset 0x1b8, size 0x48) overlaps previous partition bl1 (offset 0x0, size 0xc200)
ERROR: hdimage(sdcard.img): bootloaders, etc. that overlap with the partition table must declare the overlapping area as a hole.
which started at the genimage version bump to 15 commit.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/1865935217
Signed-off-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This adds support for aptX (HD) decoder / encoder powered by the
libopenaptx library.
Signed-off-by: Yunhao Tian <t123yh.xyz@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This adds support for libopenaptx, an aptX encoder and decoder.
Signed-off-by: Yunhao Tian <t123yh.xyz@gmail.com>
[Thomas:
- drop patches that added a CMakeLists.txt and instead use the
Makefile provided by upstream.
- add !BR2_STATIC_LIBS dependency
- add entry in DEVELOPERS file]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Use official tarball
- Drop patches (already in version)
- license files renamed with
a08ae564c4
- Update indentation in hash file (two spaces)
https://github.com/smuellerDD/jitterentropy-library/blob/v3.3.1/CHANGES.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
ERROR GST_PIPELINE gst/parse/grammar.y:857:priv_gst_parse_yyparse: no element "videorate"
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rename the configuration to explicitly distinguish between sd and xip.
As a result, the readme files have also been changed.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The kernel generated by the configuration for the STM32f429-discovery
board is buggy:
Fixes:
Unhandled exception: IPSR = 00000006 LR = fffffff1
CPU: 0 PID: 1 Comm: init Not tainted 4.11.0 #2
Hardware name: STM32 (Device Tree Support)
task: 9041a000 task.stack: 907c0000
PC is at ret_fast_syscall+0x2/0x4a
LR is at tty_ioctl+0x1ad/0x75c
pc : [<0800d942>] lr : [<080c2e05>] psr: 4000000b
sp : 907c1fa8 ip : 0000001c fp : 905961a2
r10: 00000000 r9 : 907c0000 r8 : 0800dae0
r7 : 00000036 r6 : 905e7e60 r5 : 00000000 r4 : 905e7ebc
r3 : 00000000 r2 : 00000000 r1 : 00000000 r0 : 00000000
xPSR: 4000000b
CPU: 0 PID: 1 Comm: init Not tainted 4.11.0 #2
Hardware name: STM32 (Device Tree Support)
[<0800fbf9>] (unwind_backtrace) from [<0800f05b>] (show_stack+0xb/0xc)
[<0800f05b>] (show_stack) from [<0800f553>] (__invalid_entry+0x4b/0x4c)
Inspired by commit a3e3d9c198 ("configs/stm32f469_disco_xip_defconfig:
alternative defconfig for XIP"), update the stm32f429_disco_defconfig
configuration to use a newer kernel. Current setup kernel + rootfs fits
in 1.6MB on-chip flash memory.
The kernel has been moved to new flash bank due to growth of dtb size.
Remove upstream patch.
For better binary size optimization gcc LTO is turned on.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Newer versions of the kernel generate device trees that are not
storable in a single 16kB sector. In these cases the kernel load address
must be changed.
The commit 2e499dcff3ef ("Add possibility to use custom kernel load address")
adds the possibility to override the default (0x08008000) kernel load
address.
This also required changes to the stm32f429_disco_defconfig and
stm32f469_disco_xip_defconfig configurations. Patching is no longer
needed.
Also update whitespaces in hash file (2 spaces).
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The current configuration fails to boot on the stm32f469-disco board.
Make it bootable again by reverting the DRAM patches.
Also change the kernel load address from 0x8010000 to 0x800C000 to
allocate more space to the kernel, since 32kB for the device tree is
enough.
Also clean up the rootfs a bit with the common stm32-post-build.sh
script.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since bump to version 2.1.5 in
commit ca39eb212e:
gettcpinfo.c: In function 'gettcpinfo':
gettcpinfo.c:101:42: error: expected declaration or statement at end of input
101 | inline void gettcpinfo (int sock, struct ReportStruct *sample) {
| ^~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/073e070478f0cda34784af96bb3a802c3aac8f72
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2021-42717: ModSecurity 3.x through 3.0.5 mishandles
excessively nested JSON objects. Crafted JSON objects with nesting
tens-of-thousands deep could result in the web server being unable to
service legitimate requests. Even a moderately large (e.g., 300KB)
HTTP request can occupy one of the limited NGINX worker processes for
minutes and consume almost all of the available CPU on the machine.
Modsecurity 2 is similarly vulnerable: the affected versions include
2.8.0 through 2.9.4.
- Use official tarball and so drop autoreconf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Probably due to bogus merge conflicts, Hervé Codina ended up having
two entries in the DEVELOPERS file. This commit brings back all files
watch by Hervé under the same entry.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
They are currently expressed as such:
depends on (BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
which is not the common practice in Buildroot. We prefer to use:
depends on BR2_ENABLE_LOCALE
depends on BR2_USE_WCHAR
This commit ensures linux-pam is consistent with this best practice.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
BR2_PACKAGE_LINUX_PAM depends on BR2_USE_MMU, but this dependency is
not taken into account in the Config.in comment, which this commit
fixes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
