Drop host-pkgconf dependency which has been wrongly added by commit
732d94d25f. Indeed, expat doesn't use
pkgconf to retrieve dependencies
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5bc935665b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable examples and tests (enabled by default) through
--without-{examples,tests} which are available since version 2.2.7 and
1fdfd8a1b4
Also disable xmlwf (a binary that determines if an XML document is
well-formed) through --without-xmlwf which is available since version
2.2.4 and
9d950527a0
This will fix the following build failure on riscv64:
ERROR: reloc type R_RISCV_SET6 unsupported in this context
Fixes:
- http://autobuild.buildroot.org/results/99890c9c7ebe3266dd533c81352a3cbcf4d3d738
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit dac5873314)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure on musl:
In file included from /nvmedata/autobuild/instance-17/output-1/host/powerpc64-buildroot-linux-musl/sysroot/usr/include/asm/ioctl.h:12,
from /nvmedata/autobuild/instance-17/output-1/host/powerpc64-buildroot-linux-musl/sysroot/usr/include/linux/ioctl.h:5,
from /nvmedata/autobuild/instance-17/output-1/host/powerpc64-buildroot-linux-musl/sysroot/usr/include/linux/fs.h:14,
from ioctls/vfs.c:3:
ioctls/vfs.c:109:35: error: 'loff_t' undeclared here (not in a function); did you mean 'off_t'?
109 | { .name = "FIOQSIZE", .request = FIOQSIZE, },
| ^~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/b7f46072751a8d70fa02f1c625c5279f70bec853
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a8614ffc07)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with libressl:
CMake Error: TRY_RUN() invoked in cross-compiling mode, please set the following cache variables appropriately:
LIBRESSL_RESULT (advanced)
LIBRESSL_RESULT__TRYRUN_OUTPUT (advanced)
For details see /nvmedata/autobuild/instance-27/output-1/build/mariadb-10.3.34/TryRunResults.cmake
Fixes:
- http://autobuild.buildroot.org/results/cbdbfcdae4b89ac678e1bf6bcded96872c7223ab
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1748086519)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with libressl:
/nvmedata/autobuild/instance-9/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/10.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: check/libcheck.a(check_ssl.o): in function `ssl_connect':
check_ssl.c:(.text+0x7da): undefined reference to `SSL_set0_wbio'
Fixes:
- http://autobuild.buildroot.org/results/76f72a3c7350ea265e2277c89d68e5256410e94c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 90bdef4f17)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump to version 2.5.3 in
commit fd03e8192f and
d383a5f2fc:
CMake Error at /nvmedata/autobuild/instance-20/output-1/host/share/cmake-3.18/Modules/CMakeTestCXXCompiler.cmake:59 (message):
The C++ compiler
"/usr/bin/c++"
is not able to compile a simple test program.
Fixes:
- http://autobuild.buildroot.org/results/4452bc35b41414a5e8a0e9831b0854228df5fba4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 845f963842)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump to version 1.2 in
commit 242227dd86:
powerpc-buildroot-linux-gnu-gcc: WARNING: unsafe header/library path used in cross-compilation: '-I/usr/include'
In file included from src/aircrack-ng/aircrack-ng.c:54:
/usr/include/math.h:476:21: error: '_Float128' is not supported on this target
476 | # define _Mdouble_ _Float128
| ^~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/83a114ce197fb6af53a26ed68184cf3bbb30c8a7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a8e9b796c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc 4.8 raised since bump to
version 4.8.26 in commit e648dfa6f7 and
8b4386df83:
tty-ncurses.c: In function 'tty_colorize_area':
tty-ncurses.c:575:5: error: 'for' loop initial declarations are only allowed in C99 mode
for (int row = 0; row < rows; row++)
^
Fixes:
- http://autobuild.buildroot.org/results/d9f0a11bde42fe6ae2e9449d3365609d59a6545d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c99d2d3429)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Like was done in 700674b45c (package/bind: disable backtrace support)
for the up-to-date, official, upstream bind, also disable backtrace on
dhcp's internal bind to avoid the following build failure since commit
0c8dd6ebd6 (package/dhcp: use internal bind):
/nvmedata/autobuild/instance-15/output-1/host/lib/gcc/armeb-buildroot-linux-uclibcgnueabi/10.3.0/../../../../armeb-buildroot-linux-uclibcgnueabi/bin/ld: /nvmedata/autobuild/instance-15/output-1/build/dhcp-4.4.3/bind/bind-9.11.36/lib/isc/.libs/libisc.so: undefined reference to `_Unwind_GetIP'
Fixes:
- http://autobuild.buildroot.org/results/074786f3f1e7ffc858dcb1de1855ee138793869e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 53efc185bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Untar internal bind so libtool patches will be applied on bind's
libtool. This will fix:
- installation of some libraries such as libisccfg. Indeed, if libtool
is not patched those libraries will be "relinked" and so not
installed.
- build failures with riscv and or1k:
Invalid configuration `riscv64-buildroot-linux-musl': machine `riscv64-buildroot' not recognized
Invalid configuration `or1k-buildroot-linux-uclibc': machine `or1k-buildroot' not recognized
Fixes:
- http://autobuild.buildroot.org/results/d25b76e628ffe5293c6bc1fd467a6b8966cb1bc2
- http://autobuild.buildroot.org/results/ba3258d8df00a7626784189125f0202fb161c40e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Jan Havran <havran.jan@email.cz>
Tested-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fde2197942)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
systemd-udevd needs this group:
/usr/lib/udev/rules.d/50-udev-default.rules:43 Unknown group 'sgx', ignoring
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
[yann.morin.1998@free.fr: udev users/groups go to udev virtual package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 798a4983ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump to version 3.8 in
commit 1f89c80417:
sigsegv.c: In function 'sigsegv_handler':
sigsegv.c:979:28: error: 'struct vma_struct' has no member named 'is_near_this'
979 | : vma.is_near_this (addr, &vma))
| ^
Fixes:
- http://autobuild.buildroot.org/results/8c5b8b37eb3c2667c75666079b056df7e0023e05
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c44f745c8c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cpupower needs dynamic library since its addition in commit
f1863ede94 to avoid the following build
failure:
ld (ld-elf2flt): -shared used without passing a shared library ID
Fixes:
- http://autobuild.buildroot.org/results/16f41b9169bd76352c2f2ed8c6239ad371b3a30e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c173eb47bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mbedtls is an optional dependency since version 2.4.0 and
3aaf38d3d8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 702e7254f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace first patch (which is not in master after nearly 4 years) with
a new set of pending patches to fix the following build failure with
gcc >= 7:
liboping.c: In function 'ping_set_ttl':
liboping.c:207:9: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 242 [-Werror=format-truncation=]
207 | "%s: %s", function, message);
| ^~
......
829 | sstrerror (ret, errbuf, sizeof (errbuf)));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
liboping.c:206:2: note: 'snprintf' output between 15 and 270 bytes into a destination of size 256
206 | snprintf (obj->errmsg, sizeof (obj->errmsg),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
207 | "%s: %s", function, message);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/31083354e9064b2deef86917d67e92a88af0fa46
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1b47bd987f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
bpftool needs __sync_*_4 intrisics since its addition in commit
3675131e6c and
b0c3d7133f:
/nvmedata/autobuild/instance-26/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/10.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /nvmedata/autobuild/instance-26/output-1/build/bpftool-v6.7.0/src/libbpf/libbpf.a(libbpf.o): in function `bpf_program__attach_kprobe_opts':
libbpf.c:(.text+0xff88): undefined reference to `__sync_fetch_and_add_4'
Fixes:
- http://autobuild.buildroot.org/results/919b8351d3783ca30a860df87ae814d5c4b9fd41
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 30cbb1e217)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with libressl >= 2.8.0 raised since
703abab321:
/nvmedata/autobuild/instance-20/output-1/build/azure-iot-sdk-c-LTS_01_2022_Ref01/c-utility/adapters/tlsio_openssl.c: In function 'add_certificate_to_store':
/nvmedata/autobuild/instance-20/output-1/build/azure-iot-sdk-c-LTS_01_2022_Ref01/c-utility/adapters/tlsio_openssl.c:961:24: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
961 | bio_method = BIO_s_mem();
| ^
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/873f86fb2311ed29a791140f2341943475985fcc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c2f829a71a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure:
local.c: In function 'create_and_bind':
local.c:218:12: error: 'listen_sock' may be used uninitialized in this function [-Werror=maybe-uninitialized]
218 | return listen_sock;
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/27471a878ff52a972ac087d534e44fb0c50808f6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit eb952597c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
php-apcu needs threads since its addition in commit
8ddeeffa18:
In file included from /home/buildroot/autobuild/instance-3/output-1/build/php-apcu-5.1.20/apc_lock.c:20:
/home/buildroot/autobuild/instance-3/output-1/build/php-apcu-5.1.20/apc_lock.h:41:11: fatal error: pthread.h: No such file or directory
41 | # include "pthread.h"
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/314405423aeece5ee55d76ec5c4fa1919e7ee853
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 4bd5fc000b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Dependency on libiw has been removed since 0.9.3.990 [1].
Dependency on libgcrypt has been removed since 1.2-beta1 [2].
Dependency on libuuid has been removed since 1.31.4-dev [3].
[1]: 7d0761588c
[2]: b6f5f03033
[3]: 73b9883c6f
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Reviewed-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Tested-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8b47feff2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libkrb5 does not build with libressl since commit
b7a5b9d06d and upstream is not interested
in fixing this issue as a PR is opened for more than 4 years
(https://github.com/krb5/krb5/pull/607):
pkinit_crypto_openssl.c: In function 'cms_signeddata_verify':
pkinit_crypto_openssl.c:1700:22: error: implicit declaration of function 'OBJ_get0_data'; did you mean 'BIO_get_data'? [-Werror=implicit-function-declaration]
1700 | print_buffer(OBJ_get0_data(etype), OBJ_length(etype));
| ^~~~~~~~~~~~~
| BIO_get_data
Fixes:
- http://autobuild.buildroot.org/results/e623f4e1d6b6004e98815b8b7da3938238890bd8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e77c6e9291)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2022-1271: arbitrary-file-write vulnerability
zgrep applied to a crafted file name with two or more newlines
can no longer overwrite an arbitrary, attacker-selected file.
[bug introduced in gzip-1.3.10]
https://www.openwall.com/lists/oss-security/2022/04/07/8
Other changes:
** Changes in behavior
'gzip -l' no longer misreports file lengths 4 GiB and larger.
Previously, 'gzip -l' output the 32-bit value stored in the gzip
header even though that is the uncompressed length modulo 2**32.
Now, 'gzip -l' calculates the uncompressed length by decompressing
the data and counting the resulting bytes. Although this can take
much more time, nowadays the correctness pros seem to outweigh the
performance cons.
'zless' is no longer installed on platforms lacking 'less'.
** Bug fixes
zgrep now names input file on error instead of mislabeling it as
"(standard input)", if grep supports the GNU -H and --label options.
'zdiff -C 5' no longer misbehaves by treating '5' as a file name.
[bug present since the beginning]
Configure-time options like --program-prefix now work.
Release Announcement:
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 4bfe7edc4b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2022-1271: Malicious filenames can make xzgrep to write to arbitrary
files or (with a GNU sed extension) lead to arbitrary code execution.
For more details, see the announcement and advisory:
https://www.mail-archive.com/xz-devel@tukaani.org/msg00551.htmlhttps://www.zerodayinitiative.com/advisories/ZDI-22-619/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 3c1324248d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure on mips64el raised since commit
11b347c03a:
In file included from shim.h:47,
from shim.c:14:
/nvmedata/autobuild/instance-17/output-1/build/shim-15.4/include/system/stdarg.h:72:2: error: #error what arch is this
72 | #error what arch is this
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/74f4f1d010cfde6978fd614195ef0006f0acb45a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2fd41e56e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update to latest (as of April 14, 2022).
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e7a3501750)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update out-of-tree driver to make it work with Linux kernel v5.17.
Signed-off-by: Jan Havran <havran.jan@email.cz>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 80c11958e6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update out-of-tree driver to make it work with Linux kernel v5.17
(and older kernels not compatible with previous driver version,
like v5.15 etc).
Signed-off-by: Jan Havran <havran.jan@email.cz>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c952070371)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pure-ftpd doesn't build with libressl 3.4.3 which doesn't include
f5674b4e23
resulting in the following build failure:
tls.c: In function 'tls_init_options':
tls.c:329:5: warning: implicit declaration of function 'SSL_CTX_set_num_tickets'; did you mean 'SSL_CTX_set_options'? [-Wimplicit-function-declaration]
SSL_CTX_set_num_tickets(tls_ctx, 0);
^~~~~~~~~~~~~~~~~~~~~~~
SSL_CTX_set_options
Fixes:
- http://autobuild.buildroot.org/results/f5d36180949278510199aa499e253780558c6ffe
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e87e6fd085)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By returning a failure in the event that the initial seed doesn't exist,
we'd then skip creating a new seed, which means we'd never in fact have
an initial seed, and this script is therefore useless. Fix this by
checking for the existence of the seed file first, and just returning 0
if it's not there.
Reported-by: Nicolas Cavallari <Nicolas.Cavallari@green-communications.fr>
Reported-by: Eugen Hristev <Eugen.Hristev@microchip.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e65e9acb20)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()
QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
injection in column aliases, using a suitably crafted dictionary, with
dictionary expansion, as the **kwargs passed to these methods.
CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL
QuerySet.explain() method was subject to SQL injection in option names,
using a suitably crafted dictionary, with dictionary expansion, as the
**options argument.
For more details, see the advisory:
https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 87b8676fbf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
16.24.1:
CVE-2021-37706 / AST-2022-004: pjproject: integer underflow on STUN message
The header length on incoming STUN messages that contain an ERROR-CODE
attribute is not properly checked. This can result in an integer underflow.
Note, this requires ICE or WebRTC support to be in use with a malicious
remote party.
https://seclists.org/fulldisclosure/2022/Mar/0
CVE-2022-23608 / AST-2022-005: pjproject: undefined behavior after freeing a
dialog set
When acting as a UAC, and when placing an outgoing call to a target that then
forks Asterisk may experience undefined behavior (crashes, hangs, etc…)
after a dialog set is prematurely freed.
https://seclists.org/fulldisclosure/2022/Mar/1
CVE-2022-21723 / AST-2022-006: pjproject: unconstrained malformed multipart
SIP message
If an incoming SIP message contains a malformed multi-part body an out of
bounds read access may occur, which can result in undefined behavior. Note,
it’s currently uncertain if there is any externally exploitable vector
within Asterisk for this issue, but providing this as a security issue out
of caution.
https://seclists.org/fulldisclosure/2022/Mar/2
16.25.2:
CVE-2022-26498 / AST-2022-001: res_stir_shaken: resource exhaustion with
large files
When using STIR/SHAKEN, it’s possible to download files that are not
certificates. These files could be much larger than what you would expect to
download.
https://seclists.org/fulldisclosure/2022/Apr/17
CVE-2022-26499 / AST-2022-002: res_stir_shaken: SSRF vulnerability with
Identity header
When using STIR/SHAKEN, it’s possible to send arbitrary requests like GET to
interfaces such as localhost using the Identity header.
https://seclists.org/fulldisclosure/2022/Apr/18
CVE-2022-26651 / AST-2022-003: func_odbc: Possible SQL Injection
Some databases can use backslashes to escape certain characters, such as
backticks. If input is provided to func_odbc which includes backslashes it
is possible for func_odbc to construct a broken SQL query and the SQL query
to fail.
https://seclists.org/fulldisclosure/2022/Apr/19
Update hash of sha1.c after a doxygen comment update:
37c29b6a28
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 607162a09c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2022-1328: mutt_decode_uuencoded() can read past the of the input line
Buffer Overflow in uudecoder in Mutt affecting all versions starting from
0.94.13 before 2.2.3 allows read past end of input line
For details, see the release notes:
https://marc.info/?l=mutt-users&m=164979464612885&w=2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9b9707d15e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
SPI unconditionally uses GPIOHANDLE_SET_LINE_VALUES_IOCTL which is only
available since kernel 4.8 and
d7c51b47ac
resulting in the following build failure since switch to upstream in
commit 03fa36df7e:
linuxspi.c: In function 'linuxspi_reset_mcu':
linuxspi.c:102:28: error: storage size of 'data' isn't known
struct gpiohandle_data data;
^~~~
linuxspi.c:110:32: error: 'GPIOHANDLE_SET_LINE_VALUES_IOCTL' undeclared (first use in this function)
ret = ioctl(fd_linehandle, GPIOHANDLE_SET_LINE_VALUES_IOCTL, &data);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/769021040e5e9293584734e4f461baeaa6dd91cd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 114487dfd2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_WPA_SUPPLICANT_WIRED also enables the MACSEC_LINUX
driver. This driver requires libnl.
Also fix CONFIG_DRIVER_MACSEC option to enable only the generic
Linux driver and not QCA extensions.
Fixes:
http://autobuild.buildroot.net/results/2dea7dee521794b306cc610601fda322987e6cd0
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Sergey Matyukevich <geomatsi@gmail.com>
[Arnout: add Config.in comment, simplify CONFIG_ENABLE]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 4bd8bbe9fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Update site to get latest version
- Switch to generic-package and drop patches as upstream doesn't provide
autotools support
- License is MIT since version 1.12.15
- This bump will fix the following build failure with BR2_OPTIMIZE_FAST:
src/sqlite3.c: In function 'sqlite3IsNaN':
src/sqlite3.c:21797:3: error: #error SQLite will not work correctly with the -ffast-math option of GCC.
21797 | # error SQLite will not work correctly with the -ffast-math option of GCC.
| ^~~~~
- This bump will also fix security issues by bumping sqlite to 3.36.0
- Update indentation in hash file (two spaces)
http://sqlitewrapper.kompex-online.com/index.php?content=changelog
Fixes:
- http://autobuild.buildroot.org/results/63e07345b97faa6d6239933f1790c6f2e02da77f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e2df7d28c2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Internal bind libraries are not installed to target since commit
0c8dd6ebd6 resulting in the following
runtime failure:
Starting DHCP server: /usr/sbin/dhcpd: error while loading shared libraries: libirs.so.161: cannot open shared object file: No such file or directory
RANLIB must also be set to avoid the following build failure at install
step:
libtool: install: arceb-buildroot-linux-uclibc-ranlib /home/fabrice/buildroot/output/per-package/dhcp/target/usr/lib/libisccfg.a
/home/fabrice/buildroot/output/build/dhcp-4.4.3/bind/bind-9.11.36/libtool: line 1719: arceb-buildroot-linux-uclibc-ranlib: command not found
Fixes:
- No autobuilder failures (reported by Eugen.Hristev@microchip.com)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2087051d37)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-28544: SVN authz protected copyfrom paths regression
Subversion servers reveal 'copyfrom' paths that should be hidden according
to configured path-based authorization (authz) rules. When a node has
been copied from a protected location, users with access to the copy can
see the `copyfrom' path of the original. This also reveals the fact that
the node was copied. Only the 'copyfrom' path is revealed; not its
contents. Both httpd and svnserve servers are vulnerable.
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
- CVE-2022-24070: Subversion's mod_dav_svn is vulnerable to memory corruption
While looking up path-based authorization rules, mod_dav_svn servers may
attempt to use memory which has already been freed.
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
Drop no longer needed patch and autoreconf, as this is now fixed upstream:
https://svn.apache.org/viewvc?view=revision&revision=1881534
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 89e51bc625)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
