Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d30542dde7)
[Peter: drop Makefile/Vagrantfile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2021-38593 fixes originally missed a usecase that was covered by the
to-be-removed patch. However, this patch was incorrect and added some
issues on its own, which was then fixed by now-removed
0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch.
Unfortunately for us, the to-be-removed patch (fixed by
0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch) can actually
be applied (with fuzz; by `patch` only) on top of the now-removed patch.
When the move to KDE Qt fork was made, some patches were removed as they
were already part of the new git fork. However, the to-be-removed patch
was not. This means the
0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch was actually
undone when Buildroot patched qt5base.
Let's remove this patch to fix this oversight.
As a reference:
e7ea2ed27c Improve fix for avoiding huge number of tiny dashes
fixed by
65b3aa6a1c Refix for avoiding huge number of tiny dashes
in the git repo.
Fixes: 5770a645a3 "package/qt5: bump packages to latest kde submodule versions"
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
[Arnout: renumber patches 0007 and 0008]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch has been applied upstream and is required to allow having
default devices on non x86_64 platforms with WirePlumber v0.4.8.
e429db7e8c
Signed-off-by: Théo Lebrun <theo.lebrun@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since bump to version 0.40.2 in
commit 6acdbb81c8:
[108/298] Generating src/librygel-core/RygelCore-2.6.typelib with a custom command
FAILED: src/librygel-core/RygelCore-2.6.typelib
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/nios2-buildroot-linux-gnu/sysroot/usr/bin/g-ir-compiler --output src/librygel-core/RygelCore-2.6.typelib /home/giuliobenetti/autobuild/run/instance-3/output-1/build/rygel-0.40.2/build/src/librygel-core/RygelCore-2.6.gir
Could not find GIR file 'GUPnP-1.2.gir'; check XDG_DATA_DIRS or use --includedir
error parsing file /home/giuliobenetti/autobuild/run/instance-3/output-1/build/rygel-0.40.2/build/src/librygel-core/RygelCore-2.6.gir: Failed to parse included gir GUPnP-1.2
Fixes:
- http://autobuild.buildroot.org/results/2b8956818f03f66a53480f7ed5fc0abb4f05288d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised on uclibc and musl since the
reintroduction of the package in commit
16ff948444:
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/10.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: /home/buildroot/autobuild/instance-1/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libabsl_stacktrace.so.2111.0.0: undefined reference to `backtrace'
Fixes:
- http://autobuild.buildroot.org/results/63ab2bc86cad03d5258492b17d1707078761d9b3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Enable the python-rpi-gpio package on 64-bit ARM architectures. I've tested
this with a Raspberry Pi 4 64-bit and Python 3 build and it works as expected.
Signed-off-by: Mirza Kapetanovic <mirza.kapetanovic@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When generating a filesystem image on a power10 build machine running
Ubuntu, we see a segfault when fakeroot is running chmod.
This has been reported and fixed upstream in Debian in version 1.26-1.2:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995393#53
Add the same patch to resolve the segfault.
Signed-off-by: Joel Stanley <joel@jms.id.au>
[Arnout: add patch signoff and give proper name (check-package)]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
I'm involved in the upstream kvm-unit-tests and the mcf5208 QEMU
machine, so I could help to have a look on these files, too.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop patches that are now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
While upstream pistache has not yet released a stable 'tag'
a lot has changed since June 2020:
* project has moved to meson build system, cmake builds
do not install headers.
* patches in buildroot are no longer required
* project-implemented Pistache::Optional was replaced by
use of std::optional. This is only available in C++17
* dependency to rapidjson has been introduced
Signed-off-by: Thomas Ruschival <thomas@ruschival.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Switch to autotools-package to avoid the following static build failure
since commit d661740201:
[ 56%] Linking C executable rtl_biast
/home/peko/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/riscv64-buildroot-linux-musl/10.3.0/../../../../riscv64-buildroot-linux-musl/bin/ld: attempted static link of dynamic object `/home/peko/autobuild/instance-1/output-1/host/riscv64-buildroot-linux-musl/sysroot/lib/libatomic.so'
collect2: error: ld returned 1 exit status
Drop both cmake-related patches
Fixes:
- http://autobuild.buildroot.org/results/cf84759682848db8ed5610e1abe5a92337d0e957
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The git:// location is no longer supported by github, so change to https://
For more details:
https://github.blog/2021-09-01-improving-git-protocol-security-github/
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Writing into /dev/urandom doesn't actually credit any entropy bits. And
while it adds that data to the entropy pool, it won't actually be
immediately used when reading from /dev/urandom subsequently. This is
how the kernel's /dev/urandom has always worked, unfortunately.
As a result of this behavior, which may be understandably surprising,
writing a good seed file into /dev/urandom and then saving a new seed
file immediately after is dangerous, because the new seed file may wind
up being entirely deterministic, even if the old seed file was quite
good.
This has been fixed in systemd with
<da2862ef06>,
and fortunately it's possible to do the same thing in shell script here.
Specifically, instead of just saving new /dev/urandom output straight
up, we hash the new /dev/urandom together with the old seed, in order to
produce the new seed. This way the amount of entropy in the new seed
will stay the same or get better, but not appreciably regress.
At the same time, the pool size check in this script is useless. Writing
to /dev/urandom never credits bits anyway, so no matter what, writing
into /dev/urandom is useful and not harmful. There's also not much of a
point in seeding with more than 256 bits, which is what the hashing
operation above produces. So this commit removes the file size check.
As a final note, while this commit improves upon the status quo by
removing a vulnerability, this shell script still does not actually
initialize the RNG like it says it does. For initialization via a seed
file, the RNDADDENTROPY ioctl must be used but there's currently no way
to do that from a shell script for now.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Changelog: https://curl.se/changes.html
Updated license hash due to copyright year bump:
0409192b1f
The NSS crypto backend requires a special option now, without it
configure errors out with:
configure: error: NSS use must be confirmed using --with-nss-deprecated. NSS support will be dropped from curl in August 2022. See docs/DEPRECATE.md
Since it will be removed entirely soon anyway, and since this version
doesn't fix any CVEs so doesn't need to be backported to stable
branches, drop the NSS option entirely.
Since NSS is going to be removed soon, drop the --without-nss as well.
It is never going to be enabled automatically.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Arnout: drop NSS option entirely, as suggested by Baruch Siach.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix CVE-2022-21716: Twisted is an event-based framework for internet
applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH
client and server implement is able to accept an infinite amount of data
for the peer's SSH version identifier. This ends up with a buffer using
all the available memory. The attach is a simple as `nc -rv localhost 22
< /dev/zero`. A patch is available in version 22.2.0. There are
currently no known workarounds.
https://github.com/twisted/twisted/releases/tag/twisted-22.2.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix CVE-2022-26495: In nbd-server in nbd before 3.24, there is an
integer overflow with a resultant heap-based buffer overflow. A value of
0xffffffff in the name length field will cause a zero-sized buffer to be
allocated for the name, resulting in a write to a dangling pointer. This
issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME
messages.
Fix CVE-2022-26496: In nbd-server in nbd before 3.24, there is a
stack-based buffer overflow. An attacker can cause a buffer overflow in
the parsing of the name field by sending a crafted NBD_OPT_INFO or
NBD_OPT_GO message with an large value as the length of the name.
https://github.com/NetworkBlockDevice/nbd/compare/nbd-3.21...nbd-3.24
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure on sparc v8 raised since commit
5770a645a3:
ERROR: detected a std::atomic implementation that fails for function pointers.
Please apply the patch corresponding to your Standard Library vendor, found in
qtbase/config.tests/atomicfptr
Fixes:
- http://autobuild.buildroot.org/results/5a2/5a20e984a5536165056b3fbd93b8712e8ddbeed4/build-end.log
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised on uclibc and musl since the
reintroduction of the package in commit
16ff948444:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: common/.libs/libolacommon.so: undefined reference to `backtrace'
Fixes:
- http://autobuild.buildroot.org/results/4362b20d786a0f44268ec32a689c23ac6d3b71c6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
As explained in the previous commit, AUTORECONF is necessary to handle a
build failure. Add a comment to make sure it doesn't get removed again
in the future.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This reverts commit 66d348ae18 because
for an unknown reason, the build fails if autoreconf is dropped:
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: warning: libolauartdmx.so.0, needed by olad/.libs/libolaserver.so, not found (try using -rpath or -rpath-link)
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: warning: libolaserverplugininterface.so.0, needed by olad/.libs/libolaserver.so, not found (try using -rpath or -rpath-link)
Fixes:
- http://autobuild.buildroot.org/results/f8164c69da0b9fa38081e8b785d8234f0f297ae1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit drop patches, as they are now included upstream or no longer
needed. It also introduces a new patch to fix a build failure for nios2.
MySQL include and library paths can now be provided in variables passed
to the build command. Variables MYSQL_{INC,LIB}DIR are renamed to
POCO_MYSQL_{INCLUDE,LIB}. For PostgreSQL support, variables
POCO_PGSQL_{INCLUDE,LIB} are also passed the same way to the build
command.
This poco version 1.11.1 introduces a new ActiveRecord component.
For changelog, see:
https://raw.githubusercontent.com/pocoproject/poco/poco-1.11.1-release/CHANGELOG
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
PostgreSQL support was introduced in poco v1.10.0, in commit:
8cec8f6451
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
For clarity, use the same names used in documentation, and component
selection in configure. Valid poco component names are defined in:
https://github.com/pocoproject/poco/blob/poco-1.11.1-release/components
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit reorders dependencies and Kconfig package options
alphabetically for better maintainability.
This commit does not change anything else.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch updates my email address in the DEVELOPERS file.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add some more cortexes with VHE, and enable aarch64.
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
s390x is supported since
3934308046
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Retrieve official tarball
- Fix CVE-2021-45769: A NULL pointer dereference in
AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850
v1.5.0 can lead to a segmentation fault or application crash.
- Fix many other vulnerabilities:
https://libiec61850.com/new-release-1-5-1-of-libiec61850
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When supporting multiple hardware targets, overlay_map.dtb might
be needed to map overlay names to one of several implementations [1].
If the correct overlay names are specified in config.txt, the map file
is not needed, but it also doesn't hurt.
[1] https://github.com/raspberrypi/documentation/blob/develop/documentation/asciidoc/computers/configuration/device-tree.adoc#the-overlay-map-file
Signed-off-by: Rutger Sassen <rsassen@comecer.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[Arnout: always install overlay_map.dtb]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
