The shebang in check-package now defines python3. There is no longer a
need to maintain support with python 2.x.
See-also: 02b165dc71 (check-package: fix Python3 support)
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Tested-by: James Knight <james.d.knight@live.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b7d4ae98fa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For years already, $(HOST_DIR)/usr is deprecated. Install directly in
$(HOST_DIR). This will trigger a check-package error in the following
commit.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 47910ccc36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Move RUSTFLAGS for host builds to HOST_PKG_CARGO_ENV so that they
are set for host cargo builds which don't use the cargo infrastructure,
e.g. python packages that include rust code.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit d775b2ac05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mdadm contains various udev rules to manage RAID assembly and create
symlinks, install them if udev (or equivalent) is enabled.
Signed-off-by: Simon Rowe <simon.rowe@nutanix.com>
[Arnout: use MDADM_INSTALL_TARGET_OPTS for install-bin as well]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 0385719706)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Link to Rust 1.67.1 announcement: https://blog.rust-lang.org/2023/02/09/Rust-1.67.1.html
Drop patch which is now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 792f197517)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes, from https://github.com/troglobit/libite/releases/tag/v2.5.3
- rsync() does not copy single files correctly
- copyfile() does not handle empty source files correctly (error)
- copyfile() does not properly create destination dir
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit be44dcf695)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The version of U-Boot must be explicitly set because if you keep the
default setting, the bootloader is continuously updated in buildroot with
the risk of building a non-working image.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 924b163b1e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The matio package exhibits gcc bug 99410 when built for the Nios2
architecture with optimization enabled, which causes a build failure.
As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_99410=y.
Fixes:
http://autobuild.buildroot.net/results/971/9714160b80a0d1a01983d29af38a95049c07b4d3/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 97f8cc355b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.19.8 (released 2023-04-04) includes security fixes to the go/parser,
html/template, mime/multipart, net/http, and net/textproto packages, as well as
bug fixes to the compiler, the linker, the runtime, and the time package.
Fixes security vulnerabilities:
go/parser: infinite loop in parsing (CVE-2023-24537)
html/template: backticks not treated as string delimiters (CVE-2023-24538)
net/http, net/textproto: denial of service from excessive memory
allocation (CVE-2023-24534)
net/http, net/textproto, mime/multipart: denial of service from excessive
resource consumption (CVE-2023-24536)
https://go.dev/doc/devel/release#go1.19.8https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ACherryPickApproved
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b7eaa9af7b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release contains some fixes and small improvements. For the
full list see:
https://github.com/moby/moby/releases/tag/v23.0.3
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0d8d348826)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixed a number of issues that can cause Swarm encrypted overlay networks
to fail to uphold their guarantees, addressing CVE-2023-28841,
CVE-2023-28840, and CVE-2023-28842.
https://github.com/moby/moby/releases/tag/v23.0.3
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 238d494687)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release contains some fixes and small improvements. For the
full list see:
https://github.com/moby/moby/releases/tag/v23.0.2
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 413a28940b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2023-26054: (Buildkit): Credentials inlined to Git URLs could end up
in provenance attestation
https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc
In addition, a number of issues have been fixed. For the full list, see:
https://github.com/moby/moby/releases/tag/v23.0.2
Signed-off-by: Stefan Agner <stefan@agner.ch>
[Peter: Mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cebd1389f4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is the fifth patch release in the 1.1.z series of runc, which fixes
three CVEs found in runc.
CVE-2023-25809 is a vulnerability involving rootless containers where
(under specific configurations), the container would have write access to the
/sys/fs/cgroup/user.slice/... cgroup hierarchy. No other hierarchies on the host
were affected. This vulnerability was discovered by Akihiro Suda.
GHSA-m8cg-xc2p-r3fc
CVE-2023-27561 was a regression which effectively re-introduced CVE-2019-19921.
This bug was present from v1.0.0-rc95 to v1.1.4. This regression was discovered
by Beuc. GHSA-vpvm-3wq2-2wvm
CVE-2023-28642 is a variant of CVE-2023-27561 and was fixed by the same patch.
This variant of the above vulnerability was reported by Lei Wang.
GHSA-g2j6-57v7-gm8c
In addition, the following other fixes are included in this release:
- Fix the inability to use /dev/null when inside a container
- Fix changing the ownership of host's /dev/null caused by fd redirection
- Fix rare runc exec/enter unshare error on older kernels, including CentOS < 7.7
- nsexec: Check for errors in write_log()
https://github.com/opencontainers/runc/releases/tag/v1.1.5
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 52976c54f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without BR2_PACKAGE_SNMPPP_SNMPV3 raised
since bump to version 3.5.0 in commit
e011fa0415:
msgqueue.cpp: In member function 'int Snmp_pp::CSNMPMessage::ResendMessage()':
msgqueue.cpp:263:34: error: 'version3' was not declared in this scope; did you mean 'version1'?
263 | if (m_target->get_version() == version3) {
| ^~~~~~~~
| version1
Fixes:
- http://autobuild.buildroot.org/results/8ef3e4407a51c53c15e530606227338761dd905b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Tested-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a45f2af7fa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
- http://autobuild.buildroot.net/results/c92a3df1bc73e00e1e4493500bfb7277cf5064ee
.../build/flann-1.9.2/src/cpp/flann/util/lsh_table.h:367:5: error: 'random_device' is not a member of 'std'
std::random_device rd;
^
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 16cd9494ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The value of the RM variable in make is 'rm -f' [0], thus the additional
-f is redundant. Avoid it on the docs to avoid developers taking it as a
good example to follow.
[0] https://www.gnu.org/software/make/manual/make.html#index-RM
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9a3d4e3818)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The value of the RM variable in make is 'rm -f' [0], thus the additional
-f is redundant.
[0] https://www.gnu.org/software/make/manual/make.html#index-RM
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 37e63bb2c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 05d3fdfd13)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2b2a679dfb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From [1]:
* sshd(8): fix a pre-authentication double-free memory fault
introduced in OpenSSH 9.1. This is not believed to be exploitable,
and it occurs in the unprivileged pre-auth process that is
subject to chroot(2) and is further sandboxed on most major
platforms.
* ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen option
would ignore its first argument unless it was one of the special
keywords "any" or "none", causing the permission list to fail open
if only one permission was specified. bz3515
* ssh(1): if the CanonicalizeHostname and CanonicalizePermittedCNAMEs
options were enabled, and the system/libc resolver did not check
that names in DNS responses were valid, then use of these options
could allow an attacker with control of DNS to include invalid
characters (possibly including wildcards) in names added to
known_hosts files when they were updated. These names would still
have to match the CanonicalizePermittedCNAMEs allow-list, so
practical exploitation appears unlikely.
From [2]:
* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.
* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.
The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.
[1] https://www.openssh.com/txt/release-9.2
[2] https://www.openssh.com/txt/release-9.3
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 68ca5f1e1f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2023-22432: Open redirect vulnerability exists in web2py
versions prior to 2.23.1. When using the tool, a web2py user may be
redirected to an arbitrary website by accessing a specially crafted URL.
As a result, the user may become a victim of a phishing attack.
https://github.com/web2py/web2py/compare/v2.23.0...v2.23.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 11f8c11dfb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fixed (security) [APP-70]: Memory leak in MibLeaf::set if same OID is set
twice in the same PDU.
- Fix the following build failure raised since bump of snmppp to version
3.5.0 in commit e011fa0415:
snmp_pp_ext.cpp: In member function 'int Agentpp::Snmpx::send(const Agentpp::Pdux&, Snmp_pp::SnmpTarget*)':
snmp_pp_ext.cpp:1172:47: error: binding reference of type 'Snmp_pp::Pdu&' to 'const Snmp_pp::Pdu' discards qualifiers
1172 | status = snmpmsg.loadv3(Snmp::get_mpv3(), pdu, engine_id, security_name,
|
Fixes:
- http://autobuild.buildroot.net/results/d7347b8b3953596b66da6ca6d85f084fb427934c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5f06ecf5e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2023-1161: ISO 15765 and ISO 10681 dissector crash in Wireshark
4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet
injection or crafted capture file
https://www.wireshark.org/security/wnpa-sec-2023-08.htmlhttps://www.wireshark.org/news/20230302.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9d39b2aed2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2023-27371: GNU libmicrohttpd before 0.9.76 allows remote DoS
(Denial of Service) due to improper parsing of a multipart/form-data
boundary in the postprocessor.c MHD_create_post_processor() method. This
allows an attacker to remotely send a malicious HTTP POST packet that
includes one or more '\0' bytes in a multipart/form-data boundary field,
which - assuming a specific heap layout - will result in an
out-of-bounds read and a crash in the find_boundary() function.
https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3b645ffda6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The impetus for this change was that wget fails to load pages signed by
Let's Encrypt due to missing root certs. This version has the updated and
correct certs.
0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
Patch dropped because the fix is incorporated upstream.
Signed-off-by: Steve Hay <me@stevenhay.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f5c8bd430)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
rtl8189fs branch is specific for rtl8189fs controller and diverged from
master so let's switch branch from master to rtl8189s to fix runtime
failure.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Tested-by: Indrek Kruusa <indrek.kruusa@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5b1e431500)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Use daemon name (bluetoothd) as file name.
- Script doesn't need to be executable.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 456204e7e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
- http://autobuild.buildroot.net/results/fdf2b2eb252a24e81bddad1c81c4fdfb03dc0afe
.../build/qt6base-6.4.2/src/plugins/tls/openssl/qdtls_openssl.cpp: In member function 'bool dtlsopenssl::DtlsState::initCtxAndConnection(QDtlsBasePrivate*)':
.../build/qt6base-6.4.2/src/plugins/tls/openssl/qdtls_openssl.cpp:669:9: error: 'q_SSL_set_psk_server_callback' was not declared in this scope; did you mean 'q_SSL_set_psk_use_session_callback'?
669 | q_SSL_set_psk_server_callback(newConnection.data(), dtlscallbacks::q_PSK_server_callback);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| q_SSL_set_psk_use_session_callback
.../build/qt6base-6.4.2/src/plugins/tls/openssl/qdtls_openssl.cpp:671:9: error: 'q_SSL_set_psk_client_callback' was not declared in this scope; did you mean 'q_SSL_set_info_callback'?
671 | q_SSL_set_psk_client_callback(newConnection.data(), dtlscallbacks::q_PSK_client_callback);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| q_SSL_set_info_callback
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 971ae7b266)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When running "make check-package" on a system with shellcheck 0.9.0,
the command fails with output:
make check-package
package/linux-tools/S10hyperv:0: run 'shellcheck' and fix the warnings
...
2 warnings generated
This commit fixes the warnings reported by the command:
shellcheck package/linux-tools/S10hyperv
This commit also fixes the four-space indent by a single tab on the
changed lines. Since this fixes the indentation warnings of
check-package, the Indent exclusion in .checkpackageignore is also
removed.
Fixes:
In package/linux-tools/S10hyperv line 27:
return $ret
^--^ SC2086 (info): Double quote to prevent globbing and word splitting.
In package/linux-tools/S10hyperv line 48:
return $ret
^--^ SC2086 (info): Double quote to prevent globbing and word splitting.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c4173d8b08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bagas is keen to maintain git package for Buildroot. However, due to
limited resources available, he can only do testing as far as
build testing. Other developers are needed to help him maintain the
package.
Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 562cf1fbdb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.19.7 (released 2023-03-07) includes a security fix to the
crypto/elliptic package, as well as bug fixes to the linker, the runtime,
and the crypto/x509 and syscall packages.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ensure time_t is defined to fix the following collectd build failure on
musl:
src/nut.c:40:2: error: #error "Unable to determine the UPS connection type."
40 | #error "Unable to determine the UPS connection type."
| ^~~~~
src/nut.c:46:3: error: unknown type name 'collectd_upsconn_t'
46 | collectd_upsconn_t *conn;
| ^~~~~~~~~~~~~~~~~~
libupsclient is an optional dependency of nut plugin since version
5.10.0 of collectd and
bc2d94024d
Fixes:
- http://autobuild.buildroot.org/results/22b758097e8fb72c68e41329cbc7abc748d81ca6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without threads raised since bump to
version 22.11 in commit 6f848c068f:
In file included from /home/buildroot/autobuild/instance-3/output-1/build/rtl_433-22.11/src/data_tag.c:17:
/home/buildroot/autobuild/instance-3/output-1/build/rtl_433-22.11/include/mongoose.h:407:10: fatal error: pthread.h: No such file or directory
407 | #include <pthread.h>
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/9f1677fc5a4568be0b9c121060c5d821ac2ae21b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
