Fix CVE-2020-14382: A vulnerability was found in upstream release
cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code,
that is effectively invoked on every device/image presenting itself as
LUKS2 container. The bug is in segments validation code in file
'lib/luks2/luks2_json_metadata.c' in function
hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
where the code does not check for possible overflow on memory allocation
used for intervals array (see statement "intervals = malloc(first_backup
* sizeof(*intervals));"). Due to the bug, library can be *tricked* to
expect such allocation was successful but for far less memory then
originally expected. Later it may read data FROM image crafted by an
attacker and actually write such data BEYOND allocated memory.
https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.4-ReleaseNotes
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version) and so autoreconf
- Update hash of COPYING (explicitly mention that the rpmio/ sub dir is
under LGPL:
d5c69756cf)
- sqlite is an optional dependency since
07129b641b
- rpm can be built without berkeleydb since
4c7323f69b
It should be noted that berkeleydb is deprecated since
fc0169eb03
- Update indentation in hash file (two spaces)
https://rpm.org/wiki/Releases/4.16.0.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mosquitto nowadays works correctly with libressl, so allow that as the
openssl backend as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add optional gst1-rtsp-server dependency as checked for in
gst1-devtools-1.18.0/validate/tools/meson.build.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove patches that are already upstrem
- modified and renumbered existing patch
- add CROSS_COMPILE make arg
- update hashfile for new version
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Refresh first patch
- Drop second patch, not needed since
5c725d5050
- Drop BR2_PACKAGE_GEOIP dependency as suricata switched to GeoIP2, see
a291209e47
- jansson is now a mandatory dependency, see
e49c40428e
- rustc is now a mandatory dependency, see
75429bbe3e
EOL date of 4.1 branch is December 31st, 2020.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a follow-up to 4027ba29f4 ("package/nginx: use /run for
PIDFile"), in which we missed that nginx is still built with /var/run
paths.
This commit changes the compile options to use /run instead of
/var/run for pid and lock file to make it consistent.
Further dropping the passing of the pid option in the service file as
this isn't neccessary. Neither debian nor nginx default .service does
it.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
go1.15.3 (released 2020/10/14) includes fixes to cgo, the compiler, runtime, the
go command, and the bytes, plugin, and testing packages.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a minor release which fixes a few build and networking issues.
Release notes:
https://wpewebkit.org/release/wpewebkit-2.30.2.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add missing semicolon for linux kernel verson < 5.6.x compile introduced
by patch 0006-rtw_proc-convert-file_operations-to-proc_ops-for-5.6.patch.
Fixes:
os_dep/linux/rtw_proc.c:195:1: error: expected ‘,’ or ‘;’ before ‘int’
195 | int rtw_drv_proc_init(void)
| ^~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a minor release which fixes a few build and networking issues.
Release notes:
https://webkitgtk.org/2020/10/23/webkitgtk2.30.2-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
WebKit's JavaScriptCore does not support using JIT nor the LLint
interpreter on ARMv5 and ARMv6, so add those two cases when checking
for target CPUs which need to use the CLoop interpreter.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The ENABLE_C_LOOP option conflicts with ENABLE_SAMPLING_PROFILER, so
the WebKit CMake build system will emit an error when both are enabled
at the same time. To avoid hitting that situation, explicitly disable
ENABLE_SAMPLING_PROFILER as needed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
WebKit's JavaScriptCore does not support using JIT nor the LLint
interpreter on ARMv5 and ARMv6, so add those two cases when checking
for target CPUs which need to use the CLoop interpreter.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The ENABLE_C_LOOP option conflicts with ENABLE_SAMPLING_PROFILER, so
the WebKit CMake build system will emit an error when both are enabled
at the same time. To avoid hitting that situation, explicitly disable
ENABLE_SAMPLING_PROFILER as needed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
this way zcip will work out of the box when configured
Signed-off-by: Sven Oliver Moll <buildroot@svol.li>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Docker developers appear to no longer be tagging releases on the
docker/engine repository on GitHub, but are tagging releases on the main
moby/moby repository, which still is the true home of "dockerd."
This commit changes the upstream repo to moby/moby with no changes required.
Signed-off-by: Christian Stewart <christian@paral.in>
v1 -> v2:
- updated hash
- changed upstream to moby/moby
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hash of the NOTICE file has changed due to the following minor update:
-Exceptions to the Apache 2.0 License:
-=====================================
+(Optional) Exceptions to the Apache 2.0 License:
+================================================
Also update hash file formatting (2 spaces)
See changelog https://github.com/michaelrsweet/mxml/releases/tag/v3.2
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2020-24890: libraw 20.0 has a null pointer dereference
vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may
result in context-dependent arbitrary code execution.
https://www.libraw.org/news/libraw-0-20-2-Release
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
zlib is required to build s390-tools and cannot be disabled for now
due to libvmdump.
Fixes:
$BUILD_DIR/host/bin/s390x-buildroot-linux-gnu-g++ ... -c vmdump_convert.cpp -o vmdump_convert.o
lkcd_dump.cpp:15:10: fatal error: zlib.h: No such file or directory
15 | #include <zlib.h>
| ^~~~~~~~
compilation terminated.
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* removed patch 0003 as it is now in upstream
* removed patch 0002 as the logic has been reworked
* adjusted patch 0001 offset
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>