The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the
NewReader and OpenReader functions in archive/zip can still cause a panic or an
unrecoverable fatal error when reading an archive that claims to contain a large
number of files, regardless of its actual size.
This is CVE-2021-39293.
https://golang.org/doc/devel/release.html#go1.16.minor
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Explicitly indicate the file encoding to UTF-8 for the DEVELOPERS
document. This prevents Unicode decoding errors when printing E-Mail
entries with Unicode characters on systems using an alternative default
encoding (e.g. 'CP1252').
This corrects the following observed error:
$ ./utils/get-developers outgoing/*
Traceback (most recent call last):
File "utils\get-developers", line 105, in <module>
__main__()
File "utils\get-developers", line 47, in __main__
devs = getdeveloperlib.parse_developers()
File "...\buildroot\utils\getdeveloperlib.py", line 239, in parse_developers
for line in f:
File "...\Python<ver>\lib\encodings\cp1252.py", line 23, in decode
return codecs.charmap_decode(input,self.errors,decoding_table)[0]
UnicodeDecodeError: 'charmap' codec can't decode byte 0x81 in position 6659: character maps to <undefined>
Signed-off-by: James Knight <james.d.knight@live.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump to version 2.9.3:
This is a small bugfix release focusing on exfat and dosfstools upstream
changes, along with a couple of test fixes.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When BR2_PACKAGE_IMX_GPU_VIV_OUTPUT_FB is selected, the native windowing
will be set to vivante frame buffer.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mali-t76x frame buffer driver requires a "null" native windowing
system. With such a system, the default EGL display is selected.
Fixes:
http://autobuild.buildroot.net/results/4a579346463d0d946d6d2a05723270135d728981
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes since v2019.08.23:
- Some X11 improvements (fullscreen support)
- New EGL driver debug messages
- Wayland improvements (xdg_shell, fullscreen support)
- KMS/DRM/GBM improvements (use drmGetDevices2())
- Use eglGetPlatformDisplay() if available
- New "nullws" native windowing system
- License hash changed due to copyright date update
Fixes:
http://autobuild.buildroot.net/results/a950e90d5f8405534566df5c7a8875c293cf8845
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mosquitto 2.0.12 is a security and bugfix release, notably:
* Fix possible DoS in the broker with MQTTv5
* Fix CVE-2020-13849
* Fix CVE-2021-34434
Read the full announcement on
https://mosquitto.org/blog/2021/08/version-2-0-12-released/
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failures with gcc 11:
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/build/drivers/drivers.o: in function `psmouse_extensions':
/home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `lifebook_detect'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `alps_detect'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `ps2pp_init'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `trackpoint_detect'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `fsp_detect'
Fixes:
- http://autobuild.buildroot.org/results/69062b9c80567d135edd48890165e69881cf7295
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build with python 2 is broken since bump to version 0.22.0 in commit
0adb141d34:
error: File "/usr/lib/python2.7/site-packages/pyudev/_ctypeslib/utils.py", line 54
lib = cdll.LoadLibrary(f'lib{name}.so')
^
SyntaxError: invalid syntax
Fixes:
- http://autobuild.buildroot.org/results/8b35ca6910dfd881953968f8d88ac842d57c9262
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following uclibc build failure raised since at least bump to
version 0.11.0 in commit 0bc9c89612:
In file included from ../include/wlr/types/wlr_data_device.h:13,
from ../types/data_device/wlr_drag.c:7:
../include/wlr/types/wlr_seat.h:221:18: error: field 'last_event' has incomplete type
221 | struct timespec last_event;
| ^~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/3501ceb4290638b2f6d70aaa4d8ce74feec3a525
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fix the following build failure on riscv32:
In file included from thread/qmutex_linux.cpp:45,
from thread/qmutex.cpp:804:
thread/qfutex_p.h: In function 'int QtLinuxFutex::_q_futex(int*, int, int, quintptr, int*, int)':
thread/qfutex_p.h:116:30: error: '__NR_futex' was not declared in this scope; did you mean '_q_futex'?
116 | int result = syscall(__NR_futex, addr, op | FUTEX_PRIVATE_FLAG, val, val2, addr2, val3);
| ^~~~~~~~~~
| _q_futex
Fixes:
- http://autobuild.buildroot.org/results/ffedfc000029072d5d724e98ab4551fe973658ce
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fix the following build failure raised since bump of libglib2 to version
2.68.1 in commit c72524fb1b:
../gstreamer/gstreamermm/register.h: In function 'GType Gst::register_mm_type(const gchar*)':
/home/buildroot/autobuild/run/instance-2/output-1/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/glib-2.0/glib/gatomic.h:117:19: error: argument 2 of '__atomic_load' must not be a pointer to a 'volatile' type
117 | __atomic_load (gapg_temp_atomic, &gapg_temp_newval, __ATOMIC_SEQ_CST); \
| ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/1c75cdcc183642fd4c15d56825848b83f2ad11a5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
The configure script fails to detect libpcap in static build because it
does not take into account the libnl dependency on link. As a result the
configure script silently disables mausezahn build even when
BR2_PACKAGE_NETSNIFF_NG_MAUSEZAHN is enabled. Add upstream patch to use
pkg-config for libpcap link flags.
Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to
avoid a potential race condition.
- bpo-41180: Add auditing events to the marshal module, and stop raising
code.__init__ events for every unmarshalled code object. Directly
instantiated code objects will continue to raise an event, and audit event
handlers should inspect or collect the raw marshal data. This reduces a
significant performance overhead when loading from .pyc files.
- bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to
get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This
copy is most used on Windows and macOS.
- bpo-43124: Made the internal putcmd function in smtplib sanitize input for
presence of \r and \n characters to avoid (unlikely) command injection.
https://www.python.org/downloads/release/python-397/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with fortran raised since bump to
version 4.0.0 in commit 366e7f1ecb and
99730f798b:
checking size of Fortran type(test_mpi_handle)... (cached) 4
checking alignment of Fortran type(test_mpi_handle)... configure: error: Can not determine alignment of type(test_mpi_handle) when cross-compiling
Fixes:
- http://autobuild.buildroot.org/results/86ffde2f67ffc0bfaeebe72fe742a5c241bc580b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Though several cross-compilation patches exist in buildroot's nginx
package dir they do not seem to address endianness.
The test program generated by the configure script compiles but fails
to run (as it is built for another architecture) but the script does
not distinguish between the failure to run the program and an
indication of certain endianness. As such the fallback of big-endian
is used. This setting then causes http2 headers (anything not in the
static dictionary) to come out as undecipherable trash on 64bit
targets (see ngx_http_v2_huff_encode_buf()).
This commit includes a patch to the configure script to allow a
`--force-endianness=big|little` flag as well as setting that flag in
buildroot's package makefile.
Signed-off-by: Nevo Hed <nhed+buildroot@starry.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Find libxcryt through pkg-config to avoid the following build failure:
/home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/riscv64-buildroot-linux-musl/10.2.0/../../../../riscv64-buildroot-linux-musl/bin/ld: .libs/passverify.o: in function `.L30':
passverify.c:(.text+0x368): undefined reference to `crypt_checksalt'
Fixes:
- http://autobuild.buildroot.org/results/20b14e222b35c2d1269960075832b784ba81aa1a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Quoting https://www.php.net/
"This is a security fix release."
Changelog: https://www.php.net/ChangeLog-8.php#8.0.10
CVE-ID were not mentioned in any of the fixed bugs.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with nodejs raised since bump to version
12.22.5 in commit 7038b029d8:
../src/cares_wrap.cc:42:11: fatal error: ares_nameser.h: No such file or directory
42 | # include <ares_nameser.h>
| ^~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/a0f867d5e765fc1aa052de5e53ed350b3b20743f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- NodeJS passes NULL for addr and 0 for addrlen to
ares_parse_ptr_reply() on systems where malloc(0) returns NULL. This
would cause a crash.
- If ares_getaddrinfo() was terminated by an ares_destroy(), it would
cause a crash
- Crash in sortaddrinfo() if the list size equals 0 due to an unexpected
DNS response
- Expand number of escaped characters in DNS replies as per RFC1035 5.1
to prevent spoofing follow-up
- Perform validation on hostnames to prevent possible XSS due to
applications not performing valiation themselves
https://c-ares.haxx.se/changelog.html#1_17_2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some 3rd party vendor toolchains have multiple files which match
these glob patterns. In this case, the shell script failed.
Switching to use find and xargs solves the issue.
Signed-off-by: Jonah Petri <jonah@petri.us>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
rwmem is small tool to read & write device registers. Some of the
features include:
- support mmaped and i2c devices
- addressing with 8/16/32/64 bit addresses
- accessing 8/16/32/64 bit memory locations
- little and big endian addressess and accesses
- bitfields
- address ranges
- register description database
Python bindings are disabled for now.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The Qt OPC UA module implements a Qt API to interact with OPC UA on
top of a 3rd party OPC UA stack.
The default is open62541, which is bundled by qt5opcua in version 1.0,
so we dont need to provide/depend on br's own open62541 package.
Another dependency is mbedtls, but it's optional.
Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Vue Router is the official router for Vue.js.
Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
[Arnout: use comment instead of submenu]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>