Fix CVE-2023-35790: An issue was discovered in dec_patch_dictionary.cc
in libjxl before 0.8.2. An integer underflow in patch decoding can lead
to a denial of service, such as an infinite loop.
https://github.com/libjxl/libjxl/releases/tag/v0.8.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Julien Olivain <ju.o@free.fr>
Tested-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Improved accuracy of MARK timer, optional, default: 20 minutes.
- Fix sub-second faking of kernel timestamps
- Fix reading kernel logs from /proc/kmsg, regression in v2.4.0.
Only relevant to really old kernels (pre 4.4?) or systems with
static device nodes and no auto-devtmpfs mounting in kernel
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Sync w/ OpenBSD upstream
- Fix key bindings, Home/End
- Fix buffer overflow on no match in i-search
- Fix mark reset
- Usability:
- persistent help in status bar
- F1 toggle quick-help buffer
- F2 save
- F3/F4 macro start/end + run, like GNU Emacs
Full ChangeLog https://github.com/troglobit/mg/releases/tag/v3.7
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- add upstream patch for Unordered available on the Release Page.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2023-29132: Irssi 1.3.x and 1.4.x before 1.4.4 has a
use-after-free because of use of a stale special collector reference.
This occurs when printing of a non-formatted line is concurrent with
printing of a formatted line.
https://irssi.org/NEWS/#news-v1-4-4https://irssi.org/NEWS/#news-v1-4-3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libjxl was failing to build for riscv targets, since commit ff7c37e57
"package/libjxl: security bump to version 0.8.1". Build was failing with
output:
/build/libjxl-0.8.1/lib/jxl/enc_xyb.cc: In function 'jxl::Image3F jxl::N_SCALAR::TransformToLinearRGB(const jxl::Image3F&, const jxl::ColorEncoding&, float, const JxlCmsInterface&, jxl::ThreadPool*)':
/build/libjxl-0.8.1/lib/jxl/enc_xyb.cc:223:21: error: variable 'std::atomic<bool> ok' has initializer but incomplete type
223 | std::atomic<bool> ok{true};
| ^~
This build failure was due to a missing <atomic> header inclusion. For
some reason, the build failure was observed only with RISC-V toolchains.
This commit fixes the issue by adding an upstream commit, not yet in a
package release. See [1].
Fixes:
http://autobuild.buildroot.org/results/121/12107bc7aea7afae1d2fb935d31b44eee6ea1501
[1] 22d12d74e7
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU
packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can
remotely force the lldpd daemon to perform an out-of-bounds read on heap
memory. This occurs in cdp_decode in daemon/protocols/cdp.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This version fix build failure on Linux version < 5.15.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The quoting around the expansion of ${relative_dir} was indeed incorrect
since it was introduced back in 8fe9894f65 (suport/download: fix git
wrapper with submodules on older git versions): it is in fact already
quoted as part of the whole sed expression.
${GIT} can contain more than one item, but we don't care about splitting
on spaces when we just print it for debug, so we can just quote it
rather than add an exception.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit b7efb43e86 (download/git: try to recover from
utterly-broken repositories), we catch errors through an ERR
trap, so we can try and recover from a broken repository. In
that commit, we switched from using "set -e" to "set -E", so
that trap is inherited in functions, command substitutions,
and subshells.
However, the trap is not defined until we have parsed the
options, created the cache directory, and eventually chdir()ed
into it. Athough improbable, it is possible for the git helper
to fail in any of those steps, and that would not get caught.
Fix that
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When we generate the taballs off a local working copy of a VCS tree,
the umask is the one that we enforce in out top-level Makefile.
However, it is possible that a user manually tinkers in said working
copy (e.g. to check an upstream bug fix, or regression). If the user
umask is different from the one Buildroot enfirces, such tinkering
can impact the mode bits of the files, even if their content is not
modified.
When we eventually need to create a tarball from said working copy,
the VCS (e.g. git) will only be interested in checking whether the
content of the files have changed before chcking them out, and will
not look at, and restore/fix the mode bits.
As a consequence, we may create non-reproducible archives.
We fix that by enforcing the mode bits on the files before we create
the tarball: we disable the write and execute bits, and only set the
execute bit if the user execute bit is set.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commits 4e8b5f9bee [0], 6cfbd51d98 [1], and d838a416c4 [2],
the repository we clone from is the cgit browser, and it does not serve
the git tree, only the browser:
$ git clone https://code.qt.io/cgit/qt/qtcoap.git
Cloning into 'qtcoap'...
fatal: repository 'https://code.qt.io/cgit/qt/qtcoap.git/' not found
Browsing there displays the cgit UI, which gives a proper URI to clone
from; switch to using that. Things happened to "work" so far thanks to
sources.buildroot.net.
[0] 4e8b5f9bee package/qt5/qt5mqtt: bump version to 5.15.2 (and fix download)
[1] 6cfbd51d98 package/qt5/qt5coap: bump version to 5.15.2 (and fix download)
[2] d838a416c4 package/qt5/qt5knx: bump version to 5.15.2 (and fix download)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
CC: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Several of our patches have been accepted upstream and are included in
elf2flt version 2023.09.
Patch 0001-elf2flt-handle-binutils-2.34.patch is upstream as of commit
c70b9f208979 ("elf2flt: handle binutils >= 2.34").
Patch 0002-elf2flt.ld-reinstate-32-byte-alignment-for-.data-sec.patch is
upstream as of commit 679c94adf27c ("elf2flt.ld: reinstate 32 byte
alignment for .data section").
Patch 0003-elf2flt-add-riscv-64-bits-support.patch is upstream as of
commit c5c8043c4d79 ("elf2flt: add riscv 64-bits support").
Patch 0008-riscv64-add-more-relocations-required-to-be-handled.patch was
squashed into upstream commit c5c8043c4d79 ("elf2flt: add riscv 64-bits
support") during upstreaming.
Patch 0006-xtensa-fix-text-relocations.patch is upstream as of commit
26dfb54a59c8 ("elf2flt: xtensa: fix text relocations").
Patch 0007-elf2flt-remove-use-of-BFD_VMA_FMT.patch is upstream as of
commit a36df7407d9e ("elf2flt: remove use of BFD_VMA_FMT").
Patch 0004-elf2flt-create-a-common-helper-function.patch simply added
a helper function to make the changes in the follow-up patch
0005-elf2flt-fix-fatal-error-regression-on-m68k-xtensa-ri.patch
less intrusive.
Patch 0005-elf2flt-fix-fatal-error-regression-on-m68k-xtensa-ri.patch
is no longer needed as upstream has reverted the commit that necessitated
this patch, see upstream commit 35c692ca4546 ("Revert "elf2flt: fix for
segfault on some ARM ELFs""). The problem that the reverted upstream patch
solved is now instead solved by the combination of upstream commits
7a59b265c2dc ("Revert "elf2flt: fix relocations for read-only data"") and
a934fb42cf59 ("elf2flt: force ARM.exidx section into text").
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Tested-By: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The LuaJIT project switches to a rolling release scheme.
Now, the version contains the timestamp of its latest commit.
The timestamp can be seen in build log:
==== Successfully installed LuaJIT 2.1.1693350652 to /usr ====
diff COPYRIGHT:
-Copyright (C) 2005-2022 Mike Pall. All rights reserved.
+Copyright (C) 2005-2023 Mike Pall. All rights reserved.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Shellinabox configure fails to detect ptsname_r, because of the following warning
binutils 2.39+ emits:
ld: warning: crtend.o: missing .note.GNU-stack section implies executable stack
ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
Then the build errors out with:
shellinabox/launcher.c:772:12: error: static declaration of 'ptsname_r' follows non-static declaration
The same issue exist for cairo 1.16.0 and the detection of pthreads.
Fixes:
- http://autobuild.buildroot.net/results/3e4/3e478d22e820703ddfd11d1491e631ef8ed6b29b
- http://autobuild.buildroot.net/results/f60/f602ea17d5938a5beb81d07e13de75ba41d5f6a1
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If a patch only removes files, it is ignored. Meaning, that the
registered developer isn't automatically picked up when calling
get-developer.
Fix this by also checking if the line starts with ---, as a patch
removing a file has a line starting with --- with the name of the
removed file and one started with +++ /dev/null.
A set is used to store the changed files, which doesn't allow
duplicates. Therefore normal patches aren't affected by this change.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Starting from commit:
https://git.kernel.org/pub/scm/utils/mmc/mmc-utils.git/commit/?id=958227890690290ee766aaad1b92f3413f67048c
VERSION macro should be defined by mmc-utils Makefile itself but it doesn't
work in Buildroot because it needs to be in a git repository clone. So
let's mimic what they do in the Makefile by picking the first 6 SHA1 git
commit digits and set them to -DVERSION.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove 0001-add-disable-doc.patch (upstream applied, see [1])
For details see [2].
[1] 1dbc42684d
[2] https://github.com/brailcom/speechd/releases/tag/0.11.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update github organization name to nxp-imx which is being
redirected to.
Rename COPYING TO LICENSE.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When compiling with gcc 13, build fails with errors, such as:
In file included from /build/zynaddsubfx-3.0.6/src/Nio/NulEngine.h:21,
from /build/zynaddsubfx-3.0.6/src/Nio/NulEngine.cpp:14:
/build/zynaddsubfx-3.0.6/src/Nio/MidiIn.h:37:9: error: 'uint8_t' does not name a type
37 | uint8_t midiSysEx(unsigned char data);
| ^~~~~~~
Those gcc 13 changes were announced at:
https://gcc.gnu.org/gcc-13/porting_to.html#header-dep-changes
This commit fixes the issue by adding upstream patches, not yet
included in a release.
Fixes:
http://autobuild.buildroot.net/results/97b5a30c7be820ac91e745cf60f9b759e962aa5c
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ISC license hash changed due to text update:
d217a9b10e
Set new HAVE_LIBEBGENV and HAVE_LIBUBOOTENV env variables.
Apply latest updates to swupdate-usb@.service from:
d5f84e74aadac7b2d10e
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
