Commit b0306d94b2 forgot to update
cpio-2.13.tar.bz2 to cpio-2.14.tar.bz2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0694cef47b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 8519de517e (package/{glibc, localedef}: security bump to version
glibc-2.38-27-g750a45a783906a19591fb8ff6b7841470f1f5701) correctly mentioned
CVE-2023-4806 in the commit message, but forgot to add an ignore for it.
Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 62b767fd3e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Syslog-ng-uses pcre2 instead of pcre since 4.3.0 with:
cb6de08dc9
No autobuilder failures, as pcre2 is implicitly available through libglib2.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d932f84d9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cpe:2.3🅰️joseph_allen:joe is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/detail/5F530947-2060-4842-92B9-5BC61D9C5430
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2953cd2644)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version contains a fix for aarch64 based systems.
On such systems, dhcpcd would crash without setting any IP addresses.
See 6a36f96740
and https://github.com/NetworkConfiguration/dhcpcd/issues/260 for more
details.
Signed-off-by: David Barbion <davidb@230ruedubac.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1dfa4c56fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cpe:2.3🅰️x.org:xorg-server is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/detail/79A86C02-31A5-4F25-8CA6-7C4A8CD92B7B
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b80705800a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c55c1263ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9f342e4a67)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6f28c463cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 88a6cfefbf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d948714037)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit db9b4f3b0c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 74c32bfa5d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ca65df3da2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2024-0444: Heap-based buffer overflow in the AV1 codec parser when
handling certain malformed streams before GStreamer 1.22.9
https://gstreamer.freedesktop.org/security/sa-2024-0001.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3ee1148b00)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3407703f2c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6b7db1bf64)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e81d29d551)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2024-23770: Local Leak of Authentication Parameter in Process List
CVE-2024-23771: Basic Auth Timing Attack
https://security.opensuse.org/2024/01/22/darkhttpd-basic-auth-issues.html
Notice that CVE-2024-23770 is only documented as a known weakness, not
fixed.
Also change the license logic to use the dedicated COPYING file available
since 1.14:
a8ae2b1de0
This license is ISC, not MIT - So adjust DARKHTTPD_LICENSE to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0c7fd35947)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit c07aafa087 (package/Makefile.in: set GIT_DIR=. in {HOST,
TARGET}_MAKE_ENV) added GIT_DIR=. to TARGET_MAKE_ENV (which is included in
TARGET_CONFIGURE_OPTS) to work around issues with packages getting confused
when building in a subdir of the Buildroot git repo.
This unfortunately also causes git commands to fail when
output/host/environment-setup is sourced:
git status
fatal: not a git repository: '.'
So strip GIT_DIR= from TARGET_CONFIGURE_OPTS when generating
environment-setup.
Reported-by: Mircea Gliga <gliga.mircea@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 48874afb9d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without gbm raised since commit
534c22dd60:
Message: dmabuf-feedback requires gbm which was not found. If you rather not build this, drop "dmabuf-feedback" from simple-clients option.
Move the option assignment further down, below all the simple-clients
lists; in Makefile, and because we are usign simply expanded variables,
this is not necessary, but it is easier on us humans when we review the
code.
Also add a comment explaining why the initial list is incomplete.
Fixes:
- http://autobuild.buildroot.org/results/ebbba1d73ceeaacee17fde0c6c853415cd316091
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 611c0cb198)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From a report on the syslinux mailing list [0]:
The GNU linker now writes two segments of type PT_LOAD into the
program header. However, this is not supported by the wrapper
script that converts the shared object to an .efi executable.
As per comment in that file:
(...) Although there may be several LOAD program headers,
only one is currently copied.
A simple workaround I've found to work is to ask the linker to put
everything into one PT_LOAD program header.
The issue is ackowledged in the syslinux wiki page about building
syslinux [1]. This page refers to various resources, of which a Debian
patch [2].
This information is also referenced in #11861.
Fixes: #11861
[0] https://www.syslinux.org/archives/2018-August/026167.html
[1] https://wiki.syslinux.org/wiki/index.php?title=Building
[2] https://salsa.debian.org/images-team/syslinux/-/blob/debian/master/debian/patches/0017-single-load-segment.patch
Reported-by: Sam Lancia <sam@gpsm.co.uk>
Reported-by: Meliodas <meliodasren01@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e53a8593b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The NuGet packaging description file is installed as:
$(DEST_DIR)/build/native/hiredis.targets
This is a sprurious file that has nothing to do on a Linux system,
whether that be in host/, staging/, or target/.
Backport an upstream patch to get rid of it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 52f3793d46)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update to a new major release.
Release notes:
https://webkitgtk.org/2023/09/15/webkitgtk2.42.0-released.htmlhttps://webkitgtk.org/2023/09/27/webkitgtk2.42.1-released.htmlhttps://webkitgtk.org/2023/11/10/webkitgtk2.42.2-released.html
Security notes:
https://webkitgtk.org/security/WSA-2023-0008.html
- USE_JPEGXL is enabled by default now [1], so add a libjxl if used.
- ENABLE_GLES2 has been dropped, so drop it also here [2].
Instead, enable USE_OPENGL_OR_ES if libgles is present. Beware that also
libegl is needed for USE_OPENGL_OR_ES, but that one is most of the time a
dependency for libgles, so leave it out here.
- Also raise the minimal GCC version to 10.2, which is required since webkitgtk-2.42.x [3].
Similar to commit ec1ff802df,
we do check on >= GCC 10, because we can't check on >= GCC 10.2.
[1] 93865414f3
[2] cfe917fec4
[3] 133498aaee
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Tested-by: Adrian Perez de Castro <aperez@igalia.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c4abff80b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This was added upstream in commit:
22e4c03866
The 'USE_OPENGL_OR_ES' flag is default ON, which will enable 'USE_GBM',
so ensure that we unset 'USE_GBM' if we don't have libgbm.
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Tested-by: Adrian Perez de Castro <aperez@igalia.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c06c0197f9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libwep & wpebackend-fdo are mandatory if ENABLE_WAYLAND_TARGET and EGL_FOUND
2e35890b1f/Source/cmake/OptionsGTK.cmake (L388-L400)
egl is mandatory if ENABLE_WAYLAND_TARGET
2e35890b1f/Source/cmake/OptionsGTK.cmake (L462-L473)
So wpebackend-fdo (-> libwpe) has to be selected if BR2_PACKAGE_LIBGTK3_WAYLAND.
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Tested-By: Adrian Perez de Castro <aperez@igalia.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b9c0e48f68)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure in Thumb mode:
/tmp/ccfzn6FH.s:36: Error: selected processor does not support `smull r2,r3,r1,r0' in Thumb mode
Fixes:
- http://autobuild.buildroot.org/results/838808b4751244ee01cde6b8261212b49e511a32
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: reword comment slightly]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a338277608)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a small bugfix release, with a fix for a crash in the DRM/KMS
module that affects i.MX6 boards and probably others. Release notes:
https://wpewebkit.org/release/cog-0.18.2.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit afe633d6be)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
1) CVE-2023-6816 can be triggered by passing an invalid array index to
DeviceFocusEvent or ProcXIQueryPointer.
2) CVE-2024-0229 can be triggered if a device has both a button and a
key class and zero buttons.
3) CVE-2024-21885 can be triggered if a device with a given ID was
removed and a new device with the same ID added both in the same
operation.
4) CVE-2024-21886 can be triggered by disabling a master device with
disabled slave devices.
5) CVE-2024-0409 can be triggered by enabling SELinux
xserver_object_manager and running a client.
6) CVE-2024-0408 can be triggered by enabling SELinux
xserver_object_manager and creating a GLX PBuffer.
For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2024-January/003444.html
Switch to .tar.gz as the announcement mail only contained hashes for that:
https://lists.x.org/archives/xorg-announce/2024-January/003442.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 219178ef3e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
1) CVE-2023-6816 can be triggered by passing an invalid array index to
DeviceFocusEvent or ProcXIQueryPointer.
2) CVE-2024-0229 can be triggered if a device has both a button and a
key class and zero buttons.
3) CVE-2024-21885 can be triggered if a device with a given ID was
removed and a new device with the same ID added both in the same
operation.
4) CVE-2024-21886 can be triggered by disabling a master device with
disabled slave devices.
5) CVE-2024-0409 can be triggered by enabling SELinux
xserver_object_manager and running a client.
6) CVE-2024-0408 can be triggered by enabling SELinux
xserver_object_manager and creating a GLX PBuffer.
For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2024-January/003444.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b8d9e75eb8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e88823d667 (package/refpolicy: fix build with smartmontools) added
a 0001-policy-modules-services-smartmon.te-make-fstools-opt.patch patch, but
forgot to put it in the version specific sub directory - Breaking builds
using BR2_PACKAGE_REFPOLICY_CUSTOM_GIT as shown by the TestSELinuxCustomGit
test:
>>> refpolicy RELEASE_2_20200818 Extracting
gzip -d -c /builds/buildroot.org/buildroot/test-dl/refpolicy/refpolicy-RELEASE_2_20200818-br1.tar.gz | tar --strip-components=1 -C /builds/buildroot.org/buildroot/test-output/TestSELinuxCustomGit/build/refpolicy-RELEASE_2_20200818 -xf -
>>> refpolicy RELEASE_2_20200818 Patching
Applying 0001-policy-modules-services-smartmon.te-make-fstools-opt.patch using patch:
patching file policy/modules/services/smartmon.te
Hunk #1 FAILED at 143.
1 out of 1 hunk FAILED -- saving rejects to file policy/modules/services/smartmon.te.rej
make[1]: *** [package/pkg-generic.mk:241: /builds/buildroot.org/buildroot/test-output/TestSELinuxCustomGit/build/refpolicy-RELEASE_2_20200818/.stamp_patched] Error 1
https://gitlab.com/buildroot.org/buildroot/-/jobs/5929796183
Fix it by moving the patch to a versioned sub directory.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bde468127c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Update hash of COPYING (update in year)
- This bump will fix the following musl build failure raised since bump
to version 384 in commit 164d635f37:
./main.c:802:34: error: 'TAB3' undeclared here (not in a function); did you mean 'TAB0'?
802 | { -1, XTTYMODE__tabs, TAB3 },
| ^~~~
| TAB0
https://invisible-island.net/xterm/xterm.log.html#xterm_389
Fixes:
- http://autobuild.buildroot.org/results/51f98577b851bdbb0a0ab93c9ef94977776c1b1b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6a49c39492)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
see CVE-2024-0553: Fix more timing side-channel inside RSA-PSK key exchange
see CVE-2024-0567: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b136bed2fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The help text is currently copy and pasted from the gstreamer video
player plugin help text. Change it to reflect the text from the
CMakeLists.txt file.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7437cad018)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 99a50a8c98 (package/flutter-pi: new package) erroneously made
the gstreamer-based audio plugin depend on GLES, although there is no
such requirement defined in the CMakeLists. This error was likely due to
a copy/paste mistake.
Remove the requirement.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 07c1329814)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since the addition of the package
in commit 6aa1bc3167:
In file included from /home/buildroot/autobuild/run/instance-3/output-1/build/vulkan-loader-1.3.262/loader/extension_manual.h:24,
from /home/buildroot/autobuild/run/instance-3/output-1/build/vulkan-loader-1.3.262/loader/extension_manual.c:23:
/home/buildroot/autobuild/run/instance-3/output-1/host/aarch64-buildroot-linux-gnu/sysroot/usr/include/vulkan/vulkan.h:71:10: fatal error: X11/extensions/Xrandr.h: No such file or directory
71 | #include <X11/extensions/Xrandr.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/55ddfd44393e3bcc2f25bad2f9ecb7e1b142a985
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Tested-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3b8b1125ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The variable should be a YES/NO value, FALSE is not a valid value.
E.g. the yesno-to-bool cmd does not translate a FALSE value and therefore returns invalid JSON.
Signed-off-by: Maximilian Senftleben <maximilian.senftleben@frogblue-tec.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9fa01e3097)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
