Fixes the following security vulnerability:
- CVE-2024-4323: A memory corruption vulnerability in Fluent Bit versions
2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing
of trace requests and may result in denial of service conditions,
information disclosure, or remote code execution.
https://fluentbit.io/announcements/v2.2.3/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even though the "no-engine" option effectively disables the compilation
of the engine, it still creates the installation directory, which ends up
being empty. For this reason, the patch does not remove the hook for
removing the directory if the BR2_PACKAGE_LIBOPENSSL_ENGINES option is
not enabled.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 623d3bbe43e9193aa8e3395367d01af59071b859)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With version 3.2.0 of OpenSSL, the "no-apps" configuration option was
added, which does not build apps, e.g. the openssl program. This is
handy for minimization. This option also disables tests.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e0bdc5ddb8a64e89709db72ad550334618cc0c0c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patch expresses the same condition in positive logic, consistent
with what has been coded in other parts of the module and generally
in Buildroot.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c2761b52663155e9247dc23350f7159493837d0e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The bump to version 3.0.9 in commit 3c66f65a6a (package/libopenssl:
bump version to 3.0.9), and all subsequent updates, forgot to change
the directory name, which remained that of version 1.1. The patch
fixes the directory name to be consistent with the version.
In the case the library was not built with engine support, this resulted
in the presence of files in the root file system that should have been
removed.
Fixes: 3c66f65a6a
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7f9291bfe4db9f840fe0e3c4b0df2ff4acd9560c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit f77d698f83 changed apply-patches to
use $TAR instead of `tar`, but did not define a fallback if $TAR is not
defined. This results in an error when calling apply-patches.sh from
outside Buildroot's Makefile. Our team uses this script to setup local
checkouts of Buildroot package's with patches for development.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 118c824b565442bfe1d4ae1c0a39d330e624b854)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Note that here, it is in fact not really relevant. We only extract a
tarball, and we don't use any "modern" or GNU-only options like
--strip-components. However, for consistency it's better to use the same
tar everywhere.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: "Maier, Brandon L Collins" <Brandon.Maier@collins.com>
Reviewed-by: brandon.maier@collins.com
[Arnout: quote TAR="..."]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit f77d698f83)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
================================================================================
Redis 7.2.5 Released Thu 16 May 2024 12:00:00 IST
================================================================================
Upgrade urgency MODERATE: Program an upgrade of the server, but it's not urgent.
Bug fixes
=========
* A single shard cluster leaves failed replicas in CLUSTER SLOTS instead of removing them (#12824)
* Crash in LSET command when replacing small items and exceeding 4GB (#12955)
* Blocking commands timeout is reset due to re-processing command (#13004)
* Conversion of numbers in Lua args to redis args can fail. Bug introduced in 7.2.0 (#13115)
Bug fixes in CLI tools
======================
* redis-cli: --count (for --scan, --bigkeys, etc) was ignored unless --pattern was also used (#13092)
* redis-check-aof: incorrectly considering data in manifest format as MP-AOF (#12958)
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 61a7edc0c89b336d63551469f5a2291418fdbc19)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2bf45fa99c09302c4d313b79ae7b165a958e354e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It is perfectly valid for a patch file to have trailing spaces, when for
example an empty or space-only line is appears in a hunk: if the line if
part of the context, whether it be empty or with only spaces, there will
aways be the leading space introduced by the patch itsef, making for a
sapce-only line; if the line is space-only and removed (or added) that
will also appear as a space-only line.
Currently, our editorconfig wants to unconditionally drop trailing
spaces, so when one edits a patch file to add their SoB and Upstream
tags, such a patch would get badly mangled and would not apply, causing
quite some grief and questioning (sad experience looming in the recent
past here)...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 85736a27c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The matching in genrandconfig is idiomatically done by matching whole
lines, i.e. with the terminating \n but a few places are missing that.
Those are only matching against '=y', a boolean symbol, so it is in
practice not causing any issue. Still, for consistency, fix those.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8b8f5e3366)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Previously, when running `PYTHON3_REMOVE_USELESS_FILES`, the hook to
clean up files from the python config directory assumed a pattern of
"config-$(VERSION)m-$(PLATFORM_TRIPLET)".
However, the "m" ABI suffix was dropped in python 3.8, so the hook would
never actually find files to delete. No error was raised due to the use
of a subshell to invoke find.
Also, if a platform triplet is not detected during the configure stage,
the config directory (LIBPL) defaults to `config-$VERSION`, and has no
trailing `-$PLATFORM_TRIPLET`.
Now, we glob anything after the version to ensure files get deleted.
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a1efb5427b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When running a test that uses host-python-setuptools using the Buildroot
Docker image, for example running the following command,
> ./utils/docker-run ./support/testing/run-tests -o output -s -k tests.package.test_python_pytest.TestPythonPy3Pytest
The build fails with the following error,
> File "/home/blmaier/buildroot/output/TestPythonPy3Pytest/build/host-python-setuptools-69.2.0/setuptools/_distutils/dist.py", line 354, in _gen_paths
> yield pathlib.Path('~').expanduser() / filename
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/home/blmaier/buildroot/output/TestPythonPy3Pytest/host/lib/python3.11/pathlib.py", line 1385, in expanduser
> raise RuntimeError("Could not determine home directory.")
> RuntimeError: Could not determine home directory.
>
> ERROR Backend subprocess exited when trying to invoke get_requires_for_build_wheel
Python setuptools is looking for $HOME but failing to find it.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 4dafb8b5c2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Later commits will start using this variable.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout: quote TAR="..."]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ce6b48c2cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Debian control aarchive does not contain any patch for liblockfile
1.17; it has had no patch since Debian packaged version 1.16-1.1.
Drop the path tarball now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout: also drop from hash file]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit f84c8d1716)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patch which is now upstream.
Among other things, this fixes building with Linux 6.9.
a4ce4095ce
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ba19e5162e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
No functional change as we install a python symlink, but use python3 for
consistency with the other scripts.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ed9288505c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: J. Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cc08d6f5d1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Host build fails on updated Arch Linux desktop.
My current /usr/bin/gcc version is 14.1.1 20240522, where
implicit-function-declaration cause build to fail:
2024-06-05T07:03:20 libtool: compile: /home/roy/hymatek/connexi-touchpanel-firmware/mxxf1/output/host/bin/ccache /usr/bin/gcc -DHAVE_CONFIG_H -I. -I.. -I. -I../include -Iinclude -I../src -I/home/roy/hymatek/connexi-touchpanel-firmware/mxxf1/output/host/include -Wall -O2 -I/home/roy/hymatek/connexi-touchpanel-firmware/mxxf1/output/host/include -fexceptions -c ../src/tramp.c -fPIC -DPIC -o src/.libs/tramp.o
2024-06-05T07:03:20 ../src/tramp.c: In function ‘ffi_tramp_get_temp_file’:
2024-06-05T07:03:20 ../src/tramp.c:262:22: error: implicit declaration of function ‘open_temp_exec_file’ [-Wimplicit-function-declaration]
2024-06-05T07:03:20 262 | tramp_globals.fd = open_temp_exec_file ();
2024-06-05T07:03:20 | ^~~~~~~~~~~~~~~~~~~
Patch from master was added to fix build.
Signed-off-by: Roy Kollen Svendsen <roy.kollen.svendsen@akersolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following CVEs:
CVE-2024-24789: archive/zip: mishandling of corrupt central directory record
CVE-2024-24790: net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch from upstream PR still being discussed:
https://github.com/kmod-project/kmod/pull/32Fixes: #16093
Signed-off-by: Fiona Klute <fiona.klute+wiwa@gmx.de>
[yann.morin.1998@free.fr:
- add upstream tag to the patch
- reference #16093
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 05617724ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using imx-mkimage 6.1.36_2.1.0 or later, an additional data structure
is inserted in the generated image. The FIT external data position passed
to the uboot mkimage program needs to be adjusted accordingly.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=15973
Fixes: 72de789023 ("package/imx-mkimage: bump version to lf-6.1.36-2.1.0")
Tested-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Sébastien: Tested on i.MX8MM EVK and i.MX8MP EVK]
[Sébastien:
- fix subject
- add Tested-by tag
- fix Fixes tags
]
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit baaf7f738a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/f08/f087b879167252690ed198de771292142c6249f8/
Set GI_GIRDIR env variable which is now required for configure
to function.
Details:
a9d38070ce
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: drop spurious reflow of _DEPENDENCIES]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3d4896c529)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It has been well over 10 years since glibc 2.14 was released; the last
Debian version that had an earlier glibc was Wheezy, which Freexian
stopped to maintain as an ELTS in June 2020, 4 years ago, while the
oldest still maintained Ubuntu has glibc 2.21. It is now safe to assume
glibc 2.14 on all major, relevant distributions nowadays.
The distutils module is no longer bundled with python 3.12 so this
eliminates the need to install additional python modules under python
3.12.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: add Debian and Ubuntu references]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 929a491f40)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
