The hash of README.md has changed because the link to the zstd license
has been added:
- ``
+ `- zstd (Dual BSD\GPLv2 Licenses) is from https://github.com/facebook/zstd`
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- gh-92888: Fix memoryview use after free when accessing the backing buffer
in certain cases.
- gh-87389: http.server: Fix an open redirection vulnerability in the HTTP
server when an URI path starts with //.
Release notes:
https://docs.python.org/release/3.10.6/whatsnew/changelog.html#python-3-10-6-final
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
[Peter: Mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6c872197f4)
[Peter: drop Makefile/Vagrantfile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This tests valdates that we can publish a message and read it back.
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Tested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr:
- don't manually start mosquitto, there's a startup script for that
- don't pass custom timeout
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following error on calling mqtt.publish():
File "/usr/lib/python3.10/site-packages/paho/mqtt/publish.py", line 222, in single
multiple([msg], hostname, port, client_id, keepalive, will, auth, tls,
File "/usr/lib/python3.10/site-packages/paho/mqtt/publish.py", line 126, in multiple
if not isinstance(msgs, collections.Iterable):
AttributeError: module 'collections' has no attribute 'Iterable'
Backported from https://github.com/eclipse/paho.mqtt.python/pull/497/
This was deprecated in python 3.9 and stopped working in python 3.10
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf0d8c9659)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is currently no version of gdbserver for or1k. Until this
is implemented we will prevent both the direct and indirect
selection of gdbserver for or1k builds. In practice this means
that 'cross gdb for the host' cannot be selected and that
'full debugger' must be automatically selected for the gdb target
package.
This partially reverts commit 991b7b990a
which claimed that gdbserver for or1k was already supported before
version 8.3. That is not true - the commit that adds gdbserver support
for or1k [1] was only merged for version 12.1, which hasn't been
integrated in Buildroot yet.
Without that support, the build of gdbserver fails with
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-musl/11.2.0/../../../../or1k-buildroot-linux-musl/bin/ld: server.o: in function `main':
server.cc:(.text.startup+0x6dc): undefined reference to `initialize_low()'
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-musl/11.2.0/../../../../or1k-buildroot-linux-musl/bin/ld: remote-utils.o: in function `prepare_resume_reply(char*, ptid_t, target_waitstatus*)':
remote-utils.cc:(.text+0x28a8): undefined reference to `using_threads'
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-musl/11.2.0/../../../../or1k-buildroot-linux-musl/bin/ld: remote-utils.cc:(.text+0x28b0): undefined reference to `using_threads'
Fixes: http://autobuild.buildroot.net/results/b3c/b3c0df53d09d9facaf0c3c2bc4529f9fcf7737ee
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=4933265c3f71b9134363d0c05f09542d5cc677f4
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Stafford Horne <shorne@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Commit [1] enabled glibc on or1k since it's now supported but it
requires a toolchain with linux-headers >= 5.4.
From [2]:
"Here we define the minumum linux kernel version at 5.4.0, as that is the
long term support version where 32-bit architectures start to support
64-bit time API's. The OpenRISC kernel had some bugs up until version 5.8
which caused issues with glibc fork/clone, they have been backported to
5.4 but not previous versions."
Fixes:
checking installed Linux kernel header files... 3.2.0 or later
checking for kernel header at least 5.4.0... too old!
configure: error: *** The available kernel headers are older than the requested
https://gitlab.com/buildroot.org/toolchains-builder/-/jobs/2875256686
[1] 68d0aede59
[2] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=0c3c62ca7d9ff3bdacdd13e636bc858101e3e288
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
openssl is an optional dependency since version 1.5.13 and
ee1cfe3bf9
which must be handled through pkg-config to avoid static build failure
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
While building host-rust with a musl based toolchain without C++ compiler,
the build fail since libunwind bundled in rust sources needs a C++ compiler.
cargo:warning=i686-buildroot-linux-musl-gcc.br_real: error: [...]/host-rust-1.62.0/src/llvm-project/libunwind/src/Unwind-EHABI.cpp: C++ compiler not installed on this system
Note: the issues can't be reproduced with a glibc based toolchain
without C++ probaly due to extra steps required to support musl libc.
We could add the C++ dependency direclty to host-rustc but it would
requires adding the C++ reverse dependencies to all rust packages.
Instread, we add the C++ dependency to BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS
only when a musl toolchain is used. So we can still install a prebuilt
rust compiler but without the rust standard library (rust-std).
Usually we should not add toolchain dependencies in a _ARCH_SUPPORTS option but
BR2_PACKAGE_HOST_RUSTC_TARGET_TIER... options contains already some
BR2_TOOLCHAIN_USES_GLIBC or BR2_TOOLCHAIN_USES_MUSL.
Fixes:
http://autobuild.buildroot.org/results/636/636fb39c8f1b8c05e4ca451ac506cd63c7166d82
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Reviewed-by: Nicolas Tran <nicolas.tran@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
fixes:
- Fixed comparison of maps in Python.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
To report usable tracebacks, pyc files embed the path of the original py
files, so that users can more easily try and debug the reported issue.
We generate the pyc files by calling the python3-supplied compileall
script, to scan the directory where python modules are installed. Since
this is done on the build machine, we tell compileall.py to strip away
the TARGET_DIR prefix, as that has no meaning at runtime.
However, compileall.py forgets [0] to keep a leading / in the front of
the paths, thus generating non-rooted paths., e.g.:
/path/buildroot.ouput/targt/usr/lib/python3.10/argparse.py
gets embedded as:
usr/lib/python3.10/argparse.py
This is a bit confusing but, as far as we could see, should be mostly be
used for display purposes in tracebacks, and does not seem to impact
actual functionality.
We fix that by instructing compileall.py that the embedded paths should
be rooted to / which generates proper paths in tracebacks.
And alternate solution would be to swith gears, and tell compileall.py
exactly the resulting runtime "base" directory, which replaces the
stripping and prefixing; i.e. it's either:
-s $(TARGET_DIR) -p /
or
-d /usr/lib/python$(PYTHON3_MAJOR_VERSION)
We choose to keep the first solution, because that is semantically what
we really want to do: to strip the leading build-time path, rather than
to force anything.
Note: the python test-suite was executed with both solutions (in a
pyc-only setup), and the results were exactly the same; so in practice,
-d or -s+-p yield the same results.
Many thanks go to Vincent for reporting the issue and suggesting the
solutions.
[0] Not sure whether this is a bug or a feature...
Reported-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit 0be1c3e921.
The actual issue is more complex. The problem purportedly fixed was not
caused by a missing libupsclient (it was present), but by a missing type
definition for time_t (on a musl toolchain).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Disable libupsclient to avoid the following build failure if
libupsclient is installed on host:
src/nut.c:40:2: error: #error "Unable to determine the UPS connection type."
40 | #error "Unable to determine the UPS connection type."
| ^~~~~
src/nut.c:46:3: error: unknown type name 'collectd_upsconn_t'
46 | collectd_upsconn_t *conn;
| ^~~~~~~~~~~~~~~~~~
libupsclient is an optional dependency of nut plugin since version
5.10.0 and
bc2d94024d
Fixes:
- http://autobuild.buildroot.org/results/22b758097e8fb72c68e41329cbc7abc748d81ca6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is a bug-fix release, fixing a $edit_headers bug on MacOS, along
with a few other small bugs. It also tightens the $query_command parser
to accept a single tab between fields, and changes $pager to accept a %s
expando.
https://gitlab.com/muttmua/mutt/-/blob/mutt-2-2-7-rel/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The script "utils/check-package" checks that patch email prefix are
not be numbered. See:
https://git.buildroot.org/buildroot/tree/utils/checkpackagelib/lib_patch.py?h=2022.08-rc1#n42
The error message recommends to generate patches to be included in
Buildroot with the command 'git format-patch -N'.
The patch policy section in the Buildroot manual does mention that.
This commit adds a note about that requirement.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Disable -Werror to avoid the following build failure:
In file included from hash.c:7:
xxhash.h:2667:5: error: #warning is a GCC extension [-Werror]
2667 | # warning "XXH3 is highly inefficient without ARM or Thumb-2."
| ^~~~~~~
xxhash.h:2667:5: error: #warning "XXH3 is highly inefficient without ARM or Thumb-2." [-Werror=cpp]
Fixes:
- http://autobuild.buildroot.org/results/3124bae73c207f1a118e57e41e222ef464ccb297
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add license hashes to the hash file and add the information into the
makefile.
Signed-off-by: Jesse Van Gavere <jesseevg@gmail.com>
[Arnout: use correct file names and hashes]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Fix the following build failure:
In file included from libavcodec/ppc/audiodsp.c:31:
libavcodec/ppc/audiodsp.c: In function 'scalarproduct_int16_altivec':
./libavutil/ppc/util_altivec.h:123:5: error: implicit declaration of function 'vec_vsx_ld'; did you mean 'vec_vslh'? [-Werror=implicit-function-declaration]
123 | vec_vsx_ld(offset, b)
| ^~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/b772d285f978ff9bc3b07872d009633c943f20b1
VSX is indeed an extension to AltiVec, so havinf VSX implies having
AltiVec [0], so we can condition he altivec support on LE ,on VSX being
available.
To be noted, however, is that ffmpeg has a configre switch dedicated to
VSX: --enable-vsx. We do not use it add support for that here, as we are
just fixing the AltiVec support. Adding VSX configure flag is left as an
excercise for a future feature addition.
[0] https://en.wikipedia.org/wiki/AltiVec#VSX_(Vector_Scalar_Extension)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- add comment in .mk
- exend commit log to explain VSX implies AltiVec
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
tools needs C++ since the addition of the package in commit
27ad470d7d resulting in the following
build failure:
no -DHAVE_CONFIG_H -I. -I.. -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I../include -I../master -Wall -DREV=`if test -s ../revision; then cat ../revision; else hg id -i .. 2>/dev/null || echo "unknown"; fi` -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Ofast -g0 -c -o ethercat-Command.o `test -f 'Command.cpp' || echo './'`Command.cpp
/bin/bash: line 1: no: command not found
Fixes:
- http://autobuild.buildroot.org/results/89d096006839f32a3d03786e69e51ec3c5ea70f6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: move it before package's options]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2022-2652: Depending on the way the format strings in the card
label are crafted it's possible to leak kernel stack memory. There is
also the possibility for DoS due to the v4l2loopback kernel module
crashing when providing the card label on request (reproduce e.g. with
many %s modifiers in a row).
https://github.com/umlaeute/v4l2loopback/blob/v0.12.7/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-46784: In Squid 3.x through 3.5.28, 4.x through 4.17, and
5.x before 5.6, due to improper buffer management, a Denial of Service
can occur when processing long Gopher server responses.
https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-46828: In libtirpc before 1.3.3rc1, remote attackers could
exhaust the file descriptors of a process that uses libtirpc because
idle TCP connections are mishandled. This can, in turn, lead to an
svc_run infinite loop without accepting new connections.
https://sourceforge.net/projects/libtirpc/files/libtirpc/1.3.3/Release-1.3.3.txt/download
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit bd3cf3fb5b forgot to add all hashes
of license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix CVE-2022-29154: An issue was discovered in rsync before 3.2.5 that
allows malicious remote servers to write arbitrary files inside the
directories of connecting peers. The server chooses which
files/directories are sent to the client. However, the rsync client
performs insufficient validation of file names. A malicious rsync
server (or Man-in-The-Middle attacker) can overwrite arbitrary files
in the rsync client target directory and subdirectories (for example,
overwrite the .ssh/authorized_keys file).
- Drop patches (already in version)
- Update hash of COPYING (make openssl license exception clearer by
having it at the top and use modern links in COPYING:
dde4695136)
https://github.com/WayneD/rsync/blob/v3.2.5/NEWS.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
