Due to problems with the registrar (dynadot) [1], the dereferenced.org
domain got stolen and is up for auction. While sorting that out, the
official download site has changed to a different domain [2]. Update
PKGCONF_SITE to the new location.
There's an upstream bug to track the issue [3].
[1] https://social.treehouse.systems/@ariadne/110643909699308207
[2] 437c2a3218
[3] https://github.com/pkgconf/pkgconf/issues/302
Fixes: https://bugs.busybox.net/show_bug.cgi?id=15673
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ef95ec920c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/d6c/d6caf3c2c0fd670e70950d3e89629df39f8ce596/
After adding various fixes for the autobuilder error and subsequent
build errors this build error can only be fixed by using gcc >= 7:
output/build/assimp-5.2.5/code/AssetLib/Obj/ObjFileParser.cpp:55:23:
fatal error: string_view: No such file or directory
Usage of string_view was added in version 5.2.5 by upstream commit
f6bcb160d0
which was added to buildroot by commit
7d843d9cc0
Removed BR2_TOOLCHAIN_HAS_GCC_BUG_64735 which is only valid for gcc < 7
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6dad3a709c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is bugfix release of stable libmdbx branch,
on the day of international children's camp «Artek».
It is reasonable to backport this patch to all applicable releases/branches of Buildroot.
The most significant fixes of v0.12.7:
- added workaround for build issues with modern GCC using `-m32 -arch=i686 -Ofast`.
- fixed the cause of the false-positive warning of modern GCC in the C++ API.
- refined DB opening in "recovery" mode and switching to a given meta-page.
The complete ChangeLog: https://gitflic.ru/project/erthink/libmdbx/blob?file=ChangeLog.md
Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 86cca91c24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Move the comment out of the if-clause and include the python3 dependency
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e539853fc3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/b26/b267c4137edebc504757b6275824c748cce3d894/
libxml2 deprecated the function xmlRecoverMemory with commit
51035c539e
first included in versions 2.11.0. Buildroot bumped libxml2 to the 2.11
branch with commit dfe1ca7872.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4f9ce6dbf6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For change log since v2.3.2, see:
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.3.3
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2c9b853093)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream added a list of python modules declared as runtime dependencies
f18345d2a1
most of them with fixed (and outdated) versions.
Disable python support for the time being.
Fixes:
http://autobuild.buildroot.net/results/436/436e90bb1f77143b05cb98df78934555bbb7df35/
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 227c42b8c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the rest of RISC-V boards have been switched to use OpenSBI
1.2, let's update hifive_unleashed to use OpenSBI 1.2 too.
Resolves: https://bugs.busybox.net/show_bug.cgi?id=15658
Signed-off-by: Bin Meng <bmeng@tinylab.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 02f6d77fbd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2023-1916: A flaw was found in tiffcrop, a program distributed by the
libtiff package. A specially crafted tiff file can lead to an
out-of-bounds read in the extractImageSection function in
tools/tiffcrop.c, resulting in a denial of service and limited information
disclosure. This issue affects libtiff versions 4.x.
- CVE-2023-25434: libtiff 4.5.0 is vulnerable to Buffer Overflow via
extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.
- CVE-2023-26965: loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0
has a heap-based use after free via a crafted TIFF image
Drop the now upstream
0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cb496970c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The alsa-utils will remove and create the /usr/share/alsa dir
as a whole and since the alsa plugins needs to add config into
this same directory it should come after those install steps.
Also, the bluez alsa needs the plugins installed to find them
during the configuration phases - so, interlock the plugins
when configured.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 3223a34ee5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2023-34969: Fix an assertion failure in dbus-daemon when a privileged
Monitoring connection (dbus-monitor, busctl monitor, gdbus monitor or
similar) is active, and a message from the bus driver cannot be delivered
to a client connection due to <deny> rules or outgoing message quota.
This is a denial of service if triggered maliciously by a local attacker.
- Fix an incorrect assertion that could be used to crash dbus-daemon or
other users of DBusServer prior to authentication, if libdbus was compiled
with assertions enabled.
For details, see the NEWS file:
https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 52ae2a4e1d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
async-timeout dependency was dropped upstream for Python 3.11 (see [1]).
[1] 1b5c9e1cb9
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit d39ca32388)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove packages which are no longer runtime-tested here.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 2aa3f61b5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select BR2_TARGET_UBOOT_NEEDS_OPENSSL to fix the following
build error:
include/image.h:1383:12: fatal error: openssl/evp.h: No such file or directory
Reported-by: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 044c38b71d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit adabd0b8b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update 002-vc4-add-meson-option-to-disable-optional-neon-suppor.patch to
fix an syntax error introduced by commit 'package/{mesa3d, mesa3d-headers}:
bump version to 23.1.0' ([1])
Fixes:
.../build/mesa3d-23.1.2/src/gallium/drivers/vc4/meson.build:87:76: ERROR:
Trying to compare values of different types (UserFeatureOption, str) using !=.
This was deprecated and undefined behavior previously and is as of 0.60.0 a hard error.
[1] https://git.buildroot.net/buildroot/commit/?id=e6203db11ed40122a2d9f29012db5683a7eb10d0
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit da19c18af2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
E-mails are bouncing:
<jose.pekkarinen@unikie.com>: host ASPMX.L.GOOGLE.com[74.125.133.26] said:
550-5.1.1 The email account that you tried to reach does not exist. Please
try 550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5206492d6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2023-32681: Unintended leak of Proxy-Authorization header
https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit c94922beac)
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 0b9efc991f ("linux: use BR2_MAKE") switched LINUX_MAKE to
$(BR2_MAKE). However, this also implicitly sets LINUX_KCONFIG_MAKE.
Thus, when host-make is being used in a build that has
PER_PACKAGE_DIRECTORIES enabled, the dotconfig step will try to use the
make instance from the host directory, but since it is not listed in
LINUX_KCONFIG_DEPENDENCIES, it won't be available yet at that point in
time.
Add an explicit dependency to LINUX_KCONFIG_DEPENDENCIES to have it
copied over early enough.
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 66681bd4a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2023-23918: Node.js Permissions policies can be bypassed via
process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto
library (Medium)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA
environment variable (Low)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
injection in host headers (Medium)
https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js
fetch API (Low)
https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases
Update LICENSE hash after an update of the openssl license snippet:
e7ed56f501
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit a240f9da85)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2023-32067: High. 0-byte UDP payload causes Denial of Service
- CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS
query IDs
- CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
- CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during
cross compilation
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 0afcfe5a48)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The autoconf-build system fails to properly detect vsnprintf
checking for vsnprintf... yes
checking whether vsnprintf is C99 compliant... no
which leads to a build error
snprintf.c:495:1: error: inlining failed in call to 'always_inline'
'rpl_vsnprintf.localalias': function not inlinable
Building with cmake fixes the problem:
-- Looking for vsnprintf
-- Looking for vsnprintf - found
The cmake build system has an option to disable checkmk, so we don't
need to remove it from target anymore.
Fixes:
http://autobuild.buildroot.net/results/e55/e5562513226de902dae642526165b1555a540144/
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 6dfc789f4f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
hwdata provides a .pc file, which other packages can look up to find the
location where hwdata files are, and use them at build time.
This is the case for the upcoming libdisplay-info package, which
requires the hwdata's PNP IDs at build time.
However, installing the .pc file is not enough. Indeed, meson (which
libdisplay-info uses) will look for the corresponding data files in
datadir, which it locates relative to the sysroot, which is our staging.
So, we also need to install the hwdata files in staging.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f36c57728a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
