Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3176d9febb)
[Peter: drop 5.17.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following musl build failure raised with pam and libressl:
auth-pam.c: In function 'pam_server':
auth-pam.c:894:23: error: 'PATH_MAX' undeclared (first use in this function); did you mean 'AF_MAX'?
894 | char ac_file_name[PATH_MAX];
| ^~~~~~~~
| AF_MAX
auth-pam.c:894:23: note: each undeclared identifier is reported only once for each function it appears in
auth-pam.c:894:10: warning: unused variable 'ac_file_name' [-Wunused-variable]
894 | char ac_file_name[PATH_MAX];
| ^~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/c8834fa5ddcac6fd22fc9406e10221e64cdb8856
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b79cefcb00)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ngx_{http,stream}_upstream_zone_module need libatomic_ops since their
addition in commit 621ec32677 and
cf31347ee879a03b3ff6:
src/core/ngx_rwlock.c:125:2: error: #error ngx_atomic_cmp_set() is not defined!
125 | #error ngx_atomic_cmp_set() is not defined!
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/f7f6be00029d430dc575bc5b3e3e2031cea0460c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fb3fbb261b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
sigsegv.c: In function 'sigsegv_handler':
sigsegv.c:225:75: error: 'mcontext_t' has no member named 'uc_regs';
did you mean 'gregs'?
((ucontext_t *) ucp)->uc_mcontext.uc_regs->gregs[1]
Musl defines pt_regs differently to glibc. Backport a patch from
upstream gnulib (the source for this file in diffutils).
Fixes:
http://autobuild.buildroot.net/results/1b40146436eb2b3500d0d8faef96b3374f8e5cda/
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2bee0f3459)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
traceevent needs dynamic library since its addition in kernel 3.14 and
c877bbd8ec:
event-plugin.c:10:10: fatal error: dlfcn.h: No such file or directory
10 | #include <dlfcn.h>
| ^~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/24206071721479a6ba4d0267e7e20ef9498e1e05
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b1dd0548d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
tmon needs threads since its addition in kernel 3.13 and
94f69966fa:
tmon.c:23:10: fatal error: pthread.h: No such file or directory
23 | #include <pthread.h>
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/d7b3d15ebf80ca6dbbbd4554af541182c777e4de
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ff5c1da7f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.17.11 includes security fixes to the crypto/rand, crypto/tls, os/exec,
and path/filepath packages, as well as bug fixes to the crypto/tls package.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with argp-standalone and NLS raised
since commit 5430c8fedd:
configure:6091: /home/autobuild/autobuild/instance-3/output-1/host/bin/x86_64-buildroot-linux-musl-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O3 -g0 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c -largp >&5
/home/autobuild/autobuild/instance-3/output-1/host/lib/gcc/x86_64-buildroot-linux-musl/10.3.0/../../../../x86_64-buildroot-linux-musl/bin/ld: /home/autobuild/autobuild/instance-3/output-1/host/x86_64-buildroot-linux-musl/sysroot/usr/lib/../lib64/libargp.a(argp-parse.o): in function `argp_version_parser':
/home/autobuild/autobuild/instance-3/output-1/build/argp-standalone-1.4.1/argp-parse.c:181: undefined reference to `libintl_dgettext'
[...]
checking for library containing argp_parse... no
configure: error: An implementation of GNU Argp was not found, please install libargp
Fixes:
- http://autobuild.buildroot.org/results/3d2d9e27aabcd6763510238087fe25d5273d3535
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cb91d2e60f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit fixes a build error when the host environment has GOOS set to
something other than "linux." For example,
cd ./buildroot
GOOS="js" make
This will cause a build failure. Override GOOS to be either empty for host
packages or set to "linux" for target packages.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8c585eb32d)
Since commit 6a9c6311f8, two
BR2_PACKAGE_GTEST_GMOCK blocks are used instead of one which is a little
bit unusual
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 555d2f0f4d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gtest unconditionally uses is_trivially_copy_constructible since
version 1.11.0 and
c13c27a513
So add a dependency on host gcc >= 4.9 for gmock to avoid the following
build failure since commit 9dfbbbb410:
In file included from /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/build/host-gtest-1.11.0/googletest/include/gtest/internal/gtest-death-test-internal.h:39:0,
from /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/build/host-gtest-1.11.0/googletest/include/gtest/gtest-death-test.h:41,
from /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/build/host-gtest-1.11.0/googletest/include/gtest/gtest.h:64,
from /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/build/host-gtest-1.11.0/googletest/src/gtest-all.cc:38:
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/build/host-gtest-1.11.0/googletest/include/gtest/gtest-matchers.h: In static member function 'static constexpr bool testing::internal::MatcherBase<T>::IsInlined()':
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/build/host-gtest-1.11.0/googletest/include/gtest/gtest-matchers.h:414:12: error: 'is_trivially_copy_constructible' is not a member of 'std'
std::is_trivially_copy_constructible<M>::value &&
^
Fixes:
- http://autobuild.buildroot.org/results/9d19a47deb80824eaa718d80f14b0afd5f9eb054
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 480d76342d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qpid-proton needs C++ (and so threads due to proactor) to avoid the
following build failure:
CMake Error at /nvmedata/autobuild/instance-3/output-1/host/share/cmake-3.18/Modules/CMakeTestCXXCompiler.cmake:59 (message):
The C++ compiler
"/usr/bin/c++"
is not able to compile a simple test program.
C++ check can't easily be removed:
https://github.com/apache/qpid-proton/pull/366
Fixes:
- http://autobuild.buildroot.org/results/76f8deccc9c4eee29eddf42586cc28e96eec0827
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f255a32211)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While reading the docs to find hooks, I completely missed the
LIBFOO_TARGET_FINALIZE_HOOKS one which was actually matching my
use-case.
Though it is documented in a subsection a few lines below, let's also
have it in the list of supported hooks so it's not hidden away.
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit dd66a2f0b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gcc-12 is starting to trickle down to some distros, like Archlinux.
gcc-12 has new warnings, and detects more cases of issues, like new
UAF cases, which is causing build issues in code that was previously
building fine, as reported in #14826:
In file included from sigchain.c:3:
In function 'xrealloc',
inlined from 'sigchain_push.isra' at sigchain.c:26:2:
subcmd-util.h:56:23: error: pointer may be used after 'realloc' [-Werror=use-after-free]
56 | ret = realloc(ptr, size);
| ^~~~~~~~~~~~~~~~~~
subcmd-util.h:52:21: note: call to 'realloc' here
52 | void *ret = realloc(ptr, size);
| ^~~~~~~~~~~~~~~~~~
subcmd-util.h:58:31: error: pointer may be used after 'realloc' [-Werror=use-after-free]
58 | ret = realloc(ptr, 1);
| ^~~~~~~~~~~~~~~
subcmd-util.h:52:21: note: call to 'realloc' here
52 | void *ret = realloc(ptr, size);
| ^~~~~~~~~~~~~~~~~~
In that case, the kernel has already fixed their code, which is part of
5.17:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=52a9dab6d892763b2a8334a568bd4e2c1a6fde66
However, we can't easily carry that patch, because we don't know
whether the kernel the user uses already has the fix or not.
Instead, we can just tell the kernel to disable use of -Werror when
building host tools.
As a consequence, we can drop it from the perf-specific setting.
Fixes: #14826
Reported-by: Anders Pitman <buildroot@apitman.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit baa55a4e26)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
My Bootlin address is preferred from now on.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9118c863b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following uclibc build failure on aarch64:
crc32c.c:277:10: fatal error: sys/auxv.h: No such file or directory
277 | #include <sys/auxv.h>
| ^~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/08591fbf9677ff126492c50c15170c641bcab56a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 97b533c3c2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some constraints on a setup ended up with a plus sign in the path
for historical reasons and would then fail to match on the comparison
of the host/lib dir match. So, the =~ for bash can be augmented
with a double quote expansion to preserve the literal value of
the characters in the variable.
Example Path: /home/vagrant/test+buildroot/per-package
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2a9ef1f572)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default the toolchain-wrapper enable -fPIE to the build of all packages.
TF-A support Position Independent Executable(PIE) only in few build cases,
therefore it should be disable by default.
If you still want to enable PIE, TF-A provide a "ENABLE_PIE" build options
that will override the cflags for the supported cases.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[Peter: Only do so for BR2_PIC_PIE]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1061ed6c62)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mutt 2.2.5 was released on May 16, 2022: this is a bug-fix release,
fixing two issues with libgsasl authentication.
Mutt 2.2.4 was released on April 30, 2022: this is a bug-fix release,
fixing some regressions with Maildir/mh mailbox path normalization that
were added in 2.2.0. Please see the UPDATING file for more details.
https://gitlab.com/muttmua/mutt/-/blob/mutt-2-2-5-rel/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bb7182c3e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2022-29162
Minor security issue (which appears to not be exploitable) related to process
capabilities.
A bug was found in runc where runc exec --cap executed processes with ble Linux
process capabilities, creating an atypical Linux environment. For more
information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162.
runc spec no longer sets any inheritable capabilities in the created example OCI
spec (config.json) file.
https://github.com/opencontainers/runc/releases/tag/v1.1.2
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0295e9602f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
samba4 needs iconv.h since bump to version 4.15.3 in commit
d33ad03e75 and
fc51b38ed8:
../../source3/lib/netapi/examples/common.c:13:10: fatal error: iconv.h: No such file or directory
13 | #include <iconv.h>
| ^~~~~~~~~
Strangely enough, there is no autobuilder failures.
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=14821
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6a1331ba01)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump to version 1.5 in
commit 41bbe8df54 and
be55282d71:
In file included from /nvmedata/autobuild/instance-22/output-1/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/include/glib-2.0/glib.h:62,
from src/verity_hash.c:26:
src/verity_hash.c: In function 'verify_zero':
src/verity_hash.c:69:55: error: expected ')' before 'PRIu64'
69 | g_message("Spare area is not zeroed at position %" PRIu64 ".",
| ^~~~~~
Fixes:
- http://autobuild.buildroot.org/results/1a093c0e194a061836884419d2f50506105db01e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ea79360907)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following static build failure with transmission:
checking for ZLIB... configure: error: Package requirements (zlib >= 1.2.3) were not met:
Package dependency requirement 'zlib >= 1.2.3' could not be satisfied.
Package 'zlib' has version '', required version is '>= 1.2.3'
Fixes:
- http://autobuild.buildroot.org/results/b3b882482f517726e5c780ba4c37818bd379df82
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 31a7427662)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
HAVE_DATE_BIN has been dropped since version 4.0.5 and
d04037825e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit eb5e2d2d43)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, mostly with build fixes, media playback improvements,
an important fix for when using threaded rendering, and security patches
for CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, and
CVE-2022-26719.
Release notes:
https://wpewebkit.org/release/wpewebkit-2.36.2.htmlhttps://wpewebkit.org/release/wpewebkit-2.36.3.html
Accompanying security advisory:
https://wpewebkit.org/security/WSA-2022-0005.html
This also imports a build fix which has not made it into the release.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bab6100b51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, with the usual flurry of correctness fixes, and a patch
to fix the build with the accessibility support disabled. Release notes:
https://wpewebkit.org/release/wpewebkit-2.36.1.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b7a0e39b60)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update to a new major release which brings in improvements and a few new
features. Release notes:
https://wpewebkit.org/release/wpewebkit-2.36.0.html
None of the new features need additional dependencies. The build option
USE_SYSTEMD has been renamed to ENABLE_JOURNALD_LOG, though.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7d258f81cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, mostly with build fixes, media playback improvements,
an important fix for when using threaded rendering, and security patches
for CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, and
CVE-2022-26719.
Release notes:
https://webkitgtk.org/2022/05/28/webkitgtk2.36.3-released.htmlhttps://webkitgtk.org/2022/05/18/webkitgtk2.36.2-released.html
Accompanying security advisory:
https://webkitgtk.org/security/WSA-2022-0005.html
This also imports a build fix which has not made it into the release.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 93f831bf5d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, with the usual flurry of correctness fixes, and a patch
to fix the build with the accessibility support disabled. Release notes:
https://webkitgtk.org/2022/04/21/webkitgtk2.36.1-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ab1157bbe4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If enabled at build time, WebKit's internal nested compositor can work
more efficiently when targeting Wayland, by avoiding one unneeded buffer
copy. The build option has been available for a few years in WebKitGTK
releases.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7e8f0d95a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update to a new major release which brings in improvements and a few new
features. Release notes:
https://webkitgtk.org/2022/03/21/webkitgtk2.36.0-released.html
None of the new features need additional dependencies. The build option
USE_SYSTEMD has been renamed to ENABLE_JOURNALD_LOG, though.
While at it, remove setting the ENABLE_PLUGIN_PROCESS_GTK2 option.
Support for NPAPI plug-ins has been dropped already in 2.32.x and the
option has been a no-op for a long time, see:
https://perezdecastro.org/2020/webkitgtk-npapi-sunsetting.htmlhttps://webkitgtk.org/2021/03/26/webkitgtk2.32.0-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d9ac22b7e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised on uclibc and musl since the
addition of libexecinfo package in commit
eea8ba446c:
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: ../lib/.libs/libboinc.a(libboinc_la-diagnostics.o): in function `boinc_catch_signal':
diagnostics.cpp:(.text+0x8a): undefined reference to `backtrace'
Fixes:
- http://autobuild.buildroot.org/results/4504379b464eb144a4c257001eb4d316bb1f5e44
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9e48c2d5f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-29338: Integer Overflow in OpenJPEG v2.4.0 allows remote
attackers to crash the application, causing a Denial of Service (DoS).
This occurs when the attacker uses the command line option "-ImgDir" on
a directory that contains 1048576 files.
Fix CVE-2022-1122: A flaw was found in the opj2_decompress program in
openjpeg2 2.4.0 in the way it handles an input directory with a large
number of files. When it fails to allocate a buffer to store the
filenames of the input directory, it calls free() on an uninitialized
pointer, leading to a segmentation fault and a denial of service.
Drop patches (already in version)
https://github.com/uclouvain/openjpeg/blob/v2.5.0/NEWS.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 636f201062)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-1619: Heap-based Buffer Overflow in function
cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This
vulnerabilities are capable of crashing software, modify memory, and
possible remote execution
Fix CVE-2022-1620: NULL Pointer Dereference in function
vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior
to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at
regexp.c:2729 allows attackers to cause a denial of service (application
crash) via a crafted input.
Fix CVE-2022-1621: Heap buffer overflow in vim_strncpy find_word in
GitHub repository vim/vim prior to 8.2.4919. This vulnerability is
capable of crashing software, Bypass Protection Mechanism, Modify
Memory, and possible remote execution
Fix CVE-2022-1629: Buffer Over-read in function find_next_quote in
GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are
capable of crashing software, Modify Memory, and possible remote
execution
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit da66811e8e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2022-28738: Double free in Regexp compilation
- CVE-2022-28739: Buffer overrun in String-to-Float conversion
For more details, see the announcement:
https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-By: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit db14515e87)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-30333: RARLAB UnRAR before 6.12 on Linux and UNIX allows
directory traversal to write to files during an extract (aka unpack)
operation, as demonstrated by creating a ~/.ssh/authorized_keys file.
6.12 application version corresponds to 6.1.7 source version:
https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7564f1de06)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Extract from
1bc60d4ba2:
"NOTE TO MAINTAINERS: libee is not used by rsyslog for quite some while.
However, we never included this info into the changelog. So if you still
make rsyslog depend on libee (some do this), you should stop doing so
now. Libee is dead and no longer been maintained nor hosted by us."
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 55d164bf5d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with giflib and gcc >= 10:
/nvmedata/autobuild/instance-30/output-1/per-package/fbv/host/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/11.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: gif.o: in function `fh_gif_load':
gif.c:(.text+0x338): undefined reference to `m_rend_gif_decodecolormap'
Fixes:
- http://autobuild.buildroot.org/results/dca603a61b1fd0558992b4a40152d23b5b9c0049
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9eeb5cd96d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
