Fixes the following security issues:
- CVE-2023-1916: A flaw was found in tiffcrop, a program distributed by the
libtiff package. A specially crafted tiff file can lead to an
out-of-bounds read in the extractImageSection function in
tools/tiffcrop.c, resulting in a denial of service and limited information
disclosure. This issue affects libtiff versions 4.x.
- CVE-2023-25434: libtiff 4.5.0 is vulnerable to Buffer Overflow via
extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.
- CVE-2023-26965: loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0
has a heap-based use after free via a crafted TIFF image
Drop the now upstream
0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version included the patches removed by this commit, no new CVEs
were fixed.
Release notes: https://librdf.org/raptor/RELEASE.html#rel2_0_16
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Other changes:
- Remove 0002-plc-plc.h-fix-build-with-gcc-10.patch as
related MR https://github.com/qca/open-plc-utils/pull/141
has been merged.
Notable changes since last version:
- Drop privileges after opening the channel file descriptor
- Remove all checks for root permissions
- Add chip identification for QCA7006AQ
Signed-off-by: Kai Stuhlemmer (ebee Engineering) <kai.stuhlemmer@ebee.de>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Removed patch which is included in this version.
Release notes: https://github.com/drowe67/codec2/releases/tag/v1.1.0
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed patch which is included in this version.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop local patch that has been upstreamed but add a new one to fix build
failure:
../meson.build:180:12: ERROR: Can not run test applications in this
cross environment.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch cleans up board/zynqmp shellcheck issues.
Signed-off-by: Neal Frager <neal.frager@amd.com>
[Peter: wrap long lines, use quotes around entire word]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch cleans up board/zynq shellcheck issues.
Signed-off-by: Neal Frager <neal.frager@amd.com>
[Peter: use ${} for variables, quotes around entire word]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
And restore support for MIPS64, which is supported by Lightning.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
git-formatted patches due to the upstream repo using git:
http://git.tvdr.de/?p=vdr.git
Sent patches upstream and added Upstream: tags.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The bump to 11.4.0 in commit f1e3d02cd4 missed
0001-or1k-Add-mcmodel-option-to-handle-large-GOTs.patch, so add it back
again to keep checkpackage happy.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ppc-mpc8544ds is the only qemu configuration that requires a kernel patch:
board/qemu/ppc-mpc8544ds/patches/linux/0001-powerpc-Fix-mcpu-options-for-SPE-only-compiler.patch
But this patch doesn't apply after a backport between v6.1.20 and v6.1.21
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=da0beae2449376326086e9f57468fd2b64736d2a
So the patch 0001-powerpc-Fix-mcpu-options-for-SPE-only-compiler.patch doesn't
seem required anymore.
Welcome to Buildroot
buildroot login: root
# uname -a
Linux buildroot 6.1.28 #1 Wed May 24 09:08:27 UTC 2023 ppc GNU/Linux
# cat /proc/cpuinfo
processor : 0
cpu : e500v2
clock : 400.000000MHz
revision : 3.0 (pvr 8021 0030)
bogomips : 800.00
timebase : 400000000
platform : MPC8544 DS
model : MPC8544DS
Memory : 128 MB
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4306895282https://bugs.busybox.net/show_bug.cgi?id=15581
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Cc: Sebastian Weyer <sebastian.weyer@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch bumps bootgen to version xilinx_v2023.1.
The patch for build machines with modern flex is no longer needed.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Convert the package to a meson package as recommanded by upstream.
Drop no longer needed patchs.
Fixes: http://autobuild.buildroot.net/results/b32/b3245c4ee8e0b3592b09e0bc57bc0928018936c2
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[yann.morin.1998@free.fr:
- drop --prefix=/usr, already passed by the meson-package infra
- regenerate .checkpackageignore for removed patches
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop local patches since they have been upstreamed but add a new local
patch already upstreamed that checks for libevent and sqlite since with the
adding of reexport they became mandatory. This is because it's not possible
to disable reexport.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Removed patch which was applied upstream.
License files were moved to COPYING/
Updated license hash of COPYING.lzma due to upstream commit
6b3b8b2e9d (diff-216b7167897f75c13c7fcfa08956f8f9269af0927024c7e14201683b94ebad8f)
which made no changes to the license text.
Switched build system to cmake, reworked various dependencies.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The at-spi2-core and at-spi2-atk were merged, and are now built by default,
so this patch is no longer required.
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Tested-by: Adrian Perez de Castro <aperez@igalia.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr:
- rename remaining patch,
- update .checkpackageignore
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bumps OP-TEE client package version to OP-TEE release 3.21.0.
Removes the 2 local patches that have been integrated into mainline
repository before release tag 3.21.0.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[yann.morin.1998@free.fr: regenerate .checkpackageignore]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Removed patch included in upstream release, renumbered and reformatted
Upstream: tag for remaining patch, updated .checkpackageignore.
Updated license hash due to upstream commit:
"Add line between licenses in COPYING."
23cede3e95
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit also:
- adds the md5 from the release note in the package hash file,
- rebase the patch on the new version tag,
- adds the "Upstream:" tag in the patch.
For change log since v0.3.22, see:
- https://github.com/xianyi/OpenBLAS/releases/tag/v0.3.23
Signed-off-by: Julien Olivain <ju.o@free.fr>
[yann.morin.1998@free.fr: update .checkpackageignore]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some patches were removed in recent version bumps:
- 80793107a6 package/transmission: bump version to 4.0.3
- 8d6ddb7a29 package/rtl8812-aircrack-ng: bump to 2023-05-01
version to fix build failure with Linux 6.3
Update the ignore list accordingly.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Release notes:
https://lists.x.org/archives/xorg-announce/2023-April/003386.html
Removed all patches because they were cherry-picked from upstream,
update .checkpackageignore as well.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Replaced patch 0002 to fix python detection with new version due to
upstream changes:
https://github.com/xbmc/xbmc/pull/21597#issuecomment-1166365667
Removed patches which were applied upstream.
Bump gcc requirement as kodi depends on C++17.
Rework configure options.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr:
- git-format patch 0002
- add upstream tag to patch 0002
- regenerate .checkpackageignore
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Removed patches which were applied upstream, rebased remaining patches.
Added patch 0004 to avoid dependency to perl package JSON:PP.
This bump depends on bumping heimdal, see previous patch of this series.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr:
- make new patch git-formatted
- add upstream status to new patch
- update .checkpackageignore wth removed patches
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some patches were removed in recent version bumps:
- 2d7cfd49ba package/valgrind: bump version to 3.20.0
- 4aef53575b package/libgit2: bump version to 1.6.4
- b0306d94b2 package/cpio: bump version to 2.14
- f292d9b736 package/gocryptfs: bump version to 2.3.2
Update the ignore list accordingly.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some patches were removed in recent version bumps:
- 492c803117 package/tbb: bump to version 2021.8.0.
- a1e0e7276c package/libmodsecurity: bump to version 3.0.9
- e4fb09f95f package/gstreamer1-editing-services: bump version to 1.22.2
- 460c9fa338 package/pciutils: bump to version 3.9.0
- 0f1d33b6c8 package/crun: bump to version 1.8.4
And some were renamed with a version bump:
- 60d8e52576 package/lua: bump to version 5.4.5
But the ignore list was not updated in any of those commits, the latter
causing issues because the patches are no longer ignored;
package/lua/5.4.5/0001-root-path.patch:0: missing Upstream in the header (http://nightly.buildroot.org/#_additional_patch_documentation)
package/lua/5.4.5/0002-shared-libs-for-lua.patch:0: missing Upstream in the header (http://nightly.buildroot.org/#_additional_patch_documentation)
package/lua/5.4.5/0011-linenoise.patch:0: missing Upstream in the header (http://nightly.buildroot.org/#_additional_patch_documentation)
384140 lines processed
3 warnings generated
Update the ignore list accordingly.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Drop "0001-meson-change-std-to-gnu99.patch" since change is available
in this version.
Signed-off-by: James Knight <james.d.knight@live.com>
[yann.morin.1998@free.fr: regenerate .checkpackageignore]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- glib2 has moved from PCRE to PCRE2 [1].
- Drop `fam` option since it no longer available [2].
- Drop "0001-fix-compile-time-atomic-detection.patch" since upstream
patch was dropped and new atomic detection implementation has been
applied in this version.
- Drop "0002-remove-cpp-requirement.patch" since upstream has modified
its Meson scripts to have any C++ usage as optional.
- Drop "0003-Add-Wno-format-nonliteral-to-compiler-arguments.patch"
since change is available in this version.
- Add new patch to address new Werror compilation errors [3].
- Renamed "0004-*.patch" -> "0001-*.patch" since it should still be
applicable for its mentioned build case.
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1938974
[2]: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2570
[3]: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3390
Signed-off-by: James Knight <james.d.knight@live.com>
[yann.morin.1998@free.fr:
- update upstream status on new patch
- regenerate .checkpackageignore
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Providing an upstream status for the remaining libglib2 patch from a
recent version bump. This patch was introduced in Buildroot around
November 2021 to help deal with build errors where `GObject-2.0.gir`
could not be found (tied to Buildroot changes made in
`gobject-introspection.mk`). The discussion thread mentions this could
be submitted upstream, but looks like it never was. Reflecting that this
package has not been submitted upstream.
Signed-off-by: James Knight <james.d.knight@live.com>
[yann.morin.1998@free.fr: update .checkpackageignore]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 5e1c238b72 (package/ltp-testsuite: require 5.11 headers for
musl) dropped a patch, which had no "upstream" status, and thus had an
ignore entry, which itself was ignored when the patch got removed.
Regenerate .checkpackage ignore now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 1ed0752132 (.checkpackageignore: add entries missing Upstream
trailer) regenerated the list in a local environment, which differs from
our reference build image, causing spurious issues [0].
Regenerate the list in the regerence image, now.
[0] https://gitlab.com/buildroot.org/buildroot/-/jobs/4119717539
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Due to the sheer number of patches that fail the new Upstream trailer
check (1500+) and the time it would take to make them compliant, for
now, just add them to the ignore list.
Created via `./utils/docker-run make .checkpackageignore`
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
[yann.morin.1998@free.fr: regenerate]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit b32d7c99 fixed the shellcheck errors in board/qemu/post-image.sh,
but forgot to remove it from .checkpackageignore, leading to "Shellcheck
was expected to fail" errors.
Re-generate .checkpackageignore.
Fixes: b32d7c99c6
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
When we updated .checkpackageignore in commit 29d6f319a, this was done
using a different version of shellcheck, that apparently detects some
additional issues. Thus,
board/terasic/de10nano_cyclone5/barebox-env/boot/mmc was detected as
containing shellcheck errors. However this doesn't happen with the
version in CI, leading to "Shellcheck was expected to fail" errors.
Re-generate .checkpackageignore under docker-run, like it should have
been done to begin with.
Fixes: 29d6f319a0
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/4084485150
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The .mk files inside both support/dependencies and support/misc are not
package recipes, similar to package/pkg-*.mk. The check-package don't
apply to them. Therefore ignore such files.
In the test infra, some br2-externals are used as fixtures to provide
(sometimes) failure cases, so ignore files in these directories.
Files inside support/kconfig are files copied from linux upstream, so do
not generate warnings for them.
support/gnuconfig contains auto-generated config.{guess,sub} files,
so do not generate shellcheck warnings for them.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
When a SysV init script is inside package/ it doesn't need to be
executable. However, when an init script is inside a fs_overlay, it
*does* need to be executable. Therefore, skip the NotExecutable test for
init scripts. We detect them based on the directory /etc/init.d
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[Arnout: update .checkpackageignore]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
- Use daemon name (bluetoothd) as file name.
- Script doesn't need to be executable.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When running "make check-package" on a system with shellcheck 0.9.0,
the command fails with output:
make check-package
package/linux-tools/S10hyperv:0: run 'shellcheck' and fix the warnings
...
2 warnings generated
This commit fixes the warnings reported by the command:
shellcheck package/linux-tools/S10hyperv
This commit also fixes the four-space indent by a single tab on the
changed lines. Since this fixes the indentation warnings of
check-package, the Indent exclusion in .checkpackageignore is also
removed.
Fixes:
In package/linux-tools/S10hyperv line 27:
return $ret
^--^ SC2086 (info): Double quote to prevent globbing and word splitting.
In package/linux-tools/S10hyperv line 48:
return $ret
^--^ SC2086 (info): Double quote to prevent globbing and word splitting.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently only SysV init scripts are checked using shellcheck and a few
other rules (e.g. variable naming, file naming).
Extend the check using shellcheck to all shell scripts in the tree.
This is actually limited to the list of directories that check-package
knows that can check, but that list can be expanded later.
In order to apply the check to all shell scripts, use python3-magic to
determine the file type. Unfortunately, there are two different python
modules called "magic". Support both by detecting which one is installed
and defining get_filetype accordingly.
Keep testing first for name pattern, and only in the case there is no
match, check the file type. This ensures, for instance, that SysV
init scripts follow specific rules.
Apply these checks for shell scripts:
- shellcheck;
- trailing space;
- consecutive empty lines;
- empty last line on file;
- newline at end of file.
Update the list of ignored warnings.
Do not add unit tests since no function was added, they were just
reused.
But expand the runtime test for check-package using as fixture a file
that generates a shellcheck warning.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[Arnout: support both variants of the "magic" module]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Commit 4a6f9d2516 removed
package/urandom-scripts/S20urandom but didn't remove it from
.checkpackageignore. Do so now.
The commit actually renamed it to S20seedrng, but it also fixed the
Variables errors so it no longer needs to be ignored.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
... just like check-flake8 already does.
When a new check_function is added to check-package, often there are
files in the tree that would generate warnings.
An example is the Sob check_function for patch files:
| $ ./utils/check-package --i Sob $(git ls-files) >/dev/null
| 369301 lines processed
| 46 warnings generated
Currently these warnings are listed when calling check-package directly,
and also at the output of pkg-stats, but the check_function does not run
on 'make check-package' (that is used to catch regressions on GitLab CI
'check-package' job) until all warnings in the tree are fixed.
This (theoretically) allows new .patch files be added without SoB,
without the GitLab CI catching it.
Since now check-package has an ignore file to list all warnings in the
tree, that will eventually be fixed, there is no need to filter the
files passed to check-package.
So test all files in the tree when 'make check-package' is called.
It brings following advantages;
- any new check_function added to check-package takes place immediately
for new files;
- adding new check_functions is less traumatic to the developer doing
this, since he/she does not need anymore to fix all warnings in the
tree before the new check_function takes effect;
- prevent regressions, e.g. ANY new .patch file must have SoB;
- as a side-effect, print a single statistics line as output of
'make ckeck-package'.
But just enabling the check would generate many warnings when
'make check-package' is called, so update the ignore file by using:
$ ./utils/docker-run make .checkpackageignore
Notice: in order to ensure reproducible results, one should run 'make
check-package' and 'make .checkpackageignore' inside the docker image,
otherwise a variation in shellcheck version (installed in the host) can
produce different results.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When a new check_function is added to check-package, often there are
files in the tree that would generate warnings.
An example is the Sob check_function for patch files:
| $ ./utils/check-package --i Sob $(git ls-files) >/dev/null
| 369301 lines processed
| 46 warnings generated
Currently these warnings are listed when calling check-package directly,
and also at the output of pkg-stats, but the check_function does not run
on 'make check-package' (that is used to catch regressions on GitLab CI
'check-package' job) until all warnings in the tree are fixed.
This (theoretically) allows new .patch files be added without SoB,
without the GitLab CI catching it.
So add a way to check-package itself ignore current warnings, while
still catching new files that do not follow that new check_function.
Add a file named .checkpackageignore to the buildroot topdir.
It contains the list of check_functions that are expected to fail for
each given intree file tested by check-package.
Each entries is in the format:
<filename> <check_function> [<check_function> ...]
These are 2 examples of possible entries:
package/initscripts/init.d/rcK ConsecutiveEmptyLines EmptyLastLine Shellcheck
utils/test-pkg Shellcheck
Keeping such a list allows us to have fine-grained control over which
warning to ignore.
In order to avoid this list to grow indefinitely, containing entries for
files that are already fixed, make each entry an 'expected to fail'
instead of just an 'ignore', and generate a warning if a check_function
that was expect to fail for a given files does not generate that
warning.
Unfortunately one case that do not generate warning is an entry for a
file that is deleted in a later commit.
By default, all checks are applied. The --ignore-list option allows to
specify a file that contains the list of warnings that should be
ignored.
The paths in the ignore file must be relative to the location of the
ignore file itself, which means:
- in the main Buildroot tree, the paths in the ignore file are
relative to the root of the main Buildroot tree
- in a BR2_EXTERNAL tree, if the ignore file is at the root of the
BR2_EXTERNAL, the paths it contains must be relative to that root
of the BR2_EXTERNAL
This is one more step towards standardizing the use of just 'make
check-package' before submitting patches to the list.
Cc: Sen Hastings <sen@phobosdpl.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>