Replace first patch (which is not in master after nearly 4 years) with
a new set of pending patches to fix the following build failure with
gcc >= 7:
liboping.c: In function 'ping_set_ttl':
liboping.c:207:9: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 242 [-Werror=format-truncation=]
207 | "%s: %s", function, message);
| ^~
......
829 | sstrerror (ret, errbuf, sizeof (errbuf)));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
liboping.c:206:2: note: 'snprintf' output between 15 and 270 bytes into a destination of size 256
206 | snprintf (obj->errmsg, sizeof (obj->errmsg),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
207 | "%s: %s", function, message);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/31083354e9064b2deef86917d67e92a88af0fa46
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Link to Rust 1.60.0: https://blog.rust-lang.org/2022/04/07/Rust-1.60.0.html
Packages relying on Rust have been updated to support version 1.60.0:
package/rust
package/rust-bin
Newest version of the source archives have been retrieved with their hash values, and the signature of the .asc files have been verified as follows:
$ curl -fsSL https://static.rust-lang.org/rust-key.gpg.ascii | gpg --import
$ gpg --verify <filename.asc> <filename>
The signatures were recognized but the ownership from https://static.rust-lang.org could not be verified. Because this URL can be trusted, it has been considered to blindly sign the corresponding key:
$ gpg --lsign-key 85AB96E6FA1BE5FE
There is no typographical error in the packages according to the check-pakage utility:
$ ./utils/check-package package/rust-bin/*
$ ./utils/check-package package/rust/*
The testsuites for the rust-bin and rust packages to test the Rust toolchain under 1.60.0 were successful:
$ ./support/testing/run-tests -k -d dl/ -o testsuite tests.package.test_rust.TestRustBin
$ ./support/testing/run-tests -k -d dl/ -o testsuite tests.package.test_rust.TestRust
In order to verify the compatibility of Rust 1.60.0 with packages relying on it, tests using `./utils/test-pkg` were run.
For example, running the following command with `.conf` file enabling the corresponding BR2_PACKAGE:
$ ./utils/test-pkg -d test-pkg -c ripgrep.config -p ripgrep
Results:
package/ripgrep: OK
package/librsvg : OK
package/suricata: OK
package/bat: OK
Notes:
- For all the mentionned packages, the successful build was made on the toolchain bootlin-armv7-glibc (except package/bat, for which it was bootlin-x86-64-musl).
- A redundant build fail was witnessed for the bootlin-x86-64-musl toolchain for all the packages tested (except for package/bat). The same tests were redone in the master branch and it was already the case with Rust 1.58.1.
Signed-off-by: Nicolas Tran <nicolas.tran@smile.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libbpf needs __sync_*_4 intrisics since bump to version 0.7.0 in commit
4b1003855b and
b0c3d7133f
Fixes:
- No autobuilder failures (yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
bpftool needs __sync_*_4 intrisics since its addition in commit
3675131e6c and
b0c3d7133f:
/nvmedata/autobuild/instance-26/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/10.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /nvmedata/autobuild/instance-26/output-1/build/bpftool-v6.7.0/src/libbpf/libbpf.a(libbpf.o): in function `bpf_program__attach_kprobe_opts':
libbpf.c:(.text+0xff88): undefined reference to `__sync_fetch_and_add_4'
Fixes:
- http://autobuild.buildroot.org/results/919b8351d3783ca30a860df87ae814d5c4b9fd41
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libudfread needs __sync_*_4 or threads since its addition in commit
c477885e3f and
06c3cb9223
to avoid the following build failure:
src/udfread.c:108:3: error: #error no atomic operation support
108 | # error no atomic operation support
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/f76d475f49d525095ac0054224b50b9e612691d6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure with libressl >= 2.8.0 raised since
703abab321:
/nvmedata/autobuild/instance-20/output-1/build/azure-iot-sdk-c-LTS_01_2022_Ref01/c-utility/adapters/tlsio_openssl.c: In function 'add_certificate_to_store':
/nvmedata/autobuild/instance-20/output-1/build/azure-iot-sdk-c-LTS_01_2022_Ref01/c-utility/adapters/tlsio_openssl.c:961:24: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
961 | bio_method = BIO_s_mem();
| ^
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/873f86fb2311ed29a791140f2341943475985fcc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following uclibc build failure without wchar raised since bump
to version 1.33.1 in commit 73dc2eef2d:
configure: error: Netdata requires a compiler that supports C99 to build
Fixes:
- http://autobuild.buildroot.org/results/bca4d370ed0553d5f99f1277d0a1e3b49f62b95f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure:
local.c: In function 'create_and_bind':
local.c:218:12: error: 'listen_sock' may be used uninitialized in this function [-Werror=maybe-uninitialized]
218 | return listen_sock;
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/27471a878ff52a972ac087d534e44fb0c50808f6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Disable legacy-rtkit which we don't support.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is an host-only package that does preprocessing to .rl files to
turn them into .c or .cpp files.
Initially added to support package/roc.
See https://www.colm.net/open-source/ragel/ for the project's home page:
Ragel compiles executable finite state machines from regular languages.
Ragel targets C, C++ and ASM. Ragel state machines can not only
recognize byte sequences as regular expression machines do, but can
also execute code at arbitrary points in the recognition of a regular
language. Code embedding is done using inline operators that do not
disrupt the regular language syntax.
Signed-off-by: Théo Lebrun <theo.lebrun@bootlin.com>
[yann.morin.1998@free.fr: drop empty _DEPENDENCIES]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Libcurl is now an optional dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Migrate build system from distutils to setuptools.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
License hash changed due to date update:
557a900123
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
License hash changed due to adding dates/author name:
b5c9f346ce
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
php-apcu needs threads since its addition in commit
8ddeeffa18:
In file included from /home/buildroot/autobuild/instance-3/output-1/build/php-apcu-5.1.20/apc_lock.c:20:
/home/buildroot/autobuild/instance-3/output-1/build/php-apcu-5.1.20/apc_lock.h:41:11: fatal error: pthread.h: No such file or directory
41 | # include "pthread.h"
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/314405423aeece5ee55d76ec5c4fa1919e7ee853
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dependency on libiw has been removed since 0.9.3.990 [1].
Dependency on libgcrypt has been removed since 1.2-beta1 [2].
Dependency on libuuid has been removed since 1.31.4-dev [3].
[1]: 7d0761588c
[2]: b6f5f03033
[3]: 73b9883c6f
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Reviewed-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Tested-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libkrb5 does not build with libressl since commit
b7a5b9d06d and upstream is not interested
in fixing this issue as a PR is opened for more than 4 years
(https://github.com/krb5/krb5/pull/607):
pkinit_crypto_openssl.c: In function 'cms_signeddata_verify':
pkinit_crypto_openssl.c:1700:22: error: implicit declaration of function 'OBJ_get0_data'; did you mean 'BIO_get_data'? [-Werror=implicit-function-declaration]
1700 | print_buffer(OBJ_get0_data(etype), OBJ_length(etype));
| ^~~~~~~~~~~~~
| BIO_get_data
Fixes:
- http://autobuild.buildroot.org/results/e623f4e1d6b6004e98815b8b7da3938238890bd8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This allows to build against newer kernels (up to 5.18).
Tested on kernel v5.15.
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
CVE-2022-1271: arbitrary-file-write vulnerability
zgrep applied to a crafted file name with two or more newlines
can no longer overwrite an arbitrary, attacker-selected file.
[bug introduced in gzip-1.3.10]
https://www.openwall.com/lists/oss-security/2022/04/07/8
Other changes:
** Changes in behavior
'gzip -l' no longer misreports file lengths 4 GiB and larger.
Previously, 'gzip -l' output the 32-bit value stored in the gzip
header even though that is the uncompressed length modulo 2**32.
Now, 'gzip -l' calculates the uncompressed length by decompressing
the data and counting the resulting bytes. Although this can take
much more time, nowadays the correctness pros seem to outweigh the
performance cons.
'zless' is no longer installed on platforms lacking 'less'.
** Bug fixes
zgrep now names input file on error instead of mislabeling it as
"(standard input)", if grep supports the GNU -H and --label options.
'zdiff -C 5' no longer misbehaves by treating '5' as a file name.
[bug present since the beginning]
Configure-time options like --program-prefix now work.
Release Announcement:
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issue:
- CVE-2022-1271: Malicious filenames can make xzgrep to write to arbitrary
files or (with a GNU sed extension) lead to arbitrary code execution.
For more details, see the announcement and advisory:
https://www.mail-archive.com/xz-devel@tukaani.org/msg00551.htmlhttps://www.zerodayinitiative.com/advisories/ZDI-22-619/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure on mips64el raised since commit
11b347c03a:
In file included from shim.h:47,
from shim.c:14:
/nvmedata/autobuild/instance-17/output-1/build/shim-15.4/include/system/stdarg.h:72:2: error: #error what arch is this
72 | #error what arch is this
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/74f4f1d010cfde6978fd614195ef0006f0acb45a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update out-of-tree driver to make it work with Linux kernel v5.17.
Signed-off-by: Jan Havran <havran.jan@email.cz>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update out-of-tree driver to make it work with Linux kernel v5.17
(and older kernels not compatible with previous driver version,
like v5.15 etc).
Signed-off-by: Jan Havran <havran.jan@email.cz>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pure-ftpd doesn't build with libressl 3.4.3 which doesn't include
f5674b4e23
resulting in the following build failure:
tls.c: In function 'tls_init_options':
tls.c:329:5: warning: implicit declaration of function 'SSL_CTX_set_num_tickets'; did you mean 'SSL_CTX_set_options'? [-Wimplicit-function-declaration]
SSL_CTX_set_num_tickets(tls_ctx, 0);
^~~~~~~~~~~~~~~~~~~~~~~
SSL_CTX_set_options
Fixes:
- http://autobuild.buildroot.org/results/f5d36180949278510199aa499e253780558c6ffe
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By returning a failure in the event that the initial seed doesn't exist,
we'd then skip creating a new seed, which means we'd never in fact have
an initial seed, and this script is therefore useless. Fix this by
checking for the existence of the seed file first, and just returning 0
if it's not there.
Reported-by: Nicolas Cavallari <Nicolas.Cavallari@green-communications.fr>
Reported-by: Eugen Hristev <Eugen.Hristev@microchip.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()
QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
injection in column aliases, using a suitably crafted dictionary, with
dictionary expansion, as the **kwargs passed to these methods.
CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL
QuerySet.explain() method was subject to SQL injection in option names,
using a suitably crafted dictionary, with dictionary expansion, as the
**options argument.
For more details, see the advisory:
https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
16.24.1:
CVE-2021-37706 / AST-2022-004: pjproject: integer underflow on STUN message
The header length on incoming STUN messages that contain an ERROR-CODE
attribute is not properly checked. This can result in an integer underflow.
Note, this requires ICE or WebRTC support to be in use with a malicious
remote party.
https://seclists.org/fulldisclosure/2022/Mar/0
CVE-2022-23608 / AST-2022-005: pjproject: undefined behavior after freeing a
dialog set
When acting as a UAC, and when placing an outgoing call to a target that then
forks Asterisk may experience undefined behavior (crashes, hangs, etc…)
after a dialog set is prematurely freed.
https://seclists.org/fulldisclosure/2022/Mar/1
CVE-2022-21723 / AST-2022-006: pjproject: unconstrained malformed multipart
SIP message
If an incoming SIP message contains a malformed multi-part body an out of
bounds read access may occur, which can result in undefined behavior. Note,
it’s currently uncertain if there is any externally exploitable vector
within Asterisk for this issue, but providing this as a security issue out
of caution.
https://seclists.org/fulldisclosure/2022/Mar/2
16.25.2:
CVE-2022-26498 / AST-2022-001: res_stir_shaken: resource exhaustion with
large files
When using STIR/SHAKEN, it’s possible to download files that are not
certificates. These files could be much larger than what you would expect to
download.
https://seclists.org/fulldisclosure/2022/Apr/17
CVE-2022-26499 / AST-2022-002: res_stir_shaken: SSRF vulnerability with
Identity header
When using STIR/SHAKEN, it’s possible to send arbitrary requests like GET to
interfaces such as localhost using the Identity header.
https://seclists.org/fulldisclosure/2022/Apr/18
CVE-2022-26651 / AST-2022-003: func_odbc: Possible SQL Injection
Some databases can use backslashes to escape certain characters, such as
backticks. If input is provided to func_odbc which includes backslashes it
is possible for func_odbc to construct a broken SQL query and the SQL query
to fail.
https://seclists.org/fulldisclosure/2022/Apr/19
Update hash of sha1.c after a doxygen comment update:
37c29b6a28
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2022-1328: mutt_decode_uuencoded() can read past the of the input line
Buffer Overflow in uudecoder in Mutt affecting all versions starting from
0.94.13 before 2.2.3 allows read past end of input line
For details, see the release notes:
https://marc.info/?l=mutt-users&m=164979464612885&w=2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
SPI unconditionally uses GPIOHANDLE_SET_LINE_VALUES_IOCTL which is only
available since kernel 4.8 and
d7c51b47ac
resulting in the following build failure since switch to upstream in
commit 03fa36df7e:
linuxspi.c: In function 'linuxspi_reset_mcu':
linuxspi.c:102:28: error: storage size of 'data' isn't known
struct gpiohandle_data data;
^~~~
linuxspi.c:110:32: error: 'GPIOHANDLE_SET_LINE_VALUES_IOCTL' undeclared (first use in this function)
ret = ioctl(fd_linehandle, GPIOHANDLE_SET_LINE_VALUES_IOCTL, &data);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/769021040e5e9293584734e4f461baeaa6dd91cd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
