- May 12, 2020
-
-
Peter Korsgaard authored
Signed-off-by:
Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 2f7183d13133f2ded97fee273bd0cbed10226e4e) [Peter: drop Makefile changes] Signed-off-by:
-
Peter Korsgaard authored
Signed-off-by: -
Peter Korsgaard authored
Fixes the following security vulnerabilities: CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack corruption when they were passed a pseudo-zero argument. Reported by Guido Vranken / ForAllSecure Mayhem. CVE-2020-1751: A defect in the PowerPC backtrace function could cause an out-of-bounds write when executed in a signal frame context. CVE-2020-1752: A use-after-free vulnerability in the glob function when expanding ~user has been fixed. Signed-off-by: -
Christian Stewart authored
Signed-off-by:
Christian Stewart <christian@paral.in> Signed-off-by:
-
Christian Stewart authored
From the release notes: - Improve mitigation for CVE-2019-14271 for some nscd configuration. Signed-off-by:
-
Fabrice Fontaine authored
Prevent possible use-after-free and double-free in ares_getaddrinfo() if ares_destroy() is called prior to ares_getaddrinfo() completing. https://c-ares.haxx.se/changelog.html#1_16_1 Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute. Signed-off-by:
-
Louis Aussedat authored
python-future does not depends on python2. The package work with python 3.x. Signed-off-by:
Louis Aussedat <aussedat.louis@gmail.com> Signed-off-by:
-
- May 11, 2020
-
-
Peter Seiderer authored
Add patch to fix availability check for storeRGB32FromARGB32PM_neon(), only available for arm little-endian. Fixes: - http://autobuild.buildroot.net/results/ab623253a6d988f4ee03d292ee85f3455de2ea25 .obj/qimage_conversions.o: In function `convert_generic(QImageData*, QImageData const*, QFlags<Qt::ImageConversionFlag>)': qimage_conversions.cpp:(.text+0x2598): undefined reference to `storeRGB32FromARGB32PM_neon(unsigned char*, unsigned int const*, int, int, QVector<unsigned int> const*, QDitherInfo*)' qimage_conversions.cpp:(.text+0x259c): undefined reference to `storeRGB32FromARGB32PM_neon(unsigned char*, unsigned int const*, int, int, QVector<unsigned int> const*, QDitherInfo*)' .obj/qimage_conversions.o: In function `convert_generic_inplace(QImageData*, QImage::Format, QFlags<Qt::ImageConversionFlag>)': qimage_conversions.cpp:(.text+0x28fc): undefined reference to `storeRGB32FromARGB32PM_neon(unsigned char*, unsigned int const*, int, int, QVector<unsigned int> const*, QDitherInfo*)' qimage_conversions.cpp:(.text+0x2900): undefined reference to `storeRGB32FromARGB32PM_neon(unsigned char*, unsigned int const*, int, int, QVector<unsigned int> const*, QDitherInfo*)' Signed-off-by:
Peter Seiderer <ps.report@gmx.net> Signed-off-by:
-
Peter Korsgaard authored
To match the docker-engine version. ./support/testing/run-tests tests.package.test_docker_compose.TestDockerCompose 09:54:39 TestDockerCompose Starting 09:54:40 TestDockerCompose Building 10:45:33 TestDockerCompose Building done 10:46:30 TestDockerCompose Cleaning up . ---------------------------------------------------------------------- Ran 1 test in 3121.828s OK Signed-off-by: -
Fabrice Fontaine authored
Set PAHO_HIGH_PERFORMANCE to disable free redefiniton as suggested by upstream in https://github.com/eclipse/paho.mqtt.c/issues/846. This will avoid the following build failure on musl: /tmp/instance-1/output-1/host/x86_64-buildroot-linux-musl/sysroot/usr/include/sched.h:80:17: error: expected declaration specifiers or '...' before string constant void free(void *); ^ /tmp/instance-1/output-1/host/x86_64-buildroot-linux-musl/sysroot/usr/include/sched.h:80:17: error: expected declaration specifiers or '...' before numeric constant void free(void *); ^ [ 35%] Building C object src/CMakeFiles/common_obj.dir/Base64.c.o [ 36%] Building C object src/CMakeFiles/common_obj.dir/SHA1.c.o make[3]: *** [src/CMakeFiles/common_obj.dir/build.make:284: src/CMakeFiles/common_obj.dir/MQTTReasonCodes.c.o] Error 1 Fixes: - http://autobuild.buildroot.org/results//fbe57a1602fed331ddff3ff3560dce02573816ff Signed-off-by:
-
Peter Korsgaard authored
Signed-off-by: -
Fabrice Fontaine authored
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. Signed-off-by:
-
- May 10, 2020
-
-
Angelo Compagnucci authored
Bumping the hashes for CIP and CIP RT. Signed-off-by:
Angelo Compagnucci <angelo@amarulasolutions.com> Signed-off-by:
-
Peter Seiderer authored
Add upstream patch to fix squashfs-tools build failures because of missing external declaration for fwriter_buffer and bwriter_buffer. Fixes: - http://autobuild.buildroot.net/results/6789b668898245926e0a3a3e7caf823dff515d71 /usr/bin/ld: read_fs.o:(.bss+0x0): multiple definition of `fwriter_buffer'; mksquashfs.o:(.bss+0x400c90): first defined here /usr/bin/ld: read_fs.o:(.bss+0x8): multiple definition of `bwriter_buffer'; mksquashfs.o:(.bss+0x400c98): first defined here Signed-off-by:
Yann E. MORIN <yann.morin.1998@free.fr>
-
- May 09, 2020
-
-
Peter Seiderer authored
Add two upstream patches fixing input_event time related compile failures. Fixes: - http://autobuild.buildroot.net/results/3883a948e30cfd235cfca1fb8646fe8032f5e18d keytable.c: In function 'test_event': keytable.c:1536:11: error: 'struct input_event' has no member named 'time'; did you mean 'type'? ev[i].time.tv_sec, ev[i].time.tv_usec, ^~~~ type keytable.c:1536:30: error: 'struct input_event' has no member named 'time'; did you mean 'type'? ev[i].time.tv_sec, ev[i].time.tv_usec, ^~~~ type Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-
Peter Seiderer authored
Fixes: - http://autobuild.buildroot.net/results/af76190876656252eb6f60220cdb1d627a03b7c3 evdevkeyboard/qevdevkeyboardhandler.cpp: In member function ‘void QEvdevKeyboardHandler::switchLed(int, bool)’: evdevkeyboard/qevdevkeyboardhandler.cpp:153:28: error: ‘struct input_event’ has no member named ‘time’; did you mean ‘type’? ::gettimeofday(&led_ie.time, 0); ^~~~ type evdevtouch/qevdevtouchhandler.cpp: In member function ‘void QEvdevTouchScreenData::processInputEvent(input_event*)’: evdevtouch/qevdevtouchhandler.cpp:579:29: error: ‘struct input_event’ has no member named ‘time’; did you mean ‘type’? m_timeStamp = data->time.tv_sec + data->time.tv_usec / 1000000.0; ^~~~ type evdevtouch/qevdevtouchhandler.cpp:579:49: error: ‘struct input_event’ has no member named ‘time’; did you mean ‘type’? m_timeStamp = data->time.tv_sec + data->time.tv_usec / 1000000.0; ^~~~ type Signed-off-by:
-
Fabrice Fontaine authored
cvs is an old package, and it shows: - CVS is licensed under GPL-1.0+ as stated in README (referenced in source code) and COPYING files; - COPYING.LIB also give the terms of LGPL-2.0+, and is referenced by a few files, like lib/strnlen1.c, mostly vampirised rom older versions of the GNU C library (glibc); - additionally, the glob implementation was also grabbed from a more recent (but still old) glibc version, and is LGPL-2.1+, but there is no license file associated with it, so we use the header instead. Also update indentation in hash file (two spaces) Signed-off-by: -
Louis-Paul Cordier authored
BR2_PACKAGE_HOST_ZLIB does not exist, and should anyway not be selected by the target pigz package. Signed-off-by:
Louis-Paul Cordier <lpdev@cordier.org> Signed-off-by:
-
Peter Seiderer authored
Add upstream commit to fix host package compile failure. Fixes: http://autobuild.buildroot.net/results/d9c5d17de03f5d0316d5f54f9cd579b79d311d03 fsck.c:1213:9: error: missing braces around initializer [-Werror=missing-braces] struct fsck_user_input ui = {0,}; ^ Signed-off-by:
-
Peter Seiderer authored
Fixes: - http://autobuild.buildroot.net/results/5c5/5c5d71fde80a4f2f027085bdb0fae9fb76ab9d32 fsck.c:1062:18: error: 'node' may be used uninitialized in this function [-Werror=maybe-uninitialized] node->parent = dir; ^ fsck.c:870:22: note: 'node' was declared here struct exfat_inode *node; ^ Signed-off-by:
-
Peter Seiderer authored
Fixes: - http://autobuild.buildroot.net/results/a7364a6b3801d7d18c30c7242c6faf19431fddfd mkfs.c:60:14: error: format '%llu' expects argument of type 'long long unsigned int', but argument 2 has type 'long unsigned int' [-Werror=format=] exfat_debug("Volume Length(sectors) : %llu\n", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by:
-
Asaf Kahlon authored
'computer' -> 'computed'. Signed-off-by:
Asaf Kahlon <asafka7@gmail.com> [yann.morin.1998@free.fr: two spaces in hash file] Signed-off-by:
-
Fabrice Fontaine authored
host-gawk is used by brltty to build brlapi_constants.h, the build will fail if mawk is used instead of gawk Fixes: - http://autobuild.buildroot.org/results/4c77f03cbc7ab9e5ae9f24fe6eead1d76c50c743 Signed-off-by:
-
Romain Naour authored
Irrlicht fail to detect properly the NEON support on aarch64 or ARM with NEON FPU support. While linking an application with libIrrlicht.so, we get an undefined reference to png_init_filter_functions_neon. Some files are missing in the libpng bundled in Irrlicht, in particular arm/arm_init.c [1], so disable NEON support completely. This can be reproduced by building minetest using this defconfig for aarch64: BR2_aarch64=y BR2_TOOLCHAIN_EXTERNAL=y BR2_PACKAGE_MINETEST=y BR2_PACKAGE_MINETEST_CLIENT=y BR2_PACKAGE_MINETEST_SERVER=y BR2_PACKAGE_MESA3D=y BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST=y BR2_PACKAGE_MESA3D_OPENGL_GLX=y BR2_PACKAGE_XORG7=y Or for ARM with NEON FPU support: BR2_arm=y BR2_cortex_a15=y BR2_ARM_FPU_NEON=y BR2_TOOLCHAIN_EXTERNAL=y BR2_PACKAGE_MINETEST=y BR2_PACKAGE_MINETEST_CLIENT=y BR2_PACKAGE_MINETEST_SERVER=y BR2_PACKAGE_MESA3D=y BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST=y BR2_PACKAGE_MESA3D_OPENGL_GLX=y BR2_PACKAGE_XORG7=y [1] https://github.com/glennrp/libpng/tree/v1.6.37/arm Signed-off-by:
Romain Naour <romain.naour@gmail.com> Signed-off-by:
-
Romain Naour authored
Remove upstream patch [1]. This version bump contain a patch removing EGL_NO_CONFIG_MESA [2], a define that no longer exists in recent Mesa versions. Update indentation of hash file (two spaces). Fixes: http://autobuild.buildroot.net/results/8ede89a673f83896745f90fd51458cac5fe7bb8f [1] https://gitlab.freedesktop.org/mesa/piglit/-/commit/8417ca1725d523493d8f6782699273dc056888ac [2] https://gitlab.freedesktop.org/mesa/piglit/-/commit/1fe351e533a1c8b88551b06e6d76e5c2bf8228bc Signed-off-by:
-
Vadym Kochan authored
1. trafgen: reset errno before calling sscanf in str2mac (@troglobit, #213) 2. ifpps: fix iface stat parsing if interface name contains uppercase characters (@bganne, #215) 3. mausezahn: fix display of missing argument error (@micrictor, #217) 4. mausezahn: support -R to set packet priority (@pmachata) 5. netsniff-ng: handle various malformed packets in protocol dissectors (@nathaniellives, #221) Signed-off-by:
Vadym Kochan <vadim4j@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. Signed-off-by:
-
Angelo Compagnucci authored
This patch bumps Linux CIP RT version to 4.19.115-cip24-rt9. Signed-off-by:
-
Angelo Compagnucci authored
This patch bumps Linux CIP version to v4.19.118-cip25. Signed-off-by:
-
Romain Naour authored
Back in commit [1], a patch fixing an issue a PowerPC issue in gcc was added in gcc 4.3.3. It was present until gcc 4.9, which itself was removed in [2]. The patch was dropped starting gcc 5.1 [3] but it's know to be useful for gcc 4.7.3 [4]. However, even though we no longer support building any of those older gcc versions, the conditional patching logic in gcc.mk is still there. We used to have a patch directory (package/gcc/$(GCC_VERSION)) for every gcc version available in Buildroot, the apply-patches.sh script doesn't error out even if 1000-powerpc-link-with-math-lib.patch.conditional is missing. But with gcc 10, we don't need (for the moment) to apply any patch, so the patch directory doesn't exist. apply-patches.sh breaks the build since the patch directory is missing: Aborting. 'package/gcc/10.1.0' is not a directory. Since we removed gcc 4.9 last year [2], we can safely remove this code. Tested using qemu_ppc_virtex_ml507_defconfig. [1] bb1f42e4 [2] baf17750 [3] 4deb2d93 [4] 197006a4 Signed-off-by:
-
Fabrice Fontaine authored
Commit cb5df2fe wrongly removed the first patch which is not in version 0.5.6. So add it back and update it so that it applies cleanly. Fixes: - http://autobuild.buildroot.org/results/ddb57462945c5c2340cc375aa6fe2848d13d7001 Signed-off-by:
-
James Hilliard authored
We need to backport a commit so that we can enable/disable sse2 using the ARGON2_CFFI_USE_SSE2 env variable. Fixes: http://autobuild.buildroot.net/results/030/0306d66d081dd0807c577edd50d39075a46d0dd9/build-end.log Signed-off-by:
James Hilliard <james.hilliard1@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.net/results/11bc7f4e1c54f074dd10a995233bee45c293e488 Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - https://bugs.buildroot.org/show_bug.cgi?id=12841 Signed-off-by:
-
Fabrice Fontaine authored
Commit 3052da3e did not renumber remaining patches, fix that Signed-off-by:
-
Nicola Di Lieto authored
ualpn requires mbedTLS to be configured and built with MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION which is not the default and can be a security risk. Therefore make BR2_PACKAGE_UACME_UALPN depend on BR2_PACKAGE_OPENSSL || BR2_PACKAGE_GNUTLS. Fixes http://autobuild.buildroot.net/results/d241121f8155bad9b6b25c16234576abb7fc940b See also https://github.com/ndilieto/uacme/issues/23 https://github.com/ARMmbed/mbedtls/issues/3241 https://github.com/ARMmbed/mbedtls/pull/3243 http://lists.busybox.net/pipermail/buildroot/2020-April/281059.html http://lists.busybox.net/pipermail/buildroot/2020-April/281108.html Signed-off-by:
Nicola Di Lieto <nicola.dilieto@gmail.com> Signed-off-by:
-
Yann E. MORIN authored
In commit ff9f778c (support/gnuconfig: update to 2019-05-28), we forgot to update the README to reference the sha1 we're using, keeping the old one from 2016... Update it now. Signed-off-by:
-
Fabrice Fontaine authored
This bump will fix a build failure with gcc 4.8 Fixes: - http://autobuild.buildroot.org/results/1a7fe7ac8cbe9997bc5d1e9ade24bc2ee6ac6abe Signed-off-by:
-
Fabrice Fontaine authored
- Drop patch (already in version) - Fix multiple CVEs: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041, CVE-2020-11019, CVE-2020-11017, CVE-2020-11018 - Fix multiple leak and crash issues (#6129, #6128, #6127, #6110, #6081, #6077) Extracted from: https://github.com/FreeRDP/FreeRDP/commit/65d3ff44617c5a343f726985ed45e3a0a35dfaf3 Signed-off-by:
-
