- May 11, 2021
-
-
Fabrice Fontaine authored
https://sourceware.org/pipermail/elfutils-devel/2021q2/003797.html Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
https://github.com/gerbera/gerbera/releases/tag/v1.8.1 Signed-off-by:
-
Fabrice Fontaine authored
domoticz fails to build with gcc 5 since bump to version 2021.1 in commit 33b49c4a because domoticz needs C++14 since https://github.com/domoticz/domoticz/commit/bdf82257dc93daa78b0179a0229539553b608f6b Fixes: - http://autobuild.buildroot.org/results/f4f9caa44d1836279c3806bc990a1203bf743c0d Signed-off-by:
-
Fabrice Fontaine authored
Build fails since bump to version 3.0.0 in commit af5226f2 because ruby needs atomic operation support since https://github.com/ruby/ruby/commit/6ed6b85ece8733518a7da0c3ec714f20d1102bf5 Fixes: - http://autobuild.buildroot.org/results/84ee5f4688be994a5440c3a61bddabee72ca3b3c Signed-off-by:
-
Marcin Niestroj authored
Downstream patches have been mainlined in commits [1] (v2.03.06) and [2] (v2.03.12). Second patch was slightly modified, so replace --disable-symvers with --with-symvers=no. [1] https://github.com/lvmteam/lvm2/commit/125f27ac37bc9b93cc96f64052b9681b3d479ee1 [2] https://github.com/lvmteam/lvm2/commit/1cedbaf13778de02e38b5dc80a7af246b7ec83e5 Signed-off-by:
Marcin Niestroj <m.niestroj@grinn-global.com> Signed-off-by:
-
Marcin Niestroj authored
ftp links do not seem to be accessible anymore. Replace them with http. Signed-off-by:
-
Peter Korsgaard authored
Commit 3b551f68 (boot/beaglev-ddrlnit: rename to beaglev-ddrinit to match renamed upstream repo) forgot to update the include in boot/Config.in, breaking menuconfig. Signed-off-by:
-
- May 10, 2021
-
-
Edgar Bonet authored
The Linux build needs openssl: https://gitlab.com/buildroot.org/buildroot/-/jobs/1240157423 https://gitlab.com/buildroot.org/buildroot/-/jobs/1240157424 Signed-off-by:
Edgar Bonet <bonet@grenoble.cnrs.fr> Signed-off-by:
-
Sébastien Szymanski authored
Current URL returns 403 error: --2021-05-10 10:04:12-- https://dl.bintray.com/boostorg/release/1.75.0/source/boost_1_75_0.tar.bz2 Resolving dl.bintray.com... 18.193.131.58, 3.66.199.110 Connecting to dl.bintray.com|18.193.131.58|:443... connected. HTTP request sent, awaiting response... 403 Forbidden 2021-05-10 10:04:12 ERROR 403: Forbidden. Bintray has been sunset on May 1st: https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/ Update the URL to the new upstream location to fix this issue. Signed-off-by:
Sébastien Szymanski <sebastien.szymanski@armadeus.com> Signed-off-by:
-
Create a new user 'sudotest' to validate that sudo really works (i.e. properly has setuid). Creating the user and adding it to sudoers is done at runtime, otherwise we'd need to add extra files to the config which complicates things a little bit. Signed-off-by:
Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by:
-
Bernd Kuhls authored
Changelog: https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt Signed-off-by:
Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by:
-
Bernd Kuhls authored
Changelog: https://github.com/kodi-pvr/pvr.iptvsimple/blob/Matrix/pvr.iptvsimple/changelog.txt Signed-off-by:
-
Peter Korsgaard authored
And adjust DEVELOPERS and beaglev_defconfig to match. The typo in the repo name has now been fixed: https://github.com/starfive-tech/beagle_ddrinit/issues/6 Signed-off-by:
-
Fabrice Fontaine authored
Build without dlfcn.h fails because bullet3 is not disabled since commit 5f154799 Fixes: - http://autobuild.buildroot.org/results/ab2efdd1eac64474adf00d8e60b42110c6e89143 Signed-off-by:
-
Fabrice Fontaine authored
- Add ac_cv_prog_cc_c99 to avoid a build failure due to https://github.com/open-mpi/hwloc/commit/f2226f76e104923a76c5d09328284104abad6b01 - Update hash of COPYING, copyrights added with https://github.com/open-mpi/hwloc/commit/ebaa3595e2ddc6e0e94e8ea5b1472f1a21969c80 - Update indentation in hash file (two spaces) As a side effect, this will remove numactl dependency (which raises a build failure with sparc v8 since commit 4ed540dd) thanks to: https://github.com/open-mpi/hwloc/commit/e6a53bbf65458fd5fe4d45d5a83027b530566591 https://github.com/open-mpi/hwloc/blob/hwloc-2.4.1/NEWS Fixes: - http://autobuild.buildroot.org/results/5f9394d3bab4e83edbea9bc607c3e135adfdabbc Signed-off-by:
-
Fabrice Fontaine authored
Fix build failure on uclibc raised since bump to version 0.75 in commit d562009f Fixes: - http://autobuild.buildroot.org/results/726f7c5ce13e78ed91e827b872e9d7ccfa13f298 Signed-off-by:
-
Fabrice Fontaine authored
https://github.com/riscv/opensbi/releases/tag/v0.9 Signed-off-by:
Alistair Francis <alistair.francis@wdc.com> Signed-off-by:
-
Vincent Stehle authored- Bump kernel to version 5.12.2. - Bump U-Boot to version 2021.04. While at it, switch U-Boot to the Kconfig build system and add some more comments to the defconfig. Signed-off-by:
Vincent Stehlé <vincent.stehle@laposte.net> Cc: Fabio Estevam <festevam@gmail.com> Reviewed-by:
Fabio Estevam <festevam@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
Fix CVE-2020-36317, CVE-2020-36318, CVE-2020-36323, CVE-2021-28877, CVE-2021-28875, CVE-2021-28876, CVE-2021-28878 and CVE-2021-28879 https://github.com/rust-lang/rust/blob/1.52.0/RELEASES.md Signed-off-by:
-
Vincent Stehle authored
- Bump kernel to version 5.12.2. - Bump U-Boot to version 2021.04. While at it, enable VFPv3 with 32 registers (instead of 16) and add a few comments to the defconfig. Signed-off-by:
-
Peter Korsgaard authored
Signed-off-by:
-
- May 08, 2021
-
-
Alexander Dahl authored
Upstream does not set -Werror in its build files anymore. License file just changed copyright years and holders. PGP signatures of source tarball and hashes were checked. Link: https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.75.html Link: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html Signed-off-by:
Alexander Dahl <post@lespocky.de> Signed-off-by:
-
Fabrice Fontaine authored
As stated in commit 26a7d912, upstream is aware than the lack of release is an issue but no comments since 2018: https://github.com/monkey/monkey/issues/276 Moreover, TLS support is broken since 2016 but again upstream does not seem to care about it: https://github.com/monkey/monkey/issues/336 So just drop monkey Fixes: - http://autobuild.buildroot.org/results/0626ebab4f084d9b97d6696c7d4ebf7760d776a3 Signed-off-by:
-
John Keeping authored
When building host-cryptsetup, if tmpfiles.d support is enabled then the install step tries to install /usr/lib/tmpfiles.d/cryptsetup.conf globally on the host system. Even if the tmpfiles.d config were installed correctly in the host directory, nothing would ever run these rules, so disable this feature via configure. Signed-off-by:
John Keeping <john@metanate.com> Signed-off-by:
-
Marcin Niestroj authored
Signed-off-by:
-
Fabrice Fontaine authored
http://www.haproxy.org/download/2.2/src/CHANGELOG Signed-off-by:
-
Fabrice Fontaine authored
This release includes security fixes: - CVE-2021-28965: XML round-trip vulnerability in REXML - CVE-2021-28966: Path traversal in Tempfile on Windows https://www.ruby-lang.org/en/news/2021/04/05/ruby-3-0-1-released/ Signed-off-by:
-
Peter Korsgaard authored
Includes a number of bugfixes and the security fixes up to 368, so drop those. For details, see the release notes: https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-2/ Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - CVE-2021-31525: ReadRequest and ReadResponse in net/http can hit an unrecoverable panic when reading a very large header (over 7MB on 64-bit architectures, or over 4MB on 32-bit ones). Transport and Client are vulnerable and the program can be made to crash by a malicious server. Server is not vulnerable by default, but can be if the default max header of 1MB is overridden by setting Server.MaxHeaderBytes to a higher value, in which case the program can be made to crash by a malicious client. https://github.com/golang/go/issues/45710 Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - bpo-43434: Creating a sqlite3.Connection object now also produces a sqlite3.connect auditing event. Previously this event was only produced by sqlite3.connect() calls. Patch by Erlend E. Aasland. - bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks. Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks. - bpo-43472: Ensures interpreter-level audit hooks receive the cpython.PyInterpreterState_New event when called through the _xxsubinterpreters module. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notatation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. - bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame, and generator code/frame attribute access. https://www.python.org/downloads/release/python-395/ Signed-off-by:
-
- May 07, 2021
-
-
Thomas Petazzoni authored
This commit extends the beaglev_defconfig and its documentation to build the low-level firmware, and to explain how to reflash it. Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@bootlin.com> Reviewed-by:
Bin Meng <bmeng.cn@gmail.com> [yann.morin.1998@free.fr: use typoed-name for beaglev-ddrlnit] Signed-off-by:
Yann E. MORIN <yann.morin.1998@free.fr>
-
Thomas Petazzoni authored
This packages allows to build the first stage bootloader used on the BeagleV, which is used even before the DDR initialization and OpenSBI/U-Boot. Yes, "secondboot" is strange for what is the first stage bootloader, but that's the upstream name. Signed-off-by:
-
Thomas Petazzoni authored
This commit adds a package for the DDR initialization code used on the BeagleV platform. The typo in the package name is upstream's typo, and we just keep it. Signed-off-by:
-
Thomas Petazzoni authored
This commit adds a new package for a prebuilt bare-metal toolchain for RISC-V 64-bit. Indeed, some bootloader/firmware for the BeagleV (and potentially later for other platforms?) do not build with a Linux-capable toolchain. This uses a pre-built toolchain from SiFive, precompiled for x86-64, so all packages using this toolchain must have the appropriate BR2_HOSTARCH dependency. This package is modeled after package/arm-gnu-a-toolchain/, which package a pre-built ARM32 bare-metal toolchain. Signed-off-by:
-
Thomas Petazzoni authored
This commit introduces support for the RISC-V based BeagleV platform, which uses a Starfive JH7100. Signed-off-by:
-
Thomas Petazzoni authored
Until now, whenever a BR2_TARGET_OPENSBI_PLAT value was specified, opensbi.mk was assuming that both fw_jump and fw_dynamic would be produced. However, this is not the case: the OpenSBI per-platform config.mk can decide which image to build. As an example, the config.mk for VIC7100-based BeagleV only enables producing the fw_payload image. This commit adds three options to enable the installation of images: one for fw_jump, one for fw_dynamic, one for fw_payload. The options for fw_jump and fw_dynamic are "default y" when BR2_TARGET_OPENSBI_PLAT is not empty, to preserve existing behavior. The option for fw_payload is forcefully selected when either Linux or U-Boot are selected as payloads. Signed-off-by:
-
Fabrice Fontaine authored
libfribidi is an optional dependency (enabled by default) since version 0.8.0 and https://github.com/cegui/cegui/commit/17974582e6b6a7d8f5853b0272433f130f82e52a Signed-off-by:
Bartosz <Bilas<b.bilas@grinn-global.com> Reviewed-by:
-
Fabrice Fontaine authored
Fix CVE-2021-20208: A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. https://lists.samba.org/archive/samba-technical/2021-April/136467.html Signed-off-by:
-
Yann E. MORIN authored
Commit 057e2702 (package/openjdk{, -bin}: bump latest to version 16.0.1+9) partially switched over to using the Github repository (which is the new official publication channel for OpenJDK). However, only the JDK16 was switched, because of concerns about a change in the hash of Github-generated archives for the JDK11, due to a missing Hg-related file on Github. But as Arnout put it: There's a trivial workaround: drop OPENJDK_SOURCE = .... That way, the tarball name becomes openjdk-... instead of jdk-... and it's a different file. There is indeed no good reason to force a non-default filename for the archive, so we do drop it. As a consequence, we can fully switch over to Github for openjdk, using the new version scheme. Of course the hash changes, but it is a new file, so that's OK. The filename for the JDK16 changes, but the content does not change, so the hash does not change. For consistency, the version scheme is also applied to openjdk-bin. Even though it was already using Github, using that new version scheme also allows to commonalise the variables too. The archives are the exact same: no change in filename or content, so no hash to fixup. Reported-by:
Adam Duskett <Aduskett@gmail.com> Signed-off-by:
-
Peter Korsgaard authored
Django 3.0.x is EOL, so move to 3.2.x which is the new LTS release. For details of the changes and update instructions, see the announcement: https://www.djangoproject.com/weblog/2021/apr/06/django-32-released/ Fixes the following security issues: - CVE-2021-30459 - SQL Injection via Select, Explain and Analyze forms of the SQLPanel for Django Debug Toolbar >= 0.10.0 With Django Debug Toolbar 0.10.0 and above, attackers are able to execute SQL by changing the raw_sql input of the SQL explain, analyze or select forms and submitting the form. This is a high severity issue for anyone using the toolbar in a production environment. Generally the Django Debug Toolbar team only maintains the latest version of django-debug-toolbar, but an exception was made because of the high severity of this issue. The GitHub Security Advisory can be found here: https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj - CVE-2021-31542: Potential directory-traversal via uploaded files MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names. In order to mitigate this risk, stricter basename and path sanitation is now applied. Specifically, empty file names and paths with dot segments will be rejected. This issue has low severity, according to the Django security policy. - CVE-2021-32052: Header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+ On Python 3.9.5+, URLValidator didn't prohibit newlines and tabs. If you used values with newlines in HTTP response, you could suffer from header injection attacks. Django itself wasn't vulnerable because HttpResponse prohibits newlines in HTTP headers. Moreover, the URLField form field which uses URLValidator silently removes newlines and tabs on Python 3.9.5+, so the possibility of newlines entering your data only existed if you are using this validator outside of the form fields. This issue was introduced by the bpo-43882 fix. Signed-off-by:
-
