- May 29, 2021
-
-
Yann E. MORIN authored
Due to the recent events at Frenode [0], the channel has become a bit unreliable (much spammed), and users have started to move away already, as quite a few other projects have moved their IRC presence away from Freenode. There are a few alternatives. The first to spring to mind, is the new Libera.Chat network [1], managed by the previous Freenode staff, so we could expect quite a good experience there. However, it is a very young network. The second well known alternative is the long-established OFTC, which has been very reliable in its 20 years of existence. So, let's move to OFTC, just because it has a track-record of robustness (which Libera.Chat still has to build, for being young). Note: there are a lot of other IRC networks, some very good too, but we probably would be much off-topic on most of them. [0] https://lwn.net/Articles/856543/ [1] https://libera.chat/ [2] https://www.oftc.net/ Signed-off-by:
Yann E. MORIN <yann.morin.1998@free.fr> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Acked-by:
Matthew Weber <matthew.weber@collins.com> Acked-by:
Heiko Thiery <heiko.thiery@gmail.com> Acked-By:
Vincent Fazio <vfazio@xes-inc.com> Acked-by:
Peter Korsgaard <peter@korsgaard.com> Signed-off-by:
-
Fabrice Fontaine authored
xtensa support needs user_pt_regs since version 5.6 and https://github.com/strace/strace/commit/2429c69961e2598902bded9c02dd601b362b66b4 However user_pt_regs is only available since kernel 5.0 and https://github.com/torvalds/linux/commit/06fbac8e8971f2fa526e189304dd95ee62f39dbe Fixes: - http://autobuild.buildroot.org/results/c6c4fb3b9098c5fc5dbe4415e2a9757fc775b746 Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
pipewire unconditionally enables b_pie since version 0.3.20 and https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/abe73c9146cd223b40b22581b1fd58bc044c671e which will raise the following build failure on m68k since commit a6d88d3b: /srv/storage/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/9.3.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-1/output-1/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main': (.text+0x4): undefined reference to `__shared_flat_add_library' To fix this build failure, always set b_pie to false as PIE will be enabled by toolchain/toolchain-wrapper.mk if needed Fixes: - http://autobuild.buildroot.org/results/c258a2736661af8ea73abeda2503d8682e65f1e2 Signed-off-by:
-
Yann E. MORIN authored
This reverts commit a8a147f6. That commit incorrectly made use of BR2_TOOLCHAIN_SUPPORTS_PIE, when it should have been using BR2_PIC_PIE. Besides, another attempt is pending, that unconditionally disables it as it will be set by the toolchain wrapper already. For both reasons, revert rather than switch over to BR2_PIC_PIE. Signed-off-by:
-
Fabrice Fontaine authored
pipewire unconditionally enables b_pie since version 0.3.20 and https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/abe73c9146cd223b40b22581b1fd58bc044c671e which will raise the following build failure on m68k since commit a6d88d3b: /srv/storage/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/9.3.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-1/output-1/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main': (.text+0x4): undefined reference to `__shared_flat_add_library' Fixes: - http://autobuild.buildroot.org/results/c258a2736661af8ea73abeda2503d8682e65f1e2 Signed-off-by:
-
Fabrice Fontaine authored
alsa unconditionally uses ucm since version 0.3.7 and https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/1612f5e4d215bd5edf7d649d220b53ff1ed7c098 which will result in the following build failure since commit a6d88d3b: ../spa/plugins/alsa/acp/alsa-ucm.h:26:10: fatal error: alsa/use-case.h: No such file or directory 26 | #include <alsa/use-case.h> | ^~~~~~~~~~~~~~~~~ Fixes: - http://autobuild.buildroot.org/results/ef53534daf84397b4e22392f2a6be2c335819ab5 Signed-off-by:
-
- May 28, 2021
-
-
Peter Korsgaard authored
Fixes the following vulnerability: - CVE-2021-23017: 1-byte memory overwrite in resolver For more details, see the advisories: https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html https://www.openwall.com/lists/oss-security/2021/05/25/5 Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - CVE-2021-22897: schannel cipher selection surprise https://curl.se/docs/CVE-2021-22897.html - CVE-2021-22898: TELNET stack contents disclosure https://curl.se/docs/CVE-2021-22898.html - CVE-2021-22901: TLS session caching disaster https://curl.se/docs/CVE-2021-22901.html Unconditionally disable the ldap(s) options. These require external libraries, but the options were ignored if the needed libraries weren't available. This is now changed to be a fatal error since https://github.com/curl/curl/commit/dae382a1a1481a94b708c82d5aa9fa7253084160 Additionally, add a post-7.77.0 upstream patch to fix compilation with bearssl. Signed-off-by:
-
- May 27, 2021
-
-
Peter Korsgaard authored
Signed-off-by: -
Fabrice Fontaine authored
Allow to build gdbserver with m68k and uclibc. This patch is not needed for version above 9.2 because build_gdbserver as been moved to its own file since https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=919adfe8409211c726c1d05b47ca59890ee648f1 This new file (gdbserver/configure.srv) does not seem to be affected by this issue Fixes: - http://autobuild.buildroot.org/results/f4d6d9d8418c0da48a3db4ad5a82e19bd16eae34 Signed-off-by:
-
Fabrice Fontaine authored
Fix CVE-2021-30145: A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file. https://github.com/mpv-player/mpv/releases/tag/v0.33.1 Signed-off-by:
-
Fabrice Fontaine authored
Old security issue not fixed: https://github.com/eclipse/paho.mqtt.c/issues/1084 https://github.com/eclipse/paho.mqtt.c/milestone/16?closed=1 Signed-off-by:
-
Fabrice Fontaine authored
boost logs can't be built with riscv32 because it unconditionally uses __NR_futex: libs/log/src/event.cpp: In member function 'void boost::log::v2_mt_posix::aux::futex_based_event::wait()': libs/log/src/event.cpp:38:29: error: '__NR_futex' was not declared in this scope 38 | #define BOOST_LOG_SYS_FUTEX __NR_futex | ^~~~~~~~~~ Fixes: - http://autobuild.buildroot.org/results/8c8135fd7c0517c66c9b3975c494da6d7934cc1b Signed-off-by:Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
-
- May 25, 2021
-
-
Adrian Perez de Castro authored
Pass -DENABLE_GAMEPAD=OFF to CMake in order to disable support for the gamepad API, which requires libmanette, a library that is not yet available in Buildroot. Signed-off-by:
Adrian Perez de Castro <aperez@igalia.com> Signed-off-by:
-
Fabrice Fontaine authored
Commit 888546e5 wrongly removed linking with -lm resulting in the following build failure: /home/buildroot/autobuild/run/instance-3/output-1/host/bin/arm-linux-gnueabihf-gcc -o pi_fm_rds rds.o waveforms.o pi_fm_rds.o fm_mpx.o control_pipe.o -L/home/buildroot/autobuild/run/instance-3/output-1/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/lib -lsndfile /home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-linux-gnueabihf/7.3.1/../../../../arm-linux-gnueabihf/bin/ld: fm_mpx.o: undefined reference to symbol 'cos@@GLIBC_2.4' /home/buildroot/autobuild/run/instance-3/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/lib/libm.so.6: error adding symbols: DSO missing from command line Fixes: - http://autobuild.buildroot.org/results/b2a6e6fd77bf9071ce9f75fed1811be9ffe5366d Signed-off-by:
-
Fabrice Fontaine authored
Fix build failure with mips32 which is raised since the addition of bootlin toolchains Fixes: - http://autobuild.buildroot.org/results/cba3e9d0fd061cc3a92cb732bcdc2c7b66dbf6cb Signed-off-by:
-
- May 24, 2021
-
-
Fabrice Fontaine authored
Build is broken since commit 8bdc5e7c because BR2_PACKAGE_DBUS_PYTHON is selected without selecting BR2_PACKAGE_DBUS Fixes: - http://autobuild.buildroot.org/results/378dd714940440b8f9db763479ae929e90e33b80 Signed-off-by:
-
Yann E. MORIN authored
This reverts commit 92332d31, which was incorrectly applied to master instead of next. Signed-off-by:
-
Michael Nosthoff authored
Signed-off-by:
Michael Nosthoff <buildroot@heine.tech> Signed-off-by:
-
Matthew Weber authored
Since 810ba387, some form of these options are enable by default. Specifically: - Kept FORTIFY level 2 option as the default is now level 1. - Removed all SSP options as the default now uses the best option based on toolchain support. - Similar to SSP, for RELRO, the default now uses the best option based on toolchain support. - Completely drop PIC PIE as it defaults =y Signed-off-by:
-
Yann E. MORIN authored
The default for FOO_CPE_ID_VERSION is to default to FOO_VERSION, so drop this superfluous definition. Signed-off-by:
-
Fabrice Fontaine authored
Use pkg-config to retrieve libsndfile dependencies Signed-off-by:
-
Fabrice Fontaine authored
cpe:2.3:a:php:imagick is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aphp%3Aimagick Signed-off-by:
-
Fabrice Fontaine authored
cpe:2.3:a:kyzer:libmspack is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:kyzer:libmspack Signed-off-by:
-
Fabrice Fontaine authored
cpe:2.3:a:perl:perl is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aperl%3Aperl Signed-off-by:
-
Fabrice Fontaine authored
cpe:2.3:a:gnu:findutils is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Afindutils Signed-off-by:
-
Fabrice Fontaine authored
- Fix numerous CVEs: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html#security https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html#security https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security - Update license to HPND: https://github.com/python-pillow/Pillow/commit/81078e8a0d26c9094446a64aadfa8047b8af3484 https://pillow.readthedocs.io/en/stable/releasenotes/index.html Signed-off-by:
-
Fabrice Fontaine authored
webpmux is an optional dependency since version 2.2.0 and https://github.com/python-pillow/Pillow/commit/b4735f7829bb88c99071cd91b208aa6ffd2cba24 Signed-off-by:
-
Fabrice Fontaine authored
libxcb is an optional dependency since version 7.1.0 and https://github.com/python-pillow/Pillow/commit/3c39e6fcf6a11b18eec0d1c66710bcd35033d069 Signed-off-by:
-
Fabrice Fontaine authored
lcms2 is an optional dependency since version 2.3.0 and https://github.com/python-pillow/Pillow/commit/6d9f34914021951bba42ffe5b6cd80147e7f538f Signed-off-by:
-
Fabrice Fontaine authored
Fix CVE-2013-0340 "Billion Laughs": https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/ https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changes Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/c0881df995093036eb7579d870efcae3feb323aa Signed-off-by:
-
- May 23, 2021
-
-
Fabrice Fontaine authored
NVD database has been updated: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&seach_type=all&query=cpe:2.3:a:libnids_project:libnids:1.24:*:*:*:*:*:*:* Signed-off-by:
-
Fabrice Fontaine authored
cpe:2.3:a:minisnmpd_project:minisnmpd is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminisnmpd_project%3Aminisnmpd Signed-off-by:
-
Fabrice Fontaine authored
cpe:2.3:a:miniupnp_project:minissdpd is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminiupnp_project%3Aminissdpd Signed-off-by:
-
Fabrice Fontaine authored
cpe:2.3:a:readymedia_project:readymedia is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Areadymedia_project%3Areadymedia Signed-off-by:
-
Fabrice Fontaine authored
cpe:2.3:a:minizip_project:minizip is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminizip_project%3Aminizip Signed-off-by:
-
Fabrice Fontaine authored
cpe:2.3:a:netsurf-browser:netsurf is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetsurf-browser%3Anetsurf Signed-off-by:
-
Fabrice Fontaine authored
cpe:2.3:a:opencv:opencv is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopencv%3Aopencv Signed-off-by:
-
Fabrice Fontaine authored
cpe:2.3:a:maynard_johnson:oprofile is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amaynard_johnson%3Aoprofile Signed-off-by:
-
