OpenBLAS RISC-V 64bit support was added in [1] and was renamed to
"RISCV64_GENERIC" in [2]. Those commits were first included in
OpenBLAS release v0.3.13. This support can now be enabled. With this
commit, we can install the library and packages such as GNU Octave on
RISC-V platforms.
This patch also adjusts the alignment for adding "RISCV64_GENERIC"
in Config.in.
[1] c167a3d6f4
[2] 265ab484c8
Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Julien Olivain <ju.o@free.fr>
Tested-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c789bcddf0fb17580bef0cdc45b5334a90ecdf13)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
linux-pam raises the following build failure with gcc 4.8 since bump to
version 1.5.3 in commit f8147e27cd and
8f9816b57e:
pam_access.c: In function 'pam_sm_authenticate':
pam_access.c:1084:13: error: 'for' loop initial declarations are only allowed in C99 mode
for (int i = 0; filename_list[i] != NULL; i++) {
^
Those build failures could be fixed by adding -std=c99 but then the
build will fails because stdadtomic.h is mandatory since
a35e092e24
Fixes:
- http://autobuild.buildroot.org/results/9b2ba987d2c873f4a7caea72707acb655279d16b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c77e25c3f113c44d753dec308334e52e4c0bec6c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Older Batman-adv versions fail to build with kernel 6.4.x
with following error message:
bat_iv_ogm.c:283:18: error: implicit declaration of function 'prandom_u32_max'; did you mean 'prandom_u32_state'? [-Werror=implicit-function-declaration]
prandom_u32_max got removed in commit 3c202d14a9d73fb63c3dccb18feac5618c21e1c4
from the Linux kernel.
Fixes:
- http://autobuild.buildroot.net/results/205/2055ac3805d1941c148f1681a224570055dd83cd
For other changes in this release, see:
https://www.open-mesh.org/news/112
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 01ec4a39f5ceb83c62b0040067ba53197a0a6843)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When testing the virt machine with EDK2, the buildroot 6.1 kernel
will not boot as it has no base ACPI support. Whilst you can run
qemu with the -no-acpi option, it would help if basic ACPI support
was there as otherwise there is no output from the kernel post the
ACPI BIOS initialisation.
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b1f9c511626e2a91f99ed6113ff29a504a717711)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building go with cgo support needs to build some .c files to generate target
support code, and thus calls the cross C compiler, which is failing when the
toolchain is not built before host-go:
>>> host-go 1.21.1 Building
cd .../build/host-go-1.21.1/src && GO111MODULE=off GOCACHE=.../per-package/host-go/host/share/host-go-cache GOROOT_BOOTSTRAP=.../per-package/host-go/host/lib/go-1.19.11 GOROOT_FINAL=.../per-package/host-go/host/lib/go GOROOT=".../build/host-go-1.21.1" GOBIN=".../build/host-go-1.21.1/bin" GOOS=linux CC=/usr/bin/gcc CXX=/usr/bin/g++ CGO_ENABLED=1 CC_FOR_TARGET=".../per-package/host-go/host/bin/arm-linux-gcc" CXX_FOR_TARGET=".../per-package/host-go/host/bin/arm-linux-g++" GOOS="linux" GOARCH=arm GOARM=6 GO_ASSUME_CROSSCOMPILING=1 ./make.bash
Building Go cmd/dist using .../per-package/host-go/host/lib/go-1.19.11. (go1.19.11 linux/amd64)
go tool dist: cannot invoke C compiler [".../per-package/host-go/host/bin/arm-linux-gcc"]: fork/exec .../per-package/host-go/host/bin/arm-linux-gcc: no such file or directory
Go needs a system C compiler for use with cgo.
To set a C compiler, set CC=the-compiler.
To disable cgo, set CGO_ENABLED=0.
This happens systematically with PPD, and happens without PPD when
host-go is explicitly built (by running: "make host-go").
Since only CGO support needs to compile C files, only add the toolchain
dependency in that case.
When the target is not supported by go, then there is obviously no need
to depend on the toolchain (even if we unconditionally enable cgo
support in only-for-the-host host-go).
Signed-off-by: Christian Stewart <christian@aperture.us>
[yann.morin@orange.com:
- only add the toolchain dependency for target cgo
- reword commit log
]
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Anisse Astier <anisse@astier.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1a44f9242c960dcb114f60674043c8044c71c2c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2023-39323: Line directives ("//line") can be used to bypass the
restrictions on "//go:cgo_" directives, allowing blocked linker and compiler
flags to be passed during compilation. This can result in unexpected
execution of arbitrary code when running "go build".
go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go
package, as well as bug fixes to the go command and the linker.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
environment of a setuid program and NAME is valid, it may result in a
buffer overflow, which could be exploited to achieve escalated
privileges. This flaw was introduced in glibc 2.34.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patches (and so autoreconf) are not needed since bump to version 0.32.4
in commit f39ac8336e and
9924d4d315
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e1b2cd5835d0a13bff763cfcf289919519c202ff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE_2023-5217: Heap buffer overflow in vp8 encoding in libvpx in
Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote
attacker to potentially exploit heap corruption via a crafted HTML page.
https://www.openwall.com/lists/oss-security/2023/09/28/5
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Peter: extend commit message, add _IGNORE_CVES]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e99999d7cb1dca94d1073fc1b2db672152cd728b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop LDFLAGS_EXTRA to fix the following build failure raised since
commit 42f25180233df459cd2bfbc5b9ebf8b95c6b60cb:
/home/buildroot/autobuild/run/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mipsel-buildroot-linux-gnu/12.3.0/../../../../mipsel-buildroot-linux-gnu/bin/ld: stress-crypt.o: in function `$L17':
stress-crypt.c:(.text+0x2dc): undefined reference to `crypt_r'
Fixes:
- http://autobuild.buildroot.org/results/0c1d2ef59b88ebb3ae10bf8cb986280b4c1283eb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5e97bc1f05d6925b71e7871c74f1ccf9b5a2d58b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2023-35852: In Suricata before 6.0.13 (when there is an
adversary who controls an external source of rules), a dataset
filename, that comes from a rule, may trigger absolute or relative
directory traversal, and lead to write access to a local filesystem.
This is addressed in 6.0.13 by requiring allow-absolute-filenames and
allow-write (in the datasets rules configuration section) if an
installation requires traversal/writing in this situation.
- Fix CVE-2023-35853: In Suricata before 6.0.13, an adversary who
controls an external source of Lua rules may be able to execute Lua
code. This is addressed in 6.0.13 by disabling Lua unless allow-rules
is true in the security lua configuration section.
- Drop first patch (not needed since
c8a3aa608e)
https://github.com/OISF/suricata/blob/suricata-6.0.14/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ce17f93e828a07292e03653be04a49480250f23f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2023-38633: A directory traversal problem in the URL decoder of
librsvg before 2.56.3 could be used by local or remote attackers to
disclose files (on the local filesystem outside of the expected area),
as demonstrated by href=".?../../../../../../../../../../etc/passwd" in
an xi:include element.
https://gitlab.gnome.org/GNOME/librsvg/-/blob/2.50.9/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e7988c7060d7d8b137d18721ef773ef266114690)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The COPYING also contains a BSD-3-Clause license. The BSD-3-Clause
applies to "manual page unifdef.1 and the portability support code in
the FreeBSD subdirectory". The BSD-2-Clause applies to everything else.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Reviewed-by: Thomas Devoogdt <thomas@devoogdt.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d8cea23ce4c2462000a3dd01304ba613a39253d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2023-25139: When the printf family of functions is called with a
format specifier that uses an <apostrophe> (enable grouping) and a
minimum width specifier, the resulting output could be larger than
reasonably expected by a caller that computed a tight bound on the
buffer size. The resulting larger than expected output could result
in a buffer overflow in the printf family of functions.
CVE-2023-4527: If the system is configured in no-aaaa mode via
/etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address
family, and a DNS response is received over TCP that is larger than
2048 bytes, getaddrinfo may potentially disclose stack contents via
the returned address data, or crash.
CVE-2023-4806: When an NSS plugin only implements the
_gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use
memory that was freed during buffer resizing, potentially causing a
crash or read or write to arbitrary memory.
CVE-2023-5156: The fix for CVE-2023-4806 introduced a memory leak when
an application calls getaddrinfo for AF_INET6 with AI_CANONNAME,
AI_ALL and AI_V4MAPPED flags set.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 84c24ab1b5a7 (package/nodejs: fix parallel build) made use of
BR2_JLEVEL to set the number of jobs nodejs should use instead of using
the number of CPUs (+2).
However, BR2_JLEVEL can be set to 0 by the user, to let Buildroot detect
the number of CPUs (+1), and stores it in PARALLEL_JOBS, and leaves
BR2_JLEVEL untouched, so 0.
Thus, we can end up spawning a build by passing -j0 to ninja, which it
interprets as "no -limit yolo" and does not limit the number oj jobs it
spawns, which usually ends up in an OOM somewhere...
Fix this by using PARALLEL_JOBS.
Reported-by: Cédric & Co
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d574e2a4f440903a0e32de6deb8275b1f385da2e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2023-3341: The code that processes control channel messages sent
to `named` calls certain functions recursively during packet parsing.
Recursion depth is only limited by the maximum accepted packet size;
depending on the environment, this may cause the packet-parsing code to
run out of available stack memory, causing `named` to terminate
unexpectedly. Since each incoming control channel message is fully
parsed before its contents are authenticated, exploiting this flaw does
not require the attacker to hold a valid RNDC key; only network access
to the control channel's configured TCP port is necessary. This issue
affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18,
9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1
through 9.18.18-S1.
https://ftp.isc.org/isc/bind9/9.16.44/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 54f6e1f81fd7c96d2ce68d48c10407e50778fc0c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When nodejs is build, a qemu wrapper script is used to execute some
programs built for the target in user-mode emulation. However, when the
target and build machines are similar (e.g. x86_74), running those
programs fails, with errors such as:
cd ../../tools/v8_gypfiles; python ../../deps/v8/tools/run.py ../../out/Release/v8-qemu-wrapper ../../out/Release/bytecode_builtins_list_generator ../../out/Release/obj.host/gen/generate-bytecode-output-root/builtins-generated/bytecodes-builtins-list.h
../../out/Release/bytecode_builtins_list_generator: /lib/x86_64-linux-gnu/libstdc++.so.6: version `GLIBCXX_3.4.29' not found (required by ../../out/Release/bytecode_builtins_list_generator)
../../out/Release/bytecode_builtins_list_generator: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by ../../out/Release/bytecode_builtins_list_generator)
../../out/Release/bytecode_builtins_list_generator: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by ../../out/Release/bytecode_builtins_list_generator)
../../out/Release/bytecode_builtins_list_generator: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ../../out/Release/bytecode_builtins_list_generator)
Return code is 1
So the question is: why the heck does Qemu use the host C library?
To answer this question, we first have to look at how the -L option of
Qemu is implemented. This option is documented as such:
-L path QEMU_LD_PREFIX set the elf interpreter prefix to 'path'
The v8-qemu-wrapper script makes this option point to $(STAGING_DIR),
so that the ELF interpreter used is the one in $(STAGING_DIR).
However, contrary to what the option documentation says, this option
does much more than setting the ELF interpreter prefix: it is going to
affect how *all* system calls manipulating files (open, etc.) are
going to work.
When this option is passed, the function init_paths() in
https://git.qemu.org/?p=qemu.git;a=blob;f=util/path.c is called at
initialization time, and essentially its sets the global "base"
variable to point to the directory passed as -L argument.
Then, for every single syscall that manipulates a path, this path will
be passed through the path() function in the same file. This function
will first attempt to resolve the path with "base" as a prefix, and if
not, return the unprefixed path.
After adding some traces into this function, I was able to understand
what happens:
(1) -L$(STAGING_DIR) is passed, causing "base" to point to
$(STAGING_DIR)
(2) The target ELF interpreter from $(STAGING_DIR) is properly invoked
(3) When this ELF interpreter then resolves the libc.so.6 library, it
first looks for /etc/ld.so.cache.
(4) Qemu first looks for /etc/ld.so.cache with the -L prefix, i.e
$(STAGING_DIR)/etc/ld.so.cache, but it does not exist. So, the Qemu
system call emulation falls back to /etc/ld.so.cache, which means
the target ELF interpreter reads the /etc/ld.so.cache of the host
system.
(5) This /etc/ld.so.cache of the host system says that libc.so.6 is in
/lib/x86_64-linux-gnu/
(6) The target ELF interpreter therefore tries to use
/lib/x86_64-linux-gnu/libc.so.6. The Qemu system call emulation
first tries $(STAGING_DIR)/lib/x86_64-linux-gnu/libc.so.6, but
this library does not exist (it is in
$(STAGING_DIR)/lib/libc.so.6), so the Qemu system call emulation
falls back to /lib/x86_64-linux-gnu/libc.so.6 of the host system,
which exist... but is too old compared to the target C library.
Indeed, results from ld.so.cache take precedence over the simple
resolution of library paths in /usr/lib and /lib.
We see 3 possible ideas to resolve this problem:
(A) Change the behavior of Qemu to not fallback to unprefixed paths:
when -L is passed, all path-related system calls should see the
paths prefixed by the -L option.
Issue with this is that this change is unlikely to get accepted by
Qemu upstream. And there might be some side effects we have not
really identified.
(B) Create an empty $(STAGING_DIR)/etc/ld.so.cache. We have tested
this solution and it works: it gets used instead of the host
/etc/ld.so.cache. Because $(STAGING_DIR)/etc/ld.so.cache is empty,
there's no libc.so.6 match, so the target ELF interpreter goes
through its normal library location resolution logic, which falls
back to trying in /usr/lib and /lib, which works as those paths
ends up being prefixed with $(STAGING_DIR) by Qemu.
(C) Pass LD_LIBRARY_PATH pointing to $(STAGING_DIR)/lib and
$(STAGING_DIR)/usr/lib in the Qemu wrapper. This works because
LD_LIBRARY_PATH paths have precedence over paths given by
ld.so.cache.
This is the solution already used by the GOI qemu wrapper in
package/gobject-introspection/g-ir-scanner-qemuwrapper.in.
We chose to go with the third option, because it has been proven to work
for the GOI wrapper, and has been reported to solve #14366. Even though
the first option would be the best, it is also the one that has the
least chances to land any time soon (if ever); the second has not been
exercised, and the impact is not fully understood either (e.g what about
non-glibc toolchains?).
Fixes: #14366
Signed-off-by: Jens Maus <mail@jens-maus.de>
[yann.morin.1998@free.fr:
- add whole analsys done by Thomas in:
https://lore.kernel.org/buildroot/20221031213926.50d3c778@windsurf/
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 278d1db56becb4c6b5784c9bb9a0c452ea73ae16)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Unless told otherwise, ninja will spawn as many jobs as there are CPU
(plus 2). Nodejs is built with ninja, but it is a generic package, so
there is no variable (like with cmake-package) that passes the proper
number of parallel jobs as configured by the user.
As a consequence, the nodejs build will use as many CPU as are
available, possibly overcommitting the rsources the user expected to be
used.
Set the JOBS variableto limit that number.
Signed-off-by: Jens Maus <mail@jens-maus.de>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 84c24ab1b5a7d38b481b37a759480ff2273b499d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit fixes a problem where the NUT package couldn't be
used as a NUT server due to the fact that the default group for
nobody is "nogroup" and not "nobody" like the internal default
of NUT. Thus, when starting a NUT server daemon the daemon starts
with incorrect group permissions. This commit fixes this
shortcoming by introducing a dedicated 'nut' user and 'nut' group
to drop priviledges to it.
Signed-off-by: Jens Maus <mail@jens-maus.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cd46e1b1439e854dc9e4c016795d6e5276e4c573)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sometimes it happens that a Company or a Physical Person sponsors the
creation and/or the upstreaming process of a patch, but at the moment
there is no way to give credits to it. In Linux they prepend '+sponsor'
to the e-mail of the contributor in both authorship and commit log tag as
discussed here[0]. So let's describe in the manual how to do that as a
standard.
[0]: https://lore.kernel.org/linux-doc/20230817220957.41582-1-giulio.benetti@benettiengineering.com/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr:
- reword to reference sub-addressing and the RFC
- move to the "submitting patches" section, that already deals with
SoB tags
- differentiate between Your/Their names
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit de349df08c653a822166f94dbe01295a5a3cfa6e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 868be6f6ae8db1090b97b618d7dca4ec4d9799ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The affected code isn't present in any release, see [0].
[0]: https://www.libssh.org/2023/07/14/cve-2023-3603-potential-null-dereference-in-libsshs-sftp-server/
The CPE entry for this CVE is
cpe:2.3🅰️libssh:libssh:-:*:*:*:*:*:*:*
We interpret the "-" as matching any version. It actually means
"unspecified version", which is the cop-out in case there is nothing
useful to match. We can't really make our infrastructure ignore "-"
entirely, because for all we know our version is an unreleased commit
sha which _is_ vulnerable. Thus, the only way out is an exclusion which
we'll never be able to remove.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit a34a370f4ea27981be43df817f49320a59088e68)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Per default, the fio package uses the "-march=native" GCC option. This
is of course wildly inappropriate for cross-compilation and can result
in illegal instructions. Thus we make sure fio will not use that
compiler option by adding --disable-native to FIO_OPTS.
Signed-off-by: Jens Maus <mail@jens-maus.de>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 056958724b8c7581aff2bc022841c1ca6db1e590)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit 4e365d1768 "package/tcl: bump to version 8.6.13" did NOT
refreshed the package patch, because the patch was still applying
correctly and the package was working as expected.
It was refreshed in the previous bump, in commit 9cf314745a
"package/tcl: bump to version 8.6.12". This was part of 2022.02.
Looking closer at the patch content, the -/+ lines are exactly the
same. So this patch does not change anything. Since the file was kept
and the commit log mention a patch refresh, the intent was more
likely to carry over the old patch (which was declaring all libc
functions as "unbroken".
This commit actually refreshes this patch. It was regenerated with
git format-patch. Since the patch is renamed due to git format-patch,
the .checkpackageignore is updated accordingly.
Note:
This ancient patch will be removed soon, as an upstream commit [1],
not yet in a release, cleaned up and removed those old parts.
[1] 04d66a2571
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ec8a9cc5189d41cf751e872f5c13da3fdc9187ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As off 2022-11-22 CVE-2022-39377 is listed as affecting sysstat
< 2.16.1 instead of < 2.17.1. The text is not updated, but the CPE info
is.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 6425e0b8482e53d5ab5ff2d655628ba7d4be3960)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The install to staging commands of the ne10 package are careful to
install the shared libraries only if they are built, but we forgot to
use the same care for the install to target commands, causing a build
failure on BR2_STATIC_LIBS=y configurations as no shared library was
built:
cp: cannot stat '/home/autobuild/autobuild/instance-15/output-1/build/ne10-1.2.1/modules/libNE10*.so*': No such file or directory
This commit fixes this by guarding the target installation commands to
BR2_STATIC_LIBS being empty.
The problem exists since the package was introduced in commit
318f3db0dc ("ne10: new package"), a good
10 years ago. Most likely it was not seen for many years as this
package is only available for ARM with NEON and AArch64, and we were
not testing fully static builds, except for ARMv5 that don't have
NEON. Now that we are doing more random testing, the problem started
being visible.
Fixes:
http://autobuild.buildroot.net/results/45b2c1af052271bc2f1bb96544f138d29e4f7dfd/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 0b764a7d1e6961cb7baa0b3a74de1167bf47a6dd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
NLMSGERR_ATTR_MAX has been added in kernel 4.16 with
dc2b9f19e3
resulting in the following build failure since bump to version 2.6.4 in
commit a46ac23465 and
e34437c26b:
dco_linux.c: In function 'ovpn_nl_cb_error':
dco_linux.c:303:27: error: 'NLMSGERR_ATTR_MAX' undeclared (first use in this function); did you mean '__CTRL_ATTR_MAX'?
struct nlattr *tb_msg[NLMSGERR_ATTR_MAX + 1];
^~~~~~~~~~~~~~~~~
__CTRL_ATTR_MAX
Fixes:
- http://autobuild.buildroot.org/results/69b9737913ac0b5cd2c117d526602874da3ee487
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 45c41098ef50e50c4b0aa426e90e5758bf7bc330)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As off 2021-05-17 NVD added 1.19 as the first version that isn't
affected by CVE-2007-4476.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 487c12a1f29140bf61abcf4cc575bd83b1fc933b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
