- Drop patches (already in version)
- tests can be disabled since version 1.2.3 and
e2e3d6b14e
- docs can be disabled since version 1.2.3 and
af6c10e8be
- Fix CVE-2023-46228: zchunk before 1.3.2 has multiple integer overflows
via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c,
lib/dl/multipart.c, or lib/header.c.
https://github.com/zchunk/zchunk/compare/1.2.2...1.3.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8716942ca68e98e384746c09871fedfb36c0f629)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit fixes the S10hyperv SysV init script which expects binaries
to be locate in /sbin while they are installed in /usr/sbin. Please
note, that the systemd init scripts correctly reference them.
Furthermore, the SysV init script did not check for an actual HyperV
environment to be present, which is also corrected. In addition, this
commit also fixes check-package warnings regarding a missing DAEMON
definition.
Signed-off-by: Jens Maus <mail@jens-maus.de>
[Peter: drop from .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 14c4bd7bf8150283e158c50df87c77d63bb1b73c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gpsd >= 3.25 raised since commit
3c7fece853:
In file included from src/configuration.h:50,
from src/configuration.c:46:
src/gpsdclient.h:64:8: error: redefinition of 'struct fixsource_t'
64 | struct fixsource_t {
| ^~~~~~~~~~~
In file included from src/gpsdclient.h:49,
from src/configuration.h:50,
from src/configuration.c:46:
/tmp/instance-17/output-1/host/aarch64-buildroot-linux-gnu/sysroot/usr/include/gps.h:2714:8: note: originally defined here
2714 | struct fixsource_t
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/47a619686bb47debd525c92aa7e14bee5c40ca9e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c32b3d9ff8727fd61dbf2d55105c2900f0d2dec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patches (and so autoreconf) are not needed since bump to version 0.32.4
in commit f39ac8336e and
9924d4d315
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e1b2cd5835d0a13bff763cfcf289919519c202ff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2023-35852: In Suricata before 6.0.13 (when there is an
adversary who controls an external source of rules), a dataset
filename, that comes from a rule, may trigger absolute or relative
directory traversal, and lead to write access to a local filesystem.
This is addressed in 6.0.13 by requiring allow-absolute-filenames and
allow-write (in the datasets rules configuration section) if an
installation requires traversal/writing in this situation.
- Fix CVE-2023-35853: In Suricata before 6.0.13, an adversary who
controls an external source of Lua rules may be able to execute Lua
code. This is addressed in 6.0.13 by disabling Lua unless allow-rules
is true in the security lua configuration section.
- Drop first patch (not needed since
c8a3aa608e)
https://github.com/OISF/suricata/blob/suricata-6.0.14/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ce17f93e828a07292e03653be04a49480250f23f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit 4e365d1768 "package/tcl: bump to version 8.6.13" did NOT
refreshed the package patch, because the patch was still applying
correctly and the package was working as expected.
It was refreshed in the previous bump, in commit 9cf314745a
"package/tcl: bump to version 8.6.12". This was part of 2022.02.
Looking closer at the patch content, the -/+ lines are exactly the
same. So this patch does not change anything. Since the file was kept
and the commit log mention a patch refresh, the intent was more
likely to carry over the old patch (which was declaring all libc
functions as "unbroken".
This commit actually refreshes this patch. It was regenerated with
git format-patch. Since the patch is renamed due to git format-patch,
the .checkpackageignore is updated accordingly.
Note:
This ancient patch will be removed soon, as an upstream commit [1],
not yet in a release, cleaned up and removed those old parts.
[1] 04d66a2571
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ec8a9cc5189d41cf751e872f5c13da3fdc9187ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patches (already in version) and so autoreconf
- Update COPYING hash (gpl mailing address updated with
9bd45cc06e6a5997fbd6)
- Fix CVE-2022-43634: This vulnerability allows remote attackers to
execute arbitrary code on affected installations of Netatalk.
Authentication is not required to exploit this vulnerability. The
specific flaw exists within the dsi_writeinit function. The issue
results from the lack of proper validation of the length of
user-supplied data prior to copying it to a fixed-length heap-based
buffer. An attacker can leverage this vulnerability to execute code in
the context of root. Was ZDI-CAN-17646.
- Fix CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl
heap-based buffer overflow resulting in code execution via a crafted
.appl file. This provides remote root access on some platforms such as
FreeBSD (used for TrueNAS).
- Fix CVE-2023-42464: Validate data type in dalloc_value_for_key()
https://github.com/Netatalk/netatalk/blob/netatalk-3-1-17/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d170cde0272401fd79b0bd100b72da25b2a13e5c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The quoting around the expansion of ${relative_dir} was indeed incorrect
since it was introduced back in 8fe9894f65 (suport/download: fix git
wrapper with submodules on older git versions): it is in fact already
quoted as part of the whole sed expression.
${GIT} can contain more than one item, but we don't care about splitting
on spaces when we just print it for debug, so we can just quote it
rather than add an exception.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bcee3ca6d66d30de4b0cd8186ce4c72020705df8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit c1038fe47c renamed the patch, but didn't update
.checkpackageignore, leading to two failures:
.checkpackageignore:1055: ignored file package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch is missing
package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch:0: missing Upstream in the header (http://nightly.buildroot.org/#_additional_patch_documentation)
Rename the file in .checkpackageignore as well.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Grub 2.06 is affected by a number of CVEs, which have been fixed in
the master branch of Grub, but are not yet part of any release (there
is a 2.12-rc1 release, but nothing else between 2.06 and 2.12-rc1).
So this patch backports the relevant fixes for CVE-2022-28736,
CVE-2022-28735, CVE-2021-3695, CVE-2021-3696, CVE-2021-3697,
CVE-2022-28733, CVE-2022-28734, CVE-2022-2601 and CVE-2022-3775.
It should be noted that CVE-2021-3695, CVE-2021-3696, CVE-2021-3697
are not reported as affecting Grub by our CVE matching logic because
the NVD database uses an incorrect CPE ID in those CVEs: it uses
"grub" as the product instead of "grub2" like all other CVEs for
grub. This issue has been reported to the NVD maintainers.
This requires backporting a lot of patches, but jumping from 2.06 to
2.12-rc1 implies getting 592 commits, which is quite a lot.
All Grub test cases are working fine:
https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500585https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500679
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout: fix check-package warning in patch 0002]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This package has dubious licensing conditions (not even documented in
the .mk file), and is a bootloader for very old platforms. The
defconfigs making use of it have been removed in Buildroot in 2014, in
commit c6a410964b ("configs: remove
lpc32xx defconfigs"), so let's get rid of the package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
[yann.morin.1998@free.fr: remove reference in test]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some patches had some fuzz, and patch 0004 was no longer applicable
using "git am". Patch 0006 is renamed so that it matches the commit
log title, as generated automatically by git format-patch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that 2.41.x has been added, that 2.40.x is the default version,
drop support for 2.38.x.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For change log since 20220331, see:
- https://github.com/acpica/acpica/blob/R06_28_23/documents/changes.txt
This commit also drop the patch removing -Werror in CFLAGS, as an
alternative is now available upstream, merged in [1]. This commit is
included in release 20221020. The build commands are updated
accordingly to set the new NOWERROR=TRUE option to achieve the same
behavior.
With the patch removal, .checkpackageignore is also updated
accordingly.
Upstream commit [2] also introduced a use of wcslen() and <wchar.h>.
This commit was first included in tag R10_20_22 (version 20221020).
Therefore, this new version need wchar. The new depedency is added.
The _SOURCE file is also changed from acpica-unix2 to acpica-unix,
as the current acpica download page at [3] shows:
"""
Note: The unix2 source package is deprecated since the dual license is
now included in all source modules (along with the Intel
license). This package will be removed from future ACPICA releases.
"""
The _SITE url is also updated to the new download link, since the
acpica website now redirects to Intel:
curl -si https://www.acpica.org | grep Location:
Location: https://www.intel.com/content/www/us/en/developer/topic-technology/open/acpica/overview.html
The license file hash is also updated, due to the copyright year
update. It is also worth mentioning that the files in the new archive
have three alternative licenses in their headers: Intel, BSD-3-Clause
and GPL-2.0.
Finally, since a SHA1 hash is published on the download page, it is
added to the hash file.
This version bump is motivated by the introduction of RISC-V related
definitions.
[1] 3fd0f94040
[2] cd6a308975
[3] https://www.intel.com/content/www/us/en/developer/topic-technology/open/acpica/download.html
Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Needed for compatibility with OpenSSL 3.x which was added in version 25:
f11a9f2d3a
Added dependency to wchar due to upstream commit
bd0865ff86
Removed all patches.
Added new patch to fix build with defconfig bootlin-x86-64-uclibc.
CVE-2021-29221 does not need to be ignored anymore, the latest broken
version was 23.2.3.
Removed ERLANG_REMOVE_SSL_DEPS hook, bug was fixed upstream:
f03feee7e3
Updated ERLANG_RUN_AUTOCONF due to upstream commit
d277599a42 (diff-9d7b6b593fbd689e1f48ba5964dc3bcc87c51e8e1aab5ff496a4e5ba3a248775R1233)
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Add new build dependencies to lld and llvm
- Add host-gcc and gcc >= 7.x dependency since clang doesn't build with gcc 6.3
[ 28%] Building CXX object utils/TableGen/CMakeFiles/obj.clang-tblgen.dir/TableGen.cpp.o
output/build/host-clang-15.0.3/utils/TableGen/RISCVVEmitter.cpp: In instantiation of ‘{anonymous}::SemaSignatureTable::init(llvm::ArrayRef<{anonymous}::SemaRecord>)::<lambda(auto:2&)> [with auto:2 = const llvm::SmallVector<clang::RISCV::PrototypeDescriptor>]’:
/usr/include/c++/6/bits/stl_algo.h:3769:5: required from ‘_Funct std::for_each(_IIter, _IIter, _Funct) [with _IIter = std::_Rb_tree_const_iterator<llvm::SmallVector<clang::RISCV::PrototypeDescriptor> >; _Funct = {anonymous}::SemaSignatureTable::init(llvm::ArrayRef<{anonymous}::SemaRecord>)::<lambda(auto:2&)>]’
output/host/include/llvm/ADT/STLExtras.h:1611:23: required from ‘UnaryFunction llvm::for_each(R&&, UnaryFunction) [with R = std::set<llvm::SmallVector<clang::RISCV::PrototypeDescriptor>, {anonymous}::SemaSignatureTable::init(llvm::ArrayRef<{anonymous}::SemaRecord>)::Compare>&; UnaryFunction = {anonymous}::SemaSignatureTable::init(llvm::ArrayRef<{anonymous}::SemaRecord>)::<lambda(auto:2&)>]’
output/build/host-clang-15.0.3/utils/TableGen/RISCVVEmitter.cpp:249:64: required from here
output/build/host-clang-15.0.3/utils/TableGen/RISCVVEmitter.cpp:249:50: error: cannot call member function ‘void {anonymous}::SemaSignatureTable::insert(llvm::ArrayRef<clang::RISCV::PrototypeDescriptor>)’ without object
llvm::for_each(Signatures, [this](auto &Sig) { insert(Sig); });
^~~~~~
utils/TableGen/CMakeFiles/obj.clang-tblgen.dir/build.make:313: recipe for target 'utils/TableGen/CMakeFiles/obj.clang-tblgen.dir/RISCVVEmitter.cpp.o' failed
make[4]: *** [utils/TableGen/CMakeFiles/obj.clang-tblgen.dir/RISCVVEmitter.cpp.o] Error 1
Indeed LLVM_TEMPORARILY_ALLOW_OLD_TOOLCHAIN is OFF, the CheckCompilerVersion.cmake
trigger an error if gcc < 7.x. Indded since llvm 15 this option check for C++17 [1]
The last gcc 7.x version (7.5) has been released in 2019.
Fixing llvm/clang issues for old compiler maybe it's not worth it.
- Remove LLVM_TEMPORARILY_ALLOW_OLD_TOOLCHAIN since
gcc >= 7 is mendatory.
When updating LLVM, we also need to update the version of
SPIRV_LLVM_TRANSLATOR because its CMakeLists.txt verifies the LLVM
base version [2].
The patch
package/llvm/0002-Add-missing-cstdint-header-to-Signals.h.patch has
been included in tag llvmorg-15.0.0 of llvm-project.
[1] 4c72deb613
[2] 5be08b8bb9/CMakeLists.txt (LL82C6-L82C6)
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Tested-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To make version bumping easier, move libclc to a new llvm-project subfolder
and specify site for the project. Since the version of libclc is more
recent than the version specified in LLVM_PROJECT_VERSION, don't change
it for now until a later update.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Tested-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rebase patches onto new version
Remove 0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch,
0006-Add-support-for-io_pgetevents_time64-syscall.patch, and
0007-Fixup-support-for-io_pgetevents_time64-syscall.patch as these are
already applied upstream
Updated license after switch to Apache license:
https://www.openssl.org/blog/blog/2021/06/17/OpenSSL3.0ReleaseCandidate/
[Bernd: fixed license file/hash]
Signed-off-by: Danny Wood <danny@rotronics.co.uk>
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Peter: update .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The existing patch is removed as it has been applied upstream in
commit
d4d701a065.
The license file has changed, it is now named LICENSE, and the
contents are not the same even though it still contains the
BSD-3-Clause license.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
