Notice: 4.20.x is now EOL.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop 5.0.x bump]
(cherry picked from commit 198b4cff10aa7e25bac28b54721638119e8fd1f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
CVE-2019-6488: On x32, the size_t parameter may be passed in the lower
32 bits of a 64-bit register with with non-zero upper 32 bit. When it
happened, accessing the 32-bit size_t value as the full 64-bit register
in the assembly string/memory functions would cause a buffer overflow.
Reported by H.J. Lu.
CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check
size. For x86-64, memcmp on an object size larger than SSIZE_MAX
has undefined behavior. On x32, the size_t argument may be passed
in the lower 32 bits of the 64-bit RDX register with non-zero upper
32 bits. When it happened with the sign bit of RDX register set,
memcmp gave the wrong result since it treated the size argument as
zero. Reported by H.J. Lu.
CVE-2016-10739: The getaddrinfo function could successfully parse IPv4
addresses with arbitrary trailing characters, potentially leading to data
or command injection issues in applications.
CVE-2019-9169: Attempted case-insensitive regular-expression match
via proceed_next_node in posix/regexec.c leads to heap-based buffer
over-read. Reported by Hongxu Chen.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch site to github
- Remove second patch (already in version)
- Add hash for license file
- Fix memory corruption in process_bitmap_data - CVE-2018-8794
- Fix remote code execution in process_bitmap_data - CVE-2018-8795
- Fix remote code execution in process_plane - CVE-2018-8797
- Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
- Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
- Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
- Fix Denial of Service in sec_recv - CVE-2018-20176
- Fix minor information leak in rdpdr_process - CVE-2018-8791
- Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
- Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
- Fix Denial of Service in process_bitmap_data - CVE-2018-8796
- Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
- Fix Denial of Service in process_secondary_order - CVE-2018-8799
- Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
- Fix major information leak in ui_clip_handle_data - CVE-2018-20174
- Fix memory corruption in rdp_in_unistr - CVE-2018-20177
- Fix Denial of Service in process_demand_active - CVE-2018-20178
- Fix remote code execution in lspci_process - CVE-2018-20179
- Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
- Fix remote code execution in seamless_process - CVE-2018-20181
- Fix remote code execution in seamless_process_line - CVE-2018-20182
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 992e84c49ebfdef2fbe2fa3d475e0a388cf59218)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Contains a number of fixes for issues discovered post-7.64.0. For details,
see the list of changes:
https://curl.haxx.se/changes.html#7_64_1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 48da1bc9fdebeaa011648c9b208b17f28a0878e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
wavemon does not use pthread_mutexattr_setrobust since version 0.8.2 and
d271685e03
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8cefb9bb7fd87d3edbe62dcb4c490054f1396e5e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
kexec has fully support of ppc64 platform:
https://www.kernel.org/doc/Documentation/kdump/kdump.txt
Added BR2_powerpc64 platform support.
Signed-off-by: Artem Senichev <artemsen@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7c0a3f879582e3ddce6c4be2c6f2f387c384556d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
- Fixes for the following vulnerabilities affecting 0.101.1 and prior:
- CVE-2019-1787:
An out-of-bounds heap read condition may occur when scanning PDF
documents. The defect is a failure to correctly keep track of the number
of bytes remaining in a buffer when indexing file data.
- CVE-2019-1789:
An out-of-bounds heap read condition may occur when scanning PE files
(i.e. Windows EXE and DLL files) that have been packed using Aspack as a
result of inadequate bound-checking.
- CVE-2019-1788:
An out-of-bounds heap write condition may occur when scanning OLE2 files
such as Microsoft Office 97-2003 documents. The invalid write happens when
an invalid pointer is mistakenly used to initialize a 32bit integer to
zero. This is likely to crash the application.
- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:
- CVE-2019-1786:
An out-of-bounds heap read condition may occur when scanning malformed PDF
documents as a result of improper bounds-checking.
- CVE-2019-1785:
A path-traversal write condition may occur as a result of improper input
validation when scanning RAR archives. Issue reported by aCaB.
- CVE-2019-1798:
A use-after-free condition may occur as a result of improper error
handling when scanning nested RAR archives. Issue reported by David L.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4037c0a39717df45d8fbaeb7dcaebaaa5cd2facb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The lua_swupdate.so library was still built (without any object files)
and linked against swupdate even when HAVE_LUA was not set. This fails
in some static-only configurations.
Fixes:
- http://autobuild.buildroot.org/results/c11c4d26983e0347d96f3dda62e6d72b031967bb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b251f50c8d555bdbbd2f7bd378fdb3d3de7fe84d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
base64 reuses the uuencode logic, so only adds very little extra overhead,
is enabled by default upstream and is used more often than uuencode - So
enable it in the default busybox config.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 855a863ae9256045cf62edff9ddbfd33a3971891)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
/home/test/autobuild/run/instance-2/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libssl.a(ssl_cert.o): In function `CRYPTO_DOWN_REF':
/home/test/autobuild/run/instance-2/output/build/libopenssl-1.1.1a/include/internal/refcount.h:50: undefined reference to `__atomic_fetch_sub_4'
This is often for example the case on sparcv8 32 bit.
To fix this issue, use pkg-config to retrieve openssl dependencies
including atomic library, these dependencies must be passed to
LIB_4_CRYPTO IN GIT_MAKE_OPTS
Fixes:
- http://autobuild.buildroot.org/results/3093897d14a854a7252b25b2fa1f8fdcbb26c9b7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1ae9640a9fc11c315aeb989941d9555065da8b24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openssl can have multiples dependencies such as libatomic on sparcv8
32 bits so drop first patch and add a new patch to use pkg-config
Fixes:
- http://autobuild.buildroot.org/results/58e5aa7c6ba8fe7474071d7a3cba6ed3a1b4cff4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3aa3a72b45238c4cf240b947531d253a53a46d35)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ftdi support has been added in version 3.1p2 and
2982df8ca6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0d060f855f7d9cd688fb9f64360a6538c711b409)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch is not needed since version 3.1p2 and
2982df8ca6
because localtime_r is now correctly checked
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ff75269b9aadb34bb7ba4737471a61b4858d726d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream patch fixing build when NO_GSSAPI is defined which is the
case on static builds.
Cc: Alexander Dahl <post@lespocky.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a6f73f3d26ce723657e764424b8a4f32cd6f53cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2019-9894: A remotely triggerable memory overwrite in RSA key
exchange can occur before host key verification.
CVE-2019-9895: A remotely triggerable buffer overflow exists in any kind
of server-to-client forwarding.
CVE-2019-9897: Multiple denial-of-service attacks that can be triggered
by writing to the terminal.
CVE-2019-9898: Potential recycling of random numbers used in
cryptography.
Disable static build for now. When building statically configure defines
NO_GSSAPI. Build with NO_GSSAPI is currently broken. The issue has been
reported upstream.
Cc: Alexander Dahl <post@lespocky.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b6f47c0a4327074c0aff80cc2b2e22e5c8eef692)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-2625:
https://lists.x.org/archives/xorg-announce/2019-March/002974.html
Added all hashes provided by upstream and license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8a60253925c7730f3b9ca65edf38c729192b27b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
AST-2019-001: Remote crash vulnerability with SDP protocol violation
When Asterisk makes an outgoing call, a very specific SDP protocol violation
by the remote party can cause Asterisk to crash (CVE-2019-7251)
https://downloads.asterisk.org/pub/security/AST-2019-001.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 391a1e5df7a57abfcebd1ca260b56c76c941e5ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In particular update to solve an issue where LVM would fail to
initialise LVM devices when asynchronous IO was not available and it
would fail to fall back to synchronous IO. [0][1]
[0] https://bugzilla.redhat.com/show_bug.cgi?id=1650652
[1] https://github.com/open-power/petitboot/issues/60
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ba9442dfe3dd2655a1b3e1cfe7e8a377bfbcf1c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bumped the version of eigen to 3.3.7, which fixes issues when compiling with GCC7 (notably int-in-bool-context errors, fixed in 3.3.5), in addition to various other issues noted in the eigen change logs: http://eigen.tuxfamily.org/index.php?title=ChangeLog
Legal hashes are unchanged in 3.3.7
Signed-off-by: Reed Nightingale <reed.nightingale@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 06a1ff4fd320972f32726881944939908ba2e948)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the advisory:
Jann Horn identified a problem in current versions of
libseccomp where the library did not correctly generate 64-bit syscall
argument comparisons using the arithmetic operators (LT, GT, LE, GE).
Jann has done a search using codesearch.debian.net and it would appear
that only systemd and Tor are using libseccomp in such a way as to
trigger the bad code. In the case of systemd this appears to affect
the socket address family and scheduling class filters. In the case
of Tor it appears that the bad filters could impact the memory
addresses passed to mprotect(2).
The libseccomp v2.4.0 release fixes this problem, and should be a
direct drop-in replacement for previous v2.x releases.
https://www.openwall.com/lists/oss-security/2019/03/15/1
v2.4.0 adds a new scmp_api_level utility, so update 0001-remove-static.patch
to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 02300786c2fcba2cf641a040a2d87c4022ddb7fc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://mariadb.com/kb/en/library/mariadb-10313-release-notes/
Changelog:
https://mariadb.com/kb/en/mariadb-10313-changelog/
Fixes the following security vulnerabilities:
CVE-2019-2510 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and
prior and 8.0.13 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2019-2537 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.6.42
and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
Note that the hash for README.md changed due to Travis CI and Appveyor CI
updates.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f389df2334750194b0a19cb5dff86739f2bf7e2d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If libselinux is selected, explicitly set --enable-selinux in the
configure options and build the library first.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8f43ec6ce8d766d8954d4dd5366cef910c2b11b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We will need to build Image files for OpenSBI so allow that now.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a3a4d4d4d307fd21f19ae43e77ac21b85adad7f2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line
This is often for example the case on sparcv8 32 bit.
Fixes:
- http://autobuild.buildroot.org/results/b941a3deaa57cac79f1686d47ca6ababf2f0d5e4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3cb7546d95bbe227562040d6439b0ab4b62b7c9b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Combining musl and binutils 2.31.1 will produce static applications
that crash immediately. This commit picks up 3 upstream commits to
remedy this.
See https://sourceware.org/bugzilla/show_bug.cgi?id=23428
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0c34e138b597668a79fc7e71f339a556a6b695e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
aiohttp isn't a required dependency for aiojobs
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 53e3860a0e22fca5348a781a5b2e70c19403d172)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit c46afc37dc877f1e94ffde0d77585290711b27ec changed bluez5-utils
dependency by bluez5_utils-headers without replacing the test on
BR2_PACKAGE_BLUEZ5_UTILS by BR2_PACKAGE_BLUEZ5_UTILS_HEADERS
Fix this mistake and also add a select on
BR2_PACKAGE_BLUEZ5_UTILS_HEADERS if BR2_PACKAGE_BLUEZ5_UTILS is set
so the user does not have to do it
Fixes:
- http://autobuild.buildroot.org/results/c6828df1f3782564451ddd4187ff026679bf37d8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3033e83d1224c1710cb6f5e0691b80cd62b1c657)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The optional bluez_utils dependency of libpcap creates a circular
dependency:
$ make dbus-show-recursive-depends
Recursion detected for : systemd
which is a dependency of: dbus
which is a dependency of: bluez_utils
which is a dependency of: libpcap
which is a dependency of: iptables
which is a dependency of: systemd
make: *** [package/dbus/dbus.mk:121: dbus-show-recursive-depends] Error 1
Drop support for bluez_utils. For bluez5_utils, which also depends on
dbus, we only need the headers in the bluez5_utils-headers package. Use
that to break the circular dependency.
Fixes:
http://autobuild.buildroot.net/results/9c3/9c3ee798fa6bb501a20a7892c0b085d2b279b664/
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c46afc37dc877f1e94ffde0d77585290711b27ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
xlib_libXrender is enabled by default and has been added since version
1.3.4-1 and
a6c4b29a18
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 65895f36eea0139c3d590cd5982be5504b2de9ce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, when we tweak the .la files, we do so unconditionally on all
.la files, even those we already fixed in a previous run.
This has the nasty side effect that each .la file will be reported as
being touched by all packages that are installed after the package that
actually installed said .la file.
Since we can't easily know what files were installed by a package (that
is an instrumentation hook, and comes after the mangling), we use a
trick (like is done in libtool?): we do mangle all files, each into a
temporary location; if the result is identical to the input, we remove
the temporary, while if the result differs from the output, we move
the temporary to replace the input.
Reported-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8623cc5deb59747c91687ac5a25087ba694b45a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Starting X manually resulted in a symbol error:
| Xorg: symbol lookup error: /usr/lib/xorg/modules/drivers/fbdev_drv.so: undefined symbol: shadowUpdatePackedWeak
This bug was reported against the fbdev driver, which is fixed
upstream in 0.5.0:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900317
Signed-off-by: Michel Stempin <michel.stempin@wanadoo.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 904750363141935dc6b1143aaa1de21742df474a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fixes CVE-2018-4700: Linux session cookies used a predictable random
number seed: https://github.com/apple/cups/releases/tag/v2.2.10.
- Remove fifth patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 260d9e534268083e7aa89e1bdb47bb8f3668a052)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It is possible to generate one-line config for the package just by
normalize it to the form:
BR2_PACKAGE_${pkg_replaced-to_and_uppercase}
it simplifes a bit of testing package where no additional config options
are needed.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a946813dd581ac2e1aea6745edad2bc7ce44e6aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737)
OpenSSL: 0-byte record padding oracle (CVE-2019-1559)
For more details, see the CHANGELOG:
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V8.md#8.15.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes: https://www.samba.org/samba/history/samba-4.9.5.html
Fixes CVE-2019-3824:
ldb: Out of bound read in ldb_wildcard_compare
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e7d67faac5be820b1c8019eb249adf8765d4cf42)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Do not check for C++ compiler as C++ support has been disabled since
commit dd4d3c18d6753e1224fbe59d91a4b44f39bc38c0 otherwise
build will fail on toolchains without a working C++ compiler:
checking how to run the C++ preprocessor... /lib/cpp
configure: error: in `/data/buildroot/buildroot-test/instance-1/output/build/beecrypt-4.2.1':
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
Fixes:
- http://autobuild.buildroot.org/results/3c79cc68f1b088ad24daf7f9bd70718d702be577
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6255c816232468b2e92cffcfa835aa79d8fcae04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
rcrt1.o is a new startup for "static-pie" apps, and only needed for
building, should not end up in the target filesystem.
Signed-off-by: Norbert Lange <norbert.lange@andritz.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit de5fef8c0482889743fb27542ccb013c10f1db8a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With the arrival of linux v5.0, we need yet another condition to set
_SITE correctly. Instead of continuing this madness, solve the problem
generically: use v2.6 for 2.6.*, and use the number before the first dot
in the other cases.
While we're at it, remove the comment which has been incorrect since
80d7b68167a5c8893e906ace6b5f0b0166336406 (7 years ago).
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Adam Duskett <aduskett@gmail.com>
Reviewed-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4ed7246a597325cea2c5b4624b7c94c67ca8662d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
