[pull] master from buildroot:master#1065
Merged
Merged
Conversation
https://ghostscript.readthedocs.io/en/gs10.07.1/News.html "This release addresses a number of potential security issues." Renumbered patch which was forgotten during the last version bump. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
Buildroot commit 31af509 bumped the package to 2.41.1 which includes upstream commit util-linux/util-linux@036d727 adding a dependency to BPF_OBJ_NAME_LEN for lsfd. BPF_OBJ_NAME_LEN was added to the kernel headers in version 4.15: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=cb4d2b3f03d8eed90be3a194e5b54b734ec4bbe9 so we need to raise the header version dependency for lsfd. The build error was found by the Gitlab pipelines for the defconfig bootlin-aarch64-glibc-old. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
Release notes: https://ftp.isc.org/isc/bind9/9.20.24/doc/arm/html/notes.html Changelog: https://ftp.isc.org/isc/bind9/9.20.24/doc/arm/html/changelog.html Fixes CVE-2026-3593. NOTE: Libraries libcap, liburcu are now mandatory. NOTE 2: the bind version 9.18.x series is marked by upstream as end-of-life. This commit switches to the current stable release series 9.20.x. See: https://kb.isc.org/docs/bind-9-end-of-life-dates https://www.isc.org/bind/ Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> [Julien: add note 2 in commit log] Signed-off-by: Julien Olivain <ju.o@free.fr>
Buildroot commit f89ca99 fixed the build of linux-pam with musl in 2020 but did not remove the restric- tions in place for login/runuser/su which were added earlier with these commits: login (2015): 25ecd24 runuser (2017): 09860f3 su (2017): c648892 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
Release notes: https://github.com/cesanta/mongoose/releases/tag/7.22 Fixes CVE-2026-37635. Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
As mentioned here[1] we require patch[2] to fix CVE-2026-27456. [1]: https://lore.kernel.org/util-linux/c2fo4x3lcppsj77k564i4qodmon3wagx47qf4mqwjwdtiplupg@jmaqrlzp273h/T/#u [2]: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?h=stable/v2.41&id=2dacaf3eea391e3bbf48e7d3ecce02cafe045b6d Cc: Alexander Dahl <alex@netz39.de> Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> [Fiona: add CVE trailer to patch file] Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )