Skip to content

[pull] master from buildroot:master#1065

Merged
pull[bot] merged 6 commits into
mir-one:masterfrom
buildroot:master
Jun 25, 2026
Merged

[pull] master from buildroot:master#1065
pull[bot] merged 6 commits into
mir-one:masterfrom
buildroot:master

Conversation

@pull

@pull pull Bot commented Jun 25, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

bkuhls and others added 6 commits June 25, 2026 17:07
https://ghostscript.readthedocs.io/en/gs10.07.1/News.html
"This release addresses a number of potential security issues."

Renumbered patch which was forgotten during the last version bump.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Buildroot commit 31af509 bumped the
package to 2.41.1 which includes upstream commit
util-linux/util-linux@036d727
adding a dependency to BPF_OBJ_NAME_LEN for lsfd.

BPF_OBJ_NAME_LEN was added to the kernel headers in version 4.15:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=cb4d2b3f03d8eed90be3a194e5b54b734ec4bbe9

so we need to raise the header version dependency for lsfd.

The build error was found by the Gitlab pipelines for the defconfig
bootlin-aarch64-glibc-old.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
Release notes:
https://ftp.isc.org/isc/bind9/9.20.24/doc/arm/html/notes.html

Changelog:
https://ftp.isc.org/isc/bind9/9.20.24/doc/arm/html/changelog.html

Fixes CVE-2026-3593.

NOTE: Libraries libcap, liburcu are now mandatory.

NOTE 2: the bind version 9.18.x series is marked by upstream as
end-of-life. This commit switches to the current stable release
series 9.20.x. See:
https://kb.isc.org/docs/bind-9-end-of-life-dates
https://www.isc.org/bind/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Julien: add note 2 in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Buildroot commit f89ca99 fixed the
build of linux-pam with musl in 2020 but did not remove the restric-
tions in place for login/runuser/su which were added earlier with
these commits:

login (2015): 25ecd24
runuser (2017): 09860f3
su (2017): c648892

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
Release notes:
https://github.com/cesanta/mongoose/releases/tag/7.22

Fixes CVE-2026-37635.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
As mentioned here[1] we require patch[2] to fix CVE-2026-27456.

[1]: https://lore.kernel.org/util-linux/c2fo4x3lcppsj77k564i4qodmon3wagx47qf4mqwjwdtiplupg@jmaqrlzp273h/T/#u
[2]: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?h=stable/v2.41&id=2dacaf3eea391e3bbf48e7d3ecce02cafe045b6d

Cc: Alexander Dahl <alex@netz39.de>
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Fiona: add CVE trailer to patch file]
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
@pull pull Bot locked and limited conversation to collaborators Jun 25, 2026
@pull pull Bot added the ⤵️ pull label Jun 25, 2026
@pull pull Bot merged commit 9998130 into mir-one:master Jun 25, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants