[pull] master from buildroot:master#865
Merged
pull[bot] merged 4 commits intomir-one:masterfrom Feb 13, 2026
Merged
Conversation
This commit backports an upstream patch fixing CVE-2024-10963. See: linux-pam/linux-pam#834 linux-pam/linux-pam#854 Fixes: - CVE-2024-10963: Pam: improper hostname interpretation in pam_access leads to access control bypass A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals. https://www.cve.org/CVERecord?id=CVE-2024-10963 Signed-off-by: Raphael Pavlidis <[email protected]> [Julien: - fix check-package errors - add info in commit log - rebase patch on v1.6.1 to avoid patch offsets - add "CVE:" tag in patch - add comment with patch name near _IGNORE_CVES in .mk ] Signed-off-by: Julien Olivain <[email protected]>
commit cf68667 introduced a patch that was later included in a release which made the usage of libesmtp configurable. Later the switch was moved to the main CMakeLists.mk [0]. while the patch introduced the build flag LOG4CXX_ENABLE_ESMTP the change to the .mk file used LOG4CXX_ENABLE_LIBESMTP. So correct this. Fixes: CMake Warning: Manually-specified variables were not used by the project: LOG4CXX_ENABLE_LIBESMTP [0] https://github.com/apache/logging-log4cxx/blob/rel/v1.3.1/CMakeLists.txt#L93 Signed-off-by: Michael Nosthoff <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Changelog: https://logging.apache.org/log4cxx/1.6.1/changelog.html Remove dependency on Boost.DateTime because since Boost 1.77 it's not a dependency of Boost.Thread anymore and that's the only thing log4cxx actually requires as fallback. Signed-off-by: Michael Nosthoff <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Optional udisks support is useful for mounting USB sticks via pcmanfm. gvfs meson.build has recognized this udisks2 option for quite some time, since upstream commit [1] first included in version 1.35.2 (released on 2017-11-13). [1] https://gitlab.gnome.org/GNOME/gvfs/-/commit/cdc33bf54f501a8b4574f86945628ab6c2036d64 Signed-off-by: Waldemar Brodkorb <[email protected]> [Julien: add comment in commit log] Signed-off-by: Julien Olivain <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )