Compare commits

...

65 Commits

Author SHA1 Message Date
Peter Korsgaard 799aed7a18 Update for 2017.02.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-02 00:05:42 +02:00
Arnout Vandecappelle abfcc5624b busybox: no need to disable clear and reset
Removing clear and reset from the busybox config when the ncurses tools
are enabled is not really needed.

Since commit 802bff9c42, the busybox install will not overwrite
existing programs. Therefore, the tools will be installed correctly
regardless of the order of the build:
- if busybox is built first, the clear and reset apps are installed,
  but they will be overwritten by ncurses;
- if ncurses is built first, it will install the clear and reset apps,
  and busybox will no longer install them.

We prefer not to modify the busybox configuration when not strictly
necessary, because it is surprising for the user that his configuration
is not applied. Clearly, it's not ideal that busybox is configured with
redundant apps, but if the user wants to shrink it, it's possible to
provide a custom config.

This partially reverts commit 33c72344a8.

Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Matt Weber  <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 200282e207)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-01 23:59:39 +02:00
Peter Korsgaard b706f46e97 linux-headers: bump 4.4.x series to 4.4.65
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0d18d1d9c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-01 22:43:16 +02:00
Peter Korsgaard 7ac7be5f87 linux-headers: bump 3.18.x series to 3.18.51
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-01 20:58:08 +02:00
Romain Naour 296ffa6770 toolchain-external: CodeSourcery MIPS update upstream URL
The current URL returns error 403: Forbidden, so switch to https.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 25902b111a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-01 09:21:18 +02:00
Romain Naour 35db9f3ab9 toolchain-external: CodeSourcery ARM update upstream URL
The current URL returns error 403: Forbidden, so switch to https.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bcf1d93a89)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-01 09:21:08 +02:00
Romain Naour 0bc84f9612 toolchain-external: CodeSourcery aarch64 update upstream URL
The current URL returns error 403: Forbidden, so switch to https.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3e069f41bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-01 09:20:59 +02:00
Romain Naour bc224445b2 toolchain-external: CodeSourcery NIOSII update upstream URL
The current URL returns error 403: Forbidden, so switch to https.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d647b23e2e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-01 09:20:48 +02:00
Peter Korsgaard 84e3e5a9f0 freetype: add upstream security fixes for CVE-2017-8105 and CVE-2017-8287
Add upstream post-2.7.1 commits (except for ChangeLog modifications) fixing
the following security issues:

CVE-2017-8105 - FreeType 2 before 2017-03-24 has an out-of-bounds write
caused by a heap-based buffer overflow related to the
t1_decoder_parse_charstrings function in psaux/t1decode.c.

CVE-2017-8287 - FreeType 2 before 2017-03-26 has an out-of-bounds write
caused by a heap-based buffer overflow related to the
t1_builder_close_contour function in psaux/psobjs.c.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6d557ac013)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-01 09:20:14 +02:00
Bernd Kuhls eac5d8c01d package/samba4: bump version to 4.5.8
Version bump includes a regression fix:
https://www.samba.org/samba/history/samba-4.5.8.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 67c25f897d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-01 09:17:16 +02:00
Peter Korsgaard 8879b99a50 ghostscript: add upstream security fixes for CVE-2017-8291
CVE-2017-8291 - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
and remote command execution via a "/OutputFile (%pipe%" substring in a
crafted .eps document that is an input to the gs program, as exploited in
the wild in April 2017.

For more details, see https://bugzilla.suse.com/show_bug.cgi?id=1036453

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 874becfd01)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-01 08:38:47 +02:00
Peter Korsgaard 60e7c1075f python-django: security bump to version 1.10.7
Fixes the following security issues:

Since 1.10.3:

CVE-2016-9013 - User with hardcoded password created when running tests on
Oracle

Marti Raudsepp reported that a user with a hardcoded password is created
when running tests with an Oracle database.

CVE-2016-9014 - DNS rebinding vulnerability when DEBUG=True

Aymeric Augustin discovered that Django does not properly validate the Host
header against settings.ALLOWED_HOSTS when the debug setting is enabled.  A
remote attacker can take advantage of this flaw to perform DNS rebinding
attacks.

Since 1.10.7:

CVE-2017-7233 - Open redirect and possible XSS attack via user-supplied
numeric redirect URLs

It was discovered that is_safe_url() does not properly handle certain
numeric URLs as safe.  A remote attacker can take advantage of this flaw to
perform XSS attacks or to use a Django server as an open redirect.

CVE-2017-7234 - Open redirect vulnerability in django.views.static.serve()

Phithon from Chaitin Tech discovered an open redirect vulnerability in the
django.views.static.serve() view.  Note that this view is not intended for
production use.

Cc: Oli Vogt <oli.vogt.pub01@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3a66a81b7a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:53:27 +02:00
Vicente Olivert Riera 75c7c53e88 linux-headers: bump 4.{4,9,10}.x series
[Peter: drop 4.10.x bump]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 431bd936a1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:51:53 +02:00
Baruch Siach e63c2c3566 libnl: add upstream security fix
CVE-2017-0553: An elevation of privilege vulnerability in libnl could enable a
local malicious application to execute arbitrary code within the context of
the Wi-Fi service

https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1511855.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5efbd573c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:43:28 +02:00
Peter Korsgaard 89300b0097 tiff: add upstream security fixes
Add upstream post-4.0.7 commits (except for ChangeLog modifications) fixing
the following security issues:

CVE-2016-10266 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_read.c:351:22.

CVE-2016-10267 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_ojpeg.c:816:8.

CVE-2016-10269 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 512" and
libtiff/tif_unix.c:340:2.

CVE-2016-10270 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 8" and
libtiff/tif_read.c:523:22.

CVE-2017-5225 - LibTIFF version 4.0.7 is vulnerable to a heap buffer
overflow in the tools/tiffcp resulting in DoS or code execution via a
crafted BitsPerSample value.

CVE-2017-7592 - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7
has a left-shift undefined behavior issue, which might allow remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image.

CVE-2017-7593 - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata
is properly initialized, which might allow remote attackers to obtain
sensitive information from process memory via a crafted image.

CVE-2017-7594 - The OJPEGReadHeaderInfoSecTablesDcTable function in
tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (memory leak) via a crafted image.

CVE-2017-7595 - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7
allows remote attackers to cause a denial of service (divide-by-zero error
and application crash) via a crafted image.

CVE-2017-7598 - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers
to cause a denial of service (divide-by-zero error and application crash)
via a crafted image.

CVE-2017-7601 - LibTIFF 4.0.7 has a "shift exponent too large for 64-bit
type long" undefined behavior issue, which might allow remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted image.

CVE-2017-7602 - LibTIFF 4.0.7 has a signed integer overflow, which might
allow remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted image.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 030fe340af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:33:20 +02:00
Peter Korsgaard 6a404f8245 icu: add upstream security fix for utf-8 handling
Fixes:

CVE-2017-7867 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_setNativeIndex* function.

CVE-2017-7868 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_moveIndex32* function.

Upstream: http://bugs.icu-project.org/trac/changeset/39671

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0135204868)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:32:34 +02:00
Peter Korsgaard bc633d98ad libsndfile: security bump to version 1.0.28
Fixes:

CVE-2017-7585 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.

CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()"
function (common.c) when handling ID3 tags can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.

CVE-2017-7741 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with write memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

CVE-2017-7742 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with read memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer
applies.  Instead pass --disable-full-suite to disable man pages,
documentation and programs, as that was presumably the reason for the patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c363e070d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:31:24 +02:00
Peter Korsgaard a1b9e5cb32 imagemagick: add upstream security fix for CVE-2017-7606
This is not yet part of any release.

coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
representable values of type unsigned char" undefined behavior issue, which
might allow remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted image.

For more details, see:
https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 665560856e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:28:27 +02:00
Vicente Olivert Riera 1b8f4d29ed imagemagick: bump version to 7.0.5-4
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 49a3ed0fee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:28:14 +02:00
Vicente Olivert Riera 83e50860e7 imagemagick: bump version to 7.0.5-3
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 84bc1fb532)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:28:05 +02:00
Vicente Olivert Riera 33adae56f9 imagemagick: bump version to 7.0.5-2
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 22562f7f05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:27:58 +02:00
Peter Korsgaard 0cef3aad7b libcroco: add upstream security fixes
These have been added to upstream git after 0.6.12 was released.

CVE-2017-7960 - The cr_input_new_from_uri function in cr-input.c in libcroco
0.6.11 and 0.6.12 allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted CSS file.

CVE-2017-7961 - The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco
0.6.11 and 0.6.12 has an "outside the range of representable values of type
long" undefined behavior issue, which might allow remote attackers to cause
a denial of service (application crash) or possibly have unspecified other
impact via a crafted CSS file.

For more details, see:
https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 52bfb4b1ce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:27:01 +02:00
Peter Korsgaard 32e514709f python-web2py: security bump to version 2.14.6
CVE-2016-4806 - Web2py versions 2.14.5 and below was affected by Local File
Inclusion vulnerability, which allows a malicious intended user to
read/access web server sensitive files.

CVE-2016-4807 - Web2py versions 2.14.5 and below was affected by Reflected
XSS vulnerability, which allows an attacker to perform an XSS attack on
logged in user (admin).

CVE-2016-4808 - Web2py versions 2.14.5 and below was affected by CSRF (Cross
Site Request Forgery) vulnerability, which allows an attacker to trick a
logged in user to perform some unwanted actions i.e An attacker can trick an
victim to disable the installed application just by sending a URL to victim.

CVE-2016-10321 - web2py before 2.14.6 does not properly check if a host is
denied before verifying passwords, allowing a remote attacker to perform
brute-force attacks.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a534030c6e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:25:38 +02:00
Peter Korsgaard cf113c76df minicom: security bump to version 2.7.1
Fixes CVE-2017-7467 - minicom and prl-vzvncserver vt100.c escparms[] buffer
overflow.

For more details about the issue, see the nice writeup on oss-security:

http://www.openwall.com/lists/oss-security/2017/04/18/5

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 027a0d5b61)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:23:24 +02:00
Vicente Olivert Riera 6b671fa3b6 linux-headers: bump 4.{4,9,10}.x series
[Peter: drop 4.10.x bump]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 37159734b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-28 14:21:09 +02:00
Jörg Krause 35f735cd5a libsamplerate: security bump to version 0.1.9
libsamplerate is relicensed under the 2 clause BSD license.

Fixes CVE-2017-7697 - In libsamplerate before 0.1.9, a buffer over-read
occurs in the calc_output_single function in src_sinc.c via a crafted audio
file.

For more details, see:
https://blogs.gentoo.org/ago/2017/04/11/libsamplerate-global-buffer-overflow-in-calc_output_single-src_sinc-c/

[Peter: add CVE info]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bcdaf4ca84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-25 23:11:57 +02:00
Peter Korsgaard 392b4a6670 xen: security bump to version 4.7.2
The 4.7.2 release brings a number of bugfixes and improvements:

https://www.xenproject.org/downloads/xen-archives/xen-project-47-series/xen-472.html

Including fixes for the following security issues:

XSA-191: x86 null segments not always treated as unusable (CVE-2016-9386)
XSA-192: x86 task switch to VM86 mode mis-handled (CVE-2016-9382)
XSA-193: x86 segment base write emulation lacking canonical address checks
	 (CVE-2016-9385)
XSA-194: guest 32-bit ELF symbol table load leaking host data (CVE-2016-9384)
XSA-195: x86 64-bit bit test instruction emulation broken (CVE-2016-9383)
XSA-196: x86 software interrupt injection mis-handled
	 (CVE-2016-9377 CVE-2016-9378)
XSA-197: qemu incautious about shared ring processing (CVE-2016-9381)
XSA-198: delimiter injection vulnerabilities in pygrub
	 (CVE-2016-9379 CVE-2016-9380)
XSA-199: qemu ioport array overflow (CVE-2016-9637)
XSA-200: x86 CMPXCHG8B emulation fails to ignore operand size override
	 Files (CVE-2016-9932)
XSA-201: ARM guests may induce host asynchronous abort
         (CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818)
XSA-202: x86 PV guests may be able to mask interrupts (CVE-2016-10024)
XSA-203: x86: missing NULL pointer check in VMFUNC emulation (CVE-2016-10025)
XSA-204: x86: Mishandling of SYSCALL singlestep during emulation
         (CVE-2016-10013)
XSA-207: memory leak when destroying guest without PT devices
XSA-208: oob access in cirrus bitblt copy (CVE-2017-2615)
XSA-209: cirrus_bitblt_cputovideo does not check if memory region is safe
         (CVE-2017-2620)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-25 17:50:51 +02:00
Peter Korsgaard 039f7d0d2f nodejs: bump 6.x version to 6.10.2
6.10.2 is the latest release in the LTS series, fixing a number of issues:

https://nodejs.org/en/blog/release/v6.10.2/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-25 17:50:39 +02:00
Peter Korsgaard 48447b9efc linux-headers: bump 3.18.x series to 3.18.50
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-25 17:50:30 +02:00
Christian Stewart 24d80453af uboot: fix target uboot defconfig warning
The warning currently reads:

  No board defconfig name specified, check your
  BR2_TARGET_UBOOT_DEFCONFIG setting.

It should read:

  No board defconfig name specified, check your
  BR2_TARGET_UBOOT_BOARD_DEFCONFIG setting.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b7f095920a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 17:50:14 +02:00
Vicente Olivert Riera 86a16f169d libcurl: bump version to 7.54.0 (security)
Security fixes:
 - CVE-2017-7468: switch off SSL session id when client cert is used

Full changelog: https://curl.haxx.se/changes.html

Removing 0001-CVE-2017-7407.patch. It's included in this release:
  https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 034e95e51e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 17:49:41 +02:00
Baruch Siach bb64a4f87e libnss: security bump to version 3.30.2
CVE-2017-5461 - Out-of-bounds write in Base64 encoding in NSS. Might cause
remote arbitrary code execution
(https://access.redhat.com/errata/RHSA-2017:1100).

CVE-2017-5462 - DRBG flaw in NSS

Drop 0001-cross-compile.patch and TARGET* variables. Upstream Makefile now
allows override of CC, so use TARGET_CONFIGURE_OPTS instead.

Drop upstream 0003-it-uninitialized-fix.patch.

Renumber the remaining patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 09b8e1079e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 17:47:46 +02:00
Baruch Siach 6736d2f604 libnspr: bump to version 4.14
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7e1f3171ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 17:47:36 +02:00
Bernd Kuhls bce9b77e04 package/linux-headers: bump 3.12.x and 4.{4, 9, 10}.x series
[Peter: drop 4.10.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a96a8435d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 17:46:54 +02:00
Romain Naour 892e908120 package/libunwind: disable for x86 with uClibc toolchain
libunwind use sigreturn() while building for x86 [1] but this function
is not available with uClibc-ng.

This throw a warning during libunwind build:
In file included from x86/Los-linux.c:4:0:
x86/Gos-linux.c: In function ‘_ULx86_local_resume’:
x86/Gos-linux.c:298:7: warning: implicit declaration of function ‘sigreturn’ [-Wimplicit-function-declaration]
       sigreturn (sc);
       ^

But any program trying to link against libunwind-generic.so fail to build:
[...]usr/lib/libunwind-generic.so: undefined reference to `sigreturn'
collect2: error: ld returned 1 exit status

Disable libunwind for x86 target when uClibc-ng is used.

Fixes:
http://autobuild.buildroot.net/results/54a/54afac8148cff5f3c17e83f80917fd9006948fe0//build-end.log

[1] http://git.savannah.gnu.org/gitweb/?p=libunwind.git;a=blob;f=src/x86/Gos-linux.c;h=17aebc2974af50eb0bf8292689b2ed22a4c97866;hb=HEAD#l299

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c5b56b0a20)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 17:45:11 +02:00
Rahul Bedarkar de2534bb54 which: update homepage URL
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8e9a990ae9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 17:44:17 +02:00
Bernd Kuhls 7e48857917 package/mpv: disable cuda support
mpv wrongly detects cuda being available:

Checking for CUDA hwaccel : yes

leading to build errors.

Fixes
http://autobuild.buildroot.net/results/e89/e892a537265ad7259024403a0bb3ca5da85ed096/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 030bebd7f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 17:44:06 +02:00
Romain Naour bac22a6f55 package/hiredis: fix install step for static build only
The previous patch [1] didn't take into acount the static build only
scenario. It tries to unconditionally install a shared library.

Handle the install step like for bzip2 package: install the shared
library only if BR2_SHARED_LIBS or BR2_SHARED_STATIC_LIBS is set and
install the static library only if BR2_STATIC_LIBS or
BR2_SHARED_STATIC_LIBS is set.

[1] 96daacb720

Fixes:
http://autobuild.buildroot.net/results/6be/6be8024dd664af83fcf49ede29c8ad59a37f73d1

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 10ffe1f65c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 16:25:59 +02:00
Matt Weber 2de0f39ed6 busybox: preserve ncurses progs/tools
The ncurses package installs a full version of clear and reset(tset)
tools.  Preserve these by disabling the options in the busybox config
file.  This removes the need for ncurses to depend on busybox for solely
ordering of target install.

This commit resolves the following python circular dependency with python.
busybox -> libselinux -> python3 -> ncurses -> busybox

Fixes:
http://autobuild.buildroot.net/results/db1/db1e6f3054092fc5576ccab8e04a3b9d74ca9a8c/

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: minor tweaks.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit 33c72344a8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 16:25:37 +02:00
Waldemar Brodkorb 9d1e422788 glibc: add patches to fix sh4 compile issue
Fixes:

  https://bugs.busybox.net/show_bug.cgi?id=9756

[Peter: drop 2.25.x patch]
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
[Thomas: rework patches as Git formatted patches, fix numbering.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5f2cff973a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 16:24:09 +02:00
Vicente Olivert Riera a29fa4bb77 wireshark: bump version to 2.2.6 (security)
Security fixes:

- wnpa-sec-2017-12
  IMAP dissector crash (Bug 13466) CVE-2017-7703
- wnpa-sec-2017-13
  WBMXL dissector infinite loop (Bug 13477) CVE-2017-7702
- wnpa-sec-2017-14
  NetScaler file parser infinite loop (Bug 13478) CVE-2017-7700
- wnpa-sec-2017-15
  RPCoRDMA dissector infinite loop (Bug 13558) CVE-2017-7705
- wnpa-sec-2017-16
  BGP dissector infinite loop (Bug 13557) CVE-2017-7701
- wnpa-sec-2017-17
  DOF dissector infinite loop (Bug 13453) CVE-2017-7704
- wnpa-sec-2017-18
  PacketBB dissector crash (Bug 13559)
- wnpa-sec-2017-19
  SLSK dissector long loop (Bug 13576)
- wnpa-sec-2017-20
  SIGCOMP dissector infinite loop (Bug 13578)
- wnpa-sec-2017-21
  WSP dissector infinite loop (Bug 13581)

Full release notes:

  https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 156e31e5b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 16:22:31 +02:00
Vicente Olivert Riera ae5cfc15f5 bind: bump version to 9.11.0-P5 (security)
Security Fixes:
 - rndc "" could trigger an assertion failure in named. This flaw is
   disclosed in (CVE-2017-3138). [RT #44924]
 - Some chaining (i.e., type CNAME or DNAME) responses to upstream
   queries could trigger assertion failures. This flaw is disclosed in
   CVE-2017-3137. [RT #44734]
 - dns64 with break-dnssec yes; can result in an assertion failure. This
   flaw is disclosed in CVE-2017-3136. [RT #44653]
 - If a server is configured with a response policy zone (RPZ) that
   rewrites an answer with local data, and is also configured for DNS64
   address mapping, a NULL pointer can be read triggering a server
   crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
 - A coding error in the nxdomain-redirect feature could lead to an
   assertion failure if the redirection namespace was served from a
   local authoritative data source such as a local zone or a DLZ instead
   of via recursive lookup. This flaw is disclosed in CVE-2016-9778.
   [RT #43837]
 - named could mishandle authority sections with missing RRSIGs,
   triggering an assertion failure. This flaw is disclosed in
   CVE-2016-9444. [RT #43632]
 - named mishandled some responses where covering RRSIG records were
   returned without the requested data, resulting in an assertion
   failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
 - named incorrectly tried to cache TKEY records which could trigger an
   assertion failure when there was a class mismatch. This flaw is
   disclosed in CVE-2016-9131. [RT #43522]
 - It was possible to trigger assertions when processing responses
   containing answers of type DNAME. This flaw is disclosed in
   CVE-2016-8864. [RT #43465]

Full release notes:

  ftp://ftp.isc.org/isc/bind9/9.11.0-P5/RELEASE-NOTES-bind-9.11.0-P5.html

Also, remove --enable-rrl configure option from bind.mk as it doesn't
exist anymore.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1727ea972b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 16:22:20 +02:00
Baruch Siach 97e5325375 trinity: fix glibc/kernel headers conflict
Add upstream patch that fixes conflicting definitions of ax25 related structs.

Fixes:
http://autobuild.buildroot.net/results/b40/b40d045f41dc4dbc66d5092ea5e9e045cd825e31/
http://autobuild.buildroot.net/results/367/367199b6071c450159aa2ea74d6d1b4b7cb89a88/
http://autobuild.buildroot.net/results/35e/35e97e51a6f7184d7b708c62a726ab91a0f546b2/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 110eb42854)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 16:08:34 +02:00
Bernd Kuhls 023919520f package/mplayer: fix compilation failure with MMX in libmpcodecs/vf_fspp.c
Compile error found while fixing
http://autobuild.buildroot.net/results/642/6422adeef19ec547c7bc3f8ad3b0d51702015240/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit eabf4102ce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 16:01:02 +02:00
Bernd Kuhls 27ff183a9c package/mplayer: mmxext requires sse
MPlayer contains mmxext code for which a SSE-enabled CPU is required,
for details see https://bugs.funtoo.org/browse/FL-2202

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0d202de1dd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 16:00:15 +02:00
Bernd Kuhls d482d1297e package/mplayer: fix musl build error
Fixes
http://autobuild.buildroot.net/results/08e/08ed316677f519c8005928366aea89570527a033/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2184f48c45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 15:59:25 +02:00
Vicente Olivert Riera be1ab94c9e granite: fix md5 hash
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 04d8d59615)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 15:58:39 +02:00
Romain Naour 4ff4b574a5 package/hiredis: fix installation logic of library
While testing minetest with libhiredis library, the game crached due to
missing libhiredis.so.0.13 library.

The hiredis.mk doesn't use "make install" because "make install" depends
on building both the shared and static libraries, which fails in
static-only scenarios.

However, the installation logic in hiredis.mk is bogus: it installs the
library as libhiredis.so, while its SONAME is libhiredis.so.0.13. We fix
this by using the same logic as the one done by the package "make
install" process: install the library as libhiredis.so.0.13, and create
libhiredis.so as a symbolic link to it.

While at it:

 - Install the library 0755, this is more common.

 - Do not create $(TARGET_DIR)/usr/lib, since $(INSTALL) -D will create
   the necessary directories for the destination path.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: rework to use the same installation logic as the one from
hiredis "make install".]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit 96daacb720)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 15:57:28 +02:00
Baruch Siach 578d192c3c libcurl: apply upstream security patch
CVE-2017-7407: --write-out out of buffer read

https://curl.haxx.se/docs/adv_20170403.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 08bf26bb34)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 15:56:25 +02:00
Vicente Olivert Riera 56938a2feb libcurl: bump version to 7.53.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 07db6fa6e8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 15:56:15 +02:00
Carlos Santos 1d57b8ae51 systemd: select fsck wrapper from util-linux
Select the fsck required by systemd provided by util-linux. This
prevents ending up with fsck from busybox, which is incompatible
with systemd.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3fddb73ffd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 15:55:40 +02:00
Ricardo Martincoski 97f7a8b337 gst-plugins-base: fix handling of freetype
In 2010 commit 32d319e6f "gst-plugins-base: ensure <stdint.h> is used"
introduced a typo (missing backslash) that made the code ineffective.

It can be confirmed by looking at the output of:
$ make printvars | grep '^GST_PLUGINS_BASE_CONF_ENV\|^FT2_CONFIG'
FT2_CONFIG=/bin/false ac_cv_header_stdint_t="stdint.h"
GST_PLUGINS_BASE_CONF_ENV=

Add the missing backslash to fix the code.
While at it, fix the indentation to use one tab instead of two.

The (end of the) diff of config.log confirms the code is still needed
when the host has freetype-config installed:
@@ -1674,10 +1674,8 @@
 configure:21882: checking for emmintrin.h
 configure:21882: result: no
 configure:21894: checking for stdint types
-configure:21917: /tmp/gst/output/host/usr/bin/i686-pc-linux-gnu-gcc -std=gnu99 -c   conftest.c >&5
-configure:21917: $? = 0
 configure:21961: result: stdint.h (shortcircuit)
-configure:22348: result: make use of stdint.h in _stdint.h (assuming C99 compatible system)
+configure:22348: result: make use of stdint.h in _stdint.h
 configure:22359: checking for localtime_r
 configure:22359: /tmp/gst/output/host/usr/bin/i686-pc-linux-gnu-gcc -std=gnu99 -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -Os  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  conftest.c  >&5
 configure:22359: $? = 0
@@ -2468,8 +2466,7 @@
 Package 'freetype2', required by 'world', not found
 configure:31257: result: no
 configure:31298: checking for freetype-config
-configure:31316: found /usr/bin/freetype-config
-configure:31329: result: /usr/bin/freetype-config
+configure:31329: result: /bin/false
 configure:31339: checking for FreeType - version >= 2.0.9
 configure:31427: result: yes
 configure:32250: creating ./config.status
@@ -2789,7 +2786,7 @@
 ac_cv_objext='o'
 ac_cv_path_EGREP='/bin/grep -E'
 ac_cv_path_FGREP='/bin/grep -F'
-ac_cv_path_FT2_CONFIG='/usr/bin/freetype-config'
+ac_cv_path_FT2_CONFIG='/bin/false'
 ac_cv_path_GMSGFMT='/tmp/gst/output/host/usr/bin/msgfmt'
 ac_cv_path_GREP='/bin/grep'
 ac_cv_path_MSGFMT='/tmp/gst/output/host/usr/bin/msgfmt'
@@ -2818,7 +2815,6 @@
 ac_cv_prog_cxx_g='yes'
 ac_cv_prog_make_make_set='yes'
 ac_cv_stdint_message='using gnu compiler i686-pc-linux-gnu-gcc (Sourcery CodeBench Lite 2012.09-62) 4.7.2'
-ac_cv_stdint_result='(assuming C99 compatible system)'
 ac_cv_sys_file_offset_bits='no'
 ac_cv_sys_largefile_CC='no'
 ac_cv_sys_largefile_source='no'
@@ -2965,9 +2961,9 @@
 EXEEXT=''
 FFLAGS=' -Os '
 FGREP='/bin/grep -F'
-FT2_CFLAGS='-I/usr/include/freetype2'
-FT2_CONFIG='/usr/bin/freetype-config'
-FT2_LIBS='-lfreetype'
+FT2_CFLAGS=''
+FT2_CONFIG='/bin/false'
+FT2_LIBS=''
 GCOV=''
 GCOV_CFLAGS=''
 GCOV_LIBS=''

Detected by check-package.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c07a46b0ce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 15:46:26 +02:00
Vicente Olivert Riera eda721ef82 linux-headers: bump 4.{4, 9, 10}.x series
[Peter: drop 4.10.x bump]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9d893df454)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 15:45:58 +02:00
Vicente Olivert Riera 5a339aac73 dovecot: bump version to 2.2.29.1 (security)
Security fix:

  passdb/userdb dict: Don't double-expand %variables in keys. If dict
  was used as the authentication passdb, using specially crafted
  %variables in the username could be used to cause DoS (CVE-2017-2669)

Full ChangeLog 2.2.29 (including CVE fix):
  https://www.dovecot.org/list/dovecot-news/2017-April/000341.html

Full ChangeLog 2.2.29.1 (some fixes forgotten in the 2.2.29 release):

  https://www.dovecot.org/list/dovecot-news/2017-April/000344.html

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a1a1f484a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 15:44:34 +02:00
Bernd Kuhls b937e29052 package/dovecot: bump version to 2.2.28
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 87b60b2586)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 15:44:25 +02:00
Rahul Bedarkar 761533084b python-pyyaml: correct license name
LICENSE file contains MIT license text and README file clearly mentions
pyyaml is released under MIT license.

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 27fdc59e46)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 11:50:04 +02:00
Benoît Allard 18fc71357b syslinux: build with the target toolchain
Until now, the host toolchain was used to build syslinux, as it was
not possible to build a 32-bit syslinux with a x86-64 toolchain.

However, syslinux requires gnu-efi, and gnu-efi is built using the
target toolchain. Mixing different toolchains doesn't work well, so
this commit changes the syslinux package to use the target toolchain
for syslinux as well. This is made possible by patches
0003-Fix-ldlinux.elf-Not-enough-room-for-program-headers-.patch and
0004-memdisk-Force-ld-output-format-to-32-bits.patch.

Since syslinux also contains some utilities that have to run on the
host, those have to continue being built with the host toolchain,
which requires patch 0005-utils-Use-the-host-toolchain-to-build.patch.

Patch 0006-lzo-Use-the-host-toolchain-for-prepcore.patch is about
building prepcore, another utility with the host toolchain as it is
required at build-time.

This was tested using a Buildroot's built x86_64 toolchain, and
checked that the output binaries are 32-bits. It was tested as well if
they actually boot on hardware.

Signed-off-by: Benoît Allard <benoit.allard@greenbone.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6e432d5ecb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 11:48:21 +02:00
Thomas Petazzoni d16d3afdf3 syslinux: use Git formatted patches
In preparation for the addition of more patches to the syslinux
package, reformat the two existing patches as proper Git formatted
patches.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 34da6a65ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 11:48:09 +02:00
Yegor Yefremov 57120d614e pkg-python: ignore user site-packages directory
According to PEP 370 Python will also search for the packages in the
user site-packages directory. This can affect build reproducibility.

The solution is to use PYTHONNOUSERSITE=1 for all Python packages,
i.e. both host and target variants.

Fixes bug #9791.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f5da1951ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 11:46:06 +02:00
Bernd Kuhls 1e9e1f3561 package/linux-headers: bump 3.2.x and 4.{4, 9, 10}.x series
[Peter: drop 4.10.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a1953d0ee2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 11:40:44 +02:00
Peter Korsgaard eda38d300b icu: legal-info: refer to the real license file
License.html now just contains the string:

The ICU license is now in plain text format, see <a href="./LICENSE">LICENSE</a>.
Update links and software appropriately.

So refer directly to that file instead.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d2ea2479e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 11:38:18 +02:00
Peter Korsgaard ab8fb2d9f3 freetype: legal-info: include docs/LICENSE.TXT
LICENSE.TXT gives an overview and explains in detail that freetype is dual
licensed under the FTL and GPLv2+, so also include it in the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2843b970e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 11:34:06 +02:00
Ricardo Martincoski bd00633729 gst1-plugins-base: remove legacy freetype handling
In 2010 commit 32d319e6f "gst-plugins-base: ensure <stdint.h> is used"
introduced a typo (missing backslash) that made the code ineffective.

In 2013 commit f8e7fdcd3 "gst1-plugins-base: add gstreamer1 base
plugins" copied the code.

It can be confirmed by looking at the output of:
$ make printvars | grep '^GST1_PLUGINS_BASE_CONF_ENV\|^FT2_CONFIG'
FT2_CONFIG=/bin/false ac_cv_header_stdint_t="stdint.h"
GST1_PLUGINS_BASE_CONF_ENV=

Direct use of freetype was dropped in version 1.7.2 by upstream [1], so
remove the code instead of fixing it.

Found using [2]:
check-package --include-only Indent $(find * -type f)
and manually removed.

[1] https://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=183610c035dd6955c9b3540b940aec50474af031
[2] http://patchwork.ozlabs.org/patch/729669/

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 80e2a54658)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 11:29:45 +02:00
Thomas Petazzoni 9d302e43c9 libnspr: use __nios2__ instead of nios2
Our patch adding nios2 support to libnspr uses the built-in compiler
define "nios2". However, this doesn't work with C++11, where only the
__nios2__ define is available. Since __nios2__ is always available,
use that instead:

$ ./output/host/usr/bin/nios2-linux-gcc -dM -E - < /dev/null | grep -E "( nios2 | __nios2__ )"

$ ./output/host/usr/bin/nios2-linux-gcc -std=c++11 -x c++ -dM -E - < /dev/null | grep -E "( nios2 | __nios2__ )"

Patch 0001-nios2.patch is therefore changed to use __nios2__ (the rest
of the change noise is due to using quilt to format the patch). Patch
0002-microblaze.patch is simply updated to apply correctly on top of
the modified 0001-nios2.patch.

This fixes the build of the poppler library on nios2. It is built with
-std=c++11, and includes nspr headers (through nss), causing a build
issue.

Fixes:

  http://autobuild.buildroot.net/results/9fee58076157d814616fa0da51afde8da21a8973/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9a521546ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 10:46:32 +02:00
Thomas Petazzoni 6257bf6588 libnspr: fix Microblaze patch
Due to a mistake, the Microblaze patch was adding another #elif
defined(nios2), which doesn't make any sense. This commit gets rid of
it.

The rest of the noise in the change is due to the use of quilt to
generate the patches.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7039c4d456)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 10:46:25 +02:00
96 changed files with 1875 additions and 239 deletions
+19
View File
@@ -1,3 +1,22 @@
2017.02.2, Released May 1st, 2017
Important / security related fixes.
Use HTTPS for the Codesourcery external toolchains as the HTTP
URLs no longer work.
Updated/fixed packages: bind, busybox, dovecot, freetype,
ghostscript, glibc, granite, hiredis, icu, imagemagick,
gst-plugins-base, gst1-plugins-base, libcroco, libcurl, libnl,
libnspr, libnss, libsamplerate, libsndfile, libunwind,
minicom, mplayer, mpv, nodejs, python-django, python-pyyaml,
python-web2py, samba4, syslinux, systemd, tiff, trinity,
uboot, wireshark, xen
Issues resolved (http://bugs.buildroot.org):
#9791: Python searches for packages in the user site directory
2017.02.1, Released April 4th, 2017
Important / security related fixes.
+2 -2
View File
@@ -86,9 +86,9 @@ else # umask / $(CURDIR) / $(O)
all:
# Set and export the version string
export BR2_VERSION := 2017.02.1
export BR2_VERSION := 2017.02.2
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1491392000
BR2_VERSION_EPOCH = 1493676000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -1,16 +1,19 @@
commit e5f2b577ded109291c9632dacb6eaa621d8a59fe
Author: Sylvain Gault <sylvain.gault@gmail.com>
Date: Tue Sep 29 02:38:25 2015 +0200
From da5cbd1a3b248f2d32281a1766a3d1414c0e8e03 Mon Sep 17 00:00:00 2001
From: Sylvain Gault <sylvain.gault@gmail.com>
Date: Tue, 29 Sep 2015 02:38:25 +0200
Subject: [PATCH] bios: Fix alignment change with gcc 5
bios: Fix alignment change with gcc 5
The section aligment specified in the ld scripts have to be greater or
equal to those in the .o files generated by gcc.
Signed-off-by: Sylvain Gault <sylvain.gault@gmail.com>
Tested-by: poma <pomidorabelisima@gmail.com>
Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
The section aligment specified in the ld scripts have to be greater or
equal to those in the .o files generated by gcc.
Signed-off-by: Sylvain Gault <sylvain.gault@gmail.com>
Tested-by: poma <pomidorabelisima@gmail.com>
Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
---
core/i386/syslinux.ld | 6 +++---
core/x86_64/syslinux.ld | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/core/i386/syslinux.ld b/core/i386/syslinux.ld
index 7b4e012..7390451 100644
@@ -74,3 +77,6 @@ index 1057112..bf815c4 100644
__bss_vma = .;
__bss_lma = .; /* Dummy */
.bss (NOLOAD) : AT (__bss_lma) {
--
2.7.4
@@ -0,0 +1,30 @@
From 250bf2c921713434627dc7bc8b0918fa0841f9b7 Mon Sep 17 00:00:00 2001
From: Graham Inggs <ginggs@ubuntu.com>
Date: Wed, 5 Apr 2017 22:03:12 +0200
Subject: [PATCH] Disable PIE to avoid FTBFS on amd64
gcc 6.x has PIE support enabled by default, which causes a build issue
with syslinux. This patch disables PIE support in the relevant
syslinux Makefile.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
---
gpxe/src/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gpxe/src/Makefile b/gpxe/src/Makefile
index cc91d78..077af64 100644
--- a/gpxe/src/Makefile
+++ b/gpxe/src/Makefile
@@ -4,7 +4,7 @@
#
CLEANUP :=
-CFLAGS :=
+CFLAGS := -fno-PIE
ASFLAGS :=
LDFLAGS :=
MAKEDEPS := Makefile
--
2.7.4
-22
View File
@@ -1,22 +0,0 @@
Description: Disable PIE to avoid FTBFS on amd64
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1579023
Author: Graham Inggs <ginggs@ubuntu.com>
Last-Update: 2016-05-06
gcc 6.x has PIE support enabled by default, which causes a build issue
with syslinux. This patch disables PIE support in the relevant
syslinux Makefile.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
--- a/gpxe/src/Makefile
+++ b/gpxe/src/Makefile
@@ -4,7 +4,7 @@
#
CLEANUP :=
-CFLAGS :=
+CFLAGS := -fno-PIE
ASFLAGS :=
LDFLAGS :=
MAKEDEPS := Makefile
@@ -0,0 +1,35 @@
From 61de7762389d460da7ffdd644f50c60175cce23b Mon Sep 17 00:00:00 2001
From: Steve McIntyre <93sam@debian.org>
Date: Wed, 5 Apr 2017 22:09:37 +0200
Subject: [PATCH] Fix 'ldlinux.elf: Not enough room for program headers, try
linking with -N'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix for https://bugs.debian.org/846679: syslinux: FTBFS: ld:
ldlinux.elf: Not enough room for program headers, try linking with -N
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=846679;filename=syslinux_6.03%2Bdfsg-14.1.debdiff;msg=10
Signed-off-by: Benoît Allard <benoit.allard@greenbone.net>
---
core/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/Makefile b/core/Makefile
index ad0acb5..58a3545 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -165,7 +165,7 @@ LDSCRIPT = $(SRC)/$(ARCH)/syslinux.ld
%.elf: %.o $(LIBDEP) $(LDSCRIPT) $(AUXLIBS)
$(LD) $(LDFLAGS) -Bsymbolic $(LD_PIE) -E --hash-style=gnu -T $(LDSCRIPT) -M -o $@ $< \
- --start-group $(LIBS) $(subst $(*F).elf,lib$(*F).a,$@) --end-group \
+ --start-group $(LIBS) $(subst $(*F).elf,lib$(*F).a,$@) --end-group --no-dynamic-linker \
> $(@:.elf=.map)
$(OBJDUMP) -h $@ > $(@:.elf=.sec)
$(PERL) $(SRC)/lstadjust.pl $(@:.elf=.lsr) $(@:.elf=.sec) $(@:.elf=.lst)
--
2.7.4
@@ -0,0 +1,32 @@
From c0287594239d5af2082cac20817f8e8b11a4b1b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20Allard?= <benoit.allard@greenbone.net>
Date: Wed, 5 Apr 2017 14:18:09 +0200
Subject: [PATCH] memdisk: Force ld output format to 32-bits
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
On toolchains where the default output is x86_64, we need to be
consistent with the other .o files
Signed-off-by: Benoît Allard <benoit.allard@greenbone.net>
---
memdisk/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/memdisk/Makefile b/memdisk/Makefile
index e6557d8..06613ff 100644
--- a/memdisk/Makefile
+++ b/memdisk/Makefile
@@ -78,7 +78,7 @@ memdisk16.o: memdisk16.asm
$(NASM) -f bin $(NASMOPT) $(NFLAGS) $(NINCLUDE) -o $@ -l $*.lst $<
memdisk_%.o: memdisk_%.bin
- $(LD) -r -b binary -o $@ $<
+ $(LD) --oformat elf32-i386 -r -b binary -o $@ $<
memdisk16.elf: $(OBJS16)
$(LD) -Ttext 0 -o $@ $^
--
2.7.4
@@ -0,0 +1,60 @@
From e000251144056c99e390a2a4449d06cbd2a19c0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20Allard?= <benoit.allard@greenbone.net>
Date: Wed, 5 Apr 2017 14:25:02 +0200
Subject: [PATCH] utils: Use the host toolchain to build.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The utilities are meant to run on the host machine, hence must be built using
the host toolchain.
Signed-off-by: Benoît Allard <benoit.allard@greenbone.net>
---
utils/Makefile | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/utils/Makefile b/utils/Makefile
index dfe6259..ac91aaa 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -17,8 +17,8 @@
VPATH = $(SRC)
include $(MAKEDIR)/syslinux.mk
-CFLAGS = $(GCCWARN) -Os -fomit-frame-pointer -D_FILE_OFFSET_BITS=64 -I$(SRC)
-LDFLAGS = -O2
+CFLAGS = $(CFLAGS_FOR_BUILD) $(GCCWARN) -Os -fomit-frame-pointer -D_FILE_OFFSET_BITS=64 -I$(SRC)
+LDFLAGS = $(LDFLAGS_FOR_BUILD) -O2
C_TARGETS = isohybrid gethostip memdiskfind
SCRIPT_TARGETS = mkdiskimage
@@ -35,7 +35,7 @@ ISOHDPFX = $(addprefix $(OBJ)/,../mbr/isohdpfx.bin ../mbr/isohdpfx_f.bin \
all: $(TARGETS)
%.o: %.c
- $(CC) $(UMAKEDEPS) $(CFLAGS) -c -o $@ $<
+ $(CC_FOR_BUILD) $(UMAKEDEPS) $(CFLAGS) -c -o $@ $<
mkdiskimage: mkdiskimage.in ../mbr/mbr.bin bin2hex.pl
$(PERL) $(SRC)/bin2hex.pl < $(OBJ)/../mbr/mbr.bin | cat $(SRC)/mkdiskimage.in - > $@
@@ -51,13 +51,13 @@ isohdpfx.c: $(ISOHDPFX) isohdpfxarray.pl
$(PERL) $(SRC)/isohdpfxarray.pl $(ISOHDPFX) > $@
isohybrid: isohybrid.o isohdpfx.o
- $(CC) $(LDFLAGS) -o $@ $^ -luuid
+ $(CC_FOR_BUILD) $(LDFLAGS) -o $@ $^ -luuid
gethostip: gethostip.o
- $(CC) $(LDFLAGS) -o $@ $^
+ $(CC_FOR_BUILD) $(LDFLAGS) -o $@ $^
memdiskfind: memdiskfind.o
- $(CC) $(LDFLAGS) -o $@ $^
+ $(CC_FOR_BUILD) $(LDFLAGS) -o $@ $^
tidy dist:
rm -f *.o .*.d isohdpfx.c
--
2.1.4
@@ -0,0 +1,44 @@
From 83e1f00990c25554723609bb549e18b987034317 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20Allard?= <benoit.allard@greenbone.net>
Date: Thu, 6 Apr 2017 09:43:46 +0200
Subject: [PATCH] lzo: Use the host toolchain for prepcore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Benoît Allard <benoit.allard@greenbone.net>
---
lzo/Makefile | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lzo/Makefile b/lzo/Makefile
index 29f1fa6..c016e5a 100644
--- a/lzo/Makefile
+++ b/lzo/Makefile
@@ -11,10 +11,13 @@
## -----------------------------------------------------------------------
VPATH = $(SRC)
-include $(MAKEDIR)/build.mk
+include $(MAKEDIR)/syslinux.mk
INCLUDES += -I$(SRC)/include
+%.o: %.c
+ $(CC_FOR_BUILD) $(UMAKEDEPS) $(CFLAGS_FOR_BUILD) $(INCLUDES) -c -o $@ $<
+
LIBOBJS = $(patsubst %.c,%.o,$(subst $(SRC)/,,$(wildcard $(SRC)/src/*.c)))
LIB = lzo.a
BINS = prepcore
@@ -30,7 +33,7 @@ $(LIB) : $(LIBOBJS)
$(RANLIB) $@
prepcore : prepcore.o $(LIB)
- $(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
+ $(CC_FOR_BUILD) $(LDFLAGS_FOR_BUILD) -o $@ $^ $(LIBS)
tidy dist clean spotless:
rm -f $(BINS)
--
2.1.4
+2 -1
View File
@@ -1,12 +1,13 @@
config BR2_TARGET_SYSLINUX
bool "syslinux"
depends on BR2_i386 || BR2_x86_64
select BR2_HOSTARCH_NEEDS_IA32_COMPILER
# Make sure at least one of the flavors is installed
select BR2_TARGET_SYSLINUX_ISOLINUX \
if !BR2_TARGET_SYSLINUX_PXELINUX && \
!BR2_TARGET_SYSLINUX_MBR && \
!BR2_TARGET_SYSLINUX_EFI
select BR2_PACKAGE_UTIL_LINUX
select BR2_PACKAGE_UTIL_LINUX_LIBUUID
help
The syslinux bootloader for x86 systems.
This includes: syslinux, pxelinux, extlinux.
+22 -7
View File
@@ -13,7 +13,7 @@ SYSLINUX_LICENSE_FILES = COPYING
SYSLINUX_INSTALL_IMAGES = YES
SYSLINUX_DEPENDENCIES = host-nasm host-util-linux host-upx
SYSLINUX_DEPENDENCIES = host-nasm host-upx util-linux
ifeq ($(BR2_TARGET_SYSLINUX_LEGACY_BIOS),y)
SYSLINUX_TARGET += bios
@@ -51,21 +51,36 @@ SYSLINUX_POST_PATCH_HOOKS += SYSLINUX_CLEANUP
# and the internal zlib should take precedence so -I shouldn't
# be used.
define SYSLINUX_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE1) CC="$(HOSTCC) -idirafter $(HOST_DIR)/usr/include $(HOST_LDFLAGS)" \
AR="$(HOSTAR)" $(SYSLINUX_EFI_ARGS) -C $(@D) $(SYSLINUX_TARGET)
$(TARGET_MAKE_ENV) $(MAKE1) \
CC="$(TARGET_CC)" \
LD="$(TARGET_LD)" \
NASM="$(HOST_DIR)/usr/bin/nasm" \
CC_FOR_BUILD="$(HOSTCC)" \
CFLAGS_FOR_BUILD="$(HOST_CFLAGS)" \
LDFLAGS_FOR_BUILD="$(HOST_LDFLAGS)" \
$(SYSLINUX_EFI_ARGS) -C $(@D) $(SYSLINUX_TARGET)
endef
# While the actual bootloader is compiled for the target, several
# utilities for installing the bootloader are meant for the host.
# Repeat the target, otherwise syslinux will try to build everything
# Repeat CC and AR, since syslinux really wants to check them at
# install time
# Repeat LD (and CC) as it happens that some binaries are linked at
# install-time.
define SYSLINUX_INSTALL_TARGET_CMDS
$(TARGET_MAKE_ENV) $(MAKE1) CC="$(HOSTCC) -idirafter $(HOST_DIR)/usr/include $(HOST_LDFLAGS)" \
AR="$(HOSTAR)" $(SYSLINUX_EFI_ARGS) INSTALLROOT=$(HOST_DIR) \
$(TARGET_MAKE_ENV) $(MAKE1) $(SYSLINUX_EFI_ARGS) INSTALLROOT=$(HOST_DIR) \
CC="$(TARGET_CC)" \
LD="$(TARGET_LD)" \
-C $(@D) $(SYSLINUX_TARGET) install
endef
# That 'syslinux' binary is an installer actually built for the target.
# However, buildroot makes no usage of it, so better delete it than have it
# installed at the wrong place
define SYSLINUX_POST_INSTALL_CLEANUP
rm -rf $(HOST_DIR)/usr/bin/syslinux
endef
SYSLINUX_POST_INSTALL_TARGET_HOOKS += SYSLINUX_POST_INSTALL_CLEANUP
SYSLINUX_IMAGES-$(BR2_TARGET_SYSLINUX_ISOLINUX) += bios/core/isolinux.bin
SYSLINUX_IMAGES-$(BR2_TARGET_SYSLINUX_PXELINUX) += bios/core/pxelinux.bin
SYSLINUX_IMAGES-$(BR2_TARGET_SYSLINUX_MBR) += bios/mbr/mbr.bin
+1 -1
View File
@@ -293,7 +293,7 @@ endif # UBOOT_BOARD_NAME
else ifeq ($(BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG),y)
ifeq ($(BR2_TARGET_UBOOT_USE_DEFCONFIG),y)
ifeq ($(call qstrip,$(BR2_TARGET_UBOOT_BOARD_DEFCONFIG)),)
$(error No board defconfig name specified, check your BR2_TARGET_UBOOT_DEFCONFIG setting)
$(error No board defconfig name specified, check your BR2_TARGET_UBOOT_BOARD_DEFCONFIG setting)
endif # qstrip BR2_TARGET_UBOOT_BOARD_DEFCONFIG
endif # BR2_TARGET_UBOOT_USE_DEFCONFIG
ifeq ($(BR2_TARGET_UBOOT_USE_CUSTOM_CONFIG),y)
+2 -2
View File
@@ -1,2 +1,2 @@
# Verified from http://ftp.isc.org/isc/bind9/9.11.0-P3/bind-9.11.0-P3.tar.gz.sha256.asc
sha256 0feee0374bcbdee73a9d4277f3c5007622279572d520d7c27a4b64015d8ca9e9 bind-9.11.0-P3.tar.gz
# Verified from http://ftp.isc.org/isc/bind9/9.11.0-P5/bind-9.11.0-P5.tar.gz.sha256.asc
sha256 1e283f0567b484687dfd7b936e26c9af4f64043daf73cbd8f3eb1122c9fb71f5 bind-9.11.0-P5.tar.gz
+1 -2
View File
@@ -4,7 +4,7 @@
#
################################################################################
BIND_VERSION = 9.11.0-P3
BIND_VERSION = 9.11.0-P5
BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION)
# bind does not support parallel builds.
BIND_MAKE = $(MAKE1)
@@ -29,7 +29,6 @@ BIND_CONF_OPTS = \
--enable-epoll \
--with-libtool \
--with-gssapi=no \
--enable-rrl \
--enable-filter-aaaa
ifeq ($(BR2_PACKAGE_ZLIB),y)
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally computed after checking signature
sha256 897f92a87cda4b27b243f8149ce0ba7b7e71a2be8fb7994eb0a025e54cde18e9 dovecot-2.2.27.tar.gz
sha256 ccfa9ffb7eb91e9e87c21c108324b911250c9ffa838bffb64b1caafadcb0f388 dovecot-2.2.29.1.tar.gz
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
DOVECOT_VERSION_MAJOR = 2.2
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).27
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).29.1
DOVECOT_SITE = http://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
DOVECOT_INSTALL_STAGING = YES
DOVECOT_LICENSE = LGPLv2.1
@@ -0,0 +1,47 @@
From f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Fri, 24 Mar 2017 09:15:10 +0100
Subject: [PATCH] [psaux] Better protect `flex' handling.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
* src/psaux/t1decode.c (t1_decoder_parse_charstrings)
<callothersubr>: Since there is not a single flex operator but a
series of subroutine calls, malformed fonts can call arbitrary other
operators after the start of a flex, possibly adding points. For
this reason we have to check the available number of points before
inserting a point.
Fixes CVE-2017-8105
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
index af7b465e..7dd45135 100644
--- a/src/psaux/t1decode.c
+++ b/src/psaux/t1decode.c
@@ -780,10 +780,19 @@
/* point without adding any point to the outline */
idx = decoder->num_flex_vectors++;
if ( idx > 0 && idx < 7 )
+ {
+ /* in malformed fonts it is possible to have other */
+ /* opcodes in the middle of a flex (which don't */
+ /* increase `num_flex_vectors'); we thus have to */
+ /* check whether we can add a point */
+ if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
+ goto Syntax_Error;
+
t1_builder_add_point( builder,
x,
y,
(FT_Byte)( idx == 3 || idx == 6 ) );
+ }
}
break;
--
2.11.0
@@ -0,0 +1,35 @@
From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Sun, 26 Mar 2017 08:32:09 +0200
Subject: [PATCH] * src/psaux/psobjs.c (t1_builder_close_contour): Add safety
guard.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
Fixes CVE-2017-8287
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
index d18e821a..0baf8368 100644
--- a/src/psaux/psobjs.c
+++ b/src/psaux/psobjs.c
@@ -1718,6 +1718,14 @@
first = outline->n_contours <= 1
? 0 : outline->contours[outline->n_contours - 2] + 1;
+ /* in malformed fonts it can happen that a contour was started */
+ /* but no points were added */
+ if ( outline->n_contours && first == outline->n_points )
+ {
+ outline->n_contours--;
+ return;
+ }
+
/* We must not include the last point in the path if it */
/* is located on the first point. */
if ( outline->n_points > 1 )
--
2.11.0
+1 -1
View File
@@ -10,7 +10,7 @@ FREETYPE_SITE = http://download.savannah.gnu.org/releases/freetype
FREETYPE_INSTALL_STAGING = YES
FREETYPE_MAKE_OPTS = CCexe="$(HOSTCC)"
FREETYPE_LICENSE = Dual FTL/GPLv2+
FREETYPE_LICENSE_FILES = docs/FTL.TXT docs/GPLv2.TXT
FREETYPE_LICENSE_FILES = docs/LICENSE.TXT docs/FTL.TXT docs/GPLv2.TXT
FREETYPE_DEPENDENCIES = host-pkgconf
FREETYPE_CONFIG_SCRIPTS = freetype-config
@@ -0,0 +1,33 @@
From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 27 Apr 2017 13:03:33 +0100
Subject: [PATCH] Bug 697799: have .eqproc check its parameters
The Ghostscript custom operator .eqproc was not check the number or type of
the parameters it was given.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
psi/zmisc3.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/psi/zmisc3.c b/psi/zmisc3.c
index 54b304246..37293ff4b 100644
--- a/psi/zmisc3.c
+++ b/psi/zmisc3.c
@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
ref2_t stack[MAX_DEPTH + 1];
ref2_t *top = stack;
+ if (ref_stack_count(&o_stack) < 2)
+ return_error(gs_error_stackunderflow);
+ if (!r_is_array(op - 1) || !r_is_array(op)) {
+ return_error(gs_error_typecheck);
+ }
+
make_array(&stack[0].proc1, 0, 1, op - 1);
make_array(&stack[0].proc2, 0, 1, op);
for (;;) {
--
2.11.0
@@ -0,0 +1,62 @@
From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 27 Apr 2017 13:21:31 +0100
Subject: [PATCH] Bug 697799: have .rsdparams check its parameters
The Ghostscript internal operator .rsdparams wasn't checking the number or
type of the operands it was being passed. Do so.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
psi/zfrsd.c | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/psi/zfrsd.c b/psi/zfrsd.c
index 191107d8a..950588d69 100644
--- a/psi/zfrsd.c
+++ b/psi/zfrsd.c
@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
ref *pFilter;
ref *pDecodeParms;
int Intent = 0;
- bool AsyncRead;
+ bool AsyncRead = false;
ref empty_array, filter1_array, parms1_array;
uint i;
- int code;
+ int code = 0;
+
+ if (ref_stack_count(&o_stack) < 1)
+ return_error(gs_error_stackunderflow);
+ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
+ return_error(gs_error_typecheck);
+ }
make_empty_array(&empty_array, a_readonly);
- if (dict_find_string(op, "Filter", &pFilter) > 0) {
+ if (r_has_type(op, t_dictionary)
+ && dict_find_string(op, "Filter", &pFilter) > 0) {
if (!r_is_array(pFilter)) {
if (!r_has_type(pFilter, t_name))
return_error(gs_error_typecheck);
@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
return_error(gs_error_typecheck);
}
}
- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+ if (r_has_type(op, t_dictionary))
+ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
return code;
- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
- )
- return code;
+ if (r_has_type(op, t_dictionary))
+ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
+ return code;
push(1);
op[-1] = *pFilter;
if (pDecodeParms)
--
2.11.0
@@ -0,0 +1,56 @@
From dbb9ecfaac8db022292791936733e0841a0aa447 Mon Sep 17 00:00:00 2001
From: Alexey Neyman <stilor@att.net>
Date: Wed, 8 Feb 2017 16:00:57 -0200
Subject: [PATCH] sh: Fix building with gcc5/6
Build glibc for sh4-unknown-linux-gnu currently fails if one's
using GCC5/6: in dl-conflict.c, the elf_machine_rela() function
is called with NULL as its 3rd argument, sym. The implementation
of that function in sysdeps/sh/dl-machine.h dereferences that pointer:
const Elf32_Sym *const refsym = sym;
...
if (map == &GL(dl_rtld_map))
value -= map->l_addr + refsym->st_value + reloc->r_addend;
GCC discovers a null pointer dereference, and in accordance with
-fdelete-null-pointer-checks (which is enabled in -O2) replaces this
code with a trap - which, as SH does not implement a trap pattern in
GCC, evaluates to an abort() call. This abort() call pulls many more
objects from libc_nonshared.a, eventually resulting in link failure
due to multiple definitions for a number of symbols.
As far as I see, the conditional before this code is always false in
rtld: _dl_resolve_conflicts() is called with main_map as the first
argument, not GL(_dl_rtld_map), but since that call is in yet another
compilation unit, GCC does not know about it. Patch that wraps this
conditional into !defined RESOLVE_CONFLICT_FIND_MAP attached.
* sysdeps/sh/dl-machine.h (elf_machine_rela): The condition
in R_SH_DIR32 case is always false when inlined from
dl-conflict.c. Ifdef out to prevent GCC from insertin an
abort() call.
[Waldemar: backport of
https://sourceware.org/git/?p=glibc.git;a=commit;h=d40dbe722f004f999b589de776f7e57e564dda01.]
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
---
sysdeps/sh/dl-machine.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysdeps/sh/dl-machine.h b/sysdeps/sh/dl-machine.h
index 5bb37d0..6509055 100644
--- a/sysdeps/sh/dl-machine.h
+++ b/sysdeps/sh/dl-machine.h
@@ -389,7 +389,7 @@ elf_machine_rela (struct link_map *map, const Elf32_Rela *reloc,
break;
case R_SH_DIR32:
{
-#ifndef RTLD_BOOTSTRAP
+#if !defined RTLD_BOOTSTRAP && !defined RESOLVE_CONFLICT_FIND_MAP
/* This is defined in rtld.c, but nowhere in the static
libc.a; make the reference weak so static programs can
still link. This declaration cannot be done when
--
2.7.4
@@ -0,0 +1,56 @@
From 98cadd4b9fa8e32d1d0dea8e46b5ba829af4e8a2 Mon Sep 17 00:00:00 2001
From: Alexey Neyman <stilor@att.net>
Date: Wed, 8 Feb 2017 16:00:57 -0200
Subject: [PATCH] sh: Fix building with gcc5/6
Build glibc for sh4-unknown-linux-gnu currently fails if one's
using GCC5/6: in dl-conflict.c, the elf_machine_rela() function
is called with NULL as its 3rd argument, sym. The implementation
of that function in sysdeps/sh/dl-machine.h dereferences that pointer:
const Elf32_Sym *const refsym = sym;
...
if (map == &GL(dl_rtld_map))
value -= map->l_addr + refsym->st_value + reloc->r_addend;
GCC discovers a null pointer dereference, and in accordance with
-fdelete-null-pointer-checks (which is enabled in -O2) replaces this
code with a trap - which, as SH does not implement a trap pattern in
GCC, evaluates to an abort() call. This abort() call pulls many more
objects from libc_nonshared.a, eventually resulting in link failure
due to multiple definitions for a number of symbols.
As far as I see, the conditional before this code is always false in
rtld: _dl_resolve_conflicts() is called with main_map as the first
argument, not GL(_dl_rtld_map), but since that call is in yet another
compilation unit, GCC does not know about it. Patch that wraps this
conditional into !defined RESOLVE_CONFLICT_FIND_MAP attached.
* sysdeps/sh/dl-machine.h (elf_machine_rela): The condition
in R_SH_DIR32 case is always false when inlined from
dl-conflict.c. Ifdef out to prevent GCC from insertin an
abort() call.
[Waldemar: backport of
https://sourceware.org/git/?p=glibc.git;a=commit;h=d40dbe722f004f999b589de776f7e57e564dda01.]
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
---
sysdeps/sh/dl-machine.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysdeps/sh/dl-machine.h b/sysdeps/sh/dl-machine.h
index 5bb37d0..6509055 100644
--- a/sysdeps/sh/dl-machine.h
+++ b/sysdeps/sh/dl-machine.h
@@ -389,7 +389,7 @@ elf_machine_rela (struct link_map *map, const Elf32_Rela *reloc,
break;
case R_SH_DIR32:
{
-#ifndef RTLD_BOOTSTRAP
+#if !defined RTLD_BOOTSTRAP && !defined RESOLVE_CONFLICT_FIND_MAP
/* This is defined in rtld.c, but nowhere in the static
libc.a; make the reference weak so static programs can
still link. This declaration cannot be done when
--
2.7.4
+1 -1
View File
@@ -1,4 +1,4 @@
# From https://launchpad.net/granite/0.4/0.4.0.1/+download/granite-0.4.0.1.tar.xz/+md5
md5 db41150ca6e77162392362686e848086 granite-0.3.1.tar.xz
md5 db41150ca6e77162392362686e848086 granite-0.4.0.1.tar.xz
# Calculated based on the hash above
sha256 95a142a8befeedc35a089d638e759b657905508dc3007036d6c1fa3efe94c4dd granite-0.4.0.1.tar.xz
@@ -14,9 +14,9 @@ GST_PLUGINS_BASE_LICENSE_FILES = COPYING COPYING.LIB
# freetype is only used by examples, but if it is not found
# and the host has a freetype-config script, then the host
# include dirs are added to the search path causing trouble
GST_PLUGINS_BASE_CONF_ENV =
FT2_CONFIG=/bin/false \
ac_cv_header_stdint_t="stdint.h"
GST_PLUGINS_BASE_CONF_ENV = \
FT2_CONFIG=/bin/false \
ac_cv_header_stdint_t="stdint.h"
GST_PLUGINS_BASE_CONF_OPTS = \
--disable-examples \
@@ -11,13 +11,6 @@ GST1_PLUGINS_BASE_INSTALL_STAGING = YES
GST1_PLUGINS_BASE_LICENSE_FILES = COPYING.LIB
GST1_PLUGINS_BASE_LICENSE = LGPLv2+, LGPLv2.1+
# freetype is only used by examples, but if it is not found
# and the host has a freetype-config script, then the host
# include dirs are added to the search path causing trouble
GST1_PLUGINS_BASE_CONF_ENV =
FT2_CONFIG=/bin/false \
ac_cv_header_stdint_t="stdint.h"
# gio_unix_2_0 is only used for tests
GST1_PLUGINS_BASE_CONF_OPTS = \
--disable-examples \
+25 -4
View File
@@ -4,7 +4,8 @@
#
################################################################################
HIREDIS_VERSION = v0.13.3
HIREDIS_VERSION_MAJOR = 0.13
HIREDIS_VERSION = v$(HIREDIS_VERSION_MAJOR).3
HIREDIS_SITE = $(call github,redis,hiredis,$(HIREDIS_VERSION))
HIREDIS_LICENSE = BSD-3c
HIREDIS_LICENSE_FILES = COPYING
@@ -30,6 +31,26 @@ endef
HIREDIS_INCLUDE_DIR = $(STAGING_DIR)/usr/include/hiredis
ifeq ($(BR2_SHARED_LIBS),)
define HIREDIS_INSTALL_STAGING_STATIC_LIB
$(INSTALL) -D -m 0755 $(@D)/libhiredis.a \
$(STAGING_DIR)/usr/lib/libhiredis.a
endef
endif
ifeq ($(BR2_STATIC_LIBS),)
define HIREDIS_INSTALL_STAGING_SHARED_LIB
$(INSTALL) -D -m 0755 $(@D)/libhiredis.so \
$(STAGING_DIR)/usr/lib/libhiredis.so.$(HIREDIS_VERSION_MAJOR)
ln -sf libhiredis.so.$(HIREDIS_VERSION_MAJOR) $(STAGING_DIR)/usr/lib/libhiredis.so
endef
define HIREDIS_INSTALL_TARGET_SHARED_LIB
$(INSTALL) -D -m 0755 $(@D)/libhiredis.so \
$(TARGET_DIR)/usr/lib/libhiredis.so.$(HIREDIS_VERSION_MAJOR)
ln -sf libhiredis.so.$(HIREDIS_VERSION_MAJOR) $(TARGET_DIR)/usr/lib/libhiredis.so
endef
endif
# Do not call make install as this target will build shared and static libraries
define HIREDIS_INSTALL_STAGING_CMDS
mkdir -p $(HIREDIS_INCLUDE_DIR)
@@ -37,12 +58,12 @@ define HIREDIS_INSTALL_STAGING_CMDS
$(@D)/adapters $(HIREDIS_INCLUDE_DIR)
$(INSTALL) -D -m 0644 $(@D)/hiredis.pc \
$(STAGING_DIR)/usr/lib/pkgconfig/hiredis.pc
$(INSTALL) -m 0644 -t $(STAGING_DIR)/usr/lib $(@D)/libhiredis*
$(HIREDIS_INSTALL_STAGING_STATIC_LIB)
$(HIREDIS_INSTALL_STAGING_SHARED_LIB)
endef
define HIREDIS_INSTALL_TARGET_CMDS
mkdir -p $(TARGET_DIR)/usr/lib
$(INSTALL) -m 0644 -t $(TARGET_DIR)/usr/lib $(@D)/libhiredis*
$(HIREDIS_INSTALL_TARGET_SHARED_LIB)
endef
$(eval $(generic-package))
@@ -0,0 +1,173 @@
ticket:12888 UText, problems with handling of bad UTF-8
Fixes:
CVE-2017-7867 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_setNativeIndex* function.
CVE-2017-7868 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_moveIndex32* function.
Upstream: http://bugs.icu-project.org/trac/changeset/39671
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Index: /trunk/icu4c/source/common/utext.cpp
===================================================================
--- icu4c/source/common/utext.cpp (revision 39670)
+++ icu4c/source/common/utext.cpp (revision 39671)
@@ -848,7 +848,13 @@
// Chunk size.
-// Must be less than 85, because of byte mapping from UChar indexes to native indexes.
-// Worst case is three native bytes to one UChar. (Supplemenaries are 4 native bytes
-// to two UChars.)
+// Must be less than 42 (256/6), because of byte mapping from UChar indexes to native indexes.
+// Worst case there are six UTF-8 bytes per UChar.
+// obsolete 6 byte form fd + 5 trails maps to fffd
+// obsolete 5 byte form fc + 4 trails maps to fffd
+// non-shortest 4 byte forms maps to fffd
+// normal supplementaries map to a pair of utf-16, two utf8 bytes per utf-16 unit
+// mapToUChars array size must allow for the worst case, 6.
+// This could be brought down to 4, by treating fd and fc as pure illegal,
+// rather than obsolete lead bytes. But that is not compatible with the utf-8 access macros.
//
enum { UTF8_TEXT_CHUNK_SIZE=32 };
@@ -890,5 +896,5 @@
// one for a supplementary starting in the last normal position,
// and one for an entry for the buffer limit position.
- uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*3+6]; // Map native offset from bufNativeStart to
+ uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*6+6]; // Map native offset from bufNativeStart to
// correspoding offset in filled part of buf.
int32_t align;
@@ -1033,4 +1039,5 @@
u8b = (UTF8Buf *)ut->p; // the current buffer
mapIndex = ix - u8b->toUCharsMapStart;
+ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars));
ut->chunkOffset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx;
return TRUE;
@@ -1299,4 +1306,8 @@
// If index is at the end, there is no character there to look at.
if (ix != ut->b) {
+ // Note: this function will only move the index back if it is on a trail byte
+ // and there is a preceding lead byte and the sequence from the lead
+ // through this trail could be part of a valid UTF-8 sequence
+ // Otherwise the index remains unchanged.
U8_SET_CP_START(s8, 0, ix);
}
@@ -1312,5 +1323,8 @@
uint8_t *mapToNative = u8b->mapToNative;
uint8_t *mapToUChars = u8b->mapToUChars;
- int32_t toUCharsMapStart = ix - (UTF8_TEXT_CHUNK_SIZE*3 + 1);
+ int32_t toUCharsMapStart = ix - sizeof(UTF8Buf::mapToUChars) + 1;
+ // Note that toUCharsMapStart can be negative. Happens when the remaining
+ // text from current position to the beginning is less than the buffer size.
+ // + 1 because mapToUChars must have a slot at the end for the bufNativeLimit entry.
int32_t destIx = UTF8_TEXT_CHUNK_SIZE+2; // Start in the overflow region
// at end of buffer to leave room
@@ -1339,4 +1353,5 @@
// Special case ASCII range for speed.
buf[destIx] = (UChar)c;
+ U_ASSERT(toUCharsMapStart <= srcIx);
mapToUChars[srcIx - toUCharsMapStart] = (uint8_t)destIx;
mapToNative[destIx] = (uint8_t)(srcIx - toUCharsMapStart);
@@ -1368,4 +1383,5 @@
mapToUChars[sIx-- - toUCharsMapStart] = (uint8_t)destIx;
} while (sIx >= srcIx);
+ U_ASSERT(toUCharsMapStart <= (srcIx+1));
// Set native indexing limit to be the current position.
@@ -1542,4 +1558,5 @@
U_ASSERT(index<=ut->chunkNativeLimit);
int32_t mapIndex = index - u8b->toUCharsMapStart;
+ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars));
int32_t offset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx;
U_ASSERT(offset>=0 && offset<=ut->chunkLength);
Index: /trunk/icu4c/source/test/intltest/utxttest.cpp
===================================================================
--- icu4c/source/test/intltest/utxttest.cpp (revision 39670)
+++ icu4c/source/test/intltest/utxttest.cpp (revision 39671)
@@ -68,4 +68,6 @@
case 7: name = "Ticket12130";
if (exec) Ticket12130(); break;
+ case 8: name = "Ticket12888";
+ if (exec) Ticket12888(); break;
default: name = ""; break;
}
@@ -1584,2 +1586,62 @@
utext_close(&ut);
}
+
+// Ticket 12888: bad handling of illegal utf-8 containing many instances of the archaic, now illegal,
+// six byte utf-8 forms. Original implementation had an assumption that
+// there would be at most three utf-8 bytes per UTF-16 code unit.
+// The five and six byte sequences map to a single replacement character.
+
+void UTextTest::Ticket12888() {
+ const char *badString =
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80";
+
+ UErrorCode status = U_ZERO_ERROR;
+ LocalUTextPointer ut(utext_openUTF8(NULL, badString, -1, &status));
+ TEST_SUCCESS(status);
+ for (;;) {
+ UChar32 c = utext_next32(ut.getAlias());
+ if (c == U_SENTINEL) {
+ break;
+ }
+ }
+ int32_t endIdx = utext_getNativeIndex(ut.getAlias());
+ if (endIdx != (int32_t)strlen(badString)) {
+ errln("%s:%d expected=%d, actual=%d", __FILE__, __LINE__, strlen(badString), endIdx);
+ return;
+ }
+
+ for (int32_t prevIndex = endIdx; prevIndex>0;) {
+ UChar32 c = utext_previous32(ut.getAlias());
+ int32_t currentIndex = utext_getNativeIndex(ut.getAlias());
+ if (c != 0xfffd) {
+ errln("%s:%d (expected, actual, index) = (%d, %d, %d)\n",
+ __FILE__, __LINE__, 0xfffd, c, currentIndex);
+ break;
+ }
+ if (currentIndex != prevIndex - 6) {
+ errln("%s:%d: wrong index. Expected, actual = %d, %d",
+ __FILE__, __LINE__, prevIndex - 6, currentIndex);
+ break;
+ }
+ prevIndex = currentIndex;
+ }
+}
Index: /trunk/icu4c/source/test/intltest/utxttest.h
===================================================================
--- icu4c/source/test/intltest/utxttest.h (revision 39670)
+++ icu4c/source/test/intltest/utxttest.h (revision 39671)
@@ -39,4 +39,5 @@
void Ticket10983();
void Ticket12130();
+ void Ticket12888();
private:
+1 -1
View File
@@ -8,7 +8,7 @@ ICU_VERSION = 58.2
ICU_SOURCE = icu4c-$(subst .,_,$(ICU_VERSION))-src.tgz
ICU_SITE = http://download.icu-project.org/files/icu4c/$(ICU_VERSION)
ICU_LICENSE = ICU License
ICU_LICENSE_FILES = license.html
ICU_LICENSE_FILES = LICENSE
ICU_DEPENDENCIES = host-icu
ICU_INSTALL_STAGING = YES
@@ -0,0 +1,52 @@
From b218117cad34d39b9ffb587b45c71c5a49b12bde Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Fri, 31 Mar 2017 15:24:33 -0400
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/415
Fixes CVE-2017-7606
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
coders/pnm.c | 2 +-
coders/rle.c | 5 +++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/coders/pnm.c b/coders/pnm.c
index 9a1221d79..c525ebb8f 100644
--- a/coders/pnm.c
+++ b/coders/pnm.c
@@ -1979,7 +1979,7 @@ static MagickBooleanType WritePNMImage(const ImageInfo *image_info,Image *image,
pixel=ScaleQuantumToChar(GetPixelRed(image,p));
else
pixel=ScaleQuantumToAny(GetPixelRed(image,p),
- max_value);
+ max_value);
}
q=PopCharPixel((unsigned char) pixel,q);
p+=GetPixelChannels(image);
diff --git a/coders/rle.c b/coders/rle.c
index 2318901ec..ec071dc7b 100644
--- a/coders/rle.c
+++ b/coders/rle.c
@@ -271,7 +271,8 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
p=colormap;
for (i=0; i < (ssize_t) number_colormaps; i++)
for (x=0; x < (ssize_t) map_length; x++)
- *p++=(unsigned char) ScaleShortToQuantum(ReadBlobLSBShort(image));
+ *p++=(unsigned char) ScaleQuantumToChar(ScaleShortToQuantum(
+ ReadBlobLSBShort(image)));
}
if ((flags & 0x08) != 0)
{
@@ -476,7 +477,7 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
for (x=0; x < (ssize_t) number_planes; x++)
{
ValidateColormapValue(image,(size_t) (x*map_length+
- (*p & mask)),&index,exception);
+ (*p & mask)),&index,exception);
*p=colormap[(ssize_t) index];
p++;
}
--
2.11.0
+1 -1
View File
@@ -1,2 +1,2 @@
# From http://www.imagemagick.org/download/releases/digest.rdf
sha256 7362805eaa9f9b90cdb67a1f8762782bef4a42ca44939629aecad3c40305bf4c ImageMagick-7.0.5-0.tar.xz
sha256 4a1dde5bdfec0fc549955a051be25b7ff96dfb192060997699e43c7ce0f06ab2 ImageMagick-7.0.5-4.tar.xz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
IMAGEMAGICK_VERSION = 7.0.5-0
IMAGEMAGICK_VERSION = 7.0.5-4
IMAGEMAGICK_SOURCE = ImageMagick-$(IMAGEMAGICK_VERSION).tar.xz
IMAGEMAGICK_SITE = http://www.imagemagick.org/download/releases
IMAGEMAGICK_LICENSE = Apache-2.0
@@ -0,0 +1,62 @@
From 898e3a8c8c0314d2e6b106809a8e3e93cf9d4394 Mon Sep 17 00:00:00 2001
From: Ignacio Casal Quinteiro <qignacio@amazon.com>
Date: Sun, 16 Apr 2017 13:13:43 +0200
Subject: [PATCH] input: check end of input before reading a byte
Fixes CVE-2017-7960
When reading bytes we weren't check that the index wasn't
out of bound and this could produce an invalid read which
could deal to a security bug.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/cr-input.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/cr-input.c b/src/cr-input.c
index 49000b1..3b63a88 100644
--- a/src/cr-input.c
+++ b/src/cr-input.c
@@ -256,7 +256,7 @@ cr_input_new_from_uri (const gchar * a_file_uri, enum CREncoding a_enc)
*we should free buf here because it's own by CRInput.
*(see the last parameter of cr_input_new_from_buf().
*/
- buf = NULL ;
+ buf = NULL;
}
cleanup:
@@ -404,6 +404,8 @@ cr_input_get_nb_bytes_left (CRInput const * a_this)
enum CRStatus
cr_input_read_byte (CRInput * a_this, guchar * a_byte)
{
+ gulong nb_bytes_left = 0;
+
g_return_val_if_fail (a_this && PRIVATE (a_this)
&& a_byte, CR_BAD_PARAM_ERROR);
@@ -413,6 +415,12 @@ cr_input_read_byte (CRInput * a_this, guchar * a_byte)
if (PRIVATE (a_this)->end_of_input == TRUE)
return CR_END_OF_INPUT_ERROR;
+ nb_bytes_left = cr_input_get_nb_bytes_left (a_this);
+
+ if (nb_bytes_left < 1) {
+ return CR_END_OF_INPUT_ERROR;
+ }
+
*a_byte = PRIVATE (a_this)->in_buf[PRIVATE (a_this)->next_byte_index];
if (PRIVATE (a_this)->nb_bytes -
@@ -477,7 +485,6 @@ cr_input_read_char (CRInput * a_this, guint32 * a_char)
if (*a_char == '\n') {
PRIVATE (a_this)->end_of_line = TRUE;
}
-
}
return status;
--
2.11.0
@@ -0,0 +1,46 @@
From 9ad72875e9f08e4c519ef63d44cdbd94aa9504f7 Mon Sep 17 00:00:00 2001
From: Ignacio Casal Quinteiro <qignacio@amazon.com>
Date: Sun, 16 Apr 2017 13:56:09 +0200
Subject: [PATCH] tknzr: support only max long rgb values
Fixes CVE-2017-7961
This fixes a possible out of bound when reading rgbs which
are longer than the support MAXLONG
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/cr-tknzr.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/cr-tknzr.c b/src/cr-tknzr.c
index 1a7cfeb..1548c35 100644
--- a/src/cr-tknzr.c
+++ b/src/cr-tknzr.c
@@ -1279,6 +1279,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)
status = cr_tknzr_parse_num (a_this, &num);
ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));
+ if (num->val > G_MAXLONG) {
+ status = CR_PARSING_ERROR;
+ goto error;
+ }
+
red = num->val;
cr_num_destroy (num);
num = NULL;
@@ -1298,6 +1303,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)
status = cr_tknzr_parse_num (a_this, &num);
ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));
+ if (num->val > G_MAXLONG) {
+ status = CR_PARSING_ERROR;
+ goto error;
+ }
+
PEEK_BYTE (a_this, 1, &next_bytes[0]);
if (next_bytes[0] == '%') {
SKIP_CHARS (a_this, 1);
--
2.11.0
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
sha256 b2345a8bef87b4c229dedf637cb203b5e21db05e20277c8e1094f0d4da180801 curl-7.53.0.tar.bz2
sha256 f50ebaf43c507fa7cc32be4b8108fa8bbd0f5022e90794388f3c7694a302ff06 curl-7.54.0.tar.bz2
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBCURL_VERSION = 7.53.0
LIBCURL_VERSION = 7.54.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
+1
View File
@@ -1,2 +1,3 @@
# From https://github.com/thom311/libnl/releases/download/libnl3_2_27/libnl-3.2.27.tar.gz.sha256sum
sha256 4bbbf92b3c78a90f423cf96260bf419a28b75db8cced47051217a56795f58ec6 libnl-3.2.27.tar.gz
sha256 b7bb929194eefc56c786a7e1ae5176b54713f9013ccec63760f232742ae80361 3e18948f17148e6a3c4255bdeaaf01ef6081ceeb.patch
+2
View File
@@ -11,6 +11,8 @@ LIBNL_LICENSE_FILES = COPYING
LIBNL_INSTALL_STAGING = YES
LIBNL_DEPENDENCIES = host-bison host-flex
LIBNL_PATCH = https://github.com/thom311/libnl/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb.patch
ifeq ($(BR2_PACKAGE_LIBNL_TOOLS),y)
LIBNL_CONF_OPTS += --enable-cli
else
+10 -8
View File
@@ -3,14 +3,15 @@ Add Nios-II support
[Gustavo: update for nspr 4.10.9]
Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
diff -Nura nspr-4.10.9.orig/nspr/pr/include/md/_linux.cfg nspr-4.10.9/nspr/pr/include/md/_linux.cfg
--- nspr-4.10.9.orig/nspr/pr/include/md/_linux.cfg 2015-10-03 08:11:43.229387215 -0300
+++ nspr-4.10.9/nspr/pr/include/md/_linux.cfg 2015-10-03 08:11:55.277798841 -0300
Index: b/nspr/pr/include/md/_linux.cfg
===================================================================
--- a/nspr/pr/include/md/_linux.cfg
+++ b/nspr/pr/include/md/_linux.cfg
@@ -1017,6 +1017,51 @@
#define PR_BYTES_PER_WORD_LOG2 2
#define PR_BYTES_PER_DWORD_LOG2 3
+#elif defined(nios2)
+#elif defined(__nios2__)
+
+#define IS_LITTLE_ENDIAN 1
+#undef IS_BIG_ENDIAN
@@ -58,14 +59,15 @@ diff -Nura nspr-4.10.9.orig/nspr/pr/include/md/_linux.cfg nspr-4.10.9/nspr/pr/in
#else
#error "Unknown CPU architecture"
diff -Nura nspr-4.10.9.orig/nspr/pr/include/md/_linux.h nspr-4.10.9/nspr/pr/include/md/_linux.h
--- nspr-4.10.9.orig/nspr/pr/include/md/_linux.h 2015-10-03 08:11:43.229387215 -0300
+++ nspr-4.10.9/nspr/pr/include/md/_linux.h 2015-10-03 08:12:22.474728003 -0300
Index: b/nspr/pr/include/md/_linux.h
===================================================================
--- a/nspr/pr/include/md/_linux.h
+++ b/nspr/pr/include/md/_linux.h
@@ -57,6 +57,8 @@
#define _PR_SI_ARCHITECTURE "m32r"
#elif defined(__or1k__)
#define _PR_SI_ARCHITECTURE "or1k"
+#elif defined(nios2)
+#elif defined(__nios2__)
+#define _PR_SI_ARCHITECTURE "nios2"
#else
#error "Unknown CPU architecture"
+10 -11
View File
@@ -3,9 +3,10 @@ Add Microblaze support
[Gustavo: update for nspr 4.10.9]
Signed-off-by: Spenser Gilliland <spenser@gillilanding.com>
diff -Nura nspr-4.10.9.orig/nspr/pr/include/md/_linux.cfg nspr-4.10.9/nspr/pr/include/md/_linux.cfg
--- nspr-4.10.9.orig/nspr/pr/include/md/_linux.cfg 2015-10-03 08:13:11.845414714 -0300
+++ nspr-4.10.9/nspr/pr/include/md/_linux.cfg 2015-10-03 08:13:20.435708195 -0300
Index: b/nspr/pr/include/md/_linux.cfg
===================================================================
--- a/nspr/pr/include/md/_linux.cfg
+++ b/nspr/pr/include/md/_linux.cfg
@@ -1062,6 +1062,56 @@
#define PR_BYTES_PER_WORD_LOG2 2
#define PR_BYTES_PER_DWORD_LOG2 3
@@ -63,18 +64,16 @@ diff -Nura nspr-4.10.9.orig/nspr/pr/include/md/_linux.cfg nspr-4.10.9/nspr/pr/in
#else
#error "Unknown CPU architecture"
diff -Nura nspr-4.10.9.orig/nspr/pr/include/md/_linux.h nspr-4.10.9/nspr/pr/include/md/_linux.h
--- nspr-4.10.9.orig/nspr/pr/include/md/_linux.h 2015-10-03 08:13:11.845414714 -0300
+++ nspr-4.10.9/nspr/pr/include/md/_linux.h 2015-10-03 08:14:53.351882603 -0300
@@ -57,8 +57,11 @@
Index: b/nspr/pr/include/md/_linux.h
===================================================================
--- a/nspr/pr/include/md/_linux.h
+++ b/nspr/pr/include/md/_linux.h
@@ -57,6 +57,8 @@
#define _PR_SI_ARCHITECTURE "m32r"
#elif defined(__or1k__)
#define _PR_SI_ARCHITECTURE "or1k"
+#elif defined(__microblaze__)
+#define _PR_SI_ARCHITECTURE "microblaze"
#elif defined(nios2)
#elif defined(__nios2__)
#define _PR_SI_ARCHITECTURE "nios2"
+#elif defined(nios2)
#else
#error "Unknown CPU architecture"
#endif
+2 -2
View File
@@ -1,2 +1,2 @@
# From https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.13.1/src/SHA256SUMS
sha256 5e4c1751339a76e7c772c0c04747488d7f8c98980b434dc846977e43117833ab nspr-4.13.1.tar.gz
# From https://ftp.mozilla.org/pub/nspr/releases/v4.14/src/SHA256SUMS
sha256 64fc18826257403a9132240aa3c45193d577a84b08e96f7e7770a97c074d17d5 nspr-4.14.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBNSPR_VERSION = 4.13.1
LIBNSPR_VERSION = 4.14
LIBNSPR_SOURCE = nspr-$(LIBNSPR_VERSION).tar.gz
LIBNSPR_SITE = https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v$(LIBNSPR_VERSION)/src
LIBNSPR_SUBDIR = nspr
-48
View File
@@ -1,48 +0,0 @@
This patch allows us to set a value for the cross compiler via TARGETCC without
setting CC on the command line. CC is used for host tools as well as cross
compiled code so we cannot define it on the command line without breaking
the host tools build.
[Gustavo: update for nss 3.16.1]
[baruch: add OPTIMIZER handling]
Signed-off-by: Will Newton <will.newton@imgtec.com>
diff -Nuar nss-3.16.1-orig/nss/coreconf/Linux.mk nss-3.16.1/nss/coreconf/Linux.mk
--- nss-3.16.1-orig/nss/coreconf/Linux.mk 2014-05-02 06:27:18.000000000 +0300
+++ nss-3.16.1/nss/coreconf/Linux.mk 2014-07-01 02:38:18.701480512 +0300
@@ -16,9 +16,13 @@
IMPL_STRATEGY = _PTH
endif
-CC = gcc
-CCC = g++
-RANLIB = ranlib
+TARGETCC = gcc
+TARGETCCC = g++
+TARGETRANLIB = ranlib
+
+CC = $(TARGETCC)
+CCC = $(TARGETCCC)
+RANLIB = $(TARGETRANLIB)
DEFAULT_COMPILER = gcc
@@ -125,6 +129,7 @@
endif
endif
+OPTIMIZER = $(TARGET_OPTIMIZER)
ifeq ($(USE_PTHREADS),1)
OS_PTHREAD = -lpthread
diff -Nuar nss-3.16.1-orig/nss/coreconf/nsinstall/Makefile nss-3.16.1/nss/coreconf/nsinstall/Makefile
--- nss-3.16.1-orig/nss/coreconf/nsinstall/Makefile 2014-05-02 06:27:18.000000000 +0300
+++ nss-3.16.1/nss/coreconf/nsinstall/Makefile 2014-07-01 02:38:48.102185011 +0300
@@ -31,6 +31,7 @@
ifdef NATIVE_FLAGS
OS_CFLAGS=$(NATIVE_FLAGS)
+OPTIMIZER=
endif
include $(DEPTH)/coreconf/rules.mk
@@ -1,24 +0,0 @@
# HG changeset patch
# User catdesk <catdesk@tuta.io>
# Date 1477710600 -7200
# Sat Oct 29 05:10:00 2016 +0200
# Node ID b9ef971b94ab110302d49255339077bc1b4aed7f
# Parent eb8c96563cd70aa69d48b01516085f7d2fb46178
Bug 1313846 - Declare 'it = NULL' earlier. r=franziskus
[Thomas: patch taken from upstream mercurial repository, revision
12791.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
diff -r eb8c96563cd7 -r b9ef971b94ab lib/jar/jarfile.c
--- a/nss/lib/jar/jarfile.c Mon Oct 31 17:31:20 2016 +0100
+++ b/nss/lib/jar/jarfile.c Sat Oct 29 05:10:00 2016 +0200
@@ -657,7 +657,7 @@
jar_listzip(JAR *jar, JAR_FILE fp)
{
ZZLink *ent;
- JAR_Item *it;
+ JAR_Item *it = NULL;
JAR_Physical *phy = NULL;
struct ZipLocal *Local = PORT_ZNew(struct ZipLocal);
struct ZipCentral *Central = PORT_ZNew(struct ZipCentral);
+2 -2
View File
@@ -1,2 +1,2 @@
# From https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_27_2_RTM/src/SHA256SUMS
sha256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 nss-3.27.2.tar.gz
# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_30_2_RTM/src/SHA256SUMS
sha256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 nss-3.30.2.tar.gz
+4 -8
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBNSS_VERSION = 3.27.2
LIBNSS_VERSION = 3.30.2
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
LIBNSS_DISTDIR = dist
@@ -33,9 +33,6 @@ LIBNSS_BUILD_VARS = \
NSS_USE_SYSTEM_SQLITE=1 \
NSS_ENABLE_ECC=1 \
NATIVE_CC="$(HOSTCC)" \
TARGETCC="$(TARGET_CC)" \
TARGETCCC="$(TARGET_CXX)" \
TARGETRANLIB="$(TARGET_RANLIB)" \
OS_ARCH="Linux" \
OS_RELEASE="2.6" \
OS_TEST="$(ARCH)"
@@ -55,17 +52,16 @@ endif
endif
define LIBNSS_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE1) -C $(@D)/nss coreconf \
$(TARGET_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss coreconf \
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
DIST=$(@D)/$(LIBNSS_DISTDIR) \
CHECKLOC= \
$(LIBNSS_BUILD_VARS)
$(TARGET_MAKE_ENV) $(MAKE1) -C $(@D)/nss lib/dbm all \
$(TARGET_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss lib/dbm all \
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
DIST=$(@D)/$(LIBNSS_DISTDIR) \
CHECKLOC= \
$(LIBNSS_BUILD_VARS) TARGET_OPTIMIZER="$(TARGET_CFLAGS)" \
NATIVE_FLAGS="$(HOST_CFLAGS)"
$(LIBNSS_BUILD_VARS) NATIVE_FLAGS="$(HOST_CFLAGS)"
endef
define LIBNSS_INSTALL_STAGING_CMDS
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
sha256 93b54bdf46d5e6d2354b7034395fe329c222a966790de34520702bb9642f1c06 libsamplerate-0.1.8.tar.gz
sha256 0a7eb168e2f21353fb6d84da152e4512126f7dc48ccb0be80578c565413444c1 libsamplerate-0.1.9.tar.gz
+2 -2
View File
@@ -4,12 +4,12 @@
#
################################################################################
LIBSAMPLERATE_VERSION = 0.1.8
LIBSAMPLERATE_VERSION = 0.1.9
LIBSAMPLERATE_SITE = http://www.mega-nerd.com/SRC
LIBSAMPLERATE_INSTALL_STAGING = YES
LIBSAMPLERATE_DEPENDENCIES = host-pkgconf
LIBSAMPLERATE_CONF_OPTS = --disable-fftw --program-transform-name=''
LIBSAMPLERATE_LICENSE = Dual GPLv2+ / libsamplerate commercial use license
LIBSAMPLERATE_LICENSE = BSD-2c
LIBSAMPLERATE_LICENSE_FILES = COPYING
ifeq ($(BR2_PACKAGE_LIBSNDFILE),y)
-17
View File
@@ -1,17 +0,0 @@
---
Makefile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: libsndfile-1.0.18/Makefile.in
===================================================================
--- libsndfile-1.0.18.orig/Makefile.in
+++ libsndfile-1.0.18/Makefile.in
@@ -260,7 +260,7 @@
top_srcdir = @top_srcdir@
DISTCHECK_CONFIGURE_FLAGS = --enable-gcc-werror
@BUILD_OCTAVE_MOD_TRUE@octave_dir = Octave
-SUBDIRS = M4 man doc Win32 src $(octave_dir) examples regtest tests programs
+SUBDIRS = src
DIST_SUBDIRS = M4 man doc Win32 src Octave examples regtest tests programs
EXTRA_DIST = libsndfile.spec.in sndfile.pc.in Mingw-make-dist.sh
pkgconfigdir = $(libdir)/pkgconfig
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
sha256 a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0 libsndfile-1.0.27.tar.gz
sha256 1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9 libsndfile-1.0.28.tar.gz
+3 -2
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBSNDFILE_VERSION = 1.0.27
LIBSNDFILE_VERSION = 1.0.28
LIBSNDFILE_SITE = http://www.mega-nerd.com/libsndfile/files
LIBSNDFILE_INSTALL_STAGING = YES
LIBSNDFILE_LICENSE = LGPLv2.1+
@@ -13,6 +13,7 @@ LIBSNDFILE_LICENSE_FILES = COPYING
LIBSNDFILE_CONF_OPTS = \
--disable-sqlite \
--disable-alsa \
--disable-external-libs
--disable-external-libs \
--disable-full-suite
$(eval $(autotools-package))
+1 -1
View File
@@ -15,7 +15,7 @@ config BR2_PACKAGE_LIBUNWIND_ARCH_SUPPORTS
BR2_mips64el || BR2_powerpc || BR2_sh || BR2_i386 || BR2_x86_64)
default y if BR2_TOOLCHAIN_USES_UCLIBC && \
(((BR2_arm || BR2_armeb) && BR2_ARM_CPU_HAS_ARM) || \
BR2_i386 || BR2_mips || BR2_mipsel || \
BR2_mips || BR2_mipsel || \
BR2_mips64 || BR2_mips64el || BR2_x86_64)
default y if BR2_TOOLCHAIN_USES_MUSL && \
(((BR2_arm || BR2_armeb) && BR2_ARM_CPU_HAS_ARM) || \
+5 -5
View File
@@ -214,15 +214,15 @@ endchoice
config BR2_DEFAULT_KERNEL_HEADERS
string
default "3.2.87" if BR2_KERNEL_HEADERS_3_2
default "3.2.88" if BR2_KERNEL_HEADERS_3_2
default "3.4.113" if BR2_KERNEL_HEADERS_3_4
default "3.10.105" if BR2_KERNEL_HEADERS_3_10
default "3.12.72" if BR2_KERNEL_HEADERS_3_12
default "3.18.48" if BR2_KERNEL_HEADERS_3_18
default "3.12.73" if BR2_KERNEL_HEADERS_3_12
default "3.18.51" if BR2_KERNEL_HEADERS_3_18
default "3.19.8" if BR2_KERNEL_HEADERS_3_19
default "4.0.9" if BR2_KERNEL_HEADERS_4_0
default "4.1.39" if BR2_KERNEL_HEADERS_4_1
default "4.4.59" if BR2_KERNEL_HEADERS_4_4
default "4.4.65" if BR2_KERNEL_HEADERS_4_4
default "4.8.17" if BR2_KERNEL_HEADERS_4_8
default "4.9.20" if BR2_KERNEL_HEADERS_4_9
default "4.9.25" if BR2_KERNEL_HEADERS_4_9
default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated
sha256 9ac3a663b82f4f5df64114b4792b9926b536c85f59de0f2d2b321c7626a904f4 minicom-2.7.tar.gz
sha256 532f836b7a677eb0cb1dca8d70302b73729c3d30df26d58368d712e5cca041f1 minicom-2.7.1.tar.gz
+2 -2
View File
@@ -4,8 +4,8 @@
#
################################################################################
MINICOM_VERSION = 2.7
MINICOM_SITE = https://alioth.debian.org/frs/download.php/file/3977
MINICOM_VERSION = 2.7.1
MINICOM_SITE = https://alioth.debian.org/frs/download.php/file/4215
MINICOM_LICENSE = GPLv2+
MINICOM_LICENSE_FILES = COPYING
+22
View File
@@ -0,0 +1,22 @@
Fixes musl build error
loader/ldt_keeper.o: In function `Setup_LDT_Keeper':
ldt_keeper.c:(.text+0xab): undefined reference to `modify_ldt'
Downloaded from
https://github.com/dimkr/rlsd2/blob/master/rules/mplayer/musl.patch
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
diff -rup MPlayer-1.1.1-orig/loader/ldt_keeper.c MPlayer-1.1.1/loader/ldt_keeper.c
--- MPlayer-1.1.1-orig/loader/ldt_keeper.c 2015-04-23 15:07:09.580805888 +0300
+++ MPlayer-1.1.1/loader/ldt_keeper.c 2015-04-23 15:08:07.736807270 +0300
@@ -47,7 +47,7 @@
#if defined(__GLIBC__) && (__GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ == 0))
_syscall3( int, modify_ldt, int, func, void *, ptr, unsigned long, bytecount );
#else
-int modify_ldt(int func, void *ptr, unsigned long bytecount);
+#define modify_ldt(func, ptr, bytecount) syscall(__NR_modify_ldt, func, ptr, bytecount)
#endif
#else
#if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__)
+77
View File
@@ -0,0 +1,77 @@
fix compilation failure with MMX
Fixes
libmpcodecs/vf_fspp.c: In function 'column_fidct_c':
libmpcodecs/vf_fspp.c:750:5: error: unknown type name 'int_simd16_t'
libmpcodecs/vf_fspp.c:751:5: error: unknown type name 'int_simd16_t'
libmpcodecs/vf_fspp.c:752:5: error: unknown type name 'int_simd16_t'
libmpcodecs/vf_fspp.c:753:5: error: unknown type name 'int_simd16_t'
libmpcodecs/vf_fspp.c:789:18: error: 'FIX_0_707106781' undeclared (first use in this function)
libmpcodecs/vf_fspp.c:789:18: note: each undeclared identifier is reported only once for each function it appears in
libmpcodecs/vf_fspp.c:804:21: error: 'FIX_1_414213562_A' undeclared (first use in this function)
libmpcodecs/vf_fspp.c:817:18: error: 'FIX_0_382683433' undeclared (first use in this function)
libmpcodecs/vf_fspp.c:818:18: error: 'FIX_0_541196100' undeclared (first use in this function)
libmpcodecs/vf_fspp.c:819:18: error: 'FIX_1_306562965' undeclared (first use in this function)
libmpcodecs/vf_fspp.c:844:21: error: 'FIX_1_414213562' undeclared (first use in this function)
libmpcodecs/vf_fspp.c:845:21: error: 'FIX_1_847759065' undeclared (first use in this function)
libmpcodecs/vf_fspp.c:846:21: error: 'FIX_1_082392200' undeclared (first use in this function)
libmpcodecs/vf_fspp.c:847:21: error: 'FIX_2_613125930' undeclared (first use in this function)
found using this defconfig after fixing the original bug:
http://autobuild.buildroot.net/results/642/6422adeef19ec547c7bc3f8ad3b0d51702015240/
Downloaded from upstream mailinglist:
http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2016-May/073488.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
diff -uNr MPlayer-1.3.0.org/libmpcodecs/vf_fspp.c MPlayer-1.3.0/libmpcodecs/vf_fspp.c
--- MPlayer-1.3.0.org/libmpcodecs/vf_fspp.c 2015-10-17 21:44:31.000000000 +0200
+++ MPlayer-1.3.0/libmpcodecs/vf_fspp.c 2017-04-10 21:26:57.771819064 +0200
@@ -173,7 +173,6 @@
#define store_slice_s store_slice_c
#define store_slice2_s store_slice2_c
#define mul_thrmat_s mul_thrmat_c
-#define column_fidct_s column_fidct_c
#define row_idct_s row_idct_c
#define row_fdct_s row_fdct_c
@@ -393,7 +392,6 @@
);
}
-static void column_fidct_mmx(int16_t* thr_adr, int16_t *data, int16_t *output, int cnt);
static void row_idct_mmx(int16_t* workspace,
int16_t* output_adr, int output_stride, int cnt);
static void row_fdct_mmx(int16_t *data, const uint8_t *pixels, int line_size, int cnt);
@@ -401,11 +399,18 @@
#define store_slice_s store_slice_mmx
#define store_slice2_s store_slice2_mmx
#define mul_thrmat_s mul_thrmat_mmx
-#define column_fidct_s column_fidct_mmx
#define row_idct_s row_idct_mmx
#define row_fdct_s row_fdct_mmx
#endif // HAVE_MMX_INLINE
+#if !HAVE_MMXEXT_INLINE
+static void column_fidct_c(int16_t* thr_adr, int16_t *data, int16_t *output, int cnt);
+#define column_fidct_s column_fidct_c
+#else
+static void column_fidct_mmx(int16_t* thr_adr, int16_t *data, int16_t *output, int cnt);
+#define column_fidct_s column_fidct_mmx
+#endif
+
static void filter(struct vf_priv_s *p, uint8_t *dst, uint8_t *src,
int dst_stride, int src_stride,
int width, int height,
@@ -728,7 +733,9 @@
DECLARE_ASM_CONST(8, uint64_t, MM_DESCALE_RND)=C64(4);
DECLARE_ASM_CONST(8, uint64_t, MM_2)=C64(2);
-#else /* !HAVE_MMXEXT_INLINE */
+#endif /* !HAVE_MMX_INLINE */
+
+#if !HAVE_MMX_INLINE || !HAVE_MMXEXT_INLINE
typedef int32_t int_simd16_t;
static const int16_t FIX_0_382683433=FIX(0.382683433, 14);
+2 -2
View File
@@ -303,9 +303,9 @@ MPLAYER_CONF_OPTS += \
endif
ifeq ($(BR2_X86_CPU_HAS_SSE),y)
MPLAYER_CONF_OPTS += --enable-sse
MPLAYER_CONF_OPTS += --enable-mmxext --enable-sse
else
MPLAYER_CONF_OPTS += --disable-sse
MPLAYER_CONF_OPTS += --disable-mmxext --disable-sse
endif
ifeq ($(BR2_X86_CPU_HAS_SSE2),y)
+1
View File
@@ -23,6 +23,7 @@ MPV_CONF_OPTS = \
--disable-cdda \
--disable-cocoa \
--disable-coreaudio \
--disable-cuda-hwaccel \
--disable-libv4l2 \
--disable-opensles \
--disable-rpi \
-5
View File
@@ -28,11 +28,6 @@ NCURSES_CONF_OPTS = \
$(if $(BR2_PACKAGE_NCURSES_TARGET_PROGS),,--without-progs) \
--without-manpages
# Install after busybox for the full-blown versions
ifeq ($(BR2_PACKAGE_BUSYBOX),y)
NCURSES_DEPENDENCIES += busybox
endif
ifeq ($(BR2_STATIC_LIBS),y)
NCURSES_CONF_OPTS += --without-shared --with-normal
else ifeq ($(BR2_SHARED_LIBS),y)
+1 -1
View File
@@ -43,7 +43,7 @@ config BR2_PACKAGE_NODEJS_V8_ARCH_SUPPORTS
config BR2_PACKAGE_NODEJS_VERSION_STRING
string
default "6.9.4" if BR2_PACKAGE_NODEJS_V8_ARCH_SUPPORTS
default "6.10.2" if BR2_PACKAGE_NODEJS_V8_ARCH_SUPPORTS
default "0.10.48"
config BR2_PACKAGE_NODEJS_NPM
+2 -2
View File
@@ -1,5 +1,5 @@
# From upstream URL: http://nodejs.org/dist/v0.10.48/SHASUMS256.txt
sha256 365a93d9acc076a0d93f087d269f376abeebccad599a9dab72f2f6ed96c8ae6e node-v0.10.48.tar.xz
# From upstream URL: http://nodejs.org/dist/v6.9.4/SHASUMS256.txt
sha256 c51d7c61db40455d57428abcadc7eb0f0a08a8878cb1d8ea3c1e211c54532c35 node-v6.9.4.tar.xz
# From upstream URL: http://nodejs.org/dist/v6.10.2/SHASUMS256.txt
sha256 80aa11333da99813973a99646e2113c6be5b63f665c0731ed14ecb94cbe846b6 node-v6.10.2.tar.xz
+6 -2
View File
@@ -28,6 +28,7 @@ PKG_PYTHON_DISTUTILS_ENV = \
LDFLAGS="$(TARGET_LDFLAGS)" \
LDSHARED="$(TARGET_CROSS)gcc -shared" \
PYTHONPATH="$(if $(BR2_PACKAGE_PYTHON3),$(PYTHON3_PATH),$(PYTHON_PATH))" \
PYTHONNOUSERSITE=1 \
_python_sysroot=$(STAGING_DIR) \
_python_prefix=/usr \
_python_exec_prefix=/usr
@@ -43,7 +44,8 @@ PKG_PYTHON_DISTUTILS_INSTALL_STAGING_OPTS = \
# Host distutils-based packages
HOST_PKG_PYTHON_DISTUTILS_ENV = \
PATH=$(BR_PATH)
PATH=$(BR_PATH) \
PYTHONNOUSERSITE=1
HOST_PKG_PYTHON_DISTUTILS_INSTALL_OPTS = \
--prefix=$(HOST_DIR)/usr
@@ -52,6 +54,7 @@ HOST_PKG_PYTHON_DISTUTILS_INSTALL_OPTS = \
PKG_PYTHON_SETUPTOOLS_ENV = \
PATH=$(BR_PATH) \
PYTHONPATH="$(if $(BR2_PACKAGE_PYTHON3),$(PYTHON3_PATH),$(PYTHON_PATH))" \
PYTHONNOUSERSITE=1 \
_python_sysroot=$(STAGING_DIR) \
_python_prefix=/usr \
_python_exec_prefix=/usr
@@ -70,7 +73,8 @@ PKG_PYTHON_SETUPTOOLS_INSTALL_STAGING_OPTS = \
# Host setuptools-based packages
HOST_PKG_PYTHON_SETUPTOOLS_ENV = \
PATH=$(BR_PATH)
PATH=$(BR_PATH) \
PYTHONNOUSERSITE=1
HOST_PKG_PYTHON_SETUPTOOLS_INSTALL_OPTS = \
--prefix=$(HOST_DIR)/usr
+2 -2
View File
@@ -1,3 +1,3 @@
# md5 from https://pypi.python.org/pypi/django/json, sha256 locally computed
md5 5342e77374b2acd2eafa86d2bb68f8c9 Django-1.10.2.tar.gz
sha256 e127f12a0bfb34843b6e8c82f91e26fff6445a7ca91d222c0794174cf97cbce1 Django-1.10.2.tar.gz
md5 693dfeabad62c561cb205900d32c2a98 Django-1.10.7.tar.gz
sha256 593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8 Django-1.10.7.tar.gz
+2 -2
View File
@@ -4,10 +4,10 @@
#
################################################################################
PYTHON_DJANGO_VERSION = 1.10.2
PYTHON_DJANGO_VERSION = 1.10.7
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
# The official Django site has an unpractical URL
PYTHON_DJANGO_SITE = https://pypi.python.org/packages/57/9e/59444485f092b6ed4f1931e7d2e13b67fdab967c041d02f58a0d1dab8c23
PYTHON_DJANGO_SITE = https://pypi.python.org/packages/15/b4/d4bb7313e02386bd23a60e1eb5670321313fb67289c6f36ec43bce747aff
PYTHON_DJANGO_LICENSE = BSD-3c
PYTHON_DJANGO_LICENSE_FILES = LICENSE
PYTHON_DJANGO_SETUP_TYPE = setuptools
+1 -1
View File
@@ -8,7 +8,7 @@ PYTHON_PYYAML_VERSION = 3.12
PYTHON_PYYAML_SOURCE = PyYAML-$(PYTHON_PYYAML_VERSION).tar.gz
PYTHON_PYYAML_SITE = https://pypi.python.org/packages/4a/85/db5a2df477072b2902b0eb892feb37d88ac635d36245a72a6a69b23b383a
PYTHON_PYYAML_SETUP_TYPE = distutils
PYTHON_PYYAML_LICENSE = Python software foundation license v2
PYTHON_PYYAML_LICENSE = MIT
PYTHON_PYYAML_LICENSE_FILES = LICENSE
PYTHON_PYYAML_DEPENDENCIES = libyaml
+1 -1
View File
@@ -1,2 +1,2 @@
# sha256 locally computed
sha256 7e22a5624d8d2909e165110f0bec6b43ee36ff6834d689f4027e06dece662031 python-web2py-R-2.12.3.tar.gz
sha256 6079aeaa352ec51e0da5e6abc71fa74cdb3a781e06a311b5826618624362a7b2 python-web2py-R-2.14.6.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
PYTHON_WEB2PY_VERSION = R-2.12.3
PYTHON_WEB2PY_VERSION = R-2.14.6
PYTHON_WEB2PY_SITE = $(call github,web2py,web2py,$(PYTHON_WEB2PY_VERSION))
PYTHON_WEB2PY_LICENSE = LGPLv3
PYTHON_WEB2PY_LICENSE_FILES = LICENSE
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated
sha256 ac70f09af80639d8189e1b9bc0a554841ee44df2b1ef58e7e682ad5400fd9400 samba-4.5.7.tar.gz
sha256 f63b656d8823a280c50c9dbd6b692816cd7a88adfe9b47997ce697fd75bf81f0 samba-4.5.8.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
SAMBA4_VERSION = 4.5.7
SAMBA4_VERSION = 4.5.8
SAMBA4_SITE = https://download.samba.org/pub/samba/stable
SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
SAMBA4_INSTALL_STAGING = YES
+6
View File
@@ -22,6 +22,7 @@ menuconfig BR2_PACKAGE_SYSTEMD
select BR2_PACKAGE_UTIL_LINUX_BINARIES
select BR2_PACKAGE_UTIL_LINUX_MOUNT
select BR2_PACKAGE_UTIL_LINUX_NOLOGIN
select BR2_PACKAGE_UTIL_LINUX_FSCK
select BR2_PACKAGE_KMOD
select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # kmod-tools
select BR2_PACKAGE_KMOD_TOOLS
@@ -61,6 +62,11 @@ menuconfig BR2_PACKAGE_SYSTEMD
- libgcrypt package will add support for journal sealing and
DNSSEC verification in resolved.
Notice that systemd selects the fsck wrapper from util-linux
but no particular fsck.<fstype> is selected. You must choose
the apropriate ones (e.g. e2fsck, from the e2fsprogs package)
according to the system configuration.
http://freedesktop.org/wiki/Software/systemd
if BR2_PACKAGE_SYSTEMD
@@ -0,0 +1,46 @@
From 438274f938e046d33cb0e1230b41da32ffe223e1 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Fri, 2 Dec 2016 21:56:56 +0000
Subject: [PATCH] * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow
in TIFFReadEncodedStrip() that caused an integer division by zero. Reported
by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596
Fixes CVE-2016-10266
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libtiff/tif_read.c | 2 +-
libtiff/tiffiop.h | 4 ++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
index c26c55f4..52bbf507 100644
--- a/libtiff/tif_read.c
+++ b/libtiff/tif_read.c
@@ -346,7 +346,7 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
rowsperstrip=td->td_rowsperstrip;
if (rowsperstrip>td->td_imagelength)
rowsperstrip=td->td_imagelength;
- stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
+ stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
stripinplane=(strip%stripsperplane);
plane=(uint16)(strip/stripsperplane);
rows=td->td_imagelength-stripinplane*rowsperstrip;
diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
index ffbb647b..cb59460a 100644
--- a/libtiff/tiffiop.h
+++ b/libtiff/tiffiop.h
@@ -250,6 +250,10 @@ struct tiff {
#define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
0U)
+/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
+/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
+#define TIFFhowmany_32_maxuint_compat(x, y) \
+ (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
#define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
#define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
#define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))
--
2.11.0
@@ -0,0 +1,53 @@
From 43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Sat, 3 Dec 2016 11:15:18 +0000
Subject: [PATCH] * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case
of failure in OJPEGPreDecode(). This will avoid a divide by zero, and
potential other issues. Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2611
Fixes CVE-2016-10267
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libtiff/tif_ojpeg.c | 8 ++++++++
1 files changed, 15 insertions(+)
diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
index 1ccc3f9b..f19e8fd0 100644
--- a/libtiff/tif_ojpeg.c
+++ b/libtiff/tif_ojpeg.c
@@ -244,6 +244,7 @@ typedef enum {
typedef struct {
TIFF* tif;
+ int decoder_ok;
#ifndef LIBJPEG_ENCAP_EXTERNAL
JMP_BUF exit_jmpbuf;
#endif
@@ -722,6 +723,7 @@ OJPEGPreDecode(TIFF* tif, uint16 s)
}
sp->write_curstrile++;
}
+ sp->decoder_ok = 1;
return(1);
}
@@ -784,8 +786,14 @@ OJPEGPreDecodeSkipScanlines(TIFF* tif)
static int
OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
{
+ static const char module[]="OJPEGDecode";
OJPEGState* sp=(OJPEGState*)tif->tif_data;
(void)s;
+ if( !sp->decoder_ok )
+ {
+ TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
+ return 0;
+ }
if (sp->libjpeg_jpeg_query_style==0)
{
if (OJPEGDecodeRaw(tif,buf,cc)==0)
--
2.11.0
@@ -0,0 +1,110 @@
From 1044b43637fa7f70fb19b93593777b78bd20da86 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Fri, 2 Dec 2016 23:05:51 +0000
Subject: [PATCH] * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based
buffer overflow on generation of PixarLog / LUV compressed files, with
ColorMap, TransferFunction attached and nasty plays with bitspersample. The
fix for LUV has not been tested, but suffers from the same kind of issue of
PixarLog. Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2604
Fixes CVE-2016-10269
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libtiff/tif_luv.c | 18 ++++++++++++++----
libtiff/tif_pixarlog.c | 17 +++++++++++++++--
2 files changed, 39 insertions(+), 6 deletions(-)
diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
index f68a9b13..e6783db5 100644
--- a/libtiff/tif_luv.c
+++ b/libtiff/tif_luv.c
@@ -158,6 +158,7 @@
typedef struct logLuvState LogLuvState;
struct logLuvState {
+ int encoder_state; /* 1 if encoder correctly initialized */
int user_datafmt; /* user data format */
int encode_meth; /* encoding method */
int pixel_size; /* bytes per pixel */
@@ -1552,6 +1553,7 @@ LogLuvSetupEncode(TIFF* tif)
td->td_photometric, "must be either LogLUV or LogL");
break;
}
+ sp->encoder_state = 1;
return (1);
notsupported:
TIFFErrorExt(tif->tif_clientdata, module,
@@ -1563,19 +1565,27 @@ notsupported:
static void
LogLuvClose(TIFF* tif)
{
+ LogLuvState* sp = (LogLuvState*) tif->tif_data;
TIFFDirectory *td = &tif->tif_dir;
+ assert(sp != 0);
/*
* For consistency, we always want to write out the same
* bitspersample and sampleformat for our TIFF file,
* regardless of the data format being used by the application.
* Since this routine is called after tags have been set but
* before they have been recorded in the file, we reset them here.
+ * Note: this is really a nasty approach. See PixarLogClose
*/
- td->td_samplesperpixel =
- (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
- td->td_bitspersample = 16;
- td->td_sampleformat = SAMPLEFORMAT_INT;
+ if( sp->encoder_state )
+ {
+ /* See PixarLogClose. Might avoid issues with tags whose size depends
+ * on those below, but not completely sure this is enough. */
+ td->td_samplesperpixel =
+ (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
+ td->td_bitspersample = 16;
+ td->td_sampleformat = SAMPLEFORMAT_INT;
+ }
}
static void
diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
index d1246c3d..aa99bc92 100644
--- a/libtiff/tif_pixarlog.c
+++ b/libtiff/tif_pixarlog.c
@@ -1233,8 +1233,10 @@ PixarLogPostEncode(TIFF* tif)
static void
PixarLogClose(TIFF* tif)
{
+ PixarLogState* sp = (PixarLogState*) tif->tif_data;
TIFFDirectory *td = &tif->tif_dir;
+ assert(sp != 0);
/* In a really sneaky (and really incorrect, and untruthful, and
* troublesome, and error-prone) maneuver that completely goes against
* the spirit of TIFF, and breaks TIFF, on close, we covertly
@@ -1243,8 +1245,19 @@ PixarLogClose(TIFF* tif)
* readers that don't know about PixarLog, or how to set
* the PIXARLOGDATFMT pseudo-tag.
*/
- td->td_bitspersample = 8;
- td->td_sampleformat = SAMPLEFORMAT_UINT;
+
+ if (sp->state&PLSTATE_INIT) {
+ /* We test the state to avoid an issue such as in
+ * http://bugzilla.maptools.org/show_bug.cgi?id=2604
+ * What appends in that case is that the bitspersample is 1 and
+ * a TransferFunction is set. The size of the TransferFunction
+ * depends on 1<<bitspersample. So if we increase it, an access
+ * out of the buffer will happen at directory flushing.
+ * Another option would be to clear those targs.
+ */
+ td->td_bitspersample = 8;
+ td->td_sampleformat = SAMPLEFORMAT_UINT;
+ }
}
static void
--
2.11.0
@@ -0,0 +1,107 @@
From 9a72a69e035ee70ff5c41541c8c61cd97990d018 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Sat, 3 Dec 2016 11:02:15 +0000
Subject: [PATCH] * libtiff/tif_dirread.c: modify
ChopUpSingleUncompressedStrip() to instanciate compute ntrips as
TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a logic based on
the total size of data. Which is faulty is the total size of data is not
sufficient to fill the whole image, and thus results in reading outside of
the StripByCounts/StripOffsets arrays when using TIFFReadScanline(). Reported
by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608.
* libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done
for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 since
the above change is a better fix that makes it unnecessary.
Fixes CVE-2016-10270
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libtiff/tif_dirread.c | 22 ++++++++++------------
libtiff/tif_strip.c | 9 ---------
2 files changed, 25 insertions(+), 21 deletions(-)
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 3eec79c9..570d0c32 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -5502,8 +5502,7 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
uint64 rowblockbytes;
uint64 stripbytes;
uint32 strip;
- uint64 nstrips64;
- uint32 nstrips32;
+ uint32 nstrips;
uint32 rowsperstrip;
uint64* newcounts;
uint64* newoffsets;
@@ -5534,18 +5533,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
return;
/*
- * never increase the number of strips in an image
+ * never increase the number of rows per strip
*/
if (rowsperstrip >= td->td_rowsperstrip)
return;
- nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
- if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
- return;
- nstrips32 = (uint32)nstrips64;
+ nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
+ if( nstrips == 0 )
+ return;
- newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
+ newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
"for chopped \"StripByteCounts\" array");
- newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
+ newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
"for chopped \"StripOffsets\" array");
if (newcounts == NULL || newoffsets == NULL) {
/*
@@ -5562,18 +5560,18 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
* Fill the strip information arrays with new bytecounts and offsets
* that reflect the broken-up format.
*/
- for (strip = 0; strip < nstrips32; strip++) {
+ for (strip = 0; strip < nstrips; strip++) {
if (stripbytes > bytecount)
stripbytes = bytecount;
newcounts[strip] = stripbytes;
- newoffsets[strip] = offset;
+ newoffsets[strip] = stripbytes ? offset : 0;
offset += stripbytes;
bytecount -= stripbytes;
}
/*
* Replace old single strip info with multi-strip info.
*/
- td->td_stripsperimage = td->td_nstrips = nstrips32;
+ td->td_stripsperimage = td->td_nstrips = nstrips;
TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
_TIFFfree(td->td_stripbytecount);
diff --git a/libtiff/tif_strip.c b/libtiff/tif_strip.c
index 4c46ecf5..1676e47d 100644
--- a/libtiff/tif_strip.c
+++ b/libtiff/tif_strip.c
@@ -63,15 +63,6 @@ TIFFNumberOfStrips(TIFF* tif)
TIFFDirectory *td = &tif->tif_dir;
uint32 nstrips;
- /* If the value was already computed and store in td_nstrips, then return it,
- since ChopUpSingleUncompressedStrip might have altered and resized the
- since the td_stripbytecount and td_stripoffset arrays to the new value
- after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
- tif_dirread.c ~line 3612.
- See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
- if( td->td_nstrips )
- return td->td_nstrips;
-
nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
--
2.11.0
@@ -0,0 +1,74 @@
From 5c080298d59efa53264d7248bbe3a04660db6ef7 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Wed, 11 Jan 2017 19:25:44 +0000
Subject: [PATCH] * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow
and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
http://bugzilla.maptools.org/show_bug.cgi?id=2657
Fixes CVE-2017-5225
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
tools/tiffcp.c | 24 ++++++++++++++++++++++--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/tools/tiffcp.c b/tools/tiffcp.c
index bdf754c3..8bbcd52f 100644
--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
@@ -591,7 +591,7 @@ static copyFunc pickCopyFunc(TIFF*, TIFF*, uint16, uint16);
static int
tiffcp(TIFF* in, TIFF* out)
{
- uint16 bitspersample, samplesperpixel = 1;
+ uint16 bitspersample = 1, samplesperpixel = 1;
uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
copyFunc cf;
uint32 width, length;
@@ -1067,6 +1067,16 @@ DECLAREcpFunc(cpContig2SeparateByRow)
register uint32 n;
uint32 row;
tsample_t s;
+ uint16 bps = 0;
+
+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
+ if( bps != 8 )
+ {
+ TIFFError(TIFFFileName(in),
+ "Error, can only handle BitsPerSample=8 in %s",
+ "cpContig2SeparateByRow");
+ return 0;
+ }
inbuf = _TIFFmalloc(scanlinesizein);
outbuf = _TIFFmalloc(scanlinesizeout);
@@ -1120,6 +1130,16 @@ DECLAREcpFunc(cpSeparate2ContigByRow)
register uint32 n;
uint32 row;
tsample_t s;
+ uint16 bps = 0;
+
+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
+ if( bps != 8 )
+ {
+ TIFFError(TIFFFileName(in),
+ "Error, can only handle BitsPerSample=8 in %s",
+ "cpSeparate2ContigByRow");
+ return 0;
+ }
inbuf = _TIFFmalloc(scanlinesizein);
outbuf = _TIFFmalloc(scanlinesizeout);
@@ -1784,7 +1804,7 @@ pickCopyFunc(TIFF* in, TIFF* out, uint16 bitspersample, uint16 samplesperpixel)
uint32 w, l, tw, tl;
int bychunk;
- (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
+ (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
fprintf(stderr,
"%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
--
2.11.0
@@ -0,0 +1,31 @@
From 48780b4fcc425cddc4ef8ffdf536f96a0d1b313b Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Wed, 11 Jan 2017 16:38:26 +0000
Subject: [PATCH] libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
avoid UndefinedBehaviorSanitizer warning.
Patch by Nicolás Peña.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658
Fixes CVE-2017-7592
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libtiff/tif_getimage.c | 2 +-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
index fed31f1f..2fa1775c 100644
--- a/libtiff/tif_getimage.c
+++ b/libtiff/tif_getimage.c
@@ -1302,7 +1302,7 @@ DECLAREContigPutFunc(putagreytile)
while (h-- > 0) {
for (x = w; x-- > 0;)
{
- *cp++ = BWmap[*pp][0] & (*(pp+1) << 24 | ~A1);
+ *cp++ = BWmap[*pp][0] & ((uint32)*(pp+1) << 24 | ~A1);
pp += samplesperpixel;
}
cp += toskew;
--
2.11.0
@@ -0,0 +1,88 @@
From d60332057b9575ada4f264489582b13e30137be1 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Wed, 11 Jan 2017 19:02:49 +0000
Subject: [PATCH] * libtiff/tiffiop.h, tif_unix.c, tif_win32.c, tif_vms.c: add
_TIFFcalloc()
* libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
initialize tif_rawdata.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
Fixes CVE-2017-7593
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libtiff/tif_read.c | 4 +++-
libtiff/tif_unix.c | 8 ++++++++
libtiff/tif_win32.c | 8 ++++++++
libtiff/tiffio.h | 1 +
4 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
index 277fdd69..4535ccb3 100644
--- a/libtiff/tif_read.c
+++ b/libtiff/tif_read.c
@@ -985,7 +985,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
"Invalid buffer size");
return (0);
}
- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
+ /* Initialize to zero to avoid uninitialized buffers in case of */
+ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
+ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
tif->tif_flags |= TIFF_MYBUFFER;
}
if (tif->tif_rawdata == NULL) {
diff --git a/libtiff/tif_unix.c b/libtiff/tif_unix.c
index 7c7bc961..89dd32e8 100644
--- a/libtiff/tif_unix.c
+++ b/libtiff/tif_unix.c
@@ -316,6 +316,14 @@ _TIFFmalloc(tmsize_t s)
return (malloc((size_t) s));
}
+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
+{
+ if( nmemb == 0 || siz == 0 )
+ return ((void *) NULL);
+
+ return calloc((size_t) nmemb, (size_t)siz);
+}
+
void
_TIFFfree(void* p)
{
diff --git a/libtiff/tif_win32.c b/libtiff/tif_win32.c
index d730b3ab..3e9001b7 100644
--- a/libtiff/tif_win32.c
+++ b/libtiff/tif_win32.c
@@ -360,6 +360,14 @@ _TIFFmalloc(tmsize_t s)
return (malloc((size_t) s));
}
+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
+{
+ if( nmemb == 0 || siz == 0 )
+ return ((void *) NULL);
+
+ return calloc((size_t) nmemb, (size_t)siz);
+}
+
void
_TIFFfree(void* p)
{
diff --git a/libtiff/tiffio.h b/libtiff/tiffio.h
index 732da17f..fbd9171f 100644
--- a/libtiff/tiffio.h
+++ b/libtiff/tiffio.h
@@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void);
*/
extern void* _TIFFmalloc(tmsize_t s);
+extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
extern void* _TIFFrealloc(void* p, tmsize_t s);
extern void _TIFFmemset(void* p, int v, tmsize_t c);
extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
--
2.11.0
@@ -0,0 +1,43 @@
From 2ea32f7372b65c24b2816f11c04bf59b5090d05b Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Thu, 12 Jan 2017 19:23:20 +0000
Subject: [PATCH] * libtiff/tif_ojpeg.c: fix leak in
OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and
OJPEGReadHeaderInfoSecTablesAcTable
Fixes CVE-2017-7594
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libtiff/tif_ojpeg.c | 6 ++++++
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
index b92f0ebd..5f6c684c 100644
--- a/libtiff/tif_ojpeg.c
+++ b/libtiff/tif_ojpeg.c
@@ -1790,7 +1790,10 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF* tif)
TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET);
p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
if (p!=64)
+ {
+ _TIFFfree(ob);
return(0);
+ }
sp->qtable[m]=ob;
sp->sof_tq[m]=m;
}
@@ -1854,7 +1857,10 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF* tif)
rb[sizeof(uint32)+5+n]=o[n];
p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
if (p!=q)
+ {
+ _TIFFfree(rb);
return(0);
+ }
sp->dctable[m]=rb;
sp->sos_tda[m]=(m<<4);
}
--
2.11.0
@@ -0,0 +1,36 @@
From 8283e4d1b7e53340684d12932880cbcbaf23a8c1 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Thu, 12 Jan 2017 17:43:25 +0000
Subject: [PATCH] libtiff/tif_ojpeg.c: fix leak in
OJPEGReadHeaderInfoSecTablesAcTable when read fails.
Patch by Nicolás Peña.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes CVE-2017-7594
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libtiff/tif_ojpeg.c | 3 +++
1 file changed, 10 insertions(+)
diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
index f19e8fd0..b92f0ebd 100644
--- a/libtiff/tif_ojpeg.c
+++ b/libtiff/tif_ojpeg.c
@@ -1918,7 +1918,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF* tif)
rb[sizeof(uint32)+5+n]=o[n];
p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
if (p!=q)
+ {
+ _TIFFfree(rb);
return(0);
+ }
sp->actable[m]=rb;
sp->sos_tda[m]=(sp->sos_tda[m]|m);
}
--
2.11.0
@@ -0,0 +1,35 @@
From 47f2fb61a3a64667bce1a8398a8fcb1b348ff122 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Wed, 11 Jan 2017 12:15:01 +0000
Subject: [PATCH] * libtiff/tif_jpeg.c: avoid integer division by zero in
JPEGSetupEncode() when horizontal or vertical sampling is set to 0. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2653
Fixes CVE-2017-7595
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libtiff/tif_jpeg.c | 7 +++++++
1 file changed, 13 insertions(+)
diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
index 38595f98..6c17c388 100644
--- a/libtiff/tif_jpeg.c
+++ b/libtiff/tif_jpeg.c
@@ -1626,6 +1626,13 @@ JPEGSetupEncode(TIFF* tif)
case PHOTOMETRIC_YCBCR:
sp->h_sampling = td->td_ycbcrsubsampling[0];
sp->v_sampling = td->td_ycbcrsubsampling[1];
+ if( sp->h_sampling == 0 || sp->v_sampling == 0 )
+ {
+ TIFFErrorExt(tif->tif_clientdata, module,
+ "Invalig horizontal/vertical sampling value");
+ return (0);
+ }
+
/*
* A ReferenceBlackWhite field *must* be present since the
* default value is inappropriate for YCbCr. Fill in the
--
2.11.0
@@ -0,0 +1,47 @@
From 3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Wed, 11 Jan 2017 13:28:01 +0000
Subject: [PATCH] * libtiff/tif_dirread.c: avoid division by floating point 0
in TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(),
and return 0 in that case (instead of infinity as before presumably)
Apparently some sanitizers do not like those divisions by zero. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2644
Fixes CVE-2017-7598
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libtiff/tif_dirread.c | 10 ++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 570d0c32..8a1e42aa 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -2872,7 +2872,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFD
m.l = direntry->tdir_offset.toff_long8;
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabArrayOfLong(m.i,2);
- if (m.i[0]==0)
+ /* Not completely sure what we should do when m.i[1]==0, but some */
+ /* sanitizers do not like division by 0.0: */
+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
+ if (m.i[0]==0 || m.i[1]==0)
*value=0.0;
else
*value=(double)m.i[0]/(double)m.i[1];
@@ -2900,7 +2903,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFF
m.l=direntry->tdir_offset.toff_long8;
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabArrayOfLong(m.i,2);
- if ((int32)m.i[0]==0)
+ /* Not completely sure what we should do when m.i[1]==0, but some */
+ /* sanitizers do not like division by 0.0: */
+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
+ if ((int32)m.i[0]==0 || m.i[1]==0)
*value=0.0;
else
*value=(double)((int32)m.i[0])/(double)m.i[1];
--
2.11.0
@@ -0,0 +1,35 @@
From 0a76a8c765c7b8327c59646284fa78c3c27e5490 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Wed, 11 Jan 2017 16:13:50 +0000
Subject: [PATCH] * libtiff/tif_jpeg.c: validate BitsPerSample in
JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift
exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
Fixes CVE-2017-7601
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libtiff/tif_jpeg.c | 7 +++++++
1 file changed, 13 insertions(+)
diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
index 6c17c388..192989a9 100644
--- a/libtiff/tif_jpeg.c
+++ b/libtiff/tif_jpeg.c
@@ -1632,6 +1632,13 @@ JPEGSetupEncode(TIFF* tif)
"Invalig horizontal/vertical sampling value");
return (0);
}
+ if( td->td_bitspersample > 16 )
+ {
+ TIFFErrorExt(tif->tif_clientdata, module,
+ "BitsPerSample %d not allowed for JPEG",
+ td->td_bitspersample);
+ return (0);
+ }
/*
* A ReferenceBlackWhite field *must* be present since the
--
2.11.0
@@ -0,0 +1,56 @@
From 66e7bd59520996740e4df5495a830b42fae48bc4 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Wed, 11 Jan 2017 16:33:34 +0000
Subject: [PATCH] * libtiff/tif_read.c: avoid potential undefined behaviour on
signed integer addition in TIFFReadRawStrip1() in isMapped() case. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2650
Fixes CVE-2017-7602
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libtiff/tif_read.c | 27 ++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
index 52bbf507..b7aacbda 100644
--- a/libtiff/tif_read.c
+++ b/libtiff/tif_read.c
@@ -420,16 +420,25 @@ TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,
return ((tmsize_t)(-1));
}
} else {
- tmsize_t ma,mb;
+ tmsize_t ma;
tmsize_t n;
- ma=(tmsize_t)td->td_stripoffset[strip];
- mb=ma+size;
- if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
- n=0;
- else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
- n=tif->tif_size-ma;
- else
- n=size;
+ if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
+ ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
+ {
+ n=0;
+ }
+ else if( ma > TIFF_TMSIZE_T_MAX - size )
+ {
+ n=0;
+ }
+ else
+ {
+ tmsize_t mb=ma+size;
+ if (mb>tif->tif_size)
+ n=tif->tif_size-ma;
+ else
+ n=size;
+ }
if (n!=size) {
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
TIFFErrorExt(tif->tif_clientdata, module,
--
2.11.0
+1
View File
@@ -1,2 +1,3 @@
# Locally calculated
sha256 3ef7ae05dba14f8bb626121983a08bb09d1d51a19de38bd9a8e0f29b11d9e3c9 trinity-v1.6.tar.gz
sha256 5601474b10973b99f6f4ecc67c8ac54000754d7110553cc81c7648bd7e73c810 b0e66a2d084ffc210bc1fc247efb4d177e9f7e3d.patch
+2
View File
@@ -9,6 +9,8 @@ TRINITY_SITE = $(call github,kernelslacker,trinity,$(TRINITY_VERSION))
TRINITY_LICENSE = GPLv2
TRINITY_LICENSE_FILES = COPYING
TRINITY_PATCH = https://github.com/kernelslacker/trinity/commit/b0e66a2d084ffc210bc1fc247efb4d177e9f7e3d.patch
define TRINITY_CONFIGURE_CMDS
(cd $(@D); $(TARGET_CONFIGURE_OPTS) ./configure.sh)
endef
+1 -1
View File
@@ -4,4 +4,4 @@ config BR2_PACKAGE_WHICH
help
The standard 'which' utility.
http://www.xs4all.nl/~carlo17/which/
http://carlowood.github.io/which/index.html
+2 -2
View File
@@ -1,2 +1,2 @@
# From: https://www.wireshark.org/download/src/all-versions/SIGNATURES-2.2.5.txt
sha256 75dd88d3d6336559e5b0b72077d8a772a988197d571f00029986225fef609ac8 wireshark-2.2.5.tar.bz2
# From: https://www.wireshark.org/download/src/all-versions/SIGNATURES-2.2.6.txt
sha256 f627d51eda85f5ae5f5c8c9fc1f6539ffc2a270dd7500dc7f67490a8534ca849 wireshark-2.2.6.tar.bz2
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
WIRESHARK_VERSION = 2.2.5
WIRESHARK_VERSION = 2.2.6
WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.bz2
WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions
WIRESHARK_LICENSE = wireshark license
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally computed
sha256 e87f4b0575e78657ee23d31470a15ecf1ce8c3a92a771cda46bbcd4d0d671ffe xen-4.7.1.tar.gz
sha256 61494a56d9251e2108080f95b0dc8e3d175f1ba4da34603fc07b91cfebf358d5 xen-4.7.2.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
XEN_VERSION = 4.7.1
XEN_VERSION = 4.7.2
XEN_SITE = http://bits.xensource.com/oss-xen/release/$(XEN_VERSION)
XEN_LICENSE = GPLv2
XEN_LICENSE_FILES = COPYING
@@ -4,7 +4,7 @@
#
################################################################################
TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64_SITE = http://sourcery.mentor.com/public/gnu_toolchain/$(TOOLCHAIN_EXTERNAL_PREFIX)
TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64_SITE = https://sourcery.mentor.com/public/gnu_toolchain/$(TOOLCHAIN_EXTERNAL_PREFIX)
TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64_VERSION = 2014.11-95
TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64_SOURCE = aarch64-amd-$(TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64_VERSION)-$(TOOLCHAIN_EXTERNAL_PREFIX)-i686-pc-linux-gnu.tar.bz2
TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64_ACTUAL_SOURCE_TARBALL = aarch64-amd-$(TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64_VERSION)-$(TOOLCHAIN_EXTERNAL_PREFIX).src.tar.bz2
@@ -6,7 +6,7 @@
TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM_VERSION = 2014.05-29
TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM_SITE = http://sourcery.mentor.com/public/gnu_toolchain/$(TOOLCHAIN_EXTERNAL_PREFIX)
TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM_SITE = https://sourcery.mentor.com/public/gnu_toolchain/$(TOOLCHAIN_EXTERNAL_PREFIX)
TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM_SOURCE = arm-$(TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM_VERSION)-$(TOOLCHAIN_EXTERNAL_PREFIX)-i686-pc-linux-gnu.tar.bz2
TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM_ACTUAL_SOURCE_TARBALL = arm-$(TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM_VERSION)-$(TOOLCHAIN_EXTERNAL_PREFIX).src.tar.bz2
@@ -6,7 +6,7 @@
TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS_VERSION = 2016.05-8
TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS_SITE = http://sourcery.mentor.com/public/gnu_toolchain/$(TOOLCHAIN_EXTERNAL_PREFIX)
TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS_SITE = https://sourcery.mentor.com/public/gnu_toolchain/$(TOOLCHAIN_EXTERNAL_PREFIX)
TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS_SOURCE = mips-$(TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS_VERSION)-$(TOOLCHAIN_EXTERNAL_PREFIX)-i686-pc-linux-gnu.tar.bz2
TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS_ACTUAL_SOURCE_TARBALL = mips-$(TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS_VERSION)-$(TOOLCHAIN_EXTERNAL_PREFIX).src.tar.bz2
@@ -6,7 +6,7 @@
TOOLCHAIN_EXTERNAL_CODESOURCERY_NIOSII_VERSION = 2016.11-32
TOOLCHAIN_EXTERNAL_CODESOURCERY_NIOSII_SITE = http://sourcery.mentor.com/public/gnu_toolchain/$(TOOLCHAIN_EXTERNAL_PREFIX)
TOOLCHAIN_EXTERNAL_CODESOURCERY_NIOSII_SITE = https://sourcery.mentor.com/public/gnu_toolchain/$(TOOLCHAIN_EXTERNAL_PREFIX)
TOOLCHAIN_EXTERNAL_CODESOURCERY_NIOSII_SOURCE = sourceryg++-$(TOOLCHAIN_EXTERNAL_CODESOURCERY_NIOSII_VERSION)-$(TOOLCHAIN_EXTERNAL_PREFIX)-i686-pc-linux-gnu.tar.bz2
TOOLCHAIN_EXTERNAL_CODESOURCERY_NIOSII_ACTUAL_SOURCE_TARBALL = sourceryg++-$(TOOLCHAIN_EXTERNAL_CODESOURCERY_NIOSII_VERSION)-$(TOOLCHAIN_EXTERNAL_PREFIX).src.tar.bz2