Compare commits

...

204 Commits

Author SHA1 Message Date
Peter Korsgaard 8ee6c1d60e Update for 2017.02.6
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 22:17:59 +02:00
Baruch Siach 07ddb40567 libidn: fix build without makeinfo
Build fails when the makeinfo utility is not installed on the host.

Fixes:
http://autobuild.buildroot.net/results/dfd/dfdfb34ed81ba3a4b7a7271be482e75eca849dbf/
http://autobuild.buildroot.net/results/b33/b33c0b0e6b1033ab1d1294a91b869ee6adcd391a/
http://autobuild.buildroot.net/results/940/9401cc10f6da6a2e3453ebc65ce573c370733fb5/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f6227928cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 21:36:27 +02:00
Baruch Siach 46b07c8a87 libidn: add fix for CVE-2017-14062
Add upstream patch fixing CVE-2017-14062:

Integer overflow in the decode_digit function in puny_decode.c in
Libidn2 before 2.0.4 allows remote attackers to cause a denial of
service or possibly have unspecified other impact.

This issue also affects libidn.

Unfortunately, the patch also triggers reconf of the documentation
subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined
in doc/Makefile.am. Add autoreconf to handle that.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 49cb795f79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 21:36:09 +02:00
Peter Seiderer bde9621d0f gst1-plugins-bad: fix build against openjpeg 2.2
Add upstream patch to fix build against openjpeg 2.2.

Fixes [1]:

  gstopenjpeg.h:42:37: fatal error: openjpeg-2.1/openjpeg.h: No such file or directory

[1] http://autobuild.buildroot.net/results/90f1f7838f08e3a557be27470406d4d84dbcc828

[Peter: drop meson changes for 2017.02.x]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3a5d4db954)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 16:46:53 +02:00
Peter Korsgaard 5f9d99944a openjpeg: fix build without C++ support
Fixes:
http://autobuild.buildroot.net/results/e2f/e2ff0a7fa2b911157edf6c43a8eed797b22edd46/
http://autobuild.buildroot.net/results/670/6706339e7df2f2e7d0d7a15663bed185ca55c2a1/

Openjpeg is written in C, but with the move to CMake the build system now
errors out if a C++ compiler isn't available.  Fix it by patching the
CMakeLists.txt to not require C++ support.

Patch submitted upstream:
https://github.com/uclouvain/openjpeg/pull/1027

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d2911fec6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 09:01:14 +02:00
Olivier Schonken 1a22a5fcb3 openjpeg: Fix malloc poison issue
The malloc poison issue has been fixed upstream, this patch will thus only
be temporary.

Fixes the following autobuild issues

       sparc | http://autobuild.buildroot.net/results/c1b7a316ca2a4db49023f304dbc7fd5fed05bd9d
        bfin | http://autobuild.buildroot.net/results/031ece7a72e76a9155938cb283de859bd12a8171
         sh4 | http://autobuild.buildroot.net/results/88664451f71c12ccd94e874d408fbb680bea1695
      xtensa | http://autobuild.buildroot.net/results/fbede64a5a86d4868b6da0ab1275e75803235af0
     powerpc | http://autobuild.buildroot.net/results/6c641650509048039b18fbeb010dbca0f0fc5292
microblazeel | http://autobuild.buildroot.net/results/fa2d5272b2db73cbfa441ead9250157c5626ab15
    mips64el | http://autobuild.buildroot.net/results/fc96f6628f71e05d9a74e0e13e50178d29a2c495
         sh4 | http://autobuild.buildroot.net/results/a6d6a6dcb9b4fa250edaaf5935762c5820457b23
      x86_64 | http://autobuild.buildroot.net/results/47b4ca2cc661582d86830b9353a6c8af86e4ba35
         arc | http://autobuild.buildroot.net/results/08e2e4eca6c3dbde8116a649dbf46e52ded45d10
         arc | http://autobuild.buildroot.net/results/899fa044aab7ee28acfa71544f2105da4a5c97d5
         arm | http://autobuild.buildroot.net/results/6016f6885b21d6e8c6199a6833c7acce6210ecc6
         arm | http://autobuild.buildroot.net/results/adbb3c76497e89161535c711de98809a0fa168a7
        or1k | http://autobuild.buildroot.net/results/de3ef69a72d2c2082e202fbed702c53a51274fef
    mips64el | http://autobuild.buildroot.net/results/39b186b13001a810e0992b52321f1015b445d2fd
      x86_64 | http://autobuild.buildroot.net/results/22c6a29a1ded6aedf01adfdfcf26302248dba80c
         arm | http://autobuild.buildroot.net/results/b62c54b727eb5f576c4a517a69c495b537c3b69a
        m68k | http://autobuild.buildroot.net/results/a826561c5786be5f0088b50b633210593e23ffff
         arm | http://autobuild.buildroot.net/results/d32ec927a5e4d5644cb3641014bcf6ebe5c14490

Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19d8081865)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 09:01:06 +02:00
Peter Korsgaard 4adb61ec73 tor: security bump to version 0.2.9.12
Fixes CVE-2017-0380: Stack disclosure in hidden services logs when
SafeLogging disabled

For more details, see:
https://trac.torproject.org/projects/tor/ticket/23490

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-23 23:10:24 +02:00
Peter Korsgaard 8fbd4de7c2 CHANGES: update with recent changes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-23 11:04:39 +02:00
Peter Korsgaard 1f8ed52c55 bind: use http:// instead of ftp:// for site
To avoid issues with firewalls blocking ftp.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 771bb2d58d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-23 10:29:35 +02:00
Peter Korsgaard b449b86637 bind: bump to version 9.11.2
Adds support for the new ICANN DNSSEC root key for the upcoming KSK rollover
(Oct 11):

https://www.icann.org/resources/pages/ksk-rollover

For more details, see the release notes:
https://kb.isc.org/article/AA-01522

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f3e3b36159)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-23 10:29:25 +02:00
Peter Korsgaard b6b99d28ef gdk-pixbuf: security bump to version 2.36.10
Fixes the following security issues:

CVE-2017-2862 - An exploitable heap overflow vulnerability exists in the
gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6.  A
specially crafted jpeg file can cause a heap overflow resulting in remote
code execution.  An attacker can send a file or url to trigger this
vulnerability.

CVE-2017-2870 - An exploitable integer overflow vulnerability exists in the
tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with
Clang.  A specially crafted tiff file can cause a heap-overflow resulting in
remote code execution.  An attacker can send a file or a URL to trigger this
vulnerability.

CVE-2017-6311 - gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows
context-dependent attackers to cause a denial of service (NULL pointer
dereference and application crash) via vectors related to printing an error
message.

The host version now needs the same workaround as we do for the target to
not pull in shared-mime-info.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3853675ae0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 09:00:35 +02:00
Vicente Olivert Riera 4ec2c80824 gdk-pixbuf: bump version to 2.36.6
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0fcf03eb5d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 09:00:17 +02:00
Gustavo Zacarias 6c99140688 gdk-pixbuf: copy loaders.cache later on
Trying to copy loaders.cache from host-gdk-pixbuf to the gdk-pixbuf
build directory in the post-patch hook is too early when using TLP (it
breaks horribly) since host-gdk-pixbuf isn't built yet during the
massive unpack/patch cycle.
Switch it to the pre-build hook instead which ensures that gdk-pixbuf
dependencies were already built.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1f4e1656bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 09:00:08 +02:00
Gustavo Zacarias 0995804d44 gdk-pixbuf: bump to version 2.36.5
This release needs a new tweak regarding loaders.cache - it's now used
to build the thumbnailer.
Since we already generate it using the host variant for the target we
can re-use this for the build step.
It's not necessary to used the tweaked version since the build one is
only used to account for mime types, not the plugins/loaders themselves.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 487b419cc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 08:59:57 +02:00
Baruch Siach d6c24f879f flashrom: fix static build with uClibc
Define HAVE_STRNLEN to avoid local strnlen() definition.

Fixes:
http://autobuild.buildroot.net/results/7dc/7dc4298e3a07c73e03f70205516d68a0f4c2d297/
http://autobuild.buildroot.net/results/e36/e362848eb45f6b8100131361e6e5faa546f0bbd8/
http://autobuild.buildroot.net/results/69e/69ef10ec710f418b4d10c1edb4f2ce2e49b522bf/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 57f4efed79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 08:53:14 +02:00
Peter Korsgaard 6f4d4ae57e package/samba4: security bump to version 4.5.14
Release notes:
https://www.samba.org/samba/history/samba-4.5.14.html

Fixes
- CVE-2017-12150 (SMB1/2/3 connections may not require signing where
  they should)
- CVE-2017-12151 (SMB3 connections don't keep encryption across DFS
  redirects)
- CVE-2017-12163 (Server memory information leak over SMB1)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 23:24:59 +02:00
Peter Korsgaard ca10c68c6d package/ffmpeg: security bump to version 3.2.8
Fixes a number of integer overflows and DoS issues.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 23:24:51 +02:00
Peter Korsgaard 99ab71180f linux-headers: bump 3.18.x and 4.1.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:45:03 +02:00
Bernd Kuhls 643783f9a9 linux-headers: bump 3.2.x and 4.{4, 9, 12, 13}.x series
[Peter: drop 4.12.x/4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b4afe7a8cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:25:23 +02:00
Peter Korsgaard 1944fe8b46 pkgconf: update upstream URL in Config.in
The download location got changed two years ago when the version was bumped
to 0.9.12, but the upstream URL in Config.in wasn't updated.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 13cb944aab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:03:06 +02:00
Bernd Kuhls 43f910fc7d package/apache: add patch to fix CVE-2017-9798
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 6d24caf0cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:02:40 +02:00
Bernd Kuhls 5fc7f48234 package/proxychains-ng: security bump to version 4.11
Version 4.9 fixes CVE-2015-3887:
https://github.com/rofl0r/proxychains-ng/issues/60

Added md5 & sha1 hashes provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9d71b8978a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:01:02 +02:00
Luca Ceresoli 557039368d docs/manual: fix typo
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e10e4d19e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:52:08 +02:00
Peter Korsgaard a86d28d850 cmake: explicitly disable openssl support for host-cmake
host-cmake will optionally link with openssl for the embedded copy of
libarchive if available, leaking host dependencies and possibly causing
build issues in case of compatibility issues - E.G. the host-cmake version
we have in 2017.02.x doesn't build against openssl-1.1.0+:

https://github.com/libarchive/libarchive/issues/810

The openssl support in libarchive is unlikely to be needed, so explicitly
disable it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f87138339b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:51:28 +02:00
Peter Korsgaard f0b6a90eae bluez5_utils: add upstream security fix for CVE-2017-1000250
Fixes CVE-2017-1000250 - All versions of the SDP server in BlueZ 5.46 and
earlier are vulnerable to an information disclosure vulnerability which
allows remote attackers to obtain sensitive information from the bluetoothd
process memory.  This vulnerability lies in the processing of SDP search
attribute requests.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:23:37 +02:00
Bernd Kuhls fe8577d2ce package/imagemagick: security bump to version 7.0.7-1
Quoting CVE-related issues from
https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog

2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
    https://github.com/ImageMagick/ImageMagick/issues/632).

2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues) including
    https://github.com/ImageMagick/ImageMagick/issues/618 (CVE-2017-12676).

2017-07-23  7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    https://github.com/ImageMagick/ImageMagick/issues/600 (CVE-2017-13141),
    https://github.com/ImageMagick/ImageMagick/issues/602 (CVE-2017-12565).

2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...>
  * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
    https://github.com/ImageMagick/ImageMagick/issues/582
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference
    https://github.com/ImageMagick/ImageMagick/issues/586).

2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Stop a memory leak in read_user_chunk_callback() (reference
    https://github.com/ImageMagick/ImageMagick/issues/517,
    CVE 2017-11310).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1cf1b98de6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:21:56 +02:00
Bernd Kuhls fc6dda414c package/imagemagick: bump version to 7.0.6-0
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dfde97dce5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:21:40 +02:00
Bernd Kuhls aaeae27072 package/imagemagick: change download url to github
Upstream quickly removes old versions from
http://www.imagemagick.org/download/releases

For our LTS versions we should switch to a stable upstream repo which
provides all released versions.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 02edd7cd80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:21:29 +02:00
Petr Kulhavy 1ce4be9c5e download/git: force gzip compression level 6
Force gzip compression level 6 when calculating hash of a downloaded GIT repo.
To make sure the tar->gzip->checksum chain always provides consistent result.`

The script was relying on the default compression level, which must not be
necessarily consistent among different gzip versions. The level 6 is gzip's
current default compression level.

Signed-off-by: Petr Kulhavy <brain@jikos.cz>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 04a22cf1b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 15:41:26 +02:00
Bernd Kuhls 3196246a9b package/librsync: security bump to version 2.0.0
Removed patch applied upstream, switched to cmake-package following
upstream removal of autoconf.

Short summary of changes:

version 1.0.1
- switched from autoconf to cmake

version 1.0.0:
- fixed CVE-2014-8242
- project moved to github

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b860bd83b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 14:36:29 +02:00
Bernd Kuhls 251a65c915 package/librsync: fix build error with gcc7
Fixes
http://autobuild.buildroot.net/results/4a1/4a1931565674442c6117b2b202a002dd0ec12a4b/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit eb7e07702c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 14:34:05 +02:00
Bernd Kuhls b0753098a5 linux-headers: bump 4.{9, 12, 13}.x series
[Peter: drop 4.12.x/4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2aae8765fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 14:16:01 +02:00
Peter Korsgaard 465aa6e587 supervisor: security bump to version 3.1.4
Fixes CVE-2017-11610 - The XML-RPC server in supervisor before 3.0.1, 3.1.x
before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote
authenticated users to execute arbitrary commands via a crafted XML-RPC
request, related to nested supervisord namespace lookups.

For more details, see
https://github.com/Supervisor/supervisor/issues/964

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 38a1c4821a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 13:18:27 +02:00
Peter Korsgaard a8676e86fe ruby: add upstream security patches bumping rubygems to 2.6.13
We unfortunately cannot use the upstream patches directly as they are not in
'patch -p1' format, so convert them and include instead.

Fixes:

CVE-2017-0899 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications that include terminal escape
characters.  Printing the gem specification would execute terminal escape
sequences.

CVE-2017-0900 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications to cause a denial of service attack
against RubyGems clients who have issued a `query` command.

CVE-2017-0901 - RubyGems version 2.6.12 and earlier fails to validate
specification names, allowing a maliciously crafted gem to potentially
overwrite any file on the filesystem.

CVE-2017-0902 - RubyGems version 2.6.12 and earlier is vulnerable to a DNS
hijacking vulnerability that allows a MITM attacker to force the RubyGems
client to download and install gems from a server that the attacker
controls.

For more details, see
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0e5448af50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 13:17:17 +02:00
Vicente Olivert Riera 38b5b49689 ruby: bump version to 2.4.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 81de172d11)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 13:17:09 +02:00
Peter Korsgaard 74d64007d5 tcpdump: security bump to version 4.9.2
Fixes the following security issues (descriptions not public yet):

    Fix buffer overflow vulnerabilities:
      CVE-2017-11543 (SLIP)
      CVE-2017-13011 (bittok2str_internal)
    Fix infinite loop vulnerabilities:
      CVE-2017-12989 (RESP)
      CVE-2017-12990 (ISAKMP)
      CVE-2017-12995 (DNS)
      CVE-2017-12997 (LLDP)
    Fix buffer over-read vulnerabilities:
      CVE-2017-11541 (safeputs)
      CVE-2017-11542 (PIMv1)
      CVE-2017-12893 (SMB/CIFS)
      CVE-2017-12894 (lookup_bytestring)
      CVE-2017-12895 (ICMP)
      CVE-2017-12896 (ISAKMP)
      CVE-2017-12897 (ISO CLNS)
      CVE-2017-12898 (NFS)
      CVE-2017-12899 (DECnet)
      CVE-2017-12900 (tok2strbuf)
      CVE-2017-12901 (EIGRP)
      CVE-2017-12902 (Zephyr)
      CVE-2017-12985 (IPv6)
      CVE-2017-12986 (IPv6 routing headers)
      CVE-2017-12987 (IEEE 802.11)
      CVE-2017-12988 (telnet)
      CVE-2017-12991 (BGP)
      CVE-2017-12992 (RIPng)
      CVE-2017-12993 (Juniper)
      CVE-2017-11542 (PIMv1)
      CVE-2017-11541 (safeputs)
      CVE-2017-12994 (BGP)
      CVE-2017-12996 (PIMv2)
      CVE-2017-12998 (ISO IS-IS)
      CVE-2017-12999 (ISO IS-IS)
      CVE-2017-13000 (IEEE 802.15.4)
      CVE-2017-13001 (NFS)
      CVE-2017-13002 (AODV)
      CVE-2017-13003 (LMP)
      CVE-2017-13004 (Juniper)
      CVE-2017-13005 (NFS)
      CVE-2017-13006 (L2TP)
      CVE-2017-13007 (Apple PKTAP)
      CVE-2017-13008 (IEEE 802.11)
      CVE-2017-13009 (IPv6 mobility)
      CVE-2017-13010 (BEEP)
      CVE-2017-13012 (ICMP)
      CVE-2017-13013 (ARP)
      CVE-2017-13014 (White Board)
      CVE-2017-13015 (EAP)
      CVE-2017-11543 (SLIP)
      CVE-2017-13016 (ISO ES-IS)
      CVE-2017-13017 (DHCPv6)
      CVE-2017-13018 (PGM)
      CVE-2017-13019 (PGM)
      CVE-2017-13020 (VTP)
      CVE-2017-13021 (ICMPv6)
      CVE-2017-13022 (IP)
      CVE-2017-13023 (IPv6 mobility)
      CVE-2017-13024 (IPv6 mobility)
      CVE-2017-13025 (IPv6 mobility)
      CVE-2017-13026 (ISO IS-IS)
      CVE-2017-13027 (LLDP)
      CVE-2017-13028 (BOOTP)
      CVE-2017-13029 (PPP)
      CVE-2017-13030 (PIM)
      CVE-2017-13031 (IPv6 fragmentation header)
      CVE-2017-13032 (RADIUS)
      CVE-2017-13033 (VTP)
      CVE-2017-13034 (PGM)
      CVE-2017-13035 (ISO IS-IS)
      CVE-2017-13036 (OSPFv3)
      CVE-2017-13037 (IP)
      CVE-2017-13038 (PPP)
      CVE-2017-13039 (ISAKMP)
      CVE-2017-13040 (MPTCP)
      CVE-2017-13041 (ICMPv6)
      CVE-2017-13042 (HNCP)
      CVE-2017-13043 (BGP)
      CVE-2017-13044 (HNCP)
      CVE-2017-13045 (VQP)
      CVE-2017-13046 (BGP)
      CVE-2017-13047 (ISO ES-IS)
      CVE-2017-13048 (RSVP)
      CVE-2017-13049 (Rx)
      CVE-2017-13050 (RPKI-Router)
      CVE-2017-13051 (RSVP)
      CVE-2017-13052 (CFM)
      CVE-2017-13053 (BGP)
      CVE-2017-13054 (LLDP)
      CVE-2017-13055 (ISO IS-IS)
      CVE-2017-13687 (Cisco HDLC)
      CVE-2017-13688 (OLSR)
      CVE-2017-13689 (IKEv1)
      CVE-2017-13690 (IKEv2)
      CVE-2017-13725 (IPv6 routing headers)

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 478ee139b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 12:05:11 +02:00
Baruch Siach c56c5956cf libarchive: security bump to version 3.3.2
CVE-2016-8687: Stack-based buffer overflow in the safe_fprintf function
in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a
denial of service via a crafted non-printable multibyte character in a
filename.

CVE-2016-8688: The mtree bidder in libarchive 3.2.1 does not keep track
of line sizes when extending the read-ahead, which allows remote
attackers to cause a denial of service (crash) via a crafted file, which
triggers an invalid read in the (1) detect_form or (2) bid_entry
function in libarchive/archive_read_support_format_mtree.c.

CVE-2016-8689: The read_Header function in
archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote
attackers to cause a denial of service (out-of-bounds read) via multiple
EmptyStream attributes in a header in a 7zip archive.

CVE-2016-10209: The archive_wstring_append_from_mbs function in
archive_string.c in libarchive 3.2.2 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via a
crafted archive file.

CVE-2016-10349: The archive_le32dec function in archive_endian.h in
libarchive 3.2.2 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted file.

CVE-2016-10350: The archive_read_format_cab_read_header function in
archive_read_support_format_cab.c in libarchive 3.2.2 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted file.

CVE-2017-5601: An error in the lha_read_file_header_1() function
(archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote
attackers to trigger an out-of-bounds read memory access and
subsequently cause a crash via a specially crafted archive.

Add upstream patch fixing the following issue:

CVE-2017-14166: libarchive 3.3.2 allows remote attackers to cause a
denial of service (xml_data heap-based buffer over-read and application
crash) via a crafted xar archive, related to the mishandling of empty
strings in the atol8 function in archive_read_support_format_xar.c.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f871b21c89)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 12:04:04 +02:00
Thomas Petazzoni 215d7a04b7 qt: add patch fixing build failure on ARMv8 in 32-bit mode
The Qt package currently fails to build on ARMv8 cores in 32-bit mode
(for example, if you select ARM and then Cortex-A53), because the ARM
atomic operation implementation in Qt checks if we're on ARMv7, then
on ARMv6, and otherwise falls back to an ARMv5 implementation. The
latter uses the swp instruction, which doesn't exist on ARMv8, causing
a build failure.

To solve this, we simply add a patch that uses the ARMv7 atomic
operations for ARMv8-A.

There is no autobuilder reference because we don't have any ARMv8
32-bit configuration in the autobuilders.

Cc: <ivychend@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 95389fe98c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 12:01:46 +02:00
Thomas Petazzoni e55836dab0 qt: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 35bc55eaaa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 12:01:00 +02:00
Peter Korsgaard 05355b04d4 xen: add upstream post-4.7.3 security fixes
Fixes the following security issues:

XSA-226: multiple problems with transitive grants (CVE-2017-12135)
XSA-227: x86: PV privilege escalation via map_grant_ref (CVE-2017-12137)
XSA-228: grant_table: Race conditions with maptrack free list handling
         (CVE-2017-12136)
XSA-230: grant_table: possibly premature clearing of GTF_writing /
	 GTF_reading (CVE-2017-12855)
XSA-231: Missing NUMA node parameter verification (CVE-2017-14316)
XSA-232: Missing check for grant table (CVE-2017-14318)
XSA-233: cxenstored: Race in domain cleanup (CVE-2017-14317)
XSA-234: insufficient grant unmapping checks for x86 PV guests
         (CVE-2017-14319)
XSA-235: add-to-physmap error paths fail to release lock on ARM

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-19 13:56:48 +02:00
Peter Korsgaard 59e03d863d unrar: security bump to version 5.5.8
Fixes the following security issues:

CVE-2017-12938 - UnRAR before 5.5.7 allows remote attackers to bypass a
directory-traversal protection mechanism via vectors involving a symlink to
the . directory, a symlink to the .. directory, and a regular file.

CVE-2017-12940 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the EncodeFileName::Decode call within the Archive::ReadHeader15
function.

CVE-2017-12941 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the Unpack::Unpack20 function.

CVE-2017-12942 - libunrar.a in UnRAR before 5.5.7 has a buffer overflow in
the Unpack::LongLZ function.

For more details, see
http://www.openwall.com/lists/oss-security/2017/08/14/3

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 322599744c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-18 09:47:56 +02:00
Peter Korsgaard de22cee061 strongswan: add upstream security patch
Fixes CVE-2017-11185: The gmp plugin in strongSwan before 5.6.0 allows
remote attackers to cause a denial of service (NULL pointer dereference and
daemon crash) via a crafted RSA signature.

For more details, see
https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2a59db1bb0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-18 09:47:13 +02:00
Peter Korsgaard 3284e172f4 libsoup: security bump to version 2.56.1
Fixes CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding

For more details, see
https://bugzilla.gnome.org/show_bug.cgi?id=785774

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0f5398f0e6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-18 09:44:31 +02:00
Peter Korsgaard c128009659 gd: security bump to version 2.2.5
Fixes the following security issues:

CVE-2017-6362: Double-free in gdImagePngPtr()
CVE-2017-7890: Buffer over-read into uninitialized memory

Drop patches no more needed:

0001-gdlib-config.patch: @LIBICONV@ is nowadays correct AC_SUBST'ed by
configure

0002-gd_bmp-fix-build-with-uClibc.patch: upstream uses ceil() since
https://github.com/libgd/libgd/commit/6913dd3cd2a7c2914ad9622419f9343bfe956135

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3b85d24c1d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-18 09:43:36 +02:00
Max Filippov 8afd8781fe package/gcc: fix ICE on xtensa, PR target/82181
Memory references to DI mode objects could incorrectly be created at
offsets that are not supported by instructions l32i/s32i, resulting in
ICE at a stage when access to the object is split into access to its
subwords:
  drivers/staging/rtl8188eu/core/rtw_ap.c:445:1:
     internal compiler error: in change_address_1, at emit-rtl.c:2126

Fixes: https://lkml.org/lkml/2017/9/10/151
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:59:07 +02:00
Peter Korsgaard 8681b9477b linux-headers: bump 3.18.x version to 3.18.70
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:37:40 +02:00
Bernd Kuhls a711d9e25b linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19af2fe70c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:37:04 +02:00
Bernd Kuhls 8a673badcb package/botan: security bump to version 1.10.16
Fixes CVE-2017-2801: A programming error exists in a way Randombit Botan
cryptographic library version 2.0.1 implements x500 string comparisons which
could lead to certificate verification issues and abuse.  A specially
crafted X509 certificate would need to be delivered to the client or server
application in order to trigger this vulnerability.

[Peter: extend commit message with security fixes info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 033aa8d4e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 16:49:21 +02:00
Baruch Siach 0f6388e374 mbedtls: security bump to version 2.6.0
Fixes CVE-2017-14032: authentication bypass.

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

Add license hash.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aa70897e29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 15:14:49 +02:00
Olivier Schonken 4a944b6a2d openjpeg: security bump to version 2.2.0
Fixes the following security issues:

CVE-2016-10504: Heap-based buffer overflow vulnerability in the
opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote
attackers to cause a denial of service (application crash) via a crafted bmp
file.

CVE-2016-10505: NULL pointer dereference vulnerabilities in the imagetopnm
function in convert.c, sycc444_to_rgb function in color.c,
color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in
color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of
service (application crash) via crafted j2k files.

CVE-2016-10506: Division-by-zero vulnerabilities in the functions
opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG
before 2.2.0 allow remote attackers to cause a denial of service
(application crash) via crafted j2k files.

CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function
in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a
denial of service (heap-based buffer over-read and application crash) via a
crafted bmp file.

[Peter: extend commit message with security fixes info]
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 37b2fe73cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 15:10:40 +02:00
Peter Korsgaard 6f4428337e subversion: security bump to version 1.9.7
Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
svn+ssh URLs in svn:externals and svn:sync-from-url

For more details, see
http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c6b793779c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 23:48:12 +02:00
Peter Korsgaard d3463a9907 file: security bump to version 5.32
Fixes CVE-2017-1000249 - Stack buffer overflow with a specially crafted
.notes section in an ELF binary file.

For more details, see: http://www.openwall.com/lists/oss-security/2017/09/05/3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 89a38e6397)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 23:47:41 +02:00
Vicente Olivert Riera fae25a1d21 file: bump version to 5.31
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e173bbe958)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 23:47:34 +02:00
Gustavo Zacarias 51be260e88 file: bump to version 5.30
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ac82e0ebad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 23:47:19 +02:00
Max Filippov c357dd607b package/binutils: fix crash caused by buggy xtensa overlay
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:57:07 +02:00
Peter Korsgaard a554694145 linux-headers: bump 3.18.x version to 3.18.69
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:55:23 +02:00
Julien Corjon f6a9094103 package/netplug: init script create needed lock directory
Init script use /var/lock/subsys/netplugd but directory
/var/lock/subsys can be missing.

Signed-off-by: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c81c6d8f3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:51:59 +02:00
Adam Duskett 0e3334e25b postgresql: security bump to version 9.6.5
Fixes the following security issues (9.6.4):

CVE-2017-7546: Empty password accepted in some authentication methods
CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges
CVE-2017-7548: lo_put() function ignores ACLs

For more info, see https://www.postgresql.org/about/news/1772/

[Peter: extend commit message with security fixes info]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 95e284bd27)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:48:01 +02:00
Adam Duskett f16d963789 libxml2: security bump to version 2.9.5
Fixes CVE-2017-9049, CVE-2017-9050, CVE-2017-9047, CVE-2017-9048,
CVE-2017-5969.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Thomas: improved commit log, from Baruch suggestion.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d8bc440e3a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:42:51 +02:00
Bernd Kuhls 146c38cfcf linux-headers: bump 4.{4, 9}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fa46a89fe0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:36:37 +02:00
Peter Korsgaard 1aeb48b66f transmission: gtk option needs libgtk3
Fixes the following configure issue:

checking for GTK... no
configure: error: Package requirements (gtk+-3.0 >= 3.4.0
                              glib-2.0 >= 2.32.0
                              gio-2.0 >= 2.26.0,
                              gmodule-2.0 >= 2.32.0
                              gthread-2.0 >= 2.32.0) were not met:

libgtk2 support was dropped in commit cdd71c642724 ((trunk gtk) #4970 remove
deprecated GTK+ API calls, raise GTK+ dependency to 3.2) which was part of
transmission-2.61.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a2935ee288)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:32:07 +02:00
Bernd Kuhls ac5da5e315 package/transmission: fix gtk support
Gtk support is controlled by ARG_WITH since
https://github.com/transmission/transmission/commit/2ccc2bbbfe2e4a26dfeaa13b56c412ea0af4ebe4

Fixes a build error if libgtk2/3 was built before transmission:
http://autobuild.buildroot.net/results/6b6/6b6ce352a9edfe3aaba82be143092a878e7715ed/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e67fbcfa94)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:31:53 +02:00
Erico Nunes f9064cb3b1 grub2: force -fno-stack-protector in CFLAGS
grub2 fails to configure when BR2_SSP_ALL is enabled, with the following
configure error:

  checking whether -fno-asynchronous-unwind-tables works... yes
  checking whether -fno-unwind-tables works... yes
  checking for target linking format... unknown
  configure: error: no suitable link format found

This can be worked around by enforcing -fno-stack-protector in the
package CFLAGS in a way that overrides the SSP flag, as is already done
for the valgrind package.

Fixes bug #10261.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Reported-by: Dr I J Ormshaw <ian_ormshaw@waters.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2a27294e9a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:28:57 +02:00
Yann E. MORIN 6866015b70 package/linux-tools: gpio does not build in parallel
Partially fixes #10276.

Reported-by: Ciro Santilli <ciro.santilli@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Ciro Santilli <ciro.santilli@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4a03d1ac29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:27:23 +02:00
Baruch Siach 6f107edbef libgcrypt: security bump to version 1.7.9
Fixes CVE-2017-0379: Mitigate a local side-channel attack on Curve25519
dubbed "May the Fourth be With You".

As we are close to release, don't update to the latest 1.8.1 version,
but to a maintenance release from the 1.7 branch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit cd4514109a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:26:06 +02:00
Baruch Siach 1519ba33f5 gnupg: security bump to version 1.4.22
Mitigate a flush+reload side-channel attack on RSA secret keys
dubbed "Sliding right into disaster".  For details see
<https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

Switch to https site for better firewall compatibility and security.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 453ca1d6ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:25:10 +02:00
Fabio Estevam 451d115add linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 10b1273264)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:19:41 +02:00
Kurt Van Dijck 290b6cfdf6 bcusdk: eibd: drop local clock_gettime in USB backends
clock_gettime is defined locally, and calls pth_int_time, which
in turn calls clock_gettime.
The USB backend shouldn't overrule clock_gettime in the first place.
This patch fixes this endless recursion by removing the local defition.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bc4f5598dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:17:24 +02:00
Bernd Kuhls 1faeae820d linux-headers: bump 3.{2, 10}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fec74492ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:15:58 +02:00
Bernd Kuhls 21d7b1e4fc package/squid: fix typo
Fixed typo added by
https://git.buildroot.net/buildroot/commit/package/squid?id=d2f7d0d72cd7e00ffbe869011d200f0a4a53e7a5

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7c5526c79c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:14:05 +02:00
Baruch Siach 8d5a92e2b6 connman: security bump to version 1.35
Fixes CVE-2017-12865: stack overflow in dns proxy feature.

Cc: Martin Bark <martin@barkynet.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 104879aab0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:12:34 +02:00
Martin Bark d672e0c4d7 package/connman: bump version to 1.34
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 579568ce09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:12:24 +02:00
Yann E. MORIN a6ae588ccc package/nvidia-driver: install an egl.pc
A lot of packages expect an egl.pc to decide that EGL is available. So,
provide one.

As suggested by Alexandre, use the one from nvidia-tegra23 as template.

Reported-by: Alexandre Maumené <alexandre@maumene.org>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Alexandre Maumené <alexandre@maumene.org>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 05a86bdf1f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:41:00 +02:00
Bernd Kuhls ec732da99e package/libphidget: fix upstream source URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dc9cc4d7cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:36:03 +02:00
Bernd Kuhls 0dba28fce1 package/iucode-tool: fix upstream source URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9f2369b5f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:35:53 +02:00
Bernd Kuhls 09549cc322 package/iostat: fix upstream source URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3d37cc2c97)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:34:30 +02:00
Bernd Kuhls af76cb192a package/dialog: fix upstream source URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5fdebd3b8a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:33:19 +02:00
Andrey Smirnov aac336dfd7 package/nss-pam-ldapd: Do not mark .service file executable
Do not mark .service file executable, otherwise systemd
will give us a warning about it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 06cf5c1812)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:31:25 +02:00
Andrey Smirnov c565971bd7 package/transmission: Do not mark .service file executable
Do not mark .service file executable, otherwise systemd
will give us a warning about it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a1c3ae753e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:31:11 +02:00
Andrey Smirnov ece5e09891 package/minidlna: Do not mark .service file executable
Do not mark .service file executable, otherwise systemd
will give us a warning about it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fb825fbaf9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:30:04 +02:00
Bernd Kuhls d4451a4c96 linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8e291b97ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:29:32 +02:00
Thomas Petazzoni e72e252af5 mediastreamer: add dependency on host-vim
host-vim is needed to provide the xxd tool, otherwise the build fails
with:

checking for xxd... no
configure: error: "xxd is required (provided by vim package)"

This isn't noticed by the autobuilders, presumably because all of them
have vim installed locally.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 377d10577b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:26:54 +02:00
Thomas Petazzoni f21b3b83f8 vim: add host variant
Vim contains a tool called xxd, which is needed by mediastreamer on
the host as part of its build process. Therefore, this commit
introduces a host variant for the vim package, that will be used by
mediastreamer.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 38d098402e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:26:43 +02:00
Thomas Petazzoni 0e60dd830f mediastreamer: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c0369e05ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:26:33 +02:00
Andrey Smirnov 3df894d83c package/rpcbind: Do not mark .service and .socket files executable
Do not mark .service and .socket files executable, otherwise systemd
will give us a warning about it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3a41c96a25)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:18:29 +02:00
Bernd Kuhls 0190c95a5a package/zmqpp: link with libatomic when needed
Fixes
http://autobuild.buildroot.net/results/c32/c32b9b8dd00d6f6d3db27fae9d8de758a4f25138/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 55a9d6d558)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:17:04 +02:00
Bernd Kuhls 0b51c59e19 linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ab157dd4d1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:11:28 +02:00
Baruch Siach ec88eeaea0 faad2: fix build with musl libc
The getopt.c code declares the strncmp() routine in a non confirming way
under non GNU libc. Patch the code to make the declaration standard
conforming.

Fixes:
http://autobuild.buildroot.net/results/447/4471be349d7ad2e998a4d55afd33aa046a5d1fd2/
http://autobuild.buildroot.net/results/2a9/2a90f4f518884fb50f7ad6ab505dee7565ed869e/
http://autobuild.buildroot.net/results/6b1/6b159b766d791492bab4d897c33ce07845fb7119/

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6f6795d77d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:07:01 +02:00
Yann E. MORIN 2ff69117fe fs/iso9660: really create initrd temp dir
In case we're using an initrd, we create an empty "root" directory that
will contain only the bootloader stuff, not the actual root filesystem,
because it is in an initrd (standalone or initramfs).

We have to ensure that the directory is empty before assembling the
filesystem (to avoid any file lingering from a previous run, like the
sequence  "make; make"). So we first remove it before we create it, so
that on each build (especially not-from-scratch builds) we get the exact
expected content without any leftover.

However, the macro responsible for that, although defined since 7080eef9,
was never called.

Fix that by registering it as a pre-gen hook.

Note: the directory need not be created, as there are quite a few
"install -D" commands that ensure it is created. Yet, we prefer to
create it explicitly to avoid any confusion.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8a26adddde)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 11:08:26 +02:00
Yann E. MORIN ac847623f5 package/fakeroot: fix highly parallel uses
Although the issue can very well occur with low-paralle builds, or even
with non-parallel builds, the conditions are so strict that the ocasion
it breaks is extremely rare, to the point where a failure would go
unnoticed.

Fixes #10141.

Reported-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit eff989bab8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 11:06:40 +02:00
Baruch Siach 7728fc745d whois: bump to version 5.2.17
Fixes serious usability issues (Debian changelog):

  * Fixed whois referrals for .com, .net, .jobs, .bz, .cc and .tv,
    broken by an ICANN-mandated output change:
    https://www.icann.org/resources/pages/rdds-labeling-policy-2017-02-01-en

Use snapshot.debian.org for the .dsc reference, since files tend to
disappear from the official Debian ftp site over time.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 978724d8cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 11:03:09 +02:00
Waldemar Brodkorb fdce421a5f gpsd: fix build for microblaze architecture
Disable O2 and add O0. The suggested flags in the gcc report
are not enough for gcc >= 6.

Fixes:

  http://autobuild.buildroot.net/results/3686cd3f3e7b6aee84f4377bd2dded1115321fb3/

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
[Thomas: use Git to format the patch, improve patch description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit e6d0177f53)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:47:38 +02:00
Arnout Vandecappelle 3afb4a1f9c e2fsprogs: add patch for recent glibc
Recent glibc have deprecated the implicit include of sys/sysmacros.h
from sys/types.h. That means that the macros major and minor are no
longer defined unless this header is included.

This problem was observed for host-e2fsprogs when building on a host
with recent glibc.

Add an upstream patch that includes sys/sysmacros.h when needed.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Dagg Stompler <daggs@gmx.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Tested-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ed295ce49b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:30:40 +02:00
Thomas Petazzoni 75b9ec066c lua: ensure pkgconfig directory exists before installing files
The lua staging and host installation commands generate a file in
usr/lib/pkgconfig, without first making sure that this directory
exists, which causes build failures if it doesn't. This commit adjusts
those installation commands to create this directory if needed.

Fixes:

  http://autobuild.buildroot.net/results/101c89e1d6aee942a0b1c4e4f3daf8ac2414a56c/

Based on investigation and initial (more complicated) fix provided by
Francois Perrad <francois.perrad@gadz.org>.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 25a2650086)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:26:35 +02:00
Dagg Stompler cd86df9e0b sysvinit: fix compilation error against musl
This commit adds a patch to the sysvinit package that fixes various
build issues against musl due to missing header includes.

Signed-off-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7ec15db9db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:24:07 +02:00
Baruch Siach b4dbe2e781 sysvinit: adjust help text
sysvinit is far from ultimate init implementation these days. Update the
help text to match reality.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e9a2746710)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:23:57 +02:00
Peter Korsgaard 19d178a5cb package/git: security bump to version 2.12.4
Fixes CVE-2017-1000117:
http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:08:18 +02:00
Thomas Petazzoni d0973b7b47 libcurl: fix build on uncommon architectures
Since the bump to 7.55.0, libcurl fails to build on a number of
uncommon architectures (ARC, OpenRISC, etc.). This is due to upstream
commit 73a2fcea0b4adea6ba342cd7ed1149782c214ae3 ("includes: remove
curl/curlbuild.h and curl/curlrules.h"), which makes libcurl rely on
more architecture-specific related defines in include/curl/system.h.

This commit therefore adds a patch that fixes the 32-bit vs. 64-bit
detection for all architecture, using gcc's __SIZEOF_LONG__
definition. It has been tested successfully with test-pkg on all 47
toolchain configurations.

Fixes:

  http://autobuild.buildroot.net/results/bf26c08cf3267214278674472f931603f69951ae/
  (and many similar issues)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6361a50e3f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:01:25 +02:00
Yann E. MORIN 1bed722b73 package/valgrind: hide comment when arch is not supported
Currently, the comment that "valgrind needs shared libs" is not hidden
when the architecture dependencies are not met, which can confuse some
users (as recently seen on IRC).

Fix that by introducing the traditional _ARCH_SUPPORTS option, and have
the comment and the symbol depend on that.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Brandon Maier <brandon.maier@rockwellcollins.com>
Cc: Jérôme Pouiller <jezz@sysmic.org>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Reviewed--by: Pedro Ribeiro <pedrib@gmail.com>
Tested-by: Pedro Ribeiro <pedrib@gmail.com>
[Arnout: put _ARCH_SUPPORTS at the top of the file]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit afb6bc67a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:59:29 +02:00
Baruch Siach 57fa665847 libcurl: security bump to version 7.55.0
Fixes:

 glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)
 tftp: reject file name lengths that don't fit (CVE-2017-1000100)
 file: output the correct buffer to the user (CVE-2017-1000099)

Switch to .tar.xz to save bandwidth.

Add reference to tarball signature.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d88c79090a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:56:29 +02:00
Naoki Matsumoto 9c0d97c701 libcurl: LICENSE value changes to SPDX
The curl license is a MIT/X derivative license, but
has a distinct identifier in SPDX, so use that:

https://spdx.org/licenses/curl.html

[Peter: reword commit message]
Signed-off-by: Naoki Matsumoto <n-matsumoto@melcoinc.co.jp>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit d80110a635)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:56:02 +02:00
Adam Duskett fea005f3c2 libcurl: bump version to 7.54.1
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c52d50336e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:55:40 +02:00
Jörg Krause 9a11ca9c6d lua: fix pkg-config file
When Lua is linked with additional libraries, these libraries should go
into the pkg-config file as well.

Otherwise, linking swupdate with the lua library fails:

```
/home/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/liblua.so: undefined reference to `dlopen'
/home/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/liblua.so: undefined reference to `dlclose'
/home/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/liblua.so: undefined reference to `dlerror'
/home/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/liblua.so: undefined reference to `dlsym'
```

Fixes http://autobuild.buildroot.net/results/1c3/1c349cc5904868e4def292b9fbfa164828e46156

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8d845683e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:48:11 +02:00
Thomas Petazzoni e8f6630b10 gdb: add fix for gdb 7.12 and gdb 8.0 build on noMMU platforms
This adds a patch to gdb 7.12 and gdb 8.x, which fixes the build on
noMMU platforms. It is not needed for older versions of gdb, since
it's related to the switch of gdb to C++ in the 7.12 release.

Fixes:

../nat/linux-ptrace.c: In function 'int linux_fork_to_function(gdb_byte*, int (*)(void*))':
../nat/linux-ptrace.c:273:29: error: invalid conversion from 'void*' to 'gdb_byte* {aka unsigned char*}' [-fpermissive]
       child_stack = xmalloc (STACK_SIZE * 4);

The patch has already been merged upstream, as of commit
ffce45d2243e5f52f411e314fc4e1a69f431a81f, and will therefore be part
of future gdb releases.

[Peter: drop gdb-8.0 patch]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5c12506f4d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:43:12 +02:00
Samuel Martin c2e4924597 pkg-cmake.mk: set pkg-config env. vars. in the host configure environment
This change is fixing the bug reported in [1].

Cmake may run pkg-config to find the dependencies when configuring a
package. Because of the value of PATH, and it will use the Buildroot's
pkg-config wrapper, which, by default, is configured (via some
environment variables) to find the target dependencies.

When configuring a host package using cmake, to prevent cmake from
wrongly solving dependencies from the target tree (when the
*-config.cmake files are using pkg-config) instead of looking for them
in the Buildroot's host tree or in the host system itself, we need to
set the environment variables altering the pkg-config behavior in the
cmake configure environment.

So, this change is fixing the cmake host-packages configuration step,
by properly setting the pkg-config environment variables to their values
for finding host dependencies.

Before this patch:

  make O=/opt/br/abo/cmake-host-find-root-path libxml2 host-mariadb{-dirclean,-configure} && echo $?
  [...]
  >>> host-mariadb 10.1.25 Configuring
  (mkdir -p /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ && cd /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ && rm -f CMakeCache.txt && PATH="/opt/br/abo/cmake-host-find-root-path/host/bin:/opt/br/abo/cmake-host-find-root-path/host/sbin:/home/sam/.local/bin:/sbin:/usr/sbin:/bin:/usr/bin"  /usr/bin/cmake /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="/opt/br/abo/cmake-host-find-root-path/host" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="/opt/br/abo/cmake-host-find-root-path/host" -DCMAKE_C_FLAGS="-O2 -I/opt/br/abo/cmake-host-find-root-path/host/include" -DCMAKE_CXX_FLAGS="-O2 -I/opt/br/abo/cmake-host-find-root-path/host/include" -DCMAKE_EXE_LINKER_FLAGS="-L/opt/br/abo/cmake-host-find-root-path/host/lib -Wl,-rpath,/opt/br/abo/cmake-host-find-root-path/host/lib"
  -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="/usr/bin/gcc" -DCMAKE_CXX_COMPILER="/usr/bin/g++"  -DCMAKE_C_COMPILER_ARG1="" -DCMAKE_CXX_COMPILER_ARG1=""  -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=OFF  -DWITH_SSL=bundled )
  -- Running cmake version 3.8.2
  [...]
  -- Found PkgConfig: /opt/br/abo/cmake-host-find-root-path/host/bin/pkg-config (found version "0.28")
  [...]
  -- Found LibXml2: /opt/br/abo/cmake-host-find-root-path/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libxml2.so (found version "2.9.4")
  [...]
  0

After this patch is applied:

  make O=/opt/br/abo/cmake-host-find-root-path libxml2 host-mariadb{-dirclean,-configure} && echo $?
  [...]
  >>> host-mariadb 10.1.25 Configuring
  (mkdir -p /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ && cd /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ && rm -f CMakeCache.txt && PATH="/opt/br/abo/cmake-host-find-root-path/host/bin:/opt/br/abo/cmake-host-find-root-path/host/sbin:/home/sam/.local/bin:/sbin:/usr/sbin:/bin:/usr/bin" PKG_CONFIG="/opt/br/abo/cmake-host-find-root-path/host/bin/pkg-config" PKG_CONFIG_SYSROOT_DIR="/" PKG_CONFIG_LIBDIR="/opt/br/abo/cmake-host-find-root-path/host/lib/pkgconfig:/opt/br/abo/cmake-host-find-root-path/host/share/pkgconfig" PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 PKG_CONFIG_ALLOW_SYSTEM_LIBS=1  /usr/bin/cmake /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="/opt/br/abo/cmake-host-find-root-path/host" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="/opt/br/abo/cmake-host-find-roo
 t-path/host" -DCMAKE_C_FLAGS="-O2 -I/opt/br/abo/cmake-host-find-root-path/host/include" -DCMAKE_CXX_FLAGS="-O2 -I/opt/br/abo/cmake-host-find-root-path/host/include" -DCMAKE_EXE_LINKER_FLAGS="-L/opt/br/abo/cmake-host-find-root-path/host/lib -Wl,-rpath,/opt/br/abo/cmake-host-find-root-path/host/lib" -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="/usr/bin/gcc" -DCMAKE_CXX_COMPILER="/usr/bin/g++"  -DCMAKE_C_COMPILER_ARG1="" -DCMAKE_CXX_COMPILER_ARG1=""  -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=OFF  -DWITH_SSL=bundled )
  -- Running cmake version 3.8.2
  [...]
  -- Found PkgConfig: /opt/br/abo/cmake-host-find-root-path/host/bin/pkg-config (found version "0.28")
  [...]
  -- Found LibXml2: /usr/lib/libxml2.so (found version "2.9.4")
  [...]
  0

[1] http://lists.busybox.net/pipermail/buildroot/2017-August/199776.html

Reported-by: "Sigalas, Antonios (Nokia - GR/Athens)" <antonios.sigalas@nokia.com>
Cc: "Sigalas, Antonios (Nokia - GR/Athens)" <antonios.sigalas@nokia.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c9f9b16a2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:39:16 +02:00
Baruch Siach 214343add7 faad2: security bump to version 2.8.1
Fixes: CVE-2017-9218, CVE-2017-9219, CVE-2017-9220, CVE-2017-9221,
CVE-2017-9222, CVE-2017-9223, CVE-2017-9253, CVE-2017-9254,
CVE-2017-9255, CVE-2017-9256, CVE-2017-9257

http://seclists.org/fulldisclosure/2017/Jun/32

Switch to .tar.bz2 to save some bandwidth.

Add autoreconf since unfortunately upstream tarball does not ship the
configure script.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1e2c245bf4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:31:46 +02:00
Peter Seiderer da9f101e80 bind: fix configure in case lmdb devel files are present on the host
Fix configure failure in case lmdb devel files are present on the host
by adding --without-lmdb option (reported [1] and fix tested [2],[3] by
grunpferd@netscape.net).

Fixes:

  checking for lmdb library... yes
  checking for library containing mdb_env_create... no
  configure: error: found lmdb include but not library.

[1] http://lists.busybox.net/pipermail/buildroot/2017-August/199945.html
[2] http://lists.busybox.net/pipermail/buildroot/2017-August/199963.html
[3] http://lists.busybox.net/pipermail/buildroot/2017-August/199964.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit bb95fef1e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:26:32 +02:00
Bernd Kuhls e40be53f7b package/jack2: backport two build fixes
0005-gcc7.patch fixes
http://autobuild.buildroot.net/results/c06/c0610325d7785dfa51c5d36775623ca8fa517f24/

0006-fix-ftbfs-with-clang.patch
fixes the subsequent build error:
common/memops.c.31.o: In function `sample_move_dither_rect_d16_sSs':
memops.c:(.text+0x4dc): undefined reference to `fast_rand'

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 50ace0bcc3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:24:04 +02:00
Thomas Petazzoni cbadc716d3 jack2: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d8e0a2d4ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:23:34 +02:00
Bernd Kuhls 246df454ff linux-headers: aarch64: Prevent selecting unsupported versions
Versions older than Linux v3.7 do not support the aarch64 architecture
so disable them, for reference see https://kernelnewbies.org/Linux_3.7

Without this patch these defconfigs fail to build

BR2_aarch64=y
BR2_KERNEL_HEADERS_3_2=y

BR2_aarch64=y
BR2_KERNEL_HEADERS_3_4=y

with error messages like this:

make[1]: Entering directory '/home/buildroot/br5_next/output/build/linux-headers-3.2.89'
Makefile:567: /home/buildroot/br5_next/output/build/linux-headers-3.2.89/arch/arm64/Makefile: No such file or directory

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1291528bde)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:19:29 +02:00
Bernd Kuhls 99c6d668a6 linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a4a6c74171)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:15:53 +02:00
Bernd Kuhls f1b0e69d92 linux-headers: bump 4.1.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d38797edee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:14:52 +02:00
Marcus Hoffmann 935b33b258 dbus: add upstream patch to fix startup hang with with expat >= 2.2.1
After c0ad6ded01 expat: security bump to version 2.2.1
the system can hang on startup under certain circumstances.

This happens when:
  * we use systemd as init system
  * the random nonblocking pool takes a while to initialize
    * this apparently doesn't happen on qemu, so this would not have
      been caught by the runtime testing infrastructure
    * it also doesn't seem to happen when network booting

For a more detailed description of the bug see here:
https://bugs.freedesktop.org/show_bug.cgi?id=101858

The patch should be in next dbus version 1.10.24

Set DBUS_AUTORECONF = YES because configure.ac is changed.

Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
[Arnout: add upstream commit sha + Marcus's Sob to the patch]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5a5e76381f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:12:15 +02:00
Max Filippov 7e8fa57537 package/binutils: fix crash caused by buggy xtensa overlay
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.

[Peter: drop 2.28.x/2.29.x variants]
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 83f7fb0d5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:02:09 +02:00
Peter Korsgaard bb82c24ce0 samba4: bump to version 4.5.13
4.5.13 is a bugfix release, fixing a number of important issues:

https://www.samba.org/samba/history/samba-4.5.13.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 23:59:07 +02:00
Bernd Kuhls 85a32431a7 package/samba4: add optional dependency to dbus
samba4 picks up dbus as dependency if it was built before:

Checking for dbus                : yes
Checking for header dbus/dbus.h  : yes
Checking for library dbus-1      : yes

There is no configure option to control dbus support so we just make
sure dbus is built before samba4 to have reproducible builds.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 17f6c26590)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 23:30:50 +02:00
Thomas Petazzoni 64e480fd7a gdb: force to use ncurses and not termcap for host-gdb
Both our target and host gdb depend on ncurses (host-ncurses for
host-gdb, of course). However, while for the target we passs
--with-curses, we are not doing this for the host variant. Due to
this, host-gdb default to using the termcap library: if such a library
is available on the build system, it will be used instead of the
host-ncurses we have built. This causes the host gdb binary to depend
on a library that we do not provide in $(HOST_DIR), breaking the
principle of a standalone SDK (which should only depend on the C
library).

To solve this, we simply pass --with-curses in HOST_GDB_CONF_OPTS,
which forces host-gdb to use the host-ncurses library.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8c36c65ab8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 23:28:14 +02:00
Peter Korsgaard 2ca9ecd206 ffmpeg: security bump to version 3.2.7
Fixes the following security issues (https://ffmpeg.org/security.html):

3.2.4:

CVE-2017-5024 - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux,
Windows and Mac, failed to perform proper bounds checking, which allowed a
remote attacker to potentially exploit heap corruption via a crafted video
file.

CVE-2017-5025 - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux,
Windows and Mac, failed to perform proper bounds checking, which allowed a
remote attacker to potentially exploit heap corruption via a crafted video
file.

3.2.5:

CVE-2017-9991 - Heap-based buffer overflow in the xwd_decode_frame function
in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x
before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted file.

CVE-2017-9992 - Heap-based buffer overflow in the decode_dds1 function in
libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before
3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted file.

CVE-2017-9994 - libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before
3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does
not ensure that pix_fmt is set, which allows remote attackers to cause a
denial of service (heap-based buffer overflow and application crash) or
possibly have unspecified other impact via a crafted file, related to the
vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

CVE-2017-9996 - The cdxl_decode_frame function in libavcodec/cdxl.c in
FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x
before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow and application crash) or possibly have unspecified other
impact via a crafted file.

3.2.6:

CVE-2017-9608 - NULL pointer exception.

CVE-2017-9993 - FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x
before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live
Streaming filename extensions and demuxer names, which allows attackers to
read arbitrary files via crafted playlist data.

3.2.7:

CVE-2017-11399 - Integer overflow in the ape_decode_frame function in
libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause
a denial of service (out-of-array access and application crash) or possibly
have unspecified other impact via a crafted APE file.

CVE-2017-11665 - The ff_amf_get_field_value function in
libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a
denial of service (Segmentation Violation and application crash) via a
crafted stream.

CVE-2017-11719 - The dnxhd_decode_header function in libavcodec/dnxhddec.c
in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service
(out-of-array access) or possibly have unspecified other impact via a
crafted DNxHD file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 23:07:17 +02:00
Bernd Kuhls 6918f13762 package/snappy: fix typo
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 662b830dd7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:59:00 +02:00
Baruch Siach 288d26acd5 squashfs: fix build with gcc 7
gcc 7 with -Os (optimize for size) takes the liberty to remove the code of
inline function entirely. This leads to undefined function references at link
time. Restore gcc original inline behaviour to fix this issue.

Fixes:
http://autobuild.buildroot.net/results/3c5/3c5b1d799dce3ba361d618330c242bf4eba76019/
http://autobuild.buildroot.net/results/09f/09f350b62e2486404b78222dce211400bb233000/
http://autobuild.buildroot.net/results/693/693960ed7c01622c756dcc929e83b3b713c16ccc/

Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f308e4420f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:55:51 +02:00
Baruch Siach 3f9fedb217 librsvg: security bump to version 2.40.18
http://ftp.gnome.org/pub/gnome/sources/librsvg/2.40/librsvg-2.40.18.news

CVE-2017-11464 - Fix division-by-zero in the Gaussian blur code.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b76a15ed14)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:51:31 +02:00
Baruch Siach b758567fc9 librsvg: update homepage link
The SF page redirects to gnome.org.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a81979758d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:50:52 +02:00
Charles Hardin 80c457604f package/python-service-identity: the attrs distribution is required
Apparently the service identify code requires the python attrs
to be availabe:

Traceback (most recent call last):
  File "/opt/exablox/bin/configsrv", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3138, in <module>
    @_call_aside
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3124, in _call_aside
    f(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3151, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 661, in _build_master
    ws.require(__requires__)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 962, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 849, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'attrs' distribution was not found and is required by service-identity

Signed-off-by: Charles Hardin <ckhardin@exablox.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 49229b157c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:45:25 +02:00
Fabio Estevam 66ceb5ba45 linux-headers: bump 4.{4, 9, 12}.x series
[Peter: Drop 4.12.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f43096034b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:32:12 +02:00
Adrián Pérez de Castro 904d5330a3 webkitgtk: Add patch for properly picking GL flags when building
This solves build failures caused by WebKit trying to include X11 headers
when support for X11 is disabled in Mesa3D. A common situation is when
configuring both GTK+ and WebKitGTK+ only with Wayland support.

Once the fix for https://bugs.webkit.org/show_bug.cgi?id=175125 makes it
into a release, the patch can be dropped.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c2da653d08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 09:02:17 +02:00
Adrián Pérez de Castro 6a1fa08095 webkitgtk: Add upstream patch needed for builds with ENABLE_VIDEO=OFF
This includes a slightly modified version of the patch for bug
https://bugs.webkit.org/show_bug.cgi?id=174940

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f2b9399c76)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 09:01:41 +02:00
Adrián Pérez de Castro a0658ea000 webkitgtk: Allow building with BR2_PACKAGE_WEBKITGTK_MULTIMEDIA disabled
Explicitly pass "-DENABLE_MEDIA_STREAM=OFF" to CMake, to workaround a
missing feature dependency in the WebKitGTK+ build files.

Related upstream bug: https://bugs.webkit.org/show_bug.cgi?id=174940

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9aceb8bfa8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 09:00:52 +02:00
Adrián Pérez de Castro 075494dd3f webkitgtk: Add patches which allow building for ARMv8-A
The two added patches allow building WebKitGTK+ when the compiler
scpecifically targets ARMv8-A, and reports as such be pre-defining
__ARCH_ARM_8A__ instead of just __ARCH_ARM_8__. Both patches were
pulled from the corresponding upstream bug reports and edited to
remove the conflicting parts which edit the ChangeLog files.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3e4efb30f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 09:00:29 +02:00
Yegor Yefremov ef7ff0f445 python-libconfig: fix Python3 build
boost_python library is named boost_python3, if boost is built
under Python3 environment. The patch fixes setup.py accordingly.

Fixes:
http://autobuild.buildroot.net/results/975/97533965180436c2f7a99de07fdc360ef57f84b0
http://autobuild.buildroot.net/results/b49/b49de32704f0f7ce5a610cf4363c6dcc2d8bafa1
http://autobuild.buildroot.net/results/e26/e26b4b9b486c582fb55826817a3428569968320f

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3cd8023c73)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:57:52 +02:00
Marcus Hoffmann 0e1d908376 package/pkg-kconfig.mk: fix typo in comment
Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 412a872e21)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:46:09 +02:00
Ryan Coe e0b2bd6dff mariadb: security bump version to 10.1.26
Release notes: https://mariadb.com/kb/en/mariadb-10126-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10126-changelog/

Fixes the following security vulnerabilities:

CVE-2017-3636 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client programs). Supported versions that are affected are
5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability
allows low privileged attacker with logon to the infrastructure where MySQL
Server executes to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Server accessible data as well as unauthorized read access to
a subset of MySQL Server accessible data and unauthorized ability to cause
a partial denial of service (partial DOS) of MySQL Server.

CVE-2017-3641 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily
exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause
a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2017-3653 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult
to exploit vulnerability allows low privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized update, insert or delete
access to some of MySQL Server accessible data.

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ff0cf723b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:43:29 +02:00
Adam Duskett 0813899c43 host-mariadb: compile against bundled yassl
On Fedora26, openssl 1.1.x is included by default.  This causes build
errors when building the host variant of mariadb.

Adding -DWITH_SSL=bundled fixes this issue.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 6103ce335a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:43:13 +02:00
Ryan Coe 21e5d6a6a7 mariadb: bump version to 10.1.25
release notes: https://mariadb.com/kb/en/mariadb-10125-release-notes/
changelog: https://mariadb.com/kb/en/mariadb-10125-changelog/

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5ec9bd15f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:43:04 +02:00
Peter Korsgaard a2818c7cfa Update for 2017.02.5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 23:33:09 +02:00
Thomas De Schampheleire ab0cbd3cbc tcpdump: security bump to 4.9.1
Fixes CVE-2017-11108/Fix bounds checking for STP

Changelog: http://www.tcpdump.org/tcpdump-changes.txt

[Peter: add signature link as suggested by Baruch]
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit e588885714)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 22:52:33 +02:00
Peter Korsgaard 25d4b5cf78 webkitgtk: security bump to version 2.16.6
Fixes the following security issues:

CVE-2017-7018 - An issue was discovered in certain Apple products.  iOS
before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.

CVE-2017-7030 - An issue was discovered in certain Apple products.  iOS
before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.

CVE-2017-7034 - An issue was discovered in certain Apple products.  iOS
before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.

CVE-2017-7037 - An issue was discovered in certain Apple products.  iOS
before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.

CVE-2017-7039 - An issue was discovered in certain Apple products.  iOS
before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.

CVE-2017-7046 - An issue was discovered in certain Apple products.  iOS
before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.

CVE-2017-7048 - An issue was discovered in certain Apple products.  iOS
before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.

CVE-2017-7055 - An issue was discovered in certain Apple products.  iOS
before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.

CVE-2017-7056 - An issue was discovered in certain Apple products.  iOS
before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.

CVE-2017-7061 - An issue was discovered in certain Apple products.  iOS
before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.

CVE-2017-7064 - An issue was discovered in certain Apple products.  iOS
before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
The issue involves the "WebKit" component.  It allows attackers to bypass
intended memory-read restrictions via a crafted app.

For more details, see the announcement:
https://webkitgtk.org/2017/07/24/webkitgtk2.16.6-released.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Adrian Perez de Castro" <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b5582d54a4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 22:52:28 +02:00
Peter Seiderer e680be31ff orc: update project url
The original url http://code.entropywave.com/orc is dead (server not found).

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 036d235ade)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:10:06 +02:00
Peter Korsgaard 0964469afb bind: bump version to bugfix release 9.11.1-P3
BIND 9.11.1-P3 addresses a TSIG regression introduced in the 9.11.1-P2
security bump:

https://lists.isc.org/pipermail/bind-announce/2017-July/001057.html

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c237f1d1c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:09:59 +02:00
Bernd Kuhls de2ffb62a2 package/x265: disable altivec on ppc64
Disable altivec support until gcc problems are fixed:
https://bitbucket.org/multicoreware/x265/issues/320/fail-to-build-on-power8-le#comment-34076791

Fixes
http://autobuild.buildroot.net/results/419/41910d44ff98c60a6bb9fd3b6a10bd4d0b98d646/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4f3fd7460c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:09:53 +02:00
Bernd Kuhls 26573a3cc7 package/heimdal: security bump to version 7.4.0
Fixes security bugs CVE-2017-11103 & CVE-2017-6594

Changed upstream tarball location as noted in the release notes:
http://www.h5l.org/releases.html?show=7.4.0

--with-db-type-preference= is needed to fix a build error:

  CCLD     otp
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_get_internal':
otp_db.c:(.text+0x32): undefined reference to `__roken_dbm_fetch'
otp_db.c:(.text+0xd9): undefined reference to `__roken_dbm_store'
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_db_open':
otp_db.c:(.text+0x1c9): undefined reference to `__roken_dbm_open'
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_db_close':
otp_db.c:(.text+0x205): undefined reference to `__roken_dbm_close'
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_delete':
otp_db.c:(.text+0x23e): undefined reference to `__roken_dbm_delete'
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_put':
otp_db.c:(.text+0x388): undefined reference to `__roken_dbm_store'
collect2: error: ld returned 1 exit status

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 02770ce47d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:09:43 +02:00
Bernd Kuhls 2573e725ea package/aespipe: fix host compile
Building host-aespipe fails on Debian stretch at linking stage:

/usr/bin/gcc -L/home/buildroot/br6/output/host/lib -L/home/buildroot/br6/output/host/usr/lib -Wl,-rpath,/home/buildroot/br6/output/host/usr/lib -o aespipe aespipe.o aes-amd64.o md5-amd64.o md5-2x-amd64.o aes-intel64.o sha512.o rmd160.o
/usr/bin/ld: aes-amd64.o: relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC

The same problem apparently exists on recent Ubuntu and Gentoo.

Fix is also used in Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837393

[Peter: add comment explaining why]
[Arnout: use host-cc-option to discover if -no-pie is available;
 cfr. 57b628a932]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit 00ecd72c28)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:09:36 +02:00
Arnout Vandecappelle 77604f7336 package/Makefile.in: add host-cc-option macro
This macro allows to test if HOSTCC supports a specific option. It is
needed to pass '-no-pie' on recent Debian, Ubuntu and Gentoo hosts.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 91a08ecc99)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:09:31 +02:00
Thomas Petazzoni 3510dfefd6 efibootmgr: fix build with gcc 7.x
Now that the build of efivar with gcc 7.x has been fixed by commit
0ca3017034 ("efivar: fix build with gcc
7"), efibootmgr fails similarly with gcc 7.x.

This commit backports an upstream patch that fixes this issue.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit cefdd65460)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:09:23 +02:00
Bernd Kuhls e5570186a4 package/ffmpeg: disable build of nvidia hardware acceleration support
ffmpeg always enables support for nvenc/cuda even if their support
libraries are not present:

External libraries providing hardware acceleration:
cuda cuvid nvenc
[...]
Enabled hwaccels:
h264_cuvid mjpeg_cuvid mpeg2_cuvid vc1_cuvid vp9_cuvid
hevc_cuvid mpeg1_cuvid mpeg4_cuvid vp8_cuvid

This leads to a crash in freeswitch git master when transcoding video
streams on a system without nvidia hardware:

2017-07-22 15:06:27.306760 [INFO] avcodec.c:1077 initializing encoder 352x288
2017-07-22 15:06:27.306760 [NOTICE] avcodec.c:828 NVENC HW CODEC ENABLED

This patch disables the support of nvidia hardware acceleration support
for now until the needed packages are added to buildroot. For details
about this please refer to https://developer.nvidia.com/ffmpeg

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3b6fa452f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:09:17 +02:00
Bernd Kuhls 05f13baaf3 package/ffmpeg: add optional support for alsa-lib
ffmpeg has optional support for alsa as input and/or output device:
http://git.videolan.org/?p=ffmpeg.git;a=blob;f=configure;h=23823e3b7012d847b614bd43316fb614676bedb2;hb=refs/heads/release/3.3#l2987

Problem was found while fixing
http://autobuild.buildroot.net/results/7ba/7ba485532fcab74928246a8f95dba7e5eea9d4a5/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ca06ba2d2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:09:09 +02:00
Bernd Kuhls 5fc13e3a2c package/libtirpc: security bump to version 1.0.2
Fixes CVE-2017-8779:
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commitdiff;h=dd9c7cf4f8f375c6d641b760d124650c418c2ce3

Rebased patches 0001, 0002 & 0006.
Removed patch 0007, applied upstream:
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4f1503e84b2f7bd229a097335e52fb8203f5bb0b
Renumbered patch 0008.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 49a2bb396c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:08:55 +02:00
Dmitrii Kolesnichenko c98eba1cce libtirpc: Fix build error due to missing stdint.h inclusion
Add patch to fix following error:
| ../../libtirpc-1.0.1/src/xdr_sizeof.c:93:13: error: 'uintptr_t' undeclared (first use in this function); did you mean '__intptr_t'?
|   if (len < (uintptr_t)xdrs->x_base) {
|              ^~~~~~~~~

This error occurs with the latest glibc master version (during the testing I had
glibc commit 92bd70fb85bce57ac47ba5d8af008736832c955a), but doesn't occur with
version 2.25.

Patch includes stdint.h to provide uintptr_t.

It has been submitted upstream:
https://sourceforge.net/p/libtirpc/mailman/message/35850276/

Signed-off-by: Dmitrii Kolesnichenko <dmitrii@synopsys.com>
[Thomas: reformat as Git formatted patch.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit b3998dc00f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:08:48 +02:00
Thomas Petazzoni 24c662e6c6 libmemcached: fix build with gcc 7.x
This commit adds a patch to the libmemcached package that fixes the
build with gcc 7.x. Since libmemcached is barely maintained upstream,
the patch comes from the Fedora packages.

Fixes:

  http://autobuild.buildroot.net/results/872b8e0e6a24cbc96e3ad9e0b8b47acdf6160ce0/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8786ac2805)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:08:41 +02:00
Thomas Petazzoni fbce4d82ff collectd: fix build with gcc 7.x
This commit backports an upstream collectd patch that fixes a build
issue with gcc 7.x.

Fixes:

  http://autobuild.buildroot.net/results/2441e2a69d013a6376a90d375e15991e8cb816bd/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9ac88f318a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:08:33 +02:00
Fabio Estevam 85460f118e linux-headers: bump 4.{4, 9, 11, 12}.x series
[Peter: Drop 4.11.x/4.12.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6e97747666)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:08:14 +02:00
Adrián Pérez de Castro b74ed70e46 webkitgtk: Remove patch uneeded for the current version
Version 2.16.5 of WebKitGTK+ already includes the fix added by the
removed patch, which is now unneeded.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6b2804f396)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:07:22 +02:00
Baruch Siach 7ce6884f11 linux-zigbee: fix build with gcc 7
Disable -Werror to avoid the fatal result of new gcc 7 format string warnings.

Fixes:
http://autobuild.buildroot.net/results/29c/29c72bc38042305310576be945c721b2fad95894/
http://autobuild.buildroot.net/results/a7d/a7d38d72834b94291eaff159da277b11e2f9d63a/
http://autobuild.buildroot.net/results/cfe/cfed5176075f0cb9e2f56ebef10f5d6c352baf10/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e1bebe18e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-26 00:07:16 +02:00
Peter Korsgaard 06eb06ad6d linux-headers: bump 3.{2, 10, 18}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 08:01:52 +02:00
Baruch Siach 65080e973d iproute2: correct license
Source files license headers include the GPL "or ... any later version" language.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b1b962274b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:39:02 +02:00
Yann E. MORIN e3d33a6a19 arch/arm: fix -mcpu default values for AArch64
We have to specify the -mcpu value, even in 64-bit mode.

For AArch64, +fp and +simd are the default, so they are totally useless.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9d06e91df8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:37:58 +02:00
Baruch Siach 6114c0b25f expat: fix build on and for kernel older than 3.17
The expat build system now fails when the getrandom() system call is not
supported. This affect both host and target builds. Define XML_POOR_ENTROPY
for target kernels older than 3.17 to fix the build. For the host package
define XML_POOR_ENTROPY unconditionally since we have no easy way to know the
host kernel version. Note that expat will still use getrandom() on the host
when it is available, we don't make security any worse.

Fixes (host):
http://autobuild.buildroot.net/results/928/928dc2b56d931da84055fdfe78929d1f956de53b/
http://autobuild.buildroot.net/results/ee9/ee90d0a456cbce4c7f22e5f61006612bd9ba30d5/
http://autobuild.buildroot.net/results/dac/dac7231242123ae3dcaa6bbdd65b44fe8d8cb20c/

Fixes (target):
http://autobuild.buildroot.net/results/308/308e830219fdfebb5aa6aef51c1dc784254998f6/
http://autobuild.buildroot.net/results/73f/73fa946b0a2205e946ad414079f88e4bdb416f00/
http://autobuild.buildroot.net/results/9d7/9d7bad22ace7fa211b31d752a2255e07cede68be/

[Peter: also use HOST_CPPFLAGS]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 5242701f3a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:35:09 +02:00
Baruch Siach 98ffe962a4 expat: security bump to version 2.2.2
Changes (security fixes):

[MOX-006]      Fix non-NULL parser parameter validation in XML_Parse;
                 resulted in NULL dereference, previously

Drop upstream patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b3eca09500)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:35:00 +02:00
Peter Seiderer 85cfc3a3ac qt5base: fix qthash error attribute(target("+crc")) is unknown
Add patch 0005-Fix-error-attribute-target-crc-is-unknown.patch.

Upstream: https://codereview.qt-project.org/200171

Fixes buildroot Bug 9916 ([1]).

[1] https://bugs.busybox.net/show_bug.cgi?id=9916

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a9e053b5a8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:34:27 +02:00
Peter Seiderer 6d02487394 binutils/2.27: backport patch to enable CRC instructions on supported ARMv8-A CPUs
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d558ca1713)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:34:20 +02:00
Peter Korsgaard 2e71e4d7df libosip2: add upstream security fix
Fixes CVE-2016-10324 - In libosip2 in GNU oSIP 4.1.0, a malformed SIP
message can lead to a heap buffer overflow in the osip_clrncpy() function
defined in osipparser2/osip_port.c.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d8a806e2b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:34:10 +02:00
Fabio Estevam 30bf45b8da linux-headers: bump 4.{4, 9, 11, 12}.x series
[Peter: Drop 4.11.x/4.12.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a78c0935d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:33:23 +02:00
Calin Crisan 89c1bd39c7 pulseaudio: add optional dependency on bluez5_utils
The pulseaudio configure script autodetects the presence of
bluez 4.x and 5.x packages on the system and will exclude the
bluetooth-related modules in their absence.

This commit ensures that bluez5_utils, if selected, are installed
before pulseaudio. The same already happens for bluez_utils (4.x).

Signed-off-by: Calin Crisan <ccrisan at gmail dot com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9e03dd1cef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:32:27 +02:00
Matt Weber 631f617399 gcc: fix build of libsanitizer in gcc 4.9 and 5.x on PowerPC
libsanitizer in gcc fails to build on PowerPC with gcc versions 4.9
and 5.x used in conjunction with glibc 2.25, with the following error:

../../../../gcc-host/libsanitizer/asan/asan_linux.cc: In function 'bool __asan::AsanInterceptsSignal(int)':
../../../../gcc-host/libsanitizer/asan/asan_linux.cc:222:20: error: 'SIGSEGV' was not declared in this scope
   return signum == SIGSEGV && common_flags()->handle_segv;

This commit adds a patch that has been submitted to upstream gcc
(https://patchwork.ozlabs.org/patch/725596/) but not merged. The patch
is no longer needed with gcc 6.x and later because the code has been
reworked.

Fixes Buildroot bug #10061

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: rework commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit 5c90f6a7b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:32:17 +02:00
Yann E. MORIN db62aed533 package/rpi-firmware: install missing library
The vcdbg utility is linked to a few libraries, which so far were all
provided by the rpi-userland package.

But a not-so-recent bump of rpi-firmware pulled in a vcdbg that is
linked to an additional library, which is not privided by rpi-userland,
so we must install it.

Reported-by: cluelessperson on #buildroot
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a3da7980eb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:32:04 +02:00
Peter Korsgaard 6a517afb6c tiff: add upstream security fix for CVE-2017-10688
Fixes CVE-2017-10688 - n LibTIFF 4.0.8, there is a assertion abort in the
TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c.  A
crafted input will lead to a remote denial of service attack.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 544ac6bca0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:31:54 +02:00
Vicente Olivert Riera 8b9602ab0b tiff: bump version to 4.0.8
Patch 0001 already included in this release:
  https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1

Patch 0002 already included in this release:
  https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec

Patch 0003 already included in this release:
  https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86

Patch 0004 already included in this release:
  https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018

Patch 0005 already included in this release:
  https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7

Patch 0006 already included in this release:
  https://github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b

Patch 0007 already included in this release:
  https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1

Patch 0008 already included in this release:
  https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b

Patch 0009 already included in this release:
  https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1

Patch 0010 already included in this release:
  https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122

Patch 0011 already included in this release:
  https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8

Patch 0012 already included in this release:
  https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490

Patch 0013 already included in this release:
  https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3301fbb516)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 07:31:43 +02:00
Peter Korsgaard 2dca04ef7e spice: add upstream security fixes for CVE-2017-7506
Fixes CVE-2017-7506 - Possible buffer overflow via invalid monitor
configurations.

For more details, see:
https://marc.info/?l=oss-security&m=150001782924095

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 31bd29fe09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:17:38 +02:00
Bernd Kuhls ad3d9f8bd6 package/samba4: security bump to version 4.5.12
Fixes CVE-2017-11103:

All versions of Samba from 4.0.0 onwards using embedded Heimdal
Kerberos are vulnerable to a man-in-the-middle attack impersonating
a trusted server, who may gain elevated access to the domain by
returning malicious replication or authorization data.

Samba binaries built against MIT Kerberos are not vulnerable.

https://www.samba.org/samba/history/samba-4.5.12.html

[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit f97510659f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:17:29 +02:00
Bernd Kuhls d8318535f0 package/pcre: security bump to version 8.41
Removed patches 0003 & 0004, applied upstream.

Fixes the following security issues:

CVE-2017-7244 - The _pcre32_xclass function in pcre_xclass.c in libpcre1 in
PCRE 8.40 allows remote attackers to cause a denial of service (invalid
memory read) via a crafted file.

CVE-2017-7245 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 4) or possibly have unspecified
other impact via a crafted file.

CVE-2017-7246 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 268) or possibly have unspecified
other impact via a crafted file.

[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit bc6a84bb3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:16:37 +02:00
Ben Leinweber 4fe48b572e libxml-parser-perl: add LICENSE_FILES
There is copyright information in the top level README file. Use this
file as the license file which will be included by the `legal-info`
build rule.

Signed-off-by: Ben Leinweber <bleinweber@spaceflight.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 730da52edc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:16:09 +02:00
Fabio Estevam 055a6b24aa linux-headers: bump 4.{9,11,12}.x series
[Drop 4.11.x/4.12.x change]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8e95c2e9ca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:15:06 +02:00
Bernd Kuhls baf5a9d8c7 package/apache: security bump to version 2.4.27
Fixes the following security issues:

CVE-2017-9788 - Uninitialized memory reflection in mod_auth_digest

The value placeholder in [Proxy-]Authorization headers of type 'Digest' was
not initialized or reset before or between successive key=value assignments.
by mod_auth_digest.

Providing an initial key with no '=' assignment could reflect the stale
value of uninitialized pool memory used by the prior request, leading to
leakage of potentially confidential information, and a segfault.

CVE-2017-9789 - Read after free in mod_http2

When under stress, closing many connections, the HTTP/2 handling code would
sometimes access memory after it has been freed, resulting in potentially
erratic behaviour.

Announcement: http://www.apache.org/dist/httpd/Announcement2.4.html
Release notes: http://www.apache.org/dist/httpd/CHANGES_2.4.27

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cf9b7cedac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:12:10 +02:00
Peter Korsgaard 020c657791 mpg123: security bump to version 1.25.2
>From the release notes:

 - Extend pow tables for layer III to properly handle files with i-stereo and
   5-bit scalefactors. Never observed them for real, just as fuzzed input to
   trigger the read overflow. Note: This one goes on record as CVE-2017-11126,
   calling remote denial of service. While the accesses are out of bounds for
   the pow tables, they still are safely within libmpg123's memory (other
   static tables). Just wrong values are used for computation, no actual crash
   unless you use something like GCC's AddressSanitizer, nor any information
   disclosure.
 - Avoid left-shifts of negative integers in layer I decoding.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 474daa20f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:11:56 +02:00
Adrián Pérez de Castro 7c2fbc0c5d webkitgtk: select libgcrypt
Libgrcrypt is a direct dependency of WebKitGTK+, and as such it
should be selected.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: add missing dependency on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit b61c805fca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:11:42 +02:00
Adrián Pérez de Castro ad2c4ea2cf webkitgtk: bump to version 2.16.5
This simply updates to the latest stable release. WebKitGTK+ versions
in the 2.1x series avoid bumping the dependencies in order to allow
distributions to provide updates, therefore no new dependencies are
needed.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 23c0872442)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:11:36 +02:00
Peter Korsgaard 5519f5dcd5 php: security bump to version 7.1.7
Fixes the following security issues:

CVE-2017-7890 - Buffer over-read into uninitialized memory.  The GIF
decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be
reached with a call to the imagecreatefromstring() function) uses
constant-sized color tables of size 3 * 256, but does not zero-out these
arrays before use.

CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229 -
Out-of-bonds access in oniguruma regexp library.

CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, the openssl extension PEM sealing code did not check the return value
of the OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative number in
ext/openssl/openssl.c, and an OpenSSL documentation omission.

CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, lack of a bounds check in the date extension's timelib_meridian
parsing code could be used by attackers able to supply date strings to leak
information from the interpreter, related to an ext/date/lib/parse_date.c
out-of-bounds read affecting the php_parse_date function.

CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x
through 7.1.7, lack of bounds checks in the date extension's
timelib_meridian parsing code could be used by attackers able to supply date
strings to leak information from the interpreter, related to
ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date
function.  NOTE: this vulnerability exists because of an incomplete fix for
CVE-2017-11145.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 91f4c9d412)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:11:01 +02:00
Bernd Kuhls 2ee8d1f7d7 package/php: bump version to 7.1.6
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0b5d531e6d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:10:56 +02:00
Vicente Olivert Riera fa1e277b51 php: bump version to 7.1.5
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f9aee682f9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:10:50 +02:00
Vicente Olivert Riera 4d041d8e4d php: bump version to 7.1.4
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9f6357117b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:10:36 +02:00
Rahul Bedarkar dfce4519e8 php: add version to license string
As per LICENSE file, php uses PHP license version 3.01.

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e066bfa664)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:10:22 +02:00
Vicente Olivert Riera 697945878d php: bump version to 7.1.3
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fca8df85c1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:09:57 +02:00
Peter Korsgaard 466ab1420a php: bump to version 7.1.2
7.1.2 is a bugfix release, fixing a number of issues:

http://www.php.net/ChangeLog-7.php#7.1.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 34d19a23ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:09:26 +02:00
Peter Korsgaard feb4548bd8 xserver_xorg-server: add upstream security fixes for CVE-2017-10971 / 10972
Add upstream patches fixing the following security issues:

CVE-2017-10971:
	The endianess handling for X Events assumed a fixed size of X Event structures and
	had a specific 32 byte stack buffer for that.

	However "GenericEvents" can have any size, so if the events were sent in the wrong
	endianess, this stack buffer could be overflowed easily.

	So authenticated X users could overflow the stack in the X Server and with the X
	server usually running as root gaining root prileveges.

CVE-2017-10972:
	An information leak out of the X server due to an uninitialized stack area when swapping
	event endianess.

For more details, see the advisory:

http://www.openwall.com/lists/oss-security/2017/07/06/6

[Apply 1.19.x patches to 1.19.1 instead of 1.19.3]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2015d83dd5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:06:52 +02:00
Baruch Siach b9e3b87784 efivar: fix build with gcc 7
Add upstream patch fixing a warning that breaks the build because of -Werror.

Fixes:
http://autobuild.buildroot.net/results/33a/33adc3ef139d6814aef4c92ae0bcc4c810ab0b86/
http://autobuild.buildroot.net/results/e7d/e7d80e823e13edc6698148244553bd90367bcd03/
http://autobuild.buildroot.net/results/3b6/3b61246f8b04a332d1c61732f0eb6e50ea8ca366/

Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0ca3017034)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:04:30 +02:00
Arnout Vandecappelle 03c2027e17 manual: patches are not applied for SITE_METHOD = local
We had several remarks on the mailing list of users that were surprised
that patches were not applied for packages whose SITE_METHOD is local.
So document this.

Note that for OVERRIDE_SRCDIR itself it is already documented:

  When Buildroot finds that for a given package, an
  <pkg>_OVERRIDE_SRCDIR has been defined, it will no longer attempt to
  download, extract and patch the package. Instead, it will directly use
  the source code available in in the specified directory.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0611045c42)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:04:22 +02:00
Peter Korsgaard fed880a3c4 irssi: security bump to version 1.0.4
>From the advisory:
https://irssi.org/security/irssi_sa_2017_07.txt

Two vulnerabilities have been located in Irssi.

(a) When receiving messages with invalid time stamps, Irssi would try
    to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter
    of Geeknik Labs. (CWE-690)

    CVE-2017-10965 [2] was assigned to this bug

(b) While updating the internal nick list, Irssi may incorrectly use
    the GHashTable interface and free the nick while updating it. This
    will then result in use-after-free conditions on each access of
    the hash table. Found by Brian 'geeknik' Carpenter of Geeknik
    Labs. (CWE-416 caused by CWE-227)

    CVE-2017-10966 [3] was assigned to this bug

Impact
------

(a) May result in denial of service (remote crash).

(b) Undefined behaviour.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9bf7844688)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:04:13 +02:00
Rodrigo Rebello 94660b2a95 irssi: drop obsolete configure option
The configure option --with-ncurses has been removed in version 1.0.0
and thus is no longer needed.

Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a97b1e03fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:04:07 +02:00
Peter Korsgaard dfcb9416d2 ccache: make default host-ccache cache dir fit for multi-user setups
While building I noticed:

>>> host-ccache 3.3.4 Building
conf.c: In function 'conf_create':
conf.c:314:2: warning: too many arguments for format [-Wformat-extra-args]
  conf->cache_dir = format("/home/peko/.buildroot-ccache", get_home_directory());
  ^

As host-ccache gets installed into $(HOST_DIR) and is part of the SDK,
hardcoding the build user homedir isn't really nice for the relocatable
SDK feature (or simply for a SDK used by multiple users).

As the warning shows, CCache replaces "%s" with the current user home
directory, so rewrite BR_CACHE_DIR to use this feature if it begins with
$HOME.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bdca0d0581)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:03:23 +02:00
Yegor Yefremov 33145a32b2 python-setproctitle: change setup type to setuptools
Changing setup type to setuptools avoids installing as zipped .egg

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 37cb6e971c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:03:16 +02:00
Thomas Petazzoni 76bde2fc30 xvisor: fix bogus check on XVISOR_ARCH
The XVISOR_ARCH check added in commit
117fd5dfbc ("xvisor: fix build on
AArch64") broke Buildroot entirely on all architectures except ARM,
AArch64 and x86-64, because the $(error ...) test was not enclosed
inside a condition that made sure the xvisor package was enabled.

This commit fixes that, and allows Buildroot to be usable again on all
architectures.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 27ce235cdb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:02:38 +02:00
Thomas Petazzoni f887589e3e xvisor: fix build on AArch64
Xvisor was failing to build on AArch64 with:

package/xvisor/xvisor.mk:60: *** No Xvisor defconfig name specified, check your BR2_PACKAGE_XVISOR_DEFCONFIG setting.  Stop.

The first problem is that the Config.in file had a typo: it was using
BR2_AARCH64 instead of BR2_aarch64, and therefore the
BR2_PACKAGE_XVISOR_DEFCONFIG variable had no value.

Once this is fixed, another problem occurs: the ARCH variable needs to
be specified as "arm" for XVisor, for both ARM and AArch64. Therefore,
a XVISOR_ARCH variable is introduced, which is calculated according to
the Buildroot configuration options. Only x86-64, arm and aarch64 are
supported by Xvisor currently, so it remains simple.

Fixes:

  http://autobuild.buildroot.net/results/1719a63ff257f13634a06a14327abfb327984101/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 117fd5dfbc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:02:29 +02:00
Bernd Kuhls 711a1eb61a linux-headers: bump 4.{4,9,11}.x series
[Peter: Drop 4.11.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 00b8764f77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-20 00:02:01 +02:00
Peter Korsgaard 304750a59d busybox: disable CONFIG_FEATURE_CLEAN_UP in default configs
FEATURE_CLEAN_UP is a configuration feature to get busybox to explicitly
call free() on dynamic allocated memory just before exiting so memory leak
detectors like valgrind don't get confused.  Upstream explicitly recommends
to NOT enable this option:

config FEATURE_CLEAN_UP
	bool "Clean up all memory before exiting (usually not needed)"
	default n
	help
	  As a size optimization, busybox normally exits without explicitly
	  freeing dynamically allocated memory or closing files. This saves
	  space since the OS will clean up for us, but it can confuse debuggers
	  like valgrind, which report tons of memory and resource leaks.

	  Don't enable this unless you have a really good reason to clean
	  things up manually.

Having this option enabled adds a bit of bloat, but more significantly these
cleanup code paths don't get tested very often so some times get out of sync
with the allocation code which can lead to crashes (or security issues from
double frees), so it is safer to disable the option.

For people wanting to debug memory leak issues with busybox, the option can
still be enabled with a configuration fragment (or a custom config).

The size difference isn't huge (br-arm-full-static):

-rwxr-xr-x 1 peko peko 886K Jul  5 10:56 output-busybox1/target/bin/busybox
-rwxr-xr-x 1 peko peko 882K Jul  5 10:53 output-busybox2/target/bin/busybox

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 15e8e721f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-19 23:58:15 +02:00
Thomas Petazzoni 4ef293dfdd libglib2: disable compiler warnings
By default, libglib enables some fairly aggressive warnings, treated
as errors. In particular, the -Wformat=2 warning triggers a warning
due to the return value of the ngettext() macro from uClibc libintl
stub not being understood as being potentially a format string.

So, before we enable the stub libintl in uClibc, we disable such
warnings. A bug will be reported to upstream uClibc to get the actual
bug fixed, but disabling compiler warnings treated as errors is anyway
a good thing in the context of Buildroot.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f2800ac57c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-19 23:58:05 +02:00
Matthew Shyu 840a4f40ed linux-fusion: fix build issue with Linux >= 4.7
The size parameter from sock_recvmsg() was removed from Linux kernel
API since 4.7. This commit adjusts the existing
0004-Port-one-one_udp.c-to-Linux-4.1.patch to fix the build with Linux
>= 4.7.

Signed-off-by: Matthew Shyu <matthew.shyu@amlogic.com>
[Thomas: improved commit title/log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit 0ae2cab416)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-19 23:57:57 +02:00
Yann E. MORIN dc0ec5f24f package/systemd: needs timezone info
systemd does not like being booted without any timezone info (especially
on a R/O filesystem), so we forcibly enable that.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
[Thomas: fix alphabetic ordering.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit 81597b82e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-19 23:57:41 +02:00
Thomas Petazzoni ffaaa9cb48 systemd: don't download patches from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7ced54845c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-19 23:57:08 +02:00
Romain Naour 8d4be770b6 boot/syslinux: disable syslinux legacy-BIOS for broken toolchains
Since [1] syslinux is built with the target toolchain in order to
properly build with gnu-efi package. But toolchains built with
binutils 2.26 break the syslinux legacy-BIOS build as reported at [2],
due to binutils bug #19615.

Thanks to Benoît Allard for the investigation and the link to the
binutils bug [3].

[1] 6e432d5ecb
[2] http://lists.busybox.net/pipermail/buildroot/2017-July/196253.html
[3] https://sourceware.org/bugzilla/show_bug.cgi?id=19615

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Benoît Allard <benoit.allard@greenbone.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 42638a1d12)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-19 23:15:19 +02:00
Romain Naour 31477ee279 toolchain: CodeSourcery AMD64 affected by PR19615
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 73143ab894)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-19 23:15:11 +02:00
Thomas Petazzoni 771aa02d4d syslinux: add missing dependency on host-util-linux
If util-linux is not installed system-wide on the host, the build
fails with:

/usr/bin/gcc -Wp,-MT,isohybrid.o,-MMD,./.isohybrid.o.d -O2 -I/home/thomas/projets/buildroot/output/host/usr/include -W -Wall -Wstrict-prototypes  -Os -fomit-frame-pointer -D_FILE_OFFSET_BITS=64 -I/home/thomas/projets/buildroot/output/build/syslinux-6.03/utils -c -o isohybrid.o /home/thomas/projets/buildroot/output/build/syslinux-6.03/utils/isohybrid.c
/home/thomas/projets/buildroot/output/build/syslinux-6.03/utils/isohybrid.c:40:23: fatal error: uuid/uuid.h: No such file or directory
 #include <uuid/uuid.h>
                       ^
compilation terminated.

Therefore, this commit adds a dependency on host-util-linux, which
will ensure that libuuid is available. The resulting isohybrid tool is
really installed, and linked with libuuid:

$ readelf -d output/host/usr/bin/isohybrid

Dynamic section at offset 0x3e00 contains 26 entries:
  Tag        Type                         Name/Value
 0x0000000000000001 (NEEDED)             Shared library: [libuuid.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
 0x000000000000000f (RPATH)              Library rpath: [/home/thomas/projets/buildroot/output/host/usr/lib]

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d98d7d660e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-19 22:54:24 +02:00
Peter Korsgaard 3065f3cf39 nodejs: security bump to version 6.11.1
Fixes CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet was
crafted in a particular way.  This patch checks that there is enough data
for the required elements of an NAPTR record (2 int16, 3 bytes for string
lengths) before processing a record.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-14 15:15:22 +02:00
Peter Korsgaard 78ec7c6592 xen: security bump to version 4.7.3
The 4.7.3 release brings a number of bugfixes and improvements:

https://www.xenproject.org/downloads/xen-archives/xen-project-47-series/xen-473.html

Including fixes for the following security issues:

XSA-211: Cirrus VGA Heap overflow via display refresh (CVE-2016-9603)
XSA-212: x86: broken check in memory_exchange() permits PV guest breakout
         (CVE-2017-7228)
XSA-213: x86: 64bit PV guest breakout via pagetable use-after-mode-change
         (CVE-2017-8903)
XSA-214: grant transfer allows PV guest to elevate privileges (CVE-2017-8904)
XSA-215: possible memory corruption via failsafe callback (CVE-2017-8905)
XSA-216: blkif responses leak backend stack data (CVE-2017-10911)
XSA-217: page transfer may allow PV guest to elevate privilege
         (CVE-2017-10912)
XSA-218: Races in the grant table unmap code (CVE-2017-10913 CVE-2017-10914)
XSA-219: x86: insufficient reference counts during shadow emulation
         (CVE-2017-10915)
XSA-220: x86: PKRU and BND* leakage between vCPU-s (CVE-2017-10916)
XSA-221: NULL pointer deref in event channel poll (CVE-2017-10917)
XSA-222: stale P2M mappings due to insufficient error checking
         (CVE-2017-10918)
XSA-223: ARM guest disabling interrupt may crash Xen (CVE-2017-10919)
XSA-224: grant table operations mishandle reference counts
         (CVE-2017-10920 CVE-2017-10921 CVE-2017-10922)
XSA-225: arm: vgic: Out-of-bound access when sending SGIs (CVE-2017-10923)

Also change download location as bits.xensource.com seems to be down.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 22:39:43 +02:00
Adrián Pérez de Castro 9c0cab9276 Config.in: add BR2_HOST_GCC_AT_LEAST_7
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 435b4cce0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-05 16:49:58 +02:00
Romain Naour e9cdb35efd package/pulseaudio: remove kde files
Upstream removed the src/daemon/pulseaudio-kde.desktop.in since the
version 6.0 [1].

[1] https://github.com/pulseaudio/pulseaudio/commit/f46799579f438125b695dced4edf8bca05cbe90a

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 90536c3dfc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-05 13:36:44 +02:00
277 changed files with 4399 additions and 1753 deletions
+52
View File
@@ -1,3 +1,55 @@
2017.02.6, Released September 24th, 2017
Important / security related fixes.
Cmake: Ensure correct pkg-config is used when building host
packages
fs/iso9660: Ensure files from earlier builds are not included.
Updated/fixed packages: apache, bcusdk, bind, binutils,
bluez5_utils, botan, cmake, connman, dbus, dialog, e2fsprogs,
faad2, fakeroot, ffmpeg, file, flashrom, gcc, gd, gdb,
gdk-pixbuf, git, gnupg, gpsd, grub2, gst1-plugins-bad,
imagemagick, iostat, iucode-tool, jack2, libarchive, libcurl,
libgcrypt, libidn, libphidget, librsync, librsvg, libsoup,
libxml2, linux-tools, lua, mariadb, mbedtls, mediastreamer,
minidlna, netplug, nss-pam-ldapd, nvidia-driver, openjpeg,
postgresql, proxychains-ng, python-libconfig,
python-service-identity, qt, rpcbind, ruby, samba4, squashfs,
squid, strongswan, subversion, supervisor, sysvinit, tcpdump,
tor, transmission, unrar, valgrind, vim, webkitgtk, whois,
xen, zmqpp
Issues resolved (http://bugs.buildroot.org):
#10141: Squashfs extended attribute failures
#10261: Grub2 fails to build for x86_64
#10276: BR2_PACKAGE_LINUX_TOOLS_GPIO fails for MIPS with...
2017.02.5, Released July 27th, 2017
Important / security related fixes.
Webkitgtk bumped to the 2.16.x series, fixing a large number
of security issues.
host-aespipe compile fix for Debian/Gentoo/Ubuntu toolchains
which default to PIE mode.
Updated/fixed packages: aespipe, apache, bind, binutils,
ccache, collectd, efibootmgr, efivar, expat, ffmpeg, gcc,
heimdal, iproute2, irssi, libglib2, libmemcached, libosip2,
libtirpc, libxml-parser-perl, linux-fusion, linux-zigbee,
mpg123, nodejs, orc, pcre, php, pulseaudio,
python-setproctitle, qt5base, rpi-firmware, samba4, syslinux,
systemd, spice, tiff, webkitgtk, x265, xen,
xserver_xorg-server, xvisor
Issues resolved (http://bugs.buildroot.org):
#10061: gcc5.4 buildroot toolchain for powerpc libsanitizer...
2017.02.4, Released July 4th, 2017
Important / security related fixes.
+5
View File
@@ -57,6 +57,11 @@ config BR2_HOST_GCC_AT_LEAST_6
default y if BR2_HOST_GCC_VERSION = "6"
select BR2_HOST_GCC_AT_LEAST_5
config BR2_HOST_GCC_AT_LEAST_7
bool
default y if BR2_HOST_GCC_VERSION = "7"
select BR2_HOST_GCC_AT_LEAST_6
# Hidden boolean selected by packages in need of Java in order to build
# (example: xbmc)
config BR2_NEEDS_HOST_JAVA
+2 -2
View File
@@ -86,9 +86,9 @@ else # umask / $(CURDIR) / $(O)
all:
# Set and export the version string
export BR2_VERSION := 2017.02.4
export BR2_VERSION := 2017.02.6
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1499186000
BR2_VERSION_EPOCH = 1506285000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
+3 -9
View File
@@ -534,15 +534,9 @@ config BR2_GCC_TARGET_CPU
default "strongarm" if BR2_strongarm
default "xscale" if BR2_xscale
default "iwmmxt" if BR2_iwmmxt
default "cortex-a53" if (BR2_cortex_a53 && !BR2_ARCH_IS_64)
default "cortex-a53+fp" if (BR2_cortex_a53 && BR2_ARCH_IS_64 && BR2_ARM_FPU_FP_ARMV8)
default "cortex-a53+fp+simd" if (BR2_cortex_a53 && BR2_ARCH_IS_64 && BR2_ARM_FPU_NEON_FP_ARMV8)
default "cortex-a57" if (BR2_cortex_a57 && !BR2_ARCH_IS_64)
default "cortex-a57+fp" if (BR2_cortex_a57 && BR2_ARCH_IS_64 && BR2_ARM_FPU_FP_ARMV8)
default "cortex-a57+fp+simd" if (BR2_cortex_a57 && BR2_ARCH_IS_64 && BR2_ARM_FPU_NEON_FP_ARMV8)
default "cortex-a72" if (BR2_cortex_a72 && !BR2_ARCH_IS_64)
default "cortex-a72+fp" if (BR2_cortex_a72 && BR2_ARCH_IS_64 && BR2_ARM_FPU_FP_ARMV8)
default "cortex-a72+fp+simd" if (BR2_cortex_a72 && BR2_ARCH_IS_64 && BR2_ARM_FPU_NEON_FP_ARMV8)
default "cortex-a53" if BR2_cortex_a53
default "cortex-a57" if BR2_cortex_a57
default "cortex-a72" if BR2_cortex_a72
config BR2_GCC_TARGET_ABI
default "aapcs-linux" if BR2_arm || BR2_armeb
+1 -1
View File
@@ -53,7 +53,7 @@ GRUB2_CONF_ENV = \
$(HOST_CONFIGURE_OPTS) \
CPP="$(HOSTCC) -E" \
TARGET_CC="$(TARGET_CC)" \
TARGET_CFLAGS="$(TARGET_CFLAGS)" \
TARGET_CFLAGS="$(TARGET_CFLAGS) -fno-stack-protector" \
TARGET_CPPFLAGS="$(TARGET_CPPFLAGS)" \
TARGET_LDFLAGS="$(TARGET_LDFLAGS)" \
NM="$(TARGET_NM)" \
+1
View File
@@ -35,6 +35,7 @@ config BR2_TARGET_SYSLINUX_PXELINUX
config BR2_TARGET_SYSLINUX_MBR
bool "install mbr"
depends on !BR2_TOOLCHAIN_HAS_BINUTILS_BUG_19615
select BR2_TARGET_SYSLINUX_LEGACY_BIOS
help
Install the legacy-BIOS 'mbr' image, to boot off a
+2 -1
View File
@@ -13,7 +13,8 @@ SYSLINUX_LICENSE_FILES = COPYING
SYSLINUX_INSTALL_IMAGES = YES
SYSLINUX_DEPENDENCIES = host-nasm host-upx util-linux
# host-util-linux needed to provide libuuid when building host tools
SYSLINUX_DEPENDENCIES = host-nasm host-upx util-linux host-util-linux
ifeq ($(BR2_TARGET_SYSLINUX_LEGACY_BIOS),y)
SYSLINUX_TARGET += bios
+4 -1
View File
@@ -315,7 +315,10 @@ information is (assuming the package name is +libfoo+) :
** +local+ for a local source code directory. One should use this
when +LIBFOO_SITE+ specifies a local directory path containing
the package source code. Buildroot copies the contents of the
source directory into the package's build directory.
source directory into the package's build directory. Note that
for +local+ packages, no patches are applied. If you need to
still patch the source code, use +LIBFOO_POST_RSYNC_HOOKS+, see
xref:hooks-rsync[].
* +LIBFOO_GIT_SUBMODULES+ can be set to +YES+ to create an archive
with the git submodules in the repository. This is only available
+1
View File
@@ -59,6 +59,7 @@ endef
LIBFOO_POST_PATCH_HOOKS += LIBFOO_POST_PATCH_FIXUP
----------------------
[[hooks-rsync]]
==== Using the +POST_RSYNC+ hook
The +POST_RSYNC+ hook is run only for packages that use a local source,
either through the +local+ site method or the +OVERRIDE_SRCDIR+
+5 -5
View File
@@ -50,11 +50,11 @@ BUSYBOX_OVERRIDE_SRCDIR = /home/bob/busybox/
When Buildroot finds that for a given package, an
+<pkg>_OVERRIDE_SRCDIR+ has been defined, it will no longer attempt to
download, extract and patch the package. Instead, it will directly use
the source code available in in the specified directory and +make
clean+ will not touch this directory. This allows to point Buildroot
to your own directories, that can be managed by Git, Subversion, or
any other version control system. To achieve this, Buildroot will use
_rsync_ to copy the source code of the component from the specified
the source code available in the specified directory and +make clean+
will not touch this directory. This allows to point Buildroot to your
own directories, that can be managed by Git, Subversion, or any other
version control system. To achieve this, Buildroot will use _rsync_ to
copy the source code of the component from the specified
+<pkg>_OVERRIDE_SRCDIR+ to +output/build/<package>-custom/+.
This mechanism is best used in conjunction with the +make
+1
View File
@@ -40,6 +40,7 @@ define ROOTFS_ISO9660_CREATE_TEMPDIR
$(RM) -rf $(ROOTFS_ISO9660_TARGET_DIR)
mkdir -p $(ROOTFS_ISO9660_TARGET_DIR)
endef
ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_CREATE_TEMPDIR
else
ROOTFS_ISO9660_TARGET_DIR = $(TARGET_DIR)
endif
+21
View File
@@ -223,6 +223,27 @@ HOST_CFLAGS += $(HOST_CPPFLAGS)
HOST_CXXFLAGS += $(HOST_CFLAGS)
HOST_LDFLAGS += -L$(HOST_DIR)/lib -L$(HOST_DIR)/usr/lib -Wl,-rpath,$(HOST_DIR)/usr/lib
# The macros below are taken from linux 4.11 and adapted slightly.
# Copy more when needed.
# try-run
# Usage: option = $(call try-run, $(CC)...-o "$$TMP",option-ok,otherwise)
# Exit code chooses option. "$$TMP" is can be used as temporary file and
# is automatically cleaned up.
try-run = $(shell set -e; \
TMP="$$(tempfile)"; \
if ($(1)) >/dev/null 2>&1; \
then echo "$(2)"; \
else echo "$(3)"; \
fi; \
rm -f "$$TMP")
# host-cc-option
# Usage: HOST_FOO_CFLAGS += $(call host-cc-option,-no-pie,)
host-cc-option = $(call try-run,\
$(HOSTCC) $(HOST_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
# host-intltool should be executed with the system perl, so we save
# the path to the system perl, before a host-perl built by Buildroot
# might get installed into $(HOST_DIR)/usr/bin and therefore appears
+10
View File
@@ -9,5 +9,15 @@ AESPIPE_SOURCE = aespipe-v$(AESPIPE_VERSION).tar.bz2
AESPIPE_SITE = http://loop-aes.sourceforge.net/aespipe
AESPIPE_LICENSE = GPL
# Recent Debian, Gentoo and Ubuntu enable -fPIE by default, breaking the build:
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837393
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835148
# Older gcc versions however don't support the -no-pie flag, so we have to
# check its availability.
HOST_AESPIPE_NO_PIE_FLAG = $(call host-cc-option,-no-pie)
HOST_AESPIPE_CONF_ENV = \
CFLAGS="$(HOST_CFLAGS) $(HOST_AESPIPE_NO_PIE_FLAG)" \
LDFLAGS="$(HOST_LDFLAGS) $(HOST_AESPIPE_NO_PIE_FLAG)"
$(eval $(autotools-package))
$(eval $(host-autotools-package))
+30
View File
@@ -0,0 +1,30 @@
core: Disallow Methods' registration at run time (.htaccess), they may
be used only if registered at init time (httpd.conf).
Calling ap_method_register() in children processes is not the right scope
since it won't be shared for all requests.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807655 13f79535-47bb-0310-9956-ffa450edef68
Fixes CVE-2017-9798: https://nvd.nist.gov/vuln/detail/CVE-2017-9798
Downloaded from upstream repo:
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
--- a/server/core.c 2017/08/16 16:50:29 1805223
+++ b/server/core.c 2017/09/08 13:13:11 1807754
@@ -2266,6 +2266,12 @@
/* method has not been registered yet, but resource restriction
* is always checked before method handling, so register it.
*/
+ if (cmd->pool == cmd->temp_pool) {
+ /* In .htaccess, we can't globally register new methods. */
+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
+ "for %s from .htaccess configuration",
+ method, cmd->cmd->name);
+ }
methnum = ap_method_register(cmd->pool,
apr_pstrdup(cmd->pool, method));
}
+2 -2
View File
@@ -1,2 +1,2 @@
# From http://www.apache.org/dist/httpd/httpd-2.4.26.tar.bz2.sha256
sha256 a07eb52fafc879e0149d31882f7da63173e72df4478db4dc69f7a775b663d387 httpd-2.4.26.tar.bz2
# From http://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha256
sha256 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a httpd-2.4.27.tar.bz2
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
APACHE_VERSION = 2.4.26
APACHE_VERSION = 2.4.27
APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
APACHE_SITE = http://archive.apache.org/dist/httpd
APACHE_LICENSE = Apache-2.0
@@ -0,0 +1,35 @@
From 6bd1b4958e949d83468e053c34bf6c89d14d687a Mon Sep 17 00:00:00 2001
From: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Date: Fri, 25 Aug 2017 23:01:14 +0200
Subject: [PATCH] eibd: drop local clock_gettime in USB backends
clock_gettime is defined locally, and calls pth_int_time, which
in turn calls clock_gettime.
The USB backend shouldn't overrule clock_gettime in the first place.
This patch fixes this endless recursion by removing the local defition.
Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
---
eibd/usb/linux_usbfs.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/eibd/usb/linux_usbfs.c b/eibd/usb/linux_usbfs.c
index c3ec410..957b908 100644
--- a/eibd/usb/linux_usbfs.c
+++ b/eibd/usb/linux_usbfs.c
@@ -52,12 +52,6 @@ int pthread_mutex_trylock(pthread_mutex_t *mutex)
return 0;
}
-int clock_gettime(clockid_t clk_id, struct timespec *tp)
-{
- pth_int_time (tp);
- return 0;
-}
-
/* sysfs vs usbfs:
* opening a usbfs node causes the device to be resumed, so we attempt to
* avoid this during enumeration.
--
1.8.5.rc3
+3 -2
View File
@@ -1,2 +1,3 @@
# Verified from http://ftp.isc.org/isc/bind9/9.11.1-P1/bind-9.11.1-P2.tar.gz.sha256.asc
sha256 bf53c6431575ae1612ddef66d18ef9baf2a22d842fa5b0cadc971919fd81fea5 bind-9.11.1-P2.tar.gz
# Verified from http://ftp.isc.org/isc/bind9/9.11.2/bind-9.11.2.tar.gz.sha256.asc
sha256 7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a bind-9.11.2.tar.gz
sha256 d3906dfe153e2c48440d3ca1d5319f5e89b4b820cdfc5d0779c23d7ac2b175e9 COPYRIGHT
+3 -2
View File
@@ -4,8 +4,8 @@
#
################################################################################
BIND_VERSION = 9.11.1-P2
BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION)
BIND_VERSION = 9.11.2
BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
# bind does not support parallel builds.
BIND_MAKE = $(MAKE1)
BIND_INSTALL_STAGING = YES
@@ -24,6 +24,7 @@ BIND_CONF_ENV = \
BUILD_CC="$(TARGET_CC)" \
BUILD_CFLAGS="$(TARGET_CFLAGS)"
BIND_CONF_OPTS = \
--without-lmdb \
--with-libjson=no \
--with-randomdev=/dev/urandom \
--enable-epoll \
@@ -0,0 +1,42 @@
From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Wed, 2 Aug 2017 00:36:05 -0700
Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.
They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
change should not affect processing of valid assembly/binary code.
bfd/
2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
entries for sysregs with negative indices.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
bfd/xtensa-isa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
index 8da75bea8109..8c6ee88fdeae 100644
--- a/bfd/xtensa-isa.c
+++ b/bfd/xtensa-isa.c
@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
xtensa_sysreg_internal *sreg = &isa->sysregs[n];
is_user = sreg->is_user;
- isa->sysreg_table[is_user][sreg->number] = n;
+ if (sreg->number >= 0)
+ isa->sysreg_table[is_user][sreg->number] = n;
}
/* Set up the interface lookup table. */
--
2.1.4
@@ -0,0 +1,42 @@
From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Wed, 2 Aug 2017 00:36:05 -0700
Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.
They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
change should not affect processing of valid assembly/binary code.
bfd/
2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
entries for sysregs with negative indices.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
bfd/xtensa-isa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
index 8da75bea8109..8c6ee88fdeae 100644
--- a/bfd/xtensa-isa.c
+++ b/bfd/xtensa-isa.c
@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
xtensa_sysreg_internal *sreg = &isa->sysregs[n];
is_user = sreg->is_user;
- isa->sysreg_table[is_user][sreg->number] = n;
+ if (sreg->number >= 0)
+ isa->sysreg_table[is_user][sreg->number] = n;
}
/* Set up the interface lookup table. */
--
2.1.4
@@ -0,0 +1,42 @@
From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Wed, 2 Aug 2017 00:36:05 -0700
Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.
They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
change should not affect processing of valid assembly/binary code.
bfd/
2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
entries for sysregs with negative indices.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
bfd/xtensa-isa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
index 8da75bea8109..8c6ee88fdeae 100644
--- a/bfd/xtensa-isa.c
+++ b/bfd/xtensa-isa.c
@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
xtensa_sysreg_internal *sreg = &isa->sysregs[n];
is_user = sreg->is_user;
- isa->sysreg_table[is_user][sreg->number] = n;
+ if (sreg->number >= 0)
+ isa->sysreg_table[is_user][sreg->number] = n;
}
/* Set up the interface lookup table. */
--
2.1.4
@@ -0,0 +1,88 @@
From 29a4659015ca7044c2d425d32a0b828e0fbb5ac1 Mon Sep 17 00:00:00 2001
From: Richard Earnshaw <Richard.Earnshaw@arm.com>
Date: Wed, 7 Sep 2016 17:14:54 +0100
Subject: [PATCH] Automatically enable CRC instructions on supported ARMv8-A
CPUs.
2016-09-07 Richard Earnshaw <rearnsha@arm.com>
* opcode/arm.h (ARM_ARCH_V8A_CRC): New architecture.
2016-09-07 Richard Earnshaw <rearnsha@arm.com>
* config/tc-arm.c ((arm_cpus): Use ARM_ARCH_V8A_CRC for all
ARMv8-A CPUs except xgene1.
Upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=27e5a270962fb92c07e7d476966ba380fa3bb68e
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
gas/config/tc-arm.c | 18 +++++++++---------
include/opcode/arm.h | 2 ++
2 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c
index 73d05316..7c86184d 100644
--- a/gas/config/tc-arm.c
+++ b/gas/config/tc-arm.c
@@ -25332,17 +25332,17 @@ static const struct arm_cpu_option_table arm_cpus[] =
"Cortex-A15"),
ARM_CPU_OPT ("cortex-a17", ARM_ARCH_V7VE, FPU_ARCH_NEON_VFP_V4,
"Cortex-A17"),
- ARM_CPU_OPT ("cortex-a32", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("cortex-a32", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Cortex-A32"),
- ARM_CPU_OPT ("cortex-a35", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("cortex-a35", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Cortex-A35"),
- ARM_CPU_OPT ("cortex-a53", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("cortex-a53", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Cortex-A53"),
- ARM_CPU_OPT ("cortex-a57", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("cortex-a57", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Cortex-A57"),
- ARM_CPU_OPT ("cortex-a72", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("cortex-a72", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Cortex-A72"),
- ARM_CPU_OPT ("cortex-a73", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("cortex-a73", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Cortex-A73"),
ARM_CPU_OPT ("cortex-r4", ARM_ARCH_V7R, FPU_NONE, "Cortex-R4"),
ARM_CPU_OPT ("cortex-r4f", ARM_ARCH_V7R, FPU_ARCH_VFP_V3D16,
@@ -25361,10 +25361,10 @@ static const struct arm_cpu_option_table arm_cpus[] =
ARM_CPU_OPT ("cortex-m1", ARM_ARCH_V6SM, FPU_NONE, "Cortex-M1"),
ARM_CPU_OPT ("cortex-m0", ARM_ARCH_V6SM, FPU_NONE, "Cortex-M0"),
ARM_CPU_OPT ("cortex-m0plus", ARM_ARCH_V6SM, FPU_NONE, "Cortex-M0+"),
- ARM_CPU_OPT ("exynos-m1", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("exynos-m1", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Samsung " \
"Exynos M1"),
- ARM_CPU_OPT ("qdf24xx", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("qdf24xx", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Qualcomm "
"QDF24XX"),
@@ -25389,7 +25389,7 @@ static const struct arm_cpu_option_table arm_cpus[] =
/* APM X-Gene family. */
ARM_CPU_OPT ("xgene1", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"APM X-Gene 1"),
- ARM_CPU_OPT ("xgene2", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("xgene2", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"APM X-Gene 2"),
{ NULL, 0, ARM_ARCH_NONE, ARM_ARCH_NONE, NULL }
diff --git a/include/opcode/arm.h b/include/opcode/arm.h
index 60715cf8..feace5cd 100644
--- a/include/opcode/arm.h
+++ b/include/opcode/arm.h
@@ -263,6 +263,8 @@
#define ARM_ARCH_V7M ARM_FEATURE_CORE (ARM_AEXT_V7M, ARM_EXT2_V6T2_V8M)
#define ARM_ARCH_V7EM ARM_FEATURE_CORE (ARM_AEXT_V7EM, ARM_EXT2_V6T2_V8M)
#define ARM_ARCH_V8A ARM_FEATURE_CORE (ARM_AEXT_V8A, ARM_AEXT2_V8A)
+#define ARM_ARCH_V8A_CRC ARM_FEATURE (ARM_AEXT_V8A, ARM_AEXT2_V8A, \
+ CRC_EXT_ARMV8)
#define ARM_ARCH_V8_1A ARM_FEATURE (ARM_AEXT_V8A, ARM_AEXT2_V8_1A, \
CRC_EXT_ARMV8 | FPU_NEON_EXT_RDMA)
#define ARM_ARCH_V8_2A ARM_FEATURE (ARM_AEXT_V8A, ARM_AEXT2_V8_2A, \
--
2.11.0
@@ -0,0 +1,29 @@
From 9e009647b14e810e06626dde7f1bb9ea3c375d09 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Wed, 13 Sep 2017 10:01:40 +0300
Subject: [PATCH] sdp: Fix Out-of-bounds heap read in service_search_attr_req
function
Check if there is enough data to continue otherwise return an error.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/sdpd-request.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sdpd-request.c b/src/sdpd-request.c
index 1eefdce1a..318d04467 100644
--- a/src/sdpd-request.c
+++ b/src/sdpd-request.c
@@ -917,7 +917,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
} else {
/* continuation State exists -> get from cache */
sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
- if (pCache) {
+ if (pCache && cstate->cStateValue.maxBytesSent < pCache->data_size) {
uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
pResponse = pCache->data;
memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
--
2.11.0
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
sha256 23ec973d4b4a4fe04f490d409e08ac5638afe3aa09acd7f520daaff38ba19b90 Botan-1.10.13.tgz
sha256 6c5472401d06527e87adcb53dd270f3c9b1fb688703b04dd7a7cfb86289efe52 Botan-1.10.16.tgz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
BOTAN_VERSION = 1.10.13
BOTAN_VERSION = 1.10.16
BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tgz
BOTAN_SITE = http://botan.randombit.net/releases
BOTAN_LICENSE = BSD-2c
+1 -1
View File
@@ -22,7 +22,7 @@ CONFIG_FEATURE_INSTALLER=y
# CONFIG_PAM is not set
CONFIG_LONG_OPTS=y
CONFIG_FEATURE_DEVPTS=y
CONFIG_FEATURE_CLEAN_UP=y
# CONFIG_FEATURE_CLEAN_UP is not set
CONFIG_FEATURE_UTMP=y
CONFIG_FEATURE_WTMP=y
# CONFIG_FEATURE_PIDFILE is not set
+1 -1
View File
@@ -22,7 +22,7 @@ CONFIG_FEATURE_INSTALLER=y
# CONFIG_PAM is not set
CONFIG_LONG_OPTS=y
CONFIG_FEATURE_DEVPTS=y
CONFIG_FEATURE_CLEAN_UP=y
# CONFIG_FEATURE_CLEAN_UP is not set
CONFIG_FEATURE_UTMP=y
CONFIG_FEATURE_WTMP=y
# CONFIG_FEATURE_PIDFILE is not set
+5 -1
View File
@@ -28,9 +28,13 @@ HOST_CCACHE_CONF_OPTS += --with-bundled-zlib
# BR2_CCACHE_DIR.
# - Change hard-coded last-ditch default to match path in .config, to avoid
# the need to specify BR_CACHE_DIR when invoking ccache directly.
# CCache replaces "%s" with the home directory of the current user,
# So rewrite BR_CACHE_DIR to take that into consideration for SDK purpose
HOST_CCACHE_DEFAULT_CCACHE_DIR = $(patsubst $(HOME)/%,\%s/%,$(BR_CACHE_DIR))
define HOST_CCACHE_PATCH_CONFIGURATION
sed -i 's,getenv("CCACHE_DIR"),getenv("BR_CACHE_DIR"),' $(@D)/ccache.c
sed -i 's,"%s/.ccache","$(BR_CACHE_DIR)",' $(@D)/conf.c
sed -i 's,"%s/.ccache","$(HOST_CCACHE_DEFAULT_CCACHE_DIR)",' $(@D)/conf.c
endef
HOST_CCACHE_POST_PATCH_HOOKS += HOST_CCACHE_PATCH_CONFIGURATION
+1
View File
@@ -46,6 +46,7 @@ define HOST_CMAKE_CONFIGURE_CMDS
-DCMAKE_C_FLAGS="$(HOST_CMAKE_CFLAGS)" \
-DCMAKE_CXX_FLAGS="$(HOST_CMAKE_CXXFLAGS)" \
-DCMAKE_EXE_LINKER_FLAGS="$(HOST_LDFLAGS)" \
-DCMAKE_USE_OPENSSL:BOOL=OFF \
-DBUILD_CursesDialog=OFF \
)
endef
@@ -0,0 +1,87 @@
From e170f3559fcda6d37a012aba187a96b1f42e8f9d Mon Sep 17 00:00:00 2001
From: Ruben Kerkhof <ruben@rubenkerkhof.com>
Date: Sun, 2 Jul 2017 21:52:14 +0200
Subject: [PATCH] libcollectdclient: increase error buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
make[1]: Entering directory '/home/ruben/src/collectd'
CC src/libcollectdclient/libcollectdclient_la-client.lo
src/libcollectdclient/client.c: In function ‘lcc_getval’:
src/libcollectdclient/client.c:621:23: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Wformat-truncation=]
LCC_SET_ERRSTR(c, "Server error: %s", res.message);
^ ~
src/libcollectdclient/client.c:94:48: note: in definition of macro ‘LCC_SET_ERRSTR’
snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__); \
^~~~~~~~~~~
src/libcollectdclient/client.c:94:5: note: ‘snprintf’ output between 15 and 1038 bytes into a destination of size 1024
snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__); \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/libcollectdclient/client.c:621:5: note: in expansion of macro ‘LCC_SET_ERRSTR’
LCC_SET_ERRSTR(c, "Server error: %s", res.message);
^~~~~~~~~~~~~~
src/libcollectdclient/client.c: In function ‘lcc_putval’:
src/libcollectdclient/client.c:754:23: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Wformat-truncation=]
LCC_SET_ERRSTR(c, "Server error: %s", res.message);
^ ~
src/libcollectdclient/client.c:94:48: note: in definition of macro ‘LCC_SET_ERRSTR’
snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__); \
^~~~~~~~~~~
src/libcollectdclient/client.c:94:5: note: ‘snprintf’ output between 15 and 1038 bytes into a destination of size 1024
snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__); \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/libcollectdclient/client.c:754:5: note: in expansion of macro ‘LCC_SET_ERRSTR’
LCC_SET_ERRSTR(c, "Server error: %s", res.message);
^~~~~~~~~~~~~~
src/libcollectdclient/client.c: In function ‘lcc_flush’:
src/libcollectdclient/client.c:802:23: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Wformat-truncation=]
LCC_SET_ERRSTR(c, "Server error: %s", res.message);
^ ~
src/libcollectdclient/client.c:94:48: note: in definition of macro ‘LCC_SET_ERRSTR’
snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__); \
^~~~~~~~~~~
src/libcollectdclient/client.c:94:5: note: ‘snprintf’ output between 15 and 1038 bytes into a destination of size 1024
snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__); \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/libcollectdclient/client.c:802:5: note: in expansion of macro ‘LCC_SET_ERRSTR’
LCC_SET_ERRSTR(c, "Server error: %s", res.message);
^~~~~~~~~~~~~~
src/libcollectdclient/client.c: In function ‘lcc_listval’:
src/libcollectdclient/client.c:834:23: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Wformat-truncation=]
LCC_SET_ERRSTR(c, "Server error: %s", res.message);
^ ~
src/libcollectdclient/client.c:94:48: note: in definition of macro ‘LCC_SET_ERRSTR’
snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__); \
^~~~~~~~~~~
src/libcollectdclient/client.c:94:5: note: ‘snprintf’ output between 15 and 1038 bytes into a destination of size 1024
snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__); \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/libcollectdclient/client.c:834:5: note: in expansion of macro ‘LCC_SET_ERRSTR’
LCC_SET_ERRSTR(c, "Server error: %s", res.message);
^~~~~~~~~~~~~~
Fixes #2200
[Upstream commit: https://git.octo.it/?p=collectd.git;a=commitdiff;h=e170f3559fcda6d37a012aba187a96b1f42e8f9d]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
src/libcollectdclient/client.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libcollectdclient/client.c b/src/libcollectdclient/client.c
index 51a4ab2..3ae2e71 100644
--- a/src/libcollectdclient/client.c
+++ b/src/libcollectdclient/client.c
@@ -99,7 +99,7 @@
*/
struct lcc_connection_s {
FILE *fh;
- char errbuf[1024];
+ char errbuf[2048];
};
struct lcc_response_s {
--
1.7.10.4
+1 -1
View File
@@ -1,2 +1,2 @@
# From https://www.kernel.org/pub/linux/network/connman/sha256sums.asc
sha256 bc8946036fa70124d663136f9f6b6238d897ca482782df907b07a428b09df5a0 connman-1.33.tar.xz
sha256 66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa connman-1.35.tar.xz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
CONNMAN_VERSION = 1.33
CONNMAN_VERSION = 1.35
CONNMAN_SOURCE = connman-$(CONNMAN_VERSION).tar.xz
CONNMAN_SITE = $(BR2_KERNEL_MIRROR)/linux/network/connman
CONNMAN_DEPENDENCIES = libglib2 dbus iptables
@@ -0,0 +1,78 @@
From 1252dc1d1f465b8ab6b36ff7252e395e66a040cf Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@debian.org>
Date: Fri, 21 Jul 2017 10:46:39 +0100
Subject: [PATCH 1/2] config-loader-expat: Tell Expat not to defend against
hash collisions
By default, Expat uses cryptographic-quality random numbers as a salt for
its hash algorithm, and since 2.2.1 it gets them from the getrandom
syscall on Linux. That syscall refuses to return any entropy until the
kernel's CSPRNG (random pool) has been initialized. Unfortunately, this
can take as long as 40 seconds on embedded devices with few entropy
sources, which is too long: if the system dbus-daemon blocks for that
length of time, important D-Bus clients like systemd and systemd-logind
time out and fail to connect to it.
We're parsing small configuration files here, and we trust them
completely, so we don't need to defend against hash collisions: nobody
is going to be crafting them to cause pathological performance.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101858
Signed-off-by: Simon McVittie <smcv@debian.org>
Tested-by: Christopher Hewitt <hewitt@ieee.org>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Upstream commit 1252dc1d1f465b8ab6b36ff7252e395e66a040cf
Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
---
bus/config-loader-expat.c | 14 ++++++++++++++
configure.ac | 8 ++++++++
2 files changed, 22 insertions(+)
diff --git a/bus/config-loader-expat.c b/bus/config-loader-expat.c
index b571fda3..27cbe2d0 100644
--- a/bus/config-loader-expat.c
+++ b/bus/config-loader-expat.c
@@ -203,6 +203,20 @@ bus_config_load (const DBusString *file,
goto failed;
}
+ /* We do not need protection against hash collisions (CVE-2012-0876)
+ * because we are only parsing trusted XML; and if we let Expat block
+ * waiting for the CSPRNG to be initialized, as it does by default to
+ * defeat CVE-2012-0876, it can cause timeouts during early boot on
+ * entropy-starved embedded devices.
+ *
+ * TODO: When Expat gets a more explicit API for this than
+ * XML_SetHashSalt, check for that too, and use it preferentially.
+ * https://github.com/libexpat/libexpat/issues/91 */
+#if defined(HAVE_XML_SETHASHSALT)
+ /* Any nonzero number will do. https://xkcd.com/221/ */
+ XML_SetHashSalt (expat, 4);
+#endif
+
if (!_dbus_string_get_dirname (file, &dirname))
{
dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
diff --git a/configure.ac b/configure.ac
index 52da11fb..c4022ed7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -938,6 +938,14 @@ XML_CFLAGS=
AC_SUBST([XML_CFLAGS])
AC_SUBST([XML_LIBS])
+save_cflags="$CFLAGS"
+save_libs="$LIBS"
+CFLAGS="$CFLAGS $XML_CFLAGS"
+LIBS="$LIBS $XML_LIBS"
+AC_CHECK_FUNCS([XML_SetHashSalt])
+CFLAGS="$save_cflags"
+LIBS="$save_libs"
+
# Thread lib detection
AC_ARG_VAR([THREAD_LIBS])
save_libs="$LIBS"
--
2.11.0
+2
View File
@@ -7,6 +7,8 @@
DBUS_VERSION = 1.10.16
DBUS_SITE = http://dbus.freedesktop.org/releases/dbus
DBUS_LICENSE = AFLv2.1 or GPLv2+ (library, tools), GPLv2+ (tools)
# 0001-config-loader-expat-Tell-Expat-not-to-defend-against.patch
DBUS_AUTORECONF = YES
DBUS_LICENSE_FILES = COPYING
DBUS_INSTALL_STAGING = YES
+1 -1
View File
@@ -6,7 +6,7 @@
DIALOG_VERSION = 1.2-20150125
DIALOG_SOURCE = dialog-$(DIALOG_VERSION).tgz
DIALOG_SITE = ftp://invisible-island.net/dialog
DIALOG_SITE = ftp://ftp.invisible-island.net/dialog
DIALOG_CONF_OPTS = --with-ncurses --with-curses-dir=$(STAGING_DIR)/usr \
--disable-rpath-hack
DIALOG_DEPENDENCIES = host-pkgconf ncurses
@@ -0,0 +1,129 @@
From 3fb715b55426875902dfef3056b2cf7335953178 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 19 May 2017 13:25:59 -0400
Subject: [PATCH] include sys/sysmacros.h as needed
The minor/major/makedev macros are not entirely standard. glibc has had
the definitions in sys/sysmacros.h since the start, and wants to move away
from always defining them implicitly via sys/types.h (as this pollutes the
namespace in violation of POSIX). Other C libraries have already dropped
them. Since the configure script already checks for this header, use that
to pull in the header in files that use these macros.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Upstream commit 3fb715b55426875902dfef3056b2cf7335953178
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
---
debugfs/debugfs.c | 3 +++
lib/blkid/devname.c | 3 +++
lib/blkid/devno.c | 3 +++
lib/ext2fs/finddev.c | 3 +++
lib/ext2fs/ismounted.c | 3 +++
misc/create_inode.c | 4 ++++
misc/mk_hugefiles.c | 3 +++
7 files changed, 22 insertions(+)
diff --git a/debugfs/debugfs.c b/debugfs/debugfs.c
index 059ddc39..453f5b52 100644
--- a/debugfs/debugfs.c
+++ b/debugfs/debugfs.c
@@ -26,6 +26,9 @@ extern char *optarg;
#include <errno.h>
#endif
#include <fcntl.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include "debugfs.h"
#include "uuid/uuid.h"
diff --git a/lib/blkid/devname.c b/lib/blkid/devname.c
index 3e2efa9d..671e781f 100644
--- a/lib/blkid/devname.c
+++ b/lib/blkid/devname.c
@@ -36,6 +36,9 @@
#if HAVE_SYS_MKDEV_H
#include <sys/mkdev.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include <time.h>
#include "blkidP.h"
diff --git a/lib/blkid/devno.c b/lib/blkid/devno.c
index aa6eb907..480030f2 100644
--- a/lib/blkid/devno.c
+++ b/lib/blkid/devno.c
@@ -31,6 +31,9 @@
#if HAVE_SYS_MKDEV_H
#include <sys/mkdev.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include "blkidP.h"
diff --git a/lib/ext2fs/finddev.c b/lib/ext2fs/finddev.c
index 311608de..62fa0dbe 100644
--- a/lib/ext2fs/finddev.c
+++ b/lib/ext2fs/finddev.c
@@ -31,6 +31,9 @@
#if HAVE_SYS_MKDEV_H
#include <sys/mkdev.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include "ext2_fs.h"
#include "ext2fs.h"
diff --git a/lib/ext2fs/ismounted.c b/lib/ext2fs/ismounted.c
index bcac0f15..7d524715 100644
--- a/lib/ext2fs/ismounted.c
+++ b/lib/ext2fs/ismounted.c
@@ -49,6 +49,9 @@
#if HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include "ext2_fs.h"
#include "ext2fs.h"
diff --git a/misc/create_inode.c b/misc/create_inode.c
index ae22ff6f..8ce3fafa 100644
--- a/misc/create_inode.c
+++ b/misc/create_inode.c
@@ -22,6 +22,10 @@
#include <attr/xattr.h>
#endif
#include <sys/ioctl.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+
#include <ext2fs/ext2fs.h>
#include <ext2fs/ext2_types.h>
#include <ext2fs/fiemap.h>
diff --git a/misc/mk_hugefiles.c b/misc/mk_hugefiles.c
index 049c6f41..5882394d 100644
--- a/misc/mk_hugefiles.c
+++ b/misc/mk_hugefiles.c
@@ -35,6 +35,9 @@ extern int optind;
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/stat.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include <libgen.h>
#include <limits.h>
#include <blkid/blkid.h>
--
2.13.3
@@ -0,0 +1,51 @@
From a542b169003c2ef95ce6c00d40050eb10568b612 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 6 Feb 2017 16:34:54 -0500
Subject: [PATCH] Remove extra const keywords gcc 7 gripes about.
Signed-off-by: Peter Jones <pjones@redhat.com>
[Backported from upstream commit a542b169003c2ef95ce6c00d40050eb10568b612]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
src/efibootdump.c | 2 +-
src/efibootmgr.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/efibootdump.c b/src/efibootdump.c
index 6ff8360..30a1943 100644
--- a/src/efibootdump.c
+++ b/src/efibootdump.c
@@ -39,7 +39,7 @@ print_boot_entry(efi_load_option *loadopt, size_t data_size)
uint8_t *optional_data = NULL;
size_t optional_data_len = 0;
uint16_t pathlen;
- const unsigned char const *desc;
+ const unsigned char *desc;
char *raw;
size_t raw_len;
diff --git a/src/efibootmgr.c b/src/efibootmgr.c
index 493f2cf..90a0998 100644
--- a/src/efibootmgr.c
+++ b/src/efibootmgr.c
@@ -221,7 +221,7 @@ warn_duplicate_name(list_t *var_list)
list_t *pos;
var_entry_t *entry;
efi_load_option *load_option;
- const unsigned char const *desc;
+ const unsigned char *desc;
list_for_each(pos, var_list) {
entry = list_entry(pos, var_entry_t, list);
@@ -873,7 +873,7 @@ show_vars(const char *prefix)
{
list_t *pos;
var_entry_t *boot;
- const unsigned char const *description;
+ const unsigned char *description;
efi_load_option *load_option;
efidp dp = NULL;
unsigned char *optional_data = NULL;
--
2.9.4
@@ -0,0 +1,47 @@
From 1c7c0f71c9d22efda4156881eb187b8c69d1cca7 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 6 Feb 2017 14:28:19 -0500
Subject: [PATCH] Remove some extra "const" that gcc complains about.
One of these days I'll get these right.
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream commit 1c7c0f71c9d22e.
src/include/efivar/efiboot-loadopt.h | 4 ++--
src/loadopt.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/include/efivar/efiboot-loadopt.h b/src/include/efivar/efiboot-loadopt.h
index 07db5c4c53e3..efc29c69d47e 100644
--- a/src/include/efivar/efiboot-loadopt.h
+++ b/src/include/efivar/efiboot-loadopt.h
@@ -32,8 +32,8 @@ extern ssize_t efi_loadopt_create(uint8_t *buf, ssize_t size,
extern efidp efi_loadopt_path(efi_load_option *opt, ssize_t limit)
__attribute__((__nonnull__ (1)));
-extern const unsigned char const * efi_loadopt_desc(efi_load_option *opt,
- ssize_t limit)
+extern const unsigned char * efi_loadopt_desc(efi_load_option *opt,
+ ssize_t limit)
__attribute__((__visibility__ ("default")))
__attribute__((__nonnull__ (1)));
extern uint32_t efi_loadopt_attrs(efi_load_option *opt)
diff --git a/src/loadopt.c b/src/loadopt.c
index a63ca792d2dc..ce889867fd29 100644
--- a/src/loadopt.c
+++ b/src/loadopt.c
@@ -357,7 +357,7 @@ teardown(void)
__attribute__((__nonnull__ (1)))
__attribute__((__visibility__ ("default")))
-const unsigned char const *
+const unsigned char *
efi_loadopt_desc(efi_load_option *opt, ssize_t limit)
{
if (last_desc) {
--
2.13.2
@@ -1,29 +0,0 @@
From 602e6c78ca750c082b72f8cdf4a38839b312959f Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Sun, 18 Jun 2017 18:55:10 +0200
Subject: [PATCH] configure.ac: Fix mis-detection of getrandom on Debian
GNU/kFreeBSD (#50)
There is no such thing but we need to link (not just compile) to realize.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
expat/configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 1357c9a..444c002 100644
--- a/configure.ac
+++ b/configure.ac
@@ -130,7 +130,7 @@ AC_LINK_IFELSE([AC_LANG_SOURCE([
AC_MSG_CHECKING([for getrandom (Linux 3.17+, glibc 2.25+)])
-AC_COMPILE_IFELSE([AC_LANG_SOURCE([
+AC_LINK_IFELSE([AC_LANG_SOURCE([
#include <stdlib.h> /* for NULL */
#include <sys/random.h>
int main() {
--
2.11.0
+4 -4
View File
@@ -1,5 +1,5 @@
# From https://sourceforge.net/projects/expat/files/expat/2.2.1/
md5 d9c3baeab58774cefc2f04faf29f2cf8 expat-2.2.1.tar.bz2
sha1 f45eb724f182776a9cacec9ed70d549e87198987 expat-2.2.1.tar.bz2
# From https://sourceforge.net/projects/expat/files/expat/2.2.2/
md5 1ede9a41223c78528b8c5d23e69a2667 expat-2.2.2.tar.bz2
sha1 891cee988b38d5d66953f62f94c3150b8810a70a expat-2.2.2.tar.bz2
# Calculated based on the hashes above
sha256 1868cadae4c82a018e361e2b2091de103cd820aaacb0d6cfa49bd2cd83978885 expat-2.2.1.tar.bz2
sha256 4376911fcf81a23ebd821bbabc26fd933f3ac74833f74924342c29aad2c86046 expat-2.2.2.tar.bz2
+10 -3
View File
@@ -4,7 +4,7 @@
#
################################################################################
EXPAT_VERSION = 2.2.1
EXPAT_VERSION = 2.2.2
EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.bz2
EXPAT_INSTALL_STAGING = YES
@@ -14,8 +14,15 @@ EXPAT_DEPENDENCIES = host-pkgconf
HOST_EXPAT_DEPENDENCIES = host-pkgconf
EXPAT_LICENSE = MIT
EXPAT_LICENSE_FILES = COPYING
# for 0001-configure.ac-Fix-mis-detection-of-getrandom-on-Debia.patch
EXPAT_AUTORECONF = YES
# Kernel versions older than 3.17 do not support getrandom()
ifeq ($(BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_17),)
EXPAT_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) -DXML_POOR_ENTROPY"
endif
# Make build succeed on host kernel older than 3.17. getrandom() will still
# be used on newer kernels.
HOST_EXPAT_CONF_ENV += CPPFLAGS="$(HOST_CPPFLAGS) -DXML_POOR_ENTROPY"
$(eval $(autotools-package))
$(eval $(host-autotools-package))
@@ -0,0 +1,40 @@
From 6787914efad562e4097a153988109c5c7158abf7 Mon Sep 17 00:00:00 2001
From: Baruch Siach <baruch@tkos.co.il>
Date: Wed, 16 Aug 2017 13:35:57 +0300
Subject: [PATCH] getopt: fix strncmp() declaration
The strncmp() declaration does not conform with the standard as to the
type of the 'n' parameter. Fix this to avoid the following build failure
with musl libc:
n file included from main.c:61:0:
getopt.c:175:13: error: conflicting types for 'strncmp'
extern int strncmp(const char *s1, const char *s2, unsigned int n);
^~~~~~~
In file included from main.c:49:0:
.../host/x86_64-buildroot-linux-musl/sysroot/usr/include/string.h:38:5: note: previous declaration of 'strncmp' was here
int strncmp (const char *, const char *, size_t);
^~~~~~~
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: https://sourceforge.net/p/faac/bugs/217/
frontend/getopt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/frontend/getopt.c b/frontend/getopt.c
index 185d49b804dd..40c7a2242551 100644
--- a/frontend/getopt.c
+++ b/frontend/getopt.c
@@ -172,7 +172,7 @@ static enum
#if __STDC__ || defined(PROTO)
extern char *getenv(const char *name);
extern int strcmp (const char *s1, const char *s2);
-extern int strncmp(const char *s1, const char *s2, unsigned int n);
+extern int strncmp(const char *s1, const char *s2, size_t n);
static int my_strlen(const char *s);
static char *my_index (const char *str, int chr);
--
2.14.1
+3 -3
View File
@@ -1,4 +1,4 @@
# From http://sourceforge.net/projects/faac/files/faad2-src/faad2-2.7/ (used by upstream):
sha1 80eaaa5cc576c35dd28863767b795c50cbcc0511 faad2-2.7.tar.gz
# From http://sourceforge.net/projects/faac/files/faad2-src/faad2-2.8.0/ (used by upstream):
sha1 a5caa71cd915acd502d96cba56f38296277f2350 faad2-2.8.1.tar.bz2
# Locally computed
sha256 ee26ed1e177c0cd8fa8458a481b14a0b24ca0b51468c8b4c8b676fd3ceccd330 faad2-2.7.tar.gz
sha256 f4042496f6b0a60f5ded6acd11093230044ef8a2fd965360c1bbd5b58780933d faad2-2.8.1.tar.bz2
+6 -2
View File
@@ -4,10 +4,14 @@
#
################################################################################
FAAD2_VERSION = 2.7
FAAD2_SITE = http://downloads.sourceforge.net/project/faac/faad2-src/faad2-$(FAAD2_VERSION)
FAAD2_VERSION_MAJOR = 2.8
FAAD2_VERSION = $(FAAD2_VERSION_MAJOR).1
FAAD2_SITE = http://downloads.sourceforge.net/project/faac/faad2-src/faad2-$(FAAD2_VERSION_MAJOR).0
FAAD2_SOURCE = faad2-$(FAAD2_VERSION).tar.bz2
FAAD2_LICENSE = GPLv2
FAAD2_LICENSE_FILES = COPYING
# No configure script in upstream tarball
FAAD2_AUTORECONF = YES
# frontend/faad calls frexp()
FAAD2_CONF_ENV = LIBS=-lm
FAAD2_INSTALL_STAGING = YES
@@ -0,0 +1,46 @@
From a853f21633693f9eefc4949660253a5328d2d2f3 Mon Sep 17 00:00:00 2001
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
Date: Sun, 13 Aug 2017 23:21:54 +0200
Subject: [PATCH 1/1] communicate: check return status of msgrcv()
msgrcv can return with -1 to indicate an error condition.
One such error is to have been interrupted by a signal.
Being interrupted by a signal is very rare in this code, except in a
very special condition: a highly-parallel (1000 jobs!) mksquashfs on
a filesystem with extended attributes, where we see errors like (those
are mksquashfs errors):
llistxattr for titi/603/883 failed in read_attrs, because Unknown
error 1716527536
See: https://bugs.busybox.net/show_bug.cgi?id=10141
In this case, we just have to retry the call to msgrcv().
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
communicate.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/communicate.c b/communicate.c
index 293f404..787bb63 100644
--- a/communicate.c
+++ b/communicate.c
@@ -553,10 +553,13 @@ void send_get_fakem(struct fake_msg *buf)
l=msgrcv(msg_get,
(struct my_msgbuf*)buf,
sizeof(*buf)-sizeof(buf->mtype),0,0);
- while((buf->serial!=serial)||buf->pid!=pid);
+ while(((l==-1)&&(errno==EINTR))||(buf->serial!=serial)||buf->pid!=pid);
semaphore_down();
+ if(l==-1)
+ buf->xattr.flags_rc=errno;
+
/*
(nah, may be wrong, due to allignment)
--
2.11.0
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated
sha256 54ce502aca10b7e6059f19220ea2f68fa0c9c4c4d255ae13e615f08f0c94dcc5 ffmpeg-3.2.3.tar.xz
sha256 42e7362692318afc666f14378dd445effa9a1b09787504a6ab5811fe442674cd ffmpeg-3.2.8.tar.xz
+10 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
FFMPEG_VERSION = 3.2.3
FFMPEG_VERSION = 3.2.8
FFMPEG_SOURCE = ffmpeg-$(FFMPEG_VERSION).tar.xz
FFMPEG_SITE = http://ffmpeg.org/releases
FFMPEG_INSTALL_STAGING = YES
@@ -44,6 +44,9 @@ FFMPEG_CONF_OPTS = \
--disable-mipsdspr2 \
--disable-msa \
--enable-hwaccels \
--disable-cuda \
--disable-cuvid \
--disable-nvenc \
--disable-avisynth \
--disable-frei0r \
--disable-libopencore-amrnb \
@@ -159,12 +162,18 @@ endif
ifeq ($(BR2_PACKAGE_FFMPEG_INDEVS),y)
FFMPEG_CONF_OPTS += --enable-indevs
ifeq ($(BR2_PACKAGE_ALSA_LIB),y)
FFMPEG_DEPENDENCIES += alsa-lib
endif
else
FFMPEG_CONF_OPTS += --disable-indevs
endif
ifeq ($(BR2_PACKAGE_FFMPEG_OUTDEVS),y)
FFMPEG_CONF_OPTS += --enable-outdevs
ifeq ($(BR2_PACKAGE_ALSA_LIB),y)
FFMPEG_DEPENDENCIES += alsa-lib
endif
else
FFMPEG_CONF_OPTS += --disable-outdevs
endif
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated
sha256 ea661277cd39bf8f063d3a83ee875432cc3680494169f952787e002bdd3884c0 file-5.29.tar.gz
sha256 8639dc4d1b21e232285cd483604afc4a6ee810710e00e579dbe9591681722b50 file-5.32.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
FILE_VERSION = 5.29
FILE_VERSION = 5.32
FILE_SITE = ftp://ftp.astron.com/pub/file
FILE_DEPENDENCIES = host-file zlib
HOST_FILE_DEPENDENCIES = host-zlib
+2 -1
View File
@@ -12,7 +12,8 @@ FLASHROM_LICENSE = GPLv2+
FLASHROM_LICENSE_FILES = COPYING
define FLASHROM_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D)
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
CFLAGS="$(TARGET_CFLAGS) -DHAVE_STRNLEN" -C $(@D)
endef
define FLASHROM_INSTALL_TARGET_CMDS
@@ -0,0 +1,31 @@
From 65a3028024a5963d9b988d70fe7ebe116c731310 Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Mon, 11 Sep 2017 21:53:38 +0000
Subject: [PATCH] xtensa: fix PR target/82181
2017-09-11 Max Filippov <jcmvbkbc@gmail.com>
gcc/
Backport from mainline
* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
words of DImode object are reachable by xtensa_uimm8x4 access.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
index f08854729f50..4b94179636e0 100644
--- a/gcc/config/xtensa/xtensa.c
+++ b/gcc/config/xtensa/xtensa.c
@@ -599,6 +599,7 @@ xtensa_mem_offset (unsigned v, enum machine_mode mode)
case HImode:
return xtensa_uimm8x2 (v);
+ case DImode:
case DFmode:
return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
--
2.1.4
@@ -0,0 +1,31 @@
From 672910e3d1215b781cf0e4757e473f6a25ebf756 Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Mon, 11 Sep 2017 21:53:38 +0000
Subject: [PATCH] xtensa: fix PR target/82181
2017-09-11 Max Filippov <jcmvbkbc@gmail.com>
gcc/
Backport from mainline
* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
words of DImode object are reachable by xtensa_uimm8x4 access.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
index 67b369f015ad..3d1d981f885d 100644
--- a/gcc/config/xtensa/xtensa.c
+++ b/gcc/config/xtensa/xtensa.c
@@ -612,6 +612,7 @@ xtensa_mem_offset (unsigned v, enum machine_mode mode)
case HImode:
return xtensa_uimm8x2 (v);
+ case DImode:
case DFmode:
return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
--
2.1.4
@@ -0,0 +1,36 @@
From 205aa8e97bab553e5e6fe45896325e97962de704 Mon Sep 17 00:00:00 2001
From: Rolf Eike Beer <eb@emlix.com>
Date: Wed, 8 Feb 2017 11:42:52 +0100
Subject: [PATCH] asan: fix missing include of signal.h
This breaks when building gcc 4.9.4 / 5.4.0 with
target_platform=powerpc-unknown-linux-gnu with glibc 2.25:
../../../../gcc-host/libsanitizer/asan/asan_linux.cc: In function 'bool __asan::AsanInterceptsSignal(int)':
../../../../gcc-host/libsanitizer/asan/asan_linux.cc:222:20: error: 'SIGSEGV' was not declared in this scope
return signum == SIGSEGV && common_flags()->handle_segv;
This has been verified to apply to at least 4.9.4 and up to 5.4,
the code has been reworked for gcc 6.
Resolves (Buildroot) Bug: https://bugs.busybox.net/show_bug.cgi?id=10061
Upstream: https://patchwork.ozlabs.org/patch/725596/
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
libsanitizer/asan/asan_linux.cc | 1 +
1 file changed, 1 insertion(+)
diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc
index c504168..59087b9 100644
--- a/libsanitizer/asan/asan_linux.cc
+++ b/libsanitizer/asan/asan_linux.cc
@@ -29,6 +29,7 @@
#include <dlfcn.h>
#include <fcntl.h>
#include <pthread.h>
+#include <signal.h>
#include <stdio.h>
#include <unistd.h>
#include <unwind.h>
@@ -0,0 +1,31 @@
From 329c471661493e48e0fc65fa6c17ef86517483ed Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Mon, 11 Sep 2017 21:53:38 +0000
Subject: [PATCH] xtensa: fix PR target/82181
2017-09-11 Max Filippov <jcmvbkbc@gmail.com>
gcc/
Backport from mainline
* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
words of DImode object are reachable by xtensa_uimm8x4 access.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
index 36ab1e370853..bf02fceb416e 100644
--- a/gcc/config/xtensa/xtensa.c
+++ b/gcc/config/xtensa/xtensa.c
@@ -637,6 +637,7 @@ xtensa_mem_offset (unsigned v, machine_mode mode)
case HImode:
return xtensa_uimm8x2 (v);
+ case DImode:
case DFmode:
return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
--
2.1.4
@@ -0,0 +1,36 @@
From 205aa8e97bab553e5e6fe45896325e97962de704 Mon Sep 17 00:00:00 2001
From: Rolf Eike Beer <eb@emlix.com>
Date: Wed, 8 Feb 2017 11:42:52 +0100
Subject: [PATCH] asan: fix missing include of signal.h
This breaks when building gcc 4.9.4 / 5.4.0 with
target_platform=powerpc-unknown-linux-gnu with glibc 2.25:
../../../../gcc-host/libsanitizer/asan/asan_linux.cc: In function 'bool __asan::AsanInterceptsSignal(int)':
../../../../gcc-host/libsanitizer/asan/asan_linux.cc:222:20: error: 'SIGSEGV' was not declared in this scope
return signum == SIGSEGV && common_flags()->handle_segv;
This has been verified to apply to at least 4.9.4 and up to 5.4,
the code has been reworked for gcc 6.
Resolves (Buildroot) Bug: https://bugs.busybox.net/show_bug.cgi?id=10061
Upstream: https://patchwork.ozlabs.org/patch/725596/
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
libsanitizer/asan/asan_linux.cc | 1 +
1 file changed, 1 insertion(+)
diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc
index c504168..59087b9 100644
--- a/libsanitizer/asan/asan_linux.cc
+++ b/libsanitizer/asan/asan_linux.cc
@@ -29,6 +29,7 @@
#include <dlfcn.h>
#include <fcntl.h>
#include <pthread.h>
+#include <signal.h>
#include <stdio.h>
#include <unistd.h>
#include <unwind.h>
@@ -0,0 +1,31 @@
From dc90c186f755e726a097c9bb8bf6c4e7a45d8a07 Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Mon, 11 Sep 2017 21:53:38 +0000
Subject: [PATCH] xtensa: fix PR target/82181
2017-09-11 Max Filippov <jcmvbkbc@gmail.com>
gcc/
Backport from mainline
* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
words of DImode object are reachable by xtensa_uimm8x4 access.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
index 70f698aba0ae..750b685b23e7 100644
--- a/gcc/config/xtensa/xtensa.c
+++ b/gcc/config/xtensa/xtensa.c
@@ -601,6 +601,7 @@ xtensa_mem_offset (unsigned v, machine_mode mode)
case HImode:
return xtensa_uimm8x2 (v);
+ case DImode:
case DFmode:
return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
--
2.1.4
-32
View File
@@ -1,32 +0,0 @@
Fix gdlib-config
Since the @LIBICONV@ macro doesn't get replaced at compile time, we
end up installing an invalid gdlib-config: the gdlib-config --libs
says that one should link against @LIBICONV@ which obviously doesn't
work.
Use the OpenWRT patch from
https://dev.openwrt.org/browser/packages/libs/gd/patches/101-gdlib-config.patch
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
--- a/config/gdlib-config.in
+++ b/config/gdlib-config.in
@@ -71,7 +71,7 @@ while test $# -gt 0; do
echo @LDFLAGS@
;;
--libs)
- echo -lgd @LIBS@ @LIBICONV@
+ echo -lgd @LIBS@
;;
--cflags|--includes)
echo -I@includedir@
@@ -84,7 +84,7 @@ while test $# -gt 0; do
echo "includedir: $includedir"
echo "cflags: -I@includedir@"
echo "ldflags: @LDFLAGS@"
- echo "libs: @LIBS@ @LIBICONV@"
+ echo "libs: @LIBS@"
echo "libdir: $libdir"
echo "features: @FEATURES@"
;;
@@ -1,50 +0,0 @@
From ea2a03e983acf34a1320b460dcad43b7e0b0b14f Mon Sep 17 00:00:00 2001
Message-Id: <ea2a03e983acf34a1320b460dcad43b7e0b0b14f.1397134306.git.baruch@tkos.co.il>
From: Baruch Siach <baruch@tkos.co.il>
Date: Thu, 10 Apr 2014 15:49:13 +0300
Subject: [PATCH] gd_bmp: fix build with uClibc
Some architectures (like ARM) don't have the long double variants of math
functions under uClibc. Add a local ceill definition in this case.
Patch status: reported upstream,
https://bitbucket.org/libgd/gd-libgd/issue/123/build-failure-agains-uclibc-arm
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
src/gd_bmp.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/gd_bmp.c b/src/gd_bmp.c
index 0fc021909f1b..11b3ec1baa01 100644
--- a/src/gd_bmp.c
+++ b/src/gd_bmp.c
@@ -25,6 +25,11 @@
#include "gdhelpers.h"
#include "bmp.h"
+#include <features.h>
+#if defined (__UCLIBC__) && !defined(__UCLIBC_HAS_LONG_DOUBLE_MATH__)
+#define NO_LONG_DOUBLE
+#endif
+
static int compress_row(unsigned char *uncompressed_row, int length);
static int build_rle_packet(unsigned char *row, int packet_type, int length, unsigned char *data);
@@ -42,6 +47,13 @@ static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
#define BMP_DEBUG(s)
+#ifdef NO_LONG_DOUBLE
+long double ceill(long double x)
+{
+ return (long double) ceil((double) x);
+}
+#endif
+
static int gdBMPPutWord(gdIOCtx *out, int w)
{
/* Byte order is little-endian */
--
1.9.1
+2 -1
View File
@@ -1,2 +1,3 @@
# Locally calculated
sha256 137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6 libgd-2.2.4.tar.xz
sha256 8c302ccbf467faec732f0741a859eef4ecae22fea2d2ab87467be940842bde51 libgd-2.2.5.tar.xz
sha256 d02dae2141d49b8a6b09b2b73e68a8f17d7bbeaaf02b3b841ee11fea2d9e328d COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
GD_VERSION = 2.2.4
GD_VERSION = 2.2.5
GD_SOURCE = libgd-$(GD_VERSION).tar.xz
GD_SITE = https://github.com/libgd/libgd/releases/download/gd-$(GD_VERSION)
GD_INSTALL_STAGING = YES
@@ -0,0 +1,41 @@
From 09a2c3e0164545324a1ddee70f5c9fdee71e2079 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Sun, 18 Jun 2017 23:09:43 +0200
Subject: [PATCH] nat/linux-ptrace.c: add missing gdb_byte* cast
On noMMU platforms, the following code gets compiled:
child_stack = xmalloc (STACK_SIZE * 4);
Where child_stack is a gdb_byte*, and xmalloc() returns a void*. While
the lack of cast is valid in C, it is not in C++, causing the
following build failure:
../nat/linux-ptrace.c: In function 'int linux_fork_to_function(gdb_byte*, int (*)(void*))':
../nat/linux-ptrace.c:273:29: error: invalid conversion from 'void*' to 'gdb_byte* {aka unsigned char*}' [-fpermissive]
child_stack = xmalloc (STACK_SIZE * 4);
Therefore, this commit adds the appropriate cast.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Upstream commit: ffce45d2243e5f52f411e314fc4e1a69f431a81f]
---
gdb/nat/linux-ptrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gdb/nat/linux-ptrace.c b/gdb/nat/linux-ptrace.c
index 3447e07..33833e2 100644
--- a/gdb/nat/linux-ptrace.c
+++ b/gdb/nat/linux-ptrace.c
@@ -270,7 +270,7 @@ linux_fork_to_function (gdb_byte *child_stack, int (*function) (void *))
#define STACK_SIZE 4096
if (child_stack == NULL)
- child_stack = xmalloc (STACK_SIZE * 4);
+ child_stack = (gdb_byte*) xmalloc (STACK_SIZE * 4);
/* Use CLONE_VM instead of fork, to support uClinux (no MMU). */
#ifdef __ia64__
--
2.9.4
+1
View File
@@ -189,6 +189,7 @@ HOST_GDB_CONF_OPTS = \
--enable-threads \
--disable-werror \
--without-included-gettext \
--with-curses \
$(GDB_DISABLE_BINUTILS_CONF_OPTS)
ifeq ($(BR2_PACKAGE_HOST_GDB_TUI),y)
+4 -2
View File
@@ -1,2 +1,4 @@
# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.4.sha256sum
sha256 0b19901c3eb0596141d2d48ddb9dac79ad1524bdf59366af58ab38fcb9ee7463 gdk-pixbuf-2.36.4.tar.xz
# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.10.sha256sum
sha256 f8f6fa896b89475c73b6e9e8d2a2b062fc359c4b4ccb8e96470d6ab5da949ace gdk-pixbuf-2.36.10.tar.xz
# Locally calculated
sha256 d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5 COPYING
+13 -1
View File
@@ -5,7 +5,7 @@
################################################################################
GDK_PIXBUF_VERSION_MAJOR = 2.36
GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).4
GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).10
GDK_PIXBUF_SOURCE = gdk-pixbuf-$(GDK_PIXBUF_VERSION).tar.xz
GDK_PIXBUF_SITE = http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/$(GDK_PIXBUF_VERSION_MAJOR)
GDK_PIXBUF_LICENSE = LGPLv2+
@@ -20,6 +20,9 @@ GDK_PIXBUF_CONF_ENV = \
ac_cv_path_GLIB_GENMARSHAL=$(LIBGLIB2_HOST_BINARY) \
gio_can_sniff=no
HOST_GDK_PIXBUF_CONF_ENV = \
gio_can_sniff=no
GDK_PIXBUF_CONF_OPTS = --disable-glibtest
ifneq ($(BR2_PACKAGE_LIBPNG),y)
@@ -73,5 +76,14 @@ define GDK_PIXBUF_DISABLE_TESTS
endef
GDK_PIXBUF_POST_PATCH_HOOKS += GDK_PIXBUF_DISABLE_TESTS
# Target gdk-pixbuf needs loaders.cache populated to build for the
# thumbnailer. Use the host-built since it matches the target options
# regarding mime types (which is the used information).
define GDK_PIXBUF_COPY_LOADERS_CACHE
cp -f $(HOST_DIR)/usr/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache \
$(@D)/gdk-pixbuf
endef
GDK_PIXBUF_PRE_BUILD_HOOKS += GDK_PIXBUF_COPY_LOADERS_CACHE
$(eval $(autotools-package))
$(eval $(host-autotools-package))
+1 -1
View File
@@ -1,2 +1,2 @@
# From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
sha256 016124c54ce2db7a4c2bd26b0de21fbf8f6bcaee04842aa221c7243141df4e42 git-2.12.3.tar.xz
sha256 f8b8ac499034e9f6e44e67dd54351bc5654e228e4cd3b55f6f1c8e736c977ce6 git-2.12.4.tar.xz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
GIT_VERSION = 2.12.3
GIT_VERSION = 2.12.4
GIT_SOURCE = git-$(GIT_VERSION).tar.xz
GIT_SITE = https://www.kernel.org/pub/software/scm/git
GIT_LICENSE = GPLv2, LGPLv2.1+
+3 -4
View File
@@ -1,4 +1,3 @@
# From https://lists.gnu.org/archive/html/info-gnu/2016-08/msg00008.html
sha1 e3bdb585026f752ae91360f45c28e76e4a15d338 gnupg-1.4.21.tar.bz2
# Locally computed
sha256 6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276 gnupg-1.4.21.tar.bz2
# Locally computed based on signature
# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-1.4.22.tar.bz2.sig
sha256 9594a24bec63a21568424242e3f198b9d9828dea5ff0c335e47b06f835f930b4 gnupg-1.4.22.tar.bz2
+2 -2
View File
@@ -4,9 +4,9 @@
#
################################################################################
GNUPG_VERSION = 1.4.21
GNUPG_VERSION = 1.4.22
GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
GNUPG_SITE = ftp://ftp.gnupg.org/gcrypt/gnupg
GNUPG_SITE = https://gnupg.org/ftp/gcrypt/gnupg
GNUPG_LICENSE = GPLv3+
GNUPG_LICENSE_FILES = COPYING
GNUPG_DEPENDENCIES = zlib ncurses $(if $(BR2_PACKAGE_LIBICONV),libiconv)
@@ -0,0 +1,29 @@
From eb7cce5dbb53a64cf55ac0d9a7fa4dcbebd4b173 Mon Sep 17 00:00:00 2001
From: Waldemar Brodkorb <wbx@openadk.org>
Date: Mon, 14 Aug 2017 23:24:38 +0200
Subject: [PATCH] SConstruct: do not force -O2 by default
-O2 can cause problems on some architectures, so do not force it by
default.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
---
SConstruct | 2 --
1 file changed, 2 deletions(-)
diff --git a/SConstruct b/SConstruct
index fe444a2..93d91a4 100644
--- a/SConstruct
+++ b/SConstruct
@@ -330,8 +330,6 @@ if not 'CCFLAGS' in os.environ:
# Should we build with optimisation?
if env['debug'] or env['coveraging']:
env.Append(CCFLAGS=['-O0'])
- else:
- env.Append(CCFLAGS=['-O2'])
# Get a slight speedup by not doing automatic RCS and SCCS fetches.
env.SourceCode('.', None)
--
2.9.4
+1 -1
View File
@@ -44,7 +44,7 @@ endif
# A bug was reported to the gcc bug tracker:
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68485
ifeq ($(BR2_microblaze),y)
GPSD_CFLAGS += -fno-expensive-optimizations -fno-schedule-insns
GPSD_CFLAGS += -O0
endif
# Enable or disable Qt binding
@@ -0,0 +1,60 @@
From daaf649bda7231fd0d760802232a36ba62a4ea2d Mon Sep 17 00:00:00 2001
From: Clemens Lang <cal@macports.org>
Date: Sun, 13 Aug 2017 21:17:18 +0200
Subject: [PATCH] openjpeg: Fix build against openjpeg 2.2
OpenJPEG 2.2 has some API changes and thus ships its headers in a new
include path. Add a configure check (to both meson and autoconf) to
detect the newer version of OpenJPEG and add conditional includes.
Fix the autoconf test for OpenJPEG 2.1, which checked for HAVE_OPENJPEG,
which was always set even for 2.0.
https://bugzilla.gnome.org/show_bug.cgi?id=786250
[Peter: drop meson changes for 2017.02.x]
Upstream: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/patch/?id=15f24fef53a955c7c76fc966302cb0453732e657
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
configure.ac | 7 ++++++-
ext/openjpeg/gstopenjpeg.h | 4 +++-
2 files changed, 22 insertions(+), 10 deletions(-)
diff --git a/configure.ac b/configure.ac
index 30e26b8..c4f08c7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2813,8 +2813,13 @@ AG_GST_CHECK_FEATURE(OPENJPEG, [openjpeg library], openjpeg, [
if test x"$HAVE_OPENJPEG" = x"yes"; then
dnl minor API changes in v2.1
AG_GST_PKG_CHECK_MODULES(OPENJPEG_2_1, libopenjp2 >= 2.1)
- if test x"$HAVE_OPENJPEG" = x"yes"; then
+ if test x"$HAVE_OPENJPEG_2_1" = x"yes"; then
AC_DEFINE([HAVE_OPENJPEG_2_1], 1, [Define if OpenJPEG 2.1 is used])
+ dnl include paths changed for v2.2
+ AG_GST_PKG_CHECK_MODULES(OPENJPEG_2_2, libopenjp2 >= 2.2)
+ if test x"$HAVE_OPENJPEG_2_2" = x"yes"; then
+ AC_DEFINE([HAVE_OPENJPEG_2_2], 1, [Define if OpenJPEG 2.2 is used])
+ fi
fi
else
# Fallback to v1.5
diff --git a/ext/openjpeg/gstopenjpeg.h b/ext/openjpeg/gstopenjpeg.h
index 03ce52e..52410a4 100644
--- a/ext/openjpeg/gstopenjpeg.h
+++ b/ext/openjpeg/gstopenjpeg.h
@@ -38,7 +38,9 @@
#define OPJ_CPRL CPRL
#else
#include <stdio.h>
-# ifdef HAVE_OPENJPEG_2_1
+# if defined(HAVE_OPENJPEG_2_2)
+# include <openjpeg-2.2/openjpeg.h>
+# elif defined(HAVE_OPENJPEG_2_1)
# include <openjpeg-2.1/openjpeg.h>
# else
# include <openjpeg-2.0/openjpeg.h>
--
2.12.3
@@ -13,6 +13,10 @@ GST1_PLUGINS_BAD_LICENSE_FILES = COPYING COPYING.LIB
# enabled.
GST1_PLUGINS_BAD_LICENSE = LGPLv2+, LGPLv2.1+
# patch 0001-openjpeg-Fix-build-against-openjpeg-2.2.patch touches configure.ac
GST1_PLUGINS_BAD_AUTORECONF = YES
GST1_PLUGINS_BAD_GETTEXTIZE = YES
GST1_PLUGINS_BAD_CONF_OPTS = \
--disable-examples \
--disable-valgrind \
+2 -2
View File
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
sha256 cee58ab3a4ce79f243a3e73f465dac19fe2b93ef1c5ff244d6f1d689fedbde2d heimdal-7.1.0.tar.gz
# Locally calculated
sha256 3de14ecd36ad21c1694a13da347512b047f4010d176fe412820664cb5d1429ad heimdal-7.4.0.tar.gz
+3 -2
View File
@@ -4,8 +4,8 @@
#
################################################################################
HEIMDAL_VERSION = 7.1.0
HEIMDAL_SITE = http://www.h5l.org/dist/src
HEIMDAL_VERSION = 7.4.0
HEIMDAL_SITE = https://github.com/heimdal/heimdal/releases/download/heimdal-$(HEIMDAL_VERSION)
HOST_HEIMDAL_DEPENDENCIES = host-e2fsprogs host-ncurses host-pkgconf
HEIMDAL_INSTALL_STAGING = YES
HEIMDAL_MAKE = $(MAKE1)
@@ -15,6 +15,7 @@ HOST_HEIMDAL_CONF_OPTS = \
--enable-static \
--without-openldap \
--without-capng \
--with-db-type-preference= \
--without-sqlite3 \
--without-libintl \
--without-openssl \
+2 -2
View File
@@ -1,2 +1,2 @@
# From http://www.imagemagick.org/download/releases/digest.rdf
sha256 0058fcde533986334458a5c99600b1b9633182dd9562cbad4ba618c5ccf2a28f ImageMagick-7.0.5-10.tar.xz
# Locally computed
sha256 5a45e29509dbb23793a9c8db5c47ef1114c1ee82c9ca60053eaf06b3fc243e2c 7.0.7-1.tar.gz
+3 -3
View File
@@ -4,9 +4,9 @@
#
################################################################################
IMAGEMAGICK_VERSION = 7.0.5-10
IMAGEMAGICK_SOURCE = ImageMagick-$(IMAGEMAGICK_VERSION).tar.xz
IMAGEMAGICK_SITE = http://www.imagemagick.org/download/releases
IMAGEMAGICK_VERSION = 7.0.7-1
IMAGEMAGICK_SOURCE = $(IMAGEMAGICK_VERSION).tar.gz
IMAGEMAGICK_SITE = https://github.com/ImageMagick/ImageMagick/archive
IMAGEMAGICK_LICENSE = Apache-2.0
IMAGEMAGICK_LICENSE_FILES = LICENSE
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
IOSTAT_VERSION = 2.2
IOSTAT_SITE = http://www.linuxinsight.com/files
IOSTAT_SITE = http://linuxinsight.com/sites/default/files
IOSTAT_LICENSE = GPL
IOSTAT_LICENSE_FILES = LICENSE
+1 -1
View File
@@ -9,7 +9,7 @@ IPROUTE2_SOURCE = iproute2-$(IPROUTE2_VERSION).tar.xz
IPROUTE2_SITE = $(BR2_KERNEL_MIRROR)/linux/utils/net/iproute2
IPROUTE2_DEPENDENCIES = host-bison host-flex host-pkgconf \
$(if $(BR2_PACKAGE_LIBMNL),libmnl)
IPROUTE2_LICENSE = GPLv2
IPROUTE2_LICENSE = GPLv2+
IPROUTE2_LICENSE_FILES = COPYING
# If both iproute2 and busybox are selected, make certain we win
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
sha256 838220297dcbe7c8c42d01005059779a82f5b7b7e7043db37ad13f5966aff581 irssi-1.0.3.tar.xz
sha256 b85c07dbafe178213eccdc69f5f8f0ac024dea01c67244668f91ec1c06b986ca irssi-1.0.4.tar.xz
+1 -2
View File
@@ -4,7 +4,7 @@
#
################################################################################
IRSSI_VERSION = 1.0.3
IRSSI_VERSION = 1.0.4
IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
# Do not use the github helper here. The generated tarball is *NOT* the
# same as the one uploaded by upstream for the release.
@@ -15,7 +15,6 @@ IRSSI_DEPENDENCIES = host-pkgconf libglib2 ncurses openssl
IRSSI_CONF_OPTS = \
--disable-glibtest \
--with-ncurses=$(STAGING_DIR)/usr \
--without-perl
ifeq ($(BR2_PACKAGE_IRSSI_PROXY),y)
+1 -1
View File
@@ -6,7 +6,7 @@
IUCODE_TOOL_VERSION = 1.5
IUCODE_TOOL_SOURCE = iucode-tool_$(IUCODE_TOOL_VERSION).tar.xz
IUCODE_TOOL_SITE = https://gitlab.com/iucode-tool/releases/raw/latest
IUCODE_TOOL_SITE = https://gitlab.com/iucode-tool/releases/raw/master
ifeq ($(BR2_PACKAGE_ARGP_STANDALONE),y)
IUCODE_TOOL_CONF_ENV = LIBS="-largp"
IUCODE_TOOL_DEPENDENCIES = argp-standalone
@@ -0,0 +1,65 @@
From ff1ed2c4524095055140370c1008a2d9cccc5645 Mon Sep 17 00:00:00 2001
From: Adrian Knoth <adi@drcomp.erfurt.thur.de>
Date: Sat, 11 Jun 2016 05:35:07 +0200
Subject: [PATCH] Fix initialization in test/iodelay.cpp
jack_latency_range_t is
struct _jack_latency_range {
jack_nframes_t min;
jack_nframes_t max;
};
and jack_nframes_t is
typedef uint32_t jack_nframes_t;
so it's unsigned. Initialising it with -1 is invalid (at least in C++14). We cannot use {0, 0}, because latency_cb has
jack_latency_range_t range;
range.min = range.max = 0;
if ((range.min != capture_latency.min) || (range.max !=
capture_latency.max)) {
capture_latency = range;
}
so we must not have {0, 0}, otherwise the condition would never be true.
Using UINT32_MAX should be equivalent to the previous -1.
[Upstream commit https://github.com/jackaudio/jack2/commit/ff1ed2c4524095055140370c1008a2d9cccc5645]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
tests/iodelay.cpp | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/tests/iodelay.cpp b/tests/iodelay.cpp
index e1ba63fa..1ef470fd 100644
--- a/tests/iodelay.cpp
+++ b/tests/iodelay.cpp
@@ -20,6 +20,7 @@
#include <stdlib.h>
#include <stdio.h>
+#include <stdint.h>
#include <math.h>
#include <unistd.h>
#include <jack/jack.h>
@@ -167,8 +168,8 @@ static jack_client_t *jack_handle;
static jack_port_t *jack_capt;
static jack_port_t *jack_play;
-jack_latency_range_t capture_latency = {-1, -1};
-jack_latency_range_t playback_latency = {-1, -1};
+jack_latency_range_t capture_latency = {UINT32_MAX, UINT32_MAX};
+jack_latency_range_t playback_latency = {UINT32_MAX, UINT32_MAX};
void
latency_cb (jack_latency_callback_mode_t mode, void *arg)
@@ -266,4 +267,4 @@ int main (int ac, char *av [])
return 0;
}
-// --------------------------------------------------------------------------------
\ No newline at end of file
+// --------------------------------------------------------------------------------
+31
View File
@@ -0,0 +1,31 @@
From f7bccdca651592cc4082b28fd4a01ed6ef8ab655 Mon Sep 17 00:00:00 2001
From: Kjetil Matheussen <k.s.matheussen@notam02.no>
Date: Sat, 15 Jul 2017 13:21:59 +0200
Subject: [PATCH] Tests: Fix compilation with gcc7
Fixes
../tests/test.cpp: In function int process4(jack_nframes_t, void*):
../tests/test.cpp:483:73: error: call of overloaded abs(jack_nframes_t) is ambiguous
if (delta_time > 0 && (jack_nframes_t)abs(delta_time - cur_buffer_size) > tolerance) {
Downloaded from upstream commit
https://github.com/jackaudio/jack2/commit/f7bccdca651592cc4082b28fd4a01ed6ef8ab655
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
tests/test.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/test.cpp b/tests/test.cpp
index 8a8a8117..d2ef9a05 100644
--- a/tests/test.cpp
+++ b/tests/test.cpp
@@ -479,7 +479,7 @@ int process4(jack_nframes_t nframes, void *arg)
jack_nframes_t delta_time = cur_time - last_time;
Log("calling process4 callback : jack_frame_time = %ld delta_time = %ld\n", cur_time, delta_time);
- if (delta_time > 0 && (jack_nframes_t)abs(delta_time - cur_buffer_size) > tolerance) {
+ if (delta_time > 0 && abs((int64_t)delta_time - (int64_t)cur_buffer_size) > (int64_t)tolerance) {
printf("!!! ERROR !!! jack_frame_time seems to return incorrect values cur_buffer_size = %d, delta_time = %d tolerance %d\n", cur_buffer_size, delta_time, tolerance);
}
@@ -0,0 +1,28 @@
From d3c8e2d8d78899fba40a3e677ed4dbe388d82269 Mon Sep 17 00:00:00 2001
From: Adrian Knoth <adi@drcomp.erfurt.thur.de>
Date: Thu, 18 Sep 2014 18:29:23 +0200
Subject: [PATCH] Fix FTBFS with clang++
Forwarded from http://bugs.debian.org/757820
Downloaded from upstream commit
https://github.com/jackaudio/jack2/commit/d3c8e2d8d78899fba40a3e677ed4dbe388d82269
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
common/memops.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/memops.c b/common/memops.c
index 27f6194a..2d416b64 100644
--- a/common/memops.c
+++ b/common/memops.c
@@ -198,7 +198,7 @@ static inline __m128i float_24_sse(__m128 s)
*/
static unsigned int seed = 22222;
-inline unsigned int fast_rand() {
+static inline unsigned int fast_rand() {
seed = (seed * 96314165) + 907633515;
return seed;
}
-1
View File
@@ -1,3 +1,2 @@
# Locally calculated
sha256 88f1b6601b7c8950e6a2d5940b423a33ee628ae5583da40bdce3d9317d8c600d jack2-v1.9.10.tar.gz
sha256 f372c4300e3fb2c1ce053e47829df44f3f8b933feb820759392187723ae8e640 ff1ed2c4524095055140370c1008a2d9cccc5645.patch
-1
View File
@@ -9,7 +9,6 @@ JACK2_SITE = $(call github,jackaudio,jack2,$(JACK2_VERSION))
JACK2_LICENSE = GPLv2+ (jack server), LGPLv2.1+ (jack library)
JACK2_DEPENDENCIES = libsamplerate libsndfile alsa-lib host-python
JACK2_INSTALL_STAGING = YES
JACK2_PATCH = https://github.com/jackaudio/jack2/commit/ff1ed2c4524095055140370c1008a2d9cccc5645.patch
JACK2_CONF_OPTS = --alsa
@@ -0,0 +1,42 @@
From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Tue, 5 Sep 2017 18:12:19 +0200
Subject: [PATCH] Do something sensible for empty strings to make fuzzers
happy.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit fa7438a0ff
libarchive/archive_read_support_format_xar.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
index 7a22beb9d8e4..93eeacc5e6eb 100644
--- a/libarchive/archive_read_support_format_xar.c
+++ b/libarchive/archive_read_support_format_xar.c
@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
uint64_t l;
int digit;
+ if (char_cnt == 0)
+ return (0);
+
l = 0;
digit = *p - '0';
while (digit >= 0 && digit < 10 && char_cnt-- > 0) {
@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
{
int64_t l;
int digit;
-
+
+ if (char_cnt == 0)
+ return (0);
+
l = 0;
while (char_cnt-- > 0) {
if (*p >= '0' && *p <= '7')
--
2.14.1
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally computed:
sha256 72ee1a4e3fd534525f13a0ba1aa7b05b203d186e0c6072a8a4738649d0b3cfd2 libarchive-3.2.1.tar.gz
sha256 ed2dbd6954792b2c054ccf8ec4b330a54b85904a80cef477a1c74643ddafa0ce libarchive-3.3.2.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBARCHIVE_VERSION = 3.2.1
LIBARCHIVE_VERSION = 3.3.2
LIBARCHIVE_SITE = http://www.libarchive.org/downloads
LIBARCHIVE_INSTALL_STAGING = YES
LIBARCHIVE_LICENSE = BSD-2c, BSD-3c
@@ -0,0 +1,47 @@
From 7d84bd820ef412d251b643a4faced105668f4ebd Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Fri, 11 Aug 2017 18:52:37 +0200
Subject: [PATCH] curl/system.h: support more architectures
The long list of architectures in include/curl/system.h is annoying to
maintain, and needs to be extended for each and every architecture to
support.
Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler
(we are in the GNUC condition anyway), which tells us if long is 4
bytes or 8 bytes.
This fixes the build of libcurl 7.55.0 on architectures such as
OpenRISC or ARC.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
include/curl/system.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/include/curl/system.h b/include/curl/system.h
index 79abf8f..0e13075 100644
--- a/include/curl/system.h
+++ b/include/curl/system.h
@@ -403,7 +403,7 @@
# if !defined(__LP64__) && (defined(__ILP32__) || \
defined(__i386__) || defined(__ppc__) || defined(__arm__) || \
defined(__sparc__) || defined(__mips__) || defined(__sh__) || \
- defined(__XTENSA__))
+ defined(__XTENSA__) || (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 4))
# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
@@ -412,7 +412,8 @@
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# elif defined(__LP64__) || \
- defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__)
+ defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__) || \
+ (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 8)
# define CURL_SIZEOF_LONG 8
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
--
2.9.4
+2 -1
View File
@@ -1,2 +1,3 @@
# Locally calculated after checking pgp signature
sha256 f50ebaf43c507fa7cc32be4b8108fa8bbd0f5022e90794388f3c7694a302ff06 curl-7.54.0.tar.bz2
# https://curl.haxx.se/download/curl-7.55.0.tar.xz.asc
sha256 cdd58522f8607fd4e871df79d73acb3155075e2134641e5adab12a0962df059d curl-7.55.0.tar.xz
+3 -3
View File
@@ -4,14 +4,14 @@
#
################################################################################
LIBCURL_VERSION = 7.54.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
LIBCURL_VERSION = 7.55.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
$(if $(BR2_PACKAGE_ZLIB),zlib) \
$(if $(BR2_PACKAGE_LIBIDN),libidn) \
$(if $(BR2_PACKAGE_RTMPDUMP),rtmpdump)
LIBCURL_LICENSE = ISC
LIBCURL_LICENSE = curl
LIBCURL_LICENSE_FILES = COPYING
LIBCURL_INSTALL_STAGING = YES
+2 -4
View File
@@ -1,5 +1,3 @@
# From https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
sha1 65a4a495aa858483e66868199eaa8238572ca6cd libgcrypt-1.7.8.tar.bz2
# Locally calculated after checking signature
# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.8.tar.bz2.sig
sha256 948276ea47e6ba0244f36a17b51dcdd52cfd1e664b0a1ac3bc82134fb6cec199 libgcrypt-1.7.8.tar.bz2
# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.9.tar.bz2.sig
sha256 bfe9bb703c1126c3647da2810fd23039c2f09d46969f71612c2065dc3fa9373b libgcrypt-1.7.9.tar.bz2
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBGCRYPT_VERSION = 1.7.8
LIBGCRYPT_VERSION = 1.7.9
LIBGCRYPT_SOURCE = libgcrypt-$(LIBGCRYPT_VERSION).tar.bz2
LIBGCRYPT_LICENSE = LGPLv2.1+
LIBGCRYPT_LICENSE_FILES = COPYING.LIB
+2 -1
View File
@@ -113,7 +113,8 @@ HOST_LIBGLIB2_DEPENDENCIES = \
host-zlib
LIBGLIB2_CONF_OPTS = \
--with-pcre=system
--with-pcre=system \
--disable-compile-warnings
ifneq ($(BR2_ENABLE_LOCALE),y)
LIBGLIB2_DEPENDENCIES += libiconv
@@ -0,0 +1,36 @@
From e9e81b8063b095b02cf104bb992fa9bf9515b9d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Fri, 1 Sep 2017 10:04:48 +0200
Subject: [PATCH] lib/punycode.c (decode_digit): Fix integer overflow
This fix is a backport from libidn2 and addresses
CVE-2017-14062.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit e9e81b8063b095
lib/punycode.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/punycode.c b/lib/punycode.c
index 86819a7deb85..49250a13e2cc 100644
--- a/lib/punycode.c
+++ b/lib/punycode.c
@@ -88,10 +88,10 @@ enum
/* point (for use in representing integers) in the range 0 to */
/* base-1, or base if cp does not represent a value. */
-static punycode_uint
-decode_digit (punycode_uint cp)
+static unsigned
+decode_digit (int cp)
{
- return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+ return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
cp - 97 < 26 ? cp - 97 : base;
}
--
2.14.1

Some files were not shown because too many files have changed in this diff Show More