Compare commits

...

461 Commits

Author SHA1 Message Date
Peter Korsgaard 8a0e4e865a Update for 2017.02.11
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 21:08:40 +02:00
André Hentschel ab61f3fa1e wireshark: bump version to 2.2.14 (security)
Security fixes since 2.2.12:

- wnpa-sec-2018-15
  The MP4 dissector could crash. (Bug 13777)
- wnpa-sec-2018-16
  The ADB dissector could crash. (Bug 14460)
- wnpa-sec-2018-17
  The IEEE 802.15.4 dissector could crash. (Bug 14468)
- wnpa-sec-2018-18
  The NBAP dissector could crash. (Bug 14471)
- wnpa-sec-2018-19
  The VLAN dissector could crash. (Bug 14469)
- wnpa-sec-2018-20
  The LWAPP dissector could crash. (Bug 14467)
- wnpa-sec-2018-23
  The Kerberos dissector could crash. (Bug 14576)
- wnpa-sec-2018-05
  The IEEE 802.11 dissector could crash. Bug 14442, CVE-2018-7335
- wnpa-sec-2018-06
  Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors (Bug 14444), along with the DICOM (Bug 14411), DMP (Bug 14408), LLTD (Bug 14419), OpenFlow (Bug 14420), RELOAD (Bug 14445), RPCoRDMA (Bug 14449), RPKI-Router (Bug 14414), S7COMM (Bug 14423), SCCP (Bug 14413), Thread (Bug 14428), Thrift (Bug 14379), USB (Bug 14421), and WCCP (Bug 14412) dissectors were susceptible.
- wnpa-sec-2018-07
  The UMTS MAC dissector could crash. Bug 14339, CVE-2018-7334
- wnpa-sec-2018-09
  The FCP dissector could crash. Bug 14374, CVE-2018-7336
- wnpa-sec-2018-10
  The SIGCOMP dissector could crash. Bug 14398, CVE-2018-7320
- wnpa-sec-2018-11
  The pcapng file parser could crash. Bug 14403, CVE-2018-7420
- wnpa-sec-2018-12
  The IPMI dissector could crash. Bug 14409, CVE-2018-7417
- wnpa-sec-2018-13
  The SIGCOMP dissector could crash. Bug 14410, CVE-2018-7418
-  wnpa-sec-2018-14
  The NBAP disssector could crash. Bug 14443, CVE-2018-7419

Full release notes:

  https://www.wireshark.org/docs/relnotes/wireshark-2.2.14.html

Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c5c87c2bb6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:42:38 +02:00
Fabio Estevam b0aeb1d4e3 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2661d47425)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:41:59 +02:00
Peter Korsgaard dff55ea20e python-webpy: use webpy-0.39 tag
No functional change, but upstream has now tagged the release, so use the
tag instead of the sha1.

https://github.com/webpy/webpy/issues/449

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 01320bb9ff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:41:19 +02:00
Peter Korsgaard 5c3e92de2d python-webpy: security bump to version 0.39
>From the changelog:

2018-02-28 0.39
* Fixed a security issue with the form module (tx Orange Tsai)
* Fixed a security issue with the db module (tx Adrián Brav and Orange Tsai)

2016-07-08 0.38
..
* Fixed a potential remote exeution risk in `reparam` (tx Adrián Brav)

License files are still not included on pypi, so continue to use the git
repo. Upstream has unfortunately not tagged 0.39, so use the latest commit
on the 0.39 branch.  A request to fix this has been submitted:

https://github.com/webpy/webpy/issues/449

0.39 now uses setuptools, so change the _SETUP_TYPE.

Add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ce559162fc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:41:09 +02:00
Peter Korsgaard 64d9f21af2 python-webpy: needs hashlib support in python
webpy uses hashlib for session handling, so ensure it is available:

web/session.py:    import hashlib
web/session.py:    sha1 = hashlib.sha1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 543b0d50fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:40:52 +02:00
Peter Korsgaard 9bdc177bea openblas: drop SSE_GENERIC target
Fixes #10856

The SSE_GENERIC target fails to build with a "sgemm_kernel.o: No such file
or directory" error. Several upstream bug reports exist for this:

https://github.com/xianyi/OpenBLAS/issues/502
https://github.com/xianyi/OpenBLAS/issues/685

In both cases, upstream suggests using a different target definition
instead.  E.G.  from issue 685:

You may use NORTHWOOD on x86: make TARGET=NORTHWOOD that uses SSE2
instructions.  It's very hard to find non-SSE2 x86 CPUs today.  For x86-64
use the PRESCOTT target

So drop the SSE_GENERIC target.  The only x86_64 variant we support not
covered by a more specific openblas target is the default variant, nocona
and jaguar.

Nocona was a Xeon variant of the P4 "Prescott" architecture, so use the
PRESCOTT openblas target:

https://en.wikipedia.org/wiki/Xeon#Nocona_and_Irwindale

Jaguar is from the Bobcat family, so use the BOBCAT openblas target:

https://en.wikipedia.org/wiki/List_of_AMD_microprocessors#Bobcat_core_architecture_(APU)

[Peter: add Jaguar as pointed out by Arnout]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 5e6fa93483)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:36:56 +02:00
Sasha Shyrokov 0aab750960 opencv3: fix Python module build for Python 3.x
When the OpenCV3 Python support is enabled with Python 3.x, it builds
properly, and the resulting .so file is built for the target
architecture, but its name is wrong:

  output/target/usr/lib/python3.6/site-packages/cv2.cpython-36m-x86_64-linux-gnu.so

This prevents Python 3.x from importing the module:

>>> import cv2
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ModuleNotFoundError: No module named 'cv2'

In order to fix this, we simply need to pass PKG_PYTHON_DISTUTILS_ENV
in the environment. The Python module then gets named:

  output/target/usr/lib/python3.6/site-packages/cv2.cpython-36m-arm-linux-gnueabi.so

And can be imported properly:

>>> import cv2
>>>

This solution was suggested by Arnout Vandecappelle in
https://stackoverflow.com/questions/49059035/buildroot-opencv3-python-package-builds-for-the-wrong-target.

With Python 2.x, the module is named just cv2.so so this problem isn't
visible. However, for consistency, we also pass
PKG_PYTHON_DISTUTILS_ENV when building against Python 2.x, by putting
the OPENCV3_CONF_ENV assignment inside the
BR2_PACKAGE_OPENCV3_LIB_PYTHON condition, but outside the
BR2_PACKAGE_PYTHON3/BR2_PACKAGE_PYTHON condition.

Signed-off-by: Sasha Shyrokov <alexander-shyrokov@idexx.com>
[Thomas: extend the commit log, apply the solution to Python 2.x.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8ba80282c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:36:18 +02:00
Valentin Korenblit 02aaa39a14 package/xterm: Avoid freetype2 path poisoning using imake
When imake is installed on the host, it tries to include
freetype headers from host, so we must override ac_cv_path_IMAKE
to avoid this.

Extract from config.log:

configure:14803: checking if we should use imake to help
configure:14820: result: yes
configure:14829: checking for xmkmf
configure:14846: found /usr/bin/xmkmf
configure:14857: result: /usr/bin/xmkmf
configure:14920: testing Using /usr/bin/xmkmf  ...
configure:15015: testing IMAKE_CFLAGS  -I. -I/usr/include/freetype2

Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
[Thomas: pass ac_cv_path_IMAKE="" as suggested by Romain Naour.]
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6d0316dc7b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:34:57 +02:00
Fabio Estevam 2fbc20fd26 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6e17a16dc7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:34:10 +02:00
Peter Korsgaard a5951b94bc openssl: security bump to version 1.0.2o
Fixes the following security issues:

Constructed ASN.1 types with a recursive definition could exceed the stack
(CVE-2018-0739)

Constructed ASN.1 types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion.  This could result in a Denial Of Service attack.
There are no such structures used within SSL/TLS that come from untrusted
sources so this is considered safe.

Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each
byte.  This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the
security claims of the scheme.  The module can only be compiled by the HP-UX
assembler, so that only HP-UX PA-RISC targets are affected.

rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

This issue has been reported in a previous OpenSSL security advisory and a
fix was provided for OpenSSL 1.0.2.  Due to the low severity no fix was
released at that time for OpenSSL 1.1.0.  The fix is now available in
OpenSSL 1.1.0h.

There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli.  No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this
defect would be very difficult to perform and are not believed likely.
Attacks against DH1024 are considered just feasible, because most of the
work necessary to deduce information about a private key may be performed
offline.  The amount of resources required for such an attack would be
significant.  However, for an attack on TLS to be meaningful, the server
would have to share the DH1024 private key among multiple clients, which is
no longer an option since CVE-2016-0701.

This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).

For more details, see https://www.openssl.org/news/secadv/20180327.txt

The copyright year changed in LICENSE, so adjust the hash to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6938c219d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:25:48 +02:00
Peter Korsgaard c1ce76dba4 sngrep: fix libgcrypt handling
Fixes:
http://autobuild.buildroot.net/results/f1c6494133806b9fc26ae3ce9e9c6a22fa2eda6f/

Commit 6205b75873 (sngrep: gnutls support also needs libgcrypt) ensured
that --with-gnutls is only used when both gnutls and libgcrypt are enabled,
but it didn't ensure libgcrypt gets built before sngrep or told the
configure script where to find libgcrypt-config, breaking the build.

Fix both issues.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ae7d59eaae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:22:04 +02:00
Fabio Estevam 3d5be0c715 linux-headers: bump 4.{1, 4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9ef8f6b061)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:20:51 +02:00
Baruch Siach f7b941d3f5 xerces: add upstream security fix
CVE-2017-12627: dereference of a NULL pointer while processing the path
to the DTD.

xerces 3.2.1 includes this patch. But this version also added
AC_RUN_IFELSE to its configure script, making cross compilation harder.

Switching to cmake is also problematic since the minimum required cmake
version is 3.2.0. The host dependencies check currently allows minimum
cmake version 3.1.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 142c8cc8d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:20:04 +02:00
Fabio Estevam 8666d431c2 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d9534c8163)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:19:01 +02:00
Bernd Kuhls 06c77a5062 package/apache: security bump to version 2.4.33
Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.33

Fixes CVE-2017-15710, CVE-2018-1283, CVE-2018-1303, CVE-2018-1301,
CVE-2017-15715, CVE-2018-1312, CVE-2018-1302.

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 65193bf3c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:17:27 +02:00
Bernd Kuhls 763319e86c package/apache: bump version to 2.4.29
Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.29

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 386ca343c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:17:14 +02:00
Bernd Kuhls bb047db6e6 package/apache: bump to version 2.4.28
Fix for CVE-2017-9798 is included in this release, so this patch is
removed.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Update commit log: not a security bump]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit 1cff68251e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:17:09 +02:00
Bernd Kuhls 2801e075c7 package/imagemagick: security bump version to 7.0.7-27
Fixes CVE-2018-6405 (upstream Github PR 964) and many others:
http://www.imagemagick.org/script/changelog.php

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 31086ea1de)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:16:08 +02:00
Bernd Kuhls 91d1863955 linux-headers: bump 3.2.x and 4.{14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b83a4d3d69)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:15:30 +02:00
Peter Korsgaard 0112c2647a tremor: security bump to fix CVE-2018-5146
Prevent out-of-bounds write in codebook decoding.

Codebooks that are not an exact divisor of the partition size are now
truncated to fit within the partition.

Upstream has migrated from subversion to git, so change to git and bump the
version to include the fix for CVE-2018-5146.

While we're at it, also add a hash file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 80266c9505)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:11:04 +02:00
Fabio Estevam 48a3c64c05 linux-headers: bump 3.2.x and 4.{1, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cd0fd09352)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:09:14 +02:00
Peter Korsgaard f971d57e1c linux-headers: bump 4.{4,9}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 50cd46b39f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:43:55 +02:00
Peter Korsgaard 9dcd7e340b irssi: security bump to version 1.0.7
Fixes the following security issues:

Use after free when server is disconnected during netsplits.  Incomplete fix
of CVE-2017-7191.  Found by Joseph Bisch.  (CWE-416, CWE-825) -
CVE-2018-7054 [2] was assigned to this issue.

Use after free when SASL messages are received in unexpected order.  Found
by Joseph Bisch.  (CWE-416, CWE-691) - CVE-2018-7053 [3] was assigned to
this issue.

Null pointer dereference when an “empty” nick has been observed by Irssi.
Found by Joseph Bisch.  (CWE-476, CWE-475) - CVE-2018-7050 [4] was assigned
to this issue.

When the number of windows exceed the available space, Irssi would crash due
to Null pointer dereference.  Found by Joseph Bisch.  (CWE-690) -
CVE-2018-7052 [5] was assigned to this issue.

Certain nick names could result in out of bounds access when printing theme
strings.  Found by Oss-Fuzz.  (CWE-126) - CVE-2018-7051 [6] was assigned to
this issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 181ef8a1d0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:43:20 +02:00
Baruch Siach abb750fc22 libcurl: security bump to version 7.59.0
CVE-2018-1000120: curl could be fooled into writing a zero byte out of
bounds when curl is told to work on an FTP URL with the setting to only
issue a single CWD command, if the directory part of the URL contains a
"%00" sequence.

https://curl.haxx.se/docs/adv_2018-9cd6.html

CVE-2018-1000121: curl might dereference a near-NULL address when
getting an LDAP URL.

https://curl.haxx.se/docs/adv_2018-97a2.html

CVE-2018-1000122: When asked to transfer an RTSP URL, curl could
calculate a wrong data length to copy from the read buffer.

https://curl.haxx.se/docs/adv_2018-b047.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf3476e5b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:42:39 +02:00
Adam Duskett 122211e827 libpjsip: security bump to 2.7.2
Fixes the following vulnerabilities:

- CVE-2018-1000098: Crash when parsing SDP with an invalid media format
  description

- CVE-2018-1000099: Crash when receiving SDP with invalid fmtp attribute

[Peter: add CVE info]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ed0d9d6f36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:42:00 +02:00
Peter Korsgaard 933b01bde6 samba4: security bump to version 4.5.16
CVE-2018-1050: Vulnerability to a denial of service attack when the RPC
spoolss service is configured to be run as an external daemon.

https://www.samba.org/samba/security/CVE-2018-1050.html

CVE-2018-1057: Authenticated users might change any other users'
passwords, including administrative users and privileged service
accounts (eg Domain Controllers).

https://www.samba.org/samba/security/CVE-2018-1057.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:40:42 +02:00
Fabio Estevam 88b7f14300 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 03b5b444f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:08:06 +02:00
Peter Korsgaard d1c1d929eb linux: Config.in: correct typo in kernel compression format help text
s/build/built/.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d233cc72c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:07:38 +02:00
Peter Korsgaard 5dea8d17d0 busybox: add upstream post-1.27.2 httpd fix
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ec58149009)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 23:19:38 +02:00
Adam Duskett a7918a7d00 busybox: bump to version 1.27.2
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5cdb463e44)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 23:19:38 +02:00
Thomas Petazzoni 9d821b79c4 busybox: disable new TLS support
Busybox 1.17.1 has added built-in TLS support. Unfortunately, it fails
to build on i686 with gcc 4.8, with:

networking/tls_pstm_mul_comba.c: In function 'pstm_mul_comba':
networking/tls_pstm_mul_comba.c:82:1: error: 'asm' operand has impossible constraints
 asm(                                                      \
 ^
networking/tls_pstm_mul_comba.c:279:4: note: in expansion of macro 'MULADD'
    MULADD(*tmpx++, *tmpy--);
    ^
make[3]: *** [networking/tls_pstm_mul_comba.o] Error 1
make[2]: *** [networking] Error 2

Since TLS support is a new feature in 1.27, and wasn't present until
now, let's disable it to avoid the build failure.

The bug has been reported upstream at
http://lists.busybox.net/pipermail/busybox/2017-July/085713.html.

Fixes:

 http://autobuild.buildroot.net/results/d973f9a2fbf0f52104f4943b902183e9dbf163a7/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d5507262f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 23:19:38 +02:00
Peter Korsgaard d313993607 Revert "busybox: add upstream post-1.26.2 fixes"
This reverts commit ace9345c96.

With the bump to 1.27.x, these are no longer needed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 23:19:38 +02:00
Adam Duskett b8cad32137 busybox: bump version to 1.27.1
In addition, update busybox-minimal.config and busybox.config by loading the
config files and saving them back.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8cea293617)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 23:15:06 +02:00
Fabio Estevam ac80ff09f9 linux-headers: bump 4.{9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 59e8b056ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:12:38 +02:00
Baruch Siach 744ed3cb4c dhcp: add upstream security fixes
CVE-2018-5732: The DHCP client incorrectly handled certain malformed
responses. A remote attacker could use this issue to cause the DHCP
client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated
by the dhclient AppArmor profile.

CVE-2018-5733: The DHCP server incorrectly handled reference counting. A
remote attacker could possibly use this issue to cause the DHCP server
to crash, resulting in a denial of service.

Both issues are fixed in version 4.4.1. But we are close to release, so
backport the fixes instead of bumping version.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 047cec5993)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:11:45 +02:00
Bernd Kuhls ac20047cfe package/clamav: security bump to version 0.99.4
Fixes CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-1000085 &
CVE-2018-0202.

For details see upstream announcement:
http://lists.clamav.net/pipermail/clamav-announce/2018/000029.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d02cbe22da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:09:13 +02:00
Peter Korsgaard b93a04a51a mosquitto: unbreak build with websockets and !libopenssl
Fixes:
http://autobuild.buildroot.net/results/d69/d693f3e3f1c73ccf54ac7076623e436355a9d901/b

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 63dfbca2c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:06:15 +02:00
Peter Korsgaard 6758d72750 mosquitto: security bump to version 1.4.15
Fixes CVE-2017-7651: Unauthenticated clients can send a crafted CONNECT
packet which causes large amounts of memory use in the broker.  If multiple
clients do this, an out of memory situation can occur and the system may
become unresponsive or the broker will be killed by the operating system.

The fix addresses the problem by limiting the permissible size for CONNECT
packet, and by adding a memory_limit configuration option that allows the
broker to self limit the amount of memory it uses.

The hash of new tarball is not (yet) available through download.php, so use
a locally calculated hash.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f4df4a18e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:06:08 +02:00
Peter Korsgaard 184042f0e5 mosquitto: bump version to 1.4.14
Drop CVE 2017-9868 patch as that is now upstream.

1.4.14 is a bugfix release, fixing significant websocket performance /
correctness issues.

Use HTTPS for the download as the server uses HSTS, thus saving a redirect.

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1b76bf7669)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:05:50 +02:00
Peter Korsgaard 932d6d028d mosquitto: clarify that patch hash is locally calculated
Commit e51d69a3b (mosquitto: specify that hash is taken from upstream)
changed the .hash description header, but the upstream hash only applies
to the tarball, not the patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1ef8c22393)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:04:05 +02:00
Vicente Olivert Riera e0730140cf mosquitto: specify that hash is taken from upstream
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d8dc97ee5e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:03:59 +02:00
Bernd Kuhls b598d76aff package/dovecot: security bump to version 2.3.4
Fixes CVE-2017-15130, CVE-2017-14461 & CVE-2017-15132:
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html

Removed patch applied upstream:
https://github.com/dovecot/core/commit/a008617e811673064fd657acf517dc4a12493d29

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7c970b06ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:02:38 +02:00
Fabio Estevam d0a4f95570 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fcf28ee361)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:01:23 +02:00
Peter Korsgaard 10a941a561 wavpack: add upstream security fixes
Fixes the following security issues:

CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig
function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to
cause a denial-of-service attack or possibly have unspecified other impact
via a maliciously crafted RF64 file.

CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file
of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service
(heap-based buffer over-read) or possibly overwrite the heap via a
maliciously crafted DSDIFF file.

CVE-2018-7254: The ParseCaffHeaderConfig function of the cli/caff.c file of
WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global
buffer over-read), or possibly trigger a buffer overflow or incorrect memory
allocation, via a maliciously crafted CAF file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4de7e07e6e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:00:45 +02:00
Thomas Petazzoni b08d5c0fe5 wavpack: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0a2576d37e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:00:21 +02:00
Bernd Kuhls 3738909ce9 linux-headers: bump 3.2.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e8e9bb3267)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:57:42 +02:00
Peter Korsgaard c1c3a7913a check-host-tar.sh: blacklist tar 1.30+
Tar 1.30 changed the --numeric-owner output for filenames > 100 characters,
leading to hash mismatches for the tar archives we create ourselves from
git.  This is really a fix for a bug in earlier tar versions regarding
deterministic output, so it is unlikely to be reverted in later versions.

For more details, see:
http://lists.busybox.net/pipermail/buildroot/2018-January/211222.html

To work around this issue, blacklist tar 1.30+ similar to how we do it for
pre-1.17 versions so Buildroot falls back to building host-tar.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b8fa273d50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:56:47 +02:00
Peter Korsgaard 119ab097e4 dependencies.mk: check for valid host-tar before other host dependencies
host-{cmake,lzip,xz} needs host-tar to extract their source code tarball, so
we need to ensure that host-tar gets added to DEPENDENCIES_HOST_PREREQ
before these in case they are both needed, otherwise the tools will fail to
extract.

With the upcoming change to blacklist modern tar versions this situation is
likely to trigger more often.

The real solution to this issue is the <foo>_EXTRACT_DEPENDENCIES rework,
but that series is a bit too intrusive to add this close to 2018.02, so
therefore this hack.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7c09cb82b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:56:31 +02:00
Fabio Estevam a06507a2f2 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1e7ee5a686)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:54:42 +02:00
Baruch Siach 85e08f8719 patch: add upstream security fix
Fixes CVE-2018-1000156: arbitrary command execution in ed-style patches.

Depend on MMU for now, because the patch adds a fork() call. Upstream
later switched to gnulib provided execute(), so this dependency can be
dropped on the next version bump.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f4a4df2084)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c3e1d9849a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:52:31 +02:00
Baruch Siach 4b0f9bbb62 patch: security bump to version 2.7.6
Fixes CVE-2016-10713: Out-of-bounds access within pch_write_line() in
pch.c can possibly lead to DoS via a crafted input file.

Add upstream patch fixing CVE-2018-6951: There is a segmentation fault,
associated with a NULL pointer dereference, leading to a denial of
service in the intuit_diff_type function in pch.c, aka a "mangled
rename" issue.

This bump does NOT fix CVE-2018-6952. See upstream bug #53133
(https://savannah.gnu.org/bugs/index.php?53133).

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 38d8d86d31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:52:21 +02:00
Baruch Siach e1f2e885e6 mbedtls: fix API compatibility
Add upstream patch fixing API compatibility with previous releases.

Fixes (hiawatha):
http://autobuild.buildroot.net/results/ce6/ce6b4a50e6aafd06f82eaae688dd8720b982e9c2/
http://autobuild.buildroot.net/results/cde/cdec7ae3565d5b76a9bc50156c6244b44197534e/
http://autobuild.buildroot.net/results/9c1/9c1aec09c03f60bee9dc134da5a29e2671fc3b5e/

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7bb17b10af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:51:38 +02:00
Baruch Siach d226954543 mbedtls: security bump to version 2.7.0
CVE-2018-0487: Remote attackers can execute arbitrary code or cause a
denial of service (buffer overflow) via a crafted certificate chain that
is mishandled during RSASSA-PSS signature verification within a TLS or
DTLS session.

CVE-2018-0488: When the truncated HMAC extension and CBC are used,
allows remote attackers to execute arbitrary code or cause a denial of
service (heap corruption) via a crafted application packet within a TLS
or DTLS session.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3b7a59304a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:51:25 +02:00
Fabio Estevam a60c8ecf38 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3733907f67)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:50:27 +02:00
Peter Korsgaard 14ee40d989 exim: add upstream security fix
Fixes the following security issue:

CVE-2018-6789: Meh Chang discovered a buffer overflow flaw in a utility
function used in the SMTP listener of Exim, a mail transport agent.  A
remote attacker can take advantage of this flaw to cause a denial of
service, or potentially the execution of arbitrary code via a specially
crafted message.

Dropped ChangeLog hunk and adjusted file path of upstream commit so it
applies to tarball.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8343069e2c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:49:09 +02:00
Peter Korsgaard 0a5fcdfe0b quagga: add upstream security fixes
Fixes the following security issues:

CVE-2018-5378

    It was discovered that the Quagga BGP daemon, bgpd, does not
    properly bounds check data sent with a NOTIFY to a peer, if an
    attribute length is invalid. A configured BGP peer can take
    advantage of this bug to read memory from the bgpd process or cause
    a denial of service (daemon crash).

    https://www.quagga.net/security/Quagga-2018-0543.txt

CVE-2018-5379

    It was discovered that the Quagga BGP daemon, bgpd, can double-free
    memory when processing certain forms of UPDATE message, containing
    cluster-list and/or unknown attributes, resulting in a denial of
    service (bgpd daemon crash).

    https://www.quagga.net/security/Quagga-2018-1114.txt

CVE-2018-5380

    It was discovered that the Quagga BGP daemon, bgpd, does not
    properly handle internal BGP code-to-string conversion tables.

    https://www.quagga.net/security/Quagga-2018-1550.txt

CVE-2018-5381

    It was discovered that the Quagga BGP daemon, bgpd, can enter an
    infinite loop if sent an invalid OPEN message by a configured peer.
    A configured peer can take advantage of this flaw to cause a denial
    of service (bgpd daemon not responding to any other events; BGP
    sessions will drop and not be reestablished; unresponsive CLI
    interface).

    https://www.quagga.net/security/Quagga-2018-1975.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 157a198d30)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:48:43 +02:00
Ryan Coe a0cd24fafa mariadb: security bump version to 10.1.31
Release notes: https://mariadb.com/kb/en/mariadb-10131-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10131-changelog/

Fixes the following security vulnerabilities:

CVE-2018-2562 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server : Partition). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server as well as unauthorized update, insert or
delete access to some of MySQL Server accessible data.

CVE-2018-2622 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.5.58
and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.

CVE-2018-2640 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.

CVE-2018-2665 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.

CVE-2018-2668 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.

CVE-2018-2612 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and
prior and 5.7.20 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access to critical data or all
MySQL Server accessible data and unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fcdaab19bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:47:30 +02:00
Thomas De Schampheleire 22905de362 jq: compile as _GNU_SOURCE to fix segfault when compiled with gcc 6
When compiling host-jq with gcc 6+, running it gives an immediate segfault.
Reported upstream: https://github.com/stedolan/jq/issues/1598

The issue can be solved by compiling with _GNU_SOURCE as extra preprocessor
define. Once the issue is solved upstream, this change can be reverted.

As the issue will normally be the same for target, apply the same fix there.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 21114013e8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:46:50 +02:00
Fabio Estevam ac860db762 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aa77030b8f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:45:52 +02:00
Peter Korsgaard 9754a77f74 libvorbis: security bump to version 1.3.6
Fixes CVE-2018-5146: Prevent out-of-bounds write in codebook decoding.

Drop 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch and
0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch as they are
now upstream, and add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eca03d6774)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1f11463b3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:45:15 +02:00
Peter Korsgaard 9f5ffe8012 libvorbis: add upstream security fixes
Fixes the following security issues:

CVE-2017-14632: Libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in info.c
when vi->channels<=0, a similar issue to Mozilla bug 550184.

CVE-2017-14633: In libvorbis 1.3.5, an out-of-bounds array read
vulnerability exists in the function mapping0_forward() in mapping0.c, which
may lead to DoS when operating on a crafted audio file with
vorbis_analysis().

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cc9282ae8c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:44:59 +02:00
Fabio Estevam 9c908557ca linux-headers: bump 4.{9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7c08458270)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:43:00 +02:00
Baruch Siach a0cd7e6466 librsvg: security bump to version 2.40.20
Fixes CVE-2018-1000041: information disclosure via a crafted SVG file.

Bump to the latest (maybe last) release in the 2.40.x series. Newer
versions require a Rust compiler.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4020c5a7b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:41:31 +02:00
Baruch Siach cff27a6b92 busybox: add upstream security fixes
CVE-2017-15873: Integer overflow in decompress_bunzip2.c leads to a read
access violation

CVE-2017-15874: Integer overflow in decompress_unlzma.c leads to a read
access violation

Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6665360b6d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:40:52 +02:00
Gaël PORTAY 996105619f qt5tools: fix typo in <pkg>_SOURCE
The QT5TOOLS_SOURCE variable uses mismatch QT5BASE_VERSION variable.

This commit fixes the typo by using the appropriate QT5TOOLS_VERSION
variable.

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7c384c3b0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:39:26 +02:00
Gaël PORTAY 223c160078 qt53d: fix typo in <pkg>_SOURCES
The QT53D_SOURCE variable uses mismatch QT5SVG_VERSION variable.

This commit fixes the typo by using the appropriate QT53D_VERSION
variable.

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit caa3f12fd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:38:12 +02:00
Baruch Siach a967b26026 rsync: security bump to version 3.1.3
Fixes CVE-2018-5764: remote attackers can bypass an
argument-sanitization protection mechanism

Drop upstream patches.

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4652f59401)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:37:38 +02:00
Baruch Siach dd364b6d60 libxml2: add security fix
CVE-2017-8872: An attackers can cause a denial of service (buffer
over-read) or information disclosure.

Patch from the upstream bug tracker.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 86e027f6d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:37:06 +02:00
Adam Duskett 23b3534f35 libxml2: bump to 2.9.7
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a54794e652)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:36:56 +02:00
Samuel Martin 168c91f174 package/libxml2: add license hash
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit fd313f8dc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:36:53 +02:00
Baruch Siach 24c068191c dnsmasq: add upstream security fix patches
Fixes CVE-2017-15107: An attacker can craft an NSEC which wrongly proves
non-existence.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit aec658f5d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:35:08 +02:00
Baruch Siach e78164574b dnsmasq: simplify build configuration
Drop direct sed'ing of config.h for HAVE_CONNTRACK, HAVE_LUASCRIPT, and
HAVE_DBUS. Use MAKE_OPTS COPTS parameters instead, like we do already
for all other options.

Rename DNSMASQ_ENABLE_LUA to DNSMASQ_TWEAK_LIBLUA since it now does only
that.

Merge two conntrack and three dbus conditional sections.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1042fea88a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:34:50 +02:00
Baruch Siach bf9cad4c7b libtasn1: security bump to version 4.13
CVE-2017-10790: NULL pointer dereference and crash when reading crafted
input

CVE-2018-6003: Stack exhaustion due to indefinite recursion during BER
decoding

Add license files hashes.

Cc: Stefan Fröberg <stefan.froberg@petroprogram.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9ac75335bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:33:17 +02:00
Baruch Siach fdbd22529f ntp: fix build without SSP support
In version 4.2.8p11 ntp changed its configure script build hardening
parameter to '--with-hardenfile'. Update the parameter name to avoid
-fstack-protector-all when the toolchain does not support this option.

Fixes:
http://autobuild.buildroot.net/results/60e/60e8b9864932f2cabc7deb43234abe168bd113c5/
http://autobuild.buildroot.net/results/592/592db6836817bb078a2f1146d2ce6241bf7997a3/
http://autobuild.buildroot.net/results/b07/b070fbc66a928888df8d2561dad3632778d55e0d/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5766b6fb34)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:29:45 +02:00
Baruch Siach e912d4c9d5 ntp: security bump to version 4.2.8p11
Fixed or improved security issues:

  CVE-2016-1549 (fixed in 4.2.8p7; this release adds protection): A
  malicious authenticated peer can create arbitrarily-many ephemeral
  associations in order to win the clock selection algorithm

  CVE-2018-7182: Buffer read overrun leads to undefined behavior and
  information leak

  CVE-2018-7170: Multiple authenticated ephemeral associations

  CVE-2018-7184: Interleaved symmetric mode cannot recover from bad
  state

  CVE-2018-7185: Unauthenticated packet can reset authenticated
  interleaved association

  CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit

Drop patch #3. libntpq_a_CFLAGS now includes NTP_HARD_CFLAGS via
AM_CFLAGS.

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit da05d74805)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:29:14 +02:00
Adam Duskett 96828612b2 ntp: explicitly enable openssl-random when crypto is enabled
If OpenSSL is selected, --enable-openssl-random should be explicitly
enabled for consistency with the disable case.

[Peter: tweak commit text]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 905677cbd5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:28:49 +02:00
Adam Duskett 0607eb5347 ntp: no longer require openssl
4.2.8p10 no longer requires openssl to compile.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8a2111258a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:27:26 +02:00
Peter Seiderer ec1617d6e5 dhcp: disable isc assertions (reproducible builds)
The isc assertions from the bundled bind dns library are
using the __FILE__ macro for debug messages (see
dhcp-4.3.5/bind/bind-9.9.9-P3/lib/isc/include/isc/assertions.h).

Disabling the assertions gains:

- reproducible builds (no build time paths in the executable)
- space saving on the target:
  dhcpd: 1.9M -> 1.6M
  dhcrelay: 1.6M -> 1.3M

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3d1a7a8620)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:24:33 +02:00
Fabio Estevam b800794c80 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x/4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9fab7e408a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:22:55 +02:00
Peter Korsgaard 9a31eb5f2c Makefile, manual, website: Bump copyright year
Happy 2018!

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 676400379a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:20:19 +02:00
Baruch Siach 9de753fcbd dnsmasq: update homepage link
The doc.html seems like a better choice for a homepage link than the
list of files in the containing directory listing.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f9da847d93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:19:45 +02:00
Adam Duskett 45d13b7833 postgresql: security bump to 9.6.8
Helps mitigate CVE-2018-1058

see: https://www.postgresql.org/about/news/1834/ for more information bugfixes.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 12:11:43 +01:00
Jeroen Roovers c849300796 lz4: version v1.7.5
Signed-off-by: Jeroen Roovers <jer@airfi.aero>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5408fc925d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-18 21:07:15 +01:00
Adam Duskett 7152a61322 postgresql: security bump to 9.6.7
from https://www.postgresql.org/about/news/1829/

Fixes:
[1] CVE-2018-1052: Fix the processing of partition keys containing multiple
                   expressions

[2] CVE-2018-1053: Ensure that all temporary files made with "pg_upgrade" are
                   non-world-readable

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-15 22:28:28 +01:00
Peter Korsgaard 91850b3497 Update for 2017.02.10
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 20:19:39 +01:00
Julien BOIBESSOT 82c2214df7 package/liberation: fix download site due to recent fedorahosted.org closing
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 53c07aa3a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 16:45:36 +01:00
Fabio Estevam d6c4c48b8b linux-headers: bump 4.{4, 9}.x series
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2dbfb76d2e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 16:32:21 +01:00
Carlos Santos 78d4e60c0e eudev: fix printf usage in init script
Using a variable in a printf format string may lead to undesirable
results if the variable contains format controls, so replace

    printf "foo $var bar"

by

    printf "foo %s bar" "$var"

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6298ed8bf4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:17:01 +01:00
Carlos Santos 1a2da909ca eudev: fix error handling init script
Replace (echo "msg" && exit 1) by { echo "msg"; exit 1; }.

The (list) compound command runs in a subshell, so the "exit" interrupts
the subshell, not the main script. Examples:

    $ sh -c "echo 1; (exit 1); echo 2"
    1
    2
    $ sh -c "echo 1; { exit 1; }; echo 2"
    1
    $

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3f568fe099)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:16:52 +01:00
Bernd Kuhls 8207b3ad28 package/berkeleydb: add security fix for CVE-2017-10140
Fixes CVE-2017-10140: Berkeley DB reads DB_CONFIG from cwd

For more details, see:
https://security-tracker.debian.org/tracker/CVE-2017-10140

And add license hash while we are at it.

[Peter: extend commit message]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 0b368023f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:09:18 +01:00
Peter Korsgaard e4755cd898 dovecot: add upstream security fix for CVE-2017-15132
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0.  An abort of SASL
authentication results in a memory leak in dovecot's auth client used by
login processes.  The leak has impact in high performance configuration
where same login processes are reused and can cause the process to crash due
to memory exhaustion.

For more details, see:
http://www.openwall.com/lists/oss-security/2018/01/25/4

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 28adb37be4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:09:00 +01:00
Bernd Kuhls 115bebbf18 package/dovecot: bump version to 2.2.33.2
Added license hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 746f94c282)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:08:32 +01:00
Bernd Kuhls 96202e7007 package/dovecot: bump version to 2.2.31
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5723251f18)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:08:22 +01:00
Bernd Kuhls d3c155461e package/dovecot: bump version to 2.2.30.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 64c476da40)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:08:07 +01:00
Bernd Kuhls fd5d1db660 package/dovecot: bump version to 2.30.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 083e9c64f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:08:01 +01:00
Bernd Kuhls 5b8514907d package/dovecot: bump version to 2.2.30
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bcded15090)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:07:55 +01:00
Peter Korsgaard e35b7a17e0 openocd: add security fix for CVE-2018-5704
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP
POST for sending data to 127.0.0.1 port 4444, which allows remote attackers
to conduct cross-protocol scripting attacks, and consequently execute
arbitrary commands, via a crafted web site.

For more details, see:
https://sourceforge.net/p/openocd/mailman/message/36188041/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8fb8dddbf4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a01d75d125)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:04:51 +01:00
Peter Korsgaard d52cd750c7 wireshark: security bump to version 2.2.12
Fixes the following security issues:

CVE-2017-17997: MRDISC dissector crash
https://www.wireshark.org/security/wnpa-sec-2018-02.html

CVE-2018-5334: IxVeriWave file parser crash
https://www.wireshark.org/security/wnpa-sec-2018-03.html

CVE-2018-5335: WCP dissector crash
https://www.wireshark.org/security/wnpa-sec-2018-04.html

CVE-2018-5336: Multiple dissectors could crash
https://www.wireshark.org/security/wnpa-sec-2018-01.html

For more information, see the release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html

While we are at it, also add as hash for license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2d920ad1b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:04:31 +01:00
Bernd Kuhls 4b2b530d55 package/transmission: security bump version to 2.93
Fixes CVE-2018-5702:
https://github.com/transmission/transmission/pull/468

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6e43a52aa8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:04:16 +01:00
Bernd Kuhls f62ac81b70 package/clamav: security bump to version 0.99.3
Fixes CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.

For details see upstream announcement:
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

Added license hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ffb5dee113)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:03:19 +01:00
Bernd Kuhls 6b8b40cfaf package/clamav: renumber patch
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c60a54ff8b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:03:05 +01:00
Bernd Kuhls 0420d0910b package/clamav: add optional dependency to json-c
clamav has optional support for json-c:

$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/libclamav.so.7.1.1 | grep NEEDED
 0x00000001 (NEEDED)                     Shared library: [libltdl.so.7]
 0x00000001 (NEEDED)                     Shared library: [libssl.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libcrypto.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libz.so.1]
 0x00000001 (NEEDED)                     Shared library: [libjson-c.so.2]
 0x00000001 (NEEDED)                     Shared library: [libc.so.0]

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 013207f2e4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:02:36 +01:00
Bernd Kuhls 2e7314247f package/clamav: needs libtool
clamav contains a copy of libltdl which is used when the libtool
package is not present, this increases the filesize of the target libs:

linked against libltdl.so:

-rwxr-xr-x 1 bernd bernd 1838528 Mär 11 13:21 output/target/usr/lib/libclamav.so.7.1.1

$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/libclamav.so.7.1.1 | grep NEEDED
 0x00000001 (NEEDED)                     Shared library: [libltdl.so.7]
 0x00000001 (NEEDED)                     Shared library: [libssl.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libcrypto.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libz.so.1]
 0x00000001 (NEEDED)                     Shared library: [libc.so.0]

not linked against libltdl.so:

-rwxr-xr-x 1 bernd bernd 1859548 Mär 11 13:21 output/target/usr/lib/libclamav.so.7.1.1

$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/libclamav.so.7.1.1 | grep NEEDED
 0x00000001 (NEEDED)                     Shared library: [libssl.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libcrypto.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libz.so.1]
 0x00000001 (NEEDED)                     Shared library: [libc.so.0]

Therefore this patch adds libtool as hard dependency to clamav.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a5b0607b4a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:02:27 +01:00
Mark Hirota 2b1b52ba8e ccache: bump to version 3.3.5
(Likely) fixes #10536

https://bugs.buildroot.org/show_bug.cgi?id=10536

Signed-off-by: Mark Hirota <markhirota@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 01955b5b6e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:00:42 +01:00
Gustavo Zacarias d8e24ab5e7 ccache: bump to version 3.3.4
Switch download URL to avoid a redirect.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 64da2fd259)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:59:07 +01:00
Fabio Estevam 7204c26c1f linux-headers: bump 4.{4, 9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 770c19df08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:58:32 +01:00
Fabio Estevam 6e8ffd8180 linux-headers: bump 4.1.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4d7bd9f643)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:57:56 +01:00
Baruch Siach 6577e33ff0 libcurl: security bump to version 7.58.0
Fixes CVE-2018-1000007: libcurl might leak authentication data to third
parties.

https://curl.haxx.se/docs/adv_2018-b3bf.html

Fixes CVE-2018-1000005: libcurl contains an out bounds read in code handling
HTTP/2 trailers.

https://curl.haxx.se/docs/adv_2018-824a.html

Update license hash due to copyright year change.

[Peter: also add CVE-2018-1000005 reference]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e02dd5a492)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:56:10 +01:00
Carlos Santos 59967b4933 util-linux: disable useless programs in the host package
Disable all programs that depend on ncurses, as well as utilities that
are useless on the host: agetty, chfn-chsh, chmem, login, lslogins,
mesg, more, newgrp, nologin, nsenter, pg, rfkill, schedutils, setpriv,
setterm, su, sulogin, tunelp, ul, unshare, uuidd, vipw, wall, wdctl,
write, zramctl.

Also add dependency on host-zlib if host cramfs utils are to be built.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 67170b76af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:55:54 +01:00
Adrian Perez de Castro b79ca02d77 webkitgtk: security bump to version 2.18.6
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE-2018-4088, CVE-2017-13885,
CVE-2017-7165, CVE-2017-13884, CVE-2017-7160, CVE-2017-7153,
CVE-2017-7153, CVE-2017-7161, and CVE-2018-4096. Additionally, it solves
a GStreamer deadlock when stopping video playback, and contains fixes
and improvements for the WebDriver implementation.

Release notes can be found in the announcement:

  https://webkitgtk.org/2018/01/24/webkitgtk2.18.6-released.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 54798893b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:47:50 +01:00
Adrian Perez de Castro 03c1972f73 webkitgtk: Add missing libtasn1 dependency
Nowadays libtasn1 is always required and if not present the CMake
configuration step would fail.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d052ed473d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:47:43 +01:00
Gary Bisson 4a4e93f44a fis: fix typo in build command
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 840d1a8d56)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:15:56 +01:00
Peter Korsgaard 3be81ea5d3 squid: add upstream post-3.5.27 security patches
Fixes the following security issues:

SQUID-2018:1 Due to incorrect pointer handling Squid is vulnerable to denial
of service attack when processing ESI responses.

http://www.squid-cache.org/Advisories/SQUID-2018_1.txt

SQUID-2018:2  Due to incorrect pointer handling Squid is vulnerable to
denial of service attack when processing ESI responses or downloading
intermediate CA certificates.

http://www.squid-cache.org/Advisories/SQUID-2018_2.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6f481c83b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:15:43 +01:00
Peter Korsgaard 7ee653689d squid: bump version to 3.5.27
And add a hash for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 001b834aac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:15:37 +01:00
Vicente Olivert Riera 5ce5653e48 squid: bump version to 3.5.26
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fffced338d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:14:57 +01:00
Vicente Olivert Riera ceb374ae17 squid: bump version to 3.5.25
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 330ad683c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:14:49 +01:00
Alistair Francis 046987a601 package/xen: Force disable SDL for xen-qemu build
Fixes autobuilder issue:
http://autobuild.buildroot.net/results/8bcb80dc93d38bb38ca32ad93d52c22d1176d57e/

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a5dd72181e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 08:07:43 +01:00
Ed Blake 66d94a0ed1 rpcbind: Backport fixes to memory leak security fix
Commit 954509f added a security fix for CVE-2017-8779, involving
pairing all svc_getargs() calls with svc_freeargs() to avoid a memory
leak.  However it also introduced a couple of issues:

- The call to svc_freeargs() from rpcbproc_callit_com() may result in
  an attempt to free static memory, resulting in undefined behaviour.

- A typo in the svc_freeargs() call from pmapproc_dump() causes NIS
  (aka ypbind) to fail.

Backport upstream fixes for these issues to version 0.2.3.

Signed-off-by: Ed Blake <ed.blake@sondrel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5a9a95d0eb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 08:07:29 +01:00
Einar Jon Gunnarsson ca8e637eb4 iputils: fix ping and traceroute6 executable permissions
The iputils executables are installed without the setuid bit set,
which prevents some programs from working.

This patch adds a permission table to fix the permissions of the ping
and traceroute6 executables.

Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b0e2d00289)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 08:07:05 +01:00
Fabio Estevam 0b7278edc8 linux-headers: bump 4.{4, 9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f8fc447c20)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 08:05:44 +01:00
Peter Korsgaard 1c87c3baf4 bind: security bump to version 9.11.2-P1
Fixes the following security issue:

CVE-2017-3145: Improper sequencing during cleanup can lead to a
use-after-free error, triggering an assertion failure and crash in
named.

For more details, see the advisory:
https://lists.isc.org/pipermail/bind-announce/2018-January/001072.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d72a2b9247)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:46:28 +01:00
Guillermo A. Amaral eefe01c5d1 support/kconfig: Apply upstream nconfig ncurses/ncursesw fix
Buildroot's "make nconfig" command stopped working a while ago on
Gentoo systems. Running the command would result in a crash.

The issue is caused by lxdialog's cflags which are also used to build
nconfig; It would detect *ncursesw* and turn on WIDECHAR support --
but the Makefile would still link to plain *ncurses* while building
nconfig (which was built without WIDECHAR support).

This would cause a crash after using *wattrset* on a WINDOW instance.
WIDECHAR *wattrset* would try to set the _color member in the WINDOW
struct which does not exist in the NON-WIDECHAR ncurses instance. It
would end up clobbering data outside the struct (usually _line entries).

An upstream patch fixes the issue, so we're applying it to Buildroot's
kconfig.

Signed-off-by: Guillermo A. Amaral <g@maral.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8aa4ee2b02)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:45:17 +01:00
Romain Naour 4298d90fde package/ti-cgt-pru: bump to 2.2.1
See: http://www.ti.com/tool/download/PRU-CGT-2-2

The ti-cgt-pru v2.1.x installer are affected by a bug with recent
distribution (Fedora 27 and Ubuntu 17.10) using kernel 4.13 or 4.14
with a glibc 2.26.
The installer is stuck in a futex(wait) system call.

While at it, add license hash.

Fixes:
http://autobuild.buildroot.net/results/68f/68f60ad38d9b6eae83b5d233966616a25d8c9391

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Ash Charles <ash.charles@savoirfairelinux.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0e162b932d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:44:58 +01:00
Cam Mannett 3d57974bce ti-cgt-pru: bump version to 2.1.4
Signed-off-by: Cam Mannett <camden.mannett@protonmail.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 82bc0222e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:41:53 +01:00
Thomas Petazzoni d40ba85e00 system: only expose getty options for busybox and sysvinit
Only busybox and sysvinit handle the BR2_TARGET_GENERIC_GETTY_TERM and
BR2_TARGET_GENERIC_GETTY_OPTIONS options; the other init systems do
not.

So, protect those options behind appropriate dependencies on busybox
or sysvinit.

Fixes #10301.

Reported-by: Michael Heinemann <posted@heine.so>
Suggested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5e23eb5da7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:37:26 +01:00
Peter Korsgaard 49daa38f61 mcookie: correct wrong memset argument
Fixes #10216

Building mcookie generates a warning about possible wrong arguments to
memset:

mcookie.c:207:26: warning: argument to ‘sizeof’ in ‘memset’ call is the same expression
  as the destination; did you mean to dereference it? [-Wsizeof-pointer-memaccess]
     memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */

ctx is a pointer to a structure, so the code should use the size of the
structure and not the size of the pointer when it tries to clear the
structure, similar to how it got fixed upstream back in 2009:

https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/lib/md5.c?id=6596057175c6ed342dc20e85eae8a42eb29b629f

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 40f4191f2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:36:59 +01:00
Thomas Petazzoni 17cf7e511e lz4: install programs as well as libraries
Prior to commit 8ad38a4fc2
("package/lz4: bump version to r131"), the lz4 package was installing
both libraries and programs, but this commit changed the behavior to
only install libraries.

The contributor might have been confused by the fact that the build
command was "$(MAKE) ... -C $(@D) liblz4", suggesting that only the
library was built. But since the install command was "$(MAKE) ... -C
$(@D) install", the programs were effectively built as part of the
install step, and installed as well.

Since it makes sense for lz4 to also installs its programs, this
commit adjusts the package accordingly.

It is worth mentioning that using the "all" target during the build
step is important. Indeed, otherwise the programs/Makefile has a
"default" target that doesn't build everything (especially the lz4c
program) and it end up being built as part of the install step, due to
how the makefile dependencies are handled in the lz4 project. To make
sure that everything gets built during the build step, we explicitly
use the "all" target.

Fixes bug #9996

Reported-by: Jamin Collins <jamin.collins@gmail.com>
Initial-analysis-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6f1c11f79a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:36:42 +01:00
Thomas Petazzoni 6b0193a883 lz4: pass {TARGET,HOST}_CONFIGURE_OPTS in the environment
{TARGET,HOST}_CONFIGURE_OPTS are currently passed as $(MAKE) argument,
which causes some CPPFLAGS/CFLAGS defined by the package build system to
be overridden, leading to build failures. This commit changes the lz4
package to pass {TARGET,HOST}_CONFIGURE_OPTS through the environment to
avoid this issue.

Fixes:

  http://autobuild.buildroot.net/results/2a578a9c462463fde802c999156723494fe1b14d/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f4dc73568b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:36:29 +01:00
Thomas Petazzoni a06bf88dca busybox: don't remove S01logging when CONFIG_SYSLOGD is disabled
The current busybox.mk explicitly removes S01logging if CONFIG_SYSLOGD
is disabled in the Busybox configuration. However:

 - This causes the removal of the S01logging script potentially
   installed by another package (currently syslog-ng, rsyslog and
   sysklogd can all install a S01logging script).

 - We generally don't try to clean-up stuff that we may have installed
   in a previous make invocation and that is no longer needed
   following a configuration change.

Fixes bug #10176

Reported-by: Karl Krach <mail@kkrach.de>
Fix-provided-by: Karl Krach <mail@kkrach.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 84e835ea92)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:29:09 +01:00
Thomas Petazzoni ca30124eb0 package/kmsxx: don't install static libraries when BR2_SHARED_STATIC_LIBS=y
The kmsxx build system can only build either shared libraries *or*
static libraries, not both. Therefore, the build currently fails when
BR2_SHARED_STATIC_LIBS=y because we try to install the static
libraries, that haven't been built.

We fix this by not installing the static libraries when
BR2_SHARED_STATIC_LIBS=y, making BR2_SHARED_STATIC_LIBS=y essentially
the same as BR2_SHARED_LIBS=y for this package.

Fixes bug #10331.

Reported-by:  Frederic MATHIEU <frederic.mathieu@dualis.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 28d5ca9c96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:15:38 +01:00
Thomas Petazzoni 173fa7c010 package/avahi: fix typo in avahi_tmpfiles.conf
There is an obvious typo in avahi_tmpfiles.conf: avahi-autoipd is
badly spelled.

Fixes bug #10641.

Reported-by: Michael Heinemann <posted@heine.so>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c427ce4d9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:14:33 +01:00
Bernd Kuhls 9d44f98b08 package/intel-microcode: security bump to version 20180108
Quoting releasenote:

"Intel Processor Microcode Package for Linux
20180108 Release

-- Updates upon 20171117 release --
IVT C0          (06-3e-04:ed) 428->42a
SKL-U/Y D0      (06-4e-03:c0) ba->c2
BDW-U/Y E/F     (06-3d-04:c0) 25->28
HSW-ULT Cx/Dx   (06-45-01:72) 20->21
Crystalwell Cx  (06-46-01:32) 17->18
BDW-H E/G       (06-47-01:22) 17->1b
HSX-EX E0       (06-3f-04:80) 0f->10
SKL-H/S R0      (06-5e-03:36) ba->c2
HSW Cx/Dx       (06-3c-03:32) 22->23
HSX C0          (06-3f-02:6f) 3a->3b
BDX-DE V0/V1    (06-56-02:10) 0f->14
BDX-DE V2       (06-56-03:10) 700000d->7000011
KBL-U/Y H0      (06-8e-09:c0) 62->80
KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80
KBL-H/S B0      (06-9e-09:2a) 5e->80
CFL U0          (06-9e-0a:22) 70->80
CFL B0          (06-9e-0b:02) 72->80
SKX H0          (06-55-04:b7) 2000035->200003c
GLK B0          (06-7a-01:01) 1e->22"

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19ab5952fa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:13:42 +01:00
Bernd Kuhls 856379bd1b package/intel-microcode: bump version to 20171117
Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6d2d6cbf90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:13:36 +01:00
Bernd Kuhls ff54fccc9f package/intel-microcode: bump to version 20170707
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7896af3f94)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:13:21 +01:00
Bernd Kuhls dfb6b48cc7 package/intel-microcode: bump version to 20170511
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit db04cda0d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:13:13 +01:00
Adrian Perez de Castro 10e19971c6 webkitgtk: security bump to version 2.18.5
This is a maintenance release of the current stable WebKitGTK+ version,
which contains mitigations for CVE-2017-5753 and CVE-2017-5715, the
vulnerabilities known as the "Spectre" attack. It also contains a fix
which allows building the reference documentation with newer gtk-doc
versions.

Release notes can be found in the announcement:

  https://webkitgtk.org/2018/01/10/webkitgtk2.18.5-released.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c5bc08ba3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:12:15 +01:00
Fabio Estevam 73d103ccfe linux-headers: bump 4.{4, 9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f932dc9626)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:10:51 +01:00
Fabio Estevam ed05e8a2fe linux-headers: bump 3.2.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a24ed4127e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:09:22 +01:00
Peter Korsgaard 12909ab1b4 irssi: security bump to version 1.0.6
>From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):

Multiple vulnerabilities have been located in Irssi.

(a) When the channel topic is set without specifying a sender, Irssi
    may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)

    CVE-2018-5206 was assigned to this issue.

(b) When using incomplete escape codes, Irssi may access data beyond
    the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5205 was assigned to this issue.

(c) A calculation error in the completion code could cause a heap
    buffer overflow when completing certain strings. (CWE-126) Found
    by Joseph Bisch.

    CVE-2018-5208 was assigned to this issue.

(d) When using an incomplete variable argument, Irssi may access data
    beyond the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5207 was assigned to this issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit aebdb1cd4b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:08:43 +01:00
Bernd Kuhls 4273c138d1 package/pound: Fix build with openssl 1.0.2
Fixes
http://autobuild.buildroot.net/results/5be/5be1082dee8387b1140d802ac3c788896a4bf980/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d28fa26f27)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:02:17 +01:00
Yann E. MORIN 5a7cb6dcf6 core/infra: fix build on toolchain without C++
Autotools-based packages that do not need C++ but check for it, and use
libtool, will fail to configure on distros that lack /lib/cpp.

This is the case for example on Arch Linux, where expat fails to build
with:

    configure: error: in `/home/dkc/src/buildroot/build/build/expat-2.2.4':
    configure: error: C++ preprocessor "/lib/cpp" fails sanity check

This is because libtool uses AC_PROC_CXXCPP, which can not be avoided,
and does require a cpp that passes some "sanity" checks (does not choke
on valid input, but does choke on invalid input). So we can use neither
/bin/false nor /bin/true...

We instead need something that can digest some basic C++ preprocessor
input. We can't use the target preprocessor: that does not work, because
it obviously has no C++ cupport:

    arm-linux-cpp.br_real: error: conftest.cpp: C++ compiler not
    installed on this system

We can however consider that the host machine does have a C++ compiler,
so we use the host' cpp, which is gcc's compiler wrapper that ends up
calling the host's C++ preprocessor.

That would give us a valid C++ preprocessor when we don't have one, in
fact. But autotools will then correctly fail anyway, because there is
indeed no C++ compiler at all, as we can see in this excerpt of a
configure log from expat:

    checking whether we are using the GNU C++ compiler... no
    checking whether false accepts -g... no
    checking dependency style of false... none
    checking how to run the C++ preprocessor... cpp
    checking whether the false linker (/home/ymorin/dev/buildroot/O/host/bin/arm-linux-ld) supports shared libraries... yes
    libtool.m4: error: problem compiling CXX test program
    checking for false option to produce PIC...  -DPIC
    checking if false PIC flag  -DPIC works... no
    checking if false static flag  works... no
    checking if false supports -c -o file.o... no
    checking if false supports -c -o file.o... (cached) no
    checking whether the false linker (/home/ymorin/dev/buildroot/O/host/bin/arm-linux-ld) supports shared libraries... yes

So, using the host's C++ preprocessor (by way of gcc's wrapper) leads to
a working situation, where the end result is as expected.

Reported-by: Damien Riegel <damien.riegel@savoirfairelinux.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Damien Riegel <damien.riegel@savoirfairelinux.com>
Cc: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bd39d11d2e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:01:31 +01:00
Bernd Kuhls 81addfcabe package/php: security bump to 7.1.13
Removed 0008-fix-asm-constraints-in-aarch64-multiply-macro.patch, patch
was applied upstream:
https://github.com/php/php-src/commit/d6d4f2a9b38cd7fa7e938142e49e5a514d612e52

Renumbered patch 0009.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2c59323b84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:33:50 +01:00
Bernd Kuhls 5356c7df69 package/php: bump version to 7.1.12
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ab01a1279c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:33:41 +01:00
Bernd Kuhls de159eb44c package/php: bump version to 7.1.11
Changelog: http://www.php.net/ChangeLog-7.php#7.1.11
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8c4a432185)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:33:32 +01:00
Bernd Kuhls 24f088b0d6 package/php: bump version to 7.1.10
Changelog: http://www.php.net/ChangeLog-7.php#7.1.10

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6429f1a4bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:33:22 +01:00
Bernd Kuhls 231f5e9a4d package/php: bump version to 7.1.9
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cee153b838)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:33:18 +01:00
Fabio Estevam ba2560d2da linux-headers: bump 4.{4, 9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7f02b4ae45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:32:28 +01:00
Ryan Coe 96c3b3455c mariadb: security bump version to 10.1.30
Release notes: https://mariadb.com/kb/en/mariadb-10130-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10130-changelog/

Fixes the following security vulnerability:

CVE-2017-15365 - Replication in sql/event_data_objects.cc occurs before ACL
checks.

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca1f2d266d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:31:41 +01:00
Fabio Estevam 8039ef2ebf linux-headers: bump 4.{4, 9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1897a56a2b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:28:17 +01:00
Fabio Estevam 18867c1695 linux-headers: bump 3.2.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 28d57106b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:27:03 +01:00
Carlos Santos 5188e3eb03 coreutils: expand list of files moved from /usr/bin to /bin
BusyBox installs kill, link, mktemp, nice and printenv on /bin, so
ensure that coreutils replaces them.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 443897bce4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:26:52 +01:00
Baruch Siach ac845908dd eeprog: fix homepage link
The current link leads to a 400 Bad Request error page.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b0748bd1ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:25:06 +01:00
Thomas Petazzoni c7787871d4 tar: do not build SELinux support for host variant
If we don't explicitly disable SELinux support in the host-tar build,
it might pick up system-wide installed SELinux libraries, causing the
tar in HOST_DIR/bin/ to depend on the host SELinux libraries, which is
not desirable to make the SDK portable/relocatable.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 121807c089)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:24:51 +01:00
Yann E. MORIN 441e222d24 package/matchbox-lib: correctly fix the .pc file
First, the .pc file was so far fixed as a post-configure hook of the
matchbox-fakekey package, by directly tweaking the .pc file installed in
staging by matchbox-lib. That's uterly wrong and bad.

So, we move the fix to matchbox-lib.

Second, it was incorreclty tweaking the .pc file when xlib_libXft was
not enabled, because only then a path to staging was present.

Third, even when xlib_libXft was enabled, the tweaking was still wrong,
because unnecessary.

Fix all that.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 84a2645e5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:24:14 +01:00
Yann E. MORIN 8de952490c matchbox-lib: fix dependencies
matchbox-lib build-depends on xlib_libXext, but forgets to select it.
It also build-depends on expat without selecting it, but it does need
it.

Fix that: select xlib_libXext, remove expat.

Add myself to developpers for matchbox packages.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2cfda4704e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:23:54 +01:00
Marcus Folkesson 8edcd98c49 libiio: fix libavahi-client dependency
Avahi needs avahi-daemon and D-Bus to build avahi-client.

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 18e00edb77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:22:29 +01:00
Peter Korsgaard 8f03647169 Update for 2017.02.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-01 12:20:54 +01:00
Peter Korsgaard d9e0bd8555 nodejs: security bump to version 6.12.2
Fixes CVE-2017-15896 - Node.js was affected by OpenSSL vulnerability
CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake
failure.  The result was that an active network attacker could send
application data to Node.js using the TLS or HTTP2 modules in a way that
bypassed TLS authentication and encryption.

For more details, see the announcement:
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 10:43:28 +01:00
Fabio Estevam 6314990729 linux-headers: bump 4.{9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e4bdd2a824)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 09:30:51 +01:00
Fabio Estevam a95aa0ee5e linux-headers: bump 4.{1, 4, 9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 634bdbd52e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 09:29:24 +01:00
Romain Naour e490180464 package/libpqxx: fix broken sed call
Backport 2 upstream fix.

Fixes:
http://autobuild.buildroot.net/results/0d1/0d131f9fa5cce259d999f7d57f9092675bfc24c7

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit de035220aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 09:27:37 +01:00
Romain Naour 524b881254 package/mfgtools: bump to 0.02
Bump mfgtools to include the fix [1] for the C++ build issue reported
by the autobuilders.

This bump include only 4 small commits fixing memory leak and this
build issue.

Remove CPOL.htm (removed upstream) from MFGTOOLS_LICENSE_FILES but CPOL
license is still valid.
Add the README.txt file to MFGTOOLS_LICENSE_FILES since it contains
licensing informations:

Licenses:
- CPOL: MfgToolLib/XmlLite.CPP and XmlLite.h
- BSD: Others.

Add license file hash.

[1] https://github.com/codeauroraforum/mfgtools/commit/b370a43e548440025d274ff2abbb25342bbaa78c

Fixes:
http://autobuild.buildroot.net/results/7c2bbbe13ab315684f3502afd96958a76879b1d5

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 34c4c0680a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 09:25:53 +01:00
Baruch Siach eb1dcc49e5 xfsprogs: update homepage link
The old SGI site is not accessible anymore. Use the link from the README
file.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1fa2f7646f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 09:24:11 +01:00
Romain Naour c3fb5bb317 package/libcue: is not parallel-safe
The last commit before the 1.4.0 release was to disable parallel build [1]

[1] https://github.com/lipnitsk/libcue/commit/bebbc18a8c00a0b8c26bc6191af68c6a83629b40

Fixes:
http://autobuild.buildroot.net/results/f25/f256037ca3d49f96add8ca2e2f9c980f5f9d764e
http://autobuild.buildroot.net/results/d84/d84c7d0cb9cf5fa9996c42149eda5295700516f5

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 103d283c44)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 09:23:54 +01:00
Adrian Perez de Castro b62235b055 webkitgtk: security bump to version 2.18.4
This is a maintenance release of the current stable WebKitGTK+ version,
which contains fixes for CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, and
CVE-2017-13856.  Additionally, this release brings improvements in the
WebDriver spec-compliance, plugs several memory leaks in its GStreamer based
multimedia backend, and fixes a bug when handling cookie removal.

Release notes can be found in the announcement:

  https://webkitgtk.org/2017/12/19/webkitgtk2.18.4-released.html

More details about the security fixes are provided in the following
WebKitGTK+ Security Advisory report:

  https://webkitgtk.org/security/WSA-2017-0010.html

Last but not least, this new release includes the fix for honoring the
CMAKE_BUILD_TYPE value from CMake toolchain files and the corresponding
patch is removed.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fbf6a483e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 09:22:46 +01:00
Adrian Perez de Castro 329eca530b webkitgtk: Add license hashes
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e7f82694cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 09:22:09 +01:00
Baruch Siach 738cc3e352 libsoxr: remove unicode dash from help text
This would make the unicode challenged menuconfig show something
sensible.

Split the sentence for the text to make sense.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5099c90939)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 73531776df)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 09:18:29 +01:00
Fabio Estevam 0ac71f58f2 linux-headers: bump 4.{4, 9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8447f04c1c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 09:16:23 +01:00
Peter Korsgaard 30e58bbff6 rsync: add upstream security fix for CVE-2017-16548
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development
does not check for a trailing '\0' character in an xattr name, which allows
remote attackers to cause a denial of service (heap-based buffer over-read
and application crash) or possibly have unspecified other impact by sending
crafted data to the daemon.

For more details, see:
https://bugzilla.samba.org/show_bug.cgi?id=13112

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7f33f1d848)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 09:14:53 +01:00
Damien Riegel b6d7c3c1c9 lldpd: remove check on CXX compiler
lldpd currently depends on a C++ compiler to configure properly, but
the package doesn't select that option, so builds fail if
BR2_TOOLCHAIN_BUILDROOT_CXX is not selected with following errors:

  checking how to run the C++ preprocessor... /lib/cpp
  configure: error: in `/home/dkc/src/buildroot/build-zii/build/lldpd-0.9.4':
  configure: error: C++ preprocessor "/lib/cpp" fails sanity check

This package actually builds fine without C++, so drop this check in
configure.ac. Attached patch has already been accepted upstream [1].

[1] https://github.com/vincentbernat/lldpd/pull/261

[Peter: adjust autoreconf comment]
Signed-off-by: Damien Riegel <damien.riegel@savoirfairelinux.com>
Reviewed-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 18c9cda6e4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 09:12:25 +01:00
Peter Seiderer 346580d8fc gdb: prevent installation of libbfd.so and libopcode.so
The gdb install target installs dynamic versions of libbfd and
libopcode, accidentally overwriting the binutils provided versions
(gdb itself links against the bundled static ones to avoid
version problems, so the dynamic ones are un-needed).

Prevent the installation by using the '--disable-install-libbfd'
configure option.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b54c793195)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 00:04:06 +01:00
Fabio Estevam 6bac73c467 linux-headers: bump 4.{4, 9}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 06bbe7f7b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 00:03:46 +01:00
Ryan Coe 7ab5e1ec8e mariadb: security bump version to 10.1.29
Release notes: https://mariadb.com/kb/en/mariadb-10129-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10129-changelog/

Fixes the following security vulnerabilities:

CVE-2017-10378 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily
exploitable vulnerability allows low privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server.

CVE-2017-10268 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication). Supported versions that are affected are
5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to
exploit vulnerability allows high privileged attacker with logon to the
infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized access to
critical data or complete access to all MySQL Server accessible data.

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e299197a2c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 00:02:40 +01:00
Ryan Coe 20595a8050 mariadb: bump version to 10.1.28
Release notes: https://mariadb.com/kb/en/mariadb-10128-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10128-changelog/

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ff614db18e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 00:02:04 +01:00
Fabio Estevam 6970383186 linux-headers: bump 4.{9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 985d1a03c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-31 00:00:07 +01:00
Yann E. MORIN ed8c4f21d0 package/nut: don't build in parallel
The conditions are not trivial to reproduce, but it can happen that the
headers are not fully regenerated by the time they are included.

This only happens when a python and/or perl interpreter are available,
with a high number of jobs and a high load.

Fixes:
    http://autobuild.buildroot.org/results/523/5231ff39a0839ec5e1962662004214d4b0773068/
    http://autobuild.buildroot.org/results/5a7/5a75d44c028e77b58f0fd9ab794952f2b477dd84/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1d8de10c5f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-30 23:36:52 +01:00
Baruch Siach 91322d7682 dhcp: add upstream security fix
Fixes socket leak that might cause denial of serivce.

https://bugzilla.redhat.com/show_bug.cgi?id=1523547

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a4c6ac59e6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-30 23:31:48 +01:00
Baruch Siach 21f669bcc2 dhcp: bump to version 4.3.6
Renumber the patch.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 99da25a5fa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-30 23:31:18 +01:00
Bernd Kuhls 2e0893e333 package/vlc: security bump to version 2.2.8
Version 2.2.7 fixes CVE-2017-10699
http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=0de56d69ff06afceb5b16721ea5965a676b938b9

Removed patches applied upstream:
0013-codec-avcodec-check-avcodec-visible-sizes.patch
http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b

0014-decoder-check-visible-size-when-creating-buffer.patch
http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49

Added all hashes provided by upstream, added license hashes.

Switched _SITE to https.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 94e523941e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 59c427d86a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-30 23:30:28 +01:00
Bernd Kuhls 758216acea linux-headers: bump 4.{4, 9}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1bc6f2d5cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-28 23:42:37 +01:00
Bernd Kuhls 7d5d1005d6 package/heimdal: bump version to 7.5.0
This release fixes CVE-2017-17439:
https://github.com/heimdal/heimdal/releases

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 87ae2ac1cc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-28 23:42:04 +01:00
Bernd Kuhls 3d0e4eb17f package/openssl: security bump to version 1.0.2n
Fixes CVE-2017-3737 & CVE-2017-3738:
https://www.openssl.org/news/secadv/20171207.txt

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 09a756a5a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-28 23:41:03 +01:00
Peter Korsgaard 2808a6dcd9 wireshark: security bump to version 2.2.11
Fixes the following security issues:

wnpa-sec-2017-47: The IWARP_MPA dissector could crash. (Bug 14236)

https://www.wireshark.org/security/wnpa-sec-2017-47.html

wnpa-sec-2017-48: The NetBIOS dissector could crash. (Bug 14249)

https://www.wireshark.org/security/wnpa-sec-2017-48.html

wnpa-sec-2017-49: The CIP Safety dissector could crash. (Bug 14250)

https://www.wireshark.org/security/wnpa-sec-2017-49.html

For more information, see the release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.11.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d2bc1e2bbb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-28 23:35:52 +01:00
Baruch Siach 60638a279d rsync: add security fix patches
Fixes CVE-2017-17433 and CVE-2017-17434: remote bypass of security
restrictions.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7e0a002df7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-28 23:34:26 +01:00
Bernd Kuhls 9f17c300ce linux-headers: bump 4.1.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ddfd343828)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-28 23:33:35 +01:00
Johan Oudinet 5221f0f095 flann: Disable find package for HDF5
The HDF5 package is used by flann for testing purpose only and is
not part of buildroot packages. However, if present in the host, it will
be used and trigger the unsafe header/library path used in
cross-compilation error.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f6ee339e92)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-28 23:32:30 +01:00
Fabio Estevam b120f56478 linux-headers: security bump 4.{4, 9, 14}.x series
Fixes CVE-2017-1000405.

[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
[Thomas: adjust commit description to mention the CVE being fixed.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9f5178fa34)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-28 23:29:58 +01:00
Bernd Kuhls 47847412be linux-headers: bump 4.{4, 9}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e394b446f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-28 23:27:35 +01:00
Peter Korsgaard f4cf0ab238 libcurl: security bump to version 7.57.0
Fixes the following security issues:

- CVE-2017-8816: NTLM buffer overflow via integer overflow
- CVE-2017-8817: FTP wildcard out of bounds read
- CVE-2017-8818: SSL out of buffer access

For more details, see the changelog:
https://curl.haxx.se/changes.html#7_57_0

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fb2ed96198)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 22:00:05 +01:00
Bernd Kuhls 4b99779caf package/x11r7/xlib_libXfont: security bump to version 1.5.4
Fixes CVE-2017-16611:
https://lists.x.org/archives/xorg-announce/2017-November/002825.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit eae85b620d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:57:46 +01:00
Bernd Kuhls a275c43241 package/x11r7/xlib_libXfont: bump version to 1.5.3
Added all hashes provided by upstream.

Removed patches applied upstream:
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?h=libXfont-1.5-branch&id=a2a5fa591762b430037e33f1df55b460550ab406
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?h=libXfont-1.5-branch&id=3b08934dca75e4c559db7d83797bc3d365c2a50a

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 80dc50e716)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:57:39 +01:00
Bernd Kuhls e7dd1d72a8 package/x11r7/xlib_libXfont2: security bump to version 2.0.3
Fixes CVE-2017-16611:
https://lists.x.org/archives/xorg-announce/2017-November/002824.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 35f6288a54)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:56:50 +01:00
Bernd Kuhls eb9620b125 package/x11r7/xlib_libXfont2: bump version to 2.0.2
Removed patches applied upstream, added all upstream hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit eb8222ab0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:56:38 +01:00
Bernd Kuhls d974731120 package/x11r7/xlib_libXcursor: security bump to version 1.1.15
Fixes CVE-2017-16612:
https://lists.x.org/archives/xorg-announce/2017-November/002823.html

Added all hashed provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f781add88f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:55:40 +01:00
Jerzy Grzegorek c065201480 package/exim: change tarball compression to xz
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7c42b5f381)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:54:40 +01:00
Bernd Kuhls 28b6850585 package/exim: security bump to version 4.89.1
Fixes CVE-2017-16943 & CVE-2017-16944:
https://lists.exim.org/lurker/message/20171128.215505.79ea8efa.en.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 06473084f4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:54:23 +01:00
Bernd Kuhls 6c83ab28c3 package/exim: bump version to 4.89
Rebased patch #0003, added uClibc compatibility patch.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d791e9101c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:54:12 +01:00
Andrey Yurovsky f85b97136b support/scripts/size-stats: avoid divide-by-zero
Some packages (ex: skeleton-init-systemd) have a zero size so we cannot
divide by the package size. In that case make their percent zero
explicitly and avoid a ZeroDivisionError exception.

Signed-off-by: Andrey Yurovsky <yurovsky@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 88af7d330d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:52:17 +01:00
Danomi Manchego 607852cf38 samba4: ensure that copied cache.txt is writable
If the Buildroot tree is read-only, then cache.txt is copied read-only into
the build directory, and the configuration step fails.  Fix this in the
same way we do in other places, by opening permissions as we copy the file
using $(INSTALL).

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 832b2de3ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:51:17 +01:00
Adrian Perez de Castro 6fe30b8f5b webkitgtk: Add upstream patch to ensure CMAKE_BUILD_TYPE is honored
Make WebKitGTK+ honor the value of CMAKE_BUILD_TYPE defined in the CMake
toolchain file by backporting the following upstream WebKit patch:

    https://trac.webkit.org/changeset/225168

This reduces the generated binary sizes when building in "Release" mode
(BR2_ENABLE_DEBUG=n), for example when targeting ARMv8 the size reduction
is ~17 MiB.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a49c69862a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:50:12 +01:00
Carlos Santos 08d6d8538d mtools: do not link to libbsd
If libbsd is found by the configuration process, mtools unnecessarily
adds a NEEDED field with libbsd to its dynamic section, but it does not
actually use anything from libbsd under Linux. The same may happen to
host-mtools if some libbsd package is installed on the host machine.

Prevent this by forcing configure to bypass the checking for the
existence of a gethostbyname function in libbsd.

I stumbled on this problem when I built host-mtools and later removed
libbsd to upgrade to Fedora 27, due to Bug 1504831[1]. The previously
built host/bin/mtools started to fail due to the missing libbsd.so.0.

1. https://bugzilla.redhat.com/show_bug.cgi?id=1504831

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f5ef363732)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:49:09 +01:00
Baruch Siach 679a6cf5e1 libevent: disable openssl for host
As host-libevent does not depend on host-openssl, it might attempt to
build against the host installed openssl. This does not work very well
on various hosts. Since we don't really need encryption support in
host-libevent just disable openssl support.

Disable build of example code as we already do for the target libevent.

Should fix:
http://autobuild.buildroot.net/results/403/403886e3afc6d5d18a138f4b0651f3c5a50ed064/
http://autobuild.buildroot.net/results/a2a/a2a84692049b0fb8038f1ad4b06554ecdac32e3c/
http://autobuild.buildroot.net/results/a36/a36abb1ac556a8b50e140ea1851955744b152608/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 66426bfbc8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:48:13 +01:00
Fabrice Fontaine 92581a7b70 linphone: add optional dependency on libupnp
linphone can optionally use libupnp, so this dependency should be
accounted for in linphone.mk. In addition, linphone is not compatible
with libupnp18, but misdetects it as a a proper libupnp, causing a
build failure.

The build failure with libupnp18 currently only happens on the next
branch (because libupnp18 has only been added there), but adding the
optional dependency on libupnp makes sense for the master branch
anyway.

Fixes:

  http://autobuild.buildroot.net/results/473c686f9bc5335d25b720cf1b0c45389138a7b4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9e5390a20b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-20 21:44:36 +01:00
Peter Korsgaard fffc577bd6 tor: security bump to version 0.2.9.14
Fixes the following securoty issues:

- CVE-2017-8819: In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before
  0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before
  0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion
  services, aka TROVE-2017-009.  An attacker can send many INTRODUCE2 cells
  to trigger this issue.

- CVE-2017-8820: In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before
  0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before
  0.3.1.9, remote attackers can cause a denial of service (NULL pointer
  dereference and application crash) against directory authorities via a
  malformed descriptor, aka TROVE-2017-010.

- CVE-2017-8821: In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before
  0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before
  0.3.1.9, an attacker can cause a denial of service (application hang) via
  crafted PEM input that signifies a public key requiring a password, which
  triggers an attempt by the OpenSSL library to ask the user for the
  password, aka TROVE-2017-011.

- CVE-2017-8822: In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before
  0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before
  0.3.1.9, relays (that have incompletely downloaded descriptors) can pick
  themselves in a circuit path, leading to a degradation of anonymity, aka
  TROVE-2017-012.

- CVE-2017-8823: In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before
  0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before
  0.3.1.9, there is a use-after-free in onion service v2 during intro-point
  expiration because the expiring list is mismanaged in certain error cases,
  aka TROVE-2017-013.

For more details, see the release notes:
https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-11 23:02:45 +01:00
Peter Seiderer 1deeaefe37 Fix makefile include order by using sort/wildcard.
The 'include' directive in GNU make supports wildcards, but their
expansion has no defined sort order (GLOB_NOSORT is passed to glob()).
Usually this doesn't matter. However, there is at least one case where
it does make a difference: toolchain/*/*.mk includes both the
definitions of the external toolchain packages and
pkg-toolchain-external.mk, but pkg-toolchain-external.mk must be
included first.

For predictability, use ordered 'include $(sort $(wildcard ...))'
instead of unordered direct 'include */*.mk' everywhere.

Fixes [1] reported by Petr Vorel:

  make: *** No rule to make target 'toolchain-external-custom', needed by '.../build/toolchain-external/.stamp_configured'.  Stop.

[1] http://lists.busybox.net/pipermail/buildroot/2017-November/206969.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
[Arnout: also sort the one remaining include, of the external docs]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit b9d2d4cb4e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-30 08:24:03 +01:00
Peter Korsgaard d745e94683 Update for 2017.02.8
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-28 00:02:05 +01:00
Bernd Kuhls 82ba42f299 linux-headers: bump 3.2.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c8f0a823ef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-27 23:55:28 +01:00
Yann E. MORIN 750a0504ea package/dvb-apps: fix build with some perl version
perl can't find a module that is located in the current directory,
so help it locate it.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d8234d4400)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-27 23:53:37 +01:00
Yann E. MORIN b43d109a04 package/dvb-apps: is not parallel-safe
This is invisible because the timings make it excessively difficult to
hit, but the Makefile is inherently flawed for parallel build, as it
contains:

    $(objects): atsc_psip_section.c atsc_psip_section.h

    atsc_psip_section.c atsc_psip_section.h:
        perl section_generate.pl atsc_psip_section.pl

and the perl script section_generate.pl will create both the .c and .h
files in one go, but given the construct above, there can be two such
script that run in parallel, which can clobber the generated .c and/or
.h files.

So, make dvb-apps a MAKE1 package.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ba6796c7cc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-27 23:53:36 +01:00
Peter Korsgaard 22b996fef0 ffmpeg: bump version to 3.2.9
Fixes a number of bugs, including integer/buffer overflows:

https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.2.9

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-27 12:06:25 +01:00
Gaël PORTAY ac82b697a1 qt5webkit: fix URL for 5.6 download
The Qt community releases are not stored under submodules path
component.

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7780cef535)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-27 12:04:15 +01:00
Bernd Kuhls bf28669487 linux-headers: bump 3.{2, 10}.x and 4.{1, 4, 9, 13}.x series
[Peter: drop 4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1b7b005313)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-27 11:09:41 +01:00
Romain Naour d01f300db3 package/google-breakpad: replace references to 'struct ucontext' with 'ucontext_t'
In glibc, since
https://sourceware.org/git/?p=glibc.git;h=251287734e89a52da3db682a8241eb6bccc050c9
the 'struct ucontext' tag has been replaced with 'struct ucontext_t'.
The tag itself is anyway not POSIX - only the 'ucontext_t' typedef is
specified. And that type has existed since at least 1997 in glibc.

Therefore, replace references to 'struct ucontext' with 'ucontext_t',
which works in all versions of glibc, uClibc and musl.

Fixes:
[arm]     http://autobuild.buildroot.net/results/6380341dbb6c114e4452c5cda37da6b44b80d178
[aarch64] http://autobuild.buildroot.net/results/4ecf770df7c984a62082d59f8fab632d3efbe06b
[mipsel]  http://autobuild.buildroot.net/results/e1473a12cf38ccf4dd3ed0f26a8ff9e6b57f0810

Signed-off-by: Romain Naour <romain.naour@gmail.com>
[Arnout: improve commit message]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit ca4009fc24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-27 11:03:59 +01:00
Bernd Kuhls 506a4991ca linux-headers: bump 4.{4, 9, 13}.x series
[Peter: drop 4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ee6840166f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-27 10:59:28 +01:00
Peter Seiderer 2183dc9463 localedef: fix xlocale.h related compile failure
Add upstream patch 'Don't include <xlocale.h>'.

Fixes Bug-10501 ([1]):

In file included from ./include/locale.h:1:0,
                 from /usr/include/libintl.h:103,
                 from ./include/libintl.h:2,
                 from glibc/locale/programs/charmap.c:25:
glibc/locale/locale.h:146:11: fatal error: xlocale.h: No such file or directory
 # include <xlocale.h>

[1] https://bugs.busybox.net/show_bug.cgi?id=10501

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d5cc76c531)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-27 10:50:23 +01:00
Peter Korsgaard 520e584c48 samba4: security bump to version 4.5.15
Fixes the following security issues:

- CVE-2017-14746:
  All versions of Samba from 4.0.0 onwards are vulnerable to a use after
  free vulnerability, where a malicious SMB1 request can be used to
  control the contents of heap memory via a deallocated heap pointer. It
  is possible this may be used to compromise the SMB server.

- CVE-2017-15275:
  All versions of Samba from 3.6.0 onwards are vulnerable to a heap
  memory information leak, where server allocated heap memory may be
  returned to the client without being cleared.

  There is no known vulnerability associated with this error, but
  uncleared heap memory may contain previously used data that may help
  an attacker compromise the server via other methods. Uncleared heap
  memory may potentially contain password hashes or other high-value
  data.

For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.5.15.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-27 10:47:51 +01:00
Thomas Petazzoni 7fd4596d39 libfastjson: indicate explicitly which gcc -std option to use
This commit fixes the following build issue of libfastjson with old
enough compilers (4.8) and wchar disabled:

json_object.c: In function 'fjson_object_object_delete':
json_object.c:385:3: error: 'for' loop initial declarations are only allowed in C99 mode
   for (int i = 0 ; i < FJSON_OBJECT_CHLD_PG_SIZE ; ++i) {
   ^

The code of libfastjson requires C99. If your compiler is recent
enough (gcc 5.x), then no problem, it is C99 by default, no additional
flags are needed.

If your compiler is older (for example gcc 4.8), then -std=c99 or
-std=gnu99 is explicitly needed to tell the compiler to accept C99
constructs. Testing the compiler for the availability of such flags is
done by libfastjson configure script. However, the test program used
by the configure script uses some wchar_t types, and therefore the
test checking for C99 availability fails on toolchains with wchar
disabled. From config.log:

configure:3928: checking for /home/test/buildroot/output/host/usr/bin/i586-buildroot-linux-uclibc-gcc option to accept ISO C99
[...]
configure:4077: /home/test/buildroot/output/host/usr/bin/i586-buildroot-linux-uclibc-gcc -std=gnu99 -c -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -Os  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
conftest.c:54:3: error: unknown type name 'wchar_t'
   const wchar_t *name;
   ^

So, just like we did in libv4l in commit
f01396a158 ("libv4l: fix uclibc-ng
configure/compile"), let's hint directly the configure script that it
should use -std=gnu99. This fixes the build of libfastjson with old
compilers and wchar disabled.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 90430237cc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-27 10:34:58 +01:00
Peter Korsgaard 86fc36173f qt5webkit: correct download URL and hash for 5.6 variant
Commit 06a4975d4b (qt5: bump LTS version to 5.6.3) added an empty hash
for the 5.6.3 variant of qt5webkit, causing failures.

It also forgot to adjust the download URL as the qt5webkit tarballs are no
longer available under official_releases/ like the other submodules, but only
under community_releases/.

Fix both issues.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d4a119ccc4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-27 10:31:55 +01:00
Adam Duskett 867f1b7320 libpjsip: fix ssl support
Currently, ssl support is implicitely disabled in the initial configure
options. This overrides the check for openssl below.

libpjsip is also currently only compatible with libopenssl. Change
the check to LIBOPENSSL instead of openssl, and depend on libopenssl.

[Peter: drop libopenssl change]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9e479e65dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 23:13:50 +01:00
Bernd Kuhls e1e3a781b5 linux-headers: bump 4.{4, 9, 13}.x series
[Peter: drop 4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5962717eb4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:42:29 +01:00
Bernd Kuhls 843f396a24 package/x11r7/xapp_xdriinfo: fix libgl dependency
Fixes
"mesa3d is in the dependency chain of xapp_xdriinfo that has added it
 to its _DEPENDENCIES variable without selecting it or depending on it
 from Config.in."
http://autobuild.buildroot.net/results/d8a/d8aeed2f64e21a277eb0bc5dc08d2339a14c682e/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6d97e73257)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:37:17 +01:00
Luca Ceresoli a706b10c7b libpjsip: fix static build failures due to name clash
Several packages have a similar md5.c file, and each has a function
named byteReverse(). This generates link errors when building
statically ("multiple definition of `byteReverse'").

Fix by applying a patch from upstream:
  https://trac.pjsip.org/repos/changeset/5688

Fixes:
  http://autobuild.buildroot.org/results/5d7/5d72e0f8517a555399978d5a0e9f7efd0a278189/
  http://autobuild.buildroot.org/results/c47/c47ccbb9b40011cf0d79c7040bed061ddefd9629/
  http://autobuild.buildroot.org/results/419/419ab2c0e034cc68991281c51caa8271b0fadbab/

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8d44fb6608)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:35:47 +01:00
Peter Korsgaard 45a3980c1b ruby: security bump to version 2.4.2
Fixed the following security issues:

CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON

For more details, see the release notes:
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/

Drop now upstreamed rubygems patches and add hashes for the license files
while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f2c3530541)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:32:42 +01:00
Bernd Kuhls 331edb02ba package/imagemagick: security bump to version 7.0.7-10
Version 7.0.7-3 fixes CVE-2017-15218:
Stop potential leaks in the JNG decoder

Changelog: https://www.imagemagick.org/script/changelog.php

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3c8dc54293)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:31:25 +01:00
Fabrice Fontaine 63c9553a2f mesa3d: fix build with BR2_SHARED_STATIC_LIBS
mesa3d does not allow to enable both static and shared libraries so if
BR2_SHARED_STATIC_LIBS is set, disable static

Fixes https://bugs.busybox.net/show_bug.cgi?id=10326

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dd09d500aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:29:12 +01:00
Alex Suykov 720c192ae3 vboot-utils: fix ARCH detection
The package includes some target-specific code that is irrelevant
in a host package but gets built anyway. The target for this code
must be one of the supported ChromeOS targets.

Supplied Makefile apparently relies on the environment to provide
a valid target, with a simple fallback to host arch. This breaks
the build if no value is provided and the host arch is not among
the supported ones.

Should fix
http://autobuild.buildroot.net/results/d118a83b6c4f7f910d0d44c279f36251d7ba29e8/
and similar failures.

Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bbb25c3ad7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:28:17 +01:00
Adam Duskett a680850a74 snmp++: security bump to v3.3.10
>From the changelong:
Set the FD_CLOEXEC flag on sockets, so they are not "leaked" to
spawned processes

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6be1631bf2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:26:55 +01:00
Andrey Smirnov 5c81ad144b package/collectd: Specify FP layout based on endianness
Big-endian CPUs store floating point as big endian (at lest majority
of them do), so, in order for 'network' plugin to work correctly (and
potentially any user of htond() in collectd's codebase),
--with-fp-layout=endianflip as opposed to --with-fp-layout=nothing
needs to be specified during configuration phase.

Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bdd8475b90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:25:30 +01:00
Peter Korsgaard 7c83f9db9b postgresql: security bump to version 9.6.6
Fixes the following security issues:

CVE-2017-12172: Start scripts permit database administrator to modify
root-owned files.

CVE-2017-15098: Memory disclosure in JSON functions.

CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT
privileges.

See the announcement for more details:
https://www.postgresql.org/about/news/1801/

While we're at it, also add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b97353f2b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:23:06 +01:00
Adrian Perez de Castro 18ee901e2f webkitgtk: security bump to version 2.18.3
This is a maintenance release of the current stable WebKitGTK+ version,
which contains a minor rendering fix, another for the WebDriver
implementation, and security fixes for CVE-2017-13798, CVE-2017-13788,
and CVE-2017-13803.

Release notes:

    https://webkitgtk.org/2017/11/10/webkitgtk2.18.3-released.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5ff18880e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:21:40 +01:00
Adam Duskett bfc45524dd libpjsip: security bump to 2.7.1
Also add hash for license file

See release notes for details:
https://trac.pjsip.org/repos/milestone/release-2.7.1

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4bdc4e492b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:20:06 +01:00
Adam Duskett 6031a0634b libpjsip: bump to 2.7
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0f6dacb37a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:19:48 +01:00
Fabio Estevam fd9bcdac97 linux-headers: bump 4.{4, 9, 13}.x series
[Peter: drop 4.13.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2aa12565d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:12:34 +01:00
André Hentschel abc86f9a4b wireshark: bump version to 2.2.10 (security)
Security fixes since 2.2.7:

- wnpa-sec-2017-22
  Bazaar dissector infinite loop (Bug 13599) CVE-2017-9352
- wnpa-sec-2017-23
  DOF dissector read overflow (Bug 13608) CVE-2017-9348
- wnpa-sec-2017-24
  DHCP dissector read overflow (Bug 13609, Bug 13628) CVE-2017-9351
- wnpa-sec-2017-25
  SoulSeek dissector infinite loop (Bug 13631) CVE-2017-9346
- wnpa-sec-2017-26
  DNS dissector infinite loop (Bug 13633) CVE-2017-9345
- wnpa-sec-2017-27
  DICOM dissector infinite loop (Bug 13685) CVE-2017-9349
- wnpa-sec-2017-28
  openSAFETY dissector memory exhaustion (Bug 13649) CVE-2017-9350
- wnpa-sec-2017-29
  BT L2CAP dissector divide by zero (Bug 13701) CVE-2017-9344
- wnpa-sec-2017-30
  MSNIP dissector crash (Bug 13725) CVE-2017-9343
- wnpa-sec-2017-31
  ROS dissector crash (Bug 13637) CVE-2017-9347
- wnpa-sec-2017-32
  RGMP dissector crash (Bug 13646) CVE-2017-9354
- wnpa-sec-2017-33
  IPv6 dissector crash (Bug 13675) CVE-2017-9353
- wnpa-sec-2017-13
  WBMXL dissector infinite loop (Bug 13477, Bug 13796) CVE-2017-7702, CVE-2017-11410
  Note: This is an update for a fix in Wireshark 2.2.6 and 2.0.12.
- wnpa-sec-2017-28
  openSAFETY dissector memory exhaustion (Bug 13649, Bug 13755) CVE-2017-9350, CVE-2017-11411
  Note: This is an update for a fix in Wireshark 2.2.7.
- wnpa-sec-2017-34
  AMQP dissector crash. (Bug 13780) CVE-2017-11408
- wnpa-sec-2017-35
  MQ dissector crash. (Bug 13792) CVE-2017-11407
- wnpa-sec-2017-36
  DOCSIS infinite loop. (Bug 13797) CVE-2017-11406
- wnpa-sec-2017-38
  MSDP dissector infinite loop (Bug 13933)
- wnpa-sec-2017-39
  Profinet I/O buffer overrun (Bug 13847)
- wnpa-sec-2017-41
  IrCOMM dissector buffer overrun (Bug 13929)

Full release notes:

  https://www.wireshark.org/docs/relnotes/wireshark-2.2.10.html

Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 708316f49f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:09:46 +01:00
Vicente Olivert Riera 5630491a81 wireshark: bump version to 2.2.7 (security)
Security fixes:

- wnpa-sec-2017-22
  Bazaar dissector infinite loop (Bug 13599) CVE-2017-9352
- wnpa-sec-2017-23
  DOF dissector read overflow (Bug 13608) CVE-2017-9348
- wnpa-sec-2017-24
  DHCP dissector read overflow (Bug 13609, Bug 13628) CVE-2017-9351
- wnpa-sec-2017-25
  SoulSeek dissector infinite loop (Bug 13631) CVE-2017-9346
- wnpa-sec-2017-26
  DNS dissector infinite loop (Bug 13633) CVE-2017-9345
- wnpa-sec-2017-27
  DICOM dissector infinite loop (Bug 13685) CVE-2017-9349
- wnpa-sec-2017-28
  openSAFETY dissector memory exhaustion (Bug 13649) CVE-2017-9350
- wnpa-sec-2017-29
  BT L2CAP dissector divide by zero (Bug 13701) CVE-2017-9344
- wnpa-sec-2017-30
  MSNIP dissector crash (Bug 13725) CVE-2017-9343
- wnpa-sec-2017-31
  ROS dissector crash (Bug 13637) CVE-2017-9347
- wnpa-sec-2017-32
  RGMP dissector crash (Bug 13646) CVE-2017-9354
- wnpa-sec-2017-33
  IPv6 dissector crash (Bug 13675) CVE-2017-9353

Full release notes:

  https://www.wireshark.org/docs/relnotes/wireshark-2.2.7.html

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c87443e65e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:09:38 +01:00
Arnout Vandecappelle (Essensium/Mind) db87bb911f gstreamer: needs dynamic libraries
Fixes:
http://autobuild.buildroot.net/results/49d/49dcec0bd2f3bb78c18675a9fa5c9c53cc183fd2/

g_cclosure_marshal_VOID__VOID is defined both in libgobject.a and
libgstreamer.a. It is probably possible to fix this, but gstreamer0.10
has been deprecated for a long time now and is anyway unlikely to be
used in static-only situations, so let's just require dynamic linking.

Propagate to the reverse dependencies. opencv3 already did depend on
dynamic libs.

[Peter: add autobuild reference]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0eee5465e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 22:00:17 +01:00
Yann E. MORIN cf7e1c1e9e suport/download: force svn to be non-interactive
Fixes:
    http://autobuild.buildroot.org/results/2af/2af7412846c576089f8596857ab8c81ac31c1bed/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: André Hentschel <nerv@dawncrow.de>
Reviewed-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4013f11a5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 21:57:21 +01:00
Thomas Petazzoni b1c134376a libglib2: needs autoreconf
Patch 0002-disable-tests.patch modifies Makefile.am, so we have to
autoreconf. It hasn't been seen until now, but becomes very clear
since the bump of automake to 1.15.1, as we're seeing build failures
such as:

configure.ac:66: error: version mismatch.  This is Automake 1.15.1,
configure.ac:66: but the definition used by this AM_INIT_AUTOMAKE
configure.ac:66: comes from Automake 1.15.  You should recreate
configure.ac:66: aclocal.m4 with aclocal and run automake again.

Fixes:

  http://autobuild.buildroot.net/results/3402357d8e90f1866dfeaee7bb61119d80dc8bcb/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 45fbec12e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 21:37:04 +01:00
Bernd Kuhls 3af4f64c08 package/libplist: needs threads
Upstream added a mandatory pthread check:
https://github.com/libimobiledevice/libplist/commit/eec2e855b4f192cb1808d1f02b6bc8935a979025

Fixes
http://autobuild.buildroot.net/results/863/863bb43db222f8e63d60b1fc4a53299575727de1/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dbd9915caa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 21:27:18 +01:00
Bernd Kuhls 4a806020cb package/libplist: security bump to version 2.0.0
Release notes:
https://github.com/libimobiledevice/libplist/blob/master/NEWS

This version bump fixes
  * CVE-2017-6440
  * CVE-2017-6439
  * CVE-2017-6438
  * CVE-2017-6437
  * CVE-2017-6436
  * CVE-2017-6435
  * CVE-2017-5836
  * CVE-2017-5835
  * CVE-2017-5834
  * CVE-2017-5545
  * CVE-2017-5209
... and several others that didn't receive any CVE (yet).

The dependency to libxml2 was removed.
Autoreconf is not needed anymore, the upstream tarball includes a
configure script.

[Peter: also drop host-pkgconf dependency, only used for cython]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 4c38202487)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 21:27:15 +01:00
Peter Korsgaard 4063c447fe luajit: only available on x86(-64) hosts
The -m32 compiler flag is used for 32bit builds and host-luajit has
limited architecture support. Building for a 32-bit target on a 32-bit
host should always work, but we haven't tested that and it's very
unlikely that someone needs it. So just limit to x86(-64) hosts.

Fixes:
http://autobuild.buildroot.net/results/5f5b5edb058efe976c003678e21bcc28a87cc828/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Arnout: clarify that it might work on 32-bit hosts for a 32-bit target]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit 9b9347ee9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 21:20:27 +01:00
Peter Korsgaard 7b3729439d ti-gfx: only available on x86(-64) hosts
ti-gfx is provided as a x86 self extracting executable, so it is only
available on x86(-64) hosts.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e480e88169)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 21:18:30 +01:00
Matt Weber 3431ca2cd4 python-config.sh: don't reassign ${prefix}
When prefix is set to a path like /usr during crossbuild
the sed operations end up executing twice, once for the prefix
reassignment and another for includedir if it is set as a string
including the ${prefix} variable.  This results in an issue
when the build directory is under /usr.

This patch updates the remaining location which uses the prefix
variable to also sed and update to use the real path.

Upstream bug report:
https://bugs.python.org/issue31713

Buildroot bug:
https://bugs.busybox.net/show_bug.cgi?id=10361

Fixes failures like the following:
dbus-python-1.2.4 | NOK | http://autobuild.buildroot.net/results/758858efa97b6273c1b470513f5492258a6d8853

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Arnout: refer to autobuild failures that still exist]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit 04d1699ba4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 20:56:36 +01:00
Yann E. MORIN 7952623621 core/reproducible: do not override SOURCE_DATE_EPOCH
SOURCE_DATE_EPOCH is currently forcibly set (to either the git commit
date, or the last release date).

However, the spec mandates that it should not be modified if already
set: https://reproducible-builds.org/specs/source-date-epoch/

    Build systems MUST NOT overwrite this variable for child
    processes to consume if it is already present.

Abide by the rule, and only set it if not already set.

This will allow users to pass it from an upper-layer buildsystem (e.g. a
jenkins or gitlab-ci job, for example), when they have a reson to do so.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Reported-by: Einar Jón Gunnarsson <tolvupostur@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Einar Jón Gunnarsson <tolvupostur@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0437d2f8f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 20:49:19 +01:00
Bernd Kuhls e6c01fe3bb package/openssl: security bump to version 1.0.2m
Fixes the following CVEs:
bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)

Release notes: https://www.openssl.org/news/secadv/20171102.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 63023c407f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 20:11:13 +01:00
Bernd Kuhls 88454ec6e2 package/openssl: bump verstion to 1.0.2l
According to https://www.openssl.org/news/newslog.html this release
does not contain security fixes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0b4f96335b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 20:03:54 +01:00
Fabio Estevam 65c4e391c7 linux-headers: bump 4.{4, 9, 13}.x series
[Peter: drop 4.13.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 64b0cd16dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 10:33:20 +01:00
Matt Weber 819cf70954 argp-standalone: fix build with gcc 7.x
Back in commit a662ff7e79
("package/argp-standalone: Fix build with c99 compilers"), we fixed
the build of argp-standalone with compilers defaulting to C99 inline
semantics, i.e starting from gcc 5.x.

This was done as part of a patch that used "inline" instead of "extern
inline". However, using "inline" once again broke the build with gcc
7.x. To fix this, revert back to using just "extern inline" (hence
removing a patch of patch 0003-fix_build_with_c99_compilers.patch) and
instead use -fgnu89-inline in the CFLAGS.

See https://gcc.gnu.org/gcc-5/porting_to.html for more details.

Fixes:

  http://autobuild.buildroot.net/results/a9cedc54829b7bd2dd7ae6ff2bd6c6db242f1c35/

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: also drop the patch of
0003-fix_build_with_c99_compilers.patch that is no longer needed.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit f0b65bd90c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 10:16:29 +01:00
Peter Korsgaard f47ba21946 quagga: add upstream security fix for CVE-2017-16227
>From the advisory:
http://www.openwall.com/lists/oss-security/2017/10/30/4

It was discovered that the bgpd daemon in the Quagga routing suite does
not properly calculate the length of multi-segment AS_PATH UPDATE
messages, causing bgpd to drop a session and potentially resulting in
loss of network connectivity.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d77d7220a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 10:12:54 +01:00
Peter Korsgaard 254bcfee18 openssh: fix getpagesize() related static linking issue
Fixes:
http://autobuild.buildroot.net/results/8cc/8cc30818a400c7a392a3de787cabc9cd8425495f/

The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in
config.h, but bsd-getpagesize.c forgot to include includes.h (which
indirectly includes config.h) so the checks always fails, causing linker
issues when linking statically on systems with getpagesize().

Fix it by including includes.h.

Patch submitted upstream:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-October/036413.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit cc856401e8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 10:11:48 +01:00
Baruch Siach 7a21a995f9 apr-util: security bump to version 1.6.1
Fixes CVE-2017-12618: Out-of-bounds access in corrupted SDBM database.

Switch to bz2 compressed tarball.

Use upstream provided SHA256 hash.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1d3c611dee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 09:19:39 +01:00
Baruch Siach 2da6c49e0b apr: security bump to version 1.6.3
Fixes CVE-2017-12613: Out-of-bounds array deref in apr_time_exp*()
functions.

Use upstream provided SHA256 hash.

Add license has.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c91981a985)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 09:18:49 +01:00
Adam Duskett 4f0eeb2ddd apr: bump version to 1.6.2
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d56868011b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 09:18:37 +01:00
Bernd Kuhls 3d5f3769dc package/apr: bump version to 1.5.2
Rebased patch 0001 and changed _SOURCE to .tar.bz2.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 614da9ef8a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 09:18:28 +01:00
Scott Ellis e22c1848bf package/python-pyqt5: fix build with Qt 5.6.3
This commit adds 5_6_3 to the Timeline patch that fixed the build with
Qt 5.6.2.

Signed-off-by: Scott Ellis <scott@jumpnowtek.com>
[Thomas: adjust patch existing patch description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit 063b2a8121)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-26 09:09:45 +01:00
Peter Seiderer 12b7130bc5 qt5: bump LTS version to 5.6.3
qt5base:
  - move hash file to 5.6.3
  - move 0001-eglfs-rasp-pi-header-inclusion.patch to 5.6.3
  - remove 0002-eglfs-fix-eglfs_mali-compile-for-odroid-mali.patch (upstream committed [1])

qt5declarative:
  - move patches to 5.6.3

qt5quickcontrols2:
  - move hash file to 5.6.3

qt5webkit:
  - move patches to 5.6.3

[1] http://code.qt.io/cgit/qt/qtbase.git/commit/?h=5.6&id=f1b4bd4790860e1ff5afcec111a359bc3a91cfda

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 06a4975d4b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-15 21:36:32 +01:00
Peter Korsgaard 05a2e38af2 Update for 2017.02.7
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 20:55:26 +02:00
Peter Korsgaard dce5ba6dcb Revert "musl: add upstream security fix for CVE-2017-15650"
This reverts commit 5a9013c6d1.

This patch was already added by commit 4c05a1fd66, no need to add it
twice.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 20:47:31 +02:00
Peter Korsgaard 8232ff1ed3 wget: add optional zlib support
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aff7673602)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 19:47:09 +02:00
Peter Korsgaard a34098ccc2 wget: security bump to version 1.19.2
Fixes the following security issues:

CVE-2017-13089: The http.c:skip_short_body() function is called in some
circumstances, such as when processing redirects.  When the response is sent
chunked, the chunk parser uses strtol() to read each chunk's length, but
doesn't check that the chunk length is a non-negative number.  The code then
tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but
ends up passing the negative chunk length to connect.c:fd_read().  As
fd_read() takes an int argument, the high 32 bits of the chunk length are
discarded, leaving fd_read() with a completely attacker controlled length
argument.

CVE-2017-13090: The retr.c:fd_read_body() function is called when processing
OK responses.  When the response is sent chunked, the chunk parser uses
strtol() to read each chunk's length, but doesn't check that the chunk
length is a non-negative number.  The code then tries to read the chunk in
pieces of 8192 bytes by using the MIN() macro, but ends up passing the
negative chunk length to retr.c:fd_read().  As fd_read() takes an int
argument, the high 32 bits of the chunk length are discarded, leaving
fd_read() with a completely attacker controlled length argument.  The
attacker can corrupt malloc metadata after the allocated buffer.

Drop now upstreamed patch and change to .tar.lz as .tar.xz is no longer
available.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 86eb94636e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 19:46:54 +02:00
Bernd Kuhls 4a4d8f7258 linux-headers: bump 4.{4, 9, 13}.x series
[Peter: drop 4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ec2851f4b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 19:44:31 +02:00
Adrian Perez de Castro f34e9d9f6e webkitgtk: security bump to version 2.18.2
This is a maintenance release of the current stable WebKitGTK+ version,
which contains bugfixes; mostly for crashes and rendering issues, plus
one important fix for the layout or Arabic text.

Release notes:

    https://webkitgtk.org/2017/10/27/webkitgtk2.18.2-released.html

Even though an acconpanying security advisory has not been published
for this release, the release contains fixes for several crashes (one
of them for the decoder of the very common GIF image format), which
arguably can be considered potential security issues.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e3459fd9c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 19:43:01 +02:00
Peter Korsgaard f0fb2d244d openssh: security bump to version 7.6p1
Fixes CVE-2017-15906 - The process_open function in sftp-server.c in OpenSSH
before 7.6 does not properly prevent write operations in readonly mode,
which allows attackers to create zero-length files.

For more details, see the release notes:
https://www.openssh.com/txt/release-7.6

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 70663a9a4f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 19:41:15 +02:00
Thomas Petazzoni 701f943d20 openssh: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4e7522aacd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 19:41:05 +02:00
Peter Korsgaard 58ea6ad528 redis: bump to version 3.2.11
3.2.11 fixes important issues. From the release notes:

================================================================================
Redis 3.2.11     Released Thu Sep 21 15:47:53 CEST 2017
================================================================================

Upgrade urgency HIGH: Potentially critical bugs fixed.

AOF flush on SHUTDOWN did not cared to really write the AOF buffers
(not in the kernel but in the Redis process memory) to disk before exiting.
Calling SHUTDOWN during traffic resulted into not every operation to be
persisted on disk.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 751cd4cfab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 19:05:11 +02:00
Vicente Olivert Riera 7e10bd4825 redis: bump version to 3.2.9
Remove sha1 hash. Upstream provides now a sha256 hash.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 34761b2c40)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 19:05:05 +02:00
Peter Korsgaard 17a169042e sdl2: security bump to version 2.0.7
Fixes CVE-2017-2888 - An exploitable integer overflow vulnerability exists
when creating a new RGB Surface in SDL 2.0.5.  A specially crafted file can
cause an integer overflow resulting in too little memory being allocated
which can lead to a buffer overflow and potential code execution.  An
attacker can provide a specially crafted image file to trigger this
vulnerability.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 07a9f0200c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 19:02:42 +02:00
Peter Korsgaard 2bcace3da7 sdl2: explicitly disable raspberry pi video backend
Fixes:
http://autobuild.buildroot.net/results/d59/d5992dcc9a49ee77afaebdcc9448ac1868fa7de1/
http://autobuild.buildroot.net/results/e89/e894f21ce1983ee3bd8d65a8e59e1adab9a62707/

The configure script automatically enables support for the raspberry pi
video backend if it detects the rpi-userland package.  Unfortunately it
hardcodes a number of include/linker paths unsuitable for cross compilation,
breaking the build:

    if test x$enable_video = xyes -a x$enable_video_rpi = xyes; then
..
     RPI_CFLAGS="-I/opt/vc/include -I/opt/vc/include/interface/vcos/pthreads -I/opt/vc/include/interface/vmcs_host/linux"
     RPI_LDFLAGS="-L/opt/vc/lib -lbcm_host"
    fi

So explicitly disable it until the configure script is fixed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3a798acf23)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 19:02:21 +02:00
Olivier Schonken 7da3340081 sdl2: Bump version to 2.0.6
Bump version and remove patches that were merged upstream

Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3800932386)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 18:58:51 +02:00
Peter Korsgaard f87be52921 libcurl: security bump to version 7.56.1
Fixes CVE-2017-1000257 - IMAP FETCH response out of bounds read

https://curl.haxx.se/docs/adv_20171023.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 62d4dd2999)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-26 15:15:24 +02:00
Peter Korsgaard 2fbb653713 irssi: security bump to version 1.0.5
Fixes the following security issues:

(a) When installing themes with unterminated colour formatting
    sequences, Irssi may access data beyond the end of the
    string. (CWE-126) Found by Hanno Böck.

    CVE-2017-15228 was assigned to this issue.

(b) While waiting for the channel synchronisation, Irssi may
    incorrectly fail to remove destroyed channels from the query list,
    resulting in use after free conditions when updating the state
    later on. Found by Joseph Bisch. (CWE-416 caused by CWE-672)

    CVE-2017-15227 was assigned to this issue.

(c) Certain incorrectly formatted DCC CTCP messages could cause NULL
    pointer dereference. Found by Joseph Bisch. This is a separate,
    but similar issue to CVE-2017-9468. (CWE-690)

    CVE-2017-15721 was assigned to this issue.

(d) Overlong nicks or targets may result in a NULL pointer dereference
    while splitting the message. Found by Joseph Bisch. (CWE-690)

    CVE-2017-15723 was assigned to this issue.

(e) In certain cases Irssi may fail to verify that a Safe channel ID
    is long enough, causing reads beyond the end of the string. Found
    by Joseph Bisch. (CWE-126)

    CVE-2017-15722 was assigned to this issue.

For more details, see the advisory:
https://irssi.org/security/irssi_sa_2017_10.txt

While we're at it, also add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a9a4ec0dcc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-26 15:14:45 +02:00
Peter Korsgaard 98bd08f603 nodejs: security bump to version 6.11.5
Fixes CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
error to be raised when a raw deflate stream is initialized with windowBits
set to 8.  On some versions this crashes Node and you cannot recover from
it, while on some versions it throws an exception.  Node.js will now
gracefully set windowBits to 9 replicating the legacy behavior to avoid a
DOS vector.

For more details, see the announcement:
https://nodejs.org/en/blog/vulnerability/oct-2017-dos/

Drop 0002-inspector-don-t-build-when-ssl-support-is-disabled.patch as that
is now upstream:

https://github.com/nodejs/node/commit/ba23506419

And refresh the other patches.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-26 13:24:57 +02:00
Bernd Kuhls d2bad2d079 linux-headers: bump 4.{4, 9, 13}.x series
[Peter: drop 4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f7479f4c81)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:39:54 +02:00
Bernd Kuhls e8af016894 linux-headers: bump 4.{1, 4, 9, 13}.x series
[Peter: drop 4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 60e3da602d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:38:42 +02:00
Mauro Condarelli d9ecca758b libffi: add patch to fix MIPS support
Building Python 3.x on MIPS with musl fails because the libffi code
uses a "#ifdef linux" test to decide if we're building on Linux or
not. When building with -std=c99, "linux" is not defined, so instead
of including <asm/sgidefs.h>, libffi's code tries to include
<sgidefs.h>, which doesn't exist on musl.

The right fix is to use __linux__, which is POSIX compliant, and
therefore defined even when -std=c99 is used.

Note that glibc and uClibc were not affected because they do provide a
<sgidefs.h> header in addition to the <asm/sgidefs.h> one.

Signed-off-by: Mauro Condarelli <mc5686@mclink.it>
[Thomas: reformat patch with Git, add a better commit log and description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit 4852f05907)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:33:51 +02:00
Alfredo Alvarez Fernandez 572ec0fc93 Add DEPENDENCIES_HOST_PREREQ to the list of packages
That way packages included in that list like ccache will also be
regarded as a normal packages for targets like external-deps,
show-targets or legal-info

Signed-off-by: Alfredo Alvarez Fernandez <alfredo.alvarez_fernandez@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 862b76cfef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:33:16 +02:00
Alfredo Alvarez Fernandez 37a757038e dependencies: always use HOSTCC_NOCACHE for DEPENDENCIES_HOST_PREREQ
Currently, HOSTCC and HOSTCXX are set to their _NOCACHE variants in the
'dependencies' target. This is needed because at that time, ccache is
not built yet - host-ccache is one of the dependencies. However, because
this override is only specified for the 'dependencies' target (and
thereby gets inherited by its dependencies), the override is only
applied when the package is reached through the 'dependencies' target.
This is not the case when one of DEPENDENCIES_HOST_PREREQ is built
directly from the command line, e.g. when doing 'make host-ccache'. So
in that case, ccache will be built with ccache... which fails of
course.

To fix this, directly apply the override to the DEPENCIES_HOST_PREREQ
targets.

Note that this only fixes the issue for 'make host-ccache', NOT for
e.g. 'make host-ccache-configure'.

Signed-off-by: Alfredo Alvarez Fernandez <alfredo.alvarez_fernandez@nokia.com>
[Arnout: improve commit message]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit 36d398ac30)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:33:04 +02:00
Peter Korsgaard 50dffb7d4a lame: security bump to version 3.100
Fixes the following security issues:

CVE-2017-9410: fill_buffer_resample function in libmp3lame/util.c heap-based
buffer over-read and ap

CVE-2017-9411: fill_buffer_resample function in libmp3lame/util.c invalid
memory read and application crash

CVE-2017-9412: unpack_read_samples function in frontend/get_audio.c invalid
memory read and application crash

Drop patches now upstream or no longer needed:

0001-configure.patch: Upstream as mentioned in patch description

0002-gtk1-ac-directives.patch: Upstream as mentioned in patch
description/release notes:

Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1.
This was transplanted back from aclocal.m4 with a patch provided by Andres
Mejia. This change makes it easy to regenerate autotools' files with a simple
invocation of autoconf -vfi.

0003-msse.patch: Not needed as -march <x86-variant-with-msse-support>
nowadays implies -msse.

With these removed, autoreconf is no longer needed.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7e3583dd55)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:32:15 +02:00
Peter Korsgaard 5a9013c6d1 musl: add upstream security fix for CVE-2017-15650
>From the upstream announcement:
http://www.openwall.com/lists/oss-security/2017/10/19/5

Felix Wilhelm has discovered a flaw in the dns response parsing for
musl libc 1.1.16 that leads to overflow of a stack-based buffer.
Earlier versions are also affected.

When an application makes a request via getaddrinfo for both IPv4 and
IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the
nameservers configured in resolv.conf can reply to both the A and AAAA
queries with A results. Since A records are smaller than AAAA records,
it's possible to fit more addresses than the precomputed bound, and a
buffer overflow occurs.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 209f42fd3a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:31:24 +02:00
Angelo Compagnucci f383d667e9 package/go: fix cross-compilation settings
This patch fixes a bug with the BR2_TOOLCHAIN_HAS_THREADS variable
handling which causes CGO_ENABLED to be always 0.

Furthermore, it fixes the cross compilation options for the go
compiler: setting CGO_ENABLED should be done only for the target
compiler not the host one.

Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Christian Stewart <christian@paral.in>
(cherry picked from commit 80ea21bc3c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:31:08 +02:00
Adrian Perez de Castro 4313bc4b45 webkitgtk: security bump to version 2.18.1
This is a maintenance release of the current stable WebKitGTK+ version,
which contains bugfixes (many of them related to rendering, plus one
important fix for touch input) and many security fixes.

Release notes:

    https://webkitgtk.org/2017/10/18/webkitgtk2.18.1-released.html

Fixes CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090,
CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094,
CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099,
CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107,
CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120,
CVE-2017-7142:

    https://webkitgtk.org/security/WSA-2017-0008.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6d623e7277)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-24 08:30:59 +02:00
Adrian Perez de Castro fdb7391ba8 webkitgtk: update to version 2.18.0
Release notes:
    https://webkitgtk.org/2017/09/11/webkitgtk2.18.0-released.html

No corresponding WebKit Security Advisory (WSA) has been published.

All patches have been applied upstream.

This also bumps the required target GCC version, due to the WebKit code
now using more modern C++ features which were introduced in version
5.x of the compiler.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[Arnout:
 - propagate dependency to midori;
 - mention in commit message why patches were removed.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 905b1ab5c2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-24 08:30:06 +02:00
Lothar Felten 103facc2f2 Config.in: fix help comment for gcc optimization
The default for is set to BR2_OPTIMIZE_S, the help comment designated
BR2_OPTIMIZE_0 as default.
Changed the help comment to show that BR2_OPTIMIZE_S is the default.

Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4e09fd8bde)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-24 08:20:55 +02:00
Peter Korsgaard 475000af0e xen: add upstream post-4.7.3 security fix for XSA-245
Fixes XA-245: ARM: Some memory not scrubbed at boot

https://xenbits.xenproject.org/xsa/advisory-245.html

Notice: Not applying XSA-237..244 as they are x86 only and have patch file
name conflicts between 2017.02.x and master.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-22 15:10:07 +02:00
Peter Korsgaard ace9345c96 busybox: add upstream post-1.26.2 fixes
Suggested-by: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-21 23:15:10 +02:00
Peter Korsgaard 4c05a1fd66 musl: add upstream security fix for CVE-2017-15650
>From the upstream announcement:
http://www.openwall.com/lists/oss-security/2017/10/19/5

Felix Wilhelm has discovered a flaw in the dns response parsing for
musl libc 1.1.16 that leads to overflow of a stack-based buffer.
Earlier versions are also affected.

When an application makes a request via getaddrinfo for both IPv4 and
IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the
nameservers configured in resolv.conf can reply to both the A and AAAA
queries with A results. Since A records are smaller than AAAA records,
it's possible to fit more addresses than the precomputed bound, and a
buffer overflow occurs.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-21 18:29:01 +02:00
Alexander Mukhin 457e09a2f8 wpa_supplicant: fix upstream URL
wpa_supplicant project URL has been changed to w1.fi/wpa_supplicant.
The old domain epitest.fi has expired.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 38e36cd0e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-19 16:59:21 +02:00
Peter Korsgaard 65f93a4f3f wpa_supplicant: add upstream security fixes
Fixes CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,
CVE-2017-13087, CVE-2017-13088:

http://lists.infradead.org/pipermail/hostap/2017-October/037989.html

[Peter: also add patch 0001 as suggested by Jörg Krause]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 57c0a485cc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-19 16:58:32 +02:00
Peter Korsgaard 35400f5661 hostapd: add upstream security fixes
Fixes CVE-2017-13082

http://lists.infradead.org/pipermail/hostap/2017-October/037989.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5259c5c805)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-19 16:56:50 +02:00
Romain Naour 842dbd20f0 toolchain-external: bump version of Linaro AArch64 toolchain to 2017.08
GDB has been updated to 8.0 version in the release.

https://releases.linaro.org/components/toolchain/binaries/6.4-2017.08

Tested with qemu_aarch64_virt_defconfig.

6.4-2017.08 includes several patches for glibc 2.23 mitigating
some of the "stack clash" vulnerabilities reported by Qualys.

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://git.linaro.org/toolchain/glibc.git/log/?h=linaro/2.23/master

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0365f41c87)
Signed-off-by: Marc Gonzalez <marc_gonzalez@sigmadesigns.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-16 09:18:19 +02:00
Romain Naour ef2798d8b0 toolchain-external: bump version of Linaro ARMeb toolchain to 2017.08
GDB has been updated to 8.0 version in the release.

https://releases.linaro.org/components/toolchain/binaries/6.4-2017.08

6.4-2017.08 includes several patches for glibc 2.23 mitigating
some of the "stack clash" vulnerabilities reported by Qualys.

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://git.linaro.org/toolchain/glibc.git/log/?h=linaro/2.23/master

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 90524c69f4)
Signed-off-by: Marc Gonzalez <marc_gonzalez@sigmadesigns.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-16 09:18:13 +02:00
Romain Naour dbf660aea8 toolchain-external: bump version of Linaro ARM toolchain to 2017.08
GDB has been updated to 8.0 version in the release.

https://releases.linaro.org/components/toolchain/binaries/6.4-2017.08

Tested with qemu_arm_vexpress_defconfig.

6.4-2017.08 includes several patches for glibc 2.23 mitigating
some of the "stack clash" vulnerabilities reported by Qualys.

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://git.linaro.org/toolchain/glibc.git/log/?h=linaro/2.23/master

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit aed5a0fcf7)
Signed-off-by: Marc Gonzalez <marc_gonzalez@sigmadesigns.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-16 09:18:03 +02:00
Romain Naour 7f7c6ea114 toolchain-external: bump Linaro AArch64 toolchain to 2017.02
Tested with qemu-2.7.1-2.fc25 and the qemu_aarch64_virt_defconfig

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 641fe0e392)
Signed-off-by: Marc Gonzalez <marc_gonzalez@sigmadesigns.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-16 09:17:37 +02:00
Romain Naour a3b9426194 toolchain-external: bump Linaro ARMeb toolchain to 2017.02
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 52f059f38d)
Signed-off-by: Marc Gonzalez <marc_gonzalez@sigmadesigns.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-16 09:17:12 +02:00
Romain Naour 6d3669070a toolchain-external: bump Linaro ARM toolchain to 2017.02
Tested with qemu-2.7.1-2.fc25 and the qemu_arm_vexpress_defconfig

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 075d26900b)
Signed-off-by: Marc Gonzalez <marc_gonzalez@sigmadesigns.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-16 09:16:53 +02:00
Luca Ceresoli 33156ba957 bzip2: fix passing of TARGET_MAKE_ENV to make
TARGET_MAKE_ENV is not passed to make because it is on a different
line without a backslash.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7690bc0335)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-15 23:08:35 +02:00
Fabio Estevam 334401cc8d linux-headers: bump 3.2.x and 4.{4, 9, 13}.x series
[Peter: drop 4.13.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2cd4c84586)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-15 23:07:27 +02:00
Peter Korsgaard fd49d225a3 libnss: security bump to version 3.33
Fixes CVE-2017-7805 - Martin Thomson discovered that nss, the Mozilla
Network Security Service library, is prone to a use-after-free vulnerability
in the TLS 1.2 implementation when handshake hashes are generated.  A remote
attacker can take advantage of this flaw to cause an application using the
nss library to crash, resulting in a denial of service, or potentially to
execute arbitrary code.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 746502418f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-15 23:03:45 +02:00
Baruch Siach ff4d2c18b6 libnss: bump to version 3.31
Fixes build with gcc 7.

https://hg.mozilla.org/projects/nss/rev/0dca14409fef

Fixes:
http://autobuild.buildroot.net/results/b71/b71e4e003ec5753708a07cfd04e3025c93f80e67/
http://autobuild.buildroot.net/results/66d/66d31923824d34df3b20a363a1346df1c00ae222/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b39e6dbed1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-15 23:03:33 +02:00
Peter Korsgaard 4720122d2c libnspr: bump version to 4.17
libnss 3.33 needs libnspr >= 4.17.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b136309324)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-15 23:02:14 +02:00
Baruch Siach 59af8829ae libnspr: bump to version 4.15
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f234748a48)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-15 23:01:59 +02:00
Bernd Kuhls 5ec89c79ee package/x11r7/xserver_xorg-server: security bump version to 1.19.5
Fixes

xfixes: unvalidated lengths (CVE-2017-12183)

Xi: fix wrong extra length check in ProcXIChangeHierarchy
 (CVE-2017-12178)

dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo
 (CVE-2017-12177)

Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e7713abf89)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-15 22:54:12 +02:00
Cam Hutchison e42b881a59 docs/manual: fix BR2_EXTERNAL path typo
Signed-off-by: Cam Hutchison <camh@xdna.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0c76d89e54)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-15 22:47:35 +02:00
Alexander Mukhin 4d63e4332d hostapd: fix upstream URL
hostapd project URL has been changed to w1.fi/hostapd.
The old domain epitest.fi has expired.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8a2396b90a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-15 22:11:52 +02:00
Thomas De Schampheleire 79da53917e support/kconfig: fix usage typo and align verb tenses
Fix typo 'selectes' -> 'selects'.
Additionally, change 'will exclude' to 'excludes' to align with 'selects'.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 787f4fee71)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-15 22:07:47 +02:00
Peter Korsgaard cd12cca54c xlib_libXfont{, 2}: add upstream security fixes
Fixes the following security issues:

CVE-2017-13720 - Check for end of string in PatternMatch

CVE-2017-13722 - pcfGetProperties: Check string boundaries

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 46a54b6464)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 22:26:42 +02:00
Bernd Kuhls dad64de907 package/iucode-tool: security bump to version 2.2
Version 2.1.1 fixed CVE-2017-0357:
https://gitlab.com/iucode-tool/iucode-tool/commit/657ce44ac462bcec35a3e12f9e7f53ca92ae62b7

Dropped IUCODE_TOOL_CONF_ENV after version 2.2 added a configure check
for libargp:
https://gitlab.com/iucode-tool/iucode-tool/commit/b14bed6771e7ab48371b272a0c68dd017767142a

Added hash for license file.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1462c07914)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 22:22:24 +02:00
Romain Naour a8c1ce2172 package/x11r7/xserver_xorg-server: rename patch directory after the last version bump
The last bump [1] forgot to rename the patch directory and remove
upstream patches.

We still need to fix the monotonic clock check which doesn't work
when cross-compiling.

[1] 436659c55f

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7cf8a08feb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 17:07:00 +02:00
Bernd Kuhls 2b5fe1c29e package/x11r7/xserver_xorg-server: security bump to version 1.19.4
Fixes CVE-2017-13721 & CVE-2017-13723:
https://lists.x.org/archives/xorg-announce/2017-October/002809.html

Added all hashes provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 436659c55f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 14:35:33 +02:00
Bernd Kuhls 0ccdc2c089 package/x11r7/xserver_xorg-server: glamor support needs egl
Glamor support in xserver_xorg-server depends on gbm:
https://cgit.freedesktop.org/xorg/xserver/tree/configure.ac#n2100

Gbm is provided by mesa3d only if egl is enabled:
https://git.buildroot.net/buildroot/tree/package/mesa3d/mesa3d.mk#n167

This patch adds libegl as additional prerequisite for enabling glamor
support in xserver_xorg-server.

Fixes
http://autobuild.buildroot.net/results/04d/04d93745d63fcfbea070c0126862b49f1b6f473e/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5b4bcbdafb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 14:35:13 +02:00
Romain Naour 521b95c13a package/x11r7/xserver_xorg-server: bump to version 1.19.3
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: fix hash file, as noticed by Bernd.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit f0772c92c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 14:31:38 +02:00
Bernd Kuhls a67eba5404 package/x11r7/xserver_xorg-server: bump version to 1.19.2
Changed _SITE according to URL mentioned in upstream release note.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d48cc32653)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 14:31:32 +02:00
Peter Korsgaard 42f38b057c libcurl: security bump to version 7.56.0
Drop upstreamed patch.

Fixes CVE-2017-1000254 - FTP PWD response parser out of bounds read:

https://curl.haxx.se/docs/adv_20171004.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9d95b93e5d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 14:27:26 +02:00
Baruch Siach b2609e56d6 libcurl: fix build without threads
When c-ares is not enabled libcurl enables the threaded DNS resolver by
default. Make sure the threaded resolvers is disabled when the toolchain
does not support threads.

Add upstream patch that fixes the configure option for disabling the
threaded resolver.

Fixes:
http://autobuild.buildroot.net/results/39f/39fa63fb2ecb75e4b2521d1ee3dfa357c4e5c594/
http://autobuild.buildroot.net/results/dfd/dfd296086d0d6bed73b92fe2fa4ba5434dddf796/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 10e998e7cc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 14:27:15 +02:00
Baruch Siach 6588353417 libcurl: bump to version 7.55.1
Drop upstream patch.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3f6c10df67)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 14:26:59 +02:00
Peter Korsgaard b7fb34cc88 qemu: change to .tar.xz format
And use the official download location.

Suggested-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b79547014d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 10:04:20 +02:00
Peter Korsgaard 37fa007ab6 qemu: security bump to version 2.8.1.1
Fixes the following security issues and adds a number of other bigfixes:

2.8.1: Changelog:
https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg06332.html

CVE-2017-2615 - display: cirrus: oob access while doing bitblt copy backward
mode

CVE-2017-2620 - display: cirrus: out-of-bounds access issue while in
cirrus_bitblt_cputovideo

CVE-2017-2630 - nbd: oob stack write in client routine drop_sync

2.8.1.1 Changelog:
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg03460.html

CVE-2017-7471 - 9p: virtfs allows guest to change filesystem attributes on
host

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit af0f2d2bbc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 10:03:26 +02:00
Thomas Petazzoni 12ff4e2348 qemu: fix user mode emulation build on ARM
This commit adds a patch that adjusts how the mcontext structure is used
on ARM with a uClibc C library.

Fixes:

  http://autobuild.buildroot.net/results/79900b22c190e883b6d9a3075e1286ec95840ae1/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 40c5fff466)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 10:02:54 +02:00
Andrey Yurovsky 6dee0734aa package: qemu: bump version to 2.8.0
This adds a CPU definition for the Cortex A7 along with improvements described
here: http://wiki.qemu-project.org/ChangeLog/2.8

Tested on an ARM Cortex A7 target (both target and host builds). The change log
does not describe any incompatible changes that would affect buildroot targets
as far as I am aware.

Signed-off-by: Andrey Yurovsky <yurovsky@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f56b13897b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 10:02:03 +02:00
Bernd Kuhls b1cb4d9ea9 linux-headers: bump 4.{4, 9, 13}.x series
[Peter: drop 4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 55a6159dcd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 08:51:37 +02:00
Evgeniy Didin 5648030f9a qt: Allow enabling of QtWebKit with GCC 6+
Building Qt with QtWebKit on configuration step there is
a check which disables QtWebKit build with GCC 6+.
Back in the day nobody thought about building Qt with GCC
version greater than 5.x. And now with modern GCCs like
6.x and 7.x this assumption gets in the way.

Given in Buildroot today we don't have GCC older than 4.9
it should be safe to remove now meaningless check completely
by adding patch to qt.

Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f95bb8562e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-14 08:49:42 +02:00
Baruch Siach ad0eab0037 dnsmasq: security bump to version 2.78
Supported Lua version is now 5.2.

Add licenses hash.

Fixes a number of security issues:

CVE-2017-13704 - Crash when DNS query exceeded 512 bytes (a regression
in 2.77, so technically not fixed by this bump)

CVE-2017-14491 - Heap overflow in DNS code

CVE-2017-14492 - Heap overflow in IPv6 router advertisement code

CVE-2017-14493 - Stack overflow in DHCPv6 code

CVE-2017-14494 - Information leak in DHCPv6

CVE-2017-14496 - Invalid boundary checks allows a malicious DNS queries
to trigger DoS

CVE-2017-14495 - Out-of-memory Dos vulnerability

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e77fdc90e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-03 10:08:59 +02:00
Peter Korsgaard 0c0b7006bd linux-headers: bump 3.18.x version to 3.18.72
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-29 10:03:27 +02:00
Peter Korsgaard de4be78ba1 git: security bump to version 2.12.5
Release notes:
https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-29 09:54:16 +02:00
Bernd Kuhls 48fb7bbdca package/openvpn: security bump to version 2.4.4
Fixes CVE-2017-12166:
https://community.openvpn.net/openvpn/wiki/CVE-2017-12166

Changelog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit aa070c802e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-29 09:50:10 +02:00
Bernd Kuhls dbc02af63b linux-headers: bump 4.{4, 9, 13}.x series
[Peter: drop 4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dd4dd79635)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-29 09:49:11 +02:00
Fabio Estevam 183c367ddc wandboard: genimage: Pass an offset for the rootfs
Pass an offset of 1MB for the start of the rootfs.

Otherwise we get rootfs corruption when the bootloader is manually
written to the SD card.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 82c1445fc4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-29 09:44:41 +02:00
Peter Korsgaard 8ee6c1d60e Update for 2017.02.6
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 22:17:59 +02:00
Baruch Siach 07ddb40567 libidn: fix build without makeinfo
Build fails when the makeinfo utility is not installed on the host.

Fixes:
http://autobuild.buildroot.net/results/dfd/dfdfb34ed81ba3a4b7a7271be482e75eca849dbf/
http://autobuild.buildroot.net/results/b33/b33c0b0e6b1033ab1d1294a91b869ee6adcd391a/
http://autobuild.buildroot.net/results/940/9401cc10f6da6a2e3453ebc65ce573c370733fb5/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f6227928cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 21:36:27 +02:00
Baruch Siach 46b07c8a87 libidn: add fix for CVE-2017-14062
Add upstream patch fixing CVE-2017-14062:

Integer overflow in the decode_digit function in puny_decode.c in
Libidn2 before 2.0.4 allows remote attackers to cause a denial of
service or possibly have unspecified other impact.

This issue also affects libidn.

Unfortunately, the patch also triggers reconf of the documentation
subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined
in doc/Makefile.am. Add autoreconf to handle that.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 49cb795f79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 21:36:09 +02:00
Peter Seiderer bde9621d0f gst1-plugins-bad: fix build against openjpeg 2.2
Add upstream patch to fix build against openjpeg 2.2.

Fixes [1]:

  gstopenjpeg.h:42:37: fatal error: openjpeg-2.1/openjpeg.h: No such file or directory

[1] http://autobuild.buildroot.net/results/90f1f7838f08e3a557be27470406d4d84dbcc828

[Peter: drop meson changes for 2017.02.x]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3a5d4db954)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 16:46:53 +02:00
Peter Korsgaard 5f9d99944a openjpeg: fix build without C++ support
Fixes:
http://autobuild.buildroot.net/results/e2f/e2ff0a7fa2b911157edf6c43a8eed797b22edd46/
http://autobuild.buildroot.net/results/670/6706339e7df2f2e7d0d7a15663bed185ca55c2a1/

Openjpeg is written in C, but with the move to CMake the build system now
errors out if a C++ compiler isn't available.  Fix it by patching the
CMakeLists.txt to not require C++ support.

Patch submitted upstream:
https://github.com/uclouvain/openjpeg/pull/1027

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d2911fec6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 09:01:14 +02:00
Olivier Schonken 1a22a5fcb3 openjpeg: Fix malloc poison issue
The malloc poison issue has been fixed upstream, this patch will thus only
be temporary.

Fixes the following autobuild issues

       sparc | http://autobuild.buildroot.net/results/c1b7a316ca2a4db49023f304dbc7fd5fed05bd9d
        bfin | http://autobuild.buildroot.net/results/031ece7a72e76a9155938cb283de859bd12a8171
         sh4 | http://autobuild.buildroot.net/results/88664451f71c12ccd94e874d408fbb680bea1695
      xtensa | http://autobuild.buildroot.net/results/fbede64a5a86d4868b6da0ab1275e75803235af0
     powerpc | http://autobuild.buildroot.net/results/6c641650509048039b18fbeb010dbca0f0fc5292
microblazeel | http://autobuild.buildroot.net/results/fa2d5272b2db73cbfa441ead9250157c5626ab15
    mips64el | http://autobuild.buildroot.net/results/fc96f6628f71e05d9a74e0e13e50178d29a2c495
         sh4 | http://autobuild.buildroot.net/results/a6d6a6dcb9b4fa250edaaf5935762c5820457b23
      x86_64 | http://autobuild.buildroot.net/results/47b4ca2cc661582d86830b9353a6c8af86e4ba35
         arc | http://autobuild.buildroot.net/results/08e2e4eca6c3dbde8116a649dbf46e52ded45d10
         arc | http://autobuild.buildroot.net/results/899fa044aab7ee28acfa71544f2105da4a5c97d5
         arm | http://autobuild.buildroot.net/results/6016f6885b21d6e8c6199a6833c7acce6210ecc6
         arm | http://autobuild.buildroot.net/results/adbb3c76497e89161535c711de98809a0fa168a7
        or1k | http://autobuild.buildroot.net/results/de3ef69a72d2c2082e202fbed702c53a51274fef
    mips64el | http://autobuild.buildroot.net/results/39b186b13001a810e0992b52321f1015b445d2fd
      x86_64 | http://autobuild.buildroot.net/results/22c6a29a1ded6aedf01adfdfcf26302248dba80c
         arm | http://autobuild.buildroot.net/results/b62c54b727eb5f576c4a517a69c495b537c3b69a
        m68k | http://autobuild.buildroot.net/results/a826561c5786be5f0088b50b633210593e23ffff
         arm | http://autobuild.buildroot.net/results/d32ec927a5e4d5644cb3641014bcf6ebe5c14490

Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19d8081865)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 09:01:06 +02:00
Peter Korsgaard 4adb61ec73 tor: security bump to version 0.2.9.12
Fixes CVE-2017-0380: Stack disclosure in hidden services logs when
SafeLogging disabled

For more details, see:
https://trac.torproject.org/projects/tor/ticket/23490

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-23 23:10:24 +02:00
Peter Korsgaard 8fbd4de7c2 CHANGES: update with recent changes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-23 11:04:39 +02:00
Peter Korsgaard 1f8ed52c55 bind: use http:// instead of ftp:// for site
To avoid issues with firewalls blocking ftp.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 771bb2d58d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-23 10:29:35 +02:00
Peter Korsgaard b449b86637 bind: bump to version 9.11.2
Adds support for the new ICANN DNSSEC root key for the upcoming KSK rollover
(Oct 11):

https://www.icann.org/resources/pages/ksk-rollover

For more details, see the release notes:
https://kb.isc.org/article/AA-01522

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f3e3b36159)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-23 10:29:25 +02:00
Peter Korsgaard b6b99d28ef gdk-pixbuf: security bump to version 2.36.10
Fixes the following security issues:

CVE-2017-2862 - An exploitable heap overflow vulnerability exists in the
gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6.  A
specially crafted jpeg file can cause a heap overflow resulting in remote
code execution.  An attacker can send a file or url to trigger this
vulnerability.

CVE-2017-2870 - An exploitable integer overflow vulnerability exists in the
tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with
Clang.  A specially crafted tiff file can cause a heap-overflow resulting in
remote code execution.  An attacker can send a file or a URL to trigger this
vulnerability.

CVE-2017-6311 - gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows
context-dependent attackers to cause a denial of service (NULL pointer
dereference and application crash) via vectors related to printing an error
message.

The host version now needs the same workaround as we do for the target to
not pull in shared-mime-info.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3853675ae0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 09:00:35 +02:00
Vicente Olivert Riera 4ec2c80824 gdk-pixbuf: bump version to 2.36.6
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0fcf03eb5d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 09:00:17 +02:00
Gustavo Zacarias 6c99140688 gdk-pixbuf: copy loaders.cache later on
Trying to copy loaders.cache from host-gdk-pixbuf to the gdk-pixbuf
build directory in the post-patch hook is too early when using TLP (it
breaks horribly) since host-gdk-pixbuf isn't built yet during the
massive unpack/patch cycle.
Switch it to the pre-build hook instead which ensures that gdk-pixbuf
dependencies were already built.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1f4e1656bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 09:00:08 +02:00
Gustavo Zacarias 0995804d44 gdk-pixbuf: bump to version 2.36.5
This release needs a new tweak regarding loaders.cache - it's now used
to build the thumbnailer.
Since we already generate it using the host variant for the target we
can re-use this for the build step.
It's not necessary to used the tweaked version since the build one is
only used to account for mime types, not the plugins/loaders themselves.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 487b419cc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 08:59:57 +02:00
Baruch Siach d6c24f879f flashrom: fix static build with uClibc
Define HAVE_STRNLEN to avoid local strnlen() definition.

Fixes:
http://autobuild.buildroot.net/results/7dc/7dc4298e3a07c73e03f70205516d68a0f4c2d297/
http://autobuild.buildroot.net/results/e36/e362848eb45f6b8100131361e6e5faa546f0bbd8/
http://autobuild.buildroot.net/results/69e/69ef10ec710f418b4d10c1edb4f2ce2e49b522bf/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 57f4efed79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 08:53:14 +02:00
Peter Korsgaard 6f4d4ae57e package/samba4: security bump to version 4.5.14
Release notes:
https://www.samba.org/samba/history/samba-4.5.14.html

Fixes
- CVE-2017-12150 (SMB1/2/3 connections may not require signing where
  they should)
- CVE-2017-12151 (SMB3 connections don't keep encryption across DFS
  redirects)
- CVE-2017-12163 (Server memory information leak over SMB1)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 23:24:59 +02:00
Peter Korsgaard ca10c68c6d package/ffmpeg: security bump to version 3.2.8
Fixes a number of integer overflows and DoS issues.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 23:24:51 +02:00
Peter Korsgaard 99ab71180f linux-headers: bump 3.18.x and 4.1.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:45:03 +02:00
Bernd Kuhls 643783f9a9 linux-headers: bump 3.2.x and 4.{4, 9, 12, 13}.x series
[Peter: drop 4.12.x/4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b4afe7a8cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:25:23 +02:00
Peter Korsgaard 1944fe8b46 pkgconf: update upstream URL in Config.in
The download location got changed two years ago when the version was bumped
to 0.9.12, but the upstream URL in Config.in wasn't updated.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 13cb944aab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:03:06 +02:00
Bernd Kuhls 43f910fc7d package/apache: add patch to fix CVE-2017-9798
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 6d24caf0cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:02:40 +02:00
Bernd Kuhls 5fc7f48234 package/proxychains-ng: security bump to version 4.11
Version 4.9 fixes CVE-2015-3887:
https://github.com/rofl0r/proxychains-ng/issues/60

Added md5 & sha1 hashes provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9d71b8978a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:01:02 +02:00
Luca Ceresoli 557039368d docs/manual: fix typo
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e10e4d19e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:52:08 +02:00
Peter Korsgaard a86d28d850 cmake: explicitly disable openssl support for host-cmake
host-cmake will optionally link with openssl for the embedded copy of
libarchive if available, leaking host dependencies and possibly causing
build issues in case of compatibility issues - E.G. the host-cmake version
we have in 2017.02.x doesn't build against openssl-1.1.0+:

https://github.com/libarchive/libarchive/issues/810

The openssl support in libarchive is unlikely to be needed, so explicitly
disable it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f87138339b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:51:28 +02:00
Peter Korsgaard f0b6a90eae bluez5_utils: add upstream security fix for CVE-2017-1000250
Fixes CVE-2017-1000250 - All versions of the SDP server in BlueZ 5.46 and
earlier are vulnerable to an information disclosure vulnerability which
allows remote attackers to obtain sensitive information from the bluetoothd
process memory.  This vulnerability lies in the processing of SDP search
attribute requests.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:23:37 +02:00
Bernd Kuhls fe8577d2ce package/imagemagick: security bump to version 7.0.7-1
Quoting CVE-related issues from
https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog

2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
    https://github.com/ImageMagick/ImageMagick/issues/632).

2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues) including
    https://github.com/ImageMagick/ImageMagick/issues/618 (CVE-2017-12676).

2017-07-23  7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    https://github.com/ImageMagick/ImageMagick/issues/600 (CVE-2017-13141),
    https://github.com/ImageMagick/ImageMagick/issues/602 (CVE-2017-12565).

2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...>
  * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
    https://github.com/ImageMagick/ImageMagick/issues/582
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference
    https://github.com/ImageMagick/ImageMagick/issues/586).

2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Stop a memory leak in read_user_chunk_callback() (reference
    https://github.com/ImageMagick/ImageMagick/issues/517,
    CVE 2017-11310).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1cf1b98de6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:21:56 +02:00
Bernd Kuhls fc6dda414c package/imagemagick: bump version to 7.0.6-0
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dfde97dce5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:21:40 +02:00
Bernd Kuhls aaeae27072 package/imagemagick: change download url to github
Upstream quickly removes old versions from
http://www.imagemagick.org/download/releases

For our LTS versions we should switch to a stable upstream repo which
provides all released versions.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 02edd7cd80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:21:29 +02:00
Petr Kulhavy 1ce4be9c5e download/git: force gzip compression level 6
Force gzip compression level 6 when calculating hash of a downloaded GIT repo.
To make sure the tar->gzip->checksum chain always provides consistent result.`

The script was relying on the default compression level, which must not be
necessarily consistent among different gzip versions. The level 6 is gzip's
current default compression level.

Signed-off-by: Petr Kulhavy <brain@jikos.cz>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 04a22cf1b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 15:41:26 +02:00
Bernd Kuhls 3196246a9b package/librsync: security bump to version 2.0.0
Removed patch applied upstream, switched to cmake-package following
upstream removal of autoconf.

Short summary of changes:

version 1.0.1
- switched from autoconf to cmake

version 1.0.0:
- fixed CVE-2014-8242
- project moved to github

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b860bd83b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 14:36:29 +02:00
Bernd Kuhls 251a65c915 package/librsync: fix build error with gcc7
Fixes
http://autobuild.buildroot.net/results/4a1/4a1931565674442c6117b2b202a002dd0ec12a4b/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit eb7e07702c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 14:34:05 +02:00
Bernd Kuhls b0753098a5 linux-headers: bump 4.{9, 12, 13}.x series
[Peter: drop 4.12.x/4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2aae8765fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 14:16:01 +02:00
Peter Korsgaard 465aa6e587 supervisor: security bump to version 3.1.4
Fixes CVE-2017-11610 - The XML-RPC server in supervisor before 3.0.1, 3.1.x
before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote
authenticated users to execute arbitrary commands via a crafted XML-RPC
request, related to nested supervisord namespace lookups.

For more details, see
https://github.com/Supervisor/supervisor/issues/964

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 38a1c4821a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 13:18:27 +02:00
Peter Korsgaard a8676e86fe ruby: add upstream security patches bumping rubygems to 2.6.13
We unfortunately cannot use the upstream patches directly as they are not in
'patch -p1' format, so convert them and include instead.

Fixes:

CVE-2017-0899 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications that include terminal escape
characters.  Printing the gem specification would execute terminal escape
sequences.

CVE-2017-0900 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications to cause a denial of service attack
against RubyGems clients who have issued a `query` command.

CVE-2017-0901 - RubyGems version 2.6.12 and earlier fails to validate
specification names, allowing a maliciously crafted gem to potentially
overwrite any file on the filesystem.

CVE-2017-0902 - RubyGems version 2.6.12 and earlier is vulnerable to a DNS
hijacking vulnerability that allows a MITM attacker to force the RubyGems
client to download and install gems from a server that the attacker
controls.

For more details, see
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0e5448af50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 13:17:17 +02:00
Vicente Olivert Riera 38b5b49689 ruby: bump version to 2.4.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 81de172d11)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 13:17:09 +02:00
Peter Korsgaard 74d64007d5 tcpdump: security bump to version 4.9.2
Fixes the following security issues (descriptions not public yet):

    Fix buffer overflow vulnerabilities:
      CVE-2017-11543 (SLIP)
      CVE-2017-13011 (bittok2str_internal)
    Fix infinite loop vulnerabilities:
      CVE-2017-12989 (RESP)
      CVE-2017-12990 (ISAKMP)
      CVE-2017-12995 (DNS)
      CVE-2017-12997 (LLDP)
    Fix buffer over-read vulnerabilities:
      CVE-2017-11541 (safeputs)
      CVE-2017-11542 (PIMv1)
      CVE-2017-12893 (SMB/CIFS)
      CVE-2017-12894 (lookup_bytestring)
      CVE-2017-12895 (ICMP)
      CVE-2017-12896 (ISAKMP)
      CVE-2017-12897 (ISO CLNS)
      CVE-2017-12898 (NFS)
      CVE-2017-12899 (DECnet)
      CVE-2017-12900 (tok2strbuf)
      CVE-2017-12901 (EIGRP)
      CVE-2017-12902 (Zephyr)
      CVE-2017-12985 (IPv6)
      CVE-2017-12986 (IPv6 routing headers)
      CVE-2017-12987 (IEEE 802.11)
      CVE-2017-12988 (telnet)
      CVE-2017-12991 (BGP)
      CVE-2017-12992 (RIPng)
      CVE-2017-12993 (Juniper)
      CVE-2017-11542 (PIMv1)
      CVE-2017-11541 (safeputs)
      CVE-2017-12994 (BGP)
      CVE-2017-12996 (PIMv2)
      CVE-2017-12998 (ISO IS-IS)
      CVE-2017-12999 (ISO IS-IS)
      CVE-2017-13000 (IEEE 802.15.4)
      CVE-2017-13001 (NFS)
      CVE-2017-13002 (AODV)
      CVE-2017-13003 (LMP)
      CVE-2017-13004 (Juniper)
      CVE-2017-13005 (NFS)
      CVE-2017-13006 (L2TP)
      CVE-2017-13007 (Apple PKTAP)
      CVE-2017-13008 (IEEE 802.11)
      CVE-2017-13009 (IPv6 mobility)
      CVE-2017-13010 (BEEP)
      CVE-2017-13012 (ICMP)
      CVE-2017-13013 (ARP)
      CVE-2017-13014 (White Board)
      CVE-2017-13015 (EAP)
      CVE-2017-11543 (SLIP)
      CVE-2017-13016 (ISO ES-IS)
      CVE-2017-13017 (DHCPv6)
      CVE-2017-13018 (PGM)
      CVE-2017-13019 (PGM)
      CVE-2017-13020 (VTP)
      CVE-2017-13021 (ICMPv6)
      CVE-2017-13022 (IP)
      CVE-2017-13023 (IPv6 mobility)
      CVE-2017-13024 (IPv6 mobility)
      CVE-2017-13025 (IPv6 mobility)
      CVE-2017-13026 (ISO IS-IS)
      CVE-2017-13027 (LLDP)
      CVE-2017-13028 (BOOTP)
      CVE-2017-13029 (PPP)
      CVE-2017-13030 (PIM)
      CVE-2017-13031 (IPv6 fragmentation header)
      CVE-2017-13032 (RADIUS)
      CVE-2017-13033 (VTP)
      CVE-2017-13034 (PGM)
      CVE-2017-13035 (ISO IS-IS)
      CVE-2017-13036 (OSPFv3)
      CVE-2017-13037 (IP)
      CVE-2017-13038 (PPP)
      CVE-2017-13039 (ISAKMP)
      CVE-2017-13040 (MPTCP)
      CVE-2017-13041 (ICMPv6)
      CVE-2017-13042 (HNCP)
      CVE-2017-13043 (BGP)
      CVE-2017-13044 (HNCP)
      CVE-2017-13045 (VQP)
      CVE-2017-13046 (BGP)
      CVE-2017-13047 (ISO ES-IS)
      CVE-2017-13048 (RSVP)
      CVE-2017-13049 (Rx)
      CVE-2017-13050 (RPKI-Router)
      CVE-2017-13051 (RSVP)
      CVE-2017-13052 (CFM)
      CVE-2017-13053 (BGP)
      CVE-2017-13054 (LLDP)
      CVE-2017-13055 (ISO IS-IS)
      CVE-2017-13687 (Cisco HDLC)
      CVE-2017-13688 (OLSR)
      CVE-2017-13689 (IKEv1)
      CVE-2017-13690 (IKEv2)
      CVE-2017-13725 (IPv6 routing headers)

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 478ee139b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 12:05:11 +02:00
Baruch Siach c56c5956cf libarchive: security bump to version 3.3.2
CVE-2016-8687: Stack-based buffer overflow in the safe_fprintf function
in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a
denial of service via a crafted non-printable multibyte character in a
filename.

CVE-2016-8688: The mtree bidder in libarchive 3.2.1 does not keep track
of line sizes when extending the read-ahead, which allows remote
attackers to cause a denial of service (crash) via a crafted file, which
triggers an invalid read in the (1) detect_form or (2) bid_entry
function in libarchive/archive_read_support_format_mtree.c.

CVE-2016-8689: The read_Header function in
archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote
attackers to cause a denial of service (out-of-bounds read) via multiple
EmptyStream attributes in a header in a 7zip archive.

CVE-2016-10209: The archive_wstring_append_from_mbs function in
archive_string.c in libarchive 3.2.2 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via a
crafted archive file.

CVE-2016-10349: The archive_le32dec function in archive_endian.h in
libarchive 3.2.2 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted file.

CVE-2016-10350: The archive_read_format_cab_read_header function in
archive_read_support_format_cab.c in libarchive 3.2.2 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted file.

CVE-2017-5601: An error in the lha_read_file_header_1() function
(archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote
attackers to trigger an out-of-bounds read memory access and
subsequently cause a crash via a specially crafted archive.

Add upstream patch fixing the following issue:

CVE-2017-14166: libarchive 3.3.2 allows remote attackers to cause a
denial of service (xml_data heap-based buffer over-read and application
crash) via a crafted xar archive, related to the mishandling of empty
strings in the atol8 function in archive_read_support_format_xar.c.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f871b21c89)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 12:04:04 +02:00
Thomas Petazzoni 215d7a04b7 qt: add patch fixing build failure on ARMv8 in 32-bit mode
The Qt package currently fails to build on ARMv8 cores in 32-bit mode
(for example, if you select ARM and then Cortex-A53), because the ARM
atomic operation implementation in Qt checks if we're on ARMv7, then
on ARMv6, and otherwise falls back to an ARMv5 implementation. The
latter uses the swp instruction, which doesn't exist on ARMv8, causing
a build failure.

To solve this, we simply add a patch that uses the ARMv7 atomic
operations for ARMv8-A.

There is no autobuilder reference because we don't have any ARMv8
32-bit configuration in the autobuilders.

Cc: <ivychend@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 95389fe98c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 12:01:46 +02:00
Thomas Petazzoni e55836dab0 qt: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 35bc55eaaa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 12:01:00 +02:00
Peter Korsgaard 05355b04d4 xen: add upstream post-4.7.3 security fixes
Fixes the following security issues:

XSA-226: multiple problems with transitive grants (CVE-2017-12135)
XSA-227: x86: PV privilege escalation via map_grant_ref (CVE-2017-12137)
XSA-228: grant_table: Race conditions with maptrack free list handling
         (CVE-2017-12136)
XSA-230: grant_table: possibly premature clearing of GTF_writing /
	 GTF_reading (CVE-2017-12855)
XSA-231: Missing NUMA node parameter verification (CVE-2017-14316)
XSA-232: Missing check for grant table (CVE-2017-14318)
XSA-233: cxenstored: Race in domain cleanup (CVE-2017-14317)
XSA-234: insufficient grant unmapping checks for x86 PV guests
         (CVE-2017-14319)
XSA-235: add-to-physmap error paths fail to release lock on ARM

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-19 13:56:48 +02:00
Peter Korsgaard 59e03d863d unrar: security bump to version 5.5.8
Fixes the following security issues:

CVE-2017-12938 - UnRAR before 5.5.7 allows remote attackers to bypass a
directory-traversal protection mechanism via vectors involving a symlink to
the . directory, a symlink to the .. directory, and a regular file.

CVE-2017-12940 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the EncodeFileName::Decode call within the Archive::ReadHeader15
function.

CVE-2017-12941 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the Unpack::Unpack20 function.

CVE-2017-12942 - libunrar.a in UnRAR before 5.5.7 has a buffer overflow in
the Unpack::LongLZ function.

For more details, see
http://www.openwall.com/lists/oss-security/2017/08/14/3

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 322599744c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-18 09:47:56 +02:00
Peter Korsgaard de22cee061 strongswan: add upstream security patch
Fixes CVE-2017-11185: The gmp plugin in strongSwan before 5.6.0 allows
remote attackers to cause a denial of service (NULL pointer dereference and
daemon crash) via a crafted RSA signature.

For more details, see
https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2a59db1bb0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-18 09:47:13 +02:00
Peter Korsgaard 3284e172f4 libsoup: security bump to version 2.56.1
Fixes CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding

For more details, see
https://bugzilla.gnome.org/show_bug.cgi?id=785774

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0f5398f0e6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-18 09:44:31 +02:00
Peter Korsgaard c128009659 gd: security bump to version 2.2.5
Fixes the following security issues:

CVE-2017-6362: Double-free in gdImagePngPtr()
CVE-2017-7890: Buffer over-read into uninitialized memory

Drop patches no more needed:

0001-gdlib-config.patch: @LIBICONV@ is nowadays correct AC_SUBST'ed by
configure

0002-gd_bmp-fix-build-with-uClibc.patch: upstream uses ceil() since
https://github.com/libgd/libgd/commit/6913dd3cd2a7c2914ad9622419f9343bfe956135

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3b85d24c1d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-18 09:43:36 +02:00
Max Filippov 8afd8781fe package/gcc: fix ICE on xtensa, PR target/82181
Memory references to DI mode objects could incorrectly be created at
offsets that are not supported by instructions l32i/s32i, resulting in
ICE at a stage when access to the object is split into access to its
subwords:
  drivers/staging/rtl8188eu/core/rtw_ap.c:445:1:
     internal compiler error: in change_address_1, at emit-rtl.c:2126

Fixes: https://lkml.org/lkml/2017/9/10/151
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:59:07 +02:00
Peter Korsgaard 8681b9477b linux-headers: bump 3.18.x version to 3.18.70
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:37:40 +02:00
Bernd Kuhls a711d9e25b linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19af2fe70c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:37:04 +02:00
Bernd Kuhls 8a673badcb package/botan: security bump to version 1.10.16
Fixes CVE-2017-2801: A programming error exists in a way Randombit Botan
cryptographic library version 2.0.1 implements x500 string comparisons which
could lead to certificate verification issues and abuse.  A specially
crafted X509 certificate would need to be delivered to the client or server
application in order to trigger this vulnerability.

[Peter: extend commit message with security fixes info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 033aa8d4e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 16:49:21 +02:00
Baruch Siach 0f6388e374 mbedtls: security bump to version 2.6.0
Fixes CVE-2017-14032: authentication bypass.

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

Add license hash.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aa70897e29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 15:14:49 +02:00
Olivier Schonken 4a944b6a2d openjpeg: security bump to version 2.2.0
Fixes the following security issues:

CVE-2016-10504: Heap-based buffer overflow vulnerability in the
opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote
attackers to cause a denial of service (application crash) via a crafted bmp
file.

CVE-2016-10505: NULL pointer dereference vulnerabilities in the imagetopnm
function in convert.c, sycc444_to_rgb function in color.c,
color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in
color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of
service (application crash) via crafted j2k files.

CVE-2016-10506: Division-by-zero vulnerabilities in the functions
opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG
before 2.2.0 allow remote attackers to cause a denial of service
(application crash) via crafted j2k files.

CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function
in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a
denial of service (heap-based buffer over-read and application crash) via a
crafted bmp file.

[Peter: extend commit message with security fixes info]
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 37b2fe73cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 15:10:40 +02:00
Peter Korsgaard 6f4428337e subversion: security bump to version 1.9.7
Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
svn+ssh URLs in svn:externals and svn:sync-from-url

For more details, see
http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c6b793779c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 23:48:12 +02:00
Peter Korsgaard d3463a9907 file: security bump to version 5.32
Fixes CVE-2017-1000249 - Stack buffer overflow with a specially crafted
.notes section in an ELF binary file.

For more details, see: http://www.openwall.com/lists/oss-security/2017/09/05/3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 89a38e6397)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 23:47:41 +02:00
Vicente Olivert Riera fae25a1d21 file: bump version to 5.31
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e173bbe958)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 23:47:34 +02:00
Gustavo Zacarias 51be260e88 file: bump to version 5.30
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ac82e0ebad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 23:47:19 +02:00
Max Filippov c357dd607b package/binutils: fix crash caused by buggy xtensa overlay
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:57:07 +02:00
Peter Korsgaard a554694145 linux-headers: bump 3.18.x version to 3.18.69
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:55:23 +02:00
Julien Corjon f6a9094103 package/netplug: init script create needed lock directory
Init script use /var/lock/subsys/netplugd but directory
/var/lock/subsys can be missing.

Signed-off-by: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c81c6d8f3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:51:59 +02:00
Adam Duskett 0e3334e25b postgresql: security bump to version 9.6.5
Fixes the following security issues (9.6.4):

CVE-2017-7546: Empty password accepted in some authentication methods
CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges
CVE-2017-7548: lo_put() function ignores ACLs

For more info, see https://www.postgresql.org/about/news/1772/

[Peter: extend commit message with security fixes info]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 95e284bd27)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:48:01 +02:00
Adam Duskett f16d963789 libxml2: security bump to version 2.9.5
Fixes CVE-2017-9049, CVE-2017-9050, CVE-2017-9047, CVE-2017-9048,
CVE-2017-5969.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Thomas: improved commit log, from Baruch suggestion.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d8bc440e3a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:42:51 +02:00
Bernd Kuhls 146c38cfcf linux-headers: bump 4.{4, 9}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fa46a89fe0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:36:37 +02:00
Peter Korsgaard 1aeb48b66f transmission: gtk option needs libgtk3
Fixes the following configure issue:

checking for GTK... no
configure: error: Package requirements (gtk+-3.0 >= 3.4.0
                              glib-2.0 >= 2.32.0
                              gio-2.0 >= 2.26.0,
                              gmodule-2.0 >= 2.32.0
                              gthread-2.0 >= 2.32.0) were not met:

libgtk2 support was dropped in commit cdd71c642724 ((trunk gtk) #4970 remove
deprecated GTK+ API calls, raise GTK+ dependency to 3.2) which was part of
transmission-2.61.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a2935ee288)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:32:07 +02:00
Bernd Kuhls ac5da5e315 package/transmission: fix gtk support
Gtk support is controlled by ARG_WITH since
https://github.com/transmission/transmission/commit/2ccc2bbbfe2e4a26dfeaa13b56c412ea0af4ebe4

Fixes a build error if libgtk2/3 was built before transmission:
http://autobuild.buildroot.net/results/6b6/6b6ce352a9edfe3aaba82be143092a878e7715ed/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e67fbcfa94)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:31:53 +02:00
Erico Nunes f9064cb3b1 grub2: force -fno-stack-protector in CFLAGS
grub2 fails to configure when BR2_SSP_ALL is enabled, with the following
configure error:

  checking whether -fno-asynchronous-unwind-tables works... yes
  checking whether -fno-unwind-tables works... yes
  checking for target linking format... unknown
  configure: error: no suitable link format found

This can be worked around by enforcing -fno-stack-protector in the
package CFLAGS in a way that overrides the SSP flag, as is already done
for the valgrind package.

Fixes bug #10261.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Reported-by: Dr I J Ormshaw <ian_ormshaw@waters.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2a27294e9a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:28:57 +02:00
Yann E. MORIN 6866015b70 package/linux-tools: gpio does not build in parallel
Partially fixes #10276.

Reported-by: Ciro Santilli <ciro.santilli@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Ciro Santilli <ciro.santilli@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4a03d1ac29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:27:23 +02:00
Baruch Siach 6f107edbef libgcrypt: security bump to version 1.7.9
Fixes CVE-2017-0379: Mitigate a local side-channel attack on Curve25519
dubbed "May the Fourth be With You".

As we are close to release, don't update to the latest 1.8.1 version,
but to a maintenance release from the 1.7 branch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit cd4514109a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:26:06 +02:00
Baruch Siach 1519ba33f5 gnupg: security bump to version 1.4.22
Mitigate a flush+reload side-channel attack on RSA secret keys
dubbed "Sliding right into disaster".  For details see
<https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

Switch to https site for better firewall compatibility and security.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 453ca1d6ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:25:10 +02:00
Fabio Estevam 451d115add linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 10b1273264)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:19:41 +02:00
Kurt Van Dijck 290b6cfdf6 bcusdk: eibd: drop local clock_gettime in USB backends
clock_gettime is defined locally, and calls pth_int_time, which
in turn calls clock_gettime.
The USB backend shouldn't overrule clock_gettime in the first place.
This patch fixes this endless recursion by removing the local defition.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bc4f5598dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:17:24 +02:00
Bernd Kuhls 1faeae820d linux-headers: bump 3.{2, 10}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fec74492ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:15:58 +02:00
Bernd Kuhls 21d7b1e4fc package/squid: fix typo
Fixed typo added by
https://git.buildroot.net/buildroot/commit/package/squid?id=d2f7d0d72cd7e00ffbe869011d200f0a4a53e7a5

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7c5526c79c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:14:05 +02:00
Baruch Siach 8d5a92e2b6 connman: security bump to version 1.35
Fixes CVE-2017-12865: stack overflow in dns proxy feature.

Cc: Martin Bark <martin@barkynet.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 104879aab0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:12:34 +02:00
Martin Bark d672e0c4d7 package/connman: bump version to 1.34
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 579568ce09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:12:24 +02:00
Yann E. MORIN a6ae588ccc package/nvidia-driver: install an egl.pc
A lot of packages expect an egl.pc to decide that EGL is available. So,
provide one.

As suggested by Alexandre, use the one from nvidia-tegra23 as template.

Reported-by: Alexandre Maumené <alexandre@maumene.org>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Alexandre Maumené <alexandre@maumene.org>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 05a86bdf1f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:41:00 +02:00
Bernd Kuhls ec732da99e package/libphidget: fix upstream source URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dc9cc4d7cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:36:03 +02:00
Bernd Kuhls 0dba28fce1 package/iucode-tool: fix upstream source URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9f2369b5f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:35:53 +02:00
Bernd Kuhls 09549cc322 package/iostat: fix upstream source URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3d37cc2c97)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:34:30 +02:00
Bernd Kuhls af76cb192a package/dialog: fix upstream source URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5fdebd3b8a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:33:19 +02:00
Andrey Smirnov aac336dfd7 package/nss-pam-ldapd: Do not mark .service file executable
Do not mark .service file executable, otherwise systemd
will give us a warning about it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 06cf5c1812)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:31:25 +02:00
Andrey Smirnov c565971bd7 package/transmission: Do not mark .service file executable
Do not mark .service file executable, otherwise systemd
will give us a warning about it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a1c3ae753e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:31:11 +02:00
Andrey Smirnov ece5e09891 package/minidlna: Do not mark .service file executable
Do not mark .service file executable, otherwise systemd
will give us a warning about it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fb825fbaf9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:30:04 +02:00
Bernd Kuhls d4451a4c96 linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8e291b97ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:29:32 +02:00
Thomas Petazzoni e72e252af5 mediastreamer: add dependency on host-vim
host-vim is needed to provide the xxd tool, otherwise the build fails
with:

checking for xxd... no
configure: error: "xxd is required (provided by vim package)"

This isn't noticed by the autobuilders, presumably because all of them
have vim installed locally.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 377d10577b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:26:54 +02:00
Thomas Petazzoni f21b3b83f8 vim: add host variant
Vim contains a tool called xxd, which is needed by mediastreamer on
the host as part of its build process. Therefore, this commit
introduces a host variant for the vim package, that will be used by
mediastreamer.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 38d098402e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:26:43 +02:00
Thomas Petazzoni 0e60dd830f mediastreamer: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c0369e05ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:26:33 +02:00
Andrey Smirnov 3df894d83c package/rpcbind: Do not mark .service and .socket files executable
Do not mark .service and .socket files executable, otherwise systemd
will give us a warning about it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3a41c96a25)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:18:29 +02:00
Bernd Kuhls 0190c95a5a package/zmqpp: link with libatomic when needed
Fixes
http://autobuild.buildroot.net/results/c32/c32b9b8dd00d6f6d3db27fae9d8de758a4f25138/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 55a9d6d558)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:17:04 +02:00
Bernd Kuhls 0b51c59e19 linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ab157dd4d1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:11:28 +02:00
Baruch Siach ec88eeaea0 faad2: fix build with musl libc
The getopt.c code declares the strncmp() routine in a non confirming way
under non GNU libc. Patch the code to make the declaration standard
conforming.

Fixes:
http://autobuild.buildroot.net/results/447/4471be349d7ad2e998a4d55afd33aa046a5d1fd2/
http://autobuild.buildroot.net/results/2a9/2a90f4f518884fb50f7ad6ab505dee7565ed869e/
http://autobuild.buildroot.net/results/6b1/6b159b766d791492bab4d897c33ce07845fb7119/

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6f6795d77d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:07:01 +02:00
Yann E. MORIN 2ff69117fe fs/iso9660: really create initrd temp dir
In case we're using an initrd, we create an empty "root" directory that
will contain only the bootloader stuff, not the actual root filesystem,
because it is in an initrd (standalone or initramfs).

We have to ensure that the directory is empty before assembling the
filesystem (to avoid any file lingering from a previous run, like the
sequence  "make; make"). So we first remove it before we create it, so
that on each build (especially not-from-scratch builds) we get the exact
expected content without any leftover.

However, the macro responsible for that, although defined since 7080eef9,
was never called.

Fix that by registering it as a pre-gen hook.

Note: the directory need not be created, as there are quite a few
"install -D" commands that ensure it is created. Yet, we prefer to
create it explicitly to avoid any confusion.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8a26adddde)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 11:08:26 +02:00
Yann E. MORIN ac847623f5 package/fakeroot: fix highly parallel uses
Although the issue can very well occur with low-paralle builds, or even
with non-parallel builds, the conditions are so strict that the ocasion
it breaks is extremely rare, to the point where a failure would go
unnoticed.

Fixes #10141.

Reported-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit eff989bab8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 11:06:40 +02:00
Baruch Siach 7728fc745d whois: bump to version 5.2.17
Fixes serious usability issues (Debian changelog):

  * Fixed whois referrals for .com, .net, .jobs, .bz, .cc and .tv,
    broken by an ICANN-mandated output change:
    https://www.icann.org/resources/pages/rdds-labeling-policy-2017-02-01-en

Use snapshot.debian.org for the .dsc reference, since files tend to
disappear from the official Debian ftp site over time.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 978724d8cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 11:03:09 +02:00
Waldemar Brodkorb fdce421a5f gpsd: fix build for microblaze architecture
Disable O2 and add O0. The suggested flags in the gcc report
are not enough for gcc >= 6.

Fixes:

  http://autobuild.buildroot.net/results/3686cd3f3e7b6aee84f4377bd2dded1115321fb3/

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
[Thomas: use Git to format the patch, improve patch description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit e6d0177f53)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:47:38 +02:00
Arnout Vandecappelle 3afb4a1f9c e2fsprogs: add patch for recent glibc
Recent glibc have deprecated the implicit include of sys/sysmacros.h
from sys/types.h. That means that the macros major and minor are no
longer defined unless this header is included.

This problem was observed for host-e2fsprogs when building on a host
with recent glibc.

Add an upstream patch that includes sys/sysmacros.h when needed.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Dagg Stompler <daggs@gmx.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Tested-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ed295ce49b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:30:40 +02:00
Thomas Petazzoni 75b9ec066c lua: ensure pkgconfig directory exists before installing files
The lua staging and host installation commands generate a file in
usr/lib/pkgconfig, without first making sure that this directory
exists, which causes build failures if it doesn't. This commit adjusts
those installation commands to create this directory if needed.

Fixes:

  http://autobuild.buildroot.net/results/101c89e1d6aee942a0b1c4e4f3daf8ac2414a56c/

Based on investigation and initial (more complicated) fix provided by
Francois Perrad <francois.perrad@gadz.org>.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 25a2650086)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:26:35 +02:00
Dagg Stompler cd86df9e0b sysvinit: fix compilation error against musl
This commit adds a patch to the sysvinit package that fixes various
build issues against musl due to missing header includes.

Signed-off-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7ec15db9db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:24:07 +02:00
Baruch Siach b4dbe2e781 sysvinit: adjust help text
sysvinit is far from ultimate init implementation these days. Update the
help text to match reality.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e9a2746710)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:23:57 +02:00
Peter Korsgaard 19d178a5cb package/git: security bump to version 2.12.4
Fixes CVE-2017-1000117:
http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:08:18 +02:00
Thomas Petazzoni d0973b7b47 libcurl: fix build on uncommon architectures
Since the bump to 7.55.0, libcurl fails to build on a number of
uncommon architectures (ARC, OpenRISC, etc.). This is due to upstream
commit 73a2fcea0b4adea6ba342cd7ed1149782c214ae3 ("includes: remove
curl/curlbuild.h and curl/curlrules.h"), which makes libcurl rely on
more architecture-specific related defines in include/curl/system.h.

This commit therefore adds a patch that fixes the 32-bit vs. 64-bit
detection for all architecture, using gcc's __SIZEOF_LONG__
definition. It has been tested successfully with test-pkg on all 47
toolchain configurations.

Fixes:

  http://autobuild.buildroot.net/results/bf26c08cf3267214278674472f931603f69951ae/
  (and many similar issues)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6361a50e3f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:01:25 +02:00
Yann E. MORIN 1bed722b73 package/valgrind: hide comment when arch is not supported
Currently, the comment that "valgrind needs shared libs" is not hidden
when the architecture dependencies are not met, which can confuse some
users (as recently seen on IRC).

Fix that by introducing the traditional _ARCH_SUPPORTS option, and have
the comment and the symbol depend on that.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Brandon Maier <brandon.maier@rockwellcollins.com>
Cc: Jérôme Pouiller <jezz@sysmic.org>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Reviewed--by: Pedro Ribeiro <pedrib@gmail.com>
Tested-by: Pedro Ribeiro <pedrib@gmail.com>
[Arnout: put _ARCH_SUPPORTS at the top of the file]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit afb6bc67a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:59:29 +02:00
Baruch Siach 57fa665847 libcurl: security bump to version 7.55.0
Fixes:

 glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)
 tftp: reject file name lengths that don't fit (CVE-2017-1000100)
 file: output the correct buffer to the user (CVE-2017-1000099)

Switch to .tar.xz to save bandwidth.

Add reference to tarball signature.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d88c79090a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:56:29 +02:00
Naoki Matsumoto 9c0d97c701 libcurl: LICENSE value changes to SPDX
The curl license is a MIT/X derivative license, but
has a distinct identifier in SPDX, so use that:

https://spdx.org/licenses/curl.html

[Peter: reword commit message]
Signed-off-by: Naoki Matsumoto <n-matsumoto@melcoinc.co.jp>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit d80110a635)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:56:02 +02:00
Adam Duskett fea005f3c2 libcurl: bump version to 7.54.1
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c52d50336e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:55:40 +02:00
Jörg Krause 9a11ca9c6d lua: fix pkg-config file
When Lua is linked with additional libraries, these libraries should go
into the pkg-config file as well.

Otherwise, linking swupdate with the lua library fails:

```
/home/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/liblua.so: undefined reference to `dlopen'
/home/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/liblua.so: undefined reference to `dlclose'
/home/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/liblua.so: undefined reference to `dlerror'
/home/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/liblua.so: undefined reference to `dlsym'
```

Fixes http://autobuild.buildroot.net/results/1c3/1c349cc5904868e4def292b9fbfa164828e46156

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8d845683e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:48:11 +02:00
Thomas Petazzoni e8f6630b10 gdb: add fix for gdb 7.12 and gdb 8.0 build on noMMU platforms
This adds a patch to gdb 7.12 and gdb 8.x, which fixes the build on
noMMU platforms. It is not needed for older versions of gdb, since
it's related to the switch of gdb to C++ in the 7.12 release.

Fixes:

../nat/linux-ptrace.c: In function 'int linux_fork_to_function(gdb_byte*, int (*)(void*))':
../nat/linux-ptrace.c:273:29: error: invalid conversion from 'void*' to 'gdb_byte* {aka unsigned char*}' [-fpermissive]
       child_stack = xmalloc (STACK_SIZE * 4);

The patch has already been merged upstream, as of commit
ffce45d2243e5f52f411e314fc4e1a69f431a81f, and will therefore be part
of future gdb releases.

[Peter: drop gdb-8.0 patch]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5c12506f4d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:43:12 +02:00
Samuel Martin c2e4924597 pkg-cmake.mk: set pkg-config env. vars. in the host configure environment
This change is fixing the bug reported in [1].

Cmake may run pkg-config to find the dependencies when configuring a
package. Because of the value of PATH, and it will use the Buildroot's
pkg-config wrapper, which, by default, is configured (via some
environment variables) to find the target dependencies.

When configuring a host package using cmake, to prevent cmake from
wrongly solving dependencies from the target tree (when the
*-config.cmake files are using pkg-config) instead of looking for them
in the Buildroot's host tree or in the host system itself, we need to
set the environment variables altering the pkg-config behavior in the
cmake configure environment.

So, this change is fixing the cmake host-packages configuration step,
by properly setting the pkg-config environment variables to their values
for finding host dependencies.

Before this patch:

  make O=/opt/br/abo/cmake-host-find-root-path libxml2 host-mariadb{-dirclean,-configure} && echo $?
  [...]
  >>> host-mariadb 10.1.25 Configuring
  (mkdir -p /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ && cd /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ && rm -f CMakeCache.txt && PATH="/opt/br/abo/cmake-host-find-root-path/host/bin:/opt/br/abo/cmake-host-find-root-path/host/sbin:/home/sam/.local/bin:/sbin:/usr/sbin:/bin:/usr/bin"  /usr/bin/cmake /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="/opt/br/abo/cmake-host-find-root-path/host" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="/opt/br/abo/cmake-host-find-root-path/host" -DCMAKE_C_FLAGS="-O2 -I/opt/br/abo/cmake-host-find-root-path/host/include" -DCMAKE_CXX_FLAGS="-O2 -I/opt/br/abo/cmake-host-find-root-path/host/include" -DCMAKE_EXE_LINKER_FLAGS="-L/opt/br/abo/cmake-host-find-root-path/host/lib -Wl,-rpath,/opt/br/abo/cmake-host-find-root-path/host/lib"
  -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="/usr/bin/gcc" -DCMAKE_CXX_COMPILER="/usr/bin/g++"  -DCMAKE_C_COMPILER_ARG1="" -DCMAKE_CXX_COMPILER_ARG1=""  -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=OFF  -DWITH_SSL=bundled )
  -- Running cmake version 3.8.2
  [...]
  -- Found PkgConfig: /opt/br/abo/cmake-host-find-root-path/host/bin/pkg-config (found version "0.28")
  [...]
  -- Found LibXml2: /opt/br/abo/cmake-host-find-root-path/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libxml2.so (found version "2.9.4")
  [...]
  0

After this patch is applied:

  make O=/opt/br/abo/cmake-host-find-root-path libxml2 host-mariadb{-dirclean,-configure} && echo $?
  [...]
  >>> host-mariadb 10.1.25 Configuring
  (mkdir -p /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ && cd /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ && rm -f CMakeCache.txt && PATH="/opt/br/abo/cmake-host-find-root-path/host/bin:/opt/br/abo/cmake-host-find-root-path/host/sbin:/home/sam/.local/bin:/sbin:/usr/sbin:/bin:/usr/bin" PKG_CONFIG="/opt/br/abo/cmake-host-find-root-path/host/bin/pkg-config" PKG_CONFIG_SYSROOT_DIR="/" PKG_CONFIG_LIBDIR="/opt/br/abo/cmake-host-find-root-path/host/lib/pkgconfig:/opt/br/abo/cmake-host-find-root-path/host/share/pkgconfig" PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 PKG_CONFIG_ALLOW_SYSTEM_LIBS=1  /usr/bin/cmake /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="/opt/br/abo/cmake-host-find-root-path/host" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="/opt/br/abo/cmake-host-find-roo
 t-path/host" -DCMAKE_C_FLAGS="-O2 -I/opt/br/abo/cmake-host-find-root-path/host/include" -DCMAKE_CXX_FLAGS="-O2 -I/opt/br/abo/cmake-host-find-root-path/host/include" -DCMAKE_EXE_LINKER_FLAGS="-L/opt/br/abo/cmake-host-find-root-path/host/lib -Wl,-rpath,/opt/br/abo/cmake-host-find-root-path/host/lib" -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="/usr/bin/gcc" -DCMAKE_CXX_COMPILER="/usr/bin/g++"  -DCMAKE_C_COMPILER_ARG1="" -DCMAKE_CXX_COMPILER_ARG1=""  -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=OFF  -DWITH_SSL=bundled )
  -- Running cmake version 3.8.2
  [...]
  -- Found PkgConfig: /opt/br/abo/cmake-host-find-root-path/host/bin/pkg-config (found version "0.28")
  [...]
  -- Found LibXml2: /usr/lib/libxml2.so (found version "2.9.4")
  [...]
  0

[1] http://lists.busybox.net/pipermail/buildroot/2017-August/199776.html

Reported-by: "Sigalas, Antonios (Nokia - GR/Athens)" <antonios.sigalas@nokia.com>
Cc: "Sigalas, Antonios (Nokia - GR/Athens)" <antonios.sigalas@nokia.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c9f9b16a2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:39:16 +02:00
Baruch Siach 214343add7 faad2: security bump to version 2.8.1
Fixes: CVE-2017-9218, CVE-2017-9219, CVE-2017-9220, CVE-2017-9221,
CVE-2017-9222, CVE-2017-9223, CVE-2017-9253, CVE-2017-9254,
CVE-2017-9255, CVE-2017-9256, CVE-2017-9257

http://seclists.org/fulldisclosure/2017/Jun/32

Switch to .tar.bz2 to save some bandwidth.

Add autoreconf since unfortunately upstream tarball does not ship the
configure script.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1e2c245bf4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:31:46 +02:00
Peter Seiderer da9f101e80 bind: fix configure in case lmdb devel files are present on the host
Fix configure failure in case lmdb devel files are present on the host
by adding --without-lmdb option (reported [1] and fix tested [2],[3] by
grunpferd@netscape.net).

Fixes:

  checking for lmdb library... yes
  checking for library containing mdb_env_create... no
  configure: error: found lmdb include but not library.

[1] http://lists.busybox.net/pipermail/buildroot/2017-August/199945.html
[2] http://lists.busybox.net/pipermail/buildroot/2017-August/199963.html
[3] http://lists.busybox.net/pipermail/buildroot/2017-August/199964.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit bb95fef1e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:26:32 +02:00
Bernd Kuhls e40be53f7b package/jack2: backport two build fixes
0005-gcc7.patch fixes
http://autobuild.buildroot.net/results/c06/c0610325d7785dfa51c5d36775623ca8fa517f24/

0006-fix-ftbfs-with-clang.patch
fixes the subsequent build error:
common/memops.c.31.o: In function `sample_move_dither_rect_d16_sSs':
memops.c:(.text+0x4dc): undefined reference to `fast_rand'

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 50ace0bcc3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:24:04 +02:00
Thomas Petazzoni cbadc716d3 jack2: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d8e0a2d4ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:23:34 +02:00
Bernd Kuhls 246df454ff linux-headers: aarch64: Prevent selecting unsupported versions
Versions older than Linux v3.7 do not support the aarch64 architecture
so disable them, for reference see https://kernelnewbies.org/Linux_3.7

Without this patch these defconfigs fail to build

BR2_aarch64=y
BR2_KERNEL_HEADERS_3_2=y

BR2_aarch64=y
BR2_KERNEL_HEADERS_3_4=y

with error messages like this:

make[1]: Entering directory '/home/buildroot/br5_next/output/build/linux-headers-3.2.89'
Makefile:567: /home/buildroot/br5_next/output/build/linux-headers-3.2.89/arch/arm64/Makefile: No such file or directory

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1291528bde)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:19:29 +02:00
Bernd Kuhls 99c6d668a6 linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a4a6c74171)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:15:53 +02:00
Bernd Kuhls f1b0e69d92 linux-headers: bump 4.1.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d38797edee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:14:52 +02:00
Marcus Hoffmann 935b33b258 dbus: add upstream patch to fix startup hang with with expat >= 2.2.1
After c0ad6ded01 expat: security bump to version 2.2.1
the system can hang on startup under certain circumstances.

This happens when:
  * we use systemd as init system
  * the random nonblocking pool takes a while to initialize
    * this apparently doesn't happen on qemu, so this would not have
      been caught by the runtime testing infrastructure
    * it also doesn't seem to happen when network booting

For a more detailed description of the bug see here:
https://bugs.freedesktop.org/show_bug.cgi?id=101858

The patch should be in next dbus version 1.10.24

Set DBUS_AUTORECONF = YES because configure.ac is changed.

Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
[Arnout: add upstream commit sha + Marcus's Sob to the patch]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5a5e76381f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:12:15 +02:00
Max Filippov 7e8fa57537 package/binutils: fix crash caused by buggy xtensa overlay
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.

[Peter: drop 2.28.x/2.29.x variants]
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 83f7fb0d5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:02:09 +02:00
Peter Korsgaard bb82c24ce0 samba4: bump to version 4.5.13
4.5.13 is a bugfix release, fixing a number of important issues:

https://www.samba.org/samba/history/samba-4.5.13.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 23:59:07 +02:00
Bernd Kuhls 85a32431a7 package/samba4: add optional dependency to dbus
samba4 picks up dbus as dependency if it was built before:

Checking for dbus                : yes
Checking for header dbus/dbus.h  : yes
Checking for library dbus-1      : yes

There is no configure option to control dbus support so we just make
sure dbus is built before samba4 to have reproducible builds.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 17f6c26590)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 23:30:50 +02:00
Thomas Petazzoni 64e480fd7a gdb: force to use ncurses and not termcap for host-gdb
Both our target and host gdb depend on ncurses (host-ncurses for
host-gdb, of course). However, while for the target we passs
--with-curses, we are not doing this for the host variant. Due to
this, host-gdb default to using the termcap library: if such a library
is available on the build system, it will be used instead of the
host-ncurses we have built. This causes the host gdb binary to depend
on a library that we do not provide in $(HOST_DIR), breaking the
principle of a standalone SDK (which should only depend on the C
library).

To solve this, we simply pass --with-curses in HOST_GDB_CONF_OPTS,
which forces host-gdb to use the host-ncurses library.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8c36c65ab8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 23:28:14 +02:00
Peter Korsgaard 2ca9ecd206 ffmpeg: security bump to version 3.2.7
Fixes the following security issues (https://ffmpeg.org/security.html):

3.2.4:

CVE-2017-5024 - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux,
Windows and Mac, failed to perform proper bounds checking, which allowed a
remote attacker to potentially exploit heap corruption via a crafted video
file.

CVE-2017-5025 - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux,
Windows and Mac, failed to perform proper bounds checking, which allowed a
remote attacker to potentially exploit heap corruption via a crafted video
file.

3.2.5:

CVE-2017-9991 - Heap-based buffer overflow in the xwd_decode_frame function
in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x
before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted file.

CVE-2017-9992 - Heap-based buffer overflow in the decode_dds1 function in
libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before
3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted file.

CVE-2017-9994 - libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before
3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does
not ensure that pix_fmt is set, which allows remote attackers to cause a
denial of service (heap-based buffer overflow and application crash) or
possibly have unspecified other impact via a crafted file, related to the
vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

CVE-2017-9996 - The cdxl_decode_frame function in libavcodec/cdxl.c in
FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x
before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow and application crash) or possibly have unspecified other
impact via a crafted file.

3.2.6:

CVE-2017-9608 - NULL pointer exception.

CVE-2017-9993 - FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x
before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live
Streaming filename extensions and demuxer names, which allows attackers to
read arbitrary files via crafted playlist data.

3.2.7:

CVE-2017-11399 - Integer overflow in the ape_decode_frame function in
libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause
a denial of service (out-of-array access and application crash) or possibly
have unspecified other impact via a crafted APE file.

CVE-2017-11665 - The ff_amf_get_field_value function in
libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a
denial of service (Segmentation Violation and application crash) via a
crafted stream.

CVE-2017-11719 - The dnxhd_decode_header function in libavcodec/dnxhddec.c
in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service
(out-of-array access) or possibly have unspecified other impact via a
crafted DNxHD file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 23:07:17 +02:00
Bernd Kuhls 6918f13762 package/snappy: fix typo
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 662b830dd7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:59:00 +02:00
Baruch Siach 288d26acd5 squashfs: fix build with gcc 7
gcc 7 with -Os (optimize for size) takes the liberty to remove the code of
inline function entirely. This leads to undefined function references at link
time. Restore gcc original inline behaviour to fix this issue.

Fixes:
http://autobuild.buildroot.net/results/3c5/3c5b1d799dce3ba361d618330c242bf4eba76019/
http://autobuild.buildroot.net/results/09f/09f350b62e2486404b78222dce211400bb233000/
http://autobuild.buildroot.net/results/693/693960ed7c01622c756dcc929e83b3b713c16ccc/

Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f308e4420f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:55:51 +02:00
Baruch Siach 3f9fedb217 librsvg: security bump to version 2.40.18
http://ftp.gnome.org/pub/gnome/sources/librsvg/2.40/librsvg-2.40.18.news

CVE-2017-11464 - Fix division-by-zero in the Gaussian blur code.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b76a15ed14)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:51:31 +02:00
Baruch Siach b758567fc9 librsvg: update homepage link
The SF page redirects to gnome.org.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a81979758d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:50:52 +02:00
Charles Hardin 80c457604f package/python-service-identity: the attrs distribution is required
Apparently the service identify code requires the python attrs
to be availabe:

Traceback (most recent call last):
  File "/opt/exablox/bin/configsrv", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3138, in <module>
    @_call_aside
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3124, in _call_aside
    f(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3151, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 661, in _build_master
    ws.require(__requires__)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 962, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 849, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'attrs' distribution was not found and is required by service-identity

Signed-off-by: Charles Hardin <ckhardin@exablox.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 49229b157c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:45:25 +02:00
Fabio Estevam 66ceb5ba45 linux-headers: bump 4.{4, 9, 12}.x series
[Peter: Drop 4.12.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f43096034b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:32:12 +02:00
Adrián Pérez de Castro 904d5330a3 webkitgtk: Add patch for properly picking GL flags when building
This solves build failures caused by WebKit trying to include X11 headers
when support for X11 is disabled in Mesa3D. A common situation is when
configuring both GTK+ and WebKitGTK+ only with Wayland support.

Once the fix for https://bugs.webkit.org/show_bug.cgi?id=175125 makes it
into a release, the patch can be dropped.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c2da653d08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 09:02:17 +02:00
Adrián Pérez de Castro 6a1fa08095 webkitgtk: Add upstream patch needed for builds with ENABLE_VIDEO=OFF
This includes a slightly modified version of the patch for bug
https://bugs.webkit.org/show_bug.cgi?id=174940

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f2b9399c76)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 09:01:41 +02:00
Adrián Pérez de Castro a0658ea000 webkitgtk: Allow building with BR2_PACKAGE_WEBKITGTK_MULTIMEDIA disabled
Explicitly pass "-DENABLE_MEDIA_STREAM=OFF" to CMake, to workaround a
missing feature dependency in the WebKitGTK+ build files.

Related upstream bug: https://bugs.webkit.org/show_bug.cgi?id=174940

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9aceb8bfa8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 09:00:52 +02:00
Adrián Pérez de Castro 075494dd3f webkitgtk: Add patches which allow building for ARMv8-A
The two added patches allow building WebKitGTK+ when the compiler
scpecifically targets ARMv8-A, and reports as such be pre-defining
__ARCH_ARM_8A__ instead of just __ARCH_ARM_8__. Both patches were
pulled from the corresponding upstream bug reports and edited to
remove the conflicting parts which edit the ChangeLog files.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3e4efb30f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 09:00:29 +02:00
Yegor Yefremov ef7ff0f445 python-libconfig: fix Python3 build
boost_python library is named boost_python3, if boost is built
under Python3 environment. The patch fixes setup.py accordingly.

Fixes:
http://autobuild.buildroot.net/results/975/97533965180436c2f7a99de07fdc360ef57f84b0
http://autobuild.buildroot.net/results/b49/b49de32704f0f7ce5a610cf4363c6dcc2d8bafa1
http://autobuild.buildroot.net/results/e26/e26b4b9b486c582fb55826817a3428569968320f

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3cd8023c73)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:57:52 +02:00
Marcus Hoffmann 0e1d908376 package/pkg-kconfig.mk: fix typo in comment
Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 412a872e21)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:46:09 +02:00
Ryan Coe e0b2bd6dff mariadb: security bump version to 10.1.26
Release notes: https://mariadb.com/kb/en/mariadb-10126-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10126-changelog/

Fixes the following security vulnerabilities:

CVE-2017-3636 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client programs). Supported versions that are affected are
5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability
allows low privileged attacker with logon to the infrastructure where MySQL
Server executes to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Server accessible data as well as unauthorized read access to
a subset of MySQL Server accessible data and unauthorized ability to cause
a partial denial of service (partial DOS) of MySQL Server.

CVE-2017-3641 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily
exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause
a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2017-3653 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult
to exploit vulnerability allows low privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized update, insert or delete
access to some of MySQL Server accessible data.

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ff0cf723b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:43:29 +02:00
Adam Duskett 0813899c43 host-mariadb: compile against bundled yassl
On Fedora26, openssl 1.1.x is included by default.  This causes build
errors when building the host variant of mariadb.

Adding -DWITH_SSL=bundled fixes this issue.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 6103ce335a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:43:13 +02:00
Ryan Coe 21e5d6a6a7 mariadb: bump version to 10.1.25
release notes: https://mariadb.com/kb/en/mariadb-10125-release-notes/
changelog: https://mariadb.com/kb/en/mariadb-10125-changelog/

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5ec9bd15f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:43:04 +02:00
458 changed files with 5407 additions and 2105 deletions
+140
View File
@@ -1,3 +1,143 @@
2017.02.11, Released April 11th, 2018
Important / security related fixes.
dependencies: Blacklist tar 1.30+ and build our own host-tar
if needed as tar 1.30+ changed the --numeric-owner output for
long path names. Build host-tar before other host-dependencies
as they need it to extract their source tarballs.
Updated/fixed packages: apache, busybox, clamav, dhcp,
dnsmasq, dovecot, exim, imagemagick, irssi, jq, libcurl,
libpjsip, librsvg, libtasn1, libvorbis, libxml2, lz4, mariadb,
mbedtls, mosquitto, ntp, openblas, opencv3, openssl, patch,
postgresql, python-webpy, qt53d, qt5tools, quagga, rsync,
samba4, sngrep, tremor, wavpack, wireshark, xerces, xterm
Issues resolved (http://bugs.uclibc.org):
#10856: openblas on qemu_x86_64_defconfig fails with "sgemm_..
2017.02.10, Released January 31st, 2018
Important / security related fixes.
nconfig: Fix for ncurses/ncursesw linking issue causing crashes.
System: Only show getty options when busybox init or sysvinit
are used.
Infrastructure: Fix build issue for autotools based packages
checking for C++ support on toolchains without C++ support and
on a distro lacking /lib/cpp (E.G. Arch Linux).
Updated/fixed packages: avahi, berkeleydb, bind, busybox,
ccache, clamav, coreutils, dovecot, eeprog, eudev, fis,
intel-microcode, iputils, irssi, kmsxx, liberation, libiio,
lz4, mariadb, matchbox-lib, mcookie, openocd, php, pound,
rpcbind, squid, tar, ti-cgt-pru, transmission, util-linux,
webkitgtk, wireshark, xen
Issues resolved (http://bugs.buildroot.org):
#9996: lz4 package does not install lz4 binaries in target
#10176: Rsyslog's S01logging is deleted by Busybox.mk from...
#10216: package/x11r7/mcookie/mcookie.c:207: bad size ?
#10301: systemd/getty unused options
#10331: kmsxx, host installation fails with BR2_SHARED_...
#10536: Finding non-relative paths in the ccache
#10641: avahi-autoipd not starting when using systemd-tmpfiles
2017.02.9, Released January 1st, 2018
Important / security related fixes.
Fix divide by zero issue in size-stats script.
Fix makefile include ordering issue with certain make versions
in the external toolchain handling.
Updated/fixed packages: dhcp, exim, flann, gdb, heimdal,
libcue, libcurl, libevent, libpqxx, libsoxr, linphone, lldpd,
mariadb, mfgtools, mtools, nodejs, nut, openssl, rsync,
samba4, tor, vlc, webkitgtk, wireshark, xfsprogs,
xlib_libXcursor, xlib_libXfont, xlib_libXfont2
2017.02.8, Released November 27th, 2017
Important / security related fixes.
Qt: 5.6 version updated to 5.6.3.
Reproducible: Do not override SOURCE_DATE_EPOCH if already set
in the environment.
Updated/fixed packages: apr, apr-util, arqp-standalone,
collectd, dvb-apps, ffmpeg, google-breakpad, gstreamer,
imagemagick, libfastjson, libglib2, libpjsip, libplist,
localedef, luajit, mesa3d, openssh, openssl, postgresql,
python3, python-pyqt5, qt5base, qt5canvas3d, qt5connectivity,
qt5declarative, qt5engineio, qt5graphicaleffects,
qt5imageformats, qt5location, qt5multimedia, qt5quickcontrols,
qt5quickcontrols2, qt5script, qt5sensors, qt5serialbus,
qt5serialport, qt5svg, qt5tools, qt5webchannel, qt5webkit,
qt5websockets, qt5x11extras, qt5xmlpatterns, quagga, ruby,
samba4, snmppp, ti-gfx, vboot-utils, webkitgtk, wireshark,
xapp_xdriinfo.
Issues resolved (http://bugs.buildroot.org):
10326: mesa3d package fails to build when BR2_SHARED_STATIC_LIBS=y
10361: python3 python-config script generates invalid includes
10501: host-localedef fails to compile on Ubuntu 17.10
2017.02.7, Released October 28th, 2017
Important / security related fixes.
Webkitgtk bumped to the 2.18.x series, fixing a large number
of security issues.
Defconfigs: wandboard: Correct rootfs offset
Toolchain: Linaro toolchains updated to 2017.08 release,
fixing a number of issues. Musl: fix for CVE-2017-15650.
Updated/fixed packages: busybox, bzip2, dnsmasq, git, go,
hostapd, irssi, iucode-tool, lame, libcurl, libffi, libnspr,
libnss, nodejs, openssh, openvpn, qemu, qt, redis, sdl2,
webkitgtk, wget, wpa_supplicant, xen, xlib_libXfont,
xlib_libXfont2, xserver_xorg-server
2017.02.6, Released September 24th, 2017
Important / security related fixes.
Cmake: Ensure correct pkg-config is used when building host
packages
fs/iso9660: Ensure files from earlier builds are not included.
Updated/fixed packages: apache, bcusdk, bind, binutils,
bluez5_utils, botan, cmake, connman, dbus, dialog, e2fsprogs,
faad2, fakeroot, ffmpeg, file, flashrom, gcc, gd, gdb,
gdk-pixbuf, git, gnupg, gpsd, grub2, gst1-plugins-bad,
imagemagick, iostat, iucode-tool, jack2, libarchive, libcurl,
libgcrypt, libidn, libphidget, librsync, librsvg, libsoup,
libxml2, linux-tools, lua, mariadb, mbedtls, mediastreamer,
minidlna, netplug, nss-pam-ldapd, nvidia-driver, openjpeg,
postgresql, proxychains-ng, python-libconfig,
python-service-identity, qt, rpcbind, ruby, samba4, squashfs,
squid, strongswan, subversion, supervisor, sysvinit, tcpdump,
tor, transmission, unrar, valgrind, vim, webkitgtk, whois,
xen, zmqpp
Issues resolved (http://bugs.buildroot.org):
#10141: Squashfs extended attribute failures
#10261: Grub2 fails to build for x86_64
#10276: BR2_PACKAGE_LINUX_TOOLS_GPIO fails for MIPS with...
2017.02.5, Released July 27th, 2017
Important / security related fixes.
+2 -1
View File
@@ -467,7 +467,7 @@ choice
config BR2_OPTIMIZE_0
bool "optimization level 0"
help
Do not optimize. This is the default.
Do not optimize.
config BR2_OPTIMIZE_1
bool "optimization level 1"
@@ -534,6 +534,7 @@ config BR2_OPTIMIZE_S
-falign-loops -falign-labels -freorder-blocks
-freorder-blocks-and-partition -fprefetch-loop-arrays
-ftree-vect-loop-version
This is the default.
endchoice
+1
View File
@@ -1624,6 +1624,7 @@ F: package/libinput/
F: package/libiscsi/
F: package/libseccomp/
F: package/linux-tools/
F: package/matchbox*
F: package/mesa3d-headers/
F: package/mke2img/
F: package/nut/
+9 -7
View File
@@ -2,7 +2,7 @@
#
# Copyright (C) 1999-2005 by Erik Andersen <andersen@codepoet.org>
# Copyright (C) 2006-2014 by the Buildroot developers <buildroot@uclibc.org>
# Copyright (C) 2014-2017 by the Buildroot developers <buildroot@buildroot.org>
# Copyright (C) 2014-2018 by the Buildroot developers <buildroot@buildroot.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -86,9 +86,9 @@ else # umask / $(CURDIR) / $(O)
all:
# Set and export the version string
export BR2_VERSION := 2017.02.5
export BR2_VERSION := 2017.02.11
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1501100000
BR2_VERSION_EPOCH = 1523473000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -253,7 +253,7 @@ export LANG = C
export LC_ALL = C
export GZIP = -n
BR2_VERSION_GIT_EPOCH = $(shell GIT_DIR=$(TOPDIR)/.git $(GIT) log -1 --format=%at)
export SOURCE_DATE_EPOCH = $(if $(wildcard $(TOPDIR)/.git),$(BR2_VERSION_GIT_EPOCH),$(BR2_VERSION_EPOCH))
export SOURCE_DATE_EPOCH ?= $(if $(wildcard $(TOPDIR)/.git),$(BR2_VERSION_GIT_EPOCH),$(BR2_VERSION_EPOCH))
DEPENDENCIES_HOST_PREREQ += host-fakedate
endif
@@ -481,8 +481,10 @@ include Makefile.legacy
include package/Makefile.in
include support/dependencies/dependencies.mk
include toolchain/*.mk
include toolchain/*/*.mk
PACKAGES += $(DEPENDENCIES_HOST_PREREQ)
include $(sort $(wildcard toolchain/*.mk))
include $(sort $(wildcard toolchain/*/*.mk))
# Include the package override file if one has been provided in the
# configuration.
@@ -1069,7 +1071,7 @@ print-version:
@echo $(BR2_VERSION_FULL)
include docs/manual/manual.mk
-include $(foreach dir,$(BR2_EXTERNAL_DIRS),$(dir)/docs/*/*.mk)
-include $(foreach dir,$(BR2_EXTERNAL_DIRS),$(sort $(wildcard $(dir)/docs/*/*.mk)))
.PHONY: $(noconfig_targets)
+1
View File
@@ -26,6 +26,7 @@ image sdcard.img {
partition rootfs {
partition-type = 0x83
image = "rootfs.ext4"
offset = 1M
size = 512M
}
}
+1 -1
View File
@@ -53,7 +53,7 @@ GRUB2_CONF_ENV = \
$(HOST_CONFIGURE_OPTS) \
CPP="$(HOSTCC) -E" \
TARGET_CC="$(TARGET_CC)" \
TARGET_CFLAGS="$(TARGET_CFLAGS)" \
TARGET_CFLAGS="$(TARGET_CFLAGS) -fno-stack-protector" \
TARGET_CPPFLAGS="$(TARGET_CPPFLAGS)" \
TARGET_LDFLAGS="$(TARGET_LDFLAGS)" \
NM="$(TARGET_NM)" \
+2 -2
View File
@@ -199,7 +199,7 @@ and to the kernel configuration file as follows (e.g. by running
----
BR2_GLOBAL_PATCH_DIR=$(BR2_EXTERNAL_BAR_42_PATH)/patches/
BR2_ROOTFS_OVERLAY=$(BR2_EXTERNAL_BAR_42_PATH)/board/<boardname>/overlay/
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=$(BR2_EXTERNAL_BAR_42_FOO)/board/<boardname>/kernel.config
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=$(BR2_EXTERNAL_BAR_42_PATH)/board/<boardname>/kernel.config
----
===== Example layout
@@ -263,7 +263,7 @@ illustration, of course):
| |BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_BAR_42_PATH)/patches/"
| |BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_BAR_42_PATH)/board/my-board/overlay/"
| |BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_BAR_42_PATH)/board/my-board/post-image.sh"
| |BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_BAR_42_FOO)/board/my-board/kernel.config"
| |BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_BAR_42_PATH)/board/my-board/kernel.config"
| `----
|
|- patches/linux/0001-some-change.patch
+1 -1
View File
@@ -12,7 +12,7 @@ It is licensed under the GNU General Public License, version 2. Refer to the
http://git.buildroot.org/buildroot/tree/COPYING[COPYING] file in the Buildroot
sources for the full text of this license.
Copyright (C) 2004-2017 The Buildroot developers
Copyright (C) 2004-2018 The Buildroot developers
image::logo.png[]
+5 -5
View File
@@ -50,11 +50,11 @@ BUSYBOX_OVERRIDE_SRCDIR = /home/bob/busybox/
When Buildroot finds that for a given package, an
+<pkg>_OVERRIDE_SRCDIR+ has been defined, it will no longer attempt to
download, extract and patch the package. Instead, it will directly use
the source code available in in the specified directory and +make
clean+ will not touch this directory. This allows to point Buildroot
to your own directories, that can be managed by Git, Subversion, or
any other version control system. To achieve this, Buildroot will use
_rsync_ to copy the source code of the component from the specified
the source code available in the specified directory and +make clean+
will not touch this directory. This allows to point Buildroot to your
own directories, that can be managed by Git, Subversion, or any other
version control system. To achieve this, Buildroot will use _rsync_ to
copy the source code of the component from the specified
+<pkg>_OVERRIDE_SRCDIR+ to +output/build/<package>-custom/+.
This mechanism is best used in conjunction with the +make
+1 -1
View File
@@ -1,6 +1,6 @@
The code and graphics on this website (and it's mirror sites, if any) are
Copyright (c) 1999-2005 by Erik Andersen, 2006-2014 The Buildroot
Copyright (c) 1999-2005 by Erik Andersen, 2006-2018 The Buildroot
developers. All rights reserved.
Documents on this Web site including their graphical elements, design, and
+1
View File
@@ -40,6 +40,7 @@ define ROOTFS_ISO9660_CREATE_TEMPDIR
$(RM) -rf $(ROOTFS_ISO9660_TARGET_DIR)
mkdir -p $(ROOTFS_ISO9660_TARGET_DIR)
endef
ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_CREATE_TEMPDIR
else
ROOTFS_ISO9660_TARGET_DIR = $(TARGET_DIR)
endif
+1 -1
View File
@@ -267,7 +267,7 @@ endchoice
choice
prompt "Kernel compression format"
help
This selection will just ensure that the correct host tools are build.
This selection will just ensure that the correct host tools are built.
The actual compression for the kernel should be selected in the
kernel configuration menu.
+1 -1
View File
@@ -388,7 +388,7 @@ DISABLE_NLS :=--disable-nls
endif
ifneq ($(BR2_INSTALL_LIBSTDCPP),y)
TARGET_CONFIGURE_OPTS += CXX=false
TARGET_CONFIGURE_OPTS += CXX=false CXXCPP=cpp
endif
ifeq ($(BR2_STATIC_LIBS),y)
+3 -2
View File
@@ -1,2 +1,3 @@
# From http://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha256
sha256 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a httpd-2.4.27.tar.bz2
# From http://archive.apache.org/dist/httpd/httpd-2.4.33.tar.bz2.sha256
sha256 de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05 httpd-2.4.33.tar.bz2
sha256 c49c0819a726b70142621715dae3159c47b0349c2bc9db079070f28dadac0229 LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
APACHE_VERSION = 2.4.27
APACHE_VERSION = 2.4.33
APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
APACHE_SITE = http://archive.apache.org/dist/httpd
APACHE_LICENSE = Apache-2.0
+4 -2
View File
@@ -1,2 +1,4 @@
# From http://archive.apache.org/dist/apr/apr-util-1.5.4.tar.gz.sha1
sha1 72cc3ac693b52fb831063d5c0de18723bc8e0095 apr-util-1.5.4.tar.gz
# From http://www.apache.org/dist/apr/apr-util-1.6.1.tar.bz2.sha256
sha256 d3e12f7b6ad12687572a3a39475545a072608f4ba03a6ce8a3778f607dd0035b apr-util-1.6.1.tar.bz2
# Locally calculated
sha256 ef5609d18601645ad6fe22c6c122094be40e976725c1d0490778abacc836e7a2 LICENSE
+2 -1
View File
@@ -4,7 +4,8 @@
#
################################################################################
APR_UTIL_VERSION = 1.5.4
APR_UTIL_VERSION = 1.6.1
APR_UTIL_SOURCE = apr-util-$(APR_UTIL_VERSION).tar.bz2
APR_UTIL_SITE = http://archive.apache.org/dist/apr
APR_UTIL_LICENSE = Apache-2.0
APR_UTIL_LICENSE_FILES = LICENSE
+3 -3
View File
@@ -42,10 +42,10 @@ diff -uNr apr-1.5.1.org/Makefile.in apr-1.5.1/Makefile.in
# get substituted into some targets
APR_MAJOR_VERSION=@APR_MAJOR_VERSION@
@@ -134,8 +136,13 @@
@@ -134,8 +134,13 @@
$(APR_MKDIR) tools
$(LT_COMPILE)
OBJECTS_gen_test_char = tools/gen_test_char.lo $(LOCAL_LIBS)
tools/gen_test_char.lo: make_tools_dir
+ifdef CC_FOR_BUILD
+tools/gen_test_char@EXEEXT@: tools/gen_test_char.c $(LOCAL_LIBS)
+ $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) -DCROSS_COMPILE -o $@ $<
+4 -2
View File
@@ -1,2 +1,4 @@
# From http://archive.apache.org/dist/apr/apr-1.5.1.tar.gz.sha1
sha1 9caa83e3f50f3abc9fab7c4a3f2739a12b14c3a3 apr-1.5.1.tar.gz
# From http://www.apache.org/dist/apr/apr-1.6.3.tar.bz2.sha256
sha256 131f06d16d7aabd097fa992a33eec2b6af3962f93e6d570a9bd4d85e95993172 apr-1.6.3.tar.bz2
# Locally calculated
sha256 f854aeef66ecd55a126226e82b3f26793fc3b1c584647f6a0edc5639974c38ad LICENSE
+2 -1
View File
@@ -4,7 +4,8 @@
#
################################################################################
APR_VERSION = 1.5.1
APR_VERSION = 1.6.3
APR_SOURCE = apr-$(APR_VERSION).tar.bz2
APR_SITE = http://archive.apache.org/dist/apr
APR_LICENSE = Apache-2.0
APR_LICENSE_FILES = LICENSE
@@ -66,15 +66,3 @@ index e797b11..828f435 100644
/* Internal routines. */
extern void _argp_fmtstream_update (argp_fmtstream_t __fs);
@@ -216,7 +220,11 @@
#endif
#ifndef ARGP_FS_EI
+#if defined(__GNUC__) && !defined(__GNUC_STDC_INLINE__)
#define ARGP_FS_EI extern inline
+#else
+#define ARGP_FS_EI inline
+#endif
#endif
ARGP_FS_EI size_t
+1 -1
View File
@@ -10,7 +10,7 @@ ARGP_STANDALONE_INSTALL_STAGING = YES
ARGP_STANDALONE_LICENSE = LGPLv2+
ARGP_STANDALONE_CONF_ENV = \
CFLAGS="$(TARGET_CFLAGS) -fPIC"
CFLAGS="$(TARGET_CFLAGS) -fPIC -fgnu89-inline"
define ARGP_STANDALONE_INSTALL_STAGING_CMDS
$(INSTALL) -D $(@D)/libargp.a $(STAGING_DIR)/usr/lib/libargp.a
+1 -1
View File
@@ -1 +1 @@
d /tmp/avahi-autopid 0755 avahi avahi
d /tmp/avahi-autoipd 0755 avahi avahi
@@ -0,0 +1,35 @@
From 6bd1b4958e949d83468e053c34bf6c89d14d687a Mon Sep 17 00:00:00 2001
From: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Date: Fri, 25 Aug 2017 23:01:14 +0200
Subject: [PATCH] eibd: drop local clock_gettime in USB backends
clock_gettime is defined locally, and calls pth_int_time, which
in turn calls clock_gettime.
The USB backend shouldn't overrule clock_gettime in the first place.
This patch fixes this endless recursion by removing the local defition.
Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
---
eibd/usb/linux_usbfs.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/eibd/usb/linux_usbfs.c b/eibd/usb/linux_usbfs.c
index c3ec410..957b908 100644
--- a/eibd/usb/linux_usbfs.c
+++ b/eibd/usb/linux_usbfs.c
@@ -52,12 +52,6 @@ int pthread_mutex_trylock(pthread_mutex_t *mutex)
return 0;
}
-int clock_gettime(clockid_t clk_id, struct timespec *tp)
-{
- pth_int_time (tp);
- return 0;
-}
-
/* sysfs vs usbfs:
* opening a usbfs node causes the device to be resumed, so we attempt to
* avoid this during enumeration.
--
1.8.5.rc3
@@ -0,0 +1,21 @@
Do not access DB_CONFIG when db_home is not set
Fixes CVE-2017-10140:
https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9
Downloaded from
http://pkgs.fedoraproject.org/cgit/rpms/libdb.git/commit/?id=8047fa8580659fcae740c25e91b490539b8453eb
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
--- db-5.3.28/src/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200
+++ db-5.3.28/src/env/env_open.c 2017-06-26 10:32:46.893721233 +0200
@@ -473,7 +473,7 @@
env->db_mode = mode == 0 ? DB_MODE_660 : mode;
/* Read the DB_CONFIG file. */
- if ((ret = __env_read_db_config(env)) != 0)
+ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
return (ret);
/*
+1
View File
@@ -1,2 +1,3 @@
# Locally calculated
sha256 76a25560d9e52a198d37a31440fd07632b5f1f8f9f2b6d5438f4bc3e7c9013ef db-5.3.28.NC.tar.gz
sha256 b78815181a53241f9347c6b47d1031fd669946f863e1edc807a291354cec024b LICENSE
+2 -2
View File
@@ -1,3 +1,3 @@
# Verified from http://ftp.isc.org/isc/bind9/9.11.1-P3/bind-9.11.1-P3.tar.gz.sha256.asc
sha256 52426e75432e46996dc90f24fca027805a341c38fbbb022b60dc9acd2677ccf4 bind-9.11.1-P3.tar.gz
# Verified from http://ftp.isc.org/isc/bind9/9.11.2-P1/bind-9.11.2-P1.tar.gz.sha256.asc
sha256 cec31548832fca3f85d95178d4019b7d702039e8595d4c93914feba337df1212 bind-9.11.2-P1.tar.gz
sha256 d3906dfe153e2c48440d3ca1d5319f5e89b4b820cdfc5d0779c23d7ac2b175e9 COPYRIGHT
+3 -2
View File
@@ -4,8 +4,8 @@
#
################################################################################
BIND_VERSION = 9.11.1-P3
BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION)
BIND_VERSION = 9.11.2-P1
BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
# bind does not support parallel builds.
BIND_MAKE = $(MAKE1)
BIND_INSTALL_STAGING = YES
@@ -24,6 +24,7 @@ BIND_CONF_ENV = \
BUILD_CC="$(TARGET_CC)" \
BUILD_CFLAGS="$(TARGET_CFLAGS)"
BIND_CONF_OPTS = \
--without-lmdb \
--with-libjson=no \
--with-randomdev=/dev/urandom \
--enable-epoll \
@@ -0,0 +1,42 @@
From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Wed, 2 Aug 2017 00:36:05 -0700
Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.
They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
change should not affect processing of valid assembly/binary code.
bfd/
2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
entries for sysregs with negative indices.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
bfd/xtensa-isa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
index 8da75bea8109..8c6ee88fdeae 100644
--- a/bfd/xtensa-isa.c
+++ b/bfd/xtensa-isa.c
@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
xtensa_sysreg_internal *sreg = &isa->sysregs[n];
is_user = sreg->is_user;
- isa->sysreg_table[is_user][sreg->number] = n;
+ if (sreg->number >= 0)
+ isa->sysreg_table[is_user][sreg->number] = n;
}
/* Set up the interface lookup table. */
--
2.1.4
@@ -0,0 +1,42 @@
From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Wed, 2 Aug 2017 00:36:05 -0700
Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.
They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
change should not affect processing of valid assembly/binary code.
bfd/
2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
entries for sysregs with negative indices.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
bfd/xtensa-isa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
index 8da75bea8109..8c6ee88fdeae 100644
--- a/bfd/xtensa-isa.c
+++ b/bfd/xtensa-isa.c
@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
xtensa_sysreg_internal *sreg = &isa->sysregs[n];
is_user = sreg->is_user;
- isa->sysreg_table[is_user][sreg->number] = n;
+ if (sreg->number >= 0)
+ isa->sysreg_table[is_user][sreg->number] = n;
}
/* Set up the interface lookup table. */
--
2.1.4
@@ -0,0 +1,42 @@
From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Wed, 2 Aug 2017 00:36:05 -0700
Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.
They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
change should not affect processing of valid assembly/binary code.
bfd/
2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
entries for sysregs with negative indices.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
bfd/xtensa-isa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
index 8da75bea8109..8c6ee88fdeae 100644
--- a/bfd/xtensa-isa.c
+++ b/bfd/xtensa-isa.c
@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
xtensa_sysreg_internal *sreg = &isa->sysregs[n];
is_user = sreg->is_user;
- isa->sysreg_table[is_user][sreg->number] = n;
+ if (sreg->number >= 0)
+ isa->sysreg_table[is_user][sreg->number] = n;
}
/* Set up the interface lookup table. */
--
2.1.4
@@ -0,0 +1,29 @@
From 9e009647b14e810e06626dde7f1bb9ea3c375d09 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Wed, 13 Sep 2017 10:01:40 +0300
Subject: [PATCH] sdp: Fix Out-of-bounds heap read in service_search_attr_req
function
Check if there is enough data to continue otherwise return an error.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/sdpd-request.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sdpd-request.c b/src/sdpd-request.c
index 1eefdce1a..318d04467 100644
--- a/src/sdpd-request.c
+++ b/src/sdpd-request.c
@@ -917,7 +917,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
} else {
/* continuation State exists -> get from cache */
sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
- if (pCache) {
+ if (pCache && cstate->cStateValue.maxBytesSent < pCache->data_size) {
uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
pResponse = pCache->data;
memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
--
2.11.0
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
sha256 23ec973d4b4a4fe04f490d409e08ac5638afe3aa09acd7f520daaff38ba19b90 Botan-1.10.13.tgz
sha256 6c5472401d06527e87adcb53dd270f3c9b1fb688703b04dd7a7cfb86289efe52 Botan-1.10.16.tgz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
BOTAN_VERSION = 1.10.13
BOTAN_VERSION = 1.10.16
BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tgz
BOTAN_SITE = http://botan.randombit.net/releases
BOTAN_LICENSE = BSD-2c
@@ -0,0 +1,27 @@
From 2b400d9b2b7309d6e479102fc3ce646e893058a5 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon, 18 Sep 2017 13:09:11 +0200
Subject: [PATCH] httpd: fix handling of range requests
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
networking/httpd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/networking/httpd.c b/networking/httpd.c
index e072f23c7..5e32fc936 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2337,7 +2337,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
if (STRNCASECMP(iobuf, "Range:") == 0) {
/* We know only bytes=NNN-[MMM] */
char *s = skip_whitespace(iobuf + sizeof("Range:")-1);
- if (is_prefixed_with(s, "bytes=") == 0) {
+ if (is_prefixed_with(s, "bytes=")) {
s += sizeof("bytes=")-1;
range_start = BB_STRTOOFF(s, &s, 10);
if (s[0] != '-' || range_start < 0) {
--
2.11.0
@@ -0,0 +1,101 @@
From 0402cb32df015d9372578e3db27db47b33d5c7b0 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Sun, 22 Oct 2017 18:23:23 +0200
Subject: [PATCH] bunzip2: fix runCnt overflow from bug 10431
This particular corrupted file can be dealth with by using "unsigned".
If there will be cases where it genuinely overflows, there is a disabled
code to deal with that too.
function old new delta
get_next_block 1678 1667 -11
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit 0402cb32df0
archival/libarchive/decompress_bunzip2.c | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
diff --git a/archival/libarchive/decompress_bunzip2.c b/archival/libarchive/decompress_bunzip2.c
index 7cd18f5ed4cf..bec89edd3a4d 100644
--- a/archival/libarchive/decompress_bunzip2.c
+++ b/archival/libarchive/decompress_bunzip2.c
@@ -156,15 +156,15 @@ static unsigned get_bits(bunzip_data *bd, int bits_wanted)
static int get_next_block(bunzip_data *bd)
{
struct group_data *hufGroup;
- int dbufCount, dbufSize, groupCount, *base, *limit, selector,
- i, j, runPos, symCount, symTotal, nSelectors, byteCount[256];
- int runCnt = runCnt; /* for compiler */
+ int groupCount, *base, *limit, selector,
+ i, j, symCount, symTotal, nSelectors, byteCount[256];
uint8_t uc, symToByte[256], mtfSymbol[256], *selectors;
uint32_t *dbuf;
unsigned origPtr, t;
+ unsigned dbufCount, runPos;
+ unsigned runCnt = runCnt; /* for compiler */
dbuf = bd->dbuf;
- dbufSize = bd->dbufSize;
selectors = bd->selectors;
/* In bbox, we are ok with aborting through setjmp which is set up in start_bunzip */
@@ -187,7 +187,7 @@ static int get_next_block(bunzip_data *bd)
it didn't actually work. */
if (get_bits(bd, 1)) return RETVAL_OBSOLETE_INPUT;
origPtr = get_bits(bd, 24);
- if ((int)origPtr > dbufSize) return RETVAL_DATA_ERROR;
+ if (origPtr > bd->dbufSize) return RETVAL_DATA_ERROR;
/* mapping table: if some byte values are never used (encoding things
like ascii text), the compression code removes the gaps to have fewer
@@ -435,7 +435,14 @@ static int get_next_block(bunzip_data *bd)
symbols, but a run of length 0 doesn't mean anything in this
context). Thus space is saved. */
runCnt += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */
- if (runPos < dbufSize) runPos <<= 1;
+//The 32-bit overflow of runCnt wasn't yet seen, but probably can happen.
+//This would be the fix (catches too large count way before it can overflow):
+// if (runCnt > bd->dbufSize) {
+// dbg("runCnt:%u > dbufSize:%u RETVAL_DATA_ERROR",
+// runCnt, bd->dbufSize);
+// return RETVAL_DATA_ERROR;
+// }
+ if (runPos < bd->dbufSize) runPos <<= 1;
goto end_of_huffman_loop;
}
@@ -445,14 +452,15 @@ static int get_next_block(bunzip_data *bd)
literal used is the one at the head of the mtfSymbol array.) */
if (runPos != 0) {
uint8_t tmp_byte;
- if (dbufCount + runCnt > dbufSize) {
- dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR",
- dbufCount, runCnt, dbufCount + runCnt, dbufSize);
+ if (dbufCount + runCnt > bd->dbufSize) {
+ dbg("dbufCount:%u+runCnt:%u %u > dbufSize:%u RETVAL_DATA_ERROR",
+ dbufCount, runCnt, dbufCount + runCnt, bd->dbufSize);
return RETVAL_DATA_ERROR;
}
tmp_byte = symToByte[mtfSymbol[0]];
byteCount[tmp_byte] += runCnt;
- while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte;
+ while ((int)--runCnt >= 0)
+ dbuf[dbufCount++] = (uint32_t)tmp_byte;
runPos = 0;
}
@@ -466,7 +474,7 @@ static int get_next_block(bunzip_data *bd)
first symbol in the mtf array, position 0, would have been handled
as part of a run above. Therefore 1 unused mtf position minus
2 non-literal nextSym values equals -1.) */
- if (dbufCount >= dbufSize) return RETVAL_DATA_ERROR;
+ if (dbufCount >= bd->dbufSize) return RETVAL_DATA_ERROR;
i = nextSym - 1;
uc = mtfSymbol[i];
--
2.15.1
@@ -0,0 +1,34 @@
From 9ac42c500586fa5f10a1f6d22c3f797df11b1f6b Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Fri, 27 Oct 2017 15:37:03 +0200
Subject: [PATCH] unlzma: fix SEGV, closes 10436
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit 9ac42c500586f
archival/libarchive/decompress_unlzma.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
index a9040877efa0..be4342414435 100644
--- a/archival/libarchive/decompress_unlzma.c
+++ b/archival/libarchive/decompress_unlzma.c
@@ -450,8 +450,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
IF_NOT_FEATURE_LZMA_FAST(string:)
do {
uint32_t pos = buffer_pos - rep0;
- if ((int32_t)pos < 0)
+ if ((int32_t)pos < 0) {
pos += header.dict_size;
+ /* bug 10436 has an example file where this triggers: */
+ if ((int32_t)pos < 0)
+ goto bad;
+ }
previous_byte = buffer[pos];
IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
buffer[buffer_pos++] = previous_byte;
--
2.15.1
+108 -70
View File
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Busybox version: 1.26.0
# Thu Dec 29 21:13:55 2016
# Busybox version: 1.27.1
# Sun Jul 30 15:42:11 2017
#
CONFIG_HAVE_DOT_CONFIG=y
@@ -12,7 +12,6 @@ CONFIG_HAVE_DOT_CONFIG=y
# CONFIG_EXTRA_COMPAT is not set
CONFIG_INCLUDE_SUSv2=y
# CONFIG_USE_PORTABLE_CODE is not set
CONFIG_PLATFORM_LINUX=y
# CONFIG_SHOW_USAGE is not set
# CONFIG_FEATURE_VERBOSE_USAGE is not set
# CONFIG_FEATURE_COMPRESS_USAGE is not set
@@ -35,13 +34,14 @@ CONFIG_FEATURE_SUID=y
CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
CONFIG_FEATURE_SYSLOG=y
# CONFIG_FEATURE_HAVE_RPC is not set
CONFIG_PLATFORM_LINUX=y
#
# Build Options
#
CONFIG_STATIC=y
# CONFIG_PIE is not set
CONFIG_NOMMU=y
# CONFIG_NOMMU is not set
# CONFIG_BUILD_LIBBUSYBOX is not set
# CONFIG_FEATURE_INDIVIDUAL is not set
# CONFIG_FEATURE_SHARED_BUSYBOX is not set
@@ -89,7 +89,6 @@ CONFIG_MD5_SMALL=1
CONFIG_SHA3_SMALL=1
# CONFIG_FEATURE_FAST_TOP is not set
# CONFIG_FEATURE_ETC_NETWORKS is not set
CONFIG_FEATURE_USE_TERMIOS=y
CONFIG_FEATURE_EDITING=y
CONFIG_FEATURE_EDITING_MAX_LEN=1024
CONFIG_FEATURE_EDITING_VI=y
@@ -150,6 +149,7 @@ CONFIG_LZCAT=y
CONFIG_XZCAT=y
# CONFIG_XZ is not set
# CONFIG_BZIP2 is not set
CONFIG_FEATURE_BZIP2_DECOMPRESS=y
# CONFIG_CPIO is not set
# CONFIG_FEATURE_CPIO_O is not set
# CONFIG_FEATURE_CPIO_P is not set
@@ -159,6 +159,7 @@ CONFIG_XZCAT=y
# CONFIG_FEATURE_GZIP_LONG_OPTIONS is not set
CONFIG_GZIP_FAST=0
# CONFIG_FEATURE_GZIP_LEVELS is not set
CONFIG_FEATURE_GZIP_DECOMPRESS=y
# CONFIG_LZOP is not set
CONFIG_UNLZOP=y
CONFIG_LZOPCAT=y
@@ -166,26 +167,29 @@ CONFIG_LZOPCAT=y
# CONFIG_RPM2CPIO is not set
# CONFIG_RPM is not set
# CONFIG_TAR is not set
# CONFIG_FEATURE_TAR_LONG_OPTIONS is not set
# CONFIG_FEATURE_TAR_CREATE is not set
# CONFIG_FEATURE_TAR_AUTODETECT is not set
# CONFIG_FEATURE_TAR_FROM is not set
# CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY is not set
# CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY is not set
# CONFIG_FEATURE_TAR_GNU_EXTENSIONS is not set
# CONFIG_FEATURE_TAR_LONG_OPTIONS is not set
# CONFIG_FEATURE_TAR_TO_COMMAND is not set
# CONFIG_FEATURE_TAR_UNAME_GNAME is not set
# CONFIG_FEATURE_TAR_NOPRESERVE_TIME is not set
# CONFIG_FEATURE_TAR_SELINUX is not set
# CONFIG_UNZIP is not set
# CONFIG_FEATURE_UNZIP_CDF is not set
# CONFIG_FEATURE_UNZIP_BZIP2 is not set
# CONFIG_FEATURE_UNZIP_LZMA is not set
# CONFIG_FEATURE_UNZIP_XZ is not set
#
# Coreutils
#
CONFIG_BASENAME=y
# CONFIG_CAL is not set
CONFIG_CAT=y
CONFIG_CATV=y
CONFIG_FEATURE_CATV=y
CONFIG_CHGRP=y
CONFIG_CHMOD=y
CONFIG_CHOWN=y
@@ -222,6 +226,7 @@ CONFIG_ENV=y
# CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS is not set
CONFIG_EXPR=y
CONFIG_EXPR_MATH_SUPPORT_64=y
CONFIG_FACTOR=y
CONFIG_FALSE=y
CONFIG_FOLD=y
# CONFIG_FSYNC is not set
@@ -232,12 +237,14 @@ CONFIG_ID=y
# CONFIG_GROUPS is not set
CONFIG_INSTALL=y
CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y
CONFIG_LINK=y
CONFIG_LN=y
CONFIG_LOGNAME=y
CONFIG_LS=y
CONFIG_FEATURE_LS_FILETYPES=y
CONFIG_FEATURE_LS_FOLLOWLINKS=y
CONFIG_FEATURE_LS_RECURSIVE=y
CONFIG_FEATURE_LS_WIDTH=y
CONFIG_FEATURE_LS_SORTFILES=y
CONFIG_FEATURE_LS_TIMESTAMPS=y
CONFIG_FEATURE_LS_USERNAME=y
@@ -257,11 +264,15 @@ CONFIG_MKDIR=y
CONFIG_FEATURE_MKDIR_LONG_OPTIONS=y
CONFIG_MKFIFO=y
CONFIG_MKNOD=y
# CONFIG_MKTEMP is not set
CONFIG_MV=y
CONFIG_FEATURE_MV_LONG_OPTIONS=y
CONFIG_NICE=y
CONFIG_NL=y
CONFIG_NOHUP=y
CONFIG_NPROC=y
CONFIG_OD=y
CONFIG_PASTE=y
CONFIG_PRINTENV=y
CONFIG_PRINTF=y
CONFIG_PWD=y
@@ -272,6 +283,7 @@ CONFIG_RM=y
CONFIG_RMDIR=y
# CONFIG_FEATURE_RMDIR_LONG_OPTIONS is not set
CONFIG_SEQ=y
CONFIG_SHRED=y
# CONFIG_SHUF is not set
CONFIG_SLEEP=y
CONFIG_FEATURE_FANCY_SLEEP=y
@@ -296,6 +308,7 @@ CONFIG_TEST=y
CONFIG_TEST1=y
CONFIG_TEST2=y
CONFIG_FEATURE_TEST_64=y
# CONFIG_TIMEOUT is not set
CONFIG_TOUCH=y
# CONFIG_FEATURE_TOUCH_NODEREF is not set
CONFIG_FEATURE_TOUCH_SUSV3=y
@@ -317,6 +330,7 @@ CONFIG_WC=y
# CONFIG_FEATURE_WC_LARGE is not set
CONFIG_WHOAMI=y
CONFIG_WHO=y
CONFIG_W=y
# CONFIG_USERS is not set
CONFIG_YES=y
@@ -330,11 +344,6 @@ CONFIG_FEATURE_VERBOSE=y
#
CONFIG_FEATURE_PRESERVE_HARDLINKS=y
#
# Common options for ls, more and telnet
#
CONFIG_FEATURE_AUTOWIDTH=y
#
# Common options for df, du, ls
#
@@ -369,14 +378,13 @@ CONFIG_DEFAULT_SETFONT_DIR=""
#
# Debian Utilities
#
# CONFIG_MKTEMP is not set
# CONFIG_PIPE_PROGRESS is not set
CONFIG_RUN_PARTS=y
CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS=y
CONFIG_FEATURE_RUN_PARTS_FANCY=y
CONFIG_START_STOP_DAEMON=y
CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y
CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
CONFIG_WHICH=y
#
@@ -467,12 +475,10 @@ CONFIG_FEATURE_KILL_REMOVED=y
CONFIG_FEATURE_KILL_DELAY=0
CONFIG_FEATURE_INIT_SCTTY=y
CONFIG_FEATURE_INIT_SYSLOG=y
CONFIG_FEATURE_EXTRA_QUIET=y
CONFIG_FEATURE_INIT_QUIET=y
# CONFIG_FEATURE_INIT_COREDUMPS is not set
CONFIG_INIT_TERMINAL_TYPE="linux"
CONFIG_FEATURE_INIT_MODIFY_CMDLINE=y
CONFIG_MESG=y
CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
#
# Login/Password Management Utilities
@@ -511,6 +517,7 @@ CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
# CONFIG_SU is not set
# CONFIG_FEATURE_SU_SYSLOG is not set
# CONFIG_FEATURE_SU_CHECKS_SHELLS is not set
# CONFIG_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY is not set
# CONFIG_SULOGIN is not set
# CONFIG_VLOCK is not set
@@ -525,6 +532,7 @@ CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
#
# Linux Module Utilities
#
# CONFIG_MODPROBE_SMALL is not set
# CONFIG_DEPMOD is not set
# CONFIG_INSMOD is not set
# CONFIG_LSMOD is not set
@@ -532,22 +540,21 @@ CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
# CONFIG_MODINFO is not set
# CONFIG_MODPROBE is not set
# CONFIG_FEATURE_MODPROBE_BLACKLIST is not set
# CONFIG_MODPROBE_SMALL is not set
# CONFIG_FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE is not set
# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
# CONFIG_RMMOD is not set
#
# Options common to multiple modutils
#
# CONFIG_FEATURE_CMDLINE_MODULE_OPTIONS is not set
# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
# CONFIG_FEATURE_2_4_MODULES is not set
# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set
# CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set
# CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set
# CONFIG_FEATURE_INSMOD_LOADINKMEM is not set
# CONFIG_FEATURE_INSMOD_LOAD_MAP is not set
# CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set
# CONFIG_FEATURE_CHECK_TAINTED_MODULE is not set
# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set
# CONFIG_FEATURE_MODUTILS_ALIAS is not set
# CONFIG_FEATURE_MODUTILS_SYMBOLS is not set
CONFIG_DEFAULT_MODULES_DIR=""
@@ -562,8 +569,13 @@ CONFIG_DEFAULT_DEPMOD_FILE=""
# CONFIG_BLKID is not set
# CONFIG_FEATURE_BLKID_TYPE is not set
# CONFIG_BLOCKDEV is not set
# CONFIG_CAL is not set
# CONFIG_CHRT is not set
CONFIG_DMESG=y
CONFIG_FEATURE_DMESG_PRETTY=y
# CONFIG_EJECT is not set
# CONFIG_FEATURE_EJECT_SCSI is not set
CONFIG_FALLOCATE=y
# CONFIG_FATATTR is not set
# CONFIG_FBSET is not set
# CONFIG_FEATURE_FBSET_FANCY is not set
@@ -583,17 +595,22 @@ CONFIG_FEATURE_DMESG_PRETTY=y
# CONFIG_FDFLUSH is not set
CONFIG_FREERAMDISK=y
# CONFIG_FSCK_MINIX is not set
CONFIG_FSFREEZE=y
# CONFIG_FSTRIM is not set
CONFIG_GETOPT=y
CONFIG_FEATURE_GETOPT_LONG=y
# CONFIG_HEXDUMP is not set
# CONFIG_FEATURE_HEXDUMP_REVERSE is not set
# CONFIG_HD is not set
CONFIG_XXD=y
# CONFIG_HWCLOCK is not set
# CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS is not set
# CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS is not set
# CONFIG_IONICE is not set
# CONFIG_IPCRM is not set
# CONFIG_IPCS is not set
# CONFIG_LAST is not set
# CONFIG_FEATURE_LAST_FANCY is not set
# CONFIG_LOSETUP is not set
# CONFIG_LSPCI is not set
# CONFIG_LSUSB is not set
@@ -603,6 +620,8 @@ CONFIG_FEATURE_GETOPT_LONG=y
# CONFIG_FEATURE_MDEV_RENAME_REGEXP is not set
# CONFIG_FEATURE_MDEV_EXEC is not set
# CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set
CONFIG_MESG=y
CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
CONFIG_MKE2FS=y
# CONFIG_MKFS_EXT2 is not set
# CONFIG_MKFS_MINIX is not set
@@ -623,12 +642,14 @@ CONFIG_FEATURE_MOUNT_CIFS=y
CONFIG_FEATURE_MOUNT_FLAGS=y
CONFIG_FEATURE_MOUNT_FSTAB=y
CONFIG_FEATURE_MOUNT_OTHERTAB=y
# CONFIG_MOUNTPOINT is not set
# CONFIG_NSENTER is not set
# CONFIG_FEATURE_NSENTER_LONG_OPTS is not set
# CONFIG_PIVOT_ROOT is not set
# CONFIG_RDATE is not set
# CONFIG_RDEV is not set
# CONFIG_READPROFILE is not set
# CONFIG_RENICE is not set
# CONFIG_REV is not set
# CONFIG_RTCWAKE is not set
# CONFIG_SCRIPT is not set
@@ -636,15 +657,20 @@ CONFIG_FEATURE_MOUNT_OTHERTAB=y
# CONFIG_SETARCH is not set
CONFIG_LINUX32=y
CONFIG_LINUX64=y
CONFIG_SETPRIV=y
# CONFIG_SETSID is not set
CONFIG_SWAPON=y
# CONFIG_FEATURE_SWAPON_DISCARD is not set
# CONFIG_FEATURE_SWAPON_PRI is not set
CONFIG_SWAPOFF=y
# CONFIG_SWITCH_ROOT is not set
# CONFIG_TASKSET is not set
# CONFIG_FEATURE_TASKSET_FANCY is not set
# CONFIG_UEVENT is not set
CONFIG_UMOUNT=y
CONFIG_FEATURE_UMOUNT_ALL=y
# CONFIG_UNSHARE is not set
# CONFIG_WALL is not set
#
# Common options for mount/umount
@@ -694,7 +720,6 @@ CONFIG_FEATURE_BEEP_LENGTH_MS=0
# CONFIG_FEATURE_CHAT_SEND_ESCAPES is not set
# CONFIG_FEATURE_CHAT_VAR_ABORT_LEN is not set
# CONFIG_FEATURE_CHAT_CLR_ABORT is not set
# CONFIG_CHRT is not set
# CONFIG_CONSPY is not set
# CONFIG_CROND is not set
# CONFIG_FEATURE_CROND_D is not set
@@ -709,8 +734,6 @@ CONFIG_FEATURE_CROND_DIR=""
# CONFIG_DEVFSD_VERBOSE is not set
# CONFIG_FEATURE_DEVFS is not set
# CONFIG_DEVMEM is not set
# CONFIG_EJECT is not set
# CONFIG_FEATURE_EJECT_SCSI is not set
# CONFIG_FBSPLASH is not set
# CONFIG_FLASHCP is not set
# CONFIG_FLASH_ERASEALL is not set
@@ -728,9 +751,6 @@ CONFIG_FEATURE_CROND_DIR=""
# CONFIG_I2CDUMP is not set
# CONFIG_I2CDETECT is not set
# CONFIG_INOTIFYD is not set
# CONFIG_IONICE is not set
# CONFIG_LAST is not set
# CONFIG_FEATURE_LAST_FANCY is not set
# CONFIG_LESS is not set
CONFIG_FEATURE_LESS_MAXLINES=0
# CONFIG_FEATURE_LESS_BRACKETS is not set
@@ -742,27 +762,24 @@ CONFIG_FEATURE_LESS_MAXLINES=0
# CONFIG_FEATURE_LESS_ASK_TERMINAL is not set
# CONFIG_FEATURE_LESS_DASHCMD is not set
# CONFIG_FEATURE_LESS_LINENUMS is not set
CONFIG_LSSCSI=y
# CONFIG_MAKEDEVS is not set
# CONFIG_FEATURE_MAKEDEVS_LEAF is not set
# CONFIG_FEATURE_MAKEDEVS_TABLE is not set
# CONFIG_MAN is not set
# CONFIG_MICROCOM is not set
# CONFIG_MOUNTPOINT is not set
# CONFIG_MT is not set
# CONFIG_NANDWRITE is not set
# CONFIG_NANDDUMP is not set
CONFIG_PARTPROBE=y
# CONFIG_RAIDAUTORUN is not set
# CONFIG_READAHEAD is not set
# CONFIG_RFKILL is not set
# CONFIG_RUNLEVEL is not set
# CONFIG_RX is not set
CONFIG_SETSERIAL=y
# CONFIG_SETSID is not set
# CONFIG_STRINGS is not set
# CONFIG_TASKSET is not set
# CONFIG_FEATURE_TASKSET_FANCY is not set
# CONFIG_TIME is not set
# CONFIG_TIMEOUT is not set
# CONFIG_TTYSIZE is not set
# CONFIG_UBIRENAME is not set
# CONFIG_UBIATTACH is not set
@@ -772,7 +789,6 @@ CONFIG_SETSERIAL=y
# CONFIG_UBIRSVOL is not set
# CONFIG_UBIUPDATEVOL is not set
# CONFIG_VOLNAME is not set
# CONFIG_WALL is not set
# CONFIG_WATCHDOG is not set
#
@@ -822,8 +838,6 @@ CONFIG_IFUP=y
CONFIG_IFDOWN=y
CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate"
CONFIG_FEATURE_IFUPDOWN_IP=y
CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN=y
# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set
CONFIG_FEATURE_IFUPDOWN_IPV4=y
# CONFIG_FEATURE_IFUPDOWN_IPV6 is not set
# CONFIG_FEATURE_IFUPDOWN_MAPPING is not set
@@ -836,6 +850,12 @@ CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP=y
# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN is not set
# CONFIG_FEATURE_INETD_RPC is not set
CONFIG_IP=y
CONFIG_IPADDR=y
CONFIG_IPLINK=y
CONFIG_IPROUTE=y
# CONFIG_IPTUNNEL is not set
# CONFIG_IPRULE is not set
# CONFIG_IPNEIGH is not set
CONFIG_FEATURE_IP_ADDRESS=y
CONFIG_FEATURE_IP_LINK=y
CONFIG_FEATURE_IP_ROUTE=y
@@ -843,17 +863,10 @@ CONFIG_FEATURE_IP_ROUTE_DIR="/etc/iproute2"
# CONFIG_FEATURE_IP_TUNNEL is not set
# CONFIG_FEATURE_IP_RULE is not set
# CONFIG_FEATURE_IP_NEIGH is not set
CONFIG_FEATURE_IP_SHORT_FORMS=y
# CONFIG_FEATURE_IP_RARE_PROTOCOLS is not set
CONFIG_IPADDR=y
CONFIG_IPLINK=y
CONFIG_IPROUTE=y
# CONFIG_IPTUNNEL is not set
# CONFIG_IPRULE is not set
# CONFIG_IPNEIGH is not set
# CONFIG_IPCALC is not set
# CONFIG_FEATURE_IPCALC_FANCY is not set
# CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set
# CONFIG_FEATURE_IPCALC_FANCY is not set
# CONFIG_FAKEIDENTD is not set
# CONFIG_NAMEIF is not set
# CONFIG_FEATURE_NAMEIF_EXTENDED is not set
@@ -875,11 +888,13 @@ CONFIG_PING=y
# CONFIG_PSCAN is not set
CONFIG_ROUTE=y
# CONFIG_SLATTACH is not set
# CONFIG_SSL_CLIENT is not set
# CONFIG_TCPSVD is not set
# CONFIG_UDPSVD is not set
CONFIG_TELNET=y
CONFIG_FEATURE_TELNET_TTYPE=y
CONFIG_FEATURE_TELNET_AUTOLOGIN=y
CONFIG_FEATURE_TELNET_WIDTH=y
# CONFIG_TELNETD is not set
# CONFIG_FEATURE_TELNETD_STANDALONE is not set
# CONFIG_FEATURE_TELNETD_INETD_WAIT is not set
@@ -890,6 +905,7 @@ CONFIG_FEATURE_TELNET_AUTOLOGIN=y
# CONFIG_FEATURE_TFTP_BLOCKSIZE is not set
# CONFIG_FEATURE_TFTP_PROGRESS_BAR is not set
# CONFIG_TFTP_DEBUG is not set
# CONFIG_TLS is not set
# CONFIG_TRACEROUTE is not set
# CONFIG_TRACEROUTE6 is not set
# CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set
@@ -898,29 +914,32 @@ CONFIG_FEATURE_TELNET_AUTOLOGIN=y
# CONFIG_FEATURE_TUNCTL_UG is not set
# CONFIG_VCONFIG is not set
CONFIG_WGET=y
# CONFIG_FEATURE_WGET_LONG_OPTIONS is not set
# CONFIG_FEATURE_WGET_STATUSBAR is not set
# CONFIG_FEATURE_WGET_AUTHENTICATION is not set
# CONFIG_FEATURE_WGET_LONG_OPTIONS is not set
# CONFIG_FEATURE_WGET_TIMEOUT is not set
# CONFIG_FEATURE_WGET_HTTPS is not set
# CONFIG_FEATURE_WGET_OPENSSL is not set
# CONFIG_FEATURE_WGET_SSL_HELPER is not set
# CONFIG_WHOIS is not set
# CONFIG_ZCIP is not set
# CONFIG_UDHCPC6 is not set
# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
# CONFIG_UDHCPD is not set
# CONFIG_DHCPRELAY is not set
# CONFIG_DUMPLEASES is not set
# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
CONFIG_DHCPD_LEASES_FILE=""
# CONFIG_DUMPLEASES is not set
# CONFIG_DHCPRELAY is not set
CONFIG_UDHCPC=y
# CONFIG_FEATURE_UDHCPC_ARPING is not set
CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
# CONFIG_FEATURE_UDHCP_PORT is not set
CONFIG_UDHCP_DEBUG=9
# CONFIG_FEATURE_UDHCP_RFC3397 is not set
# CONFIG_FEATURE_UDHCP_8021Q is not set
CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80
CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n"
@@ -961,18 +980,19 @@ CONFIG_KILLALL5=y
# CONFIG_FEATURE_PIDOF_OMIT is not set
# CONFIG_PMAP is not set
# CONFIG_POWERTOP is not set
# CONFIG_FEATURE_POWERTOP_INTERACTIVE is not set
CONFIG_PS=y
CONFIG_FEATURE_PS_WIDE=y
CONFIG_FEATURE_PS_LONG=y
# CONFIG_FEATURE_PS_TIME is not set
# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
# CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS is not set
# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
# CONFIG_PSTREE is not set
# CONFIG_PWDX is not set
# CONFIG_RENICE is not set
# CONFIG_SMEMCAP is not set
# CONFIG_BB_SYSCTL is not set
# CONFIG_TOP is not set
# CONFIG_FEATURE_TOP_INTERACTIVE is not set
# CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE is not set
# CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS is not set
# CONFIG_FEATURE_TOP_SMP_CPU is not set
@@ -1018,27 +1038,32 @@ CONFIG_SVC=y
#
# Shells
#
# CONFIG_SH_IS_ASH is not set
CONFIG_SH_IS_HUSH=y
# CONFIG_SH_IS_NONE is not set
# CONFIG_BASH_IS_ASH is not set
# CONFIG_BASH_IS_HUSH is not set
CONFIG_BASH_IS_NONE=y
# CONFIG_ASH is not set
# CONFIG_ASH_OPTIMIZE_FOR_SIZE is not set
# CONFIG_ASH_INTERNAL_GLOB is not set
# CONFIG_ASH_RANDOM_SUPPORT is not set
# CONFIG_ASH_EXPAND_PRMT is not set
# CONFIG_ASH_BASH_COMPAT is not set
# CONFIG_ASH_IDLE_TIMEOUT is not set
# CONFIG_ASH_JOB_CONTROL is not set
# CONFIG_ASH_ALIAS is not set
# CONFIG_ASH_GETOPTS is not set
# CONFIG_ASH_BUILTIN_ECHO is not set
# CONFIG_ASH_BUILTIN_PRINTF is not set
# CONFIG_ASH_BUILTIN_TEST is not set
# CONFIG_ASH_HELP is not set
# CONFIG_ASH_CMDCMD is not set
# CONFIG_ASH_RANDOM_SUPPORT is not set
# CONFIG_ASH_EXPAND_PRMT is not set
# CONFIG_ASH_IDLE_TIMEOUT is not set
# CONFIG_ASH_MAIL is not set
# CONFIG_ASH_ECHO is not set
# CONFIG_ASH_PRINTF is not set
# CONFIG_ASH_TEST is not set
# CONFIG_ASH_HELP is not set
# CONFIG_ASH_GETOPTS is not set
# CONFIG_ASH_CMDCMD is not set
# CONFIG_CTTYHACK is not set
CONFIG_HUSH=y
CONFIG_HUSH_BASH_COMPAT=y
CONFIG_HUSH_BRACE_EXPANSION=y
CONFIG_HUSH_HELP=y
CONFIG_HUSH_INTERACTIVE=y
CONFIG_HUSH_SAVEHISTORY=y
CONFIG_HUSH_JOB=y
@@ -1049,17 +1074,30 @@ CONFIG_HUSH_CASE=y
CONFIG_HUSH_FUNCTIONS=y
CONFIG_HUSH_LOCAL=y
CONFIG_HUSH_RANDOM_SUPPORT=y
CONFIG_HUSH_EXPORT_N=y
CONFIG_HUSH_MODE_X=y
CONFIG_HUSH_ECHO=y
CONFIG_HUSH_PRINTF=y
CONFIG_HUSH_TEST=y
CONFIG_HUSH_HELP=y
CONFIG_HUSH_EXPORT=y
CONFIG_HUSH_EXPORT_N=y
CONFIG_HUSH_KILL=y
CONFIG_HUSH_WAIT=y
CONFIG_HUSH_TRAP=y
CONFIG_HUSH_TYPE=y
CONFIG_HUSH_READ=y
CONFIG_HUSH_SET=y
CONFIG_HUSH_UNSET=y
CONFIG_HUSH_ULIMIT=y
CONFIG_HUSH_UMASK=y
# CONFIG_HUSH_MEMLEAK is not set
# CONFIG_MSH is not set
# CONFIG_FEATURE_SH_IS_ASH is not set
CONFIG_FEATURE_SH_IS_HUSH=y
# CONFIG_FEATURE_SH_IS_NONE is not set
# CONFIG_FEATURE_BASH_IS_ASH is not set
# CONFIG_FEATURE_BASH_IS_HUSH is not set
CONFIG_FEATURE_BASH_IS_NONE=y
CONFIG_SH_MATH_SUPPORT=y
# CONFIG_SH_MATH_SUPPORT_64 is not set
#
# Options common to all shells
#
CONFIG_FEATURE_SH_MATH=y
CONFIG_FEATURE_SH_MATH_64=y
CONFIG_FEATURE_SH_EXTRA_QUIET=y
# CONFIG_FEATURE_SH_STANDALONE is not set
# CONFIG_FEATURE_SH_NOFORK is not set
+107 -69
View File
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Busybox version: 1.26.0
# Thu Dec 29 21:01:56 2016
# Busybox version: 1.27.1
# Sun Jul 30 15:27:03 2017
#
CONFIG_HAVE_DOT_CONFIG=y
@@ -12,7 +12,6 @@ CONFIG_DESKTOP=y
# CONFIG_EXTRA_COMPAT is not set
CONFIG_INCLUDE_SUSv2=y
# CONFIG_USE_PORTABLE_CODE is not set
CONFIG_PLATFORM_LINUX=y
CONFIG_SHOW_USAGE=y
CONFIG_FEATURE_VERBOSE_USAGE=y
# CONFIG_FEATURE_COMPRESS_USAGE is not set
@@ -35,6 +34,7 @@ CONFIG_FEATURE_SUID=y
CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
CONFIG_FEATURE_SYSLOG=y
# CONFIG_FEATURE_HAVE_RPC is not set
CONFIG_PLATFORM_LINUX=y
#
# Build Options
@@ -89,7 +89,6 @@ CONFIG_MD5_SMALL=1
CONFIG_SHA3_SMALL=1
# CONFIG_FEATURE_FAST_TOP is not set
# CONFIG_FEATURE_ETC_NETWORKS is not set
CONFIG_FEATURE_USE_TERMIOS=y
CONFIG_FEATURE_EDITING=y
CONFIG_FEATURE_EDITING_MAX_LEN=1024
CONFIG_FEATURE_EDITING_VI=y
@@ -150,6 +149,7 @@ CONFIG_UNXZ=y
CONFIG_XZCAT=y
CONFIG_XZ=y
# CONFIG_BZIP2 is not set
CONFIG_FEATURE_BZIP2_DECOMPRESS=y
CONFIG_CPIO=y
# CONFIG_FEATURE_CPIO_O is not set
# CONFIG_FEATURE_CPIO_P is not set
@@ -159,6 +159,7 @@ CONFIG_GZIP=y
# CONFIG_FEATURE_GZIP_LONG_OPTIONS is not set
CONFIG_GZIP_FAST=0
# CONFIG_FEATURE_GZIP_LEVELS is not set
CONFIG_FEATURE_GZIP_DECOMPRESS=y
# CONFIG_LZOP is not set
CONFIG_UNLZOP=y
CONFIG_LZOPCAT=y
@@ -166,26 +167,29 @@ CONFIG_LZOPCAT=y
# CONFIG_RPM2CPIO is not set
# CONFIG_RPM is not set
CONFIG_TAR=y
CONFIG_FEATURE_TAR_LONG_OPTIONS=y
CONFIG_FEATURE_TAR_CREATE=y
# CONFIG_FEATURE_TAR_AUTODETECT is not set
CONFIG_FEATURE_TAR_FROM=y
# CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY is not set
# CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY is not set
CONFIG_FEATURE_TAR_GNU_EXTENSIONS=y
CONFIG_FEATURE_TAR_LONG_OPTIONS=y
CONFIG_FEATURE_TAR_TO_COMMAND=y
# CONFIG_FEATURE_TAR_UNAME_GNAME is not set
# CONFIG_FEATURE_TAR_NOPRESERVE_TIME is not set
# CONFIG_FEATURE_TAR_SELINUX is not set
CONFIG_UNZIP=y
CONFIG_FEATURE_UNZIP_CDF=y
CONFIG_FEATURE_UNZIP_BZIP2=y
CONFIG_FEATURE_UNZIP_LZMA=y
CONFIG_FEATURE_UNZIP_XZ=y
#
# Coreutils
#
CONFIG_BASENAME=y
# CONFIG_CAL is not set
CONFIG_CAT=y
CONFIG_CATV=y
CONFIG_FEATURE_CATV=y
CONFIG_CHGRP=y
CONFIG_CHMOD=y
CONFIG_CHOWN=y
@@ -222,6 +226,7 @@ CONFIG_ENV=y
# CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS is not set
CONFIG_EXPR=y
CONFIG_EXPR_MATH_SUPPORT_64=y
CONFIG_FACTOR=y
CONFIG_FALSE=y
CONFIG_FOLD=y
# CONFIG_FSYNC is not set
@@ -232,12 +237,14 @@ CONFIG_ID=y
# CONFIG_GROUPS is not set
CONFIG_INSTALL=y
CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y
CONFIG_LINK=y
CONFIG_LN=y
CONFIG_LOGNAME=y
CONFIG_LS=y
CONFIG_FEATURE_LS_FILETYPES=y
CONFIG_FEATURE_LS_FOLLOWLINKS=y
CONFIG_FEATURE_LS_RECURSIVE=y
CONFIG_FEATURE_LS_WIDTH=y
CONFIG_FEATURE_LS_SORTFILES=y
CONFIG_FEATURE_LS_TIMESTAMPS=y
CONFIG_FEATURE_LS_USERNAME=y
@@ -257,11 +264,15 @@ CONFIG_MKDIR=y
CONFIG_FEATURE_MKDIR_LONG_OPTIONS=y
CONFIG_MKFIFO=y
CONFIG_MKNOD=y
CONFIG_MKTEMP=y
CONFIG_MV=y
CONFIG_FEATURE_MV_LONG_OPTIONS=y
CONFIG_NICE=y
CONFIG_NL=y
CONFIG_NOHUP=y
CONFIG_NPROC=y
CONFIG_OD=y
CONFIG_PASTE=y
CONFIG_PRINTENV=y
CONFIG_PRINTF=y
CONFIG_PWD=y
@@ -272,6 +283,7 @@ CONFIG_RM=y
CONFIG_RMDIR=y
# CONFIG_FEATURE_RMDIR_LONG_OPTIONS is not set
CONFIG_SEQ=y
CONFIG_SHRED=y
# CONFIG_SHUF is not set
CONFIG_SLEEP=y
CONFIG_FEATURE_FANCY_SLEEP=y
@@ -296,6 +308,7 @@ CONFIG_TEST=y
CONFIG_TEST1=y
CONFIG_TEST2=y
CONFIG_FEATURE_TEST_64=y
# CONFIG_TIMEOUT is not set
CONFIG_TOUCH=y
# CONFIG_FEATURE_TOUCH_NODEREF is not set
CONFIG_FEATURE_TOUCH_SUSV3=y
@@ -317,6 +330,7 @@ CONFIG_WC=y
# CONFIG_FEATURE_WC_LARGE is not set
CONFIG_WHOAMI=y
CONFIG_WHO=y
CONFIG_W=y
# CONFIG_USERS is not set
CONFIG_YES=y
@@ -330,11 +344,6 @@ CONFIG_FEATURE_VERBOSE=y
#
CONFIG_FEATURE_PRESERVE_HARDLINKS=y
#
# Common options for ls, more and telnet
#
CONFIG_FEATURE_AUTOWIDTH=y
#
# Common options for df, du, ls
#
@@ -373,14 +382,13 @@ CONFIG_SETLOGCONS=y
#
# Debian Utilities
#
CONFIG_MKTEMP=y
CONFIG_PIPE_PROGRESS=y
CONFIG_RUN_PARTS=y
CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS=y
# CONFIG_FEATURE_RUN_PARTS_FANCY is not set
CONFIG_START_STOP_DAEMON=y
CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y
CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
CONFIG_WHICH=y
#
@@ -471,12 +479,10 @@ CONFIG_FEATURE_KILL_REMOVED=y
CONFIG_FEATURE_KILL_DELAY=0
CONFIG_FEATURE_INIT_SCTTY=y
CONFIG_FEATURE_INIT_SYSLOG=y
CONFIG_FEATURE_EXTRA_QUIET=y
CONFIG_FEATURE_INIT_QUIET=y
# CONFIG_FEATURE_INIT_COREDUMPS is not set
CONFIG_INIT_TERMINAL_TYPE="linux"
CONFIG_FEATURE_INIT_MODIFY_CMDLINE=y
CONFIG_MESG=y
CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
#
# Login/Password Management Utilities
@@ -515,6 +521,7 @@ CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
CONFIG_SU=y
CONFIG_FEATURE_SU_SYSLOG=y
CONFIG_FEATURE_SU_CHECKS_SHELLS=y
# CONFIG_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY is not set
CONFIG_SULOGIN=y
CONFIG_VLOCK=y
@@ -529,6 +536,7 @@ CONFIG_LSATTR=y
#
# Linux Module Utilities
#
# CONFIG_MODPROBE_SMALL is not set
# CONFIG_DEPMOD is not set
CONFIG_INSMOD=y
CONFIG_LSMOD=y
@@ -536,22 +544,21 @@ CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT=y
# CONFIG_MODINFO is not set
CONFIG_MODPROBE=y
# CONFIG_FEATURE_MODPROBE_BLACKLIST is not set
# CONFIG_MODPROBE_SMALL is not set
# CONFIG_FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE is not set
# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
CONFIG_RMMOD=y
#
# Options common to multiple modutils
#
CONFIG_FEATURE_CMDLINE_MODULE_OPTIONS=y
# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
# CONFIG_FEATURE_2_4_MODULES is not set
# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set
# CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set
# CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set
# CONFIG_FEATURE_INSMOD_LOADINKMEM is not set
# CONFIG_FEATURE_INSMOD_LOAD_MAP is not set
# CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set
CONFIG_FEATURE_CHECK_TAINTED_MODULE=y
# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set
CONFIG_FEATURE_MODUTILS_ALIAS=y
CONFIG_FEATURE_MODUTILS_SYMBOLS=y
CONFIG_DEFAULT_MODULES_DIR="/lib/modules"
@@ -566,8 +573,13 @@ CONFIG_DEFAULT_DEPMOD_FILE="modules.dep"
CONFIG_BLKID=y
# CONFIG_FEATURE_BLKID_TYPE is not set
# CONFIG_BLOCKDEV is not set
# CONFIG_CAL is not set
CONFIG_CHRT=y
CONFIG_DMESG=y
CONFIG_FEATURE_DMESG_PRETTY=y
CONFIG_EJECT=y
# CONFIG_FEATURE_EJECT_SCSI is not set
CONFIG_FALLOCATE=y
# CONFIG_FATATTR is not set
CONFIG_FBSET=y
CONFIG_FEATURE_FBSET_FANCY=y
@@ -587,17 +599,22 @@ CONFIG_FLOCK=y
CONFIG_FDFLUSH=y
CONFIG_FREERAMDISK=y
# CONFIG_FSCK_MINIX is not set
CONFIG_FSFREEZE=y
CONFIG_FSTRIM=y
CONFIG_GETOPT=y
CONFIG_FEATURE_GETOPT_LONG=y
CONFIG_HEXDUMP=y
# CONFIG_FEATURE_HEXDUMP_REVERSE is not set
# CONFIG_HD is not set
CONFIG_XXD=y
CONFIG_HWCLOCK=y
CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y
CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS=y
# CONFIG_IONICE is not set
CONFIG_IPCRM=y
CONFIG_IPCS=y
CONFIG_LAST=y
# CONFIG_FEATURE_LAST_FANCY is not set
CONFIG_LOSETUP=y
CONFIG_LSPCI=y
CONFIG_LSUSB=y
@@ -607,6 +624,8 @@ CONFIG_FEATURE_MDEV_RENAME=y
# CONFIG_FEATURE_MDEV_RENAME_REGEXP is not set
CONFIG_FEATURE_MDEV_EXEC=y
# CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set
CONFIG_MESG=y
CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
CONFIG_MKE2FS=y
# CONFIG_MKFS_EXT2 is not set
# CONFIG_MKFS_MINIX is not set
@@ -627,12 +646,14 @@ CONFIG_FEATURE_MOUNT_CIFS=y
CONFIG_FEATURE_MOUNT_FLAGS=y
CONFIG_FEATURE_MOUNT_FSTAB=y
CONFIG_FEATURE_MOUNT_OTHERTAB=y
CONFIG_MOUNTPOINT=y
# CONFIG_NSENTER is not set
# CONFIG_FEATURE_NSENTER_LONG_OPTS is not set
CONFIG_PIVOT_ROOT=y
CONFIG_RDATE=y
# CONFIG_RDEV is not set
CONFIG_READPROFILE=y
CONFIG_RENICE=y
# CONFIG_REV is not set
# CONFIG_RTCWAKE is not set
# CONFIG_SCRIPT is not set
@@ -640,15 +661,20 @@ CONFIG_READPROFILE=y
CONFIG_SETARCH=y
CONFIG_LINUX32=y
CONFIG_LINUX64=y
CONFIG_SETPRIV=y
CONFIG_SETSID=y
CONFIG_SWAPON=y
# CONFIG_FEATURE_SWAPON_DISCARD is not set
# CONFIG_FEATURE_SWAPON_PRI is not set
CONFIG_SWAPOFF=y
CONFIG_SWITCH_ROOT=y
# CONFIG_TASKSET is not set
# CONFIG_FEATURE_TASKSET_FANCY is not set
CONFIG_UEVENT=y
CONFIG_UMOUNT=y
CONFIG_FEATURE_UMOUNT_ALL=y
# CONFIG_UNSHARE is not set
# CONFIG_WALL is not set
#
# Common options for mount/umount
@@ -702,7 +728,6 @@ CONFIG_FEATURE_BEEP_LENGTH_MS=0
# CONFIG_FEATURE_CHAT_SEND_ESCAPES is not set
# CONFIG_FEATURE_CHAT_VAR_ABORT_LEN is not set
# CONFIG_FEATURE_CHAT_CLR_ABORT is not set
CONFIG_CHRT=y
# CONFIG_CONSPY is not set
CONFIG_CROND=y
# CONFIG_FEATURE_CROND_D is not set
@@ -717,8 +742,6 @@ CONFIG_DC=y
# CONFIG_DEVFSD_VERBOSE is not set
# CONFIG_FEATURE_DEVFS is not set
CONFIG_DEVMEM=y
CONFIG_EJECT=y
# CONFIG_FEATURE_EJECT_SCSI is not set
# CONFIG_FBSPLASH is not set
# CONFIG_FLASHCP is not set
# CONFIG_FLASH_ERASEALL is not set
@@ -736,9 +759,6 @@ CONFIG_I2CSET=y
CONFIG_I2CDUMP=y
CONFIG_I2CDETECT=y
# CONFIG_INOTIFYD is not set
# CONFIG_IONICE is not set
CONFIG_LAST=y
# CONFIG_FEATURE_LAST_FANCY is not set
CONFIG_LESS=y
CONFIG_FEATURE_LESS_MAXLINES=9999999
CONFIG_FEATURE_LESS_BRACKETS=y
@@ -750,27 +770,24 @@ CONFIG_FEATURE_LESS_REGEXP=y
# CONFIG_FEATURE_LESS_ASK_TERMINAL is not set
# CONFIG_FEATURE_LESS_DASHCMD is not set
# CONFIG_FEATURE_LESS_LINENUMS is not set
CONFIG_LSSCSI=y
CONFIG_MAKEDEVS=y
# CONFIG_FEATURE_MAKEDEVS_LEAF is not set
CONFIG_FEATURE_MAKEDEVS_TABLE=y
# CONFIG_MAN is not set
CONFIG_MICROCOM=y
CONFIG_MOUNTPOINT=y
CONFIG_MT=y
# CONFIG_NANDWRITE is not set
# CONFIG_NANDDUMP is not set
CONFIG_PARTPROBE=y
# CONFIG_RAIDAUTORUN is not set
# CONFIG_READAHEAD is not set
# CONFIG_RFKILL is not set
CONFIG_RUNLEVEL=y
# CONFIG_RX is not set
CONFIG_SETSERIAL=y
CONFIG_SETSID=y
CONFIG_STRINGS=y
# CONFIG_TASKSET is not set
# CONFIG_FEATURE_TASKSET_FANCY is not set
CONFIG_TIME=y
# CONFIG_TIMEOUT is not set
# CONFIG_TTYSIZE is not set
CONFIG_UBIRENAME=y
# CONFIG_UBIATTACH is not set
@@ -780,7 +797,6 @@ CONFIG_UBIRENAME=y
# CONFIG_UBIRSVOL is not set
# CONFIG_UBIUPDATEVOL is not set
# CONFIG_VOLNAME is not set
# CONFIG_WALL is not set
CONFIG_WATCHDOG=y
#
@@ -830,8 +846,6 @@ CONFIG_IFUP=y
CONFIG_IFDOWN=y
CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate"
CONFIG_FEATURE_IFUPDOWN_IP=y
# CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN is not set
# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set
CONFIG_FEATURE_IFUPDOWN_IPV4=y
CONFIG_FEATURE_IFUPDOWN_IPV6=y
CONFIG_FEATURE_IFUPDOWN_MAPPING=y
@@ -844,6 +858,12 @@ CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME=y
CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN=y
# CONFIG_FEATURE_INETD_RPC is not set
CONFIG_IP=y
CONFIG_IPADDR=y
CONFIG_IPLINK=y
CONFIG_IPROUTE=y
CONFIG_IPTUNNEL=y
CONFIG_IPRULE=y
CONFIG_IPNEIGH=y
CONFIG_FEATURE_IP_ADDRESS=y
CONFIG_FEATURE_IP_LINK=y
CONFIG_FEATURE_IP_ROUTE=y
@@ -851,17 +871,10 @@ CONFIG_FEATURE_IP_ROUTE_DIR="/etc/iproute2"
CONFIG_FEATURE_IP_TUNNEL=y
CONFIG_FEATURE_IP_RULE=y
CONFIG_FEATURE_IP_NEIGH=y
CONFIG_FEATURE_IP_SHORT_FORMS=y
# CONFIG_FEATURE_IP_RARE_PROTOCOLS is not set
CONFIG_IPADDR=y
CONFIG_IPLINK=y
CONFIG_IPROUTE=y
CONFIG_IPTUNNEL=y
CONFIG_IPRULE=y
CONFIG_IPNEIGH=y
# CONFIG_IPCALC is not set
# CONFIG_FEATURE_IPCALC_FANCY is not set
# CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set
# CONFIG_FEATURE_IPCALC_FANCY is not set
# CONFIG_FAKEIDENTD is not set
CONFIG_NAMEIF=y
# CONFIG_FEATURE_NAMEIF_EXTENDED is not set
@@ -883,11 +896,13 @@ CONFIG_FEATURE_FANCY_PING=y
# CONFIG_PSCAN is not set
CONFIG_ROUTE=y
# CONFIG_SLATTACH is not set
# CONFIG_SSL_CLIENT is not set
# CONFIG_TCPSVD is not set
# CONFIG_UDPSVD is not set
CONFIG_TELNET=y
CONFIG_FEATURE_TELNET_TTYPE=y
CONFIG_FEATURE_TELNET_AUTOLOGIN=y
CONFIG_FEATURE_TELNET_WIDTH=y
# CONFIG_TELNETD is not set
# CONFIG_FEATURE_TELNETD_STANDALONE is not set
# CONFIG_FEATURE_TELNETD_INETD_WAIT is not set
@@ -902,6 +917,7 @@ CONFIG_FEATURE_TFTP_PUT=y
CONFIG_FEATURE_TFTP_BLOCKSIZE=y
# CONFIG_FEATURE_TFTP_PROGRESS_BAR is not set
# CONFIG_TFTP_DEBUG is not set
# CONFIG_TLS is not set
CONFIG_TRACEROUTE=y
# CONFIG_TRACEROUTE6 is not set
# CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set
@@ -910,29 +926,32 @@ CONFIG_TRACEROUTE=y
# CONFIG_FEATURE_TUNCTL_UG is not set
CONFIG_VCONFIG=y
CONFIG_WGET=y
CONFIG_FEATURE_WGET_LONG_OPTIONS=y
CONFIG_FEATURE_WGET_STATUSBAR=y
CONFIG_FEATURE_WGET_AUTHENTICATION=y
CONFIG_FEATURE_WGET_LONG_OPTIONS=y
CONFIG_FEATURE_WGET_TIMEOUT=y
# CONFIG_FEATURE_WGET_HTTPS is not set
# CONFIG_FEATURE_WGET_OPENSSL is not set
# CONFIG_FEATURE_WGET_SSL_HELPER is not set
# CONFIG_WHOIS is not set
# CONFIG_ZCIP is not set
# CONFIG_UDHCPC6 is not set
# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
# CONFIG_UDHCPD is not set
# CONFIG_DHCPRELAY is not set
# CONFIG_DUMPLEASES is not set
# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
CONFIG_DHCPD_LEASES_FILE=""
# CONFIG_DUMPLEASES is not set
# CONFIG_DHCPRELAY is not set
CONFIG_UDHCPC=y
CONFIG_FEATURE_UDHCPC_ARPING=y
CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
# CONFIG_FEATURE_UDHCP_PORT is not set
CONFIG_UDHCP_DEBUG=0
# CONFIG_FEATURE_UDHCP_RFC3397 is not set
CONFIG_FEATURE_UDHCP_8021Q=y
CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80
CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n"
@@ -973,18 +992,19 @@ CONFIG_FEATURE_PIDOF_SINGLE=y
CONFIG_FEATURE_PIDOF_OMIT=y
# CONFIG_PMAP is not set
# CONFIG_POWERTOP is not set
# CONFIG_FEATURE_POWERTOP_INTERACTIVE is not set
CONFIG_PS=y
# CONFIG_FEATURE_PS_WIDE is not set
# CONFIG_FEATURE_PS_LONG is not set
# CONFIG_FEATURE_PS_TIME is not set
# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
# CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS is not set
# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
# CONFIG_PSTREE is not set
# CONFIG_PWDX is not set
CONFIG_RENICE=y
# CONFIG_SMEMCAP is not set
CONFIG_BB_SYSCTL=y
CONFIG_TOP=y
CONFIG_FEATURE_TOP_INTERACTIVE=y
CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y
CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y
# CONFIG_FEATURE_TOP_SMP_CPU is not set
@@ -1030,27 +1050,32 @@ CONFIG_SVC=y
#
# Shells
#
CONFIG_SH_IS_ASH=y
# CONFIG_SH_IS_HUSH is not set
# CONFIG_SH_IS_NONE is not set
# CONFIG_BASH_IS_ASH is not set
# CONFIG_BASH_IS_HUSH is not set
CONFIG_BASH_IS_NONE=y
CONFIG_ASH=y
CONFIG_ASH_OPTIMIZE_FOR_SIZE=y
CONFIG_ASH_INTERNAL_GLOB=y
CONFIG_ASH_RANDOM_SUPPORT=y
CONFIG_ASH_EXPAND_PRMT=y
CONFIG_ASH_BASH_COMPAT=y
CONFIG_ASH_IDLE_TIMEOUT=y
CONFIG_ASH_JOB_CONTROL=y
CONFIG_ASH_ALIAS=y
CONFIG_ASH_GETOPTS=y
CONFIG_ASH_BUILTIN_ECHO=y
CONFIG_ASH_BUILTIN_PRINTF=y
CONFIG_ASH_BUILTIN_TEST=y
CONFIG_ASH_HELP=y
CONFIG_ASH_CMDCMD=y
CONFIG_ASH_RANDOM_SUPPORT=y
CONFIG_ASH_EXPAND_PRMT=y
CONFIG_ASH_IDLE_TIMEOUT=y
# CONFIG_ASH_MAIL is not set
CONFIG_ASH_ECHO=y
CONFIG_ASH_PRINTF=y
CONFIG_ASH_TEST=y
CONFIG_ASH_HELP=y
CONFIG_ASH_GETOPTS=y
CONFIG_ASH_CMDCMD=y
# CONFIG_CTTYHACK is not set
# CONFIG_HUSH is not set
# CONFIG_HUSH_BASH_COMPAT is not set
# CONFIG_HUSH_BRACE_EXPANSION is not set
# CONFIG_HUSH_HELP is not set
# CONFIG_HUSH_INTERACTIVE is not set
# CONFIG_HUSH_SAVEHISTORY is not set
# CONFIG_HUSH_JOB is not set
@@ -1061,17 +1086,30 @@ CONFIG_ASH_CMDCMD=y
# CONFIG_HUSH_FUNCTIONS is not set
# CONFIG_HUSH_LOCAL is not set
# CONFIG_HUSH_RANDOM_SUPPORT is not set
# CONFIG_HUSH_EXPORT_N is not set
# CONFIG_HUSH_MODE_X is not set
# CONFIG_HUSH_ECHO is not set
# CONFIG_HUSH_PRINTF is not set
# CONFIG_HUSH_TEST is not set
# CONFIG_HUSH_HELP is not set
# CONFIG_HUSH_EXPORT is not set
# CONFIG_HUSH_EXPORT_N is not set
# CONFIG_HUSH_KILL is not set
# CONFIG_HUSH_WAIT is not set
# CONFIG_HUSH_TRAP is not set
# CONFIG_HUSH_TYPE is not set
# CONFIG_HUSH_READ is not set
# CONFIG_HUSH_SET is not set
# CONFIG_HUSH_UNSET is not set
# CONFIG_HUSH_ULIMIT is not set
# CONFIG_HUSH_UMASK is not set
# CONFIG_HUSH_MEMLEAK is not set
# CONFIG_MSH is not set
CONFIG_FEATURE_SH_IS_ASH=y
# CONFIG_FEATURE_SH_IS_HUSH is not set
# CONFIG_FEATURE_SH_IS_NONE is not set
# CONFIG_FEATURE_BASH_IS_ASH is not set
# CONFIG_FEATURE_BASH_IS_HUSH is not set
CONFIG_FEATURE_BASH_IS_NONE=y
CONFIG_SH_MATH_SUPPORT=y
# CONFIG_SH_MATH_SUPPORT_64 is not set
#
# Options common to all shells
#
CONFIG_FEATURE_SH_MATH=y
CONFIG_FEATURE_SH_MATH_64=y
CONFIG_FEATURE_SH_EXTRA_QUIET=y
# CONFIG_FEATURE_SH_STANDALONE is not set
# CONFIG_FEATURE_SH_NOFORK is not set
+3 -3
View File
@@ -1,3 +1,3 @@
# From https://busybox.net/downloads/busybox-1.26.2.tar.bz2.sign
md5 bb59d25ee2643db20f212eec539429f1 busybox-1.26.2.tar.bz2
sha1 0b3e3cd49d6d9e30f66e364bf842663348b23dc9 busybox-1.26.2.tar.bz2
# From https://busybox.net/downloads/busybox-1.27.2.tar.bz2.sign
md5 476186f4bab81781dab2369bfd42734e busybox-1.27.2.tar.bz2
sha1 11669e223cc38de646ce26080e91ca29b8d42ad9 busybox-1.27.2.tar.bz2
+2 -2
View File
@@ -4,7 +4,7 @@
#
################################################################################
BUSYBOX_VERSION = 1.26.2
BUSYBOX_VERSION = 1.27.2
BUSYBOX_SITE = http://www.busybox.net/downloads
BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
BUSYBOX_LICENSE = GPLv2
@@ -175,7 +175,7 @@ define BUSYBOX_INSTALL_LOGGING_SCRIPT
if grep -q CONFIG_SYSLOGD=y $(@D)/.config; then \
$(INSTALL) -m 0755 -D package/busybox/S01logging \
$(TARGET_DIR)/etc/init.d/S01logging; \
else rm -f $(TARGET_DIR)/etc/init.d/S01logging; fi
fi
endef
ifeq ($(BR2_INIT_BUSYBOX),y)
+2 -2
View File
@@ -12,13 +12,13 @@ BZIP2_LICENSE_FILES = LICENSE
ifeq ($(BR2_STATIC_LIBS),)
define BZIP2_BUILD_SHARED_CMDS
$(TARGET_MAKE_ENV)
$(TARGET_MAKE_ENV) \
$(MAKE) -C $(@D) -f Makefile-libbz2_so $(TARGET_CONFIGURE_OPTS)
endef
endif
define BZIP2_BUILD_CMDS
$(TARGET_MAKE_ENV)
$(TARGET_MAKE_ENV) \
$(MAKE) -C $(@D) libbz2.a bzip2 bzip2recover $(TARGET_CONFIGURE_OPTS)
$(BZIP2_BUILD_SHARED_CMDS)
endef
+3 -2
View File
@@ -1,2 +1,3 @@
# Verified key https://samba.org/ftp/ccache/ccache-3.3.3.tar.xz.asc - sha256 computed locally
sha256 3b02a745da1cfa9eb438af7147e0fd3545e2f6163de9e5b07da86f58859f04ec ccache-3.3.3.tar.xz
# Verified key https://samba.org/ftp/ccache/ccache-3.3.4.tar.xz.asc - sha256 computed locally
sha256 24f15bf389e38c41548c9c259532187774ec0cb9686c3497bbb75504c8dc404f ccache-3.3.4.tar.xz
sha256 190576a6e938760ec8113523e6fd380141117303e90766cc4802e770422b30c6 ccache-3.3.5.tar.xz
+2 -2
View File
@@ -4,8 +4,8 @@
#
################################################################################
CCACHE_VERSION = 3.3.3
CCACHE_SITE = https://samba.org/ftp/ccache
CCACHE_VERSION = 3.3.5
CCACHE_SITE = https://www.samba.org/ftp/ccache
CCACHE_SOURCE = ccache-$(CCACHE_VERSION).tar.xz
CCACHE_LICENSE = GPLv3+, others
CCACHE_LICENSE_FILES = LICENSE.txt GPL-3.0.txt
+1
View File
@@ -1,6 +1,7 @@
config BR2_PACKAGE_CLAMAV
bool "clamav"
select BR2_PACKAGE_GETTEXT if BR2_NEEDS_GETTEXT_IF_LOCALE
select BR2_PACKAGE_LIBTOOL
select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_ZLIB
depends on BR2_TOOLCHAIN_HAS_THREADS
+13 -1
View File
@@ -1,2 +1,14 @@
# Locally calculated
sha256 167bd6a13e05ece326b968fdb539b05c2ffcfef6018a274a10aeda85c2c0027a clamav-0.99.2.tar.gz
sha256 d72ac3273bde8d2e5e28ec9978373ee3ab4529fd868bc3fc4d2d2671228f2461 clamav-0.99.4.tar.gz
sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584 COPYING
sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed COPYING.bzip2
sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6 COPYING.file
sha256 6dce638b76399e7521ad8e182d3e33e4496c85b3b69b6ff434b53017101e82ad COPYING.getopt
sha256 a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861 COPYING.LGPL
sha256 e3a9b913515a42f8ff3ef1551c3a2cdba383c39ed959729e0e2911219496ad74 COPYING.llvm
sha256 d96d71b66aa32c4a2d1619b9ca3347dafa9460bcf0fb5ac2408916067ad31dfc COPYING.lzma
sha256 accdcf2455c07b99abea59016b3663eaef926a92092d103bfaa25fed27cf6b24 COPYING.pcre
sha256 e2c1395a3d9fea6d5d25847c9d783db6e2cc8b085b4025861f459139c5dfd90b COPYING.regex
sha256 1faccc6b5c7b958fb807a3f573d5be9bf7889fe898f7e0617c544b05a81bfd00 COPYING.unrar
sha256 a20d6317c5384e8d4c05f9c31097878675d9429ec46090656166039cc10bc957 COPYING.YARA
sha256 c2f77553f8d870c5635b0dace0519253233f172b33ce1fdf6578610706294eee COPYING.zlib
+11 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
CLAMAV_VERSION = 0.99.2
CLAMAV_VERSION = 0.99.4
CLAMAV_SITE = https://www.clamav.net/downloads/production
CLAMAV_LICENSE = GPLv2
CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
@@ -12,6 +12,7 @@ CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
COPYING.unrar COPYING.zlib
CLAMAV_DEPENDENCIES = \
host-pkgconf \
libtool \
openssl \
zlib \
$(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext)
@@ -24,6 +25,8 @@ CLAMAV_CONF_ENV = \
# UCLIBC_HAS_FTS is disabled, therefore disable fanotify (missing fts.h)
CLAMAV_CONF_OPTS = \
--with-dbdir=/var/lib/clamav \
--with-ltdl-include=$(STAGING_DIR)/usr/include \
--with-ltdl-lib=$(STAGING_DIR)/usr/lib \
--with-openssl=$(STAGING_DIR)/usr \
--with-zlib=$(STAGING_DIR)/usr \
--disable-zlib-vcheck \
@@ -45,6 +48,13 @@ else
CLAMAV_CONF_OPTS += --disable-bzip2
endif
ifeq ($(BR2_PACKAGE_JSON_C),y)
CLAMAV_CONF_OPTS += --with-libjson=$(STAGING_DIR)/usr
CLAMAV_DEPENDENCIES += json-c
else
CLAMAV_CONF_OPTS += --without-libjson
endif
ifeq ($(BR2_PACKAGE_LIBXML2),y)
CLAMAV_CONF_OPTS += --with-xml=$(STAGING_DIR)/usr
CLAMAV_DEPENDENCIES += libxml2
+1
View File
@@ -46,6 +46,7 @@ define HOST_CMAKE_CONFIGURE_CMDS
-DCMAKE_C_FLAGS="$(HOST_CMAKE_CFLAGS)" \
-DCMAKE_CXX_FLAGS="$(HOST_CMAKE_CXXFLAGS)" \
-DCMAKE_EXE_LINKER_FLAGS="$(HOST_LDFLAGS)" \
-DCMAKE_USE_OPENSSL:BOOL=OFF \
-DBUILD_CursesDialog=OFF \
)
endef
+15 -1
View File
@@ -24,9 +24,23 @@ COLLECTD_PLUGINS_DISABLE = \
COLLECTD_CONF_ENV += LIBS="-lm"
#
# NOTE: There's also a third availible setting "intswap", which might
# be needed on some old ARM hardware (see [2]), but is not being
# accounted for as per discussion [1]
#
# [1] http://lists.busybox.net/pipermail/buildroot/2017-November/206100.html
# [2] http://lists.busybox.net/pipermail/buildroot/2017-November/206251.html
#
ifeq ($(BR2_ENDIAN),"BIG")
COLLECTD_FP_LAYOUT=endianflip
else
COLLECTD_FP_LAYOUT=nothing
endif
COLLECTD_CONF_OPTS += \
--with-nan-emulation \
--with-fp-layout=nothing \
--with-fp-layout=$(COLLECTD_FP_LAYOUT) \
--with-perl-bindings=no \
$(foreach p, $(COLLECTD_PLUGINS_DISABLE), --disable-$(p)) \
$(if $(BR2_PACKAGE_COLLECTD_AGGREGATION),--enable-aggregation,--disable-aggregation) \
+1 -1
View File
@@ -1,2 +1,2 @@
# From https://www.kernel.org/pub/linux/network/connman/sha256sums.asc
sha256 bc8946036fa70124d663136f9f6b6238d897ca482782df907b07a428b09df5a0 connman-1.33.tar.xz
sha256 66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa connman-1.35.tar.xz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
CONNMAN_VERSION = 1.33
CONNMAN_VERSION = 1.35
CONNMAN_SOURCE = connman-$(CONNMAN_VERSION).tar.xz
CONNMAN_SITE = $(BR2_KERNEL_MIRROR)/linux/network/connman
CONNMAN_DEPENDENCIES = libglib2 dbus iptables
+2 -2
View File
@@ -56,8 +56,8 @@ COREUTILS_CONF_ENV = ac_cv_c_restrict=no \
INSTALL_PROGRAM=$(INSTALL)
COREUTILS_BIN_PROGS = cat chgrp chmod chown cp date dd df dir echo false \
ln ls mkdir mknod mv pwd rm rmdir vdir sleep stty sync touch true \
uname join
kill link ln ls mkdir mknod mktemp mv nice printenv pwd rm rmdir \
vdir sleep stty sync touch true uname join
# If both coreutils and busybox are selected, make certain coreutils
# wins the fight over who gets to have their utils actually installed.
@@ -0,0 +1,78 @@
From 1252dc1d1f465b8ab6b36ff7252e395e66a040cf Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@debian.org>
Date: Fri, 21 Jul 2017 10:46:39 +0100
Subject: [PATCH 1/2] config-loader-expat: Tell Expat not to defend against
hash collisions
By default, Expat uses cryptographic-quality random numbers as a salt for
its hash algorithm, and since 2.2.1 it gets them from the getrandom
syscall on Linux. That syscall refuses to return any entropy until the
kernel's CSPRNG (random pool) has been initialized. Unfortunately, this
can take as long as 40 seconds on embedded devices with few entropy
sources, which is too long: if the system dbus-daemon blocks for that
length of time, important D-Bus clients like systemd and systemd-logind
time out and fail to connect to it.
We're parsing small configuration files here, and we trust them
completely, so we don't need to defend against hash collisions: nobody
is going to be crafting them to cause pathological performance.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101858
Signed-off-by: Simon McVittie <smcv@debian.org>
Tested-by: Christopher Hewitt <hewitt@ieee.org>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Upstream commit 1252dc1d1f465b8ab6b36ff7252e395e66a040cf
Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
---
bus/config-loader-expat.c | 14 ++++++++++++++
configure.ac | 8 ++++++++
2 files changed, 22 insertions(+)
diff --git a/bus/config-loader-expat.c b/bus/config-loader-expat.c
index b571fda3..27cbe2d0 100644
--- a/bus/config-loader-expat.c
+++ b/bus/config-loader-expat.c
@@ -203,6 +203,20 @@ bus_config_load (const DBusString *file,
goto failed;
}
+ /* We do not need protection against hash collisions (CVE-2012-0876)
+ * because we are only parsing trusted XML; and if we let Expat block
+ * waiting for the CSPRNG to be initialized, as it does by default to
+ * defeat CVE-2012-0876, it can cause timeouts during early boot on
+ * entropy-starved embedded devices.
+ *
+ * TODO: When Expat gets a more explicit API for this than
+ * XML_SetHashSalt, check for that too, and use it preferentially.
+ * https://github.com/libexpat/libexpat/issues/91 */
+#if defined(HAVE_XML_SETHASHSALT)
+ /* Any nonzero number will do. https://xkcd.com/221/ */
+ XML_SetHashSalt (expat, 4);
+#endif
+
if (!_dbus_string_get_dirname (file, &dirname))
{
dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
diff --git a/configure.ac b/configure.ac
index 52da11fb..c4022ed7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -938,6 +938,14 @@ XML_CFLAGS=
AC_SUBST([XML_CFLAGS])
AC_SUBST([XML_LIBS])
+save_cflags="$CFLAGS"
+save_libs="$LIBS"
+CFLAGS="$CFLAGS $XML_CFLAGS"
+LIBS="$LIBS $XML_LIBS"
+AC_CHECK_FUNCS([XML_SetHashSalt])
+CFLAGS="$save_cflags"
+LIBS="$save_libs"
+
# Thread lib detection
AC_ARG_VAR([THREAD_LIBS])
save_libs="$LIBS"
--
2.11.0
+2
View File
@@ -7,6 +7,8 @@
DBUS_VERSION = 1.10.16
DBUS_SITE = http://dbus.freedesktop.org/releases/dbus
DBUS_LICENSE = AFLv2.1 or GPLv2+ (library, tools), GPLv2+ (tools)
# 0001-config-loader-expat-Tell-Expat-not-to-defend-against.patch
DBUS_AUTORECONF = YES
DBUS_LICENSE_FILES = COPYING
DBUS_INSTALL_STAGING = YES
@@ -0,0 +1,51 @@
From 5097bc0559f592683faac1f67bf350e1bddf6ed4 Mon Sep 17 00:00:00 2001
From: Thomas Markwalder <tmark@isc.org>
Date: Thu, 7 Dec 2017 11:39:30 -0500
Subject: [PATCH] [v4_3] Plugs a socket descriptor leak in OMAPI
Merges in rt46767.
[baruch: drop RELNOTES hunk]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit 5097bc0559f
omapip/buffer.c | 9 +++++++++
omapip/message.c | 2 +-
diff --git a/omapip/buffer.c b/omapip/buffer.c
index f7fdc3250e82..809034d1317b 100644
--- a/omapip/buffer.c
+++ b/omapip/buffer.c
@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
omapi_buffer_dereference (&buffer, MDL);
}
}
+
+ /* If we had data left to write when we're told to disconnect,
+ * we need recall disconnect, now that we're done writing.
+ * See rt46767. */
+ if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
+ omapi_disconnect (h, 1);
+ return ISC_R_SHUTTINGDOWN;
+ }
+
return ISC_R_SUCCESS;
}
diff --git a/omapip/message.c b/omapip/message.c
index 59ccdc2c05cf..21bcfc3822e7 100644
--- a/omapip/message.c
+++ b/omapip/message.c
@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
}
#ifdef DEBUG_PROTOCOL
-static const char *omapi_message_op_name(int op) {
+const char *omapi_message_op_name(int op) {
switch (op) {
case OMAPI_OP_OPEN: return "OMAPI_OP_OPEN";
case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
--
2.15.1
@@ -0,0 +1,59 @@
From b8c29336bd5401a5f962bc6ddfa4ebb6f0274f3c Mon Sep 17 00:00:00 2001
From: Thomas Markwalder <tmark@isc.org>
Date: Sat, 10 Feb 2018 12:15:27 -0500
Subject: [PATCH 1/2] Correct buffer overrun in pretty_print_option
Merges in rt47139.
[baruch: drop RELNOTES and test; address CVE-2018-5732]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: backported from commit c5931725b48
---
common/options.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/common/options.c b/common/options.c
index 5547287fb6e5..2ed6b16c6412 100644
--- a/common/options.c
+++ b/common/options.c
@@ -1758,7 +1758,8 @@ format_min_length(format, oc)
/* Format the specified option so that a human can easily read it. */
-
+/* Maximum pretty printed size */
+#define MAX_OUTPUT_SIZE 32*1024
const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
struct option *option;
const unsigned char *data;
@@ -1766,8 +1767,9 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
int emit_commas;
int emit_quotes;
{
- static char optbuf [32768]; /* XXX */
- static char *endbuf = &optbuf[sizeof(optbuf)];
+ /* We add 128 byte pad so we don't have to add checks everywhere. */
+ static char optbuf [MAX_OUTPUT_SIZE + 128]; /* XXX */
+ static char *endbuf = optbuf + MAX_OUTPUT_SIZE;
int hunksize = 0;
int opthunk = 0;
int hunkinc = 0;
@@ -2193,7 +2195,14 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
log_error ("Unexpected format code %c",
fmtbuf [j]);
}
+
op += strlen (op);
+ if (op >= endbuf) {
+ log_error ("Option data exceeds"
+ " maximum size %d", MAX_OUTPUT_SIZE);
+ return ("<error>");
+ }
+
if (dp == data + len)
break;
if (j + 1 < numelem && comma != ':')
--
2.16.1
@@ -0,0 +1,40 @@
From 93b5b67dd31b9efcbfaabc2df1e1d9d164a5e04a Mon Sep 17 00:00:00 2001
From: Thomas Markwalder <tmark@isc.org>
Date: Fri, 9 Feb 2018 14:46:08 -0500
Subject: [PATCH 2/2] Corrected refcnt loss in option parsing
Merges in 47140.
[baruch: drop RELNOTES and tests; address CVE-2018-5733]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: backported from commit 197b26f25309
---
common/options.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/common/options.c b/common/options.c
index 2ed6b16c6412..25b29a6be7bb 100644
--- a/common/options.c
+++ b/common/options.c
@@ -3,7 +3,7 @@
DHCP options parsing and reassembly. */
/*
- * Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2018 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 1995-2003 by Internet Software Consortium
*
* Permission to use, copy, modify, and distribute this software for any
@@ -177,6 +177,8 @@ int parse_option_buffer (options, buffer, length, universe)
/* If the length is outrageous, the options are bad. */
if (offset + len > length) {
+ /* Avoid reference count overflow */
+ option_dereference(&option, MDL);
reason = "option length exceeds option buffer length";
bogus:
log_error("parse_option_buffer: malformed option "
--
2.16.1
+4 -2
View File
@@ -1,2 +1,4 @@
# Verified from https://ftp.isc.org/isc/dhcp/4.3.5/dhcp-4.3.5.tar.gz.sha256.asc
sha256 eb95936bf15d2393c55dd505bc527d1d4408289cec5a9fa8abb99f7577e7f954 dhcp-4.3.5.tar.gz
# Verified from https://ftp.isc.org/isc/dhcp/4.3.6/dhcp-4.3.6.tar.gz.sha256.asc
sha256 a41eaf6364f1377fe065d35671d9cf82bbbc8f21207819b2b9f33f652aec6f1b dhcp-4.3.6.tar.gz
# Locally calculated
sha256 dd7ae2201c0c11c3c1e2510d731c67b2f4bc8ba735707d7348ddd65f7b598562 LICENSE
+4 -2
View File
@@ -4,14 +4,16 @@
#
################################################################################
DHCP_VERSION = 4.3.5
DHCP_VERSION = 4.3.6
DHCP_SITE = http://ftp.isc.org/isc/dhcp/$(DHCP_VERSION)
DHCP_INSTALL_STAGING = YES
DHCP_LICENSE = ISC
DHCP_LICENSE_FILES = LICENSE
DHCP_CONF_ENV = \
CPPFLAGS='-D_PATH_DHCPD_CONF=\"/etc/dhcp/dhcpd.conf\" \
-D_PATH_DHCLIENT_CONF=\"/etc/dhcp/dhclient.conf\"'
-D_PATH_DHCLIENT_CONF=\"/etc/dhcp/dhclient.conf\"' \
CFLAGS='$(TARGET_CFLAGS) -DISC_CHECK_NONE=1'
DHCP_CONF_OPTS = \
--with-randomdev=/dev/random \
--with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \
+1 -1
View File
@@ -6,7 +6,7 @@
DIALOG_VERSION = 1.2-20150125
DIALOG_SOURCE = dialog-$(DIALOG_VERSION).tgz
DIALOG_SITE = ftp://invisible-island.net/dialog
DIALOG_SITE = ftp://ftp.invisible-island.net/dialog
DIALOG_CONF_OPTS = --with-ncurses --with-curses-dir=$(STAGING_DIR)/usr \
--disable-rpath-hack
DIALOG_DEPENDENCIES = host-pkgconf ncurses
@@ -0,0 +1,212 @@
From 4fe6744a220eddd3f1749b40cac3dfc510787de6 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 19 Jan 2018 12:26:08 +0000
Subject: [PATCH] DNSSEC fix for wildcard NSEC records. CVE-2017-15107 applies.
It's OK for NSEC records to be expanded from wildcards,
but in that case, the proof of non-existence is only valid
starting at the wildcard name, *.<domain> NOT the name expanded
from the wildcard. Without this check it's possible for an
attacker to craft an NSEC which wrongly proves non-existence
in a domain which includes a wildcard for NSEC.
[baruch: drop the CHANGELOG hunk]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: upstream commit 4fe6744a220e
CHANGELOG | 12 +++++-
src/dnssec.c | 117 ++++++++++++++++++++++++++++++++++++++++++++++++++++-------
2 files changed, 114 insertions(+), 15 deletions(-)
diff --git a/src/dnssec.c b/src/dnssec.c
index eb6c11cbe00f..a54a0b4f14cf 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -103,15 +103,17 @@ static void from_wire(char *name)
static int count_labels(char *name)
{
int i;
-
+ char *p;
+
if (*name == 0)
return 0;
- for (i = 0; *name; name++)
- if (*name == '.')
+ for (p = name, i = 0; *p; p++)
+ if (*p == '.')
i++;
- return i+1;
+ /* Don't count empty first label. */
+ return *name == '.' ? i : i+1;
}
/* Implement RFC1982 wrapped compare for 32-bit numbers */
@@ -1094,8 +1096,8 @@ static int hostname_cmp(const char *a, const char *b)
}
}
-static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
- char *workspace1, char *workspace2, char *name, int type, int *nons)
+static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, unsigned char **labels, int nsec_count,
+ char *workspace1_in, char *workspace2, char *name, int type, int *nons)
{
int i, rc, rdlen;
unsigned char *p, *psave;
@@ -1108,6 +1110,9 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
/* Find NSEC record that proves name doesn't exist */
for (i = 0; i < nsec_count; i++)
{
+ char *workspace1 = workspace1_in;
+ int sig_labels, name_labels;
+
p = nsecs[i];
if (!extract_name(header, plen, &p, workspace1, 1, 10))
return 0;
@@ -1116,7 +1121,27 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
psave = p;
if (!extract_name(header, plen, &p, workspace2, 1, 10))
return 0;
-
+
+ /* If NSEC comes from wildcard expansion, use original wildcard
+ as name for computation. */
+ sig_labels = *labels[i];
+ name_labels = count_labels(workspace1);
+
+ if (sig_labels < name_labels)
+ {
+ int k;
+ for (k = name_labels - sig_labels; k != 0; k--)
+ {
+ while (*workspace1 != '.' && *workspace1 != 0)
+ workspace1++;
+ if (k != 1 && *workspace1 == '.')
+ workspace1++;
+ }
+
+ workspace1--;
+ *workspace1 = '*';
+ }
+
rc = hostname_cmp(workspace1, name);
if (rc == 0)
@@ -1514,24 +1539,26 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
static int prove_non_existence(struct dns_header *header, size_t plen, char *keyname, char *name, int qtype, int qclass, char *wildname, int *nons)
{
- static unsigned char **nsecset = NULL;
- static int nsecset_sz = 0;
+ static unsigned char **nsecset = NULL, **rrsig_labels = NULL;
+ static int nsecset_sz = 0, rrsig_labels_sz = 0;
int type_found = 0;
- unsigned char *p = skip_questions(header, plen);
+ unsigned char *auth_start, *p = skip_questions(header, plen);
int type, class, rdlen, i, nsecs_found;
/* Move to NS section */
if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
return 0;
+
+ auth_start = p;
for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
{
unsigned char *pstart = p;
- if (!(p = skip_name(p, header, plen, 10)))
+ if (!extract_name(header, plen, &p, daemon->workspacename, 1, 10))
return 0;
-
+
GETSHORT(type, p);
GETSHORT(class, p);
p += 4; /* TTL */
@@ -1548,7 +1575,69 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
return 0;
- nsecset[nsecs_found++] = pstart;
+ if (type == T_NSEC)
+ {
+ /* If we're looking for NSECs, find the corresponding SIGs, to
+ extract the labels value, which we need in case the NSECs
+ are the result of wildcard expansion.
+ Note that the NSEC may not have been validated yet
+ so if there are multiple SIGs, make sure the label value
+ is the same in all, to avoid be duped by a rogue one.
+ If there are no SIGs, that's an error */
+ unsigned char *p1 = auth_start;
+ int res, j, rdlen1, type1, class1;
+
+ if (!expand_workspace(&rrsig_labels, &rrsig_labels_sz, nsecs_found))
+ return 0;
+
+ rrsig_labels[nsecs_found] = NULL;
+
+ for (j = ntohs(header->nscount); j != 0; j--)
+ {
+ if (!(res = extract_name(header, plen, &p1, daemon->workspacename, 0, 10)))
+ return 0;
+
+ GETSHORT(type1, p1);
+ GETSHORT(class1, p1);
+ p1 += 4; /* TTL */
+ GETSHORT(rdlen1, p1);
+
+ if (!CHECK_LEN(header, p1, plen, rdlen1))
+ return 0;
+
+ if (res == 1 && class1 == qclass && type1 == T_RRSIG)
+ {
+ int type_covered;
+ unsigned char *psav = p1;
+
+ if (rdlen < 18)
+ return 0; /* bad packet */
+
+ GETSHORT(type_covered, p1);
+
+ if (type_covered == T_NSEC)
+ {
+ p1++; /* algo */
+
+ /* labels field must be the same in every SIG we find. */
+ if (!rrsig_labels[nsecs_found])
+ rrsig_labels[nsecs_found] = p1;
+ else if (*rrsig_labels[nsecs_found] != *p1) /* algo */
+ return 0;
+ }
+ p1 = psav;
+ }
+
+ if (!ADD_RDLEN(header, p1, plen, rdlen1))
+ return 0;
+ }
+
+ /* Must have found at least one sig. */
+ if (!rrsig_labels[nsecs_found])
+ return 0;
+ }
+
+ nsecset[nsecs_found++] = pstart;
}
if (!ADD_RDLEN(header, p, plen, rdlen))
@@ -1556,7 +1645,7 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
}
if (type_found == T_NSEC)
- return prove_non_existence_nsec(header, plen, nsecset, nsecs_found, daemon->workspacename, keyname, name, qtype, nons);
+ return prove_non_existence_nsec(header, plen, nsecset, rrsig_labels, nsecs_found, daemon->workspacename, keyname, name, qtype, nons);
else if (type_found == T_NSEC3)
return prove_non_existence_nsec3(header, plen, nsecset, nsecs_found, daemon->workspacename, keyname, name, qtype, wildname, nons);
else
--
2.15.1
@@ -0,0 +1,29 @@
From cd7df612b14ec1bf831a966ccaf076be0dae7404 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat, 20 Jan 2018 00:10:55 +0000
Subject: [PATCH] Fix DNSSEC validation errors introduced in
4fe6744a220eddd3f1749b40cac3dfc510787de6
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: upstream commit cd7df612b14ec
src/dnssec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/dnssec.c b/src/dnssec.c
index a54a0b4f14cf..c47e33569f96 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1610,7 +1610,7 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
int type_covered;
unsigned char *psav = p1;
- if (rdlen < 18)
+ if (rdlen1 < 18)
return 0; /* bad packet */
GETSHORT(type_covered, p1);
--
2.15.1
+1 -1
View File
@@ -4,7 +4,7 @@ config BR2_PACKAGE_DNSMASQ
A lightweight DNS and DHCP server. It is intended to provide
coupled DNS and DHCP service to a LAN.
http://www.thekelleys.org.uk/dnsmasq/
http://www.thekelleys.org.uk/dnsmasq/doc.html
if BR2_PACKAGE_DNSMASQ
+5 -1
View File
@@ -1,2 +1,6 @@
# Locally calculated after checking pgp signature
sha256 4b92698dee19ca0cb2a8f2e48f1d2dffd01a21eb15d1fbed4cf085630c8c9f96 dnsmasq-2.76.tar.xz
# http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.78.tar.xz.asc
sha256 89949f438c74b0c7543f06689c319484bd126cc4b1f8c745c742ab397681252b dnsmasq-2.78.tar.xz
# Locally calculated
sha256 dcc100d4161cc0b7177545ab6e47216f84857cda3843847c792a25289852dcaa COPYING
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING-v3
+12 -34
View File
@@ -4,7 +4,7 @@
#
################################################################################
DNSMASQ_VERSION = 2.76
DNSMASQ_VERSION = 2.78
DNSMASQ_SOURCE = dnsmasq-$(DNSMASQ_VERSION).tar.xz
DNSMASQ_SITE = http://thekelleys.org.uk/dnsmasq
DNSMASQ_MAKE_ENV = $(TARGET_MAKE_ENV) CC="$(TARGET_CC)"
@@ -40,32 +40,31 @@ endif
ifeq ($(BR2_PACKAGE_DNSMASQ_CONNTRACK),y)
DNSMASQ_DEPENDENCIES += libnetfilter_conntrack
endif
ifeq ($(BR2_PACKAGE_DNSMASQ_CONNTRACK),y)
define DNSMASQ_ENABLE_CONNTRACK
$(SED) 's^.*#define HAVE_CONNTRACK.*^#define HAVE_CONNTRACK^' \
$(DNSMASQ_DIR)/src/config.h
endef
DNSMASQ_COPTS += -DHAVE_CONNTRACK
endif
ifeq ($(BR2_PACKAGE_DNSMASQ_LUA),y)
DNSMASQ_DEPENDENCIES += lua
DNSMASQ_COPTS += -DHAVE_LUASCRIPT
# liblua uses dlopen when dynamically linked
ifneq ($(BR2_STATIC_LIBS),y)
DNSMASQ_MAKE_OPTS += LIBS+="-ldl"
endif
define DNSMASQ_ENABLE_LUA
$(SED) 's/lua5.1/lua/g' $(DNSMASQ_DIR)/Makefile
$(SED) 's^.*#define HAVE_LUASCRIPT.*^#define HAVE_LUASCRIPT^' \
$(DNSMASQ_DIR)/src/config.h
define DNSMASQ_TWEAK_LIBLUA
$(SED) 's/lua5.2/lua/g' $(DNSMASQ_DIR)/Makefile
endef
endif
ifeq ($(BR2_PACKAGE_DBUS),y)
DNSMASQ_DEPENDENCIES += dbus
DNSMASQ_COPTS += -DHAVE_DBUS
define DNSMASQ_INSTALL_DBUS
$(INSTALL) -m 0644 -D $(@D)/dbus/dnsmasq.conf \
$(TARGET_DIR)/etc/dbus-1/system.d/dnsmasq.conf
endef
endif
define DNSMASQ_FIX_PKGCONFIG
@@ -73,33 +72,12 @@ define DNSMASQ_FIX_PKGCONFIG
$(DNSMASQ_DIR)/Makefile
endef
ifeq ($(BR2_PACKAGE_DBUS),y)
define DNSMASQ_ENABLE_DBUS
$(SED) 's^.*#define HAVE_DBUS.*^#define HAVE_DBUS^' \
$(DNSMASQ_DIR)/src/config.h
endef
else
define DNSMASQ_ENABLE_DBUS
$(SED) 's^.*#define HAVE_DBUS.*^/* #define HAVE_DBUS */^' \
$(DNSMASQ_DIR)/src/config.h
endef
endif
define DNSMASQ_BUILD_CMDS
$(DNSMASQ_FIX_PKGCONFIG)
$(DNSMASQ_ENABLE_DBUS)
$(DNSMASQ_ENABLE_LUA)
$(DNSMASQ_ENABLE_CONNTRACK)
$(DNSMASQ_TWEAK_LIBLUA)
$(DNSMASQ_MAKE_ENV) $(MAKE) -C $(@D) $(DNSMASQ_MAKE_OPTS) all$(DNSMASQ_I18N)
endef
ifeq ($(BR2_PACKAGE_DBUS),y)
define DNSMASQ_INSTALL_DBUS
$(INSTALL) -m 0644 -D $(@D)/dbus/dnsmasq.conf \
$(TARGET_DIR)/etc/dbus-1/system.d/dnsmasq.conf
endef
endif
define DNSMASQ_INSTALL_TARGET_CMDS
$(DNSMASQ_MAKE_ENV) $(MAKE) -C $(@D) $(DNSMASQ_MAKE_OPTS) install$(DNSMASQ_I18N)
mkdir -p $(TARGET_DIR)/var/lib/misc/
@@ -0,0 +1,32 @@
From 902917880ca29f1007750a70cf46e7246b2d0a2a Mon Sep 17 00:00:00 2001
From: Josef 'Jeff' Sipek <jeff.sipek@dovecot.fi>
Date: Tue, 14 Nov 2017 06:01:21 +0100
Subject: [PATCH] byteorder.h: fix uclibc build
Patch suggested on upstream mailinglist:
https://www.dovecot.org/pipermail/dovecot/2017-November/110019.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
src/lib/byteorder.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/lib/byteorder.h b/src/lib/byteorder.h
index 2f5dc7c17..4ffe8da21 100644
--- a/src/lib/byteorder.h
+++ b/src/lib/byteorder.h
@@ -23,6 +23,11 @@
#ifndef BYTEORDER_H
#define BYTEORDER_H
+#undef bswap_8
+#undef bswap_16
+#undef bswap_32
+#undef bswap_64
+
/*
* These prototypes exist to catch bugs in the code generating macros below.
*/
--
2.11.0
+4 -1
View File
@@ -1,2 +1,5 @@
# Locally computed after checking signature
sha256 ccfa9ffb7eb91e9e87c21c108324b911250c9ffa838bffb64b1caafadcb0f388 dovecot-2.2.29.1.tar.gz
sha256 5e92a4325409e66b343f6aaa67174b8921ce83d0df792c6eeb0b7b7e2c808353 dovecot-2.2.34.tar.gz
sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
DOVECOT_VERSION_MAJOR = 2.2
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).29.1
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).34
DOVECOT_SITE = http://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
DOVECOT_INSTALL_STAGING = YES
DOVECOT_LICENSE = LGPLv2.1
+3 -1
View File
@@ -15,6 +15,8 @@ DVB_APPS_DEPENDENCIES = libiconv
DVB_APPS_LDLIBS += -liconv
endif
DVB_APPS_MAKE_OPTS = PERL5LIB=$(@D)/util/scan
ifeq ($(BR2_STATIC_LIBS),y)
DVB_APPS_MAKE_OPTS += enable_shared=no
else ifeq ($(BR2_SHARED_LIBS),y)
@@ -25,7 +27,7 @@ DVB_APPS_INSTALL_STAGING = YES
define DVB_APPS_BUILD_CMDS
$(TARGET_CONFIGURE_OPTS) LDLIBS="$(DVB_APPS_LDLIBS)" \
$(MAKE) -C $(@D) CROSS_ROOT=$(STAGING_DIR) \
$(MAKE1) -C $(@D) CROSS_ROOT=$(STAGING_DIR) \
$(DVB_APPS_MAKE_OPTS)
endef
@@ -0,0 +1,129 @@
From 3fb715b55426875902dfef3056b2cf7335953178 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 19 May 2017 13:25:59 -0400
Subject: [PATCH] include sys/sysmacros.h as needed
The minor/major/makedev macros are not entirely standard. glibc has had
the definitions in sys/sysmacros.h since the start, and wants to move away
from always defining them implicitly via sys/types.h (as this pollutes the
namespace in violation of POSIX). Other C libraries have already dropped
them. Since the configure script already checks for this header, use that
to pull in the header in files that use these macros.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Upstream commit 3fb715b55426875902dfef3056b2cf7335953178
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
---
debugfs/debugfs.c | 3 +++
lib/blkid/devname.c | 3 +++
lib/blkid/devno.c | 3 +++
lib/ext2fs/finddev.c | 3 +++
lib/ext2fs/ismounted.c | 3 +++
misc/create_inode.c | 4 ++++
misc/mk_hugefiles.c | 3 +++
7 files changed, 22 insertions(+)
diff --git a/debugfs/debugfs.c b/debugfs/debugfs.c
index 059ddc39..453f5b52 100644
--- a/debugfs/debugfs.c
+++ b/debugfs/debugfs.c
@@ -26,6 +26,9 @@ extern char *optarg;
#include <errno.h>
#endif
#include <fcntl.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include "debugfs.h"
#include "uuid/uuid.h"
diff --git a/lib/blkid/devname.c b/lib/blkid/devname.c
index 3e2efa9d..671e781f 100644
--- a/lib/blkid/devname.c
+++ b/lib/blkid/devname.c
@@ -36,6 +36,9 @@
#if HAVE_SYS_MKDEV_H
#include <sys/mkdev.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include <time.h>
#include "blkidP.h"
diff --git a/lib/blkid/devno.c b/lib/blkid/devno.c
index aa6eb907..480030f2 100644
--- a/lib/blkid/devno.c
+++ b/lib/blkid/devno.c
@@ -31,6 +31,9 @@
#if HAVE_SYS_MKDEV_H
#include <sys/mkdev.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include "blkidP.h"
diff --git a/lib/ext2fs/finddev.c b/lib/ext2fs/finddev.c
index 311608de..62fa0dbe 100644
--- a/lib/ext2fs/finddev.c
+++ b/lib/ext2fs/finddev.c
@@ -31,6 +31,9 @@
#if HAVE_SYS_MKDEV_H
#include <sys/mkdev.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include "ext2_fs.h"
#include "ext2fs.h"
diff --git a/lib/ext2fs/ismounted.c b/lib/ext2fs/ismounted.c
index bcac0f15..7d524715 100644
--- a/lib/ext2fs/ismounted.c
+++ b/lib/ext2fs/ismounted.c
@@ -49,6 +49,9 @@
#if HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include "ext2_fs.h"
#include "ext2fs.h"
diff --git a/misc/create_inode.c b/misc/create_inode.c
index ae22ff6f..8ce3fafa 100644
--- a/misc/create_inode.c
+++ b/misc/create_inode.c
@@ -22,6 +22,10 @@
#include <attr/xattr.h>
#endif
#include <sys/ioctl.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+
#include <ext2fs/ext2fs.h>
#include <ext2fs/ext2_types.h>
#include <ext2fs/fiemap.h>
diff --git a/misc/mk_hugefiles.c b/misc/mk_hugefiles.c
index 049c6f41..5882394d 100644
--- a/misc/mk_hugefiles.c
+++ b/misc/mk_hugefiles.c
@@ -35,6 +35,9 @@ extern int optind;
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/stat.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include <libgen.h>
#include <limits.h>
#include <blkid/blkid.h>
--
2.13.3
+1 -1
View File
@@ -3,4 +3,4 @@ config BR2_PACKAGE_EEPROG
help
Simple tool to read/write i2c eeprom chips.
http://codesink.org/eeprog.html
http://www.codesink.org/eeprog.html
+2 -2
View File
@@ -27,9 +27,9 @@ test -r $UDEV_CONFIG || exit 6
case "$1" in
start)
printf "Populating ${udev_root:-/dev} using udev: "
printf "Populating %s using udev: " "${udev_root:-/dev}"
printf '\000\000\000\000' > /proc/sys/kernel/hotplug
$UDEV_BIN -d || (echo "FAIL" && exit 1)
$UDEV_BIN -d || { echo "FAIL"; exit 1; }
udevadm trigger --type=subsystems --action=add
udevadm trigger --type=devices --action=add
udevadm settle --timeout=30 || echo "udevadm settle failed"
@@ -9,6 +9,8 @@ Inspired by:
http://patch-tracker.debian.org/patch/series/view/exim4/4.76-2/35_install.dpatch
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
(rebased against exim 4.89)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
scripts/exim_install | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
@@ -17,7 +19,7 @@ diff --git a/scripts/exim_install b/scripts/exim_install
index e68e7d5..487a4e1 100755
--- a/scripts/exim_install
+++ b/scripts/exim_install
@@ -59,6 +59,8 @@ while [ $# -gt 0 ] ; do
@@ -58,6 +58,8 @@
shift
done
@@ -26,15 +28,14 @@ index e68e7d5..487a4e1 100755
# Get the values of BIN_DIRECTORY, CONFIGURE_FILE, INFO_DIRECTORY, NO_SYMLINK,
# SYSTEM_ALIASES_FILE, and EXE from the global Makefile (in the build
# directory). EXE is empty except in the Cygwin environment. In each case, keep
@@ -218,8 +220,9 @@ while [ $# -gt 0 ]; do
@@ -217,9 +219,7 @@
# The exim binary is handled specially
if [ $name = exim${EXE} ]; then
- version=exim-`./exim -bV -C /dev/null | \
- exim="./exim -bV -C /dev/null"
- version=exim-`$exim 2>/dev/null | \
- awk '/Exim version/ { OFS=""; print $3,"-",substr($4,2,length($4)-1) }'`${EXE}
+ version=exim
+# version=exim-`./exim -bV -C /dev/null | \
+# awk '/Exim version/ { OFS=""; print $3,"-",substr($4,2,length($4)-1) }'`${EXE}
if [ "${version}" = "exim-${EXE}" ]; then
echo $com ""
+27
View File
@@ -0,0 +1,27 @@
uClibc does not contain gnu/libc-version.h
Patch sent upstream: https://bugs.exim.org/show_bug.cgi?id=2070
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
diff -uNr exim-4.88.org/src/exim.c exim-4.88/src/exim.c
--- exim-4.88.org/src/exim.c 2016-12-18 15:02:28.000000000 +0100
+++ exim-4.88/src/exim.c 2016-12-26 12:12:57.000000000 +0100
@@ -12,7 +12,7 @@
#include "exim.h"
-#ifdef __GLIBC__
+#if defined(__GLIBC__) && !defined(__UCLIBC__)
# include <gnu/libc-version.h>
#endif
@@ -1044,7 +1044,7 @@
fprintf(f, "Compiler: <unknown>\n");
#endif
-#ifdef __GLIBC__
+#if defined(__GLIBC__) && !defined(__UCLIBC__)
fprintf(f, "Library version: Glibc: Compile: %d.%d\n",
__GLIBC__, __GLIBC_MINOR__);
if (__GLIBC_PREREQ(2, 1))
@@ -0,0 +1,37 @@
From 062990cc1b2f9e5d82a413b53c8f0569075de700 Mon Sep 17 00:00:00 2001
From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
Date: Mon, 5 Feb 2018 22:23:32 +0100
Subject: [PATCH] Fix base64d() buffer size (CVE-2018-6789)
Credits for discovering this bug: Meh Chang <meh@devco.re>
[Peter: Drop ChangeLog change, fix path]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/base64.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/base64.c b/src/base64.c
index f6f187f0..e58ca6c7 100644
--- a/src/base64.c
+++ b/src/base64.c
@@ -152,10 +152,14 @@ static uschar dec64table[] = {
int
b64decode(const uschar *code, uschar **ptr)
{
+
int x, y;
-uschar *result = store_get(3*(Ustrlen(code)/4) + 1);
+uschar *result;
-*ptr = result;
+{
+ int l = Ustrlen(code);
+ *ptr = result = store_get(1 + l/4 * 3 + l%4);
+}
/* Each cycle of the loop handles a quantum of 4 input bytes. For the last
quantum this may decode to 1, 2, or 3 output bytes. */
--
2.11.0
+2 -2
View File
@@ -1,2 +1,2 @@
# Locally calculated
sha256 d4b7994c89240d2f9a9fcd7a2dffa4b72f14379001a24266f4dbb0fbe5131514 exim-4.87.1.tar.bz2
# Locally calculated after checking pgp signature
sha256 1a21322a10e2da9c0bd6a2a483b6e7ef8fa7f16efcab4c450fd73e7188f5fa94 exim-4.89.1.tar.xz
+3 -3
View File
@@ -4,9 +4,9 @@
#
################################################################################
EXIM_VERSION = 4.87.1
EXIM_SOURCE = exim-$(EXIM_VERSION).tar.bz2
EXIM_SITE = ftp://ftp.exim.org/pub/exim/exim4/old
EXIM_VERSION = 4.89.1
EXIM_SOURCE = exim-$(EXIM_VERSION).tar.xz
EXIM_SITE = ftp://ftp.exim.org/pub/exim/exim4
EXIM_LICENSE = GPLv2+
EXIM_LICENSE_FILES = LICENCE
EXIM_DEPENDENCIES = pcre berkeleydb host-pkgconf
@@ -0,0 +1,40 @@
From 6787914efad562e4097a153988109c5c7158abf7 Mon Sep 17 00:00:00 2001
From: Baruch Siach <baruch@tkos.co.il>
Date: Wed, 16 Aug 2017 13:35:57 +0300
Subject: [PATCH] getopt: fix strncmp() declaration
The strncmp() declaration does not conform with the standard as to the
type of the 'n' parameter. Fix this to avoid the following build failure
with musl libc:
n file included from main.c:61:0:
getopt.c:175:13: error: conflicting types for 'strncmp'
extern int strncmp(const char *s1, const char *s2, unsigned int n);
^~~~~~~
In file included from main.c:49:0:
.../host/x86_64-buildroot-linux-musl/sysroot/usr/include/string.h:38:5: note: previous declaration of 'strncmp' was here
int strncmp (const char *, const char *, size_t);
^~~~~~~
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: https://sourceforge.net/p/faac/bugs/217/
frontend/getopt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/frontend/getopt.c b/frontend/getopt.c
index 185d49b804dd..40c7a2242551 100644
--- a/frontend/getopt.c
+++ b/frontend/getopt.c
@@ -172,7 +172,7 @@ static enum
#if __STDC__ || defined(PROTO)
extern char *getenv(const char *name);
extern int strcmp (const char *s1, const char *s2);
-extern int strncmp(const char *s1, const char *s2, unsigned int n);
+extern int strncmp(const char *s1, const char *s2, size_t n);
static int my_strlen(const char *s);
static char *my_index (const char *str, int chr);
--
2.14.1
+3 -3
View File
@@ -1,4 +1,4 @@
# From http://sourceforge.net/projects/faac/files/faad2-src/faad2-2.7/ (used by upstream):
sha1 80eaaa5cc576c35dd28863767b795c50cbcc0511 faad2-2.7.tar.gz
# From http://sourceforge.net/projects/faac/files/faad2-src/faad2-2.8.0/ (used by upstream):
sha1 a5caa71cd915acd502d96cba56f38296277f2350 faad2-2.8.1.tar.bz2
# Locally computed
sha256 ee26ed1e177c0cd8fa8458a481b14a0b24ca0b51468c8b4c8b676fd3ceccd330 faad2-2.7.tar.gz
sha256 f4042496f6b0a60f5ded6acd11093230044ef8a2fd965360c1bbd5b58780933d faad2-2.8.1.tar.bz2
+6 -2
View File
@@ -4,10 +4,14 @@
#
################################################################################
FAAD2_VERSION = 2.7
FAAD2_SITE = http://downloads.sourceforge.net/project/faac/faad2-src/faad2-$(FAAD2_VERSION)
FAAD2_VERSION_MAJOR = 2.8
FAAD2_VERSION = $(FAAD2_VERSION_MAJOR).1
FAAD2_SITE = http://downloads.sourceforge.net/project/faac/faad2-src/faad2-$(FAAD2_VERSION_MAJOR).0
FAAD2_SOURCE = faad2-$(FAAD2_VERSION).tar.bz2
FAAD2_LICENSE = GPLv2
FAAD2_LICENSE_FILES = COPYING
# No configure script in upstream tarball
FAAD2_AUTORECONF = YES
# frontend/faad calls frexp()
FAAD2_CONF_ENV = LIBS=-lm
FAAD2_INSTALL_STAGING = YES
@@ -0,0 +1,46 @@
From a853f21633693f9eefc4949660253a5328d2d2f3 Mon Sep 17 00:00:00 2001
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
Date: Sun, 13 Aug 2017 23:21:54 +0200
Subject: [PATCH 1/1] communicate: check return status of msgrcv()
msgrcv can return with -1 to indicate an error condition.
One such error is to have been interrupted by a signal.
Being interrupted by a signal is very rare in this code, except in a
very special condition: a highly-parallel (1000 jobs!) mksquashfs on
a filesystem with extended attributes, where we see errors like (those
are mksquashfs errors):
llistxattr for titi/603/883 failed in read_attrs, because Unknown
error 1716527536
See: https://bugs.busybox.net/show_bug.cgi?id=10141
In this case, we just have to retry the call to msgrcv().
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
communicate.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/communicate.c b/communicate.c
index 293f404..787bb63 100644
--- a/communicate.c
+++ b/communicate.c
@@ -553,10 +553,13 @@ void send_get_fakem(struct fake_msg *buf)
l=msgrcv(msg_get,
(struct my_msgbuf*)buf,
sizeof(*buf)-sizeof(buf->mtype),0,0);
- while((buf->serial!=serial)||buf->pid!=pid);
+ while(((l==-1)&&(errno==EINTR))||(buf->serial!=serial)||buf->pid!=pid);
semaphore_down();
+ if(l==-1)
+ buf->xattr.flags_rc=errno;
+
/*
(nah, may be wrong, due to allignment)
--
2.11.0
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated
sha256 54ce502aca10b7e6059f19220ea2f68fa0c9c4c4d255ae13e615f08f0c94dcc5 ffmpeg-3.2.3.tar.xz
sha256 1131d37890ed3dcbc3970452b200a56ceb36b73eaa51d1c23c770c90f928537f ffmpeg-3.2.9.tar.xz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
FFMPEG_VERSION = 3.2.3
FFMPEG_VERSION = 3.2.9
FFMPEG_SOURCE = ffmpeg-$(FFMPEG_VERSION).tar.xz
FFMPEG_SITE = http://ffmpeg.org/releases
FFMPEG_INSTALL_STAGING = YES
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated
sha256 ea661277cd39bf8f063d3a83ee875432cc3680494169f952787e002bdd3884c0 file-5.29.tar.gz
sha256 8639dc4d1b21e232285cd483604afc4a6ee810710e00e579dbe9591681722b50 file-5.32.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
FILE_VERSION = 5.29
FILE_VERSION = 5.32
FILE_SITE = ftp://ftp.astron.com/pub/file
FILE_DEPENDENCIES = host-file zlib
HOST_FILE_DEPENDENCIES = host-zlib
+1 -1
View File
@@ -12,7 +12,7 @@ FIS_LICENSE_FILES = fis.c
define FIS_BUILD_CMDS
$(TARGET_CC) $(TARGET_CFLAGS) -std=c99 -o $(@D)/fis \
$(@D)/fis.c $(@D)/crc.c $(TARGE_LDFLAGS)
$(@D)/fis.c $(@D)/crc.c $(TARGET_LDFLAGS)
endef
define FIS_INSTALL_TARGET_CMDS
+2 -1
View File
@@ -15,6 +15,7 @@ FLANN_CONF_OPTS = \
-DBUILD_MATLAB_BINDINGS=OFF \
-DBUILD_EXAMPLES=$(if $(BR2_PACKAGE_FLANN_EXAMPLES),ON,OFF) \
-DUSE_OPENMP=$(if $(BR2_GCC_ENABLE_OPENMP),ON,OFF) \
-DPYTHON_EXECUTABLE=OFF
-DPYTHON_EXECUTABLE=OFF \
-DCMAKE_DISABLE_FIND_PACKAGE_HDF5=TRUE
$(eval $(cmake-package))
+2 -1
View File
@@ -12,7 +12,8 @@ FLASHROM_LICENSE = GPLv2+
FLASHROM_LICENSE_FILES = COPYING
define FLASHROM_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D)
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
CFLAGS="$(TARGET_CFLAGS) -DHAVE_STRNLEN" -C $(@D)
endef
define FLASHROM_INSTALL_TARGET_CMDS
@@ -0,0 +1,31 @@
From 65a3028024a5963d9b988d70fe7ebe116c731310 Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Mon, 11 Sep 2017 21:53:38 +0000
Subject: [PATCH] xtensa: fix PR target/82181
2017-09-11 Max Filippov <jcmvbkbc@gmail.com>
gcc/
Backport from mainline
* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
words of DImode object are reachable by xtensa_uimm8x4 access.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
index f08854729f50..4b94179636e0 100644
--- a/gcc/config/xtensa/xtensa.c
+++ b/gcc/config/xtensa/xtensa.c
@@ -599,6 +599,7 @@ xtensa_mem_offset (unsigned v, enum machine_mode mode)
case HImode:
return xtensa_uimm8x2 (v);
+ case DImode:
case DFmode:
return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
--
2.1.4
@@ -0,0 +1,31 @@
From 672910e3d1215b781cf0e4757e473f6a25ebf756 Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Mon, 11 Sep 2017 21:53:38 +0000
Subject: [PATCH] xtensa: fix PR target/82181
2017-09-11 Max Filippov <jcmvbkbc@gmail.com>
gcc/
Backport from mainline
* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
words of DImode object are reachable by xtensa_uimm8x4 access.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
index 67b369f015ad..3d1d981f885d 100644
--- a/gcc/config/xtensa/xtensa.c
+++ b/gcc/config/xtensa/xtensa.c
@@ -612,6 +612,7 @@ xtensa_mem_offset (unsigned v, enum machine_mode mode)
case HImode:
return xtensa_uimm8x2 (v);
+ case DImode:
case DFmode:
return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
--
2.1.4
@@ -0,0 +1,31 @@
From 329c471661493e48e0fc65fa6c17ef86517483ed Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Mon, 11 Sep 2017 21:53:38 +0000
Subject: [PATCH] xtensa: fix PR target/82181
2017-09-11 Max Filippov <jcmvbkbc@gmail.com>
gcc/
Backport from mainline
* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
words of DImode object are reachable by xtensa_uimm8x4 access.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
index 36ab1e370853..bf02fceb416e 100644
--- a/gcc/config/xtensa/xtensa.c
+++ b/gcc/config/xtensa/xtensa.c
@@ -637,6 +637,7 @@ xtensa_mem_offset (unsigned v, machine_mode mode)
case HImode:
return xtensa_uimm8x2 (v);
+ case DImode:
case DFmode:
return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
--
2.1.4
@@ -0,0 +1,31 @@
From dc90c186f755e726a097c9bb8bf6c4e7a45d8a07 Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Mon, 11 Sep 2017 21:53:38 +0000
Subject: [PATCH] xtensa: fix PR target/82181
2017-09-11 Max Filippov <jcmvbkbc@gmail.com>
gcc/
Backport from mainline
* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
words of DImode object are reachable by xtensa_uimm8x4 access.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
index 70f698aba0ae..750b685b23e7 100644
--- a/gcc/config/xtensa/xtensa.c
+++ b/gcc/config/xtensa/xtensa.c
@@ -601,6 +601,7 @@ xtensa_mem_offset (unsigned v, machine_mode mode)
case HImode:
return xtensa_uimm8x2 (v);
+ case DImode:
case DFmode:
return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
--
2.1.4
-32
View File
@@ -1,32 +0,0 @@
Fix gdlib-config
Since the @LIBICONV@ macro doesn't get replaced at compile time, we
end up installing an invalid gdlib-config: the gdlib-config --libs
says that one should link against @LIBICONV@ which obviously doesn't
work.
Use the OpenWRT patch from
https://dev.openwrt.org/browser/packages/libs/gd/patches/101-gdlib-config.patch
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
--- a/config/gdlib-config.in
+++ b/config/gdlib-config.in
@@ -71,7 +71,7 @@ while test $# -gt 0; do
echo @LDFLAGS@
;;
--libs)
- echo -lgd @LIBS@ @LIBICONV@
+ echo -lgd @LIBS@
;;
--cflags|--includes)
echo -I@includedir@
@@ -84,7 +84,7 @@ while test $# -gt 0; do
echo "includedir: $includedir"
echo "cflags: -I@includedir@"
echo "ldflags: @LDFLAGS@"
- echo "libs: @LIBS@ @LIBICONV@"
+ echo "libs: @LIBS@"
echo "libdir: $libdir"
echo "features: @FEATURES@"
;;
@@ -1,50 +0,0 @@
From ea2a03e983acf34a1320b460dcad43b7e0b0b14f Mon Sep 17 00:00:00 2001
Message-Id: <ea2a03e983acf34a1320b460dcad43b7e0b0b14f.1397134306.git.baruch@tkos.co.il>
From: Baruch Siach <baruch@tkos.co.il>
Date: Thu, 10 Apr 2014 15:49:13 +0300
Subject: [PATCH] gd_bmp: fix build with uClibc
Some architectures (like ARM) don't have the long double variants of math
functions under uClibc. Add a local ceill definition in this case.
Patch status: reported upstream,
https://bitbucket.org/libgd/gd-libgd/issue/123/build-failure-agains-uclibc-arm
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
src/gd_bmp.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/gd_bmp.c b/src/gd_bmp.c
index 0fc021909f1b..11b3ec1baa01 100644
--- a/src/gd_bmp.c
+++ b/src/gd_bmp.c
@@ -25,6 +25,11 @@
#include "gdhelpers.h"
#include "bmp.h"
+#include <features.h>
+#if defined (__UCLIBC__) && !defined(__UCLIBC_HAS_LONG_DOUBLE_MATH__)
+#define NO_LONG_DOUBLE
+#endif
+
static int compress_row(unsigned char *uncompressed_row, int length);
static int build_rle_packet(unsigned char *row, int packet_type, int length, unsigned char *data);
@@ -42,6 +47,13 @@ static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
#define BMP_DEBUG(s)
+#ifdef NO_LONG_DOUBLE
+long double ceill(long double x)
+{
+ return (long double) ceil((double) x);
+}
+#endif
+
static int gdBMPPutWord(gdIOCtx *out, int w)
{
/* Byte order is little-endian */
--
1.9.1
+2 -1
View File
@@ -1,2 +1,3 @@
# Locally calculated
sha256 137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6 libgd-2.2.4.tar.xz
sha256 8c302ccbf467faec732f0741a859eef4ecae22fea2d2ab87467be940842bde51 libgd-2.2.5.tar.xz
sha256 d02dae2141d49b8a6b09b2b73e68a8f17d7bbeaaf02b3b841ee11fea2d9e328d COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
GD_VERSION = 2.2.4
GD_VERSION = 2.2.5
GD_SOURCE = libgd-$(GD_VERSION).tar.xz
GD_SITE = https://github.com/libgd/libgd/releases/download/gd-$(GD_VERSION)
GD_INSTALL_STAGING = YES
@@ -0,0 +1,41 @@
From 09a2c3e0164545324a1ddee70f5c9fdee71e2079 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Sun, 18 Jun 2017 23:09:43 +0200
Subject: [PATCH] nat/linux-ptrace.c: add missing gdb_byte* cast
On noMMU platforms, the following code gets compiled:
child_stack = xmalloc (STACK_SIZE * 4);
Where child_stack is a gdb_byte*, and xmalloc() returns a void*. While
the lack of cast is valid in C, it is not in C++, causing the
following build failure:
../nat/linux-ptrace.c: In function 'int linux_fork_to_function(gdb_byte*, int (*)(void*))':
../nat/linux-ptrace.c:273:29: error: invalid conversion from 'void*' to 'gdb_byte* {aka unsigned char*}' [-fpermissive]
child_stack = xmalloc (STACK_SIZE * 4);
Therefore, this commit adds the appropriate cast.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Upstream commit: ffce45d2243e5f52f411e314fc4e1a69f431a81f]
---
gdb/nat/linux-ptrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gdb/nat/linux-ptrace.c b/gdb/nat/linux-ptrace.c
index 3447e07..33833e2 100644
--- a/gdb/nat/linux-ptrace.c
+++ b/gdb/nat/linux-ptrace.c
@@ -270,7 +270,7 @@ linux_fork_to_function (gdb_byte *child_stack, int (*function) (void *))
#define STACK_SIZE 4096
if (child_stack == NULL)
- child_stack = xmalloc (STACK_SIZE * 4);
+ child_stack = (gdb_byte*) xmalloc (STACK_SIZE * 4);
/* Use CLONE_VM instead of fork, to support uClinux (no MMU). */
#ifdef __ia64__
--
2.9.4
+4 -1
View File
@@ -61,9 +61,11 @@ endif
# When gdb sources are fetched from the binutils-gdb repository, they
# also contain the binutils sources, but binutils shouldn't be built,
# so we disable it.
# so we disable it (additionally the option --disable-install-libbfd
# prevents the un-wanted installation of libobcodes.so and libbfd.so).
GDB_DISABLE_BINUTILS_CONF_OPTS = \
--disable-binutils \
--disable-install-libbfd \
--disable-ld \
--disable-gas
@@ -189,6 +191,7 @@ HOST_GDB_CONF_OPTS = \
--enable-threads \
--disable-werror \
--without-included-gettext \
--with-curses \
$(GDB_DISABLE_BINUTILS_CONF_OPTS)
ifeq ($(BR2_PACKAGE_HOST_GDB_TUI),y)

Some files were not shown because too many files have changed in this diff Show More