Compare commits

...

133 Commits

Author SHA1 Message Date
Peter Korsgaard 8ee6c1d60e Update for 2017.02.6
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 22:17:59 +02:00
Baruch Siach 07ddb40567 libidn: fix build without makeinfo
Build fails when the makeinfo utility is not installed on the host.

Fixes:
http://autobuild.buildroot.net/results/dfd/dfdfb34ed81ba3a4b7a7271be482e75eca849dbf/
http://autobuild.buildroot.net/results/b33/b33c0b0e6b1033ab1d1294a91b869ee6adcd391a/
http://autobuild.buildroot.net/results/940/9401cc10f6da6a2e3453ebc65ce573c370733fb5/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f6227928cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 21:36:27 +02:00
Baruch Siach 46b07c8a87 libidn: add fix for CVE-2017-14062
Add upstream patch fixing CVE-2017-14062:

Integer overflow in the decode_digit function in puny_decode.c in
Libidn2 before 2.0.4 allows remote attackers to cause a denial of
service or possibly have unspecified other impact.

This issue also affects libidn.

Unfortunately, the patch also triggers reconf of the documentation
subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined
in doc/Makefile.am. Add autoreconf to handle that.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 49cb795f79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 21:36:09 +02:00
Peter Seiderer bde9621d0f gst1-plugins-bad: fix build against openjpeg 2.2
Add upstream patch to fix build against openjpeg 2.2.

Fixes [1]:

  gstopenjpeg.h:42:37: fatal error: openjpeg-2.1/openjpeg.h: No such file or directory

[1] http://autobuild.buildroot.net/results/90f1f7838f08e3a557be27470406d4d84dbcc828

[Peter: drop meson changes for 2017.02.x]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3a5d4db954)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 16:46:53 +02:00
Peter Korsgaard 5f9d99944a openjpeg: fix build without C++ support
Fixes:
http://autobuild.buildroot.net/results/e2f/e2ff0a7fa2b911157edf6c43a8eed797b22edd46/
http://autobuild.buildroot.net/results/670/6706339e7df2f2e7d0d7a15663bed185ca55c2a1/

Openjpeg is written in C, but with the move to CMake the build system now
errors out if a C++ compiler isn't available.  Fix it by patching the
CMakeLists.txt to not require C++ support.

Patch submitted upstream:
https://github.com/uclouvain/openjpeg/pull/1027

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d2911fec6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 09:01:14 +02:00
Olivier Schonken 1a22a5fcb3 openjpeg: Fix malloc poison issue
The malloc poison issue has been fixed upstream, this patch will thus only
be temporary.

Fixes the following autobuild issues

       sparc | http://autobuild.buildroot.net/results/c1b7a316ca2a4db49023f304dbc7fd5fed05bd9d
        bfin | http://autobuild.buildroot.net/results/031ece7a72e76a9155938cb283de859bd12a8171
         sh4 | http://autobuild.buildroot.net/results/88664451f71c12ccd94e874d408fbb680bea1695
      xtensa | http://autobuild.buildroot.net/results/fbede64a5a86d4868b6da0ab1275e75803235af0
     powerpc | http://autobuild.buildroot.net/results/6c641650509048039b18fbeb010dbca0f0fc5292
microblazeel | http://autobuild.buildroot.net/results/fa2d5272b2db73cbfa441ead9250157c5626ab15
    mips64el | http://autobuild.buildroot.net/results/fc96f6628f71e05d9a74e0e13e50178d29a2c495
         sh4 | http://autobuild.buildroot.net/results/a6d6a6dcb9b4fa250edaaf5935762c5820457b23
      x86_64 | http://autobuild.buildroot.net/results/47b4ca2cc661582d86830b9353a6c8af86e4ba35
         arc | http://autobuild.buildroot.net/results/08e2e4eca6c3dbde8116a649dbf46e52ded45d10
         arc | http://autobuild.buildroot.net/results/899fa044aab7ee28acfa71544f2105da4a5c97d5
         arm | http://autobuild.buildroot.net/results/6016f6885b21d6e8c6199a6833c7acce6210ecc6
         arm | http://autobuild.buildroot.net/results/adbb3c76497e89161535c711de98809a0fa168a7
        or1k | http://autobuild.buildroot.net/results/de3ef69a72d2c2082e202fbed702c53a51274fef
    mips64el | http://autobuild.buildroot.net/results/39b186b13001a810e0992b52321f1015b445d2fd
      x86_64 | http://autobuild.buildroot.net/results/22c6a29a1ded6aedf01adfdfcf26302248dba80c
         arm | http://autobuild.buildroot.net/results/b62c54b727eb5f576c4a517a69c495b537c3b69a
        m68k | http://autobuild.buildroot.net/results/a826561c5786be5f0088b50b633210593e23ffff
         arm | http://autobuild.buildroot.net/results/d32ec927a5e4d5644cb3641014bcf6ebe5c14490

Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19d8081865)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-24 09:01:06 +02:00
Peter Korsgaard 4adb61ec73 tor: security bump to version 0.2.9.12
Fixes CVE-2017-0380: Stack disclosure in hidden services logs when
SafeLogging disabled

For more details, see:
https://trac.torproject.org/projects/tor/ticket/23490

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-23 23:10:24 +02:00
Peter Korsgaard 8fbd4de7c2 CHANGES: update with recent changes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-23 11:04:39 +02:00
Peter Korsgaard 1f8ed52c55 bind: use http:// instead of ftp:// for site
To avoid issues with firewalls blocking ftp.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 771bb2d58d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-23 10:29:35 +02:00
Peter Korsgaard b449b86637 bind: bump to version 9.11.2
Adds support for the new ICANN DNSSEC root key for the upcoming KSK rollover
(Oct 11):

https://www.icann.org/resources/pages/ksk-rollover

For more details, see the release notes:
https://kb.isc.org/article/AA-01522

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f3e3b36159)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-23 10:29:25 +02:00
Peter Korsgaard b6b99d28ef gdk-pixbuf: security bump to version 2.36.10
Fixes the following security issues:

CVE-2017-2862 - An exploitable heap overflow vulnerability exists in the
gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6.  A
specially crafted jpeg file can cause a heap overflow resulting in remote
code execution.  An attacker can send a file or url to trigger this
vulnerability.

CVE-2017-2870 - An exploitable integer overflow vulnerability exists in the
tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with
Clang.  A specially crafted tiff file can cause a heap-overflow resulting in
remote code execution.  An attacker can send a file or a URL to trigger this
vulnerability.

CVE-2017-6311 - gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows
context-dependent attackers to cause a denial of service (NULL pointer
dereference and application crash) via vectors related to printing an error
message.

The host version now needs the same workaround as we do for the target to
not pull in shared-mime-info.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3853675ae0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 09:00:35 +02:00
Vicente Olivert Riera 4ec2c80824 gdk-pixbuf: bump version to 2.36.6
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0fcf03eb5d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 09:00:17 +02:00
Gustavo Zacarias 6c99140688 gdk-pixbuf: copy loaders.cache later on
Trying to copy loaders.cache from host-gdk-pixbuf to the gdk-pixbuf
build directory in the post-patch hook is too early when using TLP (it
breaks horribly) since host-gdk-pixbuf isn't built yet during the
massive unpack/patch cycle.
Switch it to the pre-build hook instead which ensures that gdk-pixbuf
dependencies were already built.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1f4e1656bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 09:00:08 +02:00
Gustavo Zacarias 0995804d44 gdk-pixbuf: bump to version 2.36.5
This release needs a new tweak regarding loaders.cache - it's now used
to build the thumbnailer.
Since we already generate it using the host variant for the target we
can re-use this for the build step.
It's not necessary to used the tweaked version since the build one is
only used to account for mime types, not the plugins/loaders themselves.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 487b419cc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 08:59:57 +02:00
Baruch Siach d6c24f879f flashrom: fix static build with uClibc
Define HAVE_STRNLEN to avoid local strnlen() definition.

Fixes:
http://autobuild.buildroot.net/results/7dc/7dc4298e3a07c73e03f70205516d68a0f4c2d297/
http://autobuild.buildroot.net/results/e36/e362848eb45f6b8100131361e6e5faa546f0bbd8/
http://autobuild.buildroot.net/results/69e/69ef10ec710f418b4d10c1edb4f2ce2e49b522bf/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 57f4efed79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-22 08:53:14 +02:00
Peter Korsgaard 6f4d4ae57e package/samba4: security bump to version 4.5.14
Release notes:
https://www.samba.org/samba/history/samba-4.5.14.html

Fixes
- CVE-2017-12150 (SMB1/2/3 connections may not require signing where
  they should)
- CVE-2017-12151 (SMB3 connections don't keep encryption across DFS
  redirects)
- CVE-2017-12163 (Server memory information leak over SMB1)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 23:24:59 +02:00
Peter Korsgaard ca10c68c6d package/ffmpeg: security bump to version 3.2.8
Fixes a number of integer overflows and DoS issues.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 23:24:51 +02:00
Peter Korsgaard 99ab71180f linux-headers: bump 3.18.x and 4.1.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:45:03 +02:00
Bernd Kuhls 643783f9a9 linux-headers: bump 3.2.x and 4.{4, 9, 12, 13}.x series
[Peter: drop 4.12.x/4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b4afe7a8cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:25:23 +02:00
Peter Korsgaard 1944fe8b46 pkgconf: update upstream URL in Config.in
The download location got changed two years ago when the version was bumped
to 0.9.12, but the upstream URL in Config.in wasn't updated.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 13cb944aab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:03:06 +02:00
Bernd Kuhls 43f910fc7d package/apache: add patch to fix CVE-2017-9798
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 6d24caf0cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:02:40 +02:00
Bernd Kuhls 5fc7f48234 package/proxychains-ng: security bump to version 4.11
Version 4.9 fixes CVE-2015-3887:
https://github.com/rofl0r/proxychains-ng/issues/60

Added md5 & sha1 hashes provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9d71b8978a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 17:01:02 +02:00
Luca Ceresoli 557039368d docs/manual: fix typo
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e10e4d19e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:52:08 +02:00
Peter Korsgaard a86d28d850 cmake: explicitly disable openssl support for host-cmake
host-cmake will optionally link with openssl for the embedded copy of
libarchive if available, leaking host dependencies and possibly causing
build issues in case of compatibility issues - E.G. the host-cmake version
we have in 2017.02.x doesn't build against openssl-1.1.0+:

https://github.com/libarchive/libarchive/issues/810

The openssl support in libarchive is unlikely to be needed, so explicitly
disable it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f87138339b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:51:28 +02:00
Peter Korsgaard f0b6a90eae bluez5_utils: add upstream security fix for CVE-2017-1000250
Fixes CVE-2017-1000250 - All versions of the SDP server in BlueZ 5.46 and
earlier are vulnerable to an information disclosure vulnerability which
allows remote attackers to obtain sensitive information from the bluetoothd
process memory.  This vulnerability lies in the processing of SDP search
attribute requests.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:23:37 +02:00
Bernd Kuhls fe8577d2ce package/imagemagick: security bump to version 7.0.7-1
Quoting CVE-related issues from
https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog

2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
    https://github.com/ImageMagick/ImageMagick/issues/632).

2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues) including
    https://github.com/ImageMagick/ImageMagick/issues/618 (CVE-2017-12676).

2017-07-23  7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    https://github.com/ImageMagick/ImageMagick/issues/600 (CVE-2017-13141),
    https://github.com/ImageMagick/ImageMagick/issues/602 (CVE-2017-12565).

2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...>
  * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
    https://github.com/ImageMagick/ImageMagick/issues/582
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference
    https://github.com/ImageMagick/ImageMagick/issues/586).

2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Stop a memory leak in read_user_chunk_callback() (reference
    https://github.com/ImageMagick/ImageMagick/issues/517,
    CVE 2017-11310).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1cf1b98de6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:21:56 +02:00
Bernd Kuhls fc6dda414c package/imagemagick: bump version to 7.0.6-0
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dfde97dce5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:21:40 +02:00
Bernd Kuhls aaeae27072 package/imagemagick: change download url to github
Upstream quickly removes old versions from
http://www.imagemagick.org/download/releases

For our LTS versions we should switch to a stable upstream repo which
provides all released versions.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 02edd7cd80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 16:21:29 +02:00
Petr Kulhavy 1ce4be9c5e download/git: force gzip compression level 6
Force gzip compression level 6 when calculating hash of a downloaded GIT repo.
To make sure the tar->gzip->checksum chain always provides consistent result.`

The script was relying on the default compression level, which must not be
necessarily consistent among different gzip versions. The level 6 is gzip's
current default compression level.

Signed-off-by: Petr Kulhavy <brain@jikos.cz>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 04a22cf1b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 15:41:26 +02:00
Bernd Kuhls 3196246a9b package/librsync: security bump to version 2.0.0
Removed patch applied upstream, switched to cmake-package following
upstream removal of autoconf.

Short summary of changes:

version 1.0.1
- switched from autoconf to cmake

version 1.0.0:
- fixed CVE-2014-8242
- project moved to github

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b860bd83b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 14:36:29 +02:00
Bernd Kuhls 251a65c915 package/librsync: fix build error with gcc7
Fixes
http://autobuild.buildroot.net/results/4a1/4a1931565674442c6117b2b202a002dd0ec12a4b/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit eb7e07702c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 14:34:05 +02:00
Bernd Kuhls b0753098a5 linux-headers: bump 4.{9, 12, 13}.x series
[Peter: drop 4.12.x/4.13.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2aae8765fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 14:16:01 +02:00
Peter Korsgaard 465aa6e587 supervisor: security bump to version 3.1.4
Fixes CVE-2017-11610 - The XML-RPC server in supervisor before 3.0.1, 3.1.x
before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote
authenticated users to execute arbitrary commands via a crafted XML-RPC
request, related to nested supervisord namespace lookups.

For more details, see
https://github.com/Supervisor/supervisor/issues/964

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 38a1c4821a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 13:18:27 +02:00
Peter Korsgaard a8676e86fe ruby: add upstream security patches bumping rubygems to 2.6.13
We unfortunately cannot use the upstream patches directly as they are not in
'patch -p1' format, so convert them and include instead.

Fixes:

CVE-2017-0899 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications that include terminal escape
characters.  Printing the gem specification would execute terminal escape
sequences.

CVE-2017-0900 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications to cause a denial of service attack
against RubyGems clients who have issued a `query` command.

CVE-2017-0901 - RubyGems version 2.6.12 and earlier fails to validate
specification names, allowing a maliciously crafted gem to potentially
overwrite any file on the filesystem.

CVE-2017-0902 - RubyGems version 2.6.12 and earlier is vulnerable to a DNS
hijacking vulnerability that allows a MITM attacker to force the RubyGems
client to download and install gems from a server that the attacker
controls.

For more details, see
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0e5448af50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 13:17:17 +02:00
Vicente Olivert Riera 38b5b49689 ruby: bump version to 2.4.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 81de172d11)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 13:17:09 +02:00
Peter Korsgaard 74d64007d5 tcpdump: security bump to version 4.9.2
Fixes the following security issues (descriptions not public yet):

    Fix buffer overflow vulnerabilities:
      CVE-2017-11543 (SLIP)
      CVE-2017-13011 (bittok2str_internal)
    Fix infinite loop vulnerabilities:
      CVE-2017-12989 (RESP)
      CVE-2017-12990 (ISAKMP)
      CVE-2017-12995 (DNS)
      CVE-2017-12997 (LLDP)
    Fix buffer over-read vulnerabilities:
      CVE-2017-11541 (safeputs)
      CVE-2017-11542 (PIMv1)
      CVE-2017-12893 (SMB/CIFS)
      CVE-2017-12894 (lookup_bytestring)
      CVE-2017-12895 (ICMP)
      CVE-2017-12896 (ISAKMP)
      CVE-2017-12897 (ISO CLNS)
      CVE-2017-12898 (NFS)
      CVE-2017-12899 (DECnet)
      CVE-2017-12900 (tok2strbuf)
      CVE-2017-12901 (EIGRP)
      CVE-2017-12902 (Zephyr)
      CVE-2017-12985 (IPv6)
      CVE-2017-12986 (IPv6 routing headers)
      CVE-2017-12987 (IEEE 802.11)
      CVE-2017-12988 (telnet)
      CVE-2017-12991 (BGP)
      CVE-2017-12992 (RIPng)
      CVE-2017-12993 (Juniper)
      CVE-2017-11542 (PIMv1)
      CVE-2017-11541 (safeputs)
      CVE-2017-12994 (BGP)
      CVE-2017-12996 (PIMv2)
      CVE-2017-12998 (ISO IS-IS)
      CVE-2017-12999 (ISO IS-IS)
      CVE-2017-13000 (IEEE 802.15.4)
      CVE-2017-13001 (NFS)
      CVE-2017-13002 (AODV)
      CVE-2017-13003 (LMP)
      CVE-2017-13004 (Juniper)
      CVE-2017-13005 (NFS)
      CVE-2017-13006 (L2TP)
      CVE-2017-13007 (Apple PKTAP)
      CVE-2017-13008 (IEEE 802.11)
      CVE-2017-13009 (IPv6 mobility)
      CVE-2017-13010 (BEEP)
      CVE-2017-13012 (ICMP)
      CVE-2017-13013 (ARP)
      CVE-2017-13014 (White Board)
      CVE-2017-13015 (EAP)
      CVE-2017-11543 (SLIP)
      CVE-2017-13016 (ISO ES-IS)
      CVE-2017-13017 (DHCPv6)
      CVE-2017-13018 (PGM)
      CVE-2017-13019 (PGM)
      CVE-2017-13020 (VTP)
      CVE-2017-13021 (ICMPv6)
      CVE-2017-13022 (IP)
      CVE-2017-13023 (IPv6 mobility)
      CVE-2017-13024 (IPv6 mobility)
      CVE-2017-13025 (IPv6 mobility)
      CVE-2017-13026 (ISO IS-IS)
      CVE-2017-13027 (LLDP)
      CVE-2017-13028 (BOOTP)
      CVE-2017-13029 (PPP)
      CVE-2017-13030 (PIM)
      CVE-2017-13031 (IPv6 fragmentation header)
      CVE-2017-13032 (RADIUS)
      CVE-2017-13033 (VTP)
      CVE-2017-13034 (PGM)
      CVE-2017-13035 (ISO IS-IS)
      CVE-2017-13036 (OSPFv3)
      CVE-2017-13037 (IP)
      CVE-2017-13038 (PPP)
      CVE-2017-13039 (ISAKMP)
      CVE-2017-13040 (MPTCP)
      CVE-2017-13041 (ICMPv6)
      CVE-2017-13042 (HNCP)
      CVE-2017-13043 (BGP)
      CVE-2017-13044 (HNCP)
      CVE-2017-13045 (VQP)
      CVE-2017-13046 (BGP)
      CVE-2017-13047 (ISO ES-IS)
      CVE-2017-13048 (RSVP)
      CVE-2017-13049 (Rx)
      CVE-2017-13050 (RPKI-Router)
      CVE-2017-13051 (RSVP)
      CVE-2017-13052 (CFM)
      CVE-2017-13053 (BGP)
      CVE-2017-13054 (LLDP)
      CVE-2017-13055 (ISO IS-IS)
      CVE-2017-13687 (Cisco HDLC)
      CVE-2017-13688 (OLSR)
      CVE-2017-13689 (IKEv1)
      CVE-2017-13690 (IKEv2)
      CVE-2017-13725 (IPv6 routing headers)

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 478ee139b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 12:05:11 +02:00
Baruch Siach c56c5956cf libarchive: security bump to version 3.3.2
CVE-2016-8687: Stack-based buffer overflow in the safe_fprintf function
in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a
denial of service via a crafted non-printable multibyte character in a
filename.

CVE-2016-8688: The mtree bidder in libarchive 3.2.1 does not keep track
of line sizes when extending the read-ahead, which allows remote
attackers to cause a denial of service (crash) via a crafted file, which
triggers an invalid read in the (1) detect_form or (2) bid_entry
function in libarchive/archive_read_support_format_mtree.c.

CVE-2016-8689: The read_Header function in
archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote
attackers to cause a denial of service (out-of-bounds read) via multiple
EmptyStream attributes in a header in a 7zip archive.

CVE-2016-10209: The archive_wstring_append_from_mbs function in
archive_string.c in libarchive 3.2.2 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via a
crafted archive file.

CVE-2016-10349: The archive_le32dec function in archive_endian.h in
libarchive 3.2.2 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted file.

CVE-2016-10350: The archive_read_format_cab_read_header function in
archive_read_support_format_cab.c in libarchive 3.2.2 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted file.

CVE-2017-5601: An error in the lha_read_file_header_1() function
(archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote
attackers to trigger an out-of-bounds read memory access and
subsequently cause a crash via a specially crafted archive.

Add upstream patch fixing the following issue:

CVE-2017-14166: libarchive 3.3.2 allows remote attackers to cause a
denial of service (xml_data heap-based buffer over-read and application
crash) via a crafted xar archive, related to the mishandling of empty
strings in the atol8 function in archive_read_support_format_xar.c.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f871b21c89)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 12:04:04 +02:00
Thomas Petazzoni 215d7a04b7 qt: add patch fixing build failure on ARMv8 in 32-bit mode
The Qt package currently fails to build on ARMv8 cores in 32-bit mode
(for example, if you select ARM and then Cortex-A53), because the ARM
atomic operation implementation in Qt checks if we're on ARMv7, then
on ARMv6, and otherwise falls back to an ARMv5 implementation. The
latter uses the swp instruction, which doesn't exist on ARMv8, causing
a build failure.

To solve this, we simply add a patch that uses the ARMv7 atomic
operations for ARMv8-A.

There is no autobuilder reference because we don't have any ARMv8
32-bit configuration in the autobuilders.

Cc: <ivychend@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 95389fe98c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 12:01:46 +02:00
Thomas Petazzoni e55836dab0 qt: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 35bc55eaaa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-21 12:01:00 +02:00
Peter Korsgaard 05355b04d4 xen: add upstream post-4.7.3 security fixes
Fixes the following security issues:

XSA-226: multiple problems with transitive grants (CVE-2017-12135)
XSA-227: x86: PV privilege escalation via map_grant_ref (CVE-2017-12137)
XSA-228: grant_table: Race conditions with maptrack free list handling
         (CVE-2017-12136)
XSA-230: grant_table: possibly premature clearing of GTF_writing /
	 GTF_reading (CVE-2017-12855)
XSA-231: Missing NUMA node parameter verification (CVE-2017-14316)
XSA-232: Missing check for grant table (CVE-2017-14318)
XSA-233: cxenstored: Race in domain cleanup (CVE-2017-14317)
XSA-234: insufficient grant unmapping checks for x86 PV guests
         (CVE-2017-14319)
XSA-235: add-to-physmap error paths fail to release lock on ARM

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-19 13:56:48 +02:00
Peter Korsgaard 59e03d863d unrar: security bump to version 5.5.8
Fixes the following security issues:

CVE-2017-12938 - UnRAR before 5.5.7 allows remote attackers to bypass a
directory-traversal protection mechanism via vectors involving a symlink to
the . directory, a symlink to the .. directory, and a regular file.

CVE-2017-12940 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the EncodeFileName::Decode call within the Archive::ReadHeader15
function.

CVE-2017-12941 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the Unpack::Unpack20 function.

CVE-2017-12942 - libunrar.a in UnRAR before 5.5.7 has a buffer overflow in
the Unpack::LongLZ function.

For more details, see
http://www.openwall.com/lists/oss-security/2017/08/14/3

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 322599744c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-18 09:47:56 +02:00
Peter Korsgaard de22cee061 strongswan: add upstream security patch
Fixes CVE-2017-11185: The gmp plugin in strongSwan before 5.6.0 allows
remote attackers to cause a denial of service (NULL pointer dereference and
daemon crash) via a crafted RSA signature.

For more details, see
https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2a59db1bb0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-18 09:47:13 +02:00
Peter Korsgaard 3284e172f4 libsoup: security bump to version 2.56.1
Fixes CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding

For more details, see
https://bugzilla.gnome.org/show_bug.cgi?id=785774

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0f5398f0e6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-18 09:44:31 +02:00
Peter Korsgaard c128009659 gd: security bump to version 2.2.5
Fixes the following security issues:

CVE-2017-6362: Double-free in gdImagePngPtr()
CVE-2017-7890: Buffer over-read into uninitialized memory

Drop patches no more needed:

0001-gdlib-config.patch: @LIBICONV@ is nowadays correct AC_SUBST'ed by
configure

0002-gd_bmp-fix-build-with-uClibc.patch: upstream uses ceil() since
https://github.com/libgd/libgd/commit/6913dd3cd2a7c2914ad9622419f9343bfe956135

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3b85d24c1d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-18 09:43:36 +02:00
Max Filippov 8afd8781fe package/gcc: fix ICE on xtensa, PR target/82181
Memory references to DI mode objects could incorrectly be created at
offsets that are not supported by instructions l32i/s32i, resulting in
ICE at a stage when access to the object is split into access to its
subwords:
  drivers/staging/rtl8188eu/core/rtw_ap.c:445:1:
     internal compiler error: in change_address_1, at emit-rtl.c:2126

Fixes: https://lkml.org/lkml/2017/9/10/151
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-12 23:59:07 +02:00
Peter Korsgaard 8681b9477b linux-headers: bump 3.18.x version to 3.18.70
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:37:40 +02:00
Bernd Kuhls a711d9e25b linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19af2fe70c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:37:04 +02:00
Bernd Kuhls 8a673badcb package/botan: security bump to version 1.10.16
Fixes CVE-2017-2801: A programming error exists in a way Randombit Botan
cryptographic library version 2.0.1 implements x500 string comparisons which
could lead to certificate verification issues and abuse.  A specially
crafted X509 certificate would need to be delivered to the client or server
application in order to trigger this vulnerability.

[Peter: extend commit message with security fixes info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 033aa8d4e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 16:49:21 +02:00
Baruch Siach 0f6388e374 mbedtls: security bump to version 2.6.0
Fixes CVE-2017-14032: authentication bypass.

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

Add license hash.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aa70897e29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 15:14:49 +02:00
Olivier Schonken 4a944b6a2d openjpeg: security bump to version 2.2.0
Fixes the following security issues:

CVE-2016-10504: Heap-based buffer overflow vulnerability in the
opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote
attackers to cause a denial of service (application crash) via a crafted bmp
file.

CVE-2016-10505: NULL pointer dereference vulnerabilities in the imagetopnm
function in convert.c, sycc444_to_rgb function in color.c,
color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in
color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of
service (application crash) via crafted j2k files.

CVE-2016-10506: Division-by-zero vulnerabilities in the functions
opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG
before 2.2.0 allow remote attackers to cause a denial of service
(application crash) via crafted j2k files.

CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function
in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a
denial of service (heap-based buffer over-read and application crash) via a
crafted bmp file.

[Peter: extend commit message with security fixes info]
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 37b2fe73cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 15:10:40 +02:00
Peter Korsgaard 6f4428337e subversion: security bump to version 1.9.7
Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
svn+ssh URLs in svn:externals and svn:sync-from-url

For more details, see
http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c6b793779c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 23:48:12 +02:00
Peter Korsgaard d3463a9907 file: security bump to version 5.32
Fixes CVE-2017-1000249 - Stack buffer overflow with a specially crafted
.notes section in an ELF binary file.

For more details, see: http://www.openwall.com/lists/oss-security/2017/09/05/3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 89a38e6397)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 23:47:41 +02:00
Vicente Olivert Riera fae25a1d21 file: bump version to 5.31
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e173bbe958)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 23:47:34 +02:00
Gustavo Zacarias 51be260e88 file: bump to version 5.30
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ac82e0ebad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 23:47:19 +02:00
Max Filippov c357dd607b package/binutils: fix crash caused by buggy xtensa overlay
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:57:07 +02:00
Peter Korsgaard a554694145 linux-headers: bump 3.18.x version to 3.18.69
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:55:23 +02:00
Julien Corjon f6a9094103 package/netplug: init script create needed lock directory
Init script use /var/lock/subsys/netplugd but directory
/var/lock/subsys can be missing.

Signed-off-by: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c81c6d8f3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:51:59 +02:00
Adam Duskett 0e3334e25b postgresql: security bump to version 9.6.5
Fixes the following security issues (9.6.4):

CVE-2017-7546: Empty password accepted in some authentication methods
CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges
CVE-2017-7548: lo_put() function ignores ACLs

For more info, see https://www.postgresql.org/about/news/1772/

[Peter: extend commit message with security fixes info]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 95e284bd27)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:48:01 +02:00
Adam Duskett f16d963789 libxml2: security bump to version 2.9.5
Fixes CVE-2017-9049, CVE-2017-9050, CVE-2017-9047, CVE-2017-9048,
CVE-2017-5969.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Thomas: improved commit log, from Baruch suggestion.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d8bc440e3a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:42:51 +02:00
Bernd Kuhls 146c38cfcf linux-headers: bump 4.{4, 9}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fa46a89fe0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 14:36:37 +02:00
Peter Korsgaard 1aeb48b66f transmission: gtk option needs libgtk3
Fixes the following configure issue:

checking for GTK... no
configure: error: Package requirements (gtk+-3.0 >= 3.4.0
                              glib-2.0 >= 2.32.0
                              gio-2.0 >= 2.26.0,
                              gmodule-2.0 >= 2.32.0
                              gthread-2.0 >= 2.32.0) were not met:

libgtk2 support was dropped in commit cdd71c642724 ((trunk gtk) #4970 remove
deprecated GTK+ API calls, raise GTK+ dependency to 3.2) which was part of
transmission-2.61.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a2935ee288)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:32:07 +02:00
Bernd Kuhls ac5da5e315 package/transmission: fix gtk support
Gtk support is controlled by ARG_WITH since
https://github.com/transmission/transmission/commit/2ccc2bbbfe2e4a26dfeaa13b56c412ea0af4ebe4

Fixes a build error if libgtk2/3 was built before transmission:
http://autobuild.buildroot.net/results/6b6/6b6ce352a9edfe3aaba82be143092a878e7715ed/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e67fbcfa94)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:31:53 +02:00
Erico Nunes f9064cb3b1 grub2: force -fno-stack-protector in CFLAGS
grub2 fails to configure when BR2_SSP_ALL is enabled, with the following
configure error:

  checking whether -fno-asynchronous-unwind-tables works... yes
  checking whether -fno-unwind-tables works... yes
  checking for target linking format... unknown
  configure: error: no suitable link format found

This can be worked around by enforcing -fno-stack-protector in the
package CFLAGS in a way that overrides the SSP flag, as is already done
for the valgrind package.

Fixes bug #10261.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Reported-by: Dr I J Ormshaw <ian_ormshaw@waters.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2a27294e9a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:28:57 +02:00
Yann E. MORIN 6866015b70 package/linux-tools: gpio does not build in parallel
Partially fixes #10276.

Reported-by: Ciro Santilli <ciro.santilli@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Ciro Santilli <ciro.santilli@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4a03d1ac29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:27:23 +02:00
Baruch Siach 6f107edbef libgcrypt: security bump to version 1.7.9
Fixes CVE-2017-0379: Mitigate a local side-channel attack on Curve25519
dubbed "May the Fourth be With You".

As we are close to release, don't update to the latest 1.8.1 version,
but to a maintenance release from the 1.7 branch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit cd4514109a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:26:06 +02:00
Baruch Siach 1519ba33f5 gnupg: security bump to version 1.4.22
Mitigate a flush+reload side-channel attack on RSA secret keys
dubbed "Sliding right into disaster".  For details see
<https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

Switch to https site for better firewall compatibility and security.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 453ca1d6ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:25:10 +02:00
Fabio Estevam 451d115add linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 10b1273264)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:19:41 +02:00
Kurt Van Dijck 290b6cfdf6 bcusdk: eibd: drop local clock_gettime in USB backends
clock_gettime is defined locally, and calls pth_int_time, which
in turn calls clock_gettime.
The USB backend shouldn't overrule clock_gettime in the first place.
This patch fixes this endless recursion by removing the local defition.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bc4f5598dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:17:24 +02:00
Bernd Kuhls 1faeae820d linux-headers: bump 3.{2, 10}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fec74492ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:15:58 +02:00
Bernd Kuhls 21d7b1e4fc package/squid: fix typo
Fixed typo added by
https://git.buildroot.net/buildroot/commit/package/squid?id=d2f7d0d72cd7e00ffbe869011d200f0a4a53e7a5

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7c5526c79c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:14:05 +02:00
Baruch Siach 8d5a92e2b6 connman: security bump to version 1.35
Fixes CVE-2017-12865: stack overflow in dns proxy feature.

Cc: Martin Bark <martin@barkynet.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 104879aab0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:12:34 +02:00
Martin Bark d672e0c4d7 package/connman: bump version to 1.34
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 579568ce09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 13:12:24 +02:00
Yann E. MORIN a6ae588ccc package/nvidia-driver: install an egl.pc
A lot of packages expect an egl.pc to decide that EGL is available. So,
provide one.

As suggested by Alexandre, use the one from nvidia-tegra23 as template.

Reported-by: Alexandre Maumené <alexandre@maumene.org>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Alexandre Maumené <alexandre@maumene.org>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 05a86bdf1f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:41:00 +02:00
Bernd Kuhls ec732da99e package/libphidget: fix upstream source URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dc9cc4d7cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:36:03 +02:00
Bernd Kuhls 0dba28fce1 package/iucode-tool: fix upstream source URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9f2369b5f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:35:53 +02:00
Bernd Kuhls 09549cc322 package/iostat: fix upstream source URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3d37cc2c97)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:34:30 +02:00
Bernd Kuhls af76cb192a package/dialog: fix upstream source URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5fdebd3b8a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:33:19 +02:00
Andrey Smirnov aac336dfd7 package/nss-pam-ldapd: Do not mark .service file executable
Do not mark .service file executable, otherwise systemd
will give us a warning about it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 06cf5c1812)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:31:25 +02:00
Andrey Smirnov c565971bd7 package/transmission: Do not mark .service file executable
Do not mark .service file executable, otherwise systemd
will give us a warning about it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a1c3ae753e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:31:11 +02:00
Andrey Smirnov ece5e09891 package/minidlna: Do not mark .service file executable
Do not mark .service file executable, otherwise systemd
will give us a warning about it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fb825fbaf9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:30:04 +02:00
Bernd Kuhls d4451a4c96 linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8e291b97ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:29:32 +02:00
Thomas Petazzoni e72e252af5 mediastreamer: add dependency on host-vim
host-vim is needed to provide the xxd tool, otherwise the build fails
with:

checking for xxd... no
configure: error: "xxd is required (provided by vim package)"

This isn't noticed by the autobuilders, presumably because all of them
have vim installed locally.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 377d10577b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:26:54 +02:00
Thomas Petazzoni f21b3b83f8 vim: add host variant
Vim contains a tool called xxd, which is needed by mediastreamer on
the host as part of its build process. Therefore, this commit
introduces a host variant for the vim package, that will be used by
mediastreamer.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 38d098402e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:26:43 +02:00
Thomas Petazzoni 0e60dd830f mediastreamer: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c0369e05ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:26:33 +02:00
Andrey Smirnov 3df894d83c package/rpcbind: Do not mark .service and .socket files executable
Do not mark .service and .socket files executable, otherwise systemd
will give us a warning about it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3a41c96a25)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:18:29 +02:00
Bernd Kuhls 0190c95a5a package/zmqpp: link with libatomic when needed
Fixes
http://autobuild.buildroot.net/results/c32/c32b9b8dd00d6f6d3db27fae9d8de758a4f25138/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 55a9d6d558)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:17:04 +02:00
Bernd Kuhls 0b51c59e19 linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ab157dd4d1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:11:28 +02:00
Baruch Siach ec88eeaea0 faad2: fix build with musl libc
The getopt.c code declares the strncmp() routine in a non confirming way
under non GNU libc. Patch the code to make the declaration standard
conforming.

Fixes:
http://autobuild.buildroot.net/results/447/4471be349d7ad2e998a4d55afd33aa046a5d1fd2/
http://autobuild.buildroot.net/results/2a9/2a90f4f518884fb50f7ad6ab505dee7565ed869e/
http://autobuild.buildroot.net/results/6b1/6b159b766d791492bab4d897c33ce07845fb7119/

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6f6795d77d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 12:07:01 +02:00
Yann E. MORIN 2ff69117fe fs/iso9660: really create initrd temp dir
In case we're using an initrd, we create an empty "root" directory that
will contain only the bootloader stuff, not the actual root filesystem,
because it is in an initrd (standalone or initramfs).

We have to ensure that the directory is empty before assembling the
filesystem (to avoid any file lingering from a previous run, like the
sequence  "make; make"). So we first remove it before we create it, so
that on each build (especially not-from-scratch builds) we get the exact
expected content without any leftover.

However, the macro responsible for that, although defined since 7080eef9,
was never called.

Fix that by registering it as a pre-gen hook.

Note: the directory need not be created, as there are quite a few
"install -D" commands that ensure it is created. Yet, we prefer to
create it explicitly to avoid any confusion.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8a26adddde)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 11:08:26 +02:00
Yann E. MORIN ac847623f5 package/fakeroot: fix highly parallel uses
Although the issue can very well occur with low-paralle builds, or even
with non-parallel builds, the conditions are so strict that the ocasion
it breaks is extremely rare, to the point where a failure would go
unnoticed.

Fixes #10141.

Reported-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit eff989bab8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 11:06:40 +02:00
Baruch Siach 7728fc745d whois: bump to version 5.2.17
Fixes serious usability issues (Debian changelog):

  * Fixed whois referrals for .com, .net, .jobs, .bz, .cc and .tv,
    broken by an ICANN-mandated output change:
    https://www.icann.org/resources/pages/rdds-labeling-policy-2017-02-01-en

Use snapshot.debian.org for the .dsc reference, since files tend to
disappear from the official Debian ftp site over time.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 978724d8cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 11:03:09 +02:00
Waldemar Brodkorb fdce421a5f gpsd: fix build for microblaze architecture
Disable O2 and add O0. The suggested flags in the gcc report
are not enough for gcc >= 6.

Fixes:

  http://autobuild.buildroot.net/results/3686cd3f3e7b6aee84f4377bd2dded1115321fb3/

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
[Thomas: use Git to format the patch, improve patch description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

(cherry picked from commit e6d0177f53)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:47:38 +02:00
Arnout Vandecappelle 3afb4a1f9c e2fsprogs: add patch for recent glibc
Recent glibc have deprecated the implicit include of sys/sysmacros.h
from sys/types.h. That means that the macros major and minor are no
longer defined unless this header is included.

This problem was observed for host-e2fsprogs when building on a host
with recent glibc.

Add an upstream patch that includes sys/sysmacros.h when needed.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Dagg Stompler <daggs@gmx.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Tested-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ed295ce49b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:30:40 +02:00
Thomas Petazzoni 75b9ec066c lua: ensure pkgconfig directory exists before installing files
The lua staging and host installation commands generate a file in
usr/lib/pkgconfig, without first making sure that this directory
exists, which causes build failures if it doesn't. This commit adjusts
those installation commands to create this directory if needed.

Fixes:

  http://autobuild.buildroot.net/results/101c89e1d6aee942a0b1c4e4f3daf8ac2414a56c/

Based on investigation and initial (more complicated) fix provided by
Francois Perrad <francois.perrad@gadz.org>.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 25a2650086)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:26:35 +02:00
Dagg Stompler cd86df9e0b sysvinit: fix compilation error against musl
This commit adds a patch to the sysvinit package that fixes various
build issues against musl due to missing header includes.

Signed-off-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7ec15db9db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:24:07 +02:00
Baruch Siach b4dbe2e781 sysvinit: adjust help text
sysvinit is far from ultimate init implementation these days. Update the
help text to match reality.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e9a2746710)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:23:57 +02:00
Peter Korsgaard 19d178a5cb package/git: security bump to version 2.12.4
Fixes CVE-2017-1000117:
http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:08:18 +02:00
Thomas Petazzoni d0973b7b47 libcurl: fix build on uncommon architectures
Since the bump to 7.55.0, libcurl fails to build on a number of
uncommon architectures (ARC, OpenRISC, etc.). This is due to upstream
commit 73a2fcea0b4adea6ba342cd7ed1149782c214ae3 ("includes: remove
curl/curlbuild.h and curl/curlrules.h"), which makes libcurl rely on
more architecture-specific related defines in include/curl/system.h.

This commit therefore adds a patch that fixes the 32-bit vs. 64-bit
detection for all architecture, using gcc's __SIZEOF_LONG__
definition. It has been tested successfully with test-pkg on all 47
toolchain configurations.

Fixes:

  http://autobuild.buildroot.net/results/bf26c08cf3267214278674472f931603f69951ae/
  (and many similar issues)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6361a50e3f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-06 00:01:25 +02:00
Yann E. MORIN 1bed722b73 package/valgrind: hide comment when arch is not supported
Currently, the comment that "valgrind needs shared libs" is not hidden
when the architecture dependencies are not met, which can confuse some
users (as recently seen on IRC).

Fix that by introducing the traditional _ARCH_SUPPORTS option, and have
the comment and the symbol depend on that.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Brandon Maier <brandon.maier@rockwellcollins.com>
Cc: Jérôme Pouiller <jezz@sysmic.org>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Reviewed--by: Pedro Ribeiro <pedrib@gmail.com>
Tested-by: Pedro Ribeiro <pedrib@gmail.com>
[Arnout: put _ARCH_SUPPORTS at the top of the file]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit afb6bc67a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:59:29 +02:00
Baruch Siach 57fa665847 libcurl: security bump to version 7.55.0
Fixes:

 glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)
 tftp: reject file name lengths that don't fit (CVE-2017-1000100)
 file: output the correct buffer to the user (CVE-2017-1000099)

Switch to .tar.xz to save bandwidth.

Add reference to tarball signature.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d88c79090a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:56:29 +02:00
Naoki Matsumoto 9c0d97c701 libcurl: LICENSE value changes to SPDX
The curl license is a MIT/X derivative license, but
has a distinct identifier in SPDX, so use that:

https://spdx.org/licenses/curl.html

[Peter: reword commit message]
Signed-off-by: Naoki Matsumoto <n-matsumoto@melcoinc.co.jp>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit d80110a635)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:56:02 +02:00
Adam Duskett fea005f3c2 libcurl: bump version to 7.54.1
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c52d50336e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:55:40 +02:00
Jörg Krause 9a11ca9c6d lua: fix pkg-config file
When Lua is linked with additional libraries, these libraries should go
into the pkg-config file as well.

Otherwise, linking swupdate with the lua library fails:

```
/home/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/liblua.so: undefined reference to `dlopen'
/home/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/liblua.so: undefined reference to `dlclose'
/home/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/liblua.so: undefined reference to `dlerror'
/home/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/liblua.so: undefined reference to `dlsym'
```

Fixes http://autobuild.buildroot.net/results/1c3/1c349cc5904868e4def292b9fbfa164828e46156

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8d845683e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:48:11 +02:00
Thomas Petazzoni e8f6630b10 gdb: add fix for gdb 7.12 and gdb 8.0 build on noMMU platforms
This adds a patch to gdb 7.12 and gdb 8.x, which fixes the build on
noMMU platforms. It is not needed for older versions of gdb, since
it's related to the switch of gdb to C++ in the 7.12 release.

Fixes:

../nat/linux-ptrace.c: In function 'int linux_fork_to_function(gdb_byte*, int (*)(void*))':
../nat/linux-ptrace.c:273:29: error: invalid conversion from 'void*' to 'gdb_byte* {aka unsigned char*}' [-fpermissive]
       child_stack = xmalloc (STACK_SIZE * 4);

The patch has already been merged upstream, as of commit
ffce45d2243e5f52f411e314fc4e1a69f431a81f, and will therefore be part
of future gdb releases.

[Peter: drop gdb-8.0 patch]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5c12506f4d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:43:12 +02:00
Samuel Martin c2e4924597 pkg-cmake.mk: set pkg-config env. vars. in the host configure environment
This change is fixing the bug reported in [1].

Cmake may run pkg-config to find the dependencies when configuring a
package. Because of the value of PATH, and it will use the Buildroot's
pkg-config wrapper, which, by default, is configured (via some
environment variables) to find the target dependencies.

When configuring a host package using cmake, to prevent cmake from
wrongly solving dependencies from the target tree (when the
*-config.cmake files are using pkg-config) instead of looking for them
in the Buildroot's host tree or in the host system itself, we need to
set the environment variables altering the pkg-config behavior in the
cmake configure environment.

So, this change is fixing the cmake host-packages configuration step,
by properly setting the pkg-config environment variables to their values
for finding host dependencies.

Before this patch:

  make O=/opt/br/abo/cmake-host-find-root-path libxml2 host-mariadb{-dirclean,-configure} && echo $?
  [...]
  >>> host-mariadb 10.1.25 Configuring
  (mkdir -p /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ && cd /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ && rm -f CMakeCache.txt && PATH="/opt/br/abo/cmake-host-find-root-path/host/bin:/opt/br/abo/cmake-host-find-root-path/host/sbin:/home/sam/.local/bin:/sbin:/usr/sbin:/bin:/usr/bin"  /usr/bin/cmake /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="/opt/br/abo/cmake-host-find-root-path/host" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="/opt/br/abo/cmake-host-find-root-path/host" -DCMAKE_C_FLAGS="-O2 -I/opt/br/abo/cmake-host-find-root-path/host/include" -DCMAKE_CXX_FLAGS="-O2 -I/opt/br/abo/cmake-host-find-root-path/host/include" -DCMAKE_EXE_LINKER_FLAGS="-L/opt/br/abo/cmake-host-find-root-path/host/lib -Wl,-rpath,/opt/br/abo/cmake-host-find-root-path/host/lib"
  -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="/usr/bin/gcc" -DCMAKE_CXX_COMPILER="/usr/bin/g++"  -DCMAKE_C_COMPILER_ARG1="" -DCMAKE_CXX_COMPILER_ARG1=""  -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=OFF  -DWITH_SSL=bundled )
  -- Running cmake version 3.8.2
  [...]
  -- Found PkgConfig: /opt/br/abo/cmake-host-find-root-path/host/bin/pkg-config (found version "0.28")
  [...]
  -- Found LibXml2: /opt/br/abo/cmake-host-find-root-path/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libxml2.so (found version "2.9.4")
  [...]
  0

After this patch is applied:

  make O=/opt/br/abo/cmake-host-find-root-path libxml2 host-mariadb{-dirclean,-configure} && echo $?
  [...]
  >>> host-mariadb 10.1.25 Configuring
  (mkdir -p /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ && cd /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ && rm -f CMakeCache.txt && PATH="/opt/br/abo/cmake-host-find-root-path/host/bin:/opt/br/abo/cmake-host-find-root-path/host/sbin:/home/sam/.local/bin:/sbin:/usr/sbin:/bin:/usr/bin" PKG_CONFIG="/opt/br/abo/cmake-host-find-root-path/host/bin/pkg-config" PKG_CONFIG_SYSROOT_DIR="/" PKG_CONFIG_LIBDIR="/opt/br/abo/cmake-host-find-root-path/host/lib/pkgconfig:/opt/br/abo/cmake-host-find-root-path/host/share/pkgconfig" PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 PKG_CONFIG_ALLOW_SYSTEM_LIBS=1  /usr/bin/cmake /opt/br/abo/cmake-host-find-root-path/build/host-mariadb-10.1.25/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="/opt/br/abo/cmake-host-find-root-path/host" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="/opt/br/abo/cmake-host-find-roo
 t-path/host" -DCMAKE_C_FLAGS="-O2 -I/opt/br/abo/cmake-host-find-root-path/host/include" -DCMAKE_CXX_FLAGS="-O2 -I/opt/br/abo/cmake-host-find-root-path/host/include" -DCMAKE_EXE_LINKER_FLAGS="-L/opt/br/abo/cmake-host-find-root-path/host/lib -Wl,-rpath,/opt/br/abo/cmake-host-find-root-path/host/lib" -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="/usr/bin/gcc" -DCMAKE_CXX_COMPILER="/usr/bin/g++"  -DCMAKE_C_COMPILER_ARG1="" -DCMAKE_CXX_COMPILER_ARG1=""  -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=OFF  -DWITH_SSL=bundled )
  -- Running cmake version 3.8.2
  [...]
  -- Found PkgConfig: /opt/br/abo/cmake-host-find-root-path/host/bin/pkg-config (found version "0.28")
  [...]
  -- Found LibXml2: /usr/lib/libxml2.so (found version "2.9.4")
  [...]
  0

[1] http://lists.busybox.net/pipermail/buildroot/2017-August/199776.html

Reported-by: "Sigalas, Antonios (Nokia - GR/Athens)" <antonios.sigalas@nokia.com>
Cc: "Sigalas, Antonios (Nokia - GR/Athens)" <antonios.sigalas@nokia.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c9f9b16a2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:39:16 +02:00
Baruch Siach 214343add7 faad2: security bump to version 2.8.1
Fixes: CVE-2017-9218, CVE-2017-9219, CVE-2017-9220, CVE-2017-9221,
CVE-2017-9222, CVE-2017-9223, CVE-2017-9253, CVE-2017-9254,
CVE-2017-9255, CVE-2017-9256, CVE-2017-9257

http://seclists.org/fulldisclosure/2017/Jun/32

Switch to .tar.bz2 to save some bandwidth.

Add autoreconf since unfortunately upstream tarball does not ship the
configure script.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1e2c245bf4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:31:46 +02:00
Peter Seiderer da9f101e80 bind: fix configure in case lmdb devel files are present on the host
Fix configure failure in case lmdb devel files are present on the host
by adding --without-lmdb option (reported [1] and fix tested [2],[3] by
grunpferd@netscape.net).

Fixes:

  checking for lmdb library... yes
  checking for library containing mdb_env_create... no
  configure: error: found lmdb include but not library.

[1] http://lists.busybox.net/pipermail/buildroot/2017-August/199945.html
[2] http://lists.busybox.net/pipermail/buildroot/2017-August/199963.html
[3] http://lists.busybox.net/pipermail/buildroot/2017-August/199964.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit bb95fef1e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:26:32 +02:00
Bernd Kuhls e40be53f7b package/jack2: backport two build fixes
0005-gcc7.patch fixes
http://autobuild.buildroot.net/results/c06/c0610325d7785dfa51c5d36775623ca8fa517f24/

0006-fix-ftbfs-with-clang.patch
fixes the subsequent build error:
common/memops.c.31.o: In function `sample_move_dither_rect_d16_sSs':
memops.c:(.text+0x4dc): undefined reference to `fast_rand'

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 50ace0bcc3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:24:04 +02:00
Thomas Petazzoni cbadc716d3 jack2: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d8e0a2d4ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:23:34 +02:00
Bernd Kuhls 246df454ff linux-headers: aarch64: Prevent selecting unsupported versions
Versions older than Linux v3.7 do not support the aarch64 architecture
so disable them, for reference see https://kernelnewbies.org/Linux_3.7

Without this patch these defconfigs fail to build

BR2_aarch64=y
BR2_KERNEL_HEADERS_3_2=y

BR2_aarch64=y
BR2_KERNEL_HEADERS_3_4=y

with error messages like this:

make[1]: Entering directory '/home/buildroot/br5_next/output/build/linux-headers-3.2.89'
Makefile:567: /home/buildroot/br5_next/output/build/linux-headers-3.2.89/arch/arm64/Makefile: No such file or directory

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1291528bde)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:19:29 +02:00
Bernd Kuhls 99c6d668a6 linux-headers: bump 4.{4, 9, 12}.x series
[Peter: drop 4.12.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a4a6c74171)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:15:53 +02:00
Bernd Kuhls f1b0e69d92 linux-headers: bump 4.1.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d38797edee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:14:52 +02:00
Marcus Hoffmann 935b33b258 dbus: add upstream patch to fix startup hang with with expat >= 2.2.1
After c0ad6ded01 expat: security bump to version 2.2.1
the system can hang on startup under certain circumstances.

This happens when:
  * we use systemd as init system
  * the random nonblocking pool takes a while to initialize
    * this apparently doesn't happen on qemu, so this would not have
      been caught by the runtime testing infrastructure
    * it also doesn't seem to happen when network booting

For a more detailed description of the bug see here:
https://bugs.freedesktop.org/show_bug.cgi?id=101858

The patch should be in next dbus version 1.10.24

Set DBUS_AUTORECONF = YES because configure.ac is changed.

Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
[Arnout: add upstream commit sha + Marcus's Sob to the patch]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5a5e76381f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:12:15 +02:00
Max Filippov 7e8fa57537 package/binutils: fix crash caused by buggy xtensa overlay
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.

[Peter: drop 2.28.x/2.29.x variants]
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 83f7fb0d5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-05 23:02:09 +02:00
Peter Korsgaard bb82c24ce0 samba4: bump to version 4.5.13
4.5.13 is a bugfix release, fixing a number of important issues:

https://www.samba.org/samba/history/samba-4.5.13.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 23:59:07 +02:00
Bernd Kuhls 85a32431a7 package/samba4: add optional dependency to dbus
samba4 picks up dbus as dependency if it was built before:

Checking for dbus                : yes
Checking for header dbus/dbus.h  : yes
Checking for library dbus-1      : yes

There is no configure option to control dbus support so we just make
sure dbus is built before samba4 to have reproducible builds.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 17f6c26590)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 23:30:50 +02:00
Thomas Petazzoni 64e480fd7a gdb: force to use ncurses and not termcap for host-gdb
Both our target and host gdb depend on ncurses (host-ncurses for
host-gdb, of course). However, while for the target we passs
--with-curses, we are not doing this for the host variant. Due to
this, host-gdb default to using the termcap library: if such a library
is available on the build system, it will be used instead of the
host-ncurses we have built. This causes the host gdb binary to depend
on a library that we do not provide in $(HOST_DIR), breaking the
principle of a standalone SDK (which should only depend on the C
library).

To solve this, we simply pass --with-curses in HOST_GDB_CONF_OPTS,
which forces host-gdb to use the host-ncurses library.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8c36c65ab8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 23:28:14 +02:00
Peter Korsgaard 2ca9ecd206 ffmpeg: security bump to version 3.2.7
Fixes the following security issues (https://ffmpeg.org/security.html):

3.2.4:

CVE-2017-5024 - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux,
Windows and Mac, failed to perform proper bounds checking, which allowed a
remote attacker to potentially exploit heap corruption via a crafted video
file.

CVE-2017-5025 - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux,
Windows and Mac, failed to perform proper bounds checking, which allowed a
remote attacker to potentially exploit heap corruption via a crafted video
file.

3.2.5:

CVE-2017-9991 - Heap-based buffer overflow in the xwd_decode_frame function
in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x
before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted file.

CVE-2017-9992 - Heap-based buffer overflow in the decode_dds1 function in
libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before
3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted file.

CVE-2017-9994 - libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before
3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does
not ensure that pix_fmt is set, which allows remote attackers to cause a
denial of service (heap-based buffer overflow and application crash) or
possibly have unspecified other impact via a crafted file, related to the
vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

CVE-2017-9996 - The cdxl_decode_frame function in libavcodec/cdxl.c in
FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x
before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow and application crash) or possibly have unspecified other
impact via a crafted file.

3.2.6:

CVE-2017-9608 - NULL pointer exception.

CVE-2017-9993 - FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x
before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live
Streaming filename extensions and demuxer names, which allows attackers to
read arbitrary files via crafted playlist data.

3.2.7:

CVE-2017-11399 - Integer overflow in the ape_decode_frame function in
libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause
a denial of service (out-of-array access and application crash) or possibly
have unspecified other impact via a crafted APE file.

CVE-2017-11665 - The ff_amf_get_field_value function in
libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a
denial of service (Segmentation Violation and application crash) via a
crafted stream.

CVE-2017-11719 - The dnxhd_decode_header function in libavcodec/dnxhddec.c
in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service
(out-of-array access) or possibly have unspecified other impact via a
crafted DNxHD file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 23:07:17 +02:00
Bernd Kuhls 6918f13762 package/snappy: fix typo
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 662b830dd7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:59:00 +02:00
Baruch Siach 288d26acd5 squashfs: fix build with gcc 7
gcc 7 with -Os (optimize for size) takes the liberty to remove the code of
inline function entirely. This leads to undefined function references at link
time. Restore gcc original inline behaviour to fix this issue.

Fixes:
http://autobuild.buildroot.net/results/3c5/3c5b1d799dce3ba361d618330c242bf4eba76019/
http://autobuild.buildroot.net/results/09f/09f350b62e2486404b78222dce211400bb233000/
http://autobuild.buildroot.net/results/693/693960ed7c01622c756dcc929e83b3b713c16ccc/

Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f308e4420f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:55:51 +02:00
Baruch Siach 3f9fedb217 librsvg: security bump to version 2.40.18
http://ftp.gnome.org/pub/gnome/sources/librsvg/2.40/librsvg-2.40.18.news

CVE-2017-11464 - Fix division-by-zero in the Gaussian blur code.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b76a15ed14)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:51:31 +02:00
Baruch Siach b758567fc9 librsvg: update homepage link
The SF page redirects to gnome.org.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a81979758d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:50:52 +02:00
Charles Hardin 80c457604f package/python-service-identity: the attrs distribution is required
Apparently the service identify code requires the python attrs
to be availabe:

Traceback (most recent call last):
  File "/opt/exablox/bin/configsrv", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3138, in <module>
    @_call_aside
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3124, in _call_aside
    f(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3151, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 661, in _build_master
    ws.require(__requires__)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 962, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 849, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'attrs' distribution was not found and is required by service-identity

Signed-off-by: Charles Hardin <ckhardin@exablox.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 49229b157c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:45:25 +02:00
Fabio Estevam 66ceb5ba45 linux-headers: bump 4.{4, 9, 12}.x series
[Peter: Drop 4.12.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f43096034b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 22:32:12 +02:00
Adrián Pérez de Castro 904d5330a3 webkitgtk: Add patch for properly picking GL flags when building
This solves build failures caused by WebKit trying to include X11 headers
when support for X11 is disabled in Mesa3D. A common situation is when
configuring both GTK+ and WebKitGTK+ only with Wayland support.

Once the fix for https://bugs.webkit.org/show_bug.cgi?id=175125 makes it
into a release, the patch can be dropped.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c2da653d08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 09:02:17 +02:00
Adrián Pérez de Castro 6a1fa08095 webkitgtk: Add upstream patch needed for builds with ENABLE_VIDEO=OFF
This includes a slightly modified version of the patch for bug
https://bugs.webkit.org/show_bug.cgi?id=174940

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f2b9399c76)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 09:01:41 +02:00
Adrián Pérez de Castro a0658ea000 webkitgtk: Allow building with BR2_PACKAGE_WEBKITGTK_MULTIMEDIA disabled
Explicitly pass "-DENABLE_MEDIA_STREAM=OFF" to CMake, to workaround a
missing feature dependency in the WebKitGTK+ build files.

Related upstream bug: https://bugs.webkit.org/show_bug.cgi?id=174940

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9aceb8bfa8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 09:00:52 +02:00
Adrián Pérez de Castro 075494dd3f webkitgtk: Add patches which allow building for ARMv8-A
The two added patches allow building WebKitGTK+ when the compiler
scpecifically targets ARMv8-A, and reports as such be pre-defining
__ARCH_ARM_8A__ instead of just __ARCH_ARM_8__. Both patches were
pulled from the corresponding upstream bug reports and edited to
remove the conflicting parts which edit the ChangeLog files.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3e4efb30f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 09:00:29 +02:00
Yegor Yefremov ef7ff0f445 python-libconfig: fix Python3 build
boost_python library is named boost_python3, if boost is built
under Python3 environment. The patch fixes setup.py accordingly.

Fixes:
http://autobuild.buildroot.net/results/975/97533965180436c2f7a99de07fdc360ef57f84b0
http://autobuild.buildroot.net/results/b49/b49de32704f0f7ce5a610cf4363c6dcc2d8bafa1
http://autobuild.buildroot.net/results/e26/e26b4b9b486c582fb55826817a3428569968320f

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3cd8023c73)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:57:52 +02:00
Marcus Hoffmann 0e1d908376 package/pkg-kconfig.mk: fix typo in comment
Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 412a872e21)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:46:09 +02:00
Ryan Coe e0b2bd6dff mariadb: security bump version to 10.1.26
Release notes: https://mariadb.com/kb/en/mariadb-10126-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10126-changelog/

Fixes the following security vulnerabilities:

CVE-2017-3636 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client programs). Supported versions that are affected are
5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability
allows low privileged attacker with logon to the infrastructure where MySQL
Server executes to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Server accessible data as well as unauthorized read access to
a subset of MySQL Server accessible data and unauthorized ability to cause
a partial denial of service (partial DOS) of MySQL Server.

CVE-2017-3641 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily
exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause
a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2017-3653 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult
to exploit vulnerability allows low privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized update, insert or delete
access to some of MySQL Server accessible data.

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ff0cf723b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:43:29 +02:00
Adam Duskett 0813899c43 host-mariadb: compile against bundled yassl
On Fedora26, openssl 1.1.x is included by default.  This causes build
errors when building the host variant of mariadb.

Adding -DWITH_SSL=bundled fixes this issue.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 6103ce335a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:43:13 +02:00
Ryan Coe 21e5d6a6a7 mariadb: bump version to 10.1.25
release notes: https://mariadb.com/kb/en/mariadb-10125-release-notes/
changelog: https://mariadb.com/kb/en/mariadb-10125-changelog/

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5ec9bd15f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-04 08:43:04 +02:00
171 changed files with 2739 additions and 678 deletions
+29
View File
@@ -1,3 +1,32 @@
2017.02.6, Released September 24th, 2017
Important / security related fixes.
Cmake: Ensure correct pkg-config is used when building host
packages
fs/iso9660: Ensure files from earlier builds are not included.
Updated/fixed packages: apache, bcusdk, bind, binutils,
bluez5_utils, botan, cmake, connman, dbus, dialog, e2fsprogs,
faad2, fakeroot, ffmpeg, file, flashrom, gcc, gd, gdb,
gdk-pixbuf, git, gnupg, gpsd, grub2, gst1-plugins-bad,
imagemagick, iostat, iucode-tool, jack2, libarchive, libcurl,
libgcrypt, libidn, libphidget, librsync, librsvg, libsoup,
libxml2, linux-tools, lua, mariadb, mbedtls, mediastreamer,
minidlna, netplug, nss-pam-ldapd, nvidia-driver, openjpeg,
postgresql, proxychains-ng, python-libconfig,
python-service-identity, qt, rpcbind, ruby, samba4, squashfs,
squid, strongswan, subversion, supervisor, sysvinit, tcpdump,
tor, transmission, unrar, valgrind, vim, webkitgtk, whois,
xen, zmqpp
Issues resolved (http://bugs.buildroot.org):
#10141: Squashfs extended attribute failures
#10261: Grub2 fails to build for x86_64
#10276: BR2_PACKAGE_LINUX_TOOLS_GPIO fails for MIPS with...
2017.02.5, Released July 27th, 2017
Important / security related fixes.
+2 -2
View File
@@ -86,9 +86,9 @@ else # umask / $(CURDIR) / $(O)
all:
# Set and export the version string
export BR2_VERSION := 2017.02.5
export BR2_VERSION := 2017.02.6
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1501100000
BR2_VERSION_EPOCH = 1506285000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
+1 -1
View File
@@ -53,7 +53,7 @@ GRUB2_CONF_ENV = \
$(HOST_CONFIGURE_OPTS) \
CPP="$(HOSTCC) -E" \
TARGET_CC="$(TARGET_CC)" \
TARGET_CFLAGS="$(TARGET_CFLAGS)" \
TARGET_CFLAGS="$(TARGET_CFLAGS) -fno-stack-protector" \
TARGET_CPPFLAGS="$(TARGET_CPPFLAGS)" \
TARGET_LDFLAGS="$(TARGET_LDFLAGS)" \
NM="$(TARGET_NM)" \
+5 -5
View File
@@ -50,11 +50,11 @@ BUSYBOX_OVERRIDE_SRCDIR = /home/bob/busybox/
When Buildroot finds that for a given package, an
+<pkg>_OVERRIDE_SRCDIR+ has been defined, it will no longer attempt to
download, extract and patch the package. Instead, it will directly use
the source code available in in the specified directory and +make
clean+ will not touch this directory. This allows to point Buildroot
to your own directories, that can be managed by Git, Subversion, or
any other version control system. To achieve this, Buildroot will use
_rsync_ to copy the source code of the component from the specified
the source code available in the specified directory and +make clean+
will not touch this directory. This allows to point Buildroot to your
own directories, that can be managed by Git, Subversion, or any other
version control system. To achieve this, Buildroot will use _rsync_ to
copy the source code of the component from the specified
+<pkg>_OVERRIDE_SRCDIR+ to +output/build/<package>-custom/+.
This mechanism is best used in conjunction with the +make
+1
View File
@@ -40,6 +40,7 @@ define ROOTFS_ISO9660_CREATE_TEMPDIR
$(RM) -rf $(ROOTFS_ISO9660_TARGET_DIR)
mkdir -p $(ROOTFS_ISO9660_TARGET_DIR)
endef
ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_CREATE_TEMPDIR
else
ROOTFS_ISO9660_TARGET_DIR = $(TARGET_DIR)
endif
+30
View File
@@ -0,0 +1,30 @@
core: Disallow Methods' registration at run time (.htaccess), they may
be used only if registered at init time (httpd.conf).
Calling ap_method_register() in children processes is not the right scope
since it won't be shared for all requests.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807655 13f79535-47bb-0310-9956-ffa450edef68
Fixes CVE-2017-9798: https://nvd.nist.gov/vuln/detail/CVE-2017-9798
Downloaded from upstream repo:
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
--- a/server/core.c 2017/08/16 16:50:29 1805223
+++ b/server/core.c 2017/09/08 13:13:11 1807754
@@ -2266,6 +2266,12 @@
/* method has not been registered yet, but resource restriction
* is always checked before method handling, so register it.
*/
+ if (cmd->pool == cmd->temp_pool) {
+ /* In .htaccess, we can't globally register new methods. */
+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
+ "for %s from .htaccess configuration",
+ method, cmd->cmd->name);
+ }
methnum = ap_method_register(cmd->pool,
apr_pstrdup(cmd->pool, method));
}
@@ -0,0 +1,35 @@
From 6bd1b4958e949d83468e053c34bf6c89d14d687a Mon Sep 17 00:00:00 2001
From: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Date: Fri, 25 Aug 2017 23:01:14 +0200
Subject: [PATCH] eibd: drop local clock_gettime in USB backends
clock_gettime is defined locally, and calls pth_int_time, which
in turn calls clock_gettime.
The USB backend shouldn't overrule clock_gettime in the first place.
This patch fixes this endless recursion by removing the local defition.
Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
---
eibd/usb/linux_usbfs.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/eibd/usb/linux_usbfs.c b/eibd/usb/linux_usbfs.c
index c3ec410..957b908 100644
--- a/eibd/usb/linux_usbfs.c
+++ b/eibd/usb/linux_usbfs.c
@@ -52,12 +52,6 @@ int pthread_mutex_trylock(pthread_mutex_t *mutex)
return 0;
}
-int clock_gettime(clockid_t clk_id, struct timespec *tp)
-{
- pth_int_time (tp);
- return 0;
-}
-
/* sysfs vs usbfs:
* opening a usbfs node causes the device to be resumed, so we attempt to
* avoid this during enumeration.
--
1.8.5.rc3
+2 -2
View File
@@ -1,3 +1,3 @@
# Verified from http://ftp.isc.org/isc/bind9/9.11.1-P3/bind-9.11.1-P3.tar.gz.sha256.asc
sha256 52426e75432e46996dc90f24fca027805a341c38fbbb022b60dc9acd2677ccf4 bind-9.11.1-P3.tar.gz
# Verified from http://ftp.isc.org/isc/bind9/9.11.2/bind-9.11.2.tar.gz.sha256.asc
sha256 7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a bind-9.11.2.tar.gz
sha256 d3906dfe153e2c48440d3ca1d5319f5e89b4b820cdfc5d0779c23d7ac2b175e9 COPYRIGHT
+3 -2
View File
@@ -4,8 +4,8 @@
#
################################################################################
BIND_VERSION = 9.11.1-P3
BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION)
BIND_VERSION = 9.11.2
BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
# bind does not support parallel builds.
BIND_MAKE = $(MAKE1)
BIND_INSTALL_STAGING = YES
@@ -24,6 +24,7 @@ BIND_CONF_ENV = \
BUILD_CC="$(TARGET_CC)" \
BUILD_CFLAGS="$(TARGET_CFLAGS)"
BIND_CONF_OPTS = \
--without-lmdb \
--with-libjson=no \
--with-randomdev=/dev/urandom \
--enable-epoll \
@@ -0,0 +1,42 @@
From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Wed, 2 Aug 2017 00:36:05 -0700
Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.
They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
change should not affect processing of valid assembly/binary code.
bfd/
2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
entries for sysregs with negative indices.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
bfd/xtensa-isa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
index 8da75bea8109..8c6ee88fdeae 100644
--- a/bfd/xtensa-isa.c
+++ b/bfd/xtensa-isa.c
@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
xtensa_sysreg_internal *sreg = &isa->sysregs[n];
is_user = sreg->is_user;
- isa->sysreg_table[is_user][sreg->number] = n;
+ if (sreg->number >= 0)
+ isa->sysreg_table[is_user][sreg->number] = n;
}
/* Set up the interface lookup table. */
--
2.1.4
@@ -0,0 +1,42 @@
From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Wed, 2 Aug 2017 00:36:05 -0700
Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.
They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
change should not affect processing of valid assembly/binary code.
bfd/
2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
entries for sysregs with negative indices.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
bfd/xtensa-isa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
index 8da75bea8109..8c6ee88fdeae 100644
--- a/bfd/xtensa-isa.c
+++ b/bfd/xtensa-isa.c
@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
xtensa_sysreg_internal *sreg = &isa->sysregs[n];
is_user = sreg->is_user;
- isa->sysreg_table[is_user][sreg->number] = n;
+ if (sreg->number >= 0)
+ isa->sysreg_table[is_user][sreg->number] = n;
}
/* Set up the interface lookup table. */
--
2.1.4
@@ -0,0 +1,42 @@
From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Wed, 2 Aug 2017 00:36:05 -0700
Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.
They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
change should not affect processing of valid assembly/binary code.
bfd/
2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
entries for sysregs with negative indices.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
bfd/xtensa-isa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
index 8da75bea8109..8c6ee88fdeae 100644
--- a/bfd/xtensa-isa.c
+++ b/bfd/xtensa-isa.c
@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
xtensa_sysreg_internal *sreg = &isa->sysregs[n];
is_user = sreg->is_user;
- isa->sysreg_table[is_user][sreg->number] = n;
+ if (sreg->number >= 0)
+ isa->sysreg_table[is_user][sreg->number] = n;
}
/* Set up the interface lookup table. */
--
2.1.4
@@ -0,0 +1,29 @@
From 9e009647b14e810e06626dde7f1bb9ea3c375d09 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Wed, 13 Sep 2017 10:01:40 +0300
Subject: [PATCH] sdp: Fix Out-of-bounds heap read in service_search_attr_req
function
Check if there is enough data to continue otherwise return an error.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/sdpd-request.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sdpd-request.c b/src/sdpd-request.c
index 1eefdce1a..318d04467 100644
--- a/src/sdpd-request.c
+++ b/src/sdpd-request.c
@@ -917,7 +917,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
} else {
/* continuation State exists -> get from cache */
sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
- if (pCache) {
+ if (pCache && cstate->cStateValue.maxBytesSent < pCache->data_size) {
uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
pResponse = pCache->data;
memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
--
2.11.0
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
sha256 23ec973d4b4a4fe04f490d409e08ac5638afe3aa09acd7f520daaff38ba19b90 Botan-1.10.13.tgz
sha256 6c5472401d06527e87adcb53dd270f3c9b1fb688703b04dd7a7cfb86289efe52 Botan-1.10.16.tgz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
BOTAN_VERSION = 1.10.13
BOTAN_VERSION = 1.10.16
BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tgz
BOTAN_SITE = http://botan.randombit.net/releases
BOTAN_LICENSE = BSD-2c
+1
View File
@@ -46,6 +46,7 @@ define HOST_CMAKE_CONFIGURE_CMDS
-DCMAKE_C_FLAGS="$(HOST_CMAKE_CFLAGS)" \
-DCMAKE_CXX_FLAGS="$(HOST_CMAKE_CXXFLAGS)" \
-DCMAKE_EXE_LINKER_FLAGS="$(HOST_LDFLAGS)" \
-DCMAKE_USE_OPENSSL:BOOL=OFF \
-DBUILD_CursesDialog=OFF \
)
endef
+1 -1
View File
@@ -1,2 +1,2 @@
# From https://www.kernel.org/pub/linux/network/connman/sha256sums.asc
sha256 bc8946036fa70124d663136f9f6b6238d897ca482782df907b07a428b09df5a0 connman-1.33.tar.xz
sha256 66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa connman-1.35.tar.xz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
CONNMAN_VERSION = 1.33
CONNMAN_VERSION = 1.35
CONNMAN_SOURCE = connman-$(CONNMAN_VERSION).tar.xz
CONNMAN_SITE = $(BR2_KERNEL_MIRROR)/linux/network/connman
CONNMAN_DEPENDENCIES = libglib2 dbus iptables
@@ -0,0 +1,78 @@
From 1252dc1d1f465b8ab6b36ff7252e395e66a040cf Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@debian.org>
Date: Fri, 21 Jul 2017 10:46:39 +0100
Subject: [PATCH 1/2] config-loader-expat: Tell Expat not to defend against
hash collisions
By default, Expat uses cryptographic-quality random numbers as a salt for
its hash algorithm, and since 2.2.1 it gets them from the getrandom
syscall on Linux. That syscall refuses to return any entropy until the
kernel's CSPRNG (random pool) has been initialized. Unfortunately, this
can take as long as 40 seconds on embedded devices with few entropy
sources, which is too long: if the system dbus-daemon blocks for that
length of time, important D-Bus clients like systemd and systemd-logind
time out and fail to connect to it.
We're parsing small configuration files here, and we trust them
completely, so we don't need to defend against hash collisions: nobody
is going to be crafting them to cause pathological performance.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101858
Signed-off-by: Simon McVittie <smcv@debian.org>
Tested-by: Christopher Hewitt <hewitt@ieee.org>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Upstream commit 1252dc1d1f465b8ab6b36ff7252e395e66a040cf
Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
---
bus/config-loader-expat.c | 14 ++++++++++++++
configure.ac | 8 ++++++++
2 files changed, 22 insertions(+)
diff --git a/bus/config-loader-expat.c b/bus/config-loader-expat.c
index b571fda3..27cbe2d0 100644
--- a/bus/config-loader-expat.c
+++ b/bus/config-loader-expat.c
@@ -203,6 +203,20 @@ bus_config_load (const DBusString *file,
goto failed;
}
+ /* We do not need protection against hash collisions (CVE-2012-0876)
+ * because we are only parsing trusted XML; and if we let Expat block
+ * waiting for the CSPRNG to be initialized, as it does by default to
+ * defeat CVE-2012-0876, it can cause timeouts during early boot on
+ * entropy-starved embedded devices.
+ *
+ * TODO: When Expat gets a more explicit API for this than
+ * XML_SetHashSalt, check for that too, and use it preferentially.
+ * https://github.com/libexpat/libexpat/issues/91 */
+#if defined(HAVE_XML_SETHASHSALT)
+ /* Any nonzero number will do. https://xkcd.com/221/ */
+ XML_SetHashSalt (expat, 4);
+#endif
+
if (!_dbus_string_get_dirname (file, &dirname))
{
dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
diff --git a/configure.ac b/configure.ac
index 52da11fb..c4022ed7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -938,6 +938,14 @@ XML_CFLAGS=
AC_SUBST([XML_CFLAGS])
AC_SUBST([XML_LIBS])
+save_cflags="$CFLAGS"
+save_libs="$LIBS"
+CFLAGS="$CFLAGS $XML_CFLAGS"
+LIBS="$LIBS $XML_LIBS"
+AC_CHECK_FUNCS([XML_SetHashSalt])
+CFLAGS="$save_cflags"
+LIBS="$save_libs"
+
# Thread lib detection
AC_ARG_VAR([THREAD_LIBS])
save_libs="$LIBS"
--
2.11.0
+2
View File
@@ -7,6 +7,8 @@
DBUS_VERSION = 1.10.16
DBUS_SITE = http://dbus.freedesktop.org/releases/dbus
DBUS_LICENSE = AFLv2.1 or GPLv2+ (library, tools), GPLv2+ (tools)
# 0001-config-loader-expat-Tell-Expat-not-to-defend-against.patch
DBUS_AUTORECONF = YES
DBUS_LICENSE_FILES = COPYING
DBUS_INSTALL_STAGING = YES
+1 -1
View File
@@ -6,7 +6,7 @@
DIALOG_VERSION = 1.2-20150125
DIALOG_SOURCE = dialog-$(DIALOG_VERSION).tgz
DIALOG_SITE = ftp://invisible-island.net/dialog
DIALOG_SITE = ftp://ftp.invisible-island.net/dialog
DIALOG_CONF_OPTS = --with-ncurses --with-curses-dir=$(STAGING_DIR)/usr \
--disable-rpath-hack
DIALOG_DEPENDENCIES = host-pkgconf ncurses
@@ -0,0 +1,129 @@
From 3fb715b55426875902dfef3056b2cf7335953178 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 19 May 2017 13:25:59 -0400
Subject: [PATCH] include sys/sysmacros.h as needed
The minor/major/makedev macros are not entirely standard. glibc has had
the definitions in sys/sysmacros.h since the start, and wants to move away
from always defining them implicitly via sys/types.h (as this pollutes the
namespace in violation of POSIX). Other C libraries have already dropped
them. Since the configure script already checks for this header, use that
to pull in the header in files that use these macros.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Upstream commit 3fb715b55426875902dfef3056b2cf7335953178
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
---
debugfs/debugfs.c | 3 +++
lib/blkid/devname.c | 3 +++
lib/blkid/devno.c | 3 +++
lib/ext2fs/finddev.c | 3 +++
lib/ext2fs/ismounted.c | 3 +++
misc/create_inode.c | 4 ++++
misc/mk_hugefiles.c | 3 +++
7 files changed, 22 insertions(+)
diff --git a/debugfs/debugfs.c b/debugfs/debugfs.c
index 059ddc39..453f5b52 100644
--- a/debugfs/debugfs.c
+++ b/debugfs/debugfs.c
@@ -26,6 +26,9 @@ extern char *optarg;
#include <errno.h>
#endif
#include <fcntl.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include "debugfs.h"
#include "uuid/uuid.h"
diff --git a/lib/blkid/devname.c b/lib/blkid/devname.c
index 3e2efa9d..671e781f 100644
--- a/lib/blkid/devname.c
+++ b/lib/blkid/devname.c
@@ -36,6 +36,9 @@
#if HAVE_SYS_MKDEV_H
#include <sys/mkdev.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include <time.h>
#include "blkidP.h"
diff --git a/lib/blkid/devno.c b/lib/blkid/devno.c
index aa6eb907..480030f2 100644
--- a/lib/blkid/devno.c
+++ b/lib/blkid/devno.c
@@ -31,6 +31,9 @@
#if HAVE_SYS_MKDEV_H
#include <sys/mkdev.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include "blkidP.h"
diff --git a/lib/ext2fs/finddev.c b/lib/ext2fs/finddev.c
index 311608de..62fa0dbe 100644
--- a/lib/ext2fs/finddev.c
+++ b/lib/ext2fs/finddev.c
@@ -31,6 +31,9 @@
#if HAVE_SYS_MKDEV_H
#include <sys/mkdev.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include "ext2_fs.h"
#include "ext2fs.h"
diff --git a/lib/ext2fs/ismounted.c b/lib/ext2fs/ismounted.c
index bcac0f15..7d524715 100644
--- a/lib/ext2fs/ismounted.c
+++ b/lib/ext2fs/ismounted.c
@@ -49,6 +49,9 @@
#if HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include "ext2_fs.h"
#include "ext2fs.h"
diff --git a/misc/create_inode.c b/misc/create_inode.c
index ae22ff6f..8ce3fafa 100644
--- a/misc/create_inode.c
+++ b/misc/create_inode.c
@@ -22,6 +22,10 @@
#include <attr/xattr.h>
#endif
#include <sys/ioctl.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+
#include <ext2fs/ext2fs.h>
#include <ext2fs/ext2_types.h>
#include <ext2fs/fiemap.h>
diff --git a/misc/mk_hugefiles.c b/misc/mk_hugefiles.c
index 049c6f41..5882394d 100644
--- a/misc/mk_hugefiles.c
+++ b/misc/mk_hugefiles.c
@@ -35,6 +35,9 @@ extern int optind;
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/stat.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
#include <libgen.h>
#include <limits.h>
#include <blkid/blkid.h>
--
2.13.3
@@ -0,0 +1,40 @@
From 6787914efad562e4097a153988109c5c7158abf7 Mon Sep 17 00:00:00 2001
From: Baruch Siach <baruch@tkos.co.il>
Date: Wed, 16 Aug 2017 13:35:57 +0300
Subject: [PATCH] getopt: fix strncmp() declaration
The strncmp() declaration does not conform with the standard as to the
type of the 'n' parameter. Fix this to avoid the following build failure
with musl libc:
n file included from main.c:61:0:
getopt.c:175:13: error: conflicting types for 'strncmp'
extern int strncmp(const char *s1, const char *s2, unsigned int n);
^~~~~~~
In file included from main.c:49:0:
.../host/x86_64-buildroot-linux-musl/sysroot/usr/include/string.h:38:5: note: previous declaration of 'strncmp' was here
int strncmp (const char *, const char *, size_t);
^~~~~~~
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: https://sourceforge.net/p/faac/bugs/217/
frontend/getopt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/frontend/getopt.c b/frontend/getopt.c
index 185d49b804dd..40c7a2242551 100644
--- a/frontend/getopt.c
+++ b/frontend/getopt.c
@@ -172,7 +172,7 @@ static enum
#if __STDC__ || defined(PROTO)
extern char *getenv(const char *name);
extern int strcmp (const char *s1, const char *s2);
-extern int strncmp(const char *s1, const char *s2, unsigned int n);
+extern int strncmp(const char *s1, const char *s2, size_t n);
static int my_strlen(const char *s);
static char *my_index (const char *str, int chr);
--
2.14.1
+3 -3
View File
@@ -1,4 +1,4 @@
# From http://sourceforge.net/projects/faac/files/faad2-src/faad2-2.7/ (used by upstream):
sha1 80eaaa5cc576c35dd28863767b795c50cbcc0511 faad2-2.7.tar.gz
# From http://sourceforge.net/projects/faac/files/faad2-src/faad2-2.8.0/ (used by upstream):
sha1 a5caa71cd915acd502d96cba56f38296277f2350 faad2-2.8.1.tar.bz2
# Locally computed
sha256 ee26ed1e177c0cd8fa8458a481b14a0b24ca0b51468c8b4c8b676fd3ceccd330 faad2-2.7.tar.gz
sha256 f4042496f6b0a60f5ded6acd11093230044ef8a2fd965360c1bbd5b58780933d faad2-2.8.1.tar.bz2
+6 -2
View File
@@ -4,10 +4,14 @@
#
################################################################################
FAAD2_VERSION = 2.7
FAAD2_SITE = http://downloads.sourceforge.net/project/faac/faad2-src/faad2-$(FAAD2_VERSION)
FAAD2_VERSION_MAJOR = 2.8
FAAD2_VERSION = $(FAAD2_VERSION_MAJOR).1
FAAD2_SITE = http://downloads.sourceforge.net/project/faac/faad2-src/faad2-$(FAAD2_VERSION_MAJOR).0
FAAD2_SOURCE = faad2-$(FAAD2_VERSION).tar.bz2
FAAD2_LICENSE = GPLv2
FAAD2_LICENSE_FILES = COPYING
# No configure script in upstream tarball
FAAD2_AUTORECONF = YES
# frontend/faad calls frexp()
FAAD2_CONF_ENV = LIBS=-lm
FAAD2_INSTALL_STAGING = YES
@@ -0,0 +1,46 @@
From a853f21633693f9eefc4949660253a5328d2d2f3 Mon Sep 17 00:00:00 2001
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
Date: Sun, 13 Aug 2017 23:21:54 +0200
Subject: [PATCH 1/1] communicate: check return status of msgrcv()
msgrcv can return with -1 to indicate an error condition.
One such error is to have been interrupted by a signal.
Being interrupted by a signal is very rare in this code, except in a
very special condition: a highly-parallel (1000 jobs!) mksquashfs on
a filesystem with extended attributes, where we see errors like (those
are mksquashfs errors):
llistxattr for titi/603/883 failed in read_attrs, because Unknown
error 1716527536
See: https://bugs.busybox.net/show_bug.cgi?id=10141
In this case, we just have to retry the call to msgrcv().
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
communicate.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/communicate.c b/communicate.c
index 293f404..787bb63 100644
--- a/communicate.c
+++ b/communicate.c
@@ -553,10 +553,13 @@ void send_get_fakem(struct fake_msg *buf)
l=msgrcv(msg_get,
(struct my_msgbuf*)buf,
sizeof(*buf)-sizeof(buf->mtype),0,0);
- while((buf->serial!=serial)||buf->pid!=pid);
+ while(((l==-1)&&(errno==EINTR))||(buf->serial!=serial)||buf->pid!=pid);
semaphore_down();
+ if(l==-1)
+ buf->xattr.flags_rc=errno;
+
/*
(nah, may be wrong, due to allignment)
--
2.11.0
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated
sha256 54ce502aca10b7e6059f19220ea2f68fa0c9c4c4d255ae13e615f08f0c94dcc5 ffmpeg-3.2.3.tar.xz
sha256 42e7362692318afc666f14378dd445effa9a1b09787504a6ab5811fe442674cd ffmpeg-3.2.8.tar.xz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
FFMPEG_VERSION = 3.2.3
FFMPEG_VERSION = 3.2.8
FFMPEG_SOURCE = ffmpeg-$(FFMPEG_VERSION).tar.xz
FFMPEG_SITE = http://ffmpeg.org/releases
FFMPEG_INSTALL_STAGING = YES
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated
sha256 ea661277cd39bf8f063d3a83ee875432cc3680494169f952787e002bdd3884c0 file-5.29.tar.gz
sha256 8639dc4d1b21e232285cd483604afc4a6ee810710e00e579dbe9591681722b50 file-5.32.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
FILE_VERSION = 5.29
FILE_VERSION = 5.32
FILE_SITE = ftp://ftp.astron.com/pub/file
FILE_DEPENDENCIES = host-file zlib
HOST_FILE_DEPENDENCIES = host-zlib
+2 -1
View File
@@ -12,7 +12,8 @@ FLASHROM_LICENSE = GPLv2+
FLASHROM_LICENSE_FILES = COPYING
define FLASHROM_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D)
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
CFLAGS="$(TARGET_CFLAGS) -DHAVE_STRNLEN" -C $(@D)
endef
define FLASHROM_INSTALL_TARGET_CMDS
@@ -0,0 +1,31 @@
From 65a3028024a5963d9b988d70fe7ebe116c731310 Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Mon, 11 Sep 2017 21:53:38 +0000
Subject: [PATCH] xtensa: fix PR target/82181
2017-09-11 Max Filippov <jcmvbkbc@gmail.com>
gcc/
Backport from mainline
* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
words of DImode object are reachable by xtensa_uimm8x4 access.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
index f08854729f50..4b94179636e0 100644
--- a/gcc/config/xtensa/xtensa.c
+++ b/gcc/config/xtensa/xtensa.c
@@ -599,6 +599,7 @@ xtensa_mem_offset (unsigned v, enum machine_mode mode)
case HImode:
return xtensa_uimm8x2 (v);
+ case DImode:
case DFmode:
return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
--
2.1.4
@@ -0,0 +1,31 @@
From 672910e3d1215b781cf0e4757e473f6a25ebf756 Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Mon, 11 Sep 2017 21:53:38 +0000
Subject: [PATCH] xtensa: fix PR target/82181
2017-09-11 Max Filippov <jcmvbkbc@gmail.com>
gcc/
Backport from mainline
* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
words of DImode object are reachable by xtensa_uimm8x4 access.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
index 67b369f015ad..3d1d981f885d 100644
--- a/gcc/config/xtensa/xtensa.c
+++ b/gcc/config/xtensa/xtensa.c
@@ -612,6 +612,7 @@ xtensa_mem_offset (unsigned v, enum machine_mode mode)
case HImode:
return xtensa_uimm8x2 (v);
+ case DImode:
case DFmode:
return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
--
2.1.4
@@ -0,0 +1,31 @@
From 329c471661493e48e0fc65fa6c17ef86517483ed Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Mon, 11 Sep 2017 21:53:38 +0000
Subject: [PATCH] xtensa: fix PR target/82181
2017-09-11 Max Filippov <jcmvbkbc@gmail.com>
gcc/
Backport from mainline
* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
words of DImode object are reachable by xtensa_uimm8x4 access.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
index 36ab1e370853..bf02fceb416e 100644
--- a/gcc/config/xtensa/xtensa.c
+++ b/gcc/config/xtensa/xtensa.c
@@ -637,6 +637,7 @@ xtensa_mem_offset (unsigned v, machine_mode mode)
case HImode:
return xtensa_uimm8x2 (v);
+ case DImode:
case DFmode:
return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
--
2.1.4
@@ -0,0 +1,31 @@
From dc90c186f755e726a097c9bb8bf6c4e7a45d8a07 Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Mon, 11 Sep 2017 21:53:38 +0000
Subject: [PATCH] xtensa: fix PR target/82181
2017-09-11 Max Filippov <jcmvbkbc@gmail.com>
gcc/
Backport from mainline
* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
words of DImode object are reachable by xtensa_uimm8x4 access.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
index 70f698aba0ae..750b685b23e7 100644
--- a/gcc/config/xtensa/xtensa.c
+++ b/gcc/config/xtensa/xtensa.c
@@ -601,6 +601,7 @@ xtensa_mem_offset (unsigned v, machine_mode mode)
case HImode:
return xtensa_uimm8x2 (v);
+ case DImode:
case DFmode:
return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
--
2.1.4
-32
View File
@@ -1,32 +0,0 @@
Fix gdlib-config
Since the @LIBICONV@ macro doesn't get replaced at compile time, we
end up installing an invalid gdlib-config: the gdlib-config --libs
says that one should link against @LIBICONV@ which obviously doesn't
work.
Use the OpenWRT patch from
https://dev.openwrt.org/browser/packages/libs/gd/patches/101-gdlib-config.patch
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
--- a/config/gdlib-config.in
+++ b/config/gdlib-config.in
@@ -71,7 +71,7 @@ while test $# -gt 0; do
echo @LDFLAGS@
;;
--libs)
- echo -lgd @LIBS@ @LIBICONV@
+ echo -lgd @LIBS@
;;
--cflags|--includes)
echo -I@includedir@
@@ -84,7 +84,7 @@ while test $# -gt 0; do
echo "includedir: $includedir"
echo "cflags: -I@includedir@"
echo "ldflags: @LDFLAGS@"
- echo "libs: @LIBS@ @LIBICONV@"
+ echo "libs: @LIBS@"
echo "libdir: $libdir"
echo "features: @FEATURES@"
;;
@@ -1,50 +0,0 @@
From ea2a03e983acf34a1320b460dcad43b7e0b0b14f Mon Sep 17 00:00:00 2001
Message-Id: <ea2a03e983acf34a1320b460dcad43b7e0b0b14f.1397134306.git.baruch@tkos.co.il>
From: Baruch Siach <baruch@tkos.co.il>
Date: Thu, 10 Apr 2014 15:49:13 +0300
Subject: [PATCH] gd_bmp: fix build with uClibc
Some architectures (like ARM) don't have the long double variants of math
functions under uClibc. Add a local ceill definition in this case.
Patch status: reported upstream,
https://bitbucket.org/libgd/gd-libgd/issue/123/build-failure-agains-uclibc-arm
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
src/gd_bmp.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/gd_bmp.c b/src/gd_bmp.c
index 0fc021909f1b..11b3ec1baa01 100644
--- a/src/gd_bmp.c
+++ b/src/gd_bmp.c
@@ -25,6 +25,11 @@
#include "gdhelpers.h"
#include "bmp.h"
+#include <features.h>
+#if defined (__UCLIBC__) && !defined(__UCLIBC_HAS_LONG_DOUBLE_MATH__)
+#define NO_LONG_DOUBLE
+#endif
+
static int compress_row(unsigned char *uncompressed_row, int length);
static int build_rle_packet(unsigned char *row, int packet_type, int length, unsigned char *data);
@@ -42,6 +47,13 @@ static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
#define BMP_DEBUG(s)
+#ifdef NO_LONG_DOUBLE
+long double ceill(long double x)
+{
+ return (long double) ceil((double) x);
+}
+#endif
+
static int gdBMPPutWord(gdIOCtx *out, int w)
{
/* Byte order is little-endian */
--
1.9.1
+2 -1
View File
@@ -1,2 +1,3 @@
# Locally calculated
sha256 137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6 libgd-2.2.4.tar.xz
sha256 8c302ccbf467faec732f0741a859eef4ecae22fea2d2ab87467be940842bde51 libgd-2.2.5.tar.xz
sha256 d02dae2141d49b8a6b09b2b73e68a8f17d7bbeaaf02b3b841ee11fea2d9e328d COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
GD_VERSION = 2.2.4
GD_VERSION = 2.2.5
GD_SOURCE = libgd-$(GD_VERSION).tar.xz
GD_SITE = https://github.com/libgd/libgd/releases/download/gd-$(GD_VERSION)
GD_INSTALL_STAGING = YES
@@ -0,0 +1,41 @@
From 09a2c3e0164545324a1ddee70f5c9fdee71e2079 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Sun, 18 Jun 2017 23:09:43 +0200
Subject: [PATCH] nat/linux-ptrace.c: add missing gdb_byte* cast
On noMMU platforms, the following code gets compiled:
child_stack = xmalloc (STACK_SIZE * 4);
Where child_stack is a gdb_byte*, and xmalloc() returns a void*. While
the lack of cast is valid in C, it is not in C++, causing the
following build failure:
../nat/linux-ptrace.c: In function 'int linux_fork_to_function(gdb_byte*, int (*)(void*))':
../nat/linux-ptrace.c:273:29: error: invalid conversion from 'void*' to 'gdb_byte* {aka unsigned char*}' [-fpermissive]
child_stack = xmalloc (STACK_SIZE * 4);
Therefore, this commit adds the appropriate cast.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Upstream commit: ffce45d2243e5f52f411e314fc4e1a69f431a81f]
---
gdb/nat/linux-ptrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gdb/nat/linux-ptrace.c b/gdb/nat/linux-ptrace.c
index 3447e07..33833e2 100644
--- a/gdb/nat/linux-ptrace.c
+++ b/gdb/nat/linux-ptrace.c
@@ -270,7 +270,7 @@ linux_fork_to_function (gdb_byte *child_stack, int (*function) (void *))
#define STACK_SIZE 4096
if (child_stack == NULL)
- child_stack = xmalloc (STACK_SIZE * 4);
+ child_stack = (gdb_byte*) xmalloc (STACK_SIZE * 4);
/* Use CLONE_VM instead of fork, to support uClinux (no MMU). */
#ifdef __ia64__
--
2.9.4
+1
View File
@@ -189,6 +189,7 @@ HOST_GDB_CONF_OPTS = \
--enable-threads \
--disable-werror \
--without-included-gettext \
--with-curses \
$(GDB_DISABLE_BINUTILS_CONF_OPTS)
ifeq ($(BR2_PACKAGE_HOST_GDB_TUI),y)
+4 -2
View File
@@ -1,2 +1,4 @@
# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.4.sha256sum
sha256 0b19901c3eb0596141d2d48ddb9dac79ad1524bdf59366af58ab38fcb9ee7463 gdk-pixbuf-2.36.4.tar.xz
# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.10.sha256sum
sha256 f8f6fa896b89475c73b6e9e8d2a2b062fc359c4b4ccb8e96470d6ab5da949ace gdk-pixbuf-2.36.10.tar.xz
# Locally calculated
sha256 d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5 COPYING
+13 -1
View File
@@ -5,7 +5,7 @@
################################################################################
GDK_PIXBUF_VERSION_MAJOR = 2.36
GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).4
GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).10
GDK_PIXBUF_SOURCE = gdk-pixbuf-$(GDK_PIXBUF_VERSION).tar.xz
GDK_PIXBUF_SITE = http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/$(GDK_PIXBUF_VERSION_MAJOR)
GDK_PIXBUF_LICENSE = LGPLv2+
@@ -20,6 +20,9 @@ GDK_PIXBUF_CONF_ENV = \
ac_cv_path_GLIB_GENMARSHAL=$(LIBGLIB2_HOST_BINARY) \
gio_can_sniff=no
HOST_GDK_PIXBUF_CONF_ENV = \
gio_can_sniff=no
GDK_PIXBUF_CONF_OPTS = --disable-glibtest
ifneq ($(BR2_PACKAGE_LIBPNG),y)
@@ -73,5 +76,14 @@ define GDK_PIXBUF_DISABLE_TESTS
endef
GDK_PIXBUF_POST_PATCH_HOOKS += GDK_PIXBUF_DISABLE_TESTS
# Target gdk-pixbuf needs loaders.cache populated to build for the
# thumbnailer. Use the host-built since it matches the target options
# regarding mime types (which is the used information).
define GDK_PIXBUF_COPY_LOADERS_CACHE
cp -f $(HOST_DIR)/usr/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache \
$(@D)/gdk-pixbuf
endef
GDK_PIXBUF_PRE_BUILD_HOOKS += GDK_PIXBUF_COPY_LOADERS_CACHE
$(eval $(autotools-package))
$(eval $(host-autotools-package))
+1 -1
View File
@@ -1,2 +1,2 @@
# From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
sha256 016124c54ce2db7a4c2bd26b0de21fbf8f6bcaee04842aa221c7243141df4e42 git-2.12.3.tar.xz
sha256 f8b8ac499034e9f6e44e67dd54351bc5654e228e4cd3b55f6f1c8e736c977ce6 git-2.12.4.tar.xz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
GIT_VERSION = 2.12.3
GIT_VERSION = 2.12.4
GIT_SOURCE = git-$(GIT_VERSION).tar.xz
GIT_SITE = https://www.kernel.org/pub/software/scm/git
GIT_LICENSE = GPLv2, LGPLv2.1+
+3 -4
View File
@@ -1,4 +1,3 @@
# From https://lists.gnu.org/archive/html/info-gnu/2016-08/msg00008.html
sha1 e3bdb585026f752ae91360f45c28e76e4a15d338 gnupg-1.4.21.tar.bz2
# Locally computed
sha256 6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276 gnupg-1.4.21.tar.bz2
# Locally computed based on signature
# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-1.4.22.tar.bz2.sig
sha256 9594a24bec63a21568424242e3f198b9d9828dea5ff0c335e47b06f835f930b4 gnupg-1.4.22.tar.bz2
+2 -2
View File
@@ -4,9 +4,9 @@
#
################################################################################
GNUPG_VERSION = 1.4.21
GNUPG_VERSION = 1.4.22
GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
GNUPG_SITE = ftp://ftp.gnupg.org/gcrypt/gnupg
GNUPG_SITE = https://gnupg.org/ftp/gcrypt/gnupg
GNUPG_LICENSE = GPLv3+
GNUPG_LICENSE_FILES = COPYING
GNUPG_DEPENDENCIES = zlib ncurses $(if $(BR2_PACKAGE_LIBICONV),libiconv)
@@ -0,0 +1,29 @@
From eb7cce5dbb53a64cf55ac0d9a7fa4dcbebd4b173 Mon Sep 17 00:00:00 2001
From: Waldemar Brodkorb <wbx@openadk.org>
Date: Mon, 14 Aug 2017 23:24:38 +0200
Subject: [PATCH] SConstruct: do not force -O2 by default
-O2 can cause problems on some architectures, so do not force it by
default.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
---
SConstruct | 2 --
1 file changed, 2 deletions(-)
diff --git a/SConstruct b/SConstruct
index fe444a2..93d91a4 100644
--- a/SConstruct
+++ b/SConstruct
@@ -330,8 +330,6 @@ if not 'CCFLAGS' in os.environ:
# Should we build with optimisation?
if env['debug'] or env['coveraging']:
env.Append(CCFLAGS=['-O0'])
- else:
- env.Append(CCFLAGS=['-O2'])
# Get a slight speedup by not doing automatic RCS and SCCS fetches.
env.SourceCode('.', None)
--
2.9.4
+1 -1
View File
@@ -44,7 +44,7 @@ endif
# A bug was reported to the gcc bug tracker:
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68485
ifeq ($(BR2_microblaze),y)
GPSD_CFLAGS += -fno-expensive-optimizations -fno-schedule-insns
GPSD_CFLAGS += -O0
endif
# Enable or disable Qt binding
@@ -0,0 +1,60 @@
From daaf649bda7231fd0d760802232a36ba62a4ea2d Mon Sep 17 00:00:00 2001
From: Clemens Lang <cal@macports.org>
Date: Sun, 13 Aug 2017 21:17:18 +0200
Subject: [PATCH] openjpeg: Fix build against openjpeg 2.2
OpenJPEG 2.2 has some API changes and thus ships its headers in a new
include path. Add a configure check (to both meson and autoconf) to
detect the newer version of OpenJPEG and add conditional includes.
Fix the autoconf test for OpenJPEG 2.1, which checked for HAVE_OPENJPEG,
which was always set even for 2.0.
https://bugzilla.gnome.org/show_bug.cgi?id=786250
[Peter: drop meson changes for 2017.02.x]
Upstream: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/patch/?id=15f24fef53a955c7c76fc966302cb0453732e657
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
configure.ac | 7 ++++++-
ext/openjpeg/gstopenjpeg.h | 4 +++-
2 files changed, 22 insertions(+), 10 deletions(-)
diff --git a/configure.ac b/configure.ac
index 30e26b8..c4f08c7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2813,8 +2813,13 @@ AG_GST_CHECK_FEATURE(OPENJPEG, [openjpeg library], openjpeg, [
if test x"$HAVE_OPENJPEG" = x"yes"; then
dnl minor API changes in v2.1
AG_GST_PKG_CHECK_MODULES(OPENJPEG_2_1, libopenjp2 >= 2.1)
- if test x"$HAVE_OPENJPEG" = x"yes"; then
+ if test x"$HAVE_OPENJPEG_2_1" = x"yes"; then
AC_DEFINE([HAVE_OPENJPEG_2_1], 1, [Define if OpenJPEG 2.1 is used])
+ dnl include paths changed for v2.2
+ AG_GST_PKG_CHECK_MODULES(OPENJPEG_2_2, libopenjp2 >= 2.2)
+ if test x"$HAVE_OPENJPEG_2_2" = x"yes"; then
+ AC_DEFINE([HAVE_OPENJPEG_2_2], 1, [Define if OpenJPEG 2.2 is used])
+ fi
fi
else
# Fallback to v1.5
diff --git a/ext/openjpeg/gstopenjpeg.h b/ext/openjpeg/gstopenjpeg.h
index 03ce52e..52410a4 100644
--- a/ext/openjpeg/gstopenjpeg.h
+++ b/ext/openjpeg/gstopenjpeg.h
@@ -38,7 +38,9 @@
#define OPJ_CPRL CPRL
#else
#include <stdio.h>
-# ifdef HAVE_OPENJPEG_2_1
+# if defined(HAVE_OPENJPEG_2_2)
+# include <openjpeg-2.2/openjpeg.h>
+# elif defined(HAVE_OPENJPEG_2_1)
# include <openjpeg-2.1/openjpeg.h>
# else
# include <openjpeg-2.0/openjpeg.h>
--
2.12.3
@@ -13,6 +13,10 @@ GST1_PLUGINS_BAD_LICENSE_FILES = COPYING COPYING.LIB
# enabled.
GST1_PLUGINS_BAD_LICENSE = LGPLv2+, LGPLv2.1+
# patch 0001-openjpeg-Fix-build-against-openjpeg-2.2.patch touches configure.ac
GST1_PLUGINS_BAD_AUTORECONF = YES
GST1_PLUGINS_BAD_GETTEXTIZE = YES
GST1_PLUGINS_BAD_CONF_OPTS = \
--disable-examples \
--disable-valgrind \
+2 -2
View File
@@ -1,2 +1,2 @@
# From http://www.imagemagick.org/download/releases/digest.rdf
sha256 0058fcde533986334458a5c99600b1b9633182dd9562cbad4ba618c5ccf2a28f ImageMagick-7.0.5-10.tar.xz
# Locally computed
sha256 5a45e29509dbb23793a9c8db5c47ef1114c1ee82c9ca60053eaf06b3fc243e2c 7.0.7-1.tar.gz
+3 -3
View File
@@ -4,9 +4,9 @@
#
################################################################################
IMAGEMAGICK_VERSION = 7.0.5-10
IMAGEMAGICK_SOURCE = ImageMagick-$(IMAGEMAGICK_VERSION).tar.xz
IMAGEMAGICK_SITE = http://www.imagemagick.org/download/releases
IMAGEMAGICK_VERSION = 7.0.7-1
IMAGEMAGICK_SOURCE = $(IMAGEMAGICK_VERSION).tar.gz
IMAGEMAGICK_SITE = https://github.com/ImageMagick/ImageMagick/archive
IMAGEMAGICK_LICENSE = Apache-2.0
IMAGEMAGICK_LICENSE_FILES = LICENSE
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
IOSTAT_VERSION = 2.2
IOSTAT_SITE = http://www.linuxinsight.com/files
IOSTAT_SITE = http://linuxinsight.com/sites/default/files
IOSTAT_LICENSE = GPL
IOSTAT_LICENSE_FILES = LICENSE
+1 -1
View File
@@ -6,7 +6,7 @@
IUCODE_TOOL_VERSION = 1.5
IUCODE_TOOL_SOURCE = iucode-tool_$(IUCODE_TOOL_VERSION).tar.xz
IUCODE_TOOL_SITE = https://gitlab.com/iucode-tool/releases/raw/latest
IUCODE_TOOL_SITE = https://gitlab.com/iucode-tool/releases/raw/master
ifeq ($(BR2_PACKAGE_ARGP_STANDALONE),y)
IUCODE_TOOL_CONF_ENV = LIBS="-largp"
IUCODE_TOOL_DEPENDENCIES = argp-standalone
@@ -0,0 +1,65 @@
From ff1ed2c4524095055140370c1008a2d9cccc5645 Mon Sep 17 00:00:00 2001
From: Adrian Knoth <adi@drcomp.erfurt.thur.de>
Date: Sat, 11 Jun 2016 05:35:07 +0200
Subject: [PATCH] Fix initialization in test/iodelay.cpp
jack_latency_range_t is
struct _jack_latency_range {
jack_nframes_t min;
jack_nframes_t max;
};
and jack_nframes_t is
typedef uint32_t jack_nframes_t;
so it's unsigned. Initialising it with -1 is invalid (at least in C++14). We cannot use {0, 0}, because latency_cb has
jack_latency_range_t range;
range.min = range.max = 0;
if ((range.min != capture_latency.min) || (range.max !=
capture_latency.max)) {
capture_latency = range;
}
so we must not have {0, 0}, otherwise the condition would never be true.
Using UINT32_MAX should be equivalent to the previous -1.
[Upstream commit https://github.com/jackaudio/jack2/commit/ff1ed2c4524095055140370c1008a2d9cccc5645]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
tests/iodelay.cpp | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/tests/iodelay.cpp b/tests/iodelay.cpp
index e1ba63fa..1ef470fd 100644
--- a/tests/iodelay.cpp
+++ b/tests/iodelay.cpp
@@ -20,6 +20,7 @@
#include <stdlib.h>
#include <stdio.h>
+#include <stdint.h>
#include <math.h>
#include <unistd.h>
#include <jack/jack.h>
@@ -167,8 +168,8 @@ static jack_client_t *jack_handle;
static jack_port_t *jack_capt;
static jack_port_t *jack_play;
-jack_latency_range_t capture_latency = {-1, -1};
-jack_latency_range_t playback_latency = {-1, -1};
+jack_latency_range_t capture_latency = {UINT32_MAX, UINT32_MAX};
+jack_latency_range_t playback_latency = {UINT32_MAX, UINT32_MAX};
void
latency_cb (jack_latency_callback_mode_t mode, void *arg)
@@ -266,4 +267,4 @@ int main (int ac, char *av [])
return 0;
}
-// --------------------------------------------------------------------------------
\ No newline at end of file
+// --------------------------------------------------------------------------------
+31
View File
@@ -0,0 +1,31 @@
From f7bccdca651592cc4082b28fd4a01ed6ef8ab655 Mon Sep 17 00:00:00 2001
From: Kjetil Matheussen <k.s.matheussen@notam02.no>
Date: Sat, 15 Jul 2017 13:21:59 +0200
Subject: [PATCH] Tests: Fix compilation with gcc7
Fixes
../tests/test.cpp: In function int process4(jack_nframes_t, void*):
../tests/test.cpp:483:73: error: call of overloaded abs(jack_nframes_t) is ambiguous
if (delta_time > 0 && (jack_nframes_t)abs(delta_time - cur_buffer_size) > tolerance) {
Downloaded from upstream commit
https://github.com/jackaudio/jack2/commit/f7bccdca651592cc4082b28fd4a01ed6ef8ab655
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
tests/test.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/test.cpp b/tests/test.cpp
index 8a8a8117..d2ef9a05 100644
--- a/tests/test.cpp
+++ b/tests/test.cpp
@@ -479,7 +479,7 @@ int process4(jack_nframes_t nframes, void *arg)
jack_nframes_t delta_time = cur_time - last_time;
Log("calling process4 callback : jack_frame_time = %ld delta_time = %ld\n", cur_time, delta_time);
- if (delta_time > 0 && (jack_nframes_t)abs(delta_time - cur_buffer_size) > tolerance) {
+ if (delta_time > 0 && abs((int64_t)delta_time - (int64_t)cur_buffer_size) > (int64_t)tolerance) {
printf("!!! ERROR !!! jack_frame_time seems to return incorrect values cur_buffer_size = %d, delta_time = %d tolerance %d\n", cur_buffer_size, delta_time, tolerance);
}
@@ -0,0 +1,28 @@
From d3c8e2d8d78899fba40a3e677ed4dbe388d82269 Mon Sep 17 00:00:00 2001
From: Adrian Knoth <adi@drcomp.erfurt.thur.de>
Date: Thu, 18 Sep 2014 18:29:23 +0200
Subject: [PATCH] Fix FTBFS with clang++
Forwarded from http://bugs.debian.org/757820
Downloaded from upstream commit
https://github.com/jackaudio/jack2/commit/d3c8e2d8d78899fba40a3e677ed4dbe388d82269
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
common/memops.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/memops.c b/common/memops.c
index 27f6194a..2d416b64 100644
--- a/common/memops.c
+++ b/common/memops.c
@@ -198,7 +198,7 @@ static inline __m128i float_24_sse(__m128 s)
*/
static unsigned int seed = 22222;
-inline unsigned int fast_rand() {
+static inline unsigned int fast_rand() {
seed = (seed * 96314165) + 907633515;
return seed;
}
-1
View File
@@ -1,3 +1,2 @@
# Locally calculated
sha256 88f1b6601b7c8950e6a2d5940b423a33ee628ae5583da40bdce3d9317d8c600d jack2-v1.9.10.tar.gz
sha256 f372c4300e3fb2c1ce053e47829df44f3f8b933feb820759392187723ae8e640 ff1ed2c4524095055140370c1008a2d9cccc5645.patch
-1
View File
@@ -9,7 +9,6 @@ JACK2_SITE = $(call github,jackaudio,jack2,$(JACK2_VERSION))
JACK2_LICENSE = GPLv2+ (jack server), LGPLv2.1+ (jack library)
JACK2_DEPENDENCIES = libsamplerate libsndfile alsa-lib host-python
JACK2_INSTALL_STAGING = YES
JACK2_PATCH = https://github.com/jackaudio/jack2/commit/ff1ed2c4524095055140370c1008a2d9cccc5645.patch
JACK2_CONF_OPTS = --alsa
@@ -0,0 +1,42 @@
From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Tue, 5 Sep 2017 18:12:19 +0200
Subject: [PATCH] Do something sensible for empty strings to make fuzzers
happy.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit fa7438a0ff
libarchive/archive_read_support_format_xar.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
index 7a22beb9d8e4..93eeacc5e6eb 100644
--- a/libarchive/archive_read_support_format_xar.c
+++ b/libarchive/archive_read_support_format_xar.c
@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
uint64_t l;
int digit;
+ if (char_cnt == 0)
+ return (0);
+
l = 0;
digit = *p - '0';
while (digit >= 0 && digit < 10 && char_cnt-- > 0) {
@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
{
int64_t l;
int digit;
-
+
+ if (char_cnt == 0)
+ return (0);
+
l = 0;
while (char_cnt-- > 0) {
if (*p >= '0' && *p <= '7')
--
2.14.1
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally computed:
sha256 72ee1a4e3fd534525f13a0ba1aa7b05b203d186e0c6072a8a4738649d0b3cfd2 libarchive-3.2.1.tar.gz
sha256 ed2dbd6954792b2c054ccf8ec4b330a54b85904a80cef477a1c74643ddafa0ce libarchive-3.3.2.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBARCHIVE_VERSION = 3.2.1
LIBARCHIVE_VERSION = 3.3.2
LIBARCHIVE_SITE = http://www.libarchive.org/downloads
LIBARCHIVE_INSTALL_STAGING = YES
LIBARCHIVE_LICENSE = BSD-2c, BSD-3c
@@ -0,0 +1,47 @@
From 7d84bd820ef412d251b643a4faced105668f4ebd Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Fri, 11 Aug 2017 18:52:37 +0200
Subject: [PATCH] curl/system.h: support more architectures
The long list of architectures in include/curl/system.h is annoying to
maintain, and needs to be extended for each and every architecture to
support.
Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler
(we are in the GNUC condition anyway), which tells us if long is 4
bytes or 8 bytes.
This fixes the build of libcurl 7.55.0 on architectures such as
OpenRISC or ARC.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
include/curl/system.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/include/curl/system.h b/include/curl/system.h
index 79abf8f..0e13075 100644
--- a/include/curl/system.h
+++ b/include/curl/system.h
@@ -403,7 +403,7 @@
# if !defined(__LP64__) && (defined(__ILP32__) || \
defined(__i386__) || defined(__ppc__) || defined(__arm__) || \
defined(__sparc__) || defined(__mips__) || defined(__sh__) || \
- defined(__XTENSA__))
+ defined(__XTENSA__) || (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 4))
# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
@@ -412,7 +412,8 @@
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# elif defined(__LP64__) || \
- defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__)
+ defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__) || \
+ (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 8)
# define CURL_SIZEOF_LONG 8
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
--
2.9.4
+2 -1
View File
@@ -1,2 +1,3 @@
# Locally calculated after checking pgp signature
sha256 f50ebaf43c507fa7cc32be4b8108fa8bbd0f5022e90794388f3c7694a302ff06 curl-7.54.0.tar.bz2
# https://curl.haxx.se/download/curl-7.55.0.tar.xz.asc
sha256 cdd58522f8607fd4e871df79d73acb3155075e2134641e5adab12a0962df059d curl-7.55.0.tar.xz
+3 -3
View File
@@ -4,14 +4,14 @@
#
################################################################################
LIBCURL_VERSION = 7.54.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
LIBCURL_VERSION = 7.55.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
$(if $(BR2_PACKAGE_ZLIB),zlib) \
$(if $(BR2_PACKAGE_LIBIDN),libidn) \
$(if $(BR2_PACKAGE_RTMPDUMP),rtmpdump)
LIBCURL_LICENSE = ISC
LIBCURL_LICENSE = curl
LIBCURL_LICENSE_FILES = COPYING
LIBCURL_INSTALL_STAGING = YES
+2 -4
View File
@@ -1,5 +1,3 @@
# From https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
sha1 65a4a495aa858483e66868199eaa8238572ca6cd libgcrypt-1.7.8.tar.bz2
# Locally calculated after checking signature
# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.8.tar.bz2.sig
sha256 948276ea47e6ba0244f36a17b51dcdd52cfd1e664b0a1ac3bc82134fb6cec199 libgcrypt-1.7.8.tar.bz2
# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.9.tar.bz2.sig
sha256 bfe9bb703c1126c3647da2810fd23039c2f09d46969f71612c2065dc3fa9373b libgcrypt-1.7.9.tar.bz2
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBGCRYPT_VERSION = 1.7.8
LIBGCRYPT_VERSION = 1.7.9
LIBGCRYPT_SOURCE = libgcrypt-$(LIBGCRYPT_VERSION).tar.bz2
LIBGCRYPT_LICENSE = LGPLv2.1+
LIBGCRYPT_LICENSE_FILES = COPYING.LIB
@@ -0,0 +1,36 @@
From e9e81b8063b095b02cf104bb992fa9bf9515b9d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Fri, 1 Sep 2017 10:04:48 +0200
Subject: [PATCH] lib/punycode.c (decode_digit): Fix integer overflow
This fix is a backport from libidn2 and addresses
CVE-2017-14062.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit e9e81b8063b095
lib/punycode.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/punycode.c b/lib/punycode.c
index 86819a7deb85..49250a13e2cc 100644
--- a/lib/punycode.c
+++ b/lib/punycode.c
@@ -88,10 +88,10 @@ enum
/* point (for use in representing integers) in the range 0 to */
/* base-1, or base if cp does not represent a value. */
-static punycode_uint
-decode_digit (punycode_uint cp)
+static unsigned
+decode_digit (int cp)
{
- return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+ return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
cp - 97 < 26 ? cp - 97 : base;
}
--
2.14.1
+3 -1
View File
@@ -7,11 +7,13 @@
LIBIDN_VERSION = 1.33
LIBIDN_SITE = $(BR2_GNU_MIRROR)/libidn
LIBIDN_INSTALL_STAGING = YES
LIBIDN_CONF_ENV = EMACS="no"
LIBIDN_CONF_ENV = EMACS="no" MAKEINFO=true
LIBIDN_CONF_OPTS = --disable-java --enable-csharp=no
LIBIDN_DEPENDENCIES = host-pkgconf $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext) $(if $(BR2_PACKAGE_LIBICONV),libiconv)
LIBIDN_LICENSE = GPLv2+, GPLv3+, LGPLv3+
LIBIDN_LICENSE_FILES = COPYINGv2 COPYINGv3 COPYING.LESSERv3
# lib/punycode.c patch triggers reconf in doc/
LIBIDN_AUTORECONF = YES
define LIBIDN_REMOVE_BINARY
rm -f $(TARGET_DIR)/usr/bin/idn
+1 -1
View File
@@ -6,7 +6,7 @@
LIBPHIDGET_VERSION = 2.1.8.20140319
LIBPHIDGET_SOURCE = libphidget_$(LIBPHIDGET_VERSION).tar.gz
LIBPHIDGET_SITE = http://www.phidgets.com/downloads/libraries
LIBPHIDGET_SITE = https://www.phidgets.com/downloads/phidget21/libraries/linux/libphidget
LIBPHIDGET_DEPENDENCIES = libusb
LIBPHIDGET_CONF_OPTS = --disable-ldconfig
LIBPHIDGET_INSTALL_STAGING = YES
+1 -1
View File
@@ -16,7 +16,7 @@ config BR2_PACKAGE_LIBRSVG
The rsvg library is an efficient renderer for Scalable
Vector Graphics (SVG) pictures.
http://librsvg.sourceforge.net/
https://wiki.gnome.org/Projects/LibRsvg
comment "librsvg needs a toolchain w/ wchar, threads, C++"
depends on BR2_USE_MMU
+2 -2
View File
@@ -1,2 +1,2 @@
# From http://ftp.acc.umu.se/pub/gnome/sources/librsvg/2.40/librsvg-2.40.16.sha256sum
sha256 d48bcf6b03fa98f07df10332fb49d8c010786ddca6ab34cbba217684f533ff2e librsvg-2.40.16.tar.xz
# From http://ftp.gnome.org/pub/gnome/sources/librsvg/2.40/librsvg-2.40.18.sha256sum
sha256 bfc8c488c89c1e7212c478beb95c41b44701636125a3e6dab41187f1485b564c librsvg-2.40.18.tar.xz
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
LIBRSVG_VERSION_MAJOR = 2.40
LIBRSVG_VERSION = $(LIBRSVG_VERSION_MAJOR).16
LIBRSVG_VERSION = $(LIBRSVG_VERSION_MAJOR).18
LIBRSVG_SITE = http://ftp.gnome.org/pub/gnome/sources/librsvg/$(LIBRSVG_VERSION_MAJOR)
LIBRSVG_SOURCE = librsvg-$(LIBRSVG_VERSION).tar.xz
LIBRSVG_INSTALL_STAGING = YES
+1 -1
View File
@@ -8,4 +8,4 @@ config BR2_PACKAGE_LIBRSYNC
remote file synchronization that was popularized by the
rsync utility and is used in rproxy.
http://sourceforge.net/projects/librsync/
https://github.com/librsync/librsync
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally computed:
sha256 6633e4605662763a03bb6388529cbdfd3b11a9ec55b8845351c1bd9a92bc41d6 librsync-0.9.7.tar.gz
sha256 b5c4dd114289832039397789e42d4ff0d1108ada89ce74f1999398593fae2169 librsync-v2.0.0.tar.gz
+3 -3
View File
@@ -4,11 +4,11 @@
#
################################################################################
LIBRSYNC_VERSION = 0.9.7
LIBRSYNC_SITE = http://downloads.sourceforge.net/project/librsync/librsync/$(LIBRSYNC_VERSION)
LIBRSYNC_VERSION = v2.0.0
LIBRSYNC_SITE = $(call github,librsync,librsync,$(LIBRSYNC_VERSION))
LIBRSYNC_LICENSE = LGPLv2.1+
LIBRSYNC_LICENSE_FILES = COPYING
LIBRSYNC_INSTALL_STAGING = YES
LIBRSYNC_DEPENDENCIES = zlib bzip2 popt
$(eval $(autotools-package))
$(eval $(cmake-package))
+4 -2
View File
@@ -1,2 +1,4 @@
# From http://ftp.gnome.org/pub/gnome/sources/libsoup/2.56/libsoup-2.56.0.sha256sum
sha256 d8216b71de8247bc6f274ec054c08547b2e04369c1f8add713e9350c8ef81fe5 libsoup-2.56.0.tar.xz
# From http://ftp.gnome.org/pub/gnome/sources/libsoup/2.56/libsoup-2.56.1.sha256sum
sha256 c32a46d77b4da433b51d8fd09a57a44b198e03bdc93e5219afcc687c7948eac3 libsoup-2.56.1.tar.xz
# Locally calculated
sha256 b7993225104d90ddd8024fd838faf300bea5e83d91203eab98e29512acebd69c COPYING
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
LIBSOUP_VERSION_MAJOR = 2.56
LIBSOUP_VERSION = $(LIBSOUP_VERSION_MAJOR).0
LIBSOUP_VERSION = $(LIBSOUP_VERSION_MAJOR).1
LIBSOUP_SOURCE = libsoup-$(LIBSOUP_VERSION).tar.xz
LIBSOUP_SITE = http://ftp.gnome.org/pub/gnome/sources/libsoup/$(LIBSOUP_VERSION_MAJOR)
LIBSOUP_LICENSE = LGPLv2+
@@ -1,178 +0,0 @@
From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 28 Jun 2016 14:22:23 +0200
Subject: [PATCH] Fix XPointer paths beginning with range-to
The old code would invoke the broken xmlXPtrRangeToFunction. range-to
isn't really a function but a special kind of location step. Remove
this function and always handle range-to in the XPath code.
The old xmlXPtrRangeToFunction could also be abused to trigger a
use-after-free error with the potential for remote code execution.
Found with afl-fuzz.
Fixes CVE-2016-5131.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit 9ab01a277d7
result/XPath/xptr/vidbase | 13 ++++++++
test/XPath/xptr/vidbase | 1 +
xpath.c | 7 ++++-
xpointer.c | 76 ++++-------------------------------------------
4 files changed, 26 insertions(+), 71 deletions(-)
diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
index 8b9e92d66d97..f19193e70edb 100644
--- a/result/XPath/xptr/vidbase
+++ b/result/XPath/xptr/vidbase
@@ -17,3 +17,16 @@ Object is a Location Set:
To node
ELEMENT p
+
+========================
+Expression: xpointer(range-to(id('chapter2')))
+Object is a Location Set:
+1 : Object is a range :
+ From node
+ /
+ To node
+ ELEMENT chapter
+ ATTRIBUTE id
+ TEXT
+ content=chapter2
+
diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
index b1463830570a..884b1065d7fd 100644
--- a/test/XPath/xptr/vidbase
+++ b/test/XPath/xptr/vidbase
@@ -1,2 +1,3 @@
xpointer(id('chapter1')/p)
xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
+xpointer(range-to(id('chapter2')))
diff --git a/xpath.c b/xpath.c
index d992841ef0c2..5a01b1b399a2 100644
--- a/xpath.c
+++ b/xpath.c
@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
lc = 1;
break;
} else if ((NXT(len) == '(')) {
- /* Note Type or Function */
+ /* Node Type or Function */
if (xmlXPathIsNodeType(name)) {
#ifdef DEBUG_STEP
xmlGenericError(xmlGenericErrorContext,
"PathExpr: Type search\n");
#endif
lc = 1;
+#ifdef LIBXML_XPTR_ENABLED
+ } else if (ctxt->xptr &&
+ xmlStrEqual(name, BAD_CAST "range-to")) {
+ lc = 1;
+#endif
} else {
#ifdef DEBUG_STEP
xmlGenericError(xmlGenericErrorContext,
diff --git a/xpointer.c b/xpointer.c
index 676c5105837a..d74174a318f1 100644
--- a/xpointer.c
+++ b/xpointer.c
@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
ret->here = here;
ret->origin = origin;
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
- xmlXPtrRangeToFunction);
xmlXPathRegisterFunc(ret, (xmlChar *)"range",
xmlXPtrRangeFunction);
xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
* @nargs: the number of args
*
* Implement the range-to() XPointer function
+ *
+ * Obsolete. range-to is not a real function but a special type of location
+ * step which is handled in xpath.c.
*/
void
-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- xmlXPathObjectPtr range;
- const xmlChar *cur;
- xmlXPathObjectPtr res, obj;
- xmlXPathObjectPtr tmp;
- xmlLocationSetPtr newset = NULL;
- xmlNodeSetPtr oldset;
- int i;
-
- if (ctxt == NULL) return;
- CHECK_ARITY(1);
- /*
- * Save the expression pointer since we will have to evaluate
- * it multiple times. Initialize the new set.
- */
- CHECK_TYPE(XPATH_NODESET);
- obj = valuePop(ctxt);
- oldset = obj->nodesetval;
- ctxt->context->node = NULL;
-
- cur = ctxt->cur;
- newset = xmlXPtrLocationSetCreate(NULL);
-
- for (i = 0; i < oldset->nodeNr; i++) {
- ctxt->cur = cur;
-
- /*
- * Run the evaluation with a node list made of a single item
- * in the nodeset.
- */
- ctxt->context->node = oldset->nodeTab[i];
- tmp = xmlXPathNewNodeSet(ctxt->context->node);
- valuePush(ctxt, tmp);
-
- xmlXPathEvalExpr(ctxt);
- CHECK_ERROR;
-
- /*
- * The result of the evaluation need to be tested to
- * decided whether the filter succeeded or not
- */
- res = valuePop(ctxt);
- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
- if (range != NULL) {
- xmlXPtrLocationSetAdd(newset, range);
- }
-
- /*
- * Cleanup
- */
- if (res != NULL)
- xmlXPathFreeObject(res);
- if (ctxt->value == tmp) {
- res = valuePop(ctxt);
- xmlXPathFreeObject(res);
- }
-
- ctxt->context->node = NULL;
- }
-
- /*
- * The result is used as the new evaluation set.
- */
- xmlXPathFreeObject(obj);
- ctxt->context->node = NULL;
- ctxt->context->contextSize = -1;
- ctxt->context->proximityPosition = -1;
- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
+ int nargs ATTRIBUTE_UNUSED) {
+ XP_ERROR(XPATH_EXPR_ERROR);
}
/**
--
2.10.2
@@ -1,253 +0,0 @@
From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 28 Jun 2016 18:34:52 +0200
Subject: [PATCH] Disallow namespace nodes in XPointer ranges
Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.
Found with afl-fuzz.
Fixes CVE-2016-4658.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit c1d1f712119403
xpointer.c | 149 +++++++++++++++++++++++--------------------------------------
1 file changed, 56 insertions(+), 93 deletions(-)
diff --git a/xpointer.c b/xpointer.c
index a7b03fbdae16..694d120e2e0b 100644
--- a/xpointer.c
+++ b/xpointer.c
@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
}
/**
+ * xmlXPtrNewRangeInternal:
+ * @start: the starting node
+ * @startindex: the start index
+ * @end: the ending point
+ * @endindex: the ending index
+ *
+ * Internal function to create a new xmlXPathObjectPtr of type range
+ *
+ * Returns the newly created object.
+ */
+static xmlXPathObjectPtr
+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
+ xmlNodePtr end, int endindex) {
+ xmlXPathObjectPtr ret;
+
+ /*
+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
+ * Disallow them for now.
+ */
+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
+ return(NULL);
+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
+ return(NULL);
+
+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+ if (ret == NULL) {
+ xmlXPtrErrMemory("allocating range");
+ return(NULL);
+ }
+ memset(ret, 0, sizeof(xmlXPathObject));
+ ret->type = XPATH_RANGE;
+ ret->user = start;
+ ret->index = startindex;
+ ret->user2 = end;
+ ret->index2 = endindex;
+ return(ret);
+}
+
+/**
* xmlXPtrNewRange:
* @start: the starting node
* @startindex: the start index
@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
if (endindex < 0)
return(NULL);
- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
- if (ret == NULL) {
- xmlXPtrErrMemory("allocating range");
- return(NULL);
- }
- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
- ret->type = XPATH_RANGE;
- ret->user = start;
- ret->index = startindex;
- ret->user2 = end;
- ret->index2 = endindex;
+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
xmlXPtrRangeCheckOrder(ret);
return(ret);
}
@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
if (end->type != XPATH_POINT)
return(NULL);
- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
- if (ret == NULL) {
- xmlXPtrErrMemory("allocating range");
- return(NULL);
- }
- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
- ret->type = XPATH_RANGE;
- ret->user = start->user;
- ret->index = start->index;
- ret->user2 = end->user;
- ret->index2 = end->index;
+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
+ end->index);
xmlXPtrRangeCheckOrder(ret);
return(ret);
}
@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
if (start->type != XPATH_POINT)
return(NULL);
- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
- if (ret == NULL) {
- xmlXPtrErrMemory("allocating range");
- return(NULL);
- }
- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
- ret->type = XPATH_RANGE;
- ret->user = start->user;
- ret->index = start->index;
- ret->user2 = end;
- ret->index2 = -1;
+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
xmlXPtrRangeCheckOrder(ret);
return(ret);
}
@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
if (end->type != XPATH_POINT)
return(NULL);
- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
- if (ret == NULL) {
- xmlXPtrErrMemory("allocating range");
- return(NULL);
- }
- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
- ret->type = XPATH_RANGE;
- ret->user = start;
- ret->index = -1;
- ret->user2 = end->user;
- ret->index2 = end->index;
+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
xmlXPtrRangeCheckOrder(ret);
return(ret);
}
@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
if (end == NULL)
return(NULL);
- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
- if (ret == NULL) {
- xmlXPtrErrMemory("allocating range");
- return(NULL);
- }
- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
- ret->type = XPATH_RANGE;
- ret->user = start;
- ret->index = -1;
- ret->user2 = end;
- ret->index2 = -1;
+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
xmlXPtrRangeCheckOrder(ret);
return(ret);
}
@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
if (start == NULL)
return(NULL);
- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
- if (ret == NULL) {
- xmlXPtrErrMemory("allocating range");
- return(NULL);
- }
- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
- ret->type = XPATH_RANGE;
- ret->user = start;
- ret->index = -1;
- ret->user2 = NULL;
- ret->index2 = -1;
+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
return(ret);
}
@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
*/
xmlXPathObjectPtr
xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+ xmlNodePtr endNode;
+ int endIndex;
xmlXPathObjectPtr ret;
if (start == NULL)
@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
return(NULL);
switch (end->type) {
case XPATH_POINT:
+ endNode = end->user;
+ endIndex = end->index;
+ break;
case XPATH_RANGE:
+ endNode = end->user2;
+ endIndex = end->index2;
break;
case XPATH_NODESET:
/*
@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
*/
if (end->nodesetval->nodeNr <= 0)
return(NULL);
+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
+ endIndex = -1;
break;
default:
/* TODO */
return(NULL);
}
- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
- if (ret == NULL) {
- xmlXPtrErrMemory("allocating range");
- return(NULL);
- }
- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
- ret->type = XPATH_RANGE;
- ret->user = start;
- ret->index = -1;
- switch (end->type) {
- case XPATH_POINT:
- ret->user2 = end->user;
- ret->index2 = end->index;
- break;
- case XPATH_RANGE:
- ret->user2 = end->user2;
- ret->index2 = end->index2;
- break;
- case XPATH_NODESET: {
- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
- ret->index2 = -1;
- break;
- }
- default:
- STRANGE
- return(NULL);
- }
+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
xmlXPtrRangeCheckOrder(ret);
return(ret);
}
--
2.10.2
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
sha256 ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c libxml2-2.9.4.tar.gz
sha256 4031c1ecee9ce7ba4f313e91ef6284164885cdb69937a123f6a83bb6a72dcd38 libxml2-2.9.5.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBXML2_VERSION = 2.9.4
LIBXML2_VERSION = 2.9.5
LIBXML2_SITE = ftp://xmlsoft.org/libxml2
LIBXML2_INSTALL_STAGING = YES
LIBXML2_LICENSE = MIT
+7 -7
View File
@@ -28,12 +28,12 @@ choice
config BR2_KERNEL_HEADERS_3_2
bool "Linux 3.2.x kernel headers"
depends on !BR2_arc && !BR2_nios2
depends on !BR2_aarch64 && !BR2_arc && !BR2_nios2
select BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_2
config BR2_KERNEL_HEADERS_3_4
bool "Linux 3.4.x kernel headers"
depends on !BR2_arc && !BR2_nios2
depends on !BR2_aarch64 && !BR2_arc && !BR2_nios2
select BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_4
config BR2_KERNEL_HEADERS_3_10
@@ -214,15 +214,15 @@ endchoice
config BR2_DEFAULT_KERNEL_HEADERS
string
default "3.2.91" if BR2_KERNEL_HEADERS_3_2
default "3.2.93" if BR2_KERNEL_HEADERS_3_2
default "3.4.113" if BR2_KERNEL_HEADERS_3_4
default "3.10.107" if BR2_KERNEL_HEADERS_3_10
default "3.12.74" if BR2_KERNEL_HEADERS_3_12
default "3.18.61" if BR2_KERNEL_HEADERS_3_18
default "3.18.71" if BR2_KERNEL_HEADERS_3_18
default "3.19.8" if BR2_KERNEL_HEADERS_3_19
default "4.0.9" if BR2_KERNEL_HEADERS_4_0
default "4.1.42" if BR2_KERNEL_HEADERS_4_1
default "4.4.78" if BR2_KERNEL_HEADERS_4_4
default "4.1.44" if BR2_KERNEL_HEADERS_4_1
default "4.4.88" if BR2_KERNEL_HEADERS_4_4
default "4.8.17" if BR2_KERNEL_HEADERS_4_8
default "4.9.39" if BR2_KERNEL_HEADERS_4_9
default "4.9.51" if BR2_KERNEL_HEADERS_4_9
default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
+2 -2
View File
@@ -15,13 +15,13 @@ define GPIO_BUILD_CMDS
exit 1 ; \
fi
$(TARGET_MAKE_ENV) $(MAKE) -C $(LINUX_DIR)/tools \
$(TARGET_MAKE_ENV) $(MAKE1) -C $(LINUX_DIR)/tools \
$(GPIO_MAKE_OPTS) \
gpio
endef
define GPIO_INSTALL_TARGET_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(LINUX_DIR)/tools \
$(TARGET_MAKE_ENV) $(MAKE1) -C $(LINUX_DIR)/tools \
$(GPIO_MAKE_OPTS) \
DESTDIR=$(TARGET_DIR) \
gpio_install
+3 -1
View File
@@ -1,6 +1,8 @@
add lua.pc
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Jörg Krause: add @MYLIBS@]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Index: b/etc/lua.pc
===================================================================
@@ -34,7 +36,7 @@ Index: b/etc/lua.pc
+Description: An Extensible Extension Language
+Version: ${R}
+Requires:
+Libs: -L${libdir} -llua -lm
+Libs: -L${libdir} -llua -lm @MYLIBS@
+Cflags: -I${includedir}
+
+# (end of lua.pc)
+3 -1
View File
@@ -1,6 +1,8 @@
add lua.pc
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Jörg Krause: add @MYLIBS@]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Index: b/etc/lua.pc
===================================================================
@@ -34,7 +36,7 @@ Index: b/etc/lua.pc
+Description: An Extensible Extension Language
+Version: ${R}
+Requires:
+Libs: -L${libdir} -llua -lm
+Libs: -L${libdir} -llua -lm @MYLIBS@
+Cflags: -I${includedir}
+
+# (end of lua.pc)
+6 -4
View File
@@ -86,8 +86,9 @@ endef
define LUA_INSTALL_STAGING_CMDS
$(TARGET_MAKE_ENV) $(MAKE) INSTALL_TOP="$(STAGING_DIR)/usr" -C $(@D) install
$(INSTALL) -m 0644 -D $(@D)/etc/lua.pc \
$(STAGING_DIR)/usr/lib/pkgconfig/lua.pc
mkdir -p $(STAGING_DIR)/usr/lib/pkgconfig/
sed -e "s/@MYLIBS@/$(LUA_MYLIBS)/g" $(@D)/etc/lua.pc \
> $(STAGING_DIR)/usr/lib/pkgconfig/lua.pc
endef
define LUA_INSTALL_TARGET_CMDS
@@ -96,8 +97,9 @@ endef
define HOST_LUA_INSTALL_CMDS
$(HOST_MAKE_ENV) $(MAKE) INSTALL_TOP="$(HOST_DIR)/usr" -C $(@D) install
$(INSTALL) -m 0644 -D $(@D)/etc/lua.pc \
$(HOST_DIR)/usr/lib/pkgconfig/lua.pc
mkdir -p $(HOST_DIR)/usr/lib/pkgconfig/
sed -e "s/@MYLIBS@/$(HOST_LUA_MYLIBS)/g" $(@D)/etc/lua.pc \
> $(HOST_DIR)/lib/pkgconfig/lua.pc
endef
$(eval $(generic-package))
+6 -2
View File
@@ -1,2 +1,6 @@
# From https://downloads.mariadb.org/mariadb/10.1.23/
sha256 54d8114e24bfa5e3ebdc7d69e071ad1471912847ea481b227d204f9d644300bf mariadb-10.1.23.tar.gz
# From https://downloads.mariadb.org/mariadb/10.1.26/
sha256 ba88b1cb9967dea2909938a34ba89373b162b0d83e5c98a0f1c94540156bf73d mariadb-10.1.26.tar.gz
# Hash for license files
sha256 69ce89a0cadbe35a858398c258be93c388715e84fc0ca04e5a1fd1aa9770dd3a README
sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 COPYING
+3 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
MARIADB_VERSION = 10.1.23
MARIADB_VERSION = 10.1.26
MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
MARIADB_LICENSE = GPLv2 (server), GPLv2 with FLOSS exception (GPL client library), LGPLv2 (LGPL client library)
# Tarball no longer contains LGPL license text
@@ -67,6 +67,8 @@ MARIADB_CONF_OPTS += \
-DMYSQL_DATADIR=/var/lib/mysql \
-DMYSQL_UNIX_ADDR=$(MYSQL_SOCKET)
HOST_MARIADB_CONF_OPTS += -DWITH_SSL=bundled
# Some helpers must be compiled for host in order to crosscompile mariadb for
# the target. They are then included by import_executables.cmake which is
# generated during the build of the host helpers. It is not necessary to build
+5 -2
View File
@@ -1,2 +1,5 @@
# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.4.2-2.1.7-and-1.3.19-released
sha256 17dd98af7478aadacc480c7e4159e447353b5b2037c1b6d48ed4fd157fb1b018 mbedtls-2.4.2-apache.tgz
# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.6.0-2.1.9-and-1.3.21-released
sha1 e914288da50977f541773f9d36e26f14926594a5 mbedtls-2.6.0-apache.tgz
sha256 99bc9d4212d3d885eeb96273bcde8ecc649a481404b8d7ea7bb26397c9909687 mbedtls-2.6.0-apache.tgz
# Locally calculated
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 apache-2.0.txt
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
MBEDTLS_SITE = https://tls.mbed.org/code/releases
MBEDTLS_VERSION = 2.4.2
MBEDTLS_VERSION = 2.6.0
MBEDTLS_SOURCE = mbedtls-$(MBEDTLS_VERSION)-apache.tgz
MBEDTLS_CONF_OPTS = \
-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS_PROGRAMS),ON,OFF) \
@@ -0,0 +1,38 @@
From 26f884bf977977041fe6f98a0af186be1580bf22 Mon Sep 17 00:00:00 2001
From: Simon Morlat <simon.morlat@linphone.org>
Date: Thu, 29 Sep 2016 15:26:18 +0200
Subject: [PATCH] fix compilation issue with latest bctoobox
[Upstream commit https://github.com/BelledonneCommunications/mediastreamer2/commit/26f884bf977977041fe6f98a0af186be1580bf22]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
configure.ac | 2 +-
src/crypto/dtls_srtp.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 7ab20a08f..244d87275 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1116,7 +1116,7 @@ fi
dnl check bctoolbox library
-PKG_CHECK_MODULES(BCTOOLBOX, bctoolbox >= 0.0.0, found_bctoolbox=true, found_bctoolbox=false)
+PKG_CHECK_MODULES(BCTOOLBOX, bctoolbox >= 0.4.0, found_bctoolbox=true, found_bctoolbox=false)
if test "$found_bctoolbox" = "true" ; then
LIBS="$LIBS $BCTOOLBOX_LIBS"
CFLAGS="$CFLAGS $BCTOOLBOX_CFLAGS"
diff --git a/src/crypto/dtls_srtp.c b/src/crypto/dtls_srtp.c
index e2c8e1c44..fd37eb5cb 100644
--- a/src/crypto/dtls_srtp.c
+++ b/src/crypto/dtls_srtp.c
@@ -705,7 +705,7 @@ static int ms_dtls_srtp_initialise_bctbx_dtls_context(DtlsBcToolBoxContext *dtls
bctbx_ssl_config_set_authmode(dtlsContext->ssl_config, BCTBX_SSL_VERIFY_OPTIONAL);
bctbx_ssl_config_set_own_cert( dtlsContext->ssl_config, dtlsContext->crt, dtlsContext->pkey );
/* This is useless as peer would certainly be a self signed certificate and we won't verify it but avoid runtime warnings */
- bctbx_ssl_config_set_ca_chain(dtlsContext->ssl_config, dtlsContext->crt, NULL);
+ bctbx_ssl_config_set_ca_chain(dtlsContext->ssl_config, dtlsContext->crt);
/* we are not ready yet to actually start the ssl context, this will be done by calling bctbx_ssl_setup when stream starts */
return 0;
-1
View File
@@ -1,3 +1,2 @@
# Locally calculated
sha256 1144849c0c96abafb1153adf56109f0f195a9e4a53cf28cb611bbca7a9012c1a mediastreamer-2.14.0.tar.gz
sha256 90091ab0aa7a77381ab1ca5d88cdfa4e7f62505fb452a2bea0f70054d9d1aece 26f884bf977977041fe6f98a0af186be1580bf22.patch
+2 -5
View File
@@ -7,16 +7,13 @@
MEDIASTREAMER_VERSION = 2.14.0
MEDIASTREAMER_SITE = http://download.savannah.nongnu.org/releases/linphone/mediastreamer
MEDIASTREAMER_INSTALL_STAGING = YES
MEDIASTREAMER_DEPENDENCIES = host-intltool host-pkgconf ortp host-gettext
# host-vim needed for the xxd utility
MEDIASTREAMER_DEPENDENCIES = host-intltool host-pkgconf ortp host-gettext host-vim
# tests fail linking on some architectures, so disable them
MEDIASTREAMER_CONF_OPTS = --disable-tests --disable-glx --disable-strict
MEDIASTREAMER_LICENSE = GPLv2+
MEDIASTREAMER_LICENSE_FILES = COPYING
# fix compilation issue with latest bctoolbox (touches configure.ac)
MEDIASTREAMER_PATCH = \
https://github.com/BelledonneCommunications/mediastreamer2/commit/26f884bf977977041fe6f98a0af186be1580bf22.patch
# patching configure.ac
MEDIASTREAMER_AUTORECONF = YES
+1 -1
View File
@@ -29,7 +29,7 @@ define MINIDLNA_INSTALL_INIT_SYSV
endef
define MINIDLNA_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 0755 package/minidlna/minidlnad.service \
$(INSTALL) -D -m 0644 package/minidlna/minidlnad.service \
$(TARGET_DIR)/usr/lib/systemd/system/minidlnad.service
mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
+3
View File
@@ -11,6 +11,9 @@
# Copyright 2003 Key Research, Inc.
# Create needed directories
mkdir -p /var/lock/subsys
# Source function library.
if [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions

Some files were not shown because too many files have changed in this diff Show More