Compare commits

...

72 Commits

Author SHA1 Message Date
Peter Korsgaard 91850b3497 Update for 2017.02.10
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 20:19:39 +01:00
Julien BOIBESSOT 82c2214df7 package/liberation: fix download site due to recent fedorahosted.org closing
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 53c07aa3a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 16:45:36 +01:00
Fabio Estevam d6c4c48b8b linux-headers: bump 4.{4, 9}.x series
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2dbfb76d2e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 16:32:21 +01:00
Carlos Santos 78d4e60c0e eudev: fix printf usage in init script
Using a variable in a printf format string may lead to undesirable
results if the variable contains format controls, so replace

    printf "foo $var bar"

by

    printf "foo %s bar" "$var"

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6298ed8bf4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:17:01 +01:00
Carlos Santos 1a2da909ca eudev: fix error handling init script
Replace (echo "msg" && exit 1) by { echo "msg"; exit 1; }.

The (list) compound command runs in a subshell, so the "exit" interrupts
the subshell, not the main script. Examples:

    $ sh -c "echo 1; (exit 1); echo 2"
    1
    2
    $ sh -c "echo 1; { exit 1; }; echo 2"
    1
    $

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3f568fe099)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:16:52 +01:00
Bernd Kuhls 8207b3ad28 package/berkeleydb: add security fix for CVE-2017-10140
Fixes CVE-2017-10140: Berkeley DB reads DB_CONFIG from cwd

For more details, see:
https://security-tracker.debian.org/tracker/CVE-2017-10140

And add license hash while we are at it.

[Peter: extend commit message]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 0b368023f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:09:18 +01:00
Peter Korsgaard e4755cd898 dovecot: add upstream security fix for CVE-2017-15132
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0.  An abort of SASL
authentication results in a memory leak in dovecot's auth client used by
login processes.  The leak has impact in high performance configuration
where same login processes are reused and can cause the process to crash due
to memory exhaustion.

For more details, see:
http://www.openwall.com/lists/oss-security/2018/01/25/4

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 28adb37be4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:09:00 +01:00
Bernd Kuhls 115bebbf18 package/dovecot: bump version to 2.2.33.2
Added license hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 746f94c282)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:08:32 +01:00
Bernd Kuhls 96202e7007 package/dovecot: bump version to 2.2.31
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5723251f18)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:08:22 +01:00
Bernd Kuhls d3c155461e package/dovecot: bump version to 2.2.30.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 64c476da40)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:08:07 +01:00
Bernd Kuhls fd5d1db660 package/dovecot: bump version to 2.30.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 083e9c64f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:08:01 +01:00
Bernd Kuhls 5b8514907d package/dovecot: bump version to 2.2.30
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bcded15090)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:07:55 +01:00
Peter Korsgaard e35b7a17e0 openocd: add security fix for CVE-2018-5704
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP
POST for sending data to 127.0.0.1 port 4444, which allows remote attackers
to conduct cross-protocol scripting attacks, and consequently execute
arbitrary commands, via a crafted web site.

For more details, see:
https://sourceforge.net/p/openocd/mailman/message/36188041/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8fb8dddbf4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a01d75d125)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:04:51 +01:00
Peter Korsgaard d52cd750c7 wireshark: security bump to version 2.2.12
Fixes the following security issues:

CVE-2017-17997: MRDISC dissector crash
https://www.wireshark.org/security/wnpa-sec-2018-02.html

CVE-2018-5334: IxVeriWave file parser crash
https://www.wireshark.org/security/wnpa-sec-2018-03.html

CVE-2018-5335: WCP dissector crash
https://www.wireshark.org/security/wnpa-sec-2018-04.html

CVE-2018-5336: Multiple dissectors could crash
https://www.wireshark.org/security/wnpa-sec-2018-01.html

For more information, see the release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html

While we are at it, also add as hash for license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2d920ad1b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:04:31 +01:00
Bernd Kuhls 4b2b530d55 package/transmission: security bump version to 2.93
Fixes CVE-2018-5702:
https://github.com/transmission/transmission/pull/468

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6e43a52aa8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:04:16 +01:00
Bernd Kuhls f62ac81b70 package/clamav: security bump to version 0.99.3
Fixes CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.

For details see upstream announcement:
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

Added license hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ffb5dee113)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:03:19 +01:00
Bernd Kuhls 6b8b40cfaf package/clamav: renumber patch
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c60a54ff8b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:03:05 +01:00
Bernd Kuhls 0420d0910b package/clamav: add optional dependency to json-c
clamav has optional support for json-c:

$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/libclamav.so.7.1.1 | grep NEEDED
 0x00000001 (NEEDED)                     Shared library: [libltdl.so.7]
 0x00000001 (NEEDED)                     Shared library: [libssl.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libcrypto.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libz.so.1]
 0x00000001 (NEEDED)                     Shared library: [libjson-c.so.2]
 0x00000001 (NEEDED)                     Shared library: [libc.so.0]

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 013207f2e4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:02:36 +01:00
Bernd Kuhls 2e7314247f package/clamav: needs libtool
clamav contains a copy of libltdl which is used when the libtool
package is not present, this increases the filesize of the target libs:

linked against libltdl.so:

-rwxr-xr-x 1 bernd bernd 1838528 Mär 11 13:21 output/target/usr/lib/libclamav.so.7.1.1

$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/libclamav.so.7.1.1 | grep NEEDED
 0x00000001 (NEEDED)                     Shared library: [libltdl.so.7]
 0x00000001 (NEEDED)                     Shared library: [libssl.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libcrypto.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libz.so.1]
 0x00000001 (NEEDED)                     Shared library: [libc.so.0]

not linked against libltdl.so:

-rwxr-xr-x 1 bernd bernd 1859548 Mär 11 13:21 output/target/usr/lib/libclamav.so.7.1.1

$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/libclamav.so.7.1.1 | grep NEEDED
 0x00000001 (NEEDED)                     Shared library: [libssl.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libcrypto.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libz.so.1]
 0x00000001 (NEEDED)                     Shared library: [libc.so.0]

Therefore this patch adds libtool as hard dependency to clamav.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a5b0607b4a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:02:27 +01:00
Mark Hirota 2b1b52ba8e ccache: bump to version 3.3.5
(Likely) fixes #10536

https://bugs.buildroot.org/show_bug.cgi?id=10536

Signed-off-by: Mark Hirota <markhirota@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 01955b5b6e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 13:00:42 +01:00
Gustavo Zacarias d8e24ab5e7 ccache: bump to version 3.3.4
Switch download URL to avoid a redirect.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 64da2fd259)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:59:07 +01:00
Fabio Estevam 7204c26c1f linux-headers: bump 4.{4, 9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 770c19df08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:58:32 +01:00
Fabio Estevam 6e8ffd8180 linux-headers: bump 4.1.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4d7bd9f643)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:57:56 +01:00
Baruch Siach 6577e33ff0 libcurl: security bump to version 7.58.0
Fixes CVE-2018-1000007: libcurl might leak authentication data to third
parties.

https://curl.haxx.se/docs/adv_2018-b3bf.html

Fixes CVE-2018-1000005: libcurl contains an out bounds read in code handling
HTTP/2 trailers.

https://curl.haxx.se/docs/adv_2018-824a.html

Update license hash due to copyright year change.

[Peter: also add CVE-2018-1000005 reference]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e02dd5a492)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:56:10 +01:00
Carlos Santos 59967b4933 util-linux: disable useless programs in the host package
Disable all programs that depend on ncurses, as well as utilities that
are useless on the host: agetty, chfn-chsh, chmem, login, lslogins,
mesg, more, newgrp, nologin, nsenter, pg, rfkill, schedutils, setpriv,
setterm, su, sulogin, tunelp, ul, unshare, uuidd, vipw, wall, wdctl,
write, zramctl.

Also add dependency on host-zlib if host cramfs utils are to be built.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 67170b76af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:55:54 +01:00
Adrian Perez de Castro b79ca02d77 webkitgtk: security bump to version 2.18.6
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE-2018-4088, CVE-2017-13885,
CVE-2017-7165, CVE-2017-13884, CVE-2017-7160, CVE-2017-7153,
CVE-2017-7153, CVE-2017-7161, and CVE-2018-4096. Additionally, it solves
a GStreamer deadlock when stopping video playback, and contains fixes
and improvements for the WebDriver implementation.

Release notes can be found in the announcement:

  https://webkitgtk.org/2018/01/24/webkitgtk2.18.6-released.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 54798893b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:47:50 +01:00
Adrian Perez de Castro 03c1972f73 webkitgtk: Add missing libtasn1 dependency
Nowadays libtasn1 is always required and if not present the CMake
configuration step would fail.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d052ed473d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:47:43 +01:00
Gary Bisson 4a4e93f44a fis: fix typo in build command
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 840d1a8d56)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:15:56 +01:00
Peter Korsgaard 3be81ea5d3 squid: add upstream post-3.5.27 security patches
Fixes the following security issues:

SQUID-2018:1 Due to incorrect pointer handling Squid is vulnerable to denial
of service attack when processing ESI responses.

http://www.squid-cache.org/Advisories/SQUID-2018_1.txt

SQUID-2018:2  Due to incorrect pointer handling Squid is vulnerable to
denial of service attack when processing ESI responses or downloading
intermediate CA certificates.

http://www.squid-cache.org/Advisories/SQUID-2018_2.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6f481c83b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:15:43 +01:00
Peter Korsgaard 7ee653689d squid: bump version to 3.5.27
And add a hash for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 001b834aac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:15:37 +01:00
Vicente Olivert Riera 5ce5653e48 squid: bump version to 3.5.26
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fffced338d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:14:57 +01:00
Vicente Olivert Riera ceb374ae17 squid: bump version to 3.5.25
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 330ad683c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 12:14:49 +01:00
Alistair Francis 046987a601 package/xen: Force disable SDL for xen-qemu build
Fixes autobuilder issue:
http://autobuild.buildroot.net/results/8bcb80dc93d38bb38ca32ad93d52c22d1176d57e/

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a5dd72181e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 08:07:43 +01:00
Ed Blake 66d94a0ed1 rpcbind: Backport fixes to memory leak security fix
Commit 954509f added a security fix for CVE-2017-8779, involving
pairing all svc_getargs() calls with svc_freeargs() to avoid a memory
leak.  However it also introduced a couple of issues:

- The call to svc_freeargs() from rpcbproc_callit_com() may result in
  an attempt to free static memory, resulting in undefined behaviour.

- A typo in the svc_freeargs() call from pmapproc_dump() causes NIS
  (aka ypbind) to fail.

Backport upstream fixes for these issues to version 0.2.3.

Signed-off-by: Ed Blake <ed.blake@sondrel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5a9a95d0eb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 08:07:29 +01:00
Einar Jon Gunnarsson ca8e637eb4 iputils: fix ping and traceroute6 executable permissions
The iputils executables are installed without the setuid bit set,
which prevents some programs from working.

This patch adds a permission table to fix the permissions of the ping
and traceroute6 executables.

Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b0e2d00289)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 08:07:05 +01:00
Fabio Estevam 0b7278edc8 linux-headers: bump 4.{4, 9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f8fc447c20)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-31 08:05:44 +01:00
Peter Korsgaard 1c87c3baf4 bind: security bump to version 9.11.2-P1
Fixes the following security issue:

CVE-2017-3145: Improper sequencing during cleanup can lead to a
use-after-free error, triggering an assertion failure and crash in
named.

For more details, see the advisory:
https://lists.isc.org/pipermail/bind-announce/2018-January/001072.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d72a2b9247)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:46:28 +01:00
Guillermo A. Amaral eefe01c5d1 support/kconfig: Apply upstream nconfig ncurses/ncursesw fix
Buildroot's "make nconfig" command stopped working a while ago on
Gentoo systems. Running the command would result in a crash.

The issue is caused by lxdialog's cflags which are also used to build
nconfig; It would detect *ncursesw* and turn on WIDECHAR support --
but the Makefile would still link to plain *ncurses* while building
nconfig (which was built without WIDECHAR support).

This would cause a crash after using *wattrset* on a WINDOW instance.
WIDECHAR *wattrset* would try to set the _color member in the WINDOW
struct which does not exist in the NON-WIDECHAR ncurses instance. It
would end up clobbering data outside the struct (usually _line entries).

An upstream patch fixes the issue, so we're applying it to Buildroot's
kconfig.

Signed-off-by: Guillermo A. Amaral <g@maral.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8aa4ee2b02)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:45:17 +01:00
Romain Naour 4298d90fde package/ti-cgt-pru: bump to 2.2.1
See: http://www.ti.com/tool/download/PRU-CGT-2-2

The ti-cgt-pru v2.1.x installer are affected by a bug with recent
distribution (Fedora 27 and Ubuntu 17.10) using kernel 4.13 or 4.14
with a glibc 2.26.
The installer is stuck in a futex(wait) system call.

While at it, add license hash.

Fixes:
http://autobuild.buildroot.net/results/68f/68f60ad38d9b6eae83b5d233966616a25d8c9391

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Ash Charles <ash.charles@savoirfairelinux.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0e162b932d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:44:58 +01:00
Cam Mannett 3d57974bce ti-cgt-pru: bump version to 2.1.4
Signed-off-by: Cam Mannett <camden.mannett@protonmail.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 82bc0222e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:41:53 +01:00
Thomas Petazzoni d40ba85e00 system: only expose getty options for busybox and sysvinit
Only busybox and sysvinit handle the BR2_TARGET_GENERIC_GETTY_TERM and
BR2_TARGET_GENERIC_GETTY_OPTIONS options; the other init systems do
not.

So, protect those options behind appropriate dependencies on busybox
or sysvinit.

Fixes #10301.

Reported-by: Michael Heinemann <posted@heine.so>
Suggested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5e23eb5da7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:37:26 +01:00
Peter Korsgaard 49daa38f61 mcookie: correct wrong memset argument
Fixes #10216

Building mcookie generates a warning about possible wrong arguments to
memset:

mcookie.c:207:26: warning: argument to ‘sizeof’ in ‘memset’ call is the same expression
  as the destination; did you mean to dereference it? [-Wsizeof-pointer-memaccess]
     memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */

ctx is a pointer to a structure, so the code should use the size of the
structure and not the size of the pointer when it tries to clear the
structure, similar to how it got fixed upstream back in 2009:

https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/lib/md5.c?id=6596057175c6ed342dc20e85eae8a42eb29b629f

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 40f4191f2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:36:59 +01:00
Thomas Petazzoni 17cf7e511e lz4: install programs as well as libraries
Prior to commit 8ad38a4fc2
("package/lz4: bump version to r131"), the lz4 package was installing
both libraries and programs, but this commit changed the behavior to
only install libraries.

The contributor might have been confused by the fact that the build
command was "$(MAKE) ... -C $(@D) liblz4", suggesting that only the
library was built. But since the install command was "$(MAKE) ... -C
$(@D) install", the programs were effectively built as part of the
install step, and installed as well.

Since it makes sense for lz4 to also installs its programs, this
commit adjusts the package accordingly.

It is worth mentioning that using the "all" target during the build
step is important. Indeed, otherwise the programs/Makefile has a
"default" target that doesn't build everything (especially the lz4c
program) and it end up being built as part of the install step, due to
how the makefile dependencies are handled in the lz4 project. To make
sure that everything gets built during the build step, we explicitly
use the "all" target.

Fixes bug #9996

Reported-by: Jamin Collins <jamin.collins@gmail.com>
Initial-analysis-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6f1c11f79a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:36:42 +01:00
Thomas Petazzoni 6b0193a883 lz4: pass {TARGET,HOST}_CONFIGURE_OPTS in the environment
{TARGET,HOST}_CONFIGURE_OPTS are currently passed as $(MAKE) argument,
which causes some CPPFLAGS/CFLAGS defined by the package build system to
be overridden, leading to build failures. This commit changes the lz4
package to pass {TARGET,HOST}_CONFIGURE_OPTS through the environment to
avoid this issue.

Fixes:

  http://autobuild.buildroot.net/results/2a578a9c462463fde802c999156723494fe1b14d/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f4dc73568b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 23:36:29 +01:00
Thomas Petazzoni a06bf88dca busybox: don't remove S01logging when CONFIG_SYSLOGD is disabled
The current busybox.mk explicitly removes S01logging if CONFIG_SYSLOGD
is disabled in the Busybox configuration. However:

 - This causes the removal of the S01logging script potentially
   installed by another package (currently syslog-ng, rsyslog and
   sysklogd can all install a S01logging script).

 - We generally don't try to clean-up stuff that we may have installed
   in a previous make invocation and that is no longer needed
   following a configuration change.

Fixes bug #10176

Reported-by: Karl Krach <mail@kkrach.de>
Fix-provided-by: Karl Krach <mail@kkrach.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 84e835ea92)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:29:09 +01:00
Thomas Petazzoni ca30124eb0 package/kmsxx: don't install static libraries when BR2_SHARED_STATIC_LIBS=y
The kmsxx build system can only build either shared libraries *or*
static libraries, not both. Therefore, the build currently fails when
BR2_SHARED_STATIC_LIBS=y because we try to install the static
libraries, that haven't been built.

We fix this by not installing the static libraries when
BR2_SHARED_STATIC_LIBS=y, making BR2_SHARED_STATIC_LIBS=y essentially
the same as BR2_SHARED_LIBS=y for this package.

Fixes bug #10331.

Reported-by:  Frederic MATHIEU <frederic.mathieu@dualis.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 28d5ca9c96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:15:38 +01:00
Thomas Petazzoni 173fa7c010 package/avahi: fix typo in avahi_tmpfiles.conf
There is an obvious typo in avahi_tmpfiles.conf: avahi-autoipd is
badly spelled.

Fixes bug #10641.

Reported-by: Michael Heinemann <posted@heine.so>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c427ce4d9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:14:33 +01:00
Bernd Kuhls 9d44f98b08 package/intel-microcode: security bump to version 20180108
Quoting releasenote:

"Intel Processor Microcode Package for Linux
20180108 Release

-- Updates upon 20171117 release --
IVT C0          (06-3e-04:ed) 428->42a
SKL-U/Y D0      (06-4e-03:c0) ba->c2
BDW-U/Y E/F     (06-3d-04:c0) 25->28
HSW-ULT Cx/Dx   (06-45-01:72) 20->21
Crystalwell Cx  (06-46-01:32) 17->18
BDW-H E/G       (06-47-01:22) 17->1b
HSX-EX E0       (06-3f-04:80) 0f->10
SKL-H/S R0      (06-5e-03:36) ba->c2
HSW Cx/Dx       (06-3c-03:32) 22->23
HSX C0          (06-3f-02:6f) 3a->3b
BDX-DE V0/V1    (06-56-02:10) 0f->14
BDX-DE V2       (06-56-03:10) 700000d->7000011
KBL-U/Y H0      (06-8e-09:c0) 62->80
KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80
KBL-H/S B0      (06-9e-09:2a) 5e->80
CFL U0          (06-9e-0a:22) 70->80
CFL B0          (06-9e-0b:02) 72->80
SKX H0          (06-55-04:b7) 2000035->200003c
GLK B0          (06-7a-01:01) 1e->22"

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19ab5952fa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:13:42 +01:00
Bernd Kuhls 856379bd1b package/intel-microcode: bump version to 20171117
Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6d2d6cbf90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:13:36 +01:00
Bernd Kuhls ff54fccc9f package/intel-microcode: bump to version 20170707
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7896af3f94)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:13:21 +01:00
Bernd Kuhls dfb6b48cc7 package/intel-microcode: bump version to 20170511
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit db04cda0d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:13:13 +01:00
Adrian Perez de Castro 10e19971c6 webkitgtk: security bump to version 2.18.5
This is a maintenance release of the current stable WebKitGTK+ version,
which contains mitigations for CVE-2017-5753 and CVE-2017-5715, the
vulnerabilities known as the "Spectre" attack. It also contains a fix
which allows building the reference documentation with newer gtk-doc
versions.

Release notes can be found in the announcement:

  https://webkitgtk.org/2018/01/10/webkitgtk2.18.5-released.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c5bc08ba3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:12:15 +01:00
Fabio Estevam 73d103ccfe linux-headers: bump 4.{4, 9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f932dc9626)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:10:51 +01:00
Fabio Estevam ed05e8a2fe linux-headers: bump 3.2.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a24ed4127e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:09:22 +01:00
Peter Korsgaard 12909ab1b4 irssi: security bump to version 1.0.6
>From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):

Multiple vulnerabilities have been located in Irssi.

(a) When the channel topic is set without specifying a sender, Irssi
    may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)

    CVE-2018-5206 was assigned to this issue.

(b) When using incomplete escape codes, Irssi may access data beyond
    the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5205 was assigned to this issue.

(c) A calculation error in the completion code could cause a heap
    buffer overflow when completing certain strings. (CWE-126) Found
    by Joseph Bisch.

    CVE-2018-5208 was assigned to this issue.

(d) When using an incomplete variable argument, Irssi may access data
    beyond the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5207 was assigned to this issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit aebdb1cd4b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:08:43 +01:00
Bernd Kuhls 4273c138d1 package/pound: Fix build with openssl 1.0.2
Fixes
http://autobuild.buildroot.net/results/5be/5be1082dee8387b1140d802ac3c788896a4bf980/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d28fa26f27)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:02:17 +01:00
Yann E. MORIN 5a7cb6dcf6 core/infra: fix build on toolchain without C++
Autotools-based packages that do not need C++ but check for it, and use
libtool, will fail to configure on distros that lack /lib/cpp.

This is the case for example on Arch Linux, where expat fails to build
with:

    configure: error: in `/home/dkc/src/buildroot/build/build/expat-2.2.4':
    configure: error: C++ preprocessor "/lib/cpp" fails sanity check

This is because libtool uses AC_PROC_CXXCPP, which can not be avoided,
and does require a cpp that passes some "sanity" checks (does not choke
on valid input, but does choke on invalid input). So we can use neither
/bin/false nor /bin/true...

We instead need something that can digest some basic C++ preprocessor
input. We can't use the target preprocessor: that does not work, because
it obviously has no C++ cupport:

    arm-linux-cpp.br_real: error: conftest.cpp: C++ compiler not
    installed on this system

We can however consider that the host machine does have a C++ compiler,
so we use the host' cpp, which is gcc's compiler wrapper that ends up
calling the host's C++ preprocessor.

That would give us a valid C++ preprocessor when we don't have one, in
fact. But autotools will then correctly fail anyway, because there is
indeed no C++ compiler at all, as we can see in this excerpt of a
configure log from expat:

    checking whether we are using the GNU C++ compiler... no
    checking whether false accepts -g... no
    checking dependency style of false... none
    checking how to run the C++ preprocessor... cpp
    checking whether the false linker (/home/ymorin/dev/buildroot/O/host/bin/arm-linux-ld) supports shared libraries... yes
    libtool.m4: error: problem compiling CXX test program
    checking for false option to produce PIC...  -DPIC
    checking if false PIC flag  -DPIC works... no
    checking if false static flag  works... no
    checking if false supports -c -o file.o... no
    checking if false supports -c -o file.o... (cached) no
    checking whether the false linker (/home/ymorin/dev/buildroot/O/host/bin/arm-linux-ld) supports shared libraries... yes

So, using the host's C++ preprocessor (by way of gcc's wrapper) leads to
a working situation, where the end result is as expected.

Reported-by: Damien Riegel <damien.riegel@savoirfairelinux.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Damien Riegel <damien.riegel@savoirfairelinux.com>
Cc: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bd39d11d2e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 13:01:31 +01:00
Bernd Kuhls 81addfcabe package/php: security bump to 7.1.13
Removed 0008-fix-asm-constraints-in-aarch64-multiply-macro.patch, patch
was applied upstream:
https://github.com/php/php-src/commit/d6d4f2a9b38cd7fa7e938142e49e5a514d612e52

Renumbered patch 0009.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2c59323b84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:33:50 +01:00
Bernd Kuhls 5356c7df69 package/php: bump version to 7.1.12
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ab01a1279c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:33:41 +01:00
Bernd Kuhls de159eb44c package/php: bump version to 7.1.11
Changelog: http://www.php.net/ChangeLog-7.php#7.1.11
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8c4a432185)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:33:32 +01:00
Bernd Kuhls 24f088b0d6 package/php: bump version to 7.1.10
Changelog: http://www.php.net/ChangeLog-7.php#7.1.10

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6429f1a4bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:33:22 +01:00
Bernd Kuhls 231f5e9a4d package/php: bump version to 7.1.9
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cee153b838)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:33:18 +01:00
Fabio Estevam ba2560d2da linux-headers: bump 4.{4, 9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7f02b4ae45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:32:28 +01:00
Ryan Coe 96c3b3455c mariadb: security bump version to 10.1.30
Release notes: https://mariadb.com/kb/en/mariadb-10130-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10130-changelog/

Fixes the following security vulnerability:

CVE-2017-15365 - Replication in sql/event_data_objects.cc occurs before ACL
checks.

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca1f2d266d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:31:41 +01:00
Fabio Estevam 8039ef2ebf linux-headers: bump 4.{4, 9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1897a56a2b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:28:17 +01:00
Fabio Estevam 18867c1695 linux-headers: bump 3.2.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 28d57106b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:27:03 +01:00
Carlos Santos 5188e3eb03 coreutils: expand list of files moved from /usr/bin to /bin
BusyBox installs kill, link, mktemp, nice and printenv on /bin, so
ensure that coreutils replaces them.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 443897bce4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:26:52 +01:00
Baruch Siach ac845908dd eeprog: fix homepage link
The current link leads to a 400 Bad Request error page.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b0748bd1ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:25:06 +01:00
Thomas Petazzoni c7787871d4 tar: do not build SELinux support for host variant
If we don't explicitly disable SELinux support in the host-tar build,
it might pick up system-wide installed SELinux libraries, causing the
tar in HOST_DIR/bin/ to depend on the host SELinux libraries, which is
not desirable to make the SDK portable/relocatable.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 121807c089)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:24:51 +01:00
Yann E. MORIN 441e222d24 package/matchbox-lib: correctly fix the .pc file
First, the .pc file was so far fixed as a post-configure hook of the
matchbox-fakekey package, by directly tweaking the .pc file installed in
staging by matchbox-lib. That's uterly wrong and bad.

So, we move the fix to matchbox-lib.

Second, it was incorreclty tweaking the .pc file when xlib_libXft was
not enabled, because only then a path to staging was present.

Third, even when xlib_libXft was enabled, the tweaking was still wrong,
because unnecessary.

Fix all that.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 84a2645e5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:24:14 +01:00
Yann E. MORIN 8de952490c matchbox-lib: fix dependencies
matchbox-lib build-depends on xlib_libXext, but forgets to select it.
It also build-depends on expat without selecting it, but it does need
it.

Fix that: select xlib_libXext, remove expat.

Add myself to developpers for matchbox packages.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2cfda4704e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:23:54 +01:00
Marcus Folkesson 8edcd98c49 libiio: fix libavahi-client dependency
Avahi needs avahi-daemon and D-Bus to build avahi-client.

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 18e00edb77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-29 22:22:29 +01:00
70 changed files with 699 additions and 107 deletions
+30
View File
@@ -1,3 +1,33 @@
2017.02.10, Released January 31st, 2018
Important / security related fixes.
nconfig: Fix for ncurses/ncursesw linking issue causing crashes.
System: Only show getty options when busybox init or sysvinit
are used.
Infrastructure: Fix build issue for autotools based packages
checking for C++ support on toolchains without C++ support and
on a distro lacking /lib/cpp (E.G. Arch Linux).
Updated/fixed packages: avahi, berkeleydb, bind, busybox,
ccache, clamav, coreutils, dovecot, eeprog, eudev, fis,
intel-microcode, iputils, irssi, kmsxx, liberation, libiio,
lz4, mariadb, matchbox-lib, mcookie, openocd, php, pound,
rpcbind, squid, tar, ti-cgt-pru, transmission, util-linux,
webkitgtk, wireshark, xen
Issues resolved (http://bugs.buildroot.org):
#9996: lz4 package does not install lz4 binaries in target
#10176: Rsyslog's S01logging is deleted by Busybox.mk from...
#10216: package/x11r7/mcookie/mcookie.c:207: bad size ?
#10301: systemd/getty unused options
#10331: kmsxx, host installation fails with BR2_SHARED_...
#10536: Finding non-relative paths in the ccache
#10641: avahi-autoipd not starting when using systemd-tmpfiles
2017.02.9, Released January 1st, 2018
Important / security related fixes.
+1
View File
@@ -1624,6 +1624,7 @@ F: package/libinput/
F: package/libiscsi/
F: package/libseccomp/
F: package/linux-tools/
F: package/matchbox*
F: package/mesa3d-headers/
F: package/mke2img/
F: package/nut/
+2 -2
View File
@@ -86,9 +86,9 @@ else # umask / $(CURDIR) / $(O)
all:
# Set and export the version string
export BR2_VERSION := 2017.02.9
export BR2_VERSION := 2017.02.10
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1514805000
BR2_VERSION_EPOCH = 1517426000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
+1 -1
View File
@@ -388,7 +388,7 @@ DISABLE_NLS :=--disable-nls
endif
ifneq ($(BR2_INSTALL_LIBSTDCPP),y)
TARGET_CONFIGURE_OPTS += CXX=false
TARGET_CONFIGURE_OPTS += CXX=false CXXCPP=cpp
endif
ifeq ($(BR2_STATIC_LIBS),y)
+1 -1
View File
@@ -1 +1 @@
d /tmp/avahi-autopid 0755 avahi avahi
d /tmp/avahi-autoipd 0755 avahi avahi
@@ -0,0 +1,21 @@
Do not access DB_CONFIG when db_home is not set
Fixes CVE-2017-10140:
https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9
Downloaded from
http://pkgs.fedoraproject.org/cgit/rpms/libdb.git/commit/?id=8047fa8580659fcae740c25e91b490539b8453eb
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
--- db-5.3.28/src/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200
+++ db-5.3.28/src/env/env_open.c 2017-06-26 10:32:46.893721233 +0200
@@ -473,7 +473,7 @@
env->db_mode = mode == 0 ? DB_MODE_660 : mode;
/* Read the DB_CONFIG file. */
- if ((ret = __env_read_db_config(env)) != 0)
+ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
return (ret);
/*
+1
View File
@@ -1,2 +1,3 @@
# Locally calculated
sha256 76a25560d9e52a198d37a31440fd07632b5f1f8f9f2b6d5438f4bc3e7c9013ef db-5.3.28.NC.tar.gz
sha256 b78815181a53241f9347c6b47d1031fd669946f863e1edc807a291354cec024b LICENSE
+2 -2
View File
@@ -1,3 +1,3 @@
# Verified from http://ftp.isc.org/isc/bind9/9.11.2/bind-9.11.2.tar.gz.sha256.asc
sha256 7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a bind-9.11.2.tar.gz
# Verified from http://ftp.isc.org/isc/bind9/9.11.2-P1/bind-9.11.2-P1.tar.gz.sha256.asc
sha256 cec31548832fca3f85d95178d4019b7d702039e8595d4c93914feba337df1212 bind-9.11.2-P1.tar.gz
sha256 d3906dfe153e2c48440d3ca1d5319f5e89b4b820cdfc5d0779c23d7ac2b175e9 COPYRIGHT
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
BIND_VERSION = 9.11.2
BIND_VERSION = 9.11.2-P1
BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
# bind does not support parallel builds.
BIND_MAKE = $(MAKE1)
+1 -1
View File
@@ -175,7 +175,7 @@ define BUSYBOX_INSTALL_LOGGING_SCRIPT
if grep -q CONFIG_SYSLOGD=y $(@D)/.config; then \
$(INSTALL) -m 0755 -D package/busybox/S01logging \
$(TARGET_DIR)/etc/init.d/S01logging; \
else rm -f $(TARGET_DIR)/etc/init.d/S01logging; fi
fi
endef
ifeq ($(BR2_INIT_BUSYBOX),y)
+3 -2
View File
@@ -1,2 +1,3 @@
# Verified key https://samba.org/ftp/ccache/ccache-3.3.3.tar.xz.asc - sha256 computed locally
sha256 3b02a745da1cfa9eb438af7147e0fd3545e2f6163de9e5b07da86f58859f04ec ccache-3.3.3.tar.xz
# Verified key https://samba.org/ftp/ccache/ccache-3.3.4.tar.xz.asc - sha256 computed locally
sha256 24f15bf389e38c41548c9c259532187774ec0cb9686c3497bbb75504c8dc404f ccache-3.3.4.tar.xz
sha256 190576a6e938760ec8113523e6fd380141117303e90766cc4802e770422b30c6 ccache-3.3.5.tar.xz
+2 -2
View File
@@ -4,8 +4,8 @@
#
################################################################################
CCACHE_VERSION = 3.3.3
CCACHE_SITE = https://samba.org/ftp/ccache
CCACHE_VERSION = 3.3.5
CCACHE_SITE = https://www.samba.org/ftp/ccache
CCACHE_SOURCE = ccache-$(CCACHE_VERSION).tar.xz
CCACHE_LICENSE = GPLv3+, others
CCACHE_LICENSE_FILES = LICENSE.txt GPL-3.0.txt
+1
View File
@@ -1,6 +1,7 @@
config BR2_PACKAGE_CLAMAV
bool "clamav"
select BR2_PACKAGE_GETTEXT if BR2_NEEDS_GETTEXT_IF_LOCALE
select BR2_PACKAGE_LIBTOOL
select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_ZLIB
depends on BR2_TOOLCHAIN_HAS_THREADS
+13 -1
View File
@@ -1,2 +1,14 @@
# Locally calculated
sha256 167bd6a13e05ece326b968fdb539b05c2ffcfef6018a274a10aeda85c2c0027a clamav-0.99.2.tar.gz
sha256 00fa5292a6e00a3a4035b826267748965d5d2c4943d8ff417d740238263e8e84 clamav-0.99.3.tar.gz
sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584 COPYING
sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed COPYING.bzip2
sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6 COPYING.file
sha256 6dce638b76399e7521ad8e182d3e33e4496c85b3b69b6ff434b53017101e82ad COPYING.getopt
sha256 a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861 COPYING.LGPL
sha256 e3a9b913515a42f8ff3ef1551c3a2cdba383c39ed959729e0e2911219496ad74 COPYING.llvm
sha256 d96d71b66aa32c4a2d1619b9ca3347dafa9460bcf0fb5ac2408916067ad31dfc COPYING.lzma
sha256 accdcf2455c07b99abea59016b3663eaef926a92092d103bfaa25fed27cf6b24 COPYING.pcre
sha256 e2c1395a3d9fea6d5d25847c9d783db6e2cc8b085b4025861f459139c5dfd90b COPYING.regex
sha256 1faccc6b5c7b958fb807a3f573d5be9bf7889fe898f7e0617c544b05a81bfd00 COPYING.unrar
sha256 a20d6317c5384e8d4c05f9c31097878675d9429ec46090656166039cc10bc957 COPYING.YARA
sha256 c2f77553f8d870c5635b0dace0519253233f172b33ce1fdf6578610706294eee COPYING.zlib
+11 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
CLAMAV_VERSION = 0.99.2
CLAMAV_VERSION = 0.99.3
CLAMAV_SITE = https://www.clamav.net/downloads/production
CLAMAV_LICENSE = GPLv2
CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
@@ -12,6 +12,7 @@ CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
COPYING.unrar COPYING.zlib
CLAMAV_DEPENDENCIES = \
host-pkgconf \
libtool \
openssl \
zlib \
$(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext)
@@ -24,6 +25,8 @@ CLAMAV_CONF_ENV = \
# UCLIBC_HAS_FTS is disabled, therefore disable fanotify (missing fts.h)
CLAMAV_CONF_OPTS = \
--with-dbdir=/var/lib/clamav \
--with-ltdl-include=$(STAGING_DIR)/usr/include \
--with-ltdl-lib=$(STAGING_DIR)/usr/lib \
--with-openssl=$(STAGING_DIR)/usr \
--with-zlib=$(STAGING_DIR)/usr \
--disable-zlib-vcheck \
@@ -45,6 +48,13 @@ else
CLAMAV_CONF_OPTS += --disable-bzip2
endif
ifeq ($(BR2_PACKAGE_JSON_C),y)
CLAMAV_CONF_OPTS += --with-libjson=$(STAGING_DIR)/usr
CLAMAV_DEPENDENCIES += json-c
else
CLAMAV_CONF_OPTS += --without-libjson
endif
ifeq ($(BR2_PACKAGE_LIBXML2),y)
CLAMAV_CONF_OPTS += --with-xml=$(STAGING_DIR)/usr
CLAMAV_DEPENDENCIES += libxml2
+2 -2
View File
@@ -56,8 +56,8 @@ COREUTILS_CONF_ENV = ac_cv_c_restrict=no \
INSTALL_PROGRAM=$(INSTALL)
COREUTILS_BIN_PROGS = cat chgrp chmod chown cp date dd df dir echo false \
ln ls mkdir mknod mv pwd rm rmdir vdir sleep stty sync touch true \
uname join
kill link ln ls mkdir mknod mktemp mv nice printenv pwd rm rmdir \
vdir sleep stty sync touch true uname join
# If both coreutils and busybox are selected, make certain coreutils
# wins the fight over who gets to have their utils actually installed.
@@ -0,0 +1,32 @@
From 902917880ca29f1007750a70cf46e7246b2d0a2a Mon Sep 17 00:00:00 2001
From: Josef 'Jeff' Sipek <jeff.sipek@dovecot.fi>
Date: Tue, 14 Nov 2017 06:01:21 +0100
Subject: [PATCH] byteorder.h: fix uclibc build
Patch suggested on upstream mailinglist:
https://www.dovecot.org/pipermail/dovecot/2017-November/110019.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
src/lib/byteorder.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/lib/byteorder.h b/src/lib/byteorder.h
index 2f5dc7c17..4ffe8da21 100644
--- a/src/lib/byteorder.h
+++ b/src/lib/byteorder.h
@@ -23,6 +23,11 @@
#ifndef BYTEORDER_H
#define BYTEORDER_H
+#undef bswap_8
+#undef bswap_16
+#undef bswap_32
+#undef bswap_64
+
/*
* These prototypes exist to catch bugs in the code generating macros below.
*/
--
2.11.0
@@ -0,0 +1,33 @@
From 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Mon, 18 Dec 2017 16:50:51 +0200
Subject: [PATCH] lib-auth: Fix memory leak in auth_client_request_abort()
This caused memory leaks when authentication was aborted. For example
with IMAP:
a AUTHENTICATE PLAIN
*
Broken by 9137c55411aa39d41c1e705ddc34d5bd26c65021
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/lib-auth/auth-client-request.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
index 480fb42b3..046f7c307 100644
--- a/src/lib-auth/auth-client-request.c
+++ b/src/lib-auth/auth-client-request.c
@@ -186,6 +186,7 @@ void auth_client_request_abort(struct auth_client_request **_request)
auth_client_send_cancel(request->conn->client, request->id);
call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
+ pool_unref(&request->pool);
}
unsigned int auth_client_request_get_id(struct auth_client_request *request)
--
2.11.0
+4 -1
View File
@@ -1,2 +1,5 @@
# Locally computed after checking signature
sha256 ccfa9ffb7eb91e9e87c21c108324b911250c9ffa838bffb64b1caafadcb0f388 dovecot-2.2.29.1.tar.gz
sha256 fe1e3b78609a56ee22fc209077e4b75348fa1bbd54c46f52bde2472a4c4cee84 dovecot-2.2.33.2.tar.gz
sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
DOVECOT_VERSION_MAJOR = 2.2
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).29.1
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).33.2
DOVECOT_SITE = http://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
DOVECOT_INSTALL_STAGING = YES
DOVECOT_LICENSE = LGPLv2.1
+1 -1
View File
@@ -3,4 +3,4 @@ config BR2_PACKAGE_EEPROG
help
Simple tool to read/write i2c eeprom chips.
http://codesink.org/eeprog.html
http://www.codesink.org/eeprog.html
+2 -2
View File
@@ -27,9 +27,9 @@ test -r $UDEV_CONFIG || exit 6
case "$1" in
start)
printf "Populating ${udev_root:-/dev} using udev: "
printf "Populating %s using udev: " "${udev_root:-/dev}"
printf '\000\000\000\000' > /proc/sys/kernel/hotplug
$UDEV_BIN -d || (echo "FAIL" && exit 1)
$UDEV_BIN -d || { echo "FAIL"; exit 1; }
udevadm trigger --type=subsystems --action=add
udevadm trigger --type=devices --action=add
udevadm settle --timeout=30 || echo "udevadm settle failed"
+1 -1
View File
@@ -12,7 +12,7 @@ FIS_LICENSE_FILES = fis.c
define FIS_BUILD_CMDS
$(TARGET_CC) $(TARGET_CFLAGS) -std=c99 -o $(@D)/fis \
$(@D)/fis.c $(@D)/crc.c $(TARGE_LDFLAGS)
$(@D)/fis.c $(@D)/crc.c $(TARGET_LDFLAGS)
endef
define FIS_INSTALL_TARGET_CMDS
+2 -1
View File
@@ -1,2 +1,3 @@
# Locally computed
sha256 096e39489eef67666be652e81fa372a06b74f39ea3d565dc0287242c668717e7 microcode-20151106.tgz
sha256 063f1aa3a546cb49323a5e0b516894e4b040007107b8c8ff017aca8a86204130 microcode-20180108.tgz
sha256 6d4deb65ca688d930e188bf93f78430f134097b161e6df4a2ef00728e14965e3 license.txt
+2 -2
View File
@@ -4,9 +4,9 @@
#
################################################################################
INTEL_MICROCODE_VERSION = 20151106
INTEL_MICROCODE_VERSION = 20180108
INTEL_MICROCODE_SOURCE = microcode-$(INTEL_MICROCODE_VERSION).tgz
INTEL_MICROCODE_SITE = http://downloadmirror.intel.com/25512/eng
INTEL_MICROCODE_SITE = http://downloadmirror.intel.com/27431/eng
INTEL_MICROCODE_STRIP_COMPONENTS = 0
INTEL_MICROCODE_LICENSE = PROPRIETARY
INTEL_MICROCODE_LICENSE_FILES = license.txt
+5
View File
@@ -76,4 +76,9 @@ define IPUTILS_INSTALL_TARGET_CMDS
$(INSTALL) -D -m 755 $(@D)/traceroute6 $(TARGET_DIR)/bin/traceroute6
endef
define IPUTILS_PERMISSIONS
/bin/ping f 4755 0 0 - - - - -
/bin/traceroute6 f 4755 0 0 - - - - -
endef
$(eval $(generic-package))
+1 -1
View File
@@ -1,4 +1,4 @@
# Locally calculated after checking pgp signature
sha256 c2556427e12eb06cabfed40839ac6f57eb8b1aa6365fab6dfcd331b7a04bb914 irssi-1.0.5.tar.xz
sha256 029e884f3ebf337f7266d8ed4e1a035ca56d9f85015d74c868b488f279de8585 irssi-1.0.6.tar.xz
# Locally calculated
sha256 a1a27cb2ecee8d5378fbb3562f577104a445d6d66fee89286e16758305e63e2b COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
IRSSI_VERSION = 1.0.5
IRSSI_VERSION = 1.0.6
IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
# Do not use the github helper here. The generated tarball is *NOT* the
# same as the one uploaded by upstream for the release.
+4 -1
View File
@@ -44,12 +44,15 @@ define KMSXX_INSTALL_TARGET_CMDS
$(KMSXX_INSTALL_TARGET_TESTS)
endef
# kmsxx only builds shared or static libraries, so when
# BR2_SHARED_STATIC_LIBS=y, we don't have any static library to
# install
define KMSXX_INSTALL_STAGING_CMDS
$(foreach l,$(KMSXX_LIBS),\
$(if $(BR2_SHARED_LIBS)$(BR2_SHARED_STATIC_LIBS),
$(INSTALL) -D -m 0755 $(@D)/lib/lib$(l).so \
$(STAGING_DIR)/usr/lib/lib$(l).so)
$(if $(BR2_STATIC_LIBS)$(BR2_SHARED_STATIC_LIBS),
$(if $(BR2_STATIC_LIBS),
$(INSTALL) -D -m 0755 $(@D)/lib/lib$(l).a \
$(STAGING_DIR)/usr/lib/lib$(l).a)
mkdir -p $(STAGING_DIR)/usr/include/$(l)
+3 -3
View File
@@ -1,4 +1,4 @@
# Locally calculated after checking pgp signature
# https://curl.haxx.se/download/curl-7.57.0.tar.xz.asc
sha256 f5f6fd3c72b7b8389969f4fb671ed8532fa9b5bb7a5cae7ca89bc1cea45c7878 curl-7.57.0.tar.xz
sha256 cbcf511f5702f7baf5424193a792bc9c18fab22bcbec2e6a587598389dc632c2 COPYING
# https://curl.haxx.se/download/curl-7.58.0.tar.xz.asc
sha256 6a813875243609eb75f37fa72044e4ad618b55ec15a4eafdac2df6a7e800e3e3 curl-7.58.0.tar.xz
sha256 5f3849ec38ddb927e79f514bf948890c41b8d1407286a49609b8fb1585931095 COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBCURL_VERSION = 7.57.0
LIBCURL_VERSION = 7.58.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
LIBERATION_VERSION = 2.00.1
LIBERATION_SITE = http://www.fedorahosted.org/releases/l/i/liberation-fonts
LIBERATION_SITE = https://releases.pagure.org/liberation-fonts
LIBERATION_SOURCE = liberation-fonts-ttf-$(LIBERATION_VERSION).tar.gz
LIBERATION_TARGET_DIR = $(TARGET_DIR)/usr/share/fonts/liberation
LIBERATION_LICENSE = OFLv1.1
+2 -2
View File
@@ -54,8 +54,8 @@ else
LIBIIO_CONF_OPTS += -DWITH_IIOD_USBD=OFF
endif
# Avahi support in libiio requires avahi-client, which needs avahi-daemon
ifeq ($(BR2_PACKAGE_AVAHI)$(BR2_PACKAGE_AVAHI_DAEMON),yy)
# Avahi support in libiio requires avahi-client, which needs avahi-daemon and dbus
ifeq ($(BR2_PACKAGE_AVAHI_DAEMON)$(BR2_PACKAGE_DBUS),yy)
LIBIIO_DEPENDENCIES += avahi
endif
+4 -4
View File
@@ -214,15 +214,15 @@ endchoice
config BR2_DEFAULT_KERNEL_HEADERS
string
default "3.2.96" if BR2_KERNEL_HEADERS_3_2
default "3.2.98" if BR2_KERNEL_HEADERS_3_2
default "3.4.113" if BR2_KERNEL_HEADERS_3_4
default "3.10.108" if BR2_KERNEL_HEADERS_3_10
default "3.12.74" if BR2_KERNEL_HEADERS_3_12
default "3.18.72" if BR2_KERNEL_HEADERS_3_18
default "3.19.8" if BR2_KERNEL_HEADERS_3_19
default "4.0.9" if BR2_KERNEL_HEADERS_4_0
default "4.1.48" if BR2_KERNEL_HEADERS_4_1
default "4.4.108" if BR2_KERNEL_HEADERS_4_4
default "4.1.49" if BR2_KERNEL_HEADERS_4_1
default "4.4.114" if BR2_KERNEL_HEADERS_4_4
default "4.8.17" if BR2_KERNEL_HEADERS_4_8
default "4.9.73" if BR2_KERNEL_HEADERS_4_9
default "4.9.79" if BR2_KERNEL_HEADERS_4_9
default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
+6 -6
View File
@@ -18,26 +18,26 @@ LZ4_POST_PATCH_HOOKS += LZ4_DISABLE_SHARED
endif
define HOST_LZ4_BUILD_CMDS
$(HOST_MAKE_ENV) $(MAKE) $(HOST_CONFIGURE_OPTS) -C $(@D)
$(HOST_MAKE_ENV) $(HOST_CONFIGURE_OPTS) $(MAKE) -C $(@D) all
endef
define HOST_LZ4_INSTALL_CMDS
$(HOST_MAKE_ENV) $(MAKE) $(HOST_CONFIGURE_OPTS) PREFIX=$(HOST_DIR)/usr \
$(HOST_MAKE_ENV) $(HOST_CONFIGURE_OPTS) $(MAKE) PREFIX=$(HOST_DIR)/usr \
install -C $(@D)
endef
define LZ4_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D)/lib
$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) all
endef
define LZ4_INSTALL_STAGING_CMDS
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) DESTDIR=$(STAGING_DIR) \
$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) DESTDIR=$(STAGING_DIR) \
PREFIX=/usr install -C $(@D)
endef
define LZ4_INSTALL_TARGET_CMDS
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) DESTDIR=$(TARGET_DIR) \
PREFIX=/usr install -C $(@D)/lib
$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) DESTDIR=$(TARGET_DIR) \
PREFIX=/usr install -C $(@D)
endef
$(eval $(generic-package))
+2 -2
View File
@@ -1,5 +1,5 @@
# From https://downloads.mariadb.org/mariadb/10.1.29/
sha256 73bbd5602f52ab5aa4d83f465134871b6c87bda25371d098f6da5a3d98517ed4 mariadb-10.1.29.tar.gz
# From https://downloads.mariadb.org/mariadb/10.1.30/
sha256 173a5e5a24819e0a469c3bd09b5c98491676c37c6095882a2ea34c5af0996c88 mariadb-10.1.30.tar.gz
# Hash for license files
sha256 69ce89a0cadbe35a858398c258be93c388715e84fc0ca04e5a1fd1aa9770dd3a README
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
MARIADB_VERSION = 10.1.29
MARIADB_VERSION = 10.1.30
MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
MARIADB_LICENSE = GPLv2 (server), GPLv2 with FLOSS exception (GPL client library), LGPLv2 (LGPL client library)
# Tarball no longer contains LGPL license text
+2 -2
View File
@@ -14,8 +14,8 @@ MATCHBOX_FAKEKEY_DEPENDENCIES = matchbox-lib xlib_libXtst
MATCHBOX_FAKEKEY_CONF_OPTS = --enable-expat
define MATCHBOX_FAKEKEY_POST_CONFIGURE_FIXES
$(SED) 's:-I[^$$].*/usr/include/freetype2:-I/usr/include/freetype2:' $(STAGING_DIR)/usr/lib/pkgconfig/libmb.pc
$(SED) 's:^SUBDIRS = fakekey src tests.*:SUBDIRS = fakekey src:g' $(MATCHBOX_FAKEKEY_DIR)/Makefile
$(SED) 's:^SUBDIRS = fakekey src tests.*:SUBDIRS = fakekey src:g' \
$(@D)/Makefile
endef
MATCHBOX_FAKEKEY_POST_CONFIGURE_HOOKS += MATCHBOX_FAKEKEY_POST_CONFIGURE_FIXES
+1
View File
@@ -1,4 +1,5 @@
config BR2_PACKAGE_MATCHBOX_LIB
bool "matchbox-lib"
select BR2_PACKAGE_XLIB_LIBXEXT
help
Matchbox common functionality library.
+4 -3
View File
@@ -10,12 +10,13 @@ MATCHBOX_LIB_SITE = http://downloads.yoctoproject.org/releases/matchbox/libmatch
MATCHBOX_LIB_LICENSE = LGPLv2.1+
MATCHBOX_LIB_LICENSE_FILES = COPYING
MATCHBOX_LIB_INSTALL_STAGING = YES
MATCHBOX_LIB_DEPENDENCIES = host-pkgconf expat xlib_libXext
MATCHBOX_LIB_CONF_OPTS = --enable-expat --disable-doxygen-docs
MATCHBOX_LIB_DEPENDENCIES = host-pkgconf xlib_libXext
MATCHBOX_LIB_CONF_OPTS = --disable-doxygen-docs
MATCHBOX_LIB_CONF_ENV = LIBS="-lX11"
define MATCHBOX_LIB_POST_INSTALL_FIXES
$(SED) 's:-I[^$$].*/usr/include/freetype2:-I/usr/include/freetype2:' \
$(SED) 's:-I$(STAGING_DIR)/:-I/:g' \
-e 's:-I/usr/include\( \|$$\)::g' \
$(STAGING_DIR)/usr/lib/pkgconfig/libmb.pc
endef
@@ -0,0 +1,50 @@
From 3a223ca3ebc7ac24d7726a0cd58e5695bc813657 Mon Sep 17 00:00:00 2001
From: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Date: Sat, 13 Jan 2018 21:00:47 +0100
Subject: [PATCH] CVE-2018-5704: Prevent some forms of Cross Protocol Scripting
attacks
OpenOCD can be targeted by a Cross Protocol Scripting attack from
a web browser running malicious code, such as the following PoC:
var x = new XMLHttpRequest();
x.open("POST", "http://127.0.0.1:4444", true);
x.send("exec xcalc\r\n");
This mitigation should provide some protection from browser-based
attacks and is based on the corresponding fix in Redis:
https://github.com/antirez/redis/blob/8075572207b5aebb1385c4f233f5302544439325/src/networking.c#L1758
Upstream-status: Under review: http://openocd.zylin.com/#/c/4335/
Change-Id: Ia96ebe19b74b5805dc228bf7364c7971a90a4581
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reported-by: Josef Gajdusek <atx@atx.name>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/server/startup.tcl | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/server/startup.tcl b/src/server/startup.tcl
index 64ace407..dd1b31e4 100644
--- a/src/server/startup.tcl
+++ b/src/server/startup.tcl
@@ -8,3 +8,14 @@ proc ocd_gdb_restart {target_id} {
# one target
reset halt
}
+
+proc prevent_cps {} {
+ echo "Possible SECURITY ATTACK detected."
+ echo "It looks like somebody is sending POST or Host: commands to OpenOCD."
+ echo "This is likely due to an attacker attempting to use Cross Protocol Scripting"
+ echo "to compromise your OpenOCD instance. Connection aborted."
+ exit
+}
+
+proc POST {args} { prevent_cps }
+proc Host: {args} { prevent_cps }
--
2.11.0
@@ -1,28 +0,0 @@
From 1622f24fde4220967bd907bf8f0325d444bf9339 Mon Sep 17 00:00:00 2001
From: Andy Postnikov <apostnikov@gmail.com>
Date: Sat, 10 Dec 2016 23:51:17 +0300
Subject: [PATCH] Fix bug #70015 - Compilation failure on aarch64
Fixes build at -O0.
[From pull request https://github.com/php/php-src/pull/2236.]
Signed-off-by: Tatsuyuki Ishi <ishitatsuyuki@gmail.com>
---
Zend/zend_multiply.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Zend/zend_multiply.h b/Zend/zend_multiply.h
index 75769db..fbd69ab 100644
--- a/Zend/zend_multiply.h
+++ b/Zend/zend_multiply.h
@@ -75,8 +75,8 @@
__asm__("mul %0, %2, %3\n" \
"smulh %1, %2, %3\n" \
"sub %1, %1, %0, asr #63\n" \
- : "=X"(__tmpvar), "=X"(usedval) \
- : "X"(a), "X"(b)); \
+ : "=&r"(__tmpvar), "=&r"(usedval) \
+ : "r"(a), "r"(b)); \
if (usedval) (dval) = (double) (a) * (double) (b); \
else (lval) = __tmpvar; \
} while (0)
+1 -1
View File
@@ -1,5 +1,5 @@
# From http://php.net/downloads.php
sha256 0d42089729be7b2bb0308cbe189c2782f9cb4b07078c8a235495be5874fff729 php-7.1.7.tar.xz
sha256 1a0b3f2fb61959b57a3ee01793a77ed3f19bde5aa90c43dcacc85ea32f64fc10 php-7.1.13.tar.xz
# License file
sha256 a44951f93b10c87c3f7cd9f311d95999c57c95ed950eec32b14c1c7ea6baf25e LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
PHP_VERSION = 7.1.7
PHP_VERSION = 7.1.13
PHP_SITE = http://www.php.net/distributions
PHP_SOURCE = php-$(PHP_VERSION).tar.xz
PHP_INSTALL_STAGING = YES
+127
View File
@@ -0,0 +1,127 @@
From eb471de8f26e0367dd08d299d2252fa8b2b958a9 Mon Sep 17 00:00:00 2001
From: Emilio <emilio.campos@zevenet.com>
Date: Mon, 17 Jul 2017 09:41:32 +0200
Subject: [PATCH] [Improvement] Added support to compile pound with openssl
1.0.2
Signed-off-by: Emilio <emilio.campos@zevenet.com>
new file: dh2048.h
modified: svc.c
Patch was downloaded from 3rd-party repo:
https://github.com/zevenet/pound/commit/eb471de8f26e0367dd08d299d2252fa8b2b958a9
This repo was announced on upstream mailinglist:
http://www.apsis.ch/pound/pound_list/archive/2017/2017-07/1500287626000#1500287626000
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
dh2048.h | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
svc.c | 33 +++++++++++++++++++++++++++++++++
2 files changed, 86 insertions(+)
create mode 100644 dh2048.h
diff --git a/dh2048.h b/dh2048.h
new file mode 100644
index 0000000..79c693c
--- /dev/null
+++ b/dh2048.h
@@ -0,0 +1,53 @@
+#ifndef HEADER_DH_H
+# include <openssl/dh.h>
+#endif
+
+DH *get_dh2048()
+{
+ static unsigned char dhp_2048[] = {
+ 0xBF, 0x6C, 0xC6, 0xBD, 0xEA, 0x10, 0x84, 0x59, 0x40, 0xC2,
+ 0xC6, 0xA2, 0x9B, 0x19, 0xD3, 0x2E, 0x2F, 0xAB, 0xE6, 0xE4,
+ 0x1E, 0x91, 0x0D, 0x59, 0xDC, 0x96, 0x3F, 0x6E, 0x65, 0x38,
+ 0xB9, 0xBE, 0xBB, 0x8F, 0xDF, 0x73, 0xAC, 0xAC, 0xB3, 0x2F,
+ 0xA7, 0x02, 0x0B, 0x87, 0xB7, 0x3F, 0x3A, 0x42, 0x8A, 0x94,
+ 0xDD, 0xEC, 0x33, 0xA4, 0x25, 0xB1, 0xBF, 0x84, 0x91, 0x87,
+ 0xD8, 0x1C, 0x42, 0xB9, 0x8E, 0x00, 0x1F, 0x49, 0xED, 0x57,
+ 0xA4, 0x48, 0xB0, 0xCC, 0xD8, 0xB8, 0x83, 0xCA, 0x3E, 0xDF,
+ 0xA2, 0xF2, 0x07, 0x71, 0x71, 0x18, 0x1F, 0x50, 0x45, 0x3A,
+ 0x66, 0x04, 0x7F, 0x15, 0xB2, 0xA8, 0x02, 0x77, 0xCE, 0xC6,
+ 0xF9, 0x7C, 0x63, 0xE4, 0x52, 0x41, 0xFA, 0x62, 0xB9, 0x0D,
+ 0xDC, 0x08, 0x62, 0xEC, 0x00, 0xAB, 0xB0, 0xF7, 0x79, 0x48,
+ 0x75, 0x22, 0x85, 0xCC, 0x67, 0x3C, 0xEA, 0x09, 0x32, 0xAC,
+ 0x30, 0xED, 0x1E, 0x67, 0xDC, 0x74, 0xF8, 0xD9, 0xC3, 0xD0,
+ 0xA0, 0x60, 0x4D, 0xCE, 0x52, 0xBC, 0xA3, 0xE5, 0x18, 0x7B,
+ 0x0B, 0xC8, 0xCE, 0x70, 0xA2, 0xC8, 0x21, 0xCA, 0xCE, 0xA5,
+ 0xD4, 0xCB, 0x85, 0xFC, 0xC7, 0x07, 0x5C, 0x05, 0x87, 0xFC,
+ 0x2F, 0x67, 0x4D, 0x2D, 0x4F, 0xA4, 0xEE, 0x63, 0x98, 0x49,
+ 0xE4, 0x2E, 0xD7, 0x3F, 0x7D, 0x69, 0x68, 0x0A, 0xA2, 0x3E,
+ 0x5A, 0x04, 0xD4, 0xDD, 0xBB, 0xC7, 0xB4, 0x34, 0xB7, 0x21,
+ 0xD3, 0xAC, 0x99, 0xD7, 0x87, 0x45, 0x5E, 0x18, 0x68, 0x16,
+ 0x3A, 0xAF, 0xE2, 0x04, 0x57, 0xB8, 0x6A, 0xB8, 0x2F, 0x75,
+ 0xD5, 0x79, 0x96, 0x60, 0x8D, 0xD1, 0xCC, 0xD1, 0x33, 0x85,
+ 0x53, 0x88, 0x87, 0x34, 0xA6, 0x4B, 0x49, 0x24, 0x53, 0xD6,
+ 0xF1, 0x1E, 0x4E, 0x98, 0x4D, 0x6B, 0x44, 0x31, 0x94, 0xFF,
+ 0x46, 0xC2, 0x38, 0x2E, 0xEA, 0xBB
+ };
+ static unsigned char dhg_2048[] = {
+ 0x05
+ };
+ DH *dh = DH_new();
+ BIGNUM *dhp_bn, *dhg_bn;
+
+ if (dh == NULL)
+ return NULL;
+ dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
+ dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
+ if (dhp_bn == NULL || dhg_bn == NULL
+ || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+ DH_free(dh);
+ BN_free(dhp_bn);
+ BN_free(dhg_bn);
+ return NULL;
+ }
+ return dh;
+}
diff --git a/svc.c b/svc.c
index 1341397..758dfbd 100644
--- a/svc.c
+++ b/svc.c
@@ -1512,6 +1512,39 @@ do_RSAgen(void)
return;
}
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+ /* If the fields p and g in d are NULL, the corresponding input
+ * parameters MUST be non-NULL. q may remain NULL.
+ */
+ if ((dh->p == NULL && p == NULL)
+ || (dh->g == NULL && g == NULL))
+ return 0;
+
+ if (p != NULL) {
+ BN_free(dh->p);
+ dh->p = p;
+ }
+ if (q != NULL) {
+ BN_free(dh->q);
+ dh->q = q;
+ }
+ if (g != NULL) {
+ BN_free(dh->g);
+ dh->g = g;
+ }
+
+ if (q != NULL) {
+ dh->length = BN_num_bits(q);
+ }
+
+ return 1;
+}
+#endif
+
+
#include "dh512.h"
#if DH_LEN == 1024
@@ -0,0 +1,98 @@
From 4e201b75928ff7d4894cd30ab0f5f67b9cd95f5c Mon Sep 17 00:00:00 2001
From: Steve Dickson <steved@redhat.com>
Date: Thu, 18 Jan 2018 17:33:56 +0000
Subject: [PATCH] rpcbproc_callit_com: Stop freeing a static pointer
commit 7ea36ee introduced a svc_freeargs() call
that ended up freeing static pointer.
It turns out the allocations for the rmt_args
is not necessary . The xdr routines (xdr_bytes) will
handle the memory management and the largest
possible message size is UDPMSGSIZE (due to UDP only)
which is smaller than RPC_BUF_MAX
Signed-off-by: Steve Dickson <steved@redhat.com>
(cherry picked from commit 7c7590ad536c0e24bef790cb1e65702fc54db566)
Signed-off-by: Ed Blake <ed.blake@sondrel.com>
---
src/rpcb_svc_com.c | 39 ++++++---------------------------------
1 file changed, 6 insertions(+), 33 deletions(-)
diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
index 0432b6f..64f1104 100644
--- a/src/rpcb_svc_com.c
+++ b/src/rpcb_svc_com.c
@@ -616,9 +616,9 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
struct netconfig *nconf;
struct netbuf *caller;
struct r_rmtcall_args a;
- char *buf_alloc = NULL, *outbufp;
+ char *outbufp;
char *outbuf_alloc = NULL;
- char buf[RPC_BUF_MAX], outbuf[RPC_BUF_MAX];
+ char outbuf[RPC_BUF_MAX];
struct netbuf *na = (struct netbuf *) NULL;
struct rpc_msg call_msg;
int outlen;
@@ -639,36 +639,10 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
}
if (si.si_socktype != SOCK_DGRAM)
return; /* Only datagram type accepted */
- sendsz = __rpc_get_t_size(si.si_af, si.si_proto, UDPMSGSIZE);
- if (sendsz == 0) { /* data transfer not supported */
- if (reply_type == RPCBPROC_INDIRECT)
- svcerr_systemerr(transp);
- return;
- }
- /*
- * Should be multiple of 4 for XDR.
- */
- sendsz = ((sendsz + 3) / 4) * 4;
- if (sendsz > RPC_BUF_MAX) {
-#ifdef notyet
- buf_alloc = alloca(sendsz); /* not in IDR2? */
-#else
- buf_alloc = malloc(sendsz);
-#endif /* notyet */
- if (buf_alloc == NULL) {
- if (debugging)
- xlog(LOG_DEBUG,
- "rpcbproc_callit_com: No Memory!\n");
- if (reply_type == RPCBPROC_INDIRECT)
- svcerr_systemerr(transp);
- return;
- }
- a.rmt_args.args = buf_alloc;
- } else {
- a.rmt_args.args = buf;
- }
+ sendsz = UDPMSGSIZE;
call_msg.rm_xid = 0; /* For error checking purposes */
+ memset(&a, 0, sizeof(a)); /* Zero out the input buffer */
if (!svc_getargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) {
if (reply_type == RPCBPROC_INDIRECT)
svcerr_decode(transp);
@@ -708,7 +682,8 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
if (rbl == (rpcblist_ptr)NULL) {
#ifdef RPCBIND_DEBUG
if (debugging)
- xlog(LOG_DEBUG, "not found\n");
+ xlog(LOG_DEBUG, "prog %lu vers %lu: not found\n",
+ a.rmt_prog, a.rmt_vers);
#endif
if (reply_type == RPCBPROC_INDIRECT)
svcerr_noprog(transp);
@@ -941,8 +916,6 @@ out:
}
if (local_uaddr)
free(local_uaddr);
- if (buf_alloc)
- free(buf_alloc);
if (outbuf_alloc)
free(outbuf_alloc);
if (na) {
--
2.11.0
@@ -0,0 +1,31 @@
From d3f1f55e50e3c436a2ea91d60da84c3a94e6c53f Mon Sep 17 00:00:00 2001
From: Steve Dickson <steved@redhat.com>
Date: Thu, 18 Jan 2018 17:41:49 +0000
Subject: [PATCH] pmapproc_dump: Fixed typo in memory leak patch
commit 7ea36eee introduce a typo that caused
NIS (aka ypbind) to fail.
Signed-off-by: Steve Dickson <steved@redhat.com>
(cherry picked from commit c49a7ea639eb700823e174fd605bbbe183e229aa)
Signed-off-by: Ed Blake <ed.blake@sondrel.com>
---
src/pmap_svc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pmap_svc.c b/src/pmap_svc.c
index bb57b05..ffca7df 100644
--- a/src/pmap_svc.c
+++ b/src/pmap_svc.c
@@ -384,7 +384,7 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
}
done:
- if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)NULL)) {
+ if (!svc_freeargs(xprt, (xdrproc_t) xdr_void, (char *)NULL)) {
if (debugging) {
(void) xlog(LOG_DEBUG, "unable to free arguments\n");
if (doabort) {
--
2.11.0
@@ -0,0 +1,35 @@
From eb2db98a676321b814fc4a51c4fb7928a8bb45d9 Mon Sep 17 00:00:00 2001
From: Amos Jeffries <yadij@users.noreply.github.com>
Date: Fri, 19 Jan 2018 13:54:14 +1300
Subject: [PATCH] ESI: make sure endofName never exceeds tagEnd (#130)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/esi/CustomParser.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/esi/CustomParser.cc b/src/esi/CustomParser.cc
index d86d2d309..db634d921 100644
--- a/src/esi/CustomParser.cc
+++ b/src/esi/CustomParser.cc
@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
char * endofName = strpbrk(const_cast<char *>(tag), w_space);
- if (endofName > tagEnd)
+ if (!endofName || endofName > tagEnd)
endofName = const_cast<char *>(tagEnd);
*endofName = '\0';
@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
char * endofName = strpbrk(const_cast<char *>(tag), w_space);
- if (endofName > tagEnd)
+ if (!endofName || endofName > tagEnd)
endofName = const_cast<char *>(tagEnd);
*endofName = '\0';
--
2.11.0
@@ -0,0 +1,31 @@
From 8232b83d3fa47a1399f155cb829db829369fbae9 Mon Sep 17 00:00:00 2001
From: squidadm <squidadm@users.noreply.github.com>
Date: Sun, 21 Jan 2018 08:07:08 +1300
Subject: [PATCH] Fix indirect IP logging for transactions without a client
connection (#129) (#136)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/client_side_request.cc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/client_side_request.cc b/src/client_side_request.cc
index be124f355..203f89d46 100644
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *data)
* Ensure that the access log shows the indirect client
* instead of the direct client.
*/
- ConnStateData *conn = http->getConn();
- conn->log_addr = request->indirect_client_addr;
- http->al->cache.caddr = conn->log_addr;
+ http->al->cache.caddr = request->indirect_client_addr;
+ if (ConnStateData *conn = http->getConn())
+ conn->log_addr = request->indirect_client_addr;
}
request->x_forwarded_for_iterator.clean();
request->flags.done_follow_x_forwarded_for = true;
--
2.11.0
+5 -3
View File
@@ -1,3 +1,5 @@
# From http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.24.tar.xz.asc
md5 3fae511e16b6379b61c011914673973d squid-3.5.24.tar.xz
sha1 f203637783301a4b86e554b6dd226de721762ae5 squid-3.5.24.tar.xz
# From http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.27.tar.xz.asc
md5 39ef8199675d48a314b540f92c00c545 squid-3.5.27.tar.xz
sha1 1e69c96d13cd49844da3bcf33a0b428fbe7b6f77 squid-3.5.27.tar.xz
# Locally calculated
sha256 58f5d05257af1fb964fde20e134d660fac9afa86b6fd8c70d63ead63068378fa COPYING
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
SQUID_VERSION_MAJOR = 3.5
SQUID_VERSION = $(SQUID_VERSION_MAJOR).24
SQUID_VERSION = $(SQUID_VERSION_MAJOR).27
SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
SQUID_SITE = http://www.squid-cache.org/Versions/v3/$(SQUID_VERSION_MAJOR)
SQUID_LICENSE = GPLv2+
+3
View File
@@ -44,4 +44,7 @@ define HOST_TAR_EXTRACT_CMDS
mv $(@D)/tar-$(TAR_VERSION)/* $(@D)
rmdir $(@D)/tar-$(TAR_VERSION)
endef
HOST_TAR_CONF_OPTS = --without-selinux
$(eval $(host-autotools-package))
+3 -1
View File
@@ -1,2 +1,4 @@
# Locally calculated
sha256 df85cd1ed3aea12d577854ece11bf5f2af6ace8c39959eea4cf2fa5973924e0e ti_cgt_pru_2.1.3_linux_installer_x86.bin
sha256 7dc37fd689d1d506bf410d2a00af658b93a58d4bc10ac32c2210129dab617377 ti_cgt_pru_2.2.1_linux_installer_x86.bin
sha256 eb646f4f8b14351110992b40ba24d12803bcc150a76e7298705f51088b0a09cc PRU_Code_Generation_Tools_2.2.x_manifest.html
sha256 6b98f9262abd1ae9a3731e6feee02a56b6e290542dea119eeeeaf88bf802aabc pru_rts_2_2_0_82167478-F8C9-49b2-82BD-12F8550770F9.spdx
+4 -4
View File
@@ -4,14 +4,14 @@
#
################################################################################
TI_CGT_PRU_VERSION = 2.1.3
TI_CGT_PRU_VERSION = 2.2.1
TI_CGT_PRU_SOURCE = ti_cgt_pru_$(TI_CGT_PRU_VERSION)_linux_installer_x86.bin
TI_CGT_PRU_SITE = http://software-dl.ti.com/codegen/esd/cgt_public_sw/PRU/$(TI_CGT_PRU_VERSION)
TI_CGT_PRU_SITE = http://downloads.ti.com/codegen/esd/cgt_public_sw/PRU/$(TI_CGT_PRU_VERSION)
TI_CGT_PRU_LICENSE = TI Technology and Software Publicly Available License (compiler + PRU library), \
Boost Software License 1.0 (compiler), \
BSD-2c, BSD-3c, MIT, Academic Free License 3.0, Hewlett-Packard (PRU library)
TI_CGT_PRU_LICENSE_FILES = PRU_Code_Generation_Tools_2.1.x_manifest.html \
PRU_CodeGen_Library_2.1_0222433C-30C1-442d-B5C6-2073BD97F80F.spdx.tag
TI_CGT_PRU_LICENSE_FILES = PRU_Code_Generation_Tools_2.2.x_manifest.html \
pru_rts_2_2_0_82167478-F8C9-49b2-82BD-12F8550770F9.spdx
define HOST_TI_CGT_PRU_EXTRACT_CMDS
chmod +x $(DL_DIR)/$(TI_CGT_PRU_SOURCE)
+2 -1
View File
@@ -1,2 +1,3 @@
# Locally calculated
sha256 3a8d045c306ad9acb7bf81126939b9594553a388482efa0ec1bfb67b22acd35f transmission-2.92.tar.xz
sha256 8815920e0a4499bcdadbbe89a4115092dab42ce5199f71ff9a926cfd12b9b90b transmission-2.93.tar.xz
sha256 20801783bf59e27d03ed6aab625b32a34e221ae95bf801db87827c8023398495 COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
TRANSMISSION_VERSION = 2.92
TRANSMISSION_VERSION = 2.93
TRANSMISSION_SITE = https://github.com/transmission/transmission-releases/raw/master
TRANSMISSION_SOURCE = transmission-$(TRANSMISSION_VERSION).tar.xz
TRANSMISSION_DEPENDENCIES = \
+31 -2
View File
@@ -167,8 +167,37 @@ HOST_UTIL_LINUX_CONF_OPTS += \
ifeq ($(BR2_PACKAGE_HOST_UTIL_LINUX),y)
HOST_UTIL_LINUX_CONF_OPTS += --disable-makeinstall-chown
# disable more command because of ncurses dependency
HOST_UTIL_LINUX_CONF_OPTS += --disable-more
# disable commands that have ncurses dependency, as well as
# other ones that are useless on the host
HOST_UTIL_LINUX_CONF_OPTS += \
--disable-agetty \
--disable-chfn-chsh \
--disable-chmem \
--disable-login \
--disable-lslogins \
--disable-mesg \
--disable-more \
--disable-newgrp \
--disable-nologin \
--disable-nsenter \
--disable-pg \
--disable-rfkill \
--disable-schedutils \
--disable-setpriv \
--disable-setterm \
--disable-su \
--disable-sulogin \
--disable-tunelp \
--disable-ul \
--disable-unshare \
--disable-uuidd \
--disable-vipw \
--disable-wall \
--disable-wdctl \
--disable-write \
--disable-zramctl
# Used by cramfs utils
HOST_UTIL_LINUX_DEPENDENCIES += host-zlib
else
HOST_UTIL_LINUX_CONF_OPTS += --disable-all-programs
endif
+1
View File
@@ -34,6 +34,7 @@ config BR2_PACKAGE_WEBKITGTK
select BR2_PACKAGE_LIBGCRYPT
select BR2_PACKAGE_LIBSECRET
select BR2_PACKAGE_LIBSOUP
select BR2_PACKAGE_LIBTASN1
select BR2_PACKAGE_LIBXML2
select BR2_PACKAGE_LIBXSLT
select BR2_PACKAGE_SQLITE
+4 -4
View File
@@ -1,7 +1,7 @@
# From https://webkitgtk.org/releases/webkitgtk-2.18.4.tar.xz.sums
md5 c4686971eac2760bab685e21ac8849be webkitgtk-2.18.4.tar.xz
sha1 709616b445158dc3163a64bb59e95aadbe58949c webkitgtk-2.18.4.tar.xz
sha256 87b6bb9a6065b949ecbe6191313c43e57ad28efdf1f2b5e763405093520632b8 webkitgtk-2.18.4.tar.xz
# From https://webkitgtk.org/releases/webkitgtk-2.18.6.tar.xz.sums
md5 c1a548595135ee75ad3bf2e18ac83112 webkitgtk-2.18.6.tar.xz
sha1 fb0daa85142cfe8822de518dfaa7bd5c3cdd6c23 webkitgtk-2.18.6.tar.xz
sha256 93912cc2f40f12e452be1ca4babdbdaac0ec4f828d441257a6b06c2963bbac3c webkitgtk-2.18.6.tar.xz
# Hashes for license files:
sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
+2 -2
View File
@@ -4,7 +4,7 @@
#
################################################################################
WEBKITGTK_VERSION = 2.18.4
WEBKITGTK_VERSION = 2.18.6
WEBKITGTK_SITE = http://www.webkitgtk.org/releases
WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
WEBKITGTK_INSTALL_STAGING = YES
@@ -14,7 +14,7 @@ WEBKITGTK_LICENSE_FILES = \
Source/WebCore/LICENSE-LGPL-2.1
WEBKITGTK_DEPENDENCIES = host-ruby host-flex host-bison host-gperf \
enchant harfbuzz icu jpeg libgcrypt libgtk3 libsecret libsoup \
libxml2 libxslt sqlite webp
libtasn1 libxml2 libxslt sqlite webp
WEBKITGTK_CONF_OPTS = \
-DENABLE_API_TESTS=OFF \
-DENABLE_GEOLOCATION=OFF \
+4 -2
View File
@@ -1,2 +1,4 @@
# From: https://www.wireshark.org/download/src/all-versions/SIGNATURES-2.2.11.txt
sha256 a9f11621e85d7e1d72259157edd94825e72af3fd72e184b8474459f92ad5fc40 wireshark-2.2.11.tar.bz2
# From: https://www.wireshark.org/download/src/all-versions/SIGNATURES-2.2.12.txt
sha256 3274458d1bb1658a5001465ecb07c7cbfc709571ef36bd062897570d4bab3ebc wireshark-2.2.12.tar.bz2
# Locally calculated
sha256 7cdbed2b697efaa45576a033f1ac0e73cd045644a91c79bbf41d4a7d81dac7bf COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
WIRESHARK_VERSION = 2.2.11
WIRESHARK_VERSION = 2.2.12
WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.bz2
WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions
WIRESHARK_LICENSE = wireshark license
+1 -1
View File
@@ -204,7 +204,7 @@ void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
MD5Transform(ctx->buf, (uint32 *) ctx->in);
byteReverse((unsigned char *) ctx->buf, 4);
memcpy(digest, ctx->buf, 16);
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
}
/* The four core functions - F1 is optimized somewhat */
+1
View File
@@ -54,6 +54,7 @@ XEN_DEPENDENCIES += argp-standalone
endif
XEN_INSTALL_TARGET_OPTS += DESTDIR=$(TARGET_DIR) install-tools
XEN_MAKE_OPTS += dist-tools
XEN_CONF_OPTS += --with-extra-qemuu-configure-args="--disable-sdl"
define XEN_INSTALL_INIT_SYSV
mv $(TARGET_DIR)/etc/init.d/xencommons $(TARGET_DIR)/etc/init.d/S50xencommons
+2 -1
View File
@@ -220,7 +220,8 @@ HOSTCFLAGS_gconf.o = `pkg-config --cflags gtk+-2.0 gmodule-2.0 libglade-2.0` \
HOSTLOADLIBES_mconf = $(shell $(CONFIG_SHELL) $(check-lxdialog) -ldflags $(HOSTCC))
HOSTLOADLIBES_nconf = $(shell \
pkg-config --libs menu panel ncurses 2>/dev/null \
pkg-config --libs menuw panelw ncursesw 2>/dev/null \
|| pkg-config --libs menu panel ncurses 2>/dev/null \
|| echo "-lmenu -lpanel -lncurses" )
$(obj)/qconf.o: $(obj)/.tmp_qtcheck
@@ -0,0 +1,45 @@
From 7285996aa0006d671bb01f0d35991d254b2b2b01 Mon Sep 17 00:00:00 2001
From: Brian Norris <computersforpeace@gmail.com>
Date: Wed, 4 Jun 2014 00:52:31 -0700
Subject: kconfig: nconfig: fix multi-byte UTF handling
Currently, Kconfig descriptions that use multi-byte UTF-8 characters
(such as MTD_NAND_CAFE) will have their menu entries dropped from the
'make nconfig' ncurses menu, and all subsequent entries in the same
window will be omitted. This seems to be due to the ncurses 'menu'
library, which does not traditionally handle UTF-8 >8-bit characters
properly.
The ncursesw library ('w' is for "wide") is written to handle these
UTF-8 characters, and is practically a drop-in replacement at the source
level. Use it by default, if available.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=43067
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Martin Walch <walch.martin@web.de>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
---
scripts/kconfig/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
(limited to 'scripts/kconfig/Makefile')
diff --git a/scripts/kconfig/Makefile b/scripts/kconfig/Makefile
index e7bf38e..c059385 100644
--- a/scripts/kconfig/Makefile
+++ b/scripts/kconfig/Makefile
@@ -191,7 +191,8 @@ HOSTCFLAGS_gconf.o = `pkg-config --cflags gtk+-2.0 gmodule-2.0 libglade-2.0` \
HOSTLOADLIBES_mconf = $(shell $(CONFIG_SHELL) $(check-lxdialog) -ldflags $(HOSTCC))
HOSTLOADLIBES_nconf = $(shell \
- pkg-config --libs menu panel ncurses 2>/dev/null \
+ pkg-config --libs menuw panelw ncursesw 2>/dev/null \
+ || pkg-config --libs menu panel ncurses 2>/dev/null \
|| echo "-lmenu -lpanel -lncurses" )
$(obj)/qconf.o: $(obj)/.tmp_qtcheck
--
cgit v1.1
+1
View File
@@ -7,3 +7,4 @@
15-fix-qconf-moc-rule.patch
16-fix-space-to-de-select-options.patch
17-kconfig-lxdialog-get-ncurses-CFLAGS-with-pkg-config.patch
18-kconfig-nconfig-fix-multi-byte-UTF-handling.patch
+4
View File
@@ -346,12 +346,16 @@ config BR2_TARGET_GENERIC_GETTY_BAUDRATE
config BR2_TARGET_GENERIC_GETTY_TERM
string "TERM environment variable"
default "vt100"
# currently observed only by busybox and sysvinit
depends on BR2_INIT_BUSYBOX || BR2_INIT_SYSV
help
Specify a TERM type.
config BR2_TARGET_GENERIC_GETTY_OPTIONS
string "other options to pass to getty"
default ""
# currently observed only by busybox and sysvinit
depends on BR2_INIT_BUSYBOX || BR2_INIT_SYSV
help
Any other flags you want to pass to getty,
Refer to getty --help for details.