- Nov 27, 2017
-
-
Peter Korsgaard authored
Signed-off-by:Peter Korsgaard <peter@korsgaard.com>
-
Bernd Kuhls authored
Signed-off-by:
Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@free-electrons.com> (cherry picked from commit c8f0a823) Signed-off-by:
-
Yann E. MORIN authored
perl can't find a module that is located in the current directory, so help it locate it. Signed-off-by:
"Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Francois Perrad <francois.perrad@gadz.org> Signed-off-by:
-
Yann E. MORIN authored
This is invisible because the timings make it excessively difficult to hit, but the Makefile is inherently flawed for parallel build, as it contains: $(objects): atsc_psip_section.c atsc_psip_section.h atsc_psip_section.c atsc_psip_section.h: perl section_generate.pl atsc_psip_section.pl and the perl script section_generate.pl will create both the .c and .h files in one go, but given the construct above, there can be two such script that run in parallel, which can clobber the generated .c and/or .h files. So, make dvb-apps a MAKE1 package. Signed-off-by: -
Peter Korsgaard authored
Fixes a number of bugs, including integer/buffer overflows: https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.2.9 Signed-off-by:
-
Gaël PORTAY authored
The Qt community releases are not stored under submodules path component. Signed-off-by:
Gaël PORTAY <gael.portay@savoirfairelinux.com> Signed-off-by:
-
Bernd Kuhls authored
[Peter: drop 4.13.x bump] Signed-off-by:
-
Romain Naour authored
In glibc, since https://sourceware.org/git/?p=glibc.git;h=251287734e89a52da3db682a8241eb6bccc050c9 the 'struct ucontext' tag has been replaced with 'struct ucontext_t'. The tag itself is anyway not POSIX - only the 'ucontext_t' typedef is specified. And that type has existed since at least 1997 in glibc. Therefore, replace references to 'struct ucontext' with 'ucontext_t', which works in all versions of glibc, uClibc and musl. Fixes: [arm] http://autobuild.buildroot.net/results/6380341dbb6c114e4452c5cda37da6b44b80d178 [aarch64] http://autobuild.buildroot.net/results/4ecf770df7c984a62082d59f8fab632d3efbe06b [mipsel] http://autobuild.buildroot.net/results/e1473a12cf38ccf4dd3ed0f26a8ff9e6b57f0810 Signed-off-by:
Romain Naour <romain.naour@gmail.com> [Arnout: improve commit message] Signed-off-by:
Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> (cherry picked from commit ca4009fc) Signed-off-by:
-
Bernd Kuhls authored
[Peter: drop 4.13.x bump] Signed-off-by:
-
Peter Seiderer authored
Add upstream patch 'Don't include <xlocale.h>'. Fixes Bug-10501 ([1]): In file included from ./include/locale.h:1:0, from /usr/include/libintl.h:103, from ./include/libintl.h:2, from glibc/locale/programs/charmap.c:25: glibc/locale/locale.h:146:11: fatal error: xlocale.h: No such file or directory # include <xlocale.h> [1] https://bugs.busybox.net/show_bug.cgi?id=10501 Signed-off-by:Peter Seiderer <ps.report@gmx.net> Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - CVE-2017-14746: All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server. - CVE-2017-15275: All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared. There is no known vulnerability associated with this error, but uncleared heap memory may contain previously used data that may help an attacker compromise the server via other methods. Uncleared heap memory may potentially contain password hashes or other high-value data. For more details, see the release notes: https://www.samba.org/samba/history/samba-4.5.15.html Signed-off-by:
-
Thomas Petazzoni authored
This commit fixes the following build issue of libfastjson with old enough compilers (4.8) and wchar disabled: json_object.c: In function 'fjson_object_object_delete': json_object.c:385:3: error: 'for' loop initial declarations are only allowed in C99 mode for (int i = 0 ; i < FJSON_OBJECT_CHLD_PG_SIZE ; ++i) { ^ The code of libfastjson requires C99. If your compiler is recent enough (gcc 5.x), then no problem, it is C99 by default, no additional flags are needed. If your compiler is older (for example gcc 4.8), then -std=c99 or -std=gnu99 is explicitly needed to tell the compiler to accept C99 constructs. Testing the compiler for the availability of such flags is done by libfastjson configure script. However, the test program used by the configure script uses some wchar_t types, and therefore the test checking for C99 availability fails on toolchains with wchar disabled. From config.log: configure:3928: checking for /home/test/buildroot/output/host/usr/bin/i586-buildroot-linux-uclibc-gcc option to accept ISO C99 [...] configure:4077: /home/test/buildroot/output/host/usr/bin/i586-buildroot-linux-uclibc-gcc -std=gnu99 -c -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5 conftest.c:54:3: error: unknown type name 'wchar_t' const wchar_t *name; ^ So, just like we did in libv4l in commit f01396a1 ("libv4l: fix uclibc-ng configure/compile"), let's hint directly the configure script that it should use -std=gnu99. This fixes the build of libfastjson with old compilers and wchar disabled. Signed-off-by: -
Peter Korsgaard authored
Commit 06a4975d (qt5: bump LTS version to 5.6.3) added an empty hash for the 5.6.3 variant of qt5webkit, causing failures. It also forgot to adjust the download URL as the qt5webkit tarballs are no longer available under official_releases/ like the other submodules, but only under community_releases/. Fix both issues. Signed-off-by:
-
- Nov 26, 2017
-
-
Adam Duskett authored
Currently, ssl support is implicitely disabled in the initial configure options. This overrides the check for openssl below. libpjsip is also currently only compatible with libopenssl. Change the check to LIBOPENSSL instead of openssl, and depend on libopenssl. [Peter: drop libopenssl change] Signed-off-by:
Adam Duskett <aduskett@gmail.com> Signed-off-by:
-
Bernd Kuhls authored
[Peter: drop 4.13.x bump] Signed-off-by:
-
Bernd Kuhls authored
Fixes "mesa3d is in the dependency chain of xapp_xdriinfo that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in." http://autobuild.buildroot.net/results/d8a/d8aeed2f64e21a277eb0bc5dc08d2339a14c682e/ Signed-off-by:
-
Luca Ceresoli authored
Several packages have a similar md5.c file, and each has a function named byteReverse(). This generates link errors when building statically ("multiple definition of `byteReverse'"). Fix by applying a patch from upstream: https://trac.pjsip.org/repos/changeset/5688 Fixes: http://autobuild.buildroot.org/results/5d7/5d72e0f8517a555399978d5a0e9f7efd0a278189/ http://autobuild.buildroot.org/results/c47/c47ccbb9b40011cf0d79c7040bed061ddefd9629/ http://autobuild.buildroot.org/results/419/419ab2c0e034cc68991281c51caa8271b0fadbab/ Signed-off-by:Luca Ceresoli <luca@lucaceresoli.net> Cc: Adam Duskett <aduskett@gmail.com> Signed-off-by:
-
Peter Korsgaard authored
Fixed the following security issues: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode CVE-2017-14064: Heap exposure in generating JSON For more details, see the release notes: https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/ Drop now upstreamed rubygems patches and add hashes for the license files while we're at it. Signed-off-by:
-
Bernd Kuhls authored
Version 7.0.7-3 fixes CVE-2017-15218: Stop potential leaks in the JNG decoder Changelog: https://www.imagemagick.org/script/changelog.php Signed-off-by:
-
Fabrice Fontaine authored
mesa3d does not allow to enable both static and shared libraries so if BR2_SHARED_STATIC_LIBS is set, disable static Fixes https://bugs.busybox.net/show_bug.cgi?id=10326 Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
Alex Suykov authored
The package includes some target-specific code that is irrelevant in a host package but gets built anyway. The target for this code must be one of the supported ChromeOS targets. Supplied Makefile apparently relies on the environment to provide a valid target, with a simple fallback to host arch. This breaks the build if no value is provided and the host arch is not among the supported ones. Should fix http://autobuild.buildroot.net/results/d118a83b6c4f7f910d0d44c279f36251d7ba29e8/ and similar failures. Signed-off-by:
Alex Suykov <alex.suykov@gmail.com> Signed-off-by:
-
Adam Duskett authored
>From the changelong: Set the FD_CLOEXEC flag on sockets, so they are not "leaked" to spawned processes Signed-off-by:
-
Andrey Smirnov authored
Big-endian CPUs store floating point as big endian (at lest majority of them do), so, in order for 'network' plugin to work correctly (and potentially any user of htond() in collectd's codebase), --with-fp-layout=endianflip as opposed to --with-fp-layout=nothing needs to be specified during configuration phase. Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by:
Andrey Smirnov <andrew.smirnov@gmail.com> Reviewed-by:
-
Peter Korsgaard authored
Fixes the following security issues: CVE-2017-12172: Start scripts permit database administrator to modify root-owned files. CVE-2017-15098: Memory disclosure in JSON functions. CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges. See the announcement for more details: https://www.postgresql.org/about/news/1801/ While we're at it, also add a hash for the license file. Signed-off-by:
-
Adrian Perez de Castro authored
This is a maintenance release of the current stable WebKitGTK+ version, which contains a minor rendering fix, another for the WebDriver implementation, and security fixes for CVE-2017-13798, CVE-2017-13788, and CVE-2017-13803. Release notes: https://webkitgtk.org/2017/11/10/webkitgtk2.18.3-released.html Signed-off-by:Adrian Perez de Castro <aperez@igalia.com> Signed-off-by:
-
Adam Duskett authored
Also add hash for license file See release notes for details: https://trac.pjsip.org/repos/milestone/release-2.7.1 Signed-off-by:
Adam Duskett <Adamduskett@outlook.com> Signed-off-by:
-
Adam Duskett authored
Signed-off-by:
-
Fabio Estevam authored
[Peter: drop 4.13.x bump] Signed-off-by:
Fabio Estevam <fabio.estevam@nxp.com> Signed-off-by:
-
André Hentschel authored
Security fixes since 2.2.7: - wnpa-sec-2017-22 Bazaar dissector infinite loop (Bug 13599) CVE-2017-9352 - wnpa-sec-2017-23 DOF dissector read overflow (Bug 13608) CVE-2017-9348 - wnpa-sec-2017-24 DHCP dissector read overflow (Bug 13609, Bug 13628) CVE-2017-9351 - wnpa-sec-2017-25 SoulSeek dissector infinite loop (Bug 13631) CVE-2017-9346 - wnpa-sec-2017-26 DNS dissector infinite loop (Bug 13633) CVE-2017-9345 - wnpa-sec-2017-27 DICOM dissector infinite loop (Bug 13685) CVE-2017-9349 - wnpa-sec-2017-28 openSAFETY dissector memory exhaustion (Bug 13649) CVE-2017-9350 - wnpa-sec-2017-29 BT L2CAP dissector divide by zero (Bug 13701) CVE-2017-9344 - wnpa-sec-2017-30 MSNIP dissector crash (Bug 13725) CVE-2017-9343 - wnpa-sec-2017-31 ROS dissector crash (Bug 13637) CVE-2017-9347 - wnpa-sec-2017-32 RGMP dissector crash (Bug 13646) CVE-2017-9354 - wnpa-sec-2017-33 IPv6 dissector crash (Bug 13675) CVE-2017-9353 - wnpa-sec-2017-13 WBMXL dissector infinite loop (Bug 13477, Bug 13796) CVE-2017-7702, CVE-2017-11410 Note: This is an update for a fix in Wireshark 2.2.6 and 2.0.12. - wnpa-sec-2017-28 openSAFETY dissector memory exhaustion (Bug 13649, Bug 13755) CVE-2017-9350, CVE-2017-11411 Note: This is an update for a fix in Wireshark 2.2.7. - wnpa-sec-2017-34 AMQP dissector crash. (Bug 13780) CVE-2017-11408 - wnpa-sec-2017-35 MQ dissector crash. (Bug 13792) CVE-2017-11407 - wnpa-sec-2017-36 DOCSIS infinite loop. (Bug 13797) CVE-2017-11406 - wnpa-sec-2017-38 MSDP dissector infinite loop (Bug 13933) - wnpa-sec-2017-39 Profinet I/O buffer overrun (Bug 13847) - wnpa-sec-2017-41 IrCOMM dissector buffer overrun (Bug 13929) Full release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.2.10.html Signed-off-by:
André Hentschel <nerv@dawncrow.de> Signed-off-by:
-
Vicente Olivert Riera authored
Security fixes: - wnpa-sec-2017-22 Bazaar dissector infinite loop (Bug 13599) CVE-2017-9352 - wnpa-sec-2017-23 DOF dissector read overflow (Bug 13608) CVE-2017-9348 - wnpa-sec-2017-24 DHCP dissector read overflow (Bug 13609, Bug 13628) CVE-2017-9351 - wnpa-sec-2017-25 SoulSeek dissector infinite loop (Bug 13631) CVE-2017-9346 - wnpa-sec-2017-26 DNS dissector infinite loop (Bug 13633) CVE-2017-9345 - wnpa-sec-2017-27 DICOM dissector infinite loop (Bug 13685) CVE-2017-9349 - wnpa-sec-2017-28 openSAFETY dissector memory exhaustion (Bug 13649) CVE-2017-9350 - wnpa-sec-2017-29 BT L2CAP dissector divide by zero (Bug 13701) CVE-2017-9344 - wnpa-sec-2017-30 MSNIP dissector crash (Bug 13725) CVE-2017-9343 - wnpa-sec-2017-31 ROS dissector crash (Bug 13637) CVE-2017-9347 - wnpa-sec-2017-32 RGMP dissector crash (Bug 13646) CVE-2017-9354 - wnpa-sec-2017-33 IPv6 dissector crash (Bug 13675) CVE-2017-9353 Full release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.2.7.html Signed-off-by:
Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by:
-
Fixes: http://autobuild.buildroot.net/results/49d/49dcec0bd2f3bb78c18675a9fa5c9c53cc183fd2/ g_cclosure_marshal_VOID__VOID is defined both in libgobject.a and libgstreamer.a. It is probably possible to fix this, but gstreamer0.10 has been deprecated for a long time now and is anyway unlikely to be used in static-only situations, so let's just require dynamic linking. Propagate to the reverse dependencies. opencv3 already did depend on dynamic libs. [Peter: add autobuild reference] Signed-off-by:
-
Yann E. MORIN authored
Fixes: http://autobuild.buildroot.org/results/2af/2af7412846c576089f8596857ab8c81ac31c1bed/ Signed-off-by: -
Thomas Petazzoni authored
Patch 0002-disable-tests.patch modifies Makefile.am, so we have to autoreconf. It hasn't been seen until now, but becomes very clear since the bump of automake to 1.15.1, as we're seeing build failures such as: configure.ac:66: error: version mismatch. This is Automake 1.15.1, configure.ac:66: but the definition used by this AM_INIT_AUTOMAKE configure.ac:66: comes from Automake 1.15. You should recreate configure.ac:66: aclocal.m4 with aclocal and run automake again. Fixes: http://autobuild.buildroot.net/results/3402357d8e90f1866dfeaee7bb61119d80dc8bcb/ Signed-off-by:
-
Bernd Kuhls authored
Upstream added a mandatory pthread check: https://github.com/libimobiledevice/libplist/commit/eec2e855b4f192cb1808d1f02b6bc8935a979025 Fixes http://autobuild.buildroot.net/results/863/863bb43db222f8e63d60b1fc4a53299575727de1/ Signed-off-by:
-
Bernd Kuhls authored
Release notes: https://github.com/libimobiledevice/libplist/blob/master/NEWS This version bump fixes * CVE-2017-6440 * CVE-2017-6439 * CVE-2017-6438 * CVE-2017-6437 * CVE-2017-6436 * CVE-2017-6435 * CVE-2017-5836 * CVE-2017-5835 * CVE-2017-5834 * CVE-2017-5545 * CVE-2017-5209 ... and several others that didn't receive any CVE (yet). The dependency to libxml2 was removed. Autoreconf is not needed anymore, the upstream tarball includes a configure script. [Peter: also drop host-pkgconf dependency, only used for cython] Signed-off-by:
-
Peter Korsgaard authored
The -m32 compiler flag is used for 32bit builds and host-luajit has limited architecture support. Building for a 32-bit target on a 32-bit host should always work, but we haven't tested that and it's very unlikely that someone needs it. So just limit to x86(-64) hosts. Fixes: http://autobuild.buildroot.net/results/5f5b5edb058efe976c003678e21bcc28a87cc828/ Signed-off-by:
-
Peter Korsgaard authored
ti-gfx is provided as a x86 self extracting executable, so it is only available on x86(-64) hosts. Signed-off-by:
-
Matt Weber authored
When prefix is set to a path like /usr during crossbuild the sed operations end up executing twice, once for the prefix reassignment and another for includedir if it is set as a string including the ${prefix} variable. This results in an issue when the build directory is under /usr. This patch updates the remaining location which uses the prefix variable to also sed and update to use the real path. Upstream bug report: https://bugs.python.org/issue31713 Buildroot bug: https://bugs.busybox.net/show_bug.cgi?id=10361 Fixes failures like the following: dbus-python-1.2.4 | NOK | http://autobuild.buildroot.net/results/758858efa97b6273c1b470513f5492258a6d8853 Signed-off-by:Matthew Weber <matthew.weber@rockwellcollins.com> [Arnout: refer to autobuild failures that still exist] Signed-off-by:
-
Yann E. MORIN authored
SOURCE_DATE_EPOCH is currently forcibly set (to either the git commit date, or the last release date). However, the spec mandates that it should not be modified if already set: https://reproducible-builds.org/specs/source-date-epoch/ Build systems MUST NOT overwrite this variable for child processes to consume if it is already present. Abide by the rule, and only set it if not already set. This will allow users to pass it from an upper-layer buildsystem (e.g. a jenkins or gitlab-ci job, for example), when they have a reson to do so. Reported-by:
Einar Jón Gunnarsson <tolvupostur@gmail.com> Signed-off-by:
-
Bernd Kuhls authored
Fixes the following CVEs: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) Release notes: https://www.openssl.org/news/secadv/20171102.txt Signed-off-by:
-
