Peter Seiderer [Thu, 19 Jan 2017 20:11:32 +0000 (21:11 +0100)]
libsndfile: disable external library dependencies
Fixes static linking of pifmrds [1]:
host/usr/bin/arm-linux-gcc -static -o pi_fm_rds rds.o waveforms.o pi_fm_rds.o fm_mpx.o control_pipe.o -lsndfile -lm
.../host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libsndfile.a(flac.o): In function `sf_flac_error_callback':
flac.c:(.text+0x44c): undefined reference to `FLAC__StreamDecoderErrorStatusString'
host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libsndfile.a(ogg.o): In function `ogg_close':
ogg.c:(.text+0x10): undefined reference to `ogg_sync_clear'
host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libsndfile.a(ogg_vorbis.o): In function `vorbis_read_sample':
ogg_vorbis.c:(.text+0x26c): undefined reference to `vorbis_synthesis_pcmout'
Gustavo Zacarias [Thu, 19 Jan 2017 13:44:51 +0000 (10:44 -0300)]
gd: security bump to version 2.2.4
Fixes:
CVE-2016-9317 - gdImageCreate() doesn't check for oversized images and
as such is prone to DoS vulnerabilities.
CVE-2016-6912 - double-free in gdImageWebPtr()
(without CVE):
Potential unsigned underflow in gd_interpolation.c
DOS vulnerability in gdImageCreateFromGd2Ctx()
Signed Integer Overflow gd_io.c
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
[Thomas:
- move condition to a different place in the .mk file, with other
similar conditions.
- add an 'else' clause to pass -no-libinput in order to explicitly
disable libinput support when the libinput package is not available.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yann E. MORIN [Sat, 14 Jan 2017 15:20:52 +0000 (16:20 +0100)]
core/br2-external: fix use of relative paths
Fixes #9576
When the path to a br2-external tree is relative, make enters an endless
recursive loop (paths elided for brevity):
$ make BR2_EXTERNAL=.. foo_defconfig
make[1]: stat: ../configs/../configs/../configs[...]/toto_defconfig: Filename too long
make[1]: *** No rule to make target '../configs/../configs/../configs[...]/toto_defconfig',
needed by '../configs/../configs/../configs[...]/toto_defconfig'. Stop.
Makefile:79: recipe for target '_all' failed
make: *** [_all] Error 2
It is a bit complex to understand the actual technical reason for this
never-ending expansion; it seems it happens in the code generated by the
percent_defconfig macro. Not sure why, though...
But the root cause is the relative path.
Just use absolute, canonical paths to br2-external trees. Always.
[Peter: add bugzilla reference] Reported-by: outtierbert@gmail.com Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Sun, 15 Jan 2017 18:40:08 +0000 (19:40 +0100)]
package/espeak: fix build issue with gcc6
On some architecture, "char" is signed (x86_64, nios2...) so the
compiler try to convert int 0xc2 and 0xba to a signed char.
This is an error since gcc6 (Wnarrowing).
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Apperently if both icu and nodejs are enabled during the nodejs host build
the nodejs buildsystem gets confused by the icu version installed by
Buildroot (icu 58.2) and the one bundled with the nodejs source tree(icu
57), which ends up in linking-time errors as:
"""
undefined reference to
`icu_58::NumberFormat::format(icu_58::StringPiece,
icu_58::UnicodeString&, icu_58::FieldPositionIterator*, UErrorCode&)
const'
"""
(note the icu_58 in the symbol name while the bundled icu version is 57)
This patch disables the (not used) i18n support in the nodejs host build
config in order to fix the issue. The issue doesn't affect the target build of
nodejs.
Baruch Siach [Sat, 14 Jan 2017 20:17:29 +0000 (22:17 +0200)]
tslib: use upstream .tar.xz archive
Save some network bandwidth.
[Peter: use TSLIB_VERSION instead of hardcoding 1.3] Signed-off-by: Baruch Siach <baruch@tkos.co.il> Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: reformat as suggested by Yann] Signed-off-by: Baruch Siach <baruch@tkos.co.il> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
toolchain: bump Codescape MTI MIPS version to 2016.05-06
Also...
- Fix a typo in Config.in
- Take into account the host's architecture to download the x86 or
x86_64 version. This makes the IA32 libs dependency in unnecessary.
[Peter: fix kernel headers comment as pointed out by Romain] Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Reviewed-by: Romain Naour <romain.naour@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
toolchain: bump Codescape IMG MIPS version to 2016.05-06
Also...
- Fix a typo in Config.in
- Take into account the host's architecture to download the x86 or
x86_64 version. This makes the IA32 libs dependency in unnecessary.
[Peter: fix kernel headers comment as pointed out by Romain] Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Reviewed-by: Romain Naour <romain.naour@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 13 Jan 2017 12:41:18 +0000 (13:41 +0100)]
rabbitmq-server: security bump to version 3.6.6
Fixes a critical authentication vulnerability in the MQTT plugin
(CVE-2016-9877):
MQTT (MQ Telemetry Transport) connection authentication with a
username/password pair succeeds if an existing username is provided but the
password is omitted from the connection request. Connections that use TLS
with a client-provided certificate are not affected.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The problem addressed by 0001 patch has been fixed upstream and is that
fix is included in this release:
https://github.com/ruby/ruby/commit/aa107497cd379b713eba8cecdb9a882bb1e0dd89
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Tue, 10 Jan 2017 22:39:25 +0000 (23:39 +0100)]
package/mpd: fix static linking with tremor
Although tremor (the library is named vorbisidec) provides a pkg-config
file, mpd does not use it to find tremor. Since version 0.20 does throw
an error instead of a warning, that's why the issue was left unnoticed
by the autobuilders.
Help mpd to find tremor by providing the path to the library and passing
LIBS through the environment. We use the host pkg-config tool to get the
correct values from the vorbisidec.pc file.
Clayton Shotwell [Tue, 10 Jan 2017 16:05:52 +0000 (10:05 -0600)]
package/ustr: fix ldconfig for host build
The host build of the ustr package also needs to not run the ldconfig to
prevent a build failure caused by the symlink creating a race condition.
Related commit for target build change was 22069232.
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com> Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Tue, 10 Jan 2017 13:06:46 +0000 (10:06 -0300)]
collectd: fix libgcrypt support
For the newer versions the collectd configure script expects
libgcrypt-config as parameter rather than the location for the
libgcrypt-config script. Adjust the package to account for this.
Fixes:
http://autobuild.buildroot.net/results/a49/a494bc905e4509528c4932f76a094b9ea8e70bd3/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The benchmark tool uses clock_gettime which is available in librt instead of
libc in older glibc versions. The build system correctly links with -lrt on
Linux systems, but misdetects non-x86 linux systems as !linux, causing build
failures.
Add a patch to relax the linux OS detection to also work on non-x86 systems.
The 3.5.x has been promoted to stable, hence 3.4.x is deprecated and
3.3.x kept as old-stable.
libdane now specifies LGPLv2.1+ so drop the README kludge (which is also
gone regarding licensing).
libunistring is a new dependency, even though gnutls ships a builtin version
we prefer to use unbundled to avoid duplication with other users and target
size growth.
Fixes:
GNUTLS-SA-2017-01 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted X.509 certificate with
Proxy Certificate Information extension present could lead to a double
free.
GNUTLS-SA-2017-02 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted OpenPGP certificate
could lead to heap and stack overflows.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2016-8707 (Fix possible buffer overflow when writing
compressed TIFFS). This CVE fix is included since 7.0.3-9:
http://git.imagemagick.org/repos/ImageMagick/commit/fde5f55af94f189f16958535a9c22b439d71ac93
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>