Thomas Petazzoni [Sun, 26 Nov 2017 14:40:19 +0000 (15:40 +0100)]
google-breakpad: take into account host architecture dependencies
Building the target google-breakpad requires building the host variant
of google-breakpad. Just like the target google-breakpad only supports
a limited number of architectures, it is the same for the host
google-breakpad.
We therefore introduce a
BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS option that is used
where necessary to prevent the user from choosing Google Breakpad when
building on unsupported host platforms.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fadc438393841eced94aa6decfd04c5bf448b255) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
and the perl script section_generate.pl will create both the .c and .h
files in one go, but given the construct above, there can be two such
script that run in parallel, which can clobber the generated .c and/or
.h files.
So, make dvb-apps a MAKE1 package.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ba6796c7ccb856fc34a7983c9ac031168f1e0b65) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Tue, 21 Nov 2017 19:13:30 +0000 (20:13 +0100)]
Fix makefile include order by using sort/wildcard.
The 'include' directive in GNU make supports wildcards, but their
expansion has no defined sort order (GLOB_NOSORT is passed to glob()).
Usually this doesn't matter. However, there is at least one case where
it does make a difference: toolchain/*/*.mk includes both the
definitions of the external toolchain packages and
pkg-toolchain-external.mk, but pkg-toolchain-external.mk must be
included first.
For predictability, use ordered 'include $(sort $(wildcard ...))'
instead of unordered direct 'include */*.mk' everywhere.
Fixes [1] reported by Petr Vorel:
make: *** No rule to make target 'toolchain-external-custom', needed by '.../build/toolchain-external/.stamp_configured'. Stop.
Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Petr Vorel <petr.vorel@gmail.com>
[Arnout: also sort the one remaining include, of the external docs] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b9d2d4cb4ebc7a2290c4683dd9667b8f0a9e3cdf) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Wed, 22 Nov 2017 21:08:28 +0000 (22:08 +0100)]
package/google-breakpad: replace references to 'struct ucontext' with 'ucontext_t'
In glibc, since
https://sourceware.org/git/?p=glibc.git;h=251287734e89a52da3db682a8241eb6bccc050c9
the 'struct ucontext' tag has been replaced with 'struct ucontext_t'.
The tag itself is anyway not POSIX - only the 'ucontext_t' typedef is
specified. And that type has existed since at least 1997 in glibc.
Therefore, replace references to 'struct ucontext' with 'ucontext_t',
which works in all versions of glibc, uClibc and musl.
Philippe Proulx [Wed, 22 Nov 2017 22:56:36 +0000 (17:56 -0500)]
lttng-tools: fix build errors and warnings for musl/uClibc-ng
Add 0001-Fix-detect-dlmopen-and-disable-corresponding-tests-i.patch to
detect if dlmopen() exists and disable parts of the build accordingly if
not. This fixes a bug when building with musl or uClibc-ng.
Add 0002-Fix-src-common-pipe.h-include-sys-types.h-for-ssize_.patch to
fix an #include bug when building with musl.
Add 0003-Fix-warning-src-bin-lttng-utils.c-cast-incompatible-.patch to
remove compilation warnings.
All three new patches are in upstream's master branch as of this date
and will be part of an eventual release.
Signed-off-by: Philippe Proulx <eeppeliteloop@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9dd25fe977867a2e7ef1ba40c3cbd12953ecaf51) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Mon, 20 Nov 2017 18:36:58 +0000 (19:36 +0100)]
localedef: fix xlocale.h related compile failure
Add upstream patch 'Don't include <xlocale.h>'.
Fixes Bug-10501 ([1]):
In file included from ./include/locale.h:1:0,
from /usr/include/libintl.h:103,
from ./include/libintl.h:2,
from glibc/locale/programs/charmap.c:25:
glibc/locale/locale.h:146:11: fatal error: xlocale.h: No such file or directory
# include <xlocale.h>
Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d5cc76c5314f58fa18001e9abce196c1ac4a28d1) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 21 Nov 2017 22:43:13 +0000 (23:43 +0100)]
samba4: security bump to version 4.6.11
Fixes the following security issues:
- CVE-2017-14746:
All versions of Samba from 4.0.0 onwards are vulnerable to a use after
free vulnerability, where a malicious SMB1 request can be used to
control the contents of heap memory via a deallocated heap pointer. It
is possible this may be used to compromise the SMB server.
- CVE-2017-15275:
All versions of Samba from 3.6.0 onwards are vulnerable to a heap
memory information leak, where server allocated heap memory may be
returned to the client without being cleared.
There is no known vulnerability associated with this error, but
uncleared heap memory may contain previously used data that may help
an attacker compromise the server via other methods. Uncleared heap
memory may potentially contain password hashes or other high-value
data.
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.6.11.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit df75c954bc5633045d5c06a87c53d71dad8ae6e1) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 317b72f469867bd3e1765418e325515d6065d45f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Fri, 17 Nov 2017 23:02:25 +0000 (00:02 +0100)]
qt: add patch to fix build on non-x86 platforms
This commit adds a patch to Qt that adjusts its build system to
properly support building on non-x86 platforms. The problem was due to
the PLATFORM and XPLATFORM variables having the same value when
building on a ppc64le system targetting an uncommon architecture
(Xtensa or ARC for example). We fix this problem by making sure
PLATFORM and XPLATFORM will always be different.
Fixes the following build failures occuring on gcc112 (a ppc64le
autobuilder machine):
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e86b74333e740516b6472dab5fa8f7822ae82840) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Fri, 17 Nov 2017 15:14:16 +0000 (16:14 +0100)]
libfastjson: indicate explicitly which gcc -std option to use
This commit fixes the following build issue of libfastjson with old
enough compilers (4.8) and wchar disabled:
json_object.c: In function 'fjson_object_object_delete':
json_object.c:385:3: error: 'for' loop initial declarations are only allowed in C99 mode
for (int i = 0 ; i < FJSON_OBJECT_CHLD_PG_SIZE ; ++i) {
^
The code of libfastjson requires C99. If your compiler is recent
enough (gcc 5.x), then no problem, it is C99 by default, no additional
flags are needed.
If your compiler is older (for example gcc 4.8), then -std=c99 or
-std=gnu99 is explicitly needed to tell the compiler to accept C99
constructs. Testing the compiler for the availability of such flags is
done by libfastjson configure script. However, the test program used
by the configure script uses some wchar_t types, and therefore the
test checking for C99 availability fails on toolchains with wchar
disabled. From config.log:
configure:3928: checking for /home/test/buildroot/output/host/usr/bin/i586-buildroot-linux-uclibc-gcc option to accept ISO C99
[...]
configure:4077: /home/test/buildroot/output/host/usr/bin/i586-buildroot-linux-uclibc-gcc -std=gnu99 -c -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
conftest.c:54:3: error: unknown type name 'wchar_t'
const wchar_t *name;
^
So, just like we did in libv4l in commit f01396a158f14c53b781c35f7ff29da0bea8c8d6 ("libv4l: fix uclibc-ng
configure/compile"), let's hint directly the configure script that it
should use -std=gnu99. This fixes the build of libfastjson with old
compilers and wchar disabled.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 90430237ccdcc369d3e206fdd24266c0cad0dcb6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Nov 2017 14:23:05 +0000 (15:23 +0100)]
qt5webkit: backport upstream icu-59 fix from 5.9 branch to 5.6.3
icu-59.x slightly changed the API, breaking qt5webkit builds. For details, see:
https://bugreports.qt.io/browse/QTBUG-60532
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cab0d0a8acc920c6d240e9d503816b9ffb0508d2) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Nov 2017 14:23:04 +0000 (15:23 +0100)]
qt5webkit: correct download URL and hash for 5.6 variant
Commit 06a4975d4bd03 (qt5: bump LTS version to 5.6.3) added an empty hash
for the 5.6.3 variant of qt5webkit, causing failures.
It also forgot to adjust the download URL as the qt5webkit tarballs are no
longer available under official_releases/ like the other submodules, but only
under community_releases/.
Fix both issues.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d4a119ccc42f5b93a2e33f99438a86cc5ee1fb00) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Tue, 14 Nov 2017 14:42:03 +0000 (09:42 -0500)]
libpjsip: fix ssl support
Currently, ssl support is implicitely disabled in the initial configure
options. This overrides the check for openssl below.
libpjsip is also currently only compatible with libopenssl. Change
the check to LIBOPENSSL instead of openssl, and depend on libopenssl.
[Peter: drop libopenssl change] Signed-off-by: Adam Duskett <aduskett@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9e479e65dcf1582b20433ca1b120efb66e806a04) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream patch fixing invalid code that now triggers a build error on gcc7+.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0b1509107dc1720f7da6149a8791085794b5677f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Mon, 13 Nov 2017 19:23:49 +0000 (20:23 +0100)]
package/x11r7/xapp_xdriinfo: fix libgl dependency
Fixes
"mesa3d is in the dependency chain of xapp_xdriinfo that has added it
to its _DEPENDENCIES variable without selecting it or depending on it
from Config.in."
http://autobuild.buildroot.net/results/d8a/d8aeed2f64e21a277eb0bc5dc08d2339a14c682e/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6d97e73257ffb9fddb8a57dc8d2933b79b86f4b0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Luca Ceresoli [Sat, 11 Nov 2017 23:06:31 +0000 (00:06 +0100)]
libpjsip: fix static build failures due to name clash
Several packages have a similar md5.c file, and each has a function
named byteReverse(). This generates link errors when building
statically ("multiple definition of `byteReverse'").
Fix by applying a patch from upstream:
https://trac.pjsip.org/repos/changeset/5688
Peter Korsgaard [Sun, 12 Nov 2017 13:43:11 +0000 (14:43 +0100)]
ruby: security bump to version 2.4.2
Fixed the following security issues:
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
For more details, see the release notes:
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/
Drop now upstreamed rubygems patches and add hashes for the license files
while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f2c353054111b0398399ba1933a47d34441c875e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Alex Suykov [Tue, 7 Nov 2017 10:17:15 +0000 (12:17 +0200)]
vboot-utils: fix ARCH detection
The package includes some target-specific code that is irrelevant
in a host package but gets built anyway. The target for this code
must be one of the supported ChromeOS targets.
Supplied Makefile apparently relies on the environment to provide
a valid target, with a simple fallback to host arch. This breaks
the build if no value is provided and the host arch is not among
the supported ones.
Signed-off-by: Alex Suykov <alex.suykov@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bbb25c3ad7b66e6882508e49028d1739732bca34) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Wed, 8 Nov 2017 12:00:33 +0000 (07:00 -0500)]
snmp++: security bump to v3.3.10
>From the changelong:
Set the FD_CLOEXEC flag on sockets, so they are not "leaked" to
spawned processes
Signed-off-by: Adam Duskett <aduskett@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6be1631bf27cb0d2aa6ddcbad835d614f33698e6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Andrey Smirnov [Tue, 7 Nov 2017 20:04:42 +0000 (12:04 -0800)]
package/collectd: Specify FP layout based on endianness
Big-endian CPUs store floating point as big endian (at lest majority
of them do), so, in order for 'network' plugin to work correctly (and
potentially any user of htond() in collectd's codebase),
--with-fp-layout=endianflip as opposed to --with-fp-layout=nothing
needs to be specified during configuration phase.
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bdd8475b90fa46644149d34bf852b213ec60ce71) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 11 Nov 2017 10:44:56 +0000 (11:44 +0100)]
postgresql: security bump to version 9.6.6
Fixes the following security issues:
CVE-2017-12172: Start scripts permit database administrator to modify
root-owned files.
CVE-2017-15098: Memory disclosure in JSON functions.
CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT
privileges.
See the announcement for more details:
https://www.postgresql.org/about/news/1801/
While we're at it, also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b97353f2b50add10971e8477ad0b4cede9244578) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Tue, 5 Sep 2017 12:20:10 +0000 (08:20 -0400)]
postgresql: security bump to version 9.6.5
Fixes the following security issues (9.6.4):
CVE-2017-7546: Empty password accepted in some authentication methods
CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges
CVE-2017-7548: lo_put() function ignores ACLs
For more info, see https://www.postgresql.org/about/news/1772/
[Peter: extend commit message with security fixes info] Signed-off-by: Adam Duskett <aduskett@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 95e284bd2732390eb34cb72c798032fd7ac8920c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a maintenance release of the current stable WebKitGTK+ version,
which contains a minor rendering fix, another for the WebDriver
implementation, and security fixes for CVE-2017-13798, CVE-2017-13788,
and CVE-2017-13803.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5ff18880e9647e446a3d720b7c6c74eed97ef0b4) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Thu, 9 Nov 2017 21:51:47 +0000 (16:51 -0500)]
libpjsip: security bump to 2.7.1
Also add hash for license file
See release notes for details:
https://trac.pjsip.org/repos/milestone/release-2.7.1
Signed-off-by: Adam Duskett <Adamduskett@outlook.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4bdc4e492ba75d34d859ca15f0c21ec8078785fc) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Fri, 13 Oct 2017 02:42:17 +0000 (22:42 -0400)]
libpjsip: bump to 2.7
Signed-off-by: Adam Duskett <Adamduskett@outlook.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0f6dacb37a4e97c7acea59ea7ccda932512e3ff9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go-bootstrap is a host package that builds a first stage Go compiler,
later used to build the final Go compiler. However, this first stage
compiler only supports building on x86, x86-64 and arm as host
architectures, so we need to add the relevant architecture
dependencies to avoid having go-bootstrap built on other unsupported
platforms.
We do this by introducing BR2_PACKAGE_HOST_GO_BOOTSTRAP_ARCH_SUPPORTS
in a new package/go-bootstrap/Config.in.host file. This option is then
used by BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS to make sure we can't enable
Go packages when the host architecture doesn't allow building the Go
compiler.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a3fda8e292c4b5b98482b5b75f551476c570a034) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The build system of the embedded jimtcl copy doesn't use autotools, but does
use an old version of gnuconfig which doesn't know all the architectures
supported by Buildroot, so update config.guess / config.sub like we do in
pkg-autotools.mk
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 90d86994f86fec8578772a8a7465bf912c69e1ca) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The build system doesn't use autotools, but does use an old version of
gnuconfig which doesn't know all the architectures supported by Buildroot,
so update config.guess / config.sub like we do in pkg-autotools.mk
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bca1d4af9bf6b60b37bf5d39e9e3e1b827854f52) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: André Hentschel <nerv@dawncrow.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 708316f49fd08170e75d9c9eab61a4b3b1280bc9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
g_cclosure_marshal_VOID__VOID is defined both in libgobject.a and
libgstreamer.a. It is probably possible to fix this, but gstreamer0.10
has been deprecated for a long time now and is anyway unlikely to be
used in static-only situations, so let's just require dynamic linking.
Propagate to the reverse dependencies. opencv3 already did depend on
dynamic libs.
[Peter: add autobuild reference] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0eee5465e51229c4c17d7930ca2095caace4f8d2) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: André Hentschel <nerv@dawncrow.de> Reviewed-by: André Hentschel <nerv@dawncrow.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4013f11a5b71f238b36f45dcdeb46b7f7a01e600) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Tue, 17 Oct 2017 19:46:48 +0000 (21:46 +0200)]
libglib2: needs autoreconf
Patch 0002-disable-tests.patch modifies Makefile.am, so we have to
autoreconf. It hasn't been seen until now, but becomes very clear
since the bump of automake to 1.15.1, as we're seeing build failures
such as:
configure.ac:66: error: version mismatch. This is Automake 1.15.1,
configure.ac:66: but the definition used by this AM_INIT_AUTOMAKE
configure.ac:66: comes from Automake 1.15. You should recreate
configure.ac:66: aclocal.m4 with aclocal and run automake again.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 45fbec12e79dfd8416b20afa4c2590aecd3ddc5d) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Otherwise the (handwritten) configure script uses a config.guess script from
2010 to figure out the build host, breaking builds on ppc64le hosts.
The result of --host / --build is only used to detect if we are building for
Windows or not, which is why things are working on x86(-64) build hosts
without specifying --host even though we are cross compiling - But this may
change in the future, so we better pass the correct values.
Passing extra jimtcl configure flags is unfortunately not forseen in the
usb_modeswitch Makefile, so add a small patch making this possible.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 29cccab4476bc58b2acb50887a67e310045efb24) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Otherwise the (handwritten) configure script uses a config.guess script from
2010 to figure out the build host, breaking builds on ppc64le hosts.
The result of --host / --build is only used to detect if we are building for
Windows or not, which is why things are working on x86(-64) build hosts
without specifying --host even though we are cross compiling - But this may
change in the future, so we better pass the correct values.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 962561a57521dc778df99904aff06c6d1bc435ee) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version bump fixes
* CVE-2017-6440
* CVE-2017-6439
* CVE-2017-6438
* CVE-2017-6437
* CVE-2017-6436
* CVE-2017-6435
* CVE-2017-5836
* CVE-2017-5835
* CVE-2017-5834
* CVE-2017-5545
* CVE-2017-5209
... and several others that didn't receive any CVE (yet).
The dependency to libxml2 was removed.
Autoreconf is not needed anymore, the upstream tarball includes a
configure script.
[Peter: also drop host-pkgconf dependency, only used for cython] Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c3820248761c279e3c8f9839e5b24c8b39891fd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Andrey Smirnov [Fri, 3 Nov 2017 18:49:53 +0000 (11:49 -0700)]
fs: add missing $$(sep) to pre- and post-command hooks code
When multiple hooks are registred, both pre-a and post-command hooks'
foreach loops need to have a separator at the end in order for the
code to work as intended. Without the separator all hooks end up as a
one single line command thus making all but the first hook into
no-ops.
Fixes: 4628b6f3b4 ("fs: add pre- and post-command hooks") Cc: Yann E. MORIN <yann.morin.1998@free.fr> Cc: Romain Naour <romain.naour@gmail.com> Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 3f9476df07200fd86d59fb19b4183dafed5934f8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 2 Nov 2017 10:45:19 +0000 (11:45 +0100)]
luajit: only available on x86(-64) hosts
The -m32 compiler flag is used for 32bit builds and host-luajit has
limited architecture support. Building for a 32-bit target on a 32-bit
host should always work, but we haven't tested that and it's very
unlikely that someone needs it. So just limit to x86(-64) hosts.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Arnout: clarify that it might work on 32-bit hosts for a 32-bit target] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9b9347ee9f8e531dd177b437e8ea5387e29fc35e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Wed, 18 Oct 2017 16:55:23 +0000 (11:55 -0500)]
python-config.sh: don't reassign ${prefix}
When prefix is set to a path like /usr during crossbuild
the sed operations end up executing twice, once for the prefix
reassignment and another for includedir if it is set as a string
including the ${prefix} variable. This results in an issue
when the build directory is under /usr.
This patch updates the remaining location which uses the prefix
variable to also sed and update to use the real path.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Arnout: refer to autobuild failures that still exist] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 04d1699ba4cecaa77f688b4effbcac5e84419b15) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 5 Nov 2017 09:14:56 +0000 (10:14 +0100)]
core/reproducible: do not override SOURCE_DATE_EPOCH
SOURCE_DATE_EPOCH is currently forcibly set (to either the git commit
date, or the last release date).
However, the spec mandates that it should not be modified if already
set: https://reproducible-builds.org/specs/source-date-epoch/
Build systems MUST NOT overwrite this variable for child
processes to consume if it is already present.
Abide by the rule, and only set it if not already set.
This will allow users to pass it from an upper-layer buildsystem (e.g. a
jenkins or gitlab-ci job, for example), when they have a reson to do so.
Reported-by: Peter Korsgaard <peter@korsgaard.com> Reported-by: Einar Jón Gunnarsson <tolvupostur@gmail.com> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Einar Jón Gunnarsson <tolvupostur@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0437d2f8f6ef8c10b529c154f4534453ce34607b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 3 Nov 2017 15:51:40 +0000 (16:51 +0100)]
moarvm: use host-lua instead of host-luajit
host-luajit has limited architecture support, and moarvm does not need
anything luajit specific - So use host-lua instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a7e216845800c257c9c0bf427d2871de62c70d11) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Thu, 2 Nov 2017 13:17:56 +0000 (15:17 +0200)]
azure-iot-sdk-c: use github for homepage
Many Buildroot users can not read Dutch. Although there is an English
version of this page, the github page looks more suitable as a link for
the software package itself, and the readme.md file is pretty
informative.
Cc: André Hentschel <nerv@dawncrow.de> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5a001b3e6ca8ccdaa7d801afb55cf31f6881433e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Note: this problem wasn't seen until now because we were only testing
gcc 7.x/glibc, and the problematic code is not built when glibc is
used.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 11ed80169ca788d2b9ac448fb545485c44876be9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Tue, 31 Oct 2017 06:18:34 +0000 (01:18 -0500)]
argp-standalone: fix build with gcc 7.x
Back in commit a662ff7e79630ca0875dd8529fe54db27a275007
("package/argp-standalone: Fix build with c99 compilers"), we fixed
the build of argp-standalone with compilers defaulting to C99 inline
semantics, i.e starting from gcc 5.x.
This was done as part of a patch that used "inline" instead of "extern
inline". However, using "inline" once again broke the build with gcc
7.x. To fix this, revert back to using just "extern inline" (hence
removing a patch of patch 0003-fix_build_with_c99_compilers.patch) and
instead use -fgnu89-inline in the CFLAGS.
See https://gcc.gnu.org/gcc-5/porting_to.html for more details.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: also drop the patch of
0003-fix_build_with_c99_compilers.patch that is no longer needed.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f0b65bd90ce4429d6b7e952ce7de2d5f92a2dd26) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 30 Oct 2017 21:53:09 +0000 (22:53 +0100)]
quagga: add upstream security fix for CVE-2017-16227
>From the advisory:
http://www.openwall.com/lists/oss-security/2017/10/30/4
It was discovered that the bgpd daemon in the Quagga routing suite does
not properly calculate the length of multi-segment AS_PATH UPDATE
messages, causing bgpd to drop a session and potentially resulting in
loss of network connectivity.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d77d7220a7ced8daa89e3e0aa0090a4e60074001) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in
config.h, but bsd-getpagesize.c forgot to include includes.h (which
indirectly includes config.h) so the checks always fails, causing linker
issues when linking statically on systems with getpagesize().
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit cc856401e8ac6a2c7a8767737b73dde933a5798a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Maksim Salau [Tue, 31 Oct 2017 07:51:04 +0000 (10:51 +0300)]
swupdate: Fix SHA256 hash verification
swupdate 2017.07 has a bug which makes hash verification faulty.
The commit adds a patch to fix the issue. The fix has already been
pushed to upstream and is a copy of the commit dba95dcd3739c604a81ffa2df2545e7a4cd430cf in the swupdate repo [1].
[1] https://github.com/sbabic/swupdate
Signed-off-by: Maksim Salau <msalau@iotecha.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7386925e2d8776e8adb2982050ad21f0eafd119e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Wed, 1 Nov 2017 17:18:49 +0000 (12:18 -0500)]
uboot-tools: disable pylibfdt
The current U-Boot build system assumes that if swig is installed on
the host system, it should build pylibfdt, without checking if other
dependencies are available. This causes a number of build failures.
This commit fixes that by using concepts from the future upstream fix
(post 2017.11), which sets up a kconfig variable for pylibfdt and
conditionally enables the swig wrapper creation (default=n).
This patch only affects uboot-tools, in which we never need
pylibfdt. The logic in the uboot package, with its
BR2_TARGET_UBOOT_NEEDS_PYLIBFDT option, remains unchanged.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz> Reviewed-by: Jan Kundrát <jan.kundrat@cesnet.cz>
[Thomas: improved commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0bcd09ffcabbcce74ed00bc38620f71a34a59b45) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 06a4975d4bd030ab3cf291d18fa36a39cb58cc89) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Sat, 21 Oct 2017 19:14:01 +0000 (21:14 +0200)]
support/testing: update ISO9660 test case Linux kernel
The Linux 4.0 kernel doesn't build with gcc 6.x, which is used since
the toolchain update in commit 193dfffa834a4cd76bc7b41089bd93d4c37dfc65 ("support/testing: use more
recent toolchains"). So let's update to Linux 4.11 instead (like the
existing Qemu x86 defconfig does), and update the kernel configuration
file accordingly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Fri, 27 Oct 2017 12:18:58 +0000 (14:18 +0200)]
wget: add optional zlib support
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aff7673602d21b599470227edf323e72831dd3eb) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 27 Oct 2017 12:02:08 +0000 (14:02 +0200)]
wget: security bump to version 1.19.2
Fixes the following security issues:
CVE-2017-13089: The http.c:skip_short_body() function is called in some
circumstances, such as when processing redirects. When the response is sent
chunked, the chunk parser uses strtol() to read each chunk's length, but
doesn't check that the chunk length is a non-negative number. The code then
tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but
ends up passing the negative chunk length to connect.c:fd_read(). As
fd_read() takes an int argument, the high 32 bits of the chunk length are
discarded, leaving fd_read() with a completely attacker controlled length
argument.
CVE-2017-13090: The retr.c:fd_read_body() function is called when processing
OK responses. When the response is sent chunked, the chunk parser uses
strtol() to read each chunk's length, but doesn't check that the chunk
length is a non-negative number. The code then tries to read the chunk in
pieces of 8192 bytes by using the MIN() macro, but ends up passing the
negative chunk length to retr.c:fd_read(). As fd_read() takes an int
argument, the high 32 bits of the chunk length are discarded, leaving
fd_read() with a completely attacker controlled length argument. The
attacker can corrupt malloc metadata after the allocated buffer.
Drop now upstreamed patch and change to .tar.lz as .tar.xz is no longer
available.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 86eb94636e0dcfaf332ba808eeee04a61b13af60) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a maintenance release of the current stable WebKitGTK+ version,
which contains bugfixes; mostly for crashes and rendering issues, plus
one important fix for the layout or Arabic text.
Even though an acconpanying security advisory has not been published
for this release, the release contains fixes for several crashes (one
of them for the decoder of the very common GIF image format), which
arguably can be considered potential security issues.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e3459fd9c5cc4ddb04d22b534ef66b441e1aea71) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 26 Oct 2017 12:52:47 +0000 (14:52 +0200)]
openssh: security bump to version 7.6p1
Fixes CVE-2017-15906 - The process_open function in sftp-server.c in OpenSSH
before 7.6 does not properly prevent write operations in readonly mode,
which allows attackers to create zero-length files.
For more details, see the release notes:
https://www.openssh.com/txt/release-7.6
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 70663a9a4fcb9211fcef7668a8a35de11cc54775) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
AOF flush on SHUTDOWN did not cared to really write the AOF buffers
(not in the kernel but in the Redis process memory) to disk before exiting.
Calling SHUTDOWN during traffic resulted into not every operation to be
persisted on disk.
Also add a hash for the license file while we're at it.
Peter Korsgaard [Thu, 26 Oct 2017 12:18:43 +0000 (14:18 +0200)]
sdl2: security bump to version 2.0.7
Fixes CVE-2017-2888 - An exploitable integer overflow vulnerability exists
when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can
cause an integer overflow resulting in too little memory being allocated
which can lead to a buffer overflow and potential code execution. An
attacker can provide a specially crafted image file to trigger this
vulnerability.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 07a9f0200cfd1c34f33e8054f62b990d05ccb934) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure script automatically enables support for the raspberry pi
video backend if it detects the rpi-userland package. Unfortunately it
hardcodes a number of include/linker paths unsuitable for cross compilation,
breaking the build:
if test x$enable_video = xyes -a x$enable_video_rpi = xyes; then
..
RPI_CFLAGS="-I/opt/vc/include -I/opt/vc/include/interface/vcos/pthreads -I/opt/vc/include/interface/vmcs_host/linux"
RPI_LDFLAGS="-L/opt/vc/lib -lbcm_host"
fi
So explicitly disable it until the configure script is fixed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3a798acf239dee04d573f575337bf823c13020fd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 23 Oct 2017 23:13:17 +0000 (01:13 +0200)]
libcurl: security bump to version 7.56.1
Fixes CVE-2017-1000257 - IMAP FETCH response out of bounds read
https://curl.haxx.se/docs/adv_20171023.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 62d4dd2999a0446c2b868a7c6fbcc764a470493d) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 23 Oct 2017 23:08:36 +0000 (01:08 +0200)]
irssi: security bump to version 1.0.5
Fixes the following security issues:
(a) When installing themes with unterminated colour formatting
sequences, Irssi may access data beyond the end of the
string. (CWE-126) Found by Hanno Böck.
CVE-2017-15228 was assigned to this issue.
(b) While waiting for the channel synchronisation, Irssi may
incorrectly fail to remove destroyed channels from the query list,
resulting in use after free conditions when updating the state
later on. Found by Joseph Bisch. (CWE-416 caused by CWE-672)
CVE-2017-15227 was assigned to this issue.
(c) Certain incorrectly formatted DCC CTCP messages could cause NULL
pointer dereference. Found by Joseph Bisch. This is a separate,
but similar issue to CVE-2017-9468. (CWE-690)
CVE-2017-15721 was assigned to this issue.
(d) Overlong nicks or targets may result in a NULL pointer dereference
while splitting the message. Found by Joseph Bisch. (CWE-690)
CVE-2017-15723 was assigned to this issue.
(e) In certain cases Irssi may fail to verify that a Safe channel ID
is long enough, causing reads beyond the end of the string. Found
by Joseph Bisch. (CWE-126)
CVE-2017-15722 was assigned to this issue.
For more details, see the advisory:
https://irssi.org/security/irssi_sa_2017_10.txt
While we're at it, also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a9a4ec0dcce4500319e00e7d875414d6bc6606fa) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Sun, 22 Oct 2017 14:00:08 +0000 (16:00 +0200)]
sqlite: add security patches
CVE-2017-13685: The dump_callback function in SQLite 3.20.0 allows
remote attackers to cause a denial of service (EXC_BAD_ACCESS and
application crash) via a crafted file.
CVE-2017-15286: SQLite 3.20.1 has a NULL pointer dereference in
tableColumnList in shell.c
because it fails to consider certain cases where
`sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never
initialized.
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d3c96bd5a6d3d64ab9c61104c6078b4bc89b12ec) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building Python 3.x on MIPS with musl fails because the libffi code
uses a "#ifdef linux" test to decide if we're building on Linux or
not. When building with -std=c99, "linux" is not defined, so instead
of including <asm/sgidefs.h>, libffi's code tries to include
<sgidefs.h>, which doesn't exist on musl.
The right fix is to use __linux__, which is POSIX compliant, and
therefore defined even when -std=c99 is used.
Note that glibc and uClibc were not affected because they do provide a
<sgidefs.h> header in addition to the <asm/sgidefs.h> one.
Signed-off-by: Mauro Condarelli <mc5686@mclink.it>
[Thomas: reformat patch with Git, add a better commit log and description.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4852f05907cd365825f37c283a415a77ba1fcba9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add DEPENDENCIES_HOST_PREREQ to the list of packages
That way packages included in that list like ccache will also be
regarded as a normal packages for targets like external-deps,
show-targets or legal-info
Signed-off-by: Alfredo Alvarez Fernandez <alfredo.alvarez_fernandez@nokia.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 862b76cfefc101943f09db2a73f5519f9a5bb2cb) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dependencies: always use HOSTCC_NOCACHE for DEPENDENCIES_HOST_PREREQ
Currently, HOSTCC and HOSTCXX are set to their _NOCACHE variants in the
'dependencies' target. This is needed because at that time, ccache is
not built yet - host-ccache is one of the dependencies. However, because
this override is only specified for the 'dependencies' target (and
thereby gets inherited by its dependencies), the override is only
applied when the package is reached through the 'dependencies' target.
This is not the case when one of DEPENDENCIES_HOST_PREREQ is built
directly from the command line, e.g. when doing 'make host-ccache'. So
in that case, ccache will be built with ccache... which fails of
course.
To fix this, directly apply the override to the DEPENCIES_HOST_PREREQ
targets.
Note that this only fixes the issue for 'make host-ccache', NOT for
e.g. 'make host-ccache-configure'.
Notice: Not applying XSA-237..244 as they are x86 only and have patch file
name conflicts between 2017.02.x and master.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 90b9b457ecd5e6ebea9d48f36c030b95ca67059b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 22 Oct 2017 11:15:08 +0000 (13:15 +0200)]
lame: security bump to version 3.100
Fixes the following security issues:
CVE-2017-9410: fill_buffer_resample function in libmp3lame/util.c heap-based
buffer over-read and ap
CVE-2017-9411: fill_buffer_resample function in libmp3lame/util.c invalid
memory read and application crash
CVE-2017-9412: unpack_read_samples function in frontend/get_audio.c invalid
memory read and application crash
Drop patches now upstream or no longer needed:
0001-configure.patch: Upstream as mentioned in patch description
0002-gtk1-ac-directives.patch: Upstream as mentioned in patch
description/release notes:
Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1.
This was transplanted back from aclocal.m4 with a patch provided by Andres
Mejia. This change makes it easy to regenerate autotools' files with a simple
invocation of autoconf -vfi.
0003-msse.patch: Not needed as -march <x86-variant-with-msse-support>
nowadays implies -msse.
With these removed, autoreconf is no longer needed.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7e3583dd558925a447eaa4367d659f39482fbbc0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 21 Oct 2017 17:20:33 +0000 (19:20 +0200)]
busybox: add upstream post-1.27.2 httpd fix
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ec58149009776f63767644f9a3409f420c271766) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Tue, 5 Sep 2017 12:20:05 +0000 (08:20 -0400)]
busybox: bump to version 1.27.2
Signed-off-by: Adam Duskett <aduskett@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5cdb463e442d63f0ba361e7348d0ed56cb9b63d0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 21 Oct 2017 19:12:59 +0000 (21:12 +0200)]
musl: add upstream security fix for CVE-2017-15650
>From the upstream announcement:
http://www.openwall.com/lists/oss-security/2017/10/19/5
Felix Wilhelm has discovered a flaw in the dns response parsing for
musl libc 1.1.16 that leads to overflow of a stack-based buffer.
Earlier versions are also affected.
When an application makes a request via getaddrinfo for both IPv4 and
IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the
nameservers configured in resolv.conf can reply to both the A and AAAA
queries with A results. Since A records are smaller than AAAA records,
it's possible to fit more addresses than the precomputed bound, and a
buffer overflow occurs.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 209f42fd3a5f4357e22fb72f1597a6868566aabd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch fixes a bug with the BR2_TOOLCHAIN_HAS_THREADS variable
handling which causes CGO_ENABLED to be always 0.
Furthermore, it fixes the cross compilation options for the go
compiler: setting CGO_ENABLED should be done only for the target
compiler not the host one.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Acked-by: Christian Stewart <christian@paral.in>
(cherry picked from commit 80ea21bc3c2147adf810731b0b242e94a3ad294e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a maintenance release of the current stable WebKitGTK+ version,
which contains bugfixes (many of them related to rendering, plus one
important fix for touch input) and many security fixes.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6d623e72770534c8e40e5afd7aa8fb77e49d1974) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
No corresponding WebKit Security Advisory (WSA) has been published.
All patches have been applied upstream.
This also bumps the required target GCC version, due to the WebKit code
now using more modern C++ features which were introduced in version
5.x of the compiler.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[Arnout:
- propagate dependency to midori;
- mention in commit message why patches were removed.] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 905b1ab5c21f39f9cd1777f6d5745c90d863da4b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Lothar Felten [Fri, 20 Oct 2017 11:19:17 +0000 (13:19 +0200)]
Config.in: fix help comment for gcc optimization
The default for is set to BR2_OPTIMIZE_S, the help comment designated
BR2_OPTIMIZE_0 as default.
Changed the help comment to show that BR2_OPTIMIZE_S is the default.
Signed-off-by: Lothar Felten <lothar.felten@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4e09fd8bdef6ddea1097f91df07515abde389cd0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Alexander Mukhin [Wed, 18 Oct 2017 09:34:06 +0000 (12:34 +0300)]
wpa_supplicant: fix upstream URL
wpa_supplicant project URL has been changed to w1.fi/wpa_supplicant.
The old domain epitest.fi has expired.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 38e36cd0e1ec55743766e48564d952e38ff40113) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: also add patch 0001 as suggested by Jörg Krause] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 57c0a485cc0a5681e772ddaf1c886e810d3d7ae4) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5259c5c8058aa2c9608fd202c35477015a41c326) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
projects / coffee / buildroot.git / log