multiple ubsan crashes #41
Comments
antlarr
added a commit
to antlarr/audiofile
that referenced
this issue
Mar 6, 2017
When building the library with NDEBUG, asserts are eliminated so it's better to always check that the number of coefficients is inside the array range. This fixes the 00191-audiofile-indexoob issue in mpruett#41
antlarr
added a commit
to antlarr/audiofile
that referenced
this issue
Mar 6, 2017
Check for multiplication overflow (using __builtin_mul_overflow if available) in MSADPCM.cpp decodeSample and return an empty decoded block if an error occurs. This fixes the 00193-audiofile-signintoverflow-MSADPCM case of mpruett#41
antlarr
added a commit
to antlarr/audiofile
that referenced
this issue
Mar 6, 2017
Checks that a multiplication doesn't overflow when calculating the buffer size, and if it overflows, reduce the buffer size instead of failing. This fixes the 00192-audiofile-signintoverflow-sfconvert case in mpruett#41
|
Those are CVE-2017-6837, CVE-2017-6838 and CVE-2017-6839 |
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Mar 31, 2017
…-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837 CVE-2017-6827: A heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp mpruett/audiofile#32 CVE-2017-6828: A Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp mpruett/audiofile#31 CVE-2017-6832: A Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp mpruett/audiofile#36 CVE-2017-6833: The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp mpruett/audiofile#37 CVE-2017-6835: The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp mpruett/audiofile#39 CVE-2017-6837: WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. http://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ mpruett/audiofile#41 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Mar 31, 2017
…-2017-6836 / CVE-2017-6838 CVE-2017-6830: A heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp mpruett/audiofile#34 CVE-2017-6834: A heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp mpruett/audiofile#38 CVE-2017-6836: A heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h mpruett/audiofile#40 CVE-2017-6838: Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ mpruett/audiofile#41 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Mar 31, 2017
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ mpruett/audiofile#41 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Apr 3, 2017
…-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837 CVE-2017-6827: A heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp mpruett/audiofile#32 CVE-2017-6828: A Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp mpruett/audiofile#31 CVE-2017-6832: A Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp mpruett/audiofile#36 CVE-2017-6833: The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp mpruett/audiofile#37 CVE-2017-6835: The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp mpruett/audiofile#39 CVE-2017-6837: WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. http://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ mpruett/audiofile#41 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit cc00bde) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Apr 3, 2017
…-2017-6836 / CVE-2017-6838 CVE-2017-6830: A heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp mpruett/audiofile#34 CVE-2017-6834: A heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp mpruett/audiofile#38 CVE-2017-6836: A heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h mpruett/audiofile#40 CVE-2017-6838: Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ mpruett/audiofile#41 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 4a1a827) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Apr 3, 2017
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ mpruett/audiofile#41 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 844a7c6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
fschuett
added a commit
to fschuett/oss-linbo
that referenced
this issue
Apr 8, 2017
commit b1ae86c7f7250249ad3faeb7c473e80a71f9fd74
Merge: ddaca9d5c 476067a78
Author: Frank Schütte <fschuett@gymhim.de>
Date: Sat Apr 8 14:37:16 2017 +0200
Add 'buildroot/' from commit '604f4058d2b57f9e764aac344f72e117c852c641'
git-subtree-dir: buildroot
git-subtree-mainline: ddaca9d5cc201ffb618e21e86a32ac980ed327c1
git-subtree-split: 604f4058d2b57f9e764aac344f72e117c852c641
commit ddaca9d5cc201ffb618e21e86a32ac980ed327c1
Author: Frank Schütte <fschuett@gymhim.de>
Date: Sat Apr 8 14:36:04 2017 +0200
rm subtree buildroot 2016.11
commit 476067a78d4fd1ddb141a8cccc63cf3e75cbe7a3
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Wed Apr 5 13:35:15 2017 +0200
Update for 2017.02.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit c836666c7b89936dbed15e350f4edf7e895c524c
Author: Matt Weber <matthew.weber@rockwellcollins.com>
Date: Mon Apr 3 21:06:11 2017 -0500
libselinux: query for python site-packages dir directly
With the bump to version 2.6, the following commit needs
to be taken into consideration for overloading paths.
https://github.com/SELinuxProject/selinux/commit/8162f10e670da963eb65ccf1e7de69ea85aba30d
The PYLIBVER is no longer used and the PYTHONLIBDIR is
renamed to PYSITEDIR with slightly different pathing.
More details can be found in the issue ticket which was
marked as a non-issue after analysis that a Buildroot fix
was the resolution.
https://github.com/SELinuxProject/selinux/issues/51
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6a6ce10eba24d43412aada7df7de2ab78e8ffee2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit f8d1e5f1ea26f7b125bfbb4338dc24ab97e76120
Author: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Thu Mar 23 00:04:56 2017 +0100
gst-ffmpeg: work-around bogus configure logic on SPARC
The libav version built into the gst-ffmpeg code produces a bogus
binary on SPARC, which causes the following error of the
check-bin-arch script:
ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstffmpeg.so is Sparc v8+, should be Sparc
ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstpostproc.so is Sparc v8+, should be Sparc
ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstffmpegscale.so is Sparc v8+, should be Sparc
The problem is the following bit of code in
gst-lib/ext/libav/configure:
elif enabled sparc; then
enabled vis && check_asm vis '"pdist %f0, %f0, %f0"' -mcpu=ultrasparc &&
add_cflags -mcpu=ultrasparc -mtune=ultrasparc
I.e, it checks if the architecture supports the pdist
instruction... but forces -mcpu to ultrasparc while doing so. So it's
like "let's see if this Ultrasparc instruction exists when I force the
compiler to think I'm using Ultrasparc", which is non-sensical. This
has been fixed later on in libav upstream:
https://git.libav.org/?p=libav.git;a=commit;h=6aa93689abe8c095cec9fa828c2dee3131008995
However, this commit cannot be backported as-is since the shell
function check_inline_asm did not exist in the old libav version
bundled in gst-ffmpeg.
Therefore, we take the simpler route of disabling the VIS
optimizations on SPARCv8 and Leon3.
Fixes:
http://autobuild.buildroot.net/results/e82d179c3d4f92ad7423693a4b1d42379a3f5411/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d2b73875c3b8a6ec518c1424eaf92c1257fa40aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit c61338a628879610671826f0aa766473023c8219
Author: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Date: Mon Apr 3 14:25:43 2017 +0200
package/tyrian: fixes compilation with static libs
Has been tested with: "./support/scripts/test-pkg -c tyrian.cfg -p opentyrian"
Fixes: http://autobuild.buildroot.net/results/0e2345db82b33f591958fc0f72ad914adafe0522
and some similar previous build failure.
Thanks Thomas for the tip ;-).
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dd99f2cb7d10f20568cab22c498a9e1831b5a351)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit eeec31f2a05b72c5616cbdd775b326a481ecdb39
Author: Yegor Yefremov <yegorslists@googlemail.com>
Date: Mon Apr 3 10:14:41 2017 +0200
libsoc: add host-pkgconf dependency
Without pkg-config PKG_CHECK_MODULES won't be expanded
and ./configure script produces following error message:
./configure: line 12237: syntax error near unexpected token `PYTHON,'
./configure: line 12237: ` PKG_CHECK_MODULES(PYTHON, python-"$PYTHON_VERSION")'
Fixes:
http://autobuild.buildroot.net/results/86e/86e04bd2b10527130306451e56a7693ed4b4befd
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8975e9f2c77c6861964906e6b5ebd894cdccf45f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 1a58c4c7b0dade55fae1fd325b5d2a129502467b
Author: Fabio Estevam <festevam@gmail.com>
Date: Sun Apr 2 15:15:14 2017 -0300
linux-headers: bump 4.{4, 9, 10}.x series
[Peter: drop 4.10.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 69356afc81cee7a1b1c749274b26db507133b8d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 6338df7dea0dcca5c1ff2689008dd058bce677e8
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Thu Mar 30 23:03:35 2017 +0200
audiofile: add security patch for CVE-2017-6839
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka
audiofile) 0.3.6 allows remote attackers to cause a denial of service
(crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://github.com/mpruett/audiofile/issues/41
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 844a7c6281eb442881330a5d36d5a0719f2870bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit c9890cfa67a887bf24aea7043d912ee6e8e669c0
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Thu Mar 30 23:03:34 2017 +0200
audiofile: add security patch for CVE-2017-6831
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in
Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
denial of service (crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp
https://github.com/mpruett/audiofile/issues/35
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bd5f84d301c4e74ca200a9336eca88468ec0e1f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 16daa3c10dbba15bc1e2bec590c1489c967a59e0
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Thu Mar 30 23:03:33 2017 +0200
audiofile: add security patch for CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838
CVE-2017-6830: A heap-based buffer overflow in the alaw2linear_buf function
in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
attackers to cause a denial of service (crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp
https://github.com/mpruett/audiofile/issues/34
CVE-2017-6834: A heap-based buffer overflow in the ulaw2linear_buf function
in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
attackers to cause a denial of service (crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp
https://github.com/mpruett/audiofile/issues/38
CVE-2017-6836: A heap-based buffer overflow in the Expand3To4Module::run
function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka
audiofile) 0.3.6 allows remote attackers to cause a denial of service
(crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h
https://github.com/mpruett/audiofile/issues/40
CVE-2017-6838: Integer overflow in sfcommands/sfconvert.c in Audio File
Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of
service (crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://github.com/mpruett/audiofile/issues/41
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4a1a8277bba490d227f413e218138e39f1fe1203)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 5e24ed52e4513ed49810455a91c70f496efbc9cc
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Thu Mar 30 23:03:32 2017 +0200
audiofile: add security patch for CVE-2017-6829
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile)
0.3.6 allows remote attackers to cause a denial of service (crash) via a
crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp
https://github.com/mpruett/audiofile/issues/33
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 434890df2a7c131b40fec1c49e6239972ab299d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 4f533d049ae78647431a9384206b8fe8733b61d9
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Thu Mar 30 23:03:31 2017 +0200
audiofile: add security patch for CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837
CVE-2017-6827: A heap-based buffer overflow in the
MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka
libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have
unspecified impact via a crafted audio file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp
https://github.com/mpruett/audiofile/issues/32
CVE-2017-6828: A Heap-based buffer overflow in the readValue function in
FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6
allows remote attackers to have unspecified impact via a crafted WAV file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp
https://github.com/mpruett/audiofile/issues/31
CVE-2017-6832: A Heap-based buffer overflow in the decodeBlock in
MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
attackers to cause a denial of service (crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp
https://github.com/mpruett/audiofile/issues/36
CVE-2017-6833: The runPull function in libaudiofile/modules/BlockCodec.cpp
in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause
a denial of service (divide-by-zero error and crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp
https://github.com/mpruett/audiofile/issues/37
CVE-2017-6835: The reset1 function in libaudiofile/modules/BlockCodec.cpp in
Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
denial of service (divide-by-zero error and crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp
https://github.com/mpruett/audiofile/issues/39
CVE-2017-6837: WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows
remote attackers to cause a denial of service (crash) via vectors related to
a large number of coefficients.
http://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://github.com/mpruett/audiofile/issues/41
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cc00bde57fc20d11f8fa4e8ec5f193c091714c55)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 9eb481bbfea238ee6c0b9258ef039a9a20a3dac4
Author: Baruch Siach <baruch@tkos.co.il>
Date: Fri Mar 31 14:09:36 2017 +0300
pcre: add upstream security fixes
Take Debian adapted patches of upstream.
Fixes:
CVE-2017-6004: crafted regular expression may cause denial of service
CVE-2017-7186: invalid Unicode property lookup may cause denial of service
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3143910eec12a5b23e853b3177bf316ac186b87a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 40192c1aa1339514ec166ef1ffbf1657f47d8c86
Author: Fabio Estevam <festevam@gmail.com>
Date: Thu Mar 30 11:24:45 2017 -0300
linux-headers: bump 4.{4, 9, 10}.x series
[Peter: drop 4.10.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c720701c4d3b23e35908319e6ade082c9e5a1433)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 1244b189543a11f1d712caf12efb7ee8703eba97
Author: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Sun Mar 26 23:43:40 2017 +0200
system: do not overwrite /bin/sh Busybox symlink
The BR2_SYSTEM_BIN_SH hidden option defines to what binary the /bin/sh
symlinks should point to. If busybox is chosen, then /bin/sh is created
to point to /bin/busybox.
This works fine with the default installation mode of Busybox, but it
fails with the upcoming "individual binaries" mode, in which each applet
is installed as its own binary, and /bin/busybox doesn't exist: we get
/bin/sh as a broken symlink to /bin/busybox.
Since Busybox already installs its own /bin/sh symlink, properly
pointing to /bin/ash or /bin/hush depending on the selected shell, it
doesn't make sense for the BR2_SYSTEM_BIN_SH logic to override
this. Just let Busybox install its own /bin/sh by making
BR2_SYSTEM_BIN_SH empty when Busybox shell is selected as /bin/sh.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fc91501e6b32ef1b015ac9b0fbf6d64aa1ce0162)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit d09c7e4d45261ef03277c9f46a07c81686f5e5bb
Author: Pawel Sikora <sikor6@gmail.com>
Date: Mon Mar 27 00:44:14 2017 +0200
syslog-ng: Bump version header in conf file to 3.9
Package version of syslog-ng is 3.9.1.
Bumping version number in syslog-ng.conf to 3.9
Fixing warning message about configuration file being too old.
Signed-off-by: Pawel Sikora <sikor6@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3dad25466d2931eeecde23867bed79b1d7213887)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 119e94b830a14a2c82d11bf5dfc16b46ece06702
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Tue Mar 28 17:18:08 2017 +0200
samba4: security bump to version 4.5.7
Fixes CVE-2017-2619:
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to
a malicious client using a symlink race to allow access to areas of
the server file system not exported under the share definition.
Samba uses the realpath() system call to ensure when a client requests
access to a pathname that it is under the exported share path on the
server file system.
Clients that have write access to the exported part of the file system
via SMB1 unix extensions or NFS to create symlinks can race the server
by renaming a realpath() checked path and then creating a symlink. If
the client wins the race it can cause the server to access the new
symlink target after the exported share path check has been done. This
new symlink target can point to anywhere on the server file system.
This is a difficult race to win, but theoretically possible. Note that
the proof of concept code supplied wins the race reliably only when
the server is slowed down using the strace utility running on the
server. Exploitation of this bug has not been seen in the wild.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 493cedf3af061b90a899826e0c184c2f484414f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit e29fa95b8368f9b85a1bfb2cef9741c6218c59b3
Author: Yann E. MORIN <yann.morin.1998@free.fr>
Date: Sat Jan 28 11:41:32 2017 +0100
core/br2-external: properly report unexpected errors
Unextected error in the br2-external script are properly caught, but
they are not reported properly, and we end up in either of two
situations:
- the .br2-external.mk file is not generated, in which case make will
try to find a rule to generate it (because the 'include' directive
tries to generate missing files);
- the .br-external.mk file is generated but does not contain the error
variable, and thus the build might not get interrupted.
We fix that by using a trap on the pseudo ERR signal, to emit the error
variable on unexpected errors.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c5fa9308ea4e3810a7f7d9d0df75cbf090c414c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 74ed2a833da74b33e0ad8c4fd77e789885b3a9fd
Author: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Date: Wed Mar 22 23:18:52 2017 +0530
taglib: fix legal info
taglib is dual licensed under LGPLv2.1 or MPLv1.1. Almost all source
files have license text mentioning LGPLv2.1 or alternatively MPLv1.1.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
[Thomas: use MPL-1.1 instead of MPLv1.1, since MPL-1.1 is the SPDX
license code for this license.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f30a3940c8dc5fc9bbe3a0ace457201808142183)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit c1be21ac128640dd600da2ad5840c74d72a799ee
Author: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Date: Wed Mar 22 23:18:51 2017 +0530
dbus-triggerd: add license file
In absence of license file, use source file as a license file since it
has license header in comments.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 50284570fbefa37c8874b47cd5998bd890e54632)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 0b670f3879eaa1bc56b6eaeeed54f36aba831219
Author: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Date: Wed Mar 22 23:18:50 2017 +0530
dbus-glib: fix legal info
dbus glib bindings are dual licensed under AFLv2.1 or GPLv2+.
Separate licenses using 'or' keyword.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f70f0b497f8a072eb22aff0bd934467b706cffd8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 2d7d618f7c8d53da9fb828ced4b445635ddb44c0
Author: Fabio Estevam <festevam@gmail.com>
Date: Sun Mar 26 10:49:43 2017 -0300
linux-headers: bump 4.{4, 9, 10}.x series
[Peter: drop 4.10.x update]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b718c776ca1a5d204f2ae9a765331a32e87e9560)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 3400806b9d555cf2f30154feeecd19221b8b52a0
Author: Rodrigo Rebello <rprebello@gmail.com>
Date: Sun Mar 26 03:36:54 2017 -0300
htop: use correct ncurses config script name
The ncurses config script can have different names depending on the
configuration (e.g. wchar support enabled/disabled). So, use
$(NCURSES_CONFIG_SCRIPTS) from the ncurses package as it contains the
proper name.
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8cd1554ee162f6344dab078233f4f6c0d93e7c24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 9d70c89b8029cef33a3abfa2ab98f1f68656c947
Author: Rodrigo Rebello <rprebello@gmail.com>
Date: Sun Mar 26 03:36:53 2017 -0300
slang: use correct ncurses config script name
The ncurses config script can have different names depending on the
configuration (e.g. wchar support enabled/disabled). So, use
$(NCURSES_CONFIG_SCRIPTS) from the ncurses package as it contains the
proper name.
Fixes:
http://autobuild.buildroot.net/results/c97554c05e121c76407be53ba37924cfcb658e9d/
http://autobuild.buildroot.net/results/b0a31a3491a30ee0d6e6e7dbba68a86f0e00943d/
http://autobuild.buildroot.net/results/a77241141cf8710fa945523ef62327798e3c4824/
[...]
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b3e4ed92380080334d3d09bb4a53dc6102edd8aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit ccf0e0767d6c73dd23852fad5de2900c6f88fd56
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Thu Mar 23 20:37:00 2017 +0100
package/ntp: fix build for toolchains without ssp
ntp defaults to use ssp support
http://bk1.ntp.org/ntp-stable/sntp/harden/README
by using these flags
http://bk1.ntp.org/ntp-stable/sntp/harden/linux
If the toolchain lacks SSP support this patch forces ntp to use an
empty set of flags: http://bk1.ntp.org/ntp-stable/sntp/harden/default
Fixes
http://autobuild.buildroot.net/results/1d5/1d58bd8745b22c8eb71fea4c7255d3ace69f6f7a/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 00968bcac0674250956e99b6fafbf9b373446488)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 30a9181448690d01d3aad51d0c2458b0c5ec1761
Author: Jörg Krause <joerg.krause@embedded.rocks>
Date: Fri Mar 24 08:53:21 2017 +0100
busybox: fix mdev.conf
mdev does not set "/dev/snd" and "/dev/input" group and permission
propery, because with commit c3cf1e30a3022453311a7e9fe11d94c7a381640e
(May 2013!) the behavior of mdev has changed.
The device name is now taken directly from the uevent file and does no
longer match the old rule.
Fix the rules for "/dev/snd" and "/dev/input" according to the example
given in [1].
[1] http://lists.busybox.net/pipermail/busybox/2015-February/082297.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit afb585468b33c76d41686cb92e7f56565fe150e4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 03316d1719645ea47aac6de3a29877345c5e0a67
Author: Jörg Krause <joerg.krause@embedded.rocks>
Date: Fri Mar 24 09:47:43 2017 +0100
upmpdcli: add user to the audio group
upmpdcli runs as user and group upmpdcli. In order to allow it to access
the ALSA devices add it to the audio group.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ab9842e360ae08954b07504a20cd053fe146f383)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 5bc876f43b1954e0494b5f360c8e0f9ddc5624e4
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Wed Mar 22 13:19:27 2017 +0000
linux-headers: bump 3.{2, 12}.x and 4.{1, 4, 9, 10}.x series
[Peter: drop 4.10.x update]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0d70d1dbf054f4a0609ba1076bc7e097305013d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 13eec966adfdc6c7659bff0cb7fd27056c248127
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Wed Mar 22 22:03:13 2017 +0100
package/ntp: security bump to 4.2.8p10
Changed NTP_SITE to https to circumvent "URL transformed to HTTPS due
to an HSTS policy" during download.
For details about the bugs fixed see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://www.kb.cert.org/vuls/id/633847
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b47aec79d2e19ef7e3f04d2758c3a2930d47cebe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 293f9d2f18d28e2f5f235ba4c94a6bb695ecf6c9
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Tue Mar 21 01:07:01 2017 +0100
squashfs: correct hash
When squashfs was bumped to 3de1687d in commit ee90313c64, the hash
file was not updated. This wasn't noticed before since hashes are not
checked for git downloads.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 85c832247e40f00f48ac328970bb39ab7851f042)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit a2c0793636adaf44df268dc9a406d12a8bd42e7f
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Tue Mar 21 01:07:00 2017 +0100
linux-firmware: correct hash
When linux-firmware was bumped to 6d3bc8886 in commit 3ff5896ff, a hash
file was added but the hash was wrong. This wasn't noticed before since
hashes are not checked for git downloads.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0409b136985ff582d561076f03685da9890fa325)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 2f426dadad24fa46909ed6504d19eb7ccbd55657
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Tue Mar 21 01:06:59 2017 +0100
fmc: correct hash file
It had sha256sum instead of sha256. This wasn't noticed before since
hashes for git downloads are not checked.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ba717fde72c862a283a035b3b44377bb48d08284)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit e6b2152cd15bd8a9ed8a72c2ef2c07959839d46d
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Tue Mar 21 01:06:57 2017 +0100
download/git: create GNU format tar files
On most distros, the tar format defaults to GNU. However, at build time
the default format may be changed to posix. Also, future versions of
tar will default to posix.
Since we want the tarballs created by the git download method to be
reproducible (so their hash can be checked), we should explicitly
specify the format. Since existing tarballs on sources.buildroot.org
use the GNU format, and also the existing hashes in the *.hash files
are based on GNU format tarballs, we use the GNU format.
In addition, the Posix format encodes atime and ctime as well as mtime,
but tar offers no option like --mtime to override them. In the GNU
format, atime and ctime are only encoded if the --incremental option is
given.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0f369a9231b2c67748f4f0c2dbb33ebdc2890478)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit ac75d32ae79aed38e003361503a601edad384d23
Author: Yegor Yefremov <yegorslists@googlemail.com>
Date: Tue Mar 21 09:22:33 2017 +0100
graph-depends: rename pkgutil.py to brpkgutil.py
pkgutil.py is also part of Python itself. Placing pkgutil.py as is
in a folder with other scripts that require original pkgutil will
break them. This is the case with scanpypi. So rename pkgutil.py
to brpkgutil.py to avoid naming collision.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=9766
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3b627c89dc8adf8c60efd773935bf66004e8433d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit eaadfab8e8c77d9b66b0b9b1215a6ebd0ca6307c
Author: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Tue Mar 21 22:21:20 2017 +0100
ltp-testsuite: disable Open POSIX testsuite
The Open POSIX testsuite builds and installs to the target directory a
program called 't0' that isn't cross-compiled, which is bad.
Since the LTP build system is autoconf but not automake based, and the
Open POSIX testsuite is a sort of sub-project inside it, fixing the
issue is not trivial.
Therefore, we simply disable the Open POSIX testsuite entirely. Oddly
enough, --without-open-posix-testsuite doesn't work due to another bug,
so we simply have to remove --with-open-posix-testsuite.
Open POSIX testsuite cross-compilation issue reported at
https://github.com/linux-test-project/ltp/issues/144.
Configure script bug reported at
https://github.com/linux-test-project/ltp/issues/143.
Fixes:
http://autobuild.buildroot.net/results/8326ba9eb257dfc92c1ad282ba6d3565e8250def/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b57e1355a72da407c19315cb4187767d28e4d064)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 55a23407aff9ab0b3e3c72b7c5fd6c8873a910d2
Author: Yann E. MORIN <yann.morin.1998@free.fr>
Date: Tue Mar 21 22:33:59 2017 +0100
package/dbus-cpp: fix cross-compilation
dbus-cpp has an ugly hack to not cross-build the tools when it detects
cross-compilation.
However, we already have a host variant that builds those tools (and we
anyway don't seem to need them to begin with).
Drop our patch that propagates the CXXFLAGS/LDFLAGS_FOR_BUILD. Replace
with a patch to cross-compile the tools.
Fixes:
http://autobuild.buildroot.org/results/110/1100539caae6ef62c61a3b96bc54f7c0a215cc62/
and many, many more.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f5dbd0dea159393e779f6a1f5fa53b9fa07ff34a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 3b9349e3cb8804bf3f1d2de3823f58371e735ab9
Author: Julien Beraud <julien.beraud@spectracom.orolia.com>
Date: Tue Mar 21 14:23:56 2017 +0100
apr: fix size of pid_t
pid_t is a signed 32bits integer on both 32bits and 64bits
architectures.
This fixes an issue with apache server which causes bad pid
to be written in PidFile
Signed-off-by: Julien Beraud <julien.beraud@spectracom.orolia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ee8cbc5fca779ff054a50ed8e6271952367147c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 22dd05433e0e0309628489b983569d2d47c57341
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Tue Mar 21 15:40:08 2017 +0000
memcached: bump version to 1.4.36
From the release notes
(https://github.com/memcached/memcached/wiki/ReleaseNotes1436):
Important bug fix that could lead to a hung slab mover. Also improves
memory efficiency of chunked items.
[Peter: add release notes link / mention important bug fix]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit adfe049d85b09a2ce780ce49f8e53d9cfaf90e2d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 2239406dc1820c1b9958f559737abc9d904d5142
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Mon Mar 13 11:43:50 2017 +0000
memcached: bump version to 1.4.35
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 36cabc5a744d97090784a29a4001a994728e0539)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit df0c78d61e142781b6da3d0cf789b8b7b1ae3055
Author: Baruch Siach <baruch@tkos.co.il>
Date: Tue Mar 21 15:11:22 2017 +0200
openssh: security bump to version 7.5
From the release notes (https://www.openssh.com/txt/release-7.5):
Security
--------
* ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
Note that the OpenSSH client disables CBC ciphers by default, sshd
offers them as lowest-preference options and will remove them by
default entriely in the next release. Reported by Jean Paul
Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of
Royal Holloway, University of London.
* sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
a recursive file transfer could be maniuplated by a hostile server to
perform a path-traversal attack. creating or modifying files outside
of the intended target directory. Reported by Jann Horn of Google
Project Zero.
[Peter: mention security fixes]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2204f4deb1c6c6ff4accd84b5aa2d42f5930b730)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit dc9ecb90c58908ffa0d896d4da5b1d4b917253c7
Author: Peter Seiderer <ps.report@gmx.net>
Date: Mon Mar 6 21:43:47 2017 +0100
gst1-plugins-bad: waylandsink needs wayland-protocols
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
----
Changes v1 -> v2:
- use select instead of depends for BR2_PACKAGE_WAYLAND_PROTOCOLS
(suggested by Thomas Petazzoni)
- add select BR2_PACKAGE_WAYLAND_PROTOCOLS to missing second
place (BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WAYLAND)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5a2d37ca125c1742864af0e9324234f8f3ecc071)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 1c1b702a466023f8826cfb6a386e9b4683880875
Author: Peter Seiderer <ps.report@gmx.net>
Date: Fri Mar 10 20:54:54 2017 +0100
libxkbcommon: disable wayland support
Disable wayland support (only needed for the interactive-wayland
test program). This fixes a compile failure in case wayland
support is autodetected:
GEN xdg-shell-unstable-v5-protocol.c
/bin/sh: /usr/bin/wayland-scanner: No such file or directory
Makefile:2426: recipe for target 'xdg-shell-unstable-v5-protocol.c' failed
make[3]: *** [xdg-shell-unstable-v5-protocol.c] Error 127
make[3]: *** Waiting for unfinished jobs....
GEN xdg-shell-unstable-v5-client-protocol.h
/bin/sh: /usr/bin/wayland-scanner: No such file or directory
Makefile:2428: recipe for target 'xdg-shell-unstable-v5-client-protocol.h' failed
make[3]: *** [xdg-shell-unstable-v5-client-protocol.h] Error 127
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7665b5870995ef059d1654c35557b53c04a71d1d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 51038b08eebee72d89ec7871d1ffe5c84abb2b9f
Author: Romain Naour <romain.naour@gmail.com>
Date: Sun Mar 19 21:51:53 2017 +0100
package/mesa3d: add lm-sensors optional dependency
radeon-pci-0008
Adapter: PCI adapter
temp1: +56.0 C (crit = +120.0 C, hyst = +90.0 C)
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 73401587e5984397bedddab61ad6c89712041267)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit b277a7f0db52b02f79a29a7816169abfefd51f91
Author: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Date: Mon Mar 20 20:41:18 2017 +0530
filemq: correct license
All source files, except src/filemq_client.c and src/filemq_server.c,
has MPL Version 2.0 license text in file header.
As confirmed with upstream [1] (L)GPLv3 license texts COPYING and
COPYING.LESSER are leftover from previous implementation.
[1] - https://github.com/zeromq/filemq/issues/74
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 205a0289d4a0aefc76b0c937c2f725517114c658)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit eb021f3547a721d77de73789bd23a44c6e3ea8f7
Author: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Date: Mon Mar 20 21:11:22 2017 +0100
skalibs: fix endianness detection on x86
Update the patch for compile time endianness detection so it works on
x86 platforms using GCC <= 4.4.
Fixes:
http://autobuild.buildroot.net/results/c2e8e1180571976b412cbba729c45a3698aea0b2
http://autobuild.buildroot.net/results/2ee47107d8a67470f7bc3e10cf763202d5455d17
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8eecaf2d122f7da6f59964f5eb00139a32373d06)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 05bc9b0c339d3ed0830cff3e702cdccefcf2b068
Author: Baruch Siach <baruch@tkos.co.il>
Date: Mon Mar 20 06:16:56 2017 +0200
wget: add upstream security fix
Fixes CVE-2017-6508: CRLF injection in the url_parse function in url.c
http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7132fc9c11573a460243895c85e66b514b71c041)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 55c742f83a563668caf4435526a780c80bdd6014
Author: Fabio Estevam <festevam@gmail.com>
Date: Sat Mar 18 11:21:42 2017 -0300
linux-headers: bump 4.{4, 9, 10}.x series
[Peter: drop 4.10.x update]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f4978bf018d4f03834f879f3dfc4e8237846742e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 8c6080b06cee662b409e2256cee0570684170f19
Author: Jan Kundrát <jan.kundrat@cesnet.cz>
Date: Fri Mar 17 17:02:54 2017 +0100
skeleton: fix permissions on /dev/pts/ptmx
Without this patch, it is not possible to allocate PTYs when a generated
rootfs image with a recent glibc and systemd is launched as a container on
an RHEL7 system via machinectl/systemd-nspawn. The container boots, but
`machinectl login mycontainer` fails. The culprit is /dev/pts/ptmx with
0000 perms.
On a typical system, there are two `ptmx` devices. One is provided by the
devpts at /dev/pts/ptmx and it is typically not directly accessed from
userspace. The other one which actually *is* opened by processes is
/dev/ptmx. Kernel's documentation says these days that /dev/ptmx should be
either a symlink, or a bind mount of the /dev/pts/ptmx from devpts.
When a container is launched via machinectl/machined/systemd-nspawn, the
container manager prepares a root filesystem so that the container can live
in an appropriate namespace (this is similar to what initramfs is doing on
x86 desktops). During these preparations, systemd-nspawn mounts a devpts
instance using a correct ptmxmode=0666 within the container-to-be's
/dev/pts, and it adds a compatibility symlink at /dev/ptmx. However, once
systemd takes over as an init in the container,
/lib/systemd/systemd-remount-fs applies mount options from /etc/fstab to
all fileystems. Because the buildroot's template used to not include the
ptmxmode=... option, a default value of 0000 was taking an effect which in
turn led to not being able to allocate any pseudo-terminals.
The relevant kernel option was introduced upstream in commit 1f8f1e29 back
in 2009. The oldest linux-headers referenced from buildroot's config is
3.0, and that version definitely has that commit. Mount options that are
not understood by the system are anyway ignored, so backward
compatibility is preserved.
Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: fix commit title, adjust commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8196b299ba12bd6741bf7f4462cad180dab77fb0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 74293a15bdfda83bb83f15f9dc459a54a6ab99f0
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Fri Mar 17 17:06:16 2017 +0100
fakeroot: depend on acl
Recent versions of fakeroot have grown support for acl. We don't really
need this since we don't use acls in Buildroot. However, it turns out
that "cp -a" does something funky with acls, with the result that
fakeroot without acl support looses the ownership and permissions on
the copied file. "cp -a" may be (is even likely to be) used in a
BR2_ROOTFS_POST_FAKEROOT_SCRIPT, so we need to support this.
Note that host-acl itself depends on host-attr, so this pulls in two
extra packages in each build. The impact on build time is about 10s.
Cc: Andreas Naumann <dev@andin.de>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2a222446b4614a38b4042df54b68b69b96939708)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit f6ba4399324396d690d95a2b1a11d87a4ffe173f
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Fri Mar 17 17:06:15 2017 +0100
acl: add host variant
We need host-acl to fix issues with fakeroot.
Unfortunately, all the hacks (except the .la fixup) have to be repeated.
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Andreas Naumann <dev@andin.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c83446fccace19694e20b1d0a730680244d724fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit c7c5c7e5f6837bd47fb95d2df96726aeacbaf28f
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Fri Mar 17 17:06:14 2017 +0100
acl: make sure build picks up TARGET_CFLAGS
The acl build system doesn't use automake, therefore it is broken. It
doesn't use the CFLAGS passed by configure. Work around this by passing
CFLAGS in the environment. The makefiles append to CFLAGS, so this
works.
This issue hasn't led to build failures, but it is visible e.g. when
stack protector is enabled: the stack protector options are not applied
to acl. Also debug and optimisation options aren't applied.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 99c9b0affde4fcc3270425319b98a0e5e32f5964)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 3e386020722b85aaf89b9dccc0263905763c8d08
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Thu Mar 16 16:31:46 2017 +0100
xlib_libXv: correct license info
The license is actually closer to ISC than MIT, E.G.:
https://opensource.org/licenses/ISC
vs
https://opensource.org/licenses/MIT
>From COPYING:
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the names of Digital or MIT not be
used in advertising or publicity pertaining to distribution of the
software without specific, written prior permission.
E.G. this is very similar to the normal ISC text which has been extended
with a BSD-3c style advertisinc clause. Both are permissive licenses, but
it is more correct to call it ISC-like.
Notice: As pointed out by Rahul Bedarkar, this may actually be more closely
related to the OpenBSD template license:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.template?rev=HEAD
But that is also based on the ISC license, so calling it ISC-like is still
correct.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aad15918520391ea0952d742db9c52c3ac2b1f7e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 2a778d53fa6bf7c232ad57eedbd0fd9bf7328c84
Author: Romain Naour <romain.naour@gmail.com>
Date: Fri Mar 17 00:02:06 2017 +0100
package/cairo: update license information
As noticed by Rahul Bedarkar, the cairo library is LGPLv2.1 only
(not LGPLv2.1+) or MPLv1.1.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0768932a0229b2c201c292023f59a868ecdb1222)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit fd28c44ce87b7480a24e596f7a34e3d30e577333
Author: Baruch Siach <baruch@tkos.co.il>
Date: Thu Mar 16 20:41:23 2017 +0200
tcpreplay: patch security issue
Add upstream patch for CVE-2017-6429: Buffer overflow when reading crafted
pcap file with large packets.
https://github.com/appneta/tcpreplay/issues/278
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 62bf2bfd53885fbd62a8e9345c7f3d7a4d619342)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 8cd0e35189346419b4ca60f275f8663de21877c2
Author: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Date: Thu Mar 16 17:24:01 2017 +0530
taglib: update homepage link
Avoid redirect.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a411212d22cb84b92201b5a02ef8b860b0a17280)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit bae94a6e65449729a1c73dc38698e11379b645d6
Author: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Wed Mar 15 15:08:36 2017 -0300
mbedtls: security bump to verison 2.4.2
Fixes:
CVE-2017-2784 - Freeing of memory allocated on stack when validating a
public key with a secp224k1 curve.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 465ce2ea73cc1d98972cde45114f7b0e35e32ff2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit f2e01f9c189b3d04cae85c72263c88d49c171b8d
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Wed Mar 15 11:48:32 2017 +0100
mariadb: security bump to version 10.1.22
Fixes:
CVE-2017-3302 - C client library for MySQL (libmysqlclient.so) has
use-after-free defect which can cause crash of applications using that MySQL
client.
CVE-2017-3313 - Difficult to exploit vulnerability allows low privileged
attacker with logon to the infrastructure where MySQL Server executes to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized access to critical data or complete access to all
MySQL Server accessible data.
And a number of important, but non-security related fixes:
MDEV-11842: Fix a 10.1.21 regression with failed INSERT, BEFORE INSERT
triggers, and columns with no default value
MDEV-12075: Fix a 10.1.21 regression in the InnoDB data file extension code
For details, see the release notes:
https://mariadb.com/kb/en/mariadb/mariadb-10122-release-notes/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 467b38892aa23927ad1140119f0f17c23e896e7e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 604b463d534943701024d7878dd2017c45ed5088
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Tue Mar 14 23:58:22 2017 +0100
jasper: add upstream security fix
Fixes a NULL Pointer Dereference jp2_encode:
https://github.com/mdadams/jasper/issues/120
No CVE assigned yet.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 76da579431a78875afeaeda76e459aca69e85d36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 607c2635ca1f48f3aacb84404a4cd0ee49215827
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Tue Mar 14 23:58:21 2017 +0100
jasper: add upstream security fix for CVE-2017-6850
Fixes a NULL pointer dereference in jp2_cdef_destroy:
https://blogs.gentoo.org/ago/2017/01/25/jasper-null-pointer-dereference-in-jp2_cdef_destroy-jp2_cod-c/
https://github.com/mdadams/jasper/issues/112
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a105443b24f7c75b10dab44c2916fc9f2b58363a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 1a1ec309d748d1d1cdb4f3b9dbcd7eb08c7b0e93
Author: Fabio Estevam <festevam@gmail.com>
Date: Wed Mar 15 08:07:38 2017 -0300
linux-headers: bump 4.{4, 9, 10}.x series
[Peter: skip 4.10.x]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b3d736b9b6b92b70a9020be470a4cf5f7f012b2e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 840969ed617f772c866ea61e27cab97eaaf63eff
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Mon Mar 13 12:31:20 2017 +0000
rpm: bump version to 4.13.0.1 (security)
Security fixes:
- Fix several out of bounds reads in the OpenPGP parser
- Fix handling of OpenPGP reserved tag (should be rejected)
- Fix various crashes from malformed packages with invalid tags
Release notes:
http://rpm.org/wiki/Releases/4.13.0.1
This patch also switches from GitHub to rpm.org since the last one seems
to be more up-to-date.
[Peter: use RPM_VERSION_MAJOR as suggested by Jerzy Grzegorek]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7adbcd174a17ff1b74c4b20d94ca4a9e7f396d68)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit fb398d3a4d806399e52c1f970a415cd718133403
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Mon Mar 13 11:41:44 2017 +0000
linux-headers: bump 4.{4, 9, 10}.x and 3.12.x series
[Peter: skip 4.10.x]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d18cdcebc238706d1bf50460b85ea36eaed83b21)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 3bf15bfc84f646efbdeead006378265fa56855a9
Author: Matthew Fornero <mfornero@mathworks.com>
Date: Mon Mar 13 15:35:02 2017 -0400
libiio: explicitly disable matlab bindings
If building on a machine with MATLAB installed, the MATLAB bindings will
default to ON, which is not the desired behavior for a cross build.
The bindings are designed to be called from within MATLAB, and we are
not currently running MATLAB on buildroot-generated targets.
This does not preclude the use of the bindings from a host connecting
over the network backend (assuming libiio on the host has the bindings
enabled).
Signed-off-by: Matthew Fornero <mfornero@mathworks.com>
Acked-By: Paul Cercueil <paul.cercueil@analog.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f358078b3374f3b316551660e89f5c463cb61608)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 14dc993718941fb0d1194fc2eedcab0b5fe33260
Author: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Date: Tue Mar 14 19:59:37 2017 +0530
zmqpp: update license
Since version 4.1.2, zmqpp is provided under MPLv2.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 87e9391e69cae06836723dcc5525e07d89c14acb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 8ddd530004229e032dda14c64db629b862b27fa3
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Sun Mar 12 12:44:57 2017 +0100
package/mplayer: add optional support for pulseaudio
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a085b7c3139b2c4543530fb0adf0047d8a4c1fd3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 9739750396da0af7a449eed9e38e003e0dc2d159
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Sun Mar 12 13:12:03 2017 +0100
package/git: fix pcre support
The current code contains some obvious typos.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d830807794245077e73ee1d3c78eecb8d224dc04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 32a9eb6e5abbc1787e0a82756d35aa8fb5b411cb
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Sun Mar 12 13:43:14 2017 +0100
package/git: add optional support for gettext
git links to libintl if available:
$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/bin/git | grep NEEDED
0x00000001 (NEEDED) Shared library: [libz.so.1]
0x00000001 (NEEDED) Shared library: [libintl.so.8]
0x00000001 (NEEDED) Shared library: [libc.so.0]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit aecab2f29c396a04d24e61479d7fc3f53149448f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 894a37c031cce0715d28f5003ccc58db07b1cce9
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Sun Mar 12 15:06:05 2017 +0100
package/python: add optional support for libintl
Python links to gettext when available:
$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/python2.7/lib-dynload/_locale.so | grep NEEDED
0x00000001 (NEEDED) Shared library: [libintl.so.8]
0x00000001 (NEEDED) Shared library: [libpython2.7.so.1.0]
0x00000001 (NEEDED) Shared library: [libc.so.0]
In comparison the same library compiled without gettext:
$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/python2.7/lib-dynload/_locale.so | grep NEEDED
0x00000001 (NEEDED) Shared library: [libpython2.7.so.1.0]
0x00000001 (NEEDED) Shared library: [libc.so.0]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 70759f5359d6e5f7b868b74399e20d8ea7956769)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit c365c42ef371d948570a2b41b4f87af193a0eab6
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Sat Mar 11 17:32:59 2017 +0100
package/tor: bump version to 0.2.9.10
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 660651491ea2ff8fc82d503a8e28bbd54e8d9131)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit b3442f2fe397bbd33f9ab745ff2601a8994a7153
Author: Yann E. MORIN <yann.morin.1998@free.fr>
Date: Sun Mar 12 10:58:16 2017 +0100
package/nbd: fix utilities locations
Currently, the code expects both the client and server to be in
/usr/bin, while the client is in /usr/sbin
Fix that.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4aabbeb245794862e8434317e885d6d028d23679)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit a3d83660c5352249d8da2bab8520442d13a06cec
Author: Peter Seiderer <ps.report@gmx.net>
Date: Fri Mar 10 23:15:47 2017 +0100
qt5base: install libQt5EglFsKmsSupport
According to src/plugins/platforms/eglfs/deviceintegration/deviceintegration.pro
depends on eglfs_gbm which depends according to src/gui/configure.json
on features.eglfs and features.gbm and features.kms, so dependency
on BR2_PACKAGE_MESA3D_OPENGL_EGL which enables mesa3d gbm support
should be sufficient.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5efe07f9af53c0cf0795d316cb84d58e530a9619)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 91bb73cb5a5a6764054a6f07eae1b6da12ed4086
Author: Peter Seiderer <ps.report@gmx.net>
Date: Fri Mar 10 23:15:46 2017 +0100
qt5base: fix eglfs x11 header related compile failure
Add egl config and QT_EGL_NO_X11 define (as all other eglfs project
files do) to src/plugins/platforms/eglfs/eglfs-plugin.pro.
Fixes ([1]):
In file included from .../host/usr/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/EGL/egl.h:39:0,
from ../../../../include/QtEglSupport/5.8.0/QtEglSupport/private/../../../../../src/platformsupport/eglconvenience/qt_egl_p.h:63,
from ../../../../include/QtEglSupport/5.8.0/QtEglSupport/private/qt_egl_p.h:1,
from api/qeglfsglobal_p.h:56,
from api/qeglfsintegration_p.h:54,
from qeglfsmain.cpp:41:
.../host/usr/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/EGL/eglplatform.h:119:22: fatal error: X11/Xlib.h: No such file or directory
compilation terminated.
Makefile.eglfs-plugin:1024: recipe for target '.obj/qeglfsmain.o' failed
make[2]: *** [.obj/qeglfsmain.o] Error 1
make[2]: Leaving directory '.../qt5base-5.8.0/src/plugins/platforms/eglfs'
Makefile:71: recipe for target 'sub-eglfs-plugin-pro-make_first-ordered' failed
make[1]: *** [sub-eglfs-plugin-pro-make_first-ordered] Error 2
[1] http://lists.busybox.net/pipermail/buildroot/2017-March/186158.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5840e8bd505cef8846ed4f8fc769f306165ee174)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 2e1b15a6fba60f077fad070738801b592c794038
Author: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Mon Feb 13 18:24:51 2017 +0100
domoticz: fix build on powerpc64le
There is an issue with powerpc64le and boost::uuids::random_generator on the
following line of code (from include/boost/uuid/seed_rng.hpp):
sha.process_bytes( (unsigned char const*)&std::rand, sizeof( void(*)() ) )
This line "inspects the first couple bytes (here eight) of the std::rand
function to seed some rng. Due to the implementation of process_bytes and
inlining happening, it seems that one of the loops therein uses &rand-1 as
some boundary, compiling with -O0 makes that reloc come out as 'rand + 0' and
the link will succeed."
See: https://bugzilla.suse.com/show_bug.cgi?id=955832#c7
Fixes:
- http://autobuild.buildroot.org/results/454c0ea393615bae2d1b44be9920f25b5c49fc33
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 00d2a3da72455213b87069af475173060750d50d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit f63fab1bae878509a79219ebff634af208daab0b
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Fri Mar 10 17:06:18 2017 +0000
imagemagick: bump version to 7.0.5-0 (security)
- Fixed memory leak when creating nested exceptions in Magick++
https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634
- Fixed fd leak for webp coder
https://github.com/ImageMagick/ImageMagick/pull/382
- Fixed Spurious memory allocation message
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
Full changelog: http://imagemagick.org/script/changelog.php
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d6cc5462535acf954abccd585efc3a07623cc416)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 8d36b6d034ea07c9dbddd4f407f34f1d2d01ccd8
Author: Yann E. MORIN <yann.morin.1998@free.fr>
Date: Tue Mar 7 22:16:28 2017 +0100
package/rpi-userland: don't install file in random location
Currently, rpi-userland installs files in $(@D)/../../bin/ which is
entirely stupid, especially in cross-compilation.
Get rid of the dubious, broken, custom install command.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ffa39b23f7ece3a3d9ea914c2e385ce222bdf921)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit de33cffb6631ec116679fbd6352aef5cf912df65
Author: Romain Naour <romain.naour@gmail.com>
Date: Sat Mar 11 22:26:45 2017 +0100
package/gdb: fix gnulib issue with musl and uClibc toolchains again
The commit [1] doesn't fix this issue for all cases (it doesn't work
when BR2_PACKAGE_GDB_DEBUGGER=y).
So, leave the configure script alone and override
gl_cv_func_gettimeofday_clobber from GDB_MAKE_ENV.
[1] 560334bb2a46a77081a3944d092df7732dfca432
Fixes:
http://autobuild.buildroot.net/results/719/719a441421030b79c0aa1bbfb707130f3ac87338
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit faf38b78aee613a732f96d5022a2894efd024a25)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 34345f1b033e338b1933381a992d9f92f4fe9ae5
Author: Julien BOIBESSOT <julien.boibesso…
fschuett
added a commit
to linuxmuster/linuxmuster-linbo
that referenced
this issue
Apr 9, 2017
commit b1ae86c7f7250249ad3faeb7c473e80a71f9fd74
Merge: ddaca9d5c 476067a78
Author: Frank Schütte <fschuett@gymhim.de>
Date: Sat Apr 8 14:37:16 2017 +0200
Add 'buildroot/' from commit '604f4058d2b57f9e764aac344f72e117c852c641'
git-subtree-dir: buildroot
git-subtree-mainline: ddaca9d5cc201ffb618e21e86a32ac980ed327c1
git-subtree-split: 604f4058d2b57f9e764aac344f72e117c852c641
commit ddaca9d5cc201ffb618e21e86a32ac980ed327c1
Author: Frank Schütte <fschuett@gymhim.de>
Date: Sat Apr 8 14:36:04 2017 +0200
rm subtree buildroot 2016.11
commit 476067a78d4fd1ddb141a8cccc63cf3e75cbe7a3
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Wed Apr 5 13:35:15 2017 +0200
Update for 2017.02.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit c836666c7b89936dbed15e350f4edf7e895c524c
Author: Matt Weber <matthew.weber@rockwellcollins.com>
Date: Mon Apr 3 21:06:11 2017 -0500
libselinux: query for python site-packages dir directly
With the bump to version 2.6, the following commit needs
to be taken into consideration for overloading paths.
https://github.com/SELinuxProject/selinux/commit/8162f10e670da963eb65ccf1e7de69ea85aba30d
The PYLIBVER is no longer used and the PYTHONLIBDIR is
renamed to PYSITEDIR with slightly different pathing.
More details can be found in the issue ticket which was
marked as a non-issue after analysis that a Buildroot fix
was the resolution.
https://github.com/SELinuxProject/selinux/issues/51
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6a6ce10eba24d43412aada7df7de2ab78e8ffee2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit f8d1e5f1ea26f7b125bfbb4338dc24ab97e76120
Author: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Thu Mar 23 00:04:56 2017 +0100
gst-ffmpeg: work-around bogus configure logic on SPARC
The libav version built into the gst-ffmpeg code produces a bogus
binary on SPARC, which causes the following error of the
check-bin-arch script:
ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstffmpeg.so is Sparc v8+, should be Sparc
ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstpostproc.so is Sparc v8+, should be Sparc
ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstffmpegscale.so is Sparc v8+, should be Sparc
The problem is the following bit of code in
gst-lib/ext/libav/configure:
elif enabled sparc; then
enabled vis && check_asm vis '"pdist %f0, %f0, %f0"' -mcpu=ultrasparc &&
add_cflags -mcpu=ultrasparc -mtune=ultrasparc
I.e, it checks if the architecture supports the pdist
instruction... but forces -mcpu to ultrasparc while doing so. So it's
like "let's see if this Ultrasparc instruction exists when I force the
compiler to think I'm using Ultrasparc", which is non-sensical. This
has been fixed later on in libav upstream:
https://git.libav.org/?p=libav.git;a=commit;h=6aa93689abe8c095cec9fa828c2dee3131008995
However, this commit cannot be backported as-is since the shell
function check_inline_asm did not exist in the old libav version
bundled in gst-ffmpeg.
Therefore, we take the simpler route of disabling the VIS
optimizations on SPARCv8 and Leon3.
Fixes:
http://autobuild.buildroot.net/results/e82d179c3d4f92ad7423693a4b1d42379a3f5411/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d2b73875c3b8a6ec518c1424eaf92c1257fa40aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit c61338a628879610671826f0aa766473023c8219
Author: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Date: Mon Apr 3 14:25:43 2017 +0200
package/tyrian: fixes compilation with static libs
Has been tested with: "./support/scripts/test-pkg -c tyrian.cfg -p opentyrian"
Fixes: http://autobuild.buildroot.net/results/0e2345db82b33f591958fc0f72ad914adafe0522
and some similar previous build failure.
Thanks Thomas for the tip ;-).
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dd99f2cb7d10f20568cab22c498a9e1831b5a351)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit eeec31f2a05b72c5616cbdd775b326a481ecdb39
Author: Yegor Yefremov <yegorslists@googlemail.com>
Date: Mon Apr 3 10:14:41 2017 +0200
libsoc: add host-pkgconf dependency
Without pkg-config PKG_CHECK_MODULES won't be expanded
and ./configure script produces following error message:
./configure: line 12237: syntax error near unexpected token `PYTHON,'
./configure: line 12237: ` PKG_CHECK_MODULES(PYTHON, python-"$PYTHON_VERSION")'
Fixes:
http://autobuild.buildroot.net/results/86e/86e04bd2b10527130306451e56a7693ed4b4befd
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8975e9f2c77c6861964906e6b5ebd894cdccf45f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 1a58c4c7b0dade55fae1fd325b5d2a129502467b
Author: Fabio Estevam <festevam@gmail.com>
Date: Sun Apr 2 15:15:14 2017 -0300
linux-headers: bump 4.{4, 9, 10}.x series
[Peter: drop 4.10.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 69356afc81cee7a1b1c749274b26db507133b8d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 6338df7dea0dcca5c1ff2689008dd058bce677e8
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Thu Mar 30 23:03:35 2017 +0200
audiofile: add security patch for CVE-2017-6839
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka
audiofile) 0.3.6 allows remote attackers to cause a denial of service
(crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://github.com/mpruett/audiofile/issues/41
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 844a7c6281eb442881330a5d36d5a0719f2870bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit c9890cfa67a887bf24aea7043d912ee6e8e669c0
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Thu Mar 30 23:03:34 2017 +0200
audiofile: add security patch for CVE-2017-6831
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in
Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
denial of service (crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp
https://github.com/mpruett/audiofile/issues/35
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bd5f84d301c4e74ca200a9336eca88468ec0e1f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 16daa3c10dbba15bc1e2bec590c1489c967a59e0
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Thu Mar 30 23:03:33 2017 +0200
audiofile: add security patch for CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838
CVE-2017-6830: A heap-based buffer overflow in the alaw2linear_buf function
in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
attackers to cause a denial of service (crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp
https://github.com/mpruett/audiofile/issues/34
CVE-2017-6834: A heap-based buffer overflow in the ulaw2linear_buf function
in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
attackers to cause a denial of service (crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp
https://github.com/mpruett/audiofile/issues/38
CVE-2017-6836: A heap-based buffer overflow in the Expand3To4Module::run
function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka
audiofile) 0.3.6 allows remote attackers to cause a denial of service
(crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h
https://github.com/mpruett/audiofile/issues/40
CVE-2017-6838: Integer overflow in sfcommands/sfconvert.c in Audio File
Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of
service (crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://github.com/mpruett/audiofile/issues/41
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4a1a8277bba490d227f413e218138e39f1fe1203)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 5e24ed52e4513ed49810455a91c70f496efbc9cc
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Thu Mar 30 23:03:32 2017 +0200
audiofile: add security patch for CVE-2017-6829
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile)
0.3.6 allows remote attackers to cause a denial of service (crash) via a
crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp
https://github.com/mpruett/audiofile/issues/33
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 434890df2a7c131b40fec1c49e6239972ab299d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 4f533d049ae78647431a9384206b8fe8733b61d9
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Thu Mar 30 23:03:31 2017 +0200
audiofile: add security patch for CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837
CVE-2017-6827: A heap-based buffer overflow in the
MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka
libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have
unspecified impact via a crafted audio file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp
https://github.com/mpruett/audiofile/issues/32
CVE-2017-6828: A Heap-based buffer overflow in the readValue function in
FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6
allows remote attackers to have unspecified impact via a crafted WAV file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp
https://github.com/mpruett/audiofile/issues/31
CVE-2017-6832: A Heap-based buffer overflow in the decodeBlock in
MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
attackers to cause a denial of service (crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp
https://github.com/mpruett/audiofile/issues/36
CVE-2017-6833: The runPull function in libaudiofile/modules/BlockCodec.cpp
in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause
a denial of service (divide-by-zero error and crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp
https://github.com/mpruett/audiofile/issues/37
CVE-2017-6835: The reset1 function in libaudiofile/modules/BlockCodec.cpp in
Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
denial of service (divide-by-zero error and crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp
https://github.com/mpruett/audiofile/issues/39
CVE-2017-6837: WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows
remote attackers to cause a denial of service (crash) via vectors related to
a large number of coefficients.
http://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://github.com/mpruett/audiofile/issues/41
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cc00bde57fc20d11f8fa4e8ec5f193c091714c55)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 9eb481bbfea238ee6c0b9258ef039a9a20a3dac4
Author: Baruch Siach <baruch@tkos.co.il>
Date: Fri Mar 31 14:09:36 2017 +0300
pcre: add upstream security fixes
Take Debian adapted patches of upstream.
Fixes:
CVE-2017-6004: crafted regular expression may cause denial of service
CVE-2017-7186: invalid Unicode property lookup may cause denial of service
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3143910eec12a5b23e853b3177bf316ac186b87a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 40192c1aa1339514ec166ef1ffbf1657f47d8c86
Author: Fabio Estevam <festevam@gmail.com>
Date: Thu Mar 30 11:24:45 2017 -0300
linux-headers: bump 4.{4, 9, 10}.x series
[Peter: drop 4.10.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c720701c4d3b23e35908319e6ade082c9e5a1433)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 1244b189543a11f1d712caf12efb7ee8703eba97
Author: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Sun Mar 26 23:43:40 2017 +0200
system: do not overwrite /bin/sh Busybox symlink
The BR2_SYSTEM_BIN_SH hidden option defines to what binary the /bin/sh
symlinks should point to. If busybox is chosen, then /bin/sh is created
to point to /bin/busybox.
This works fine with the default installation mode of Busybox, but it
fails with the upcoming "individual binaries" mode, in which each applet
is installed as its own binary, and /bin/busybox doesn't exist: we get
/bin/sh as a broken symlink to /bin/busybox.
Since Busybox already installs its own /bin/sh symlink, properly
pointing to /bin/ash or /bin/hush depending on the selected shell, it
doesn't make sense for the BR2_SYSTEM_BIN_SH logic to override
this. Just let Busybox install its own /bin/sh by making
BR2_SYSTEM_BIN_SH empty when Busybox shell is selected as /bin/sh.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fc91501e6b32ef1b015ac9b0fbf6d64aa1ce0162)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit d09c7e4d45261ef03277c9f46a07c81686f5e5bb
Author: Pawel Sikora <sikor6@gmail.com>
Date: Mon Mar 27 00:44:14 2017 +0200
syslog-ng: Bump version header in conf file to 3.9
Package version of syslog-ng is 3.9.1.
Bumping version number in syslog-ng.conf to 3.9
Fixing warning message about configuration file being too old.
Signed-off-by: Pawel Sikora <sikor6@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3dad25466d2931eeecde23867bed79b1d7213887)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 119e94b830a14a2c82d11bf5dfc16b46ece06702
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Tue Mar 28 17:18:08 2017 +0200
samba4: security bump to version 4.5.7
Fixes CVE-2017-2619:
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to
a malicious client using a symlink race to allow access to areas of
the server file system not exported under the share definition.
Samba uses the realpath() system call to ensure when a client requests
access to a pathname that it is under the exported share path on the
server file system.
Clients that have write access to the exported part of the file system
via SMB1 unix extensions or NFS to create symlinks can race the server
by renaming a realpath() checked path and then creating a symlink. If
the client wins the race it can cause the server to access the new
symlink target after the exported share path check has been done. This
new symlink target can point to anywhere on the server file system.
This is a difficult race to win, but theoretically possible. Note that
the proof of concept code supplied wins the race reliably only when
the server is slowed down using the strace utility running on the
server. Exploitation of this bug has not been seen in the wild.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 493cedf3af061b90a899826e0c184c2f484414f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit e29fa95b8368f9b85a1bfb2cef9741c6218c59b3
Author: Yann E. MORIN <yann.morin.1998@free.fr>
Date: Sat Jan 28 11:41:32 2017 +0100
core/br2-external: properly report unexpected errors
Unextected error in the br2-external script are properly caught, but
they are not reported properly, and we end up in either of two
situations:
- the .br2-external.mk file is not generated, in which case make will
try to find a rule to generate it (because the 'include' directive
tries to generate missing files);
- the .br-external.mk file is generated but does not contain the error
variable, and thus the build might not get interrupted.
We fix that by using a trap on the pseudo ERR signal, to emit the error
variable on unexpected errors.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c5fa9308ea4e3810a7f7d9d0df75cbf090c414c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 74ed2a833da74b33e0ad8c4fd77e789885b3a9fd
Author: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Date: Wed Mar 22 23:18:52 2017 +0530
taglib: fix legal info
taglib is dual licensed under LGPLv2.1 or MPLv1.1. Almost all source
files have license text mentioning LGPLv2.1 or alternatively MPLv1.1.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
[Thomas: use MPL-1.1 instead of MPLv1.1, since MPL-1.1 is the SPDX
license code for this license.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f30a3940c8dc5fc9bbe3a0ace457201808142183)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit c1be21ac128640dd600da2ad5840c74d72a799ee
Author: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Date: Wed Mar 22 23:18:51 2017 +0530
dbus-triggerd: add license file
In absence of license file, use source file as a license file since it
has license header in comments.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 50284570fbefa37c8874b47cd5998bd890e54632)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 0b670f3879eaa1bc56b6eaeeed54f36aba831219
Author: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Date: Wed Mar 22 23:18:50 2017 +0530
dbus-glib: fix legal info
dbus glib bindings are dual licensed under AFLv2.1 or GPLv2+.
Separate licenses using 'or' keyword.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f70f0b497f8a072eb22aff0bd934467b706cffd8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 2d7d618f7c8d53da9fb828ced4b445635ddb44c0
Author: Fabio Estevam <festevam@gmail.com>
Date: Sun Mar 26 10:49:43 2017 -0300
linux-headers: bump 4.{4, 9, 10}.x series
[Peter: drop 4.10.x update]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b718c776ca1a5d204f2ae9a765331a32e87e9560)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 3400806b9d555cf2f30154feeecd19221b8b52a0
Author: Rodrigo Rebello <rprebello@gmail.com>
Date: Sun Mar 26 03:36:54 2017 -0300
htop: use correct ncurses config script name
The ncurses config script can have different names depending on the
configuration (e.g. wchar support enabled/disabled). So, use
$(NCURSES_CONFIG_SCRIPTS) from the ncurses package as it contains the
proper name.
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8cd1554ee162f6344dab078233f4f6c0d93e7c24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 9d70c89b8029cef33a3abfa2ab98f1f68656c947
Author: Rodrigo Rebello <rprebello@gmail.com>
Date: Sun Mar 26 03:36:53 2017 -0300
slang: use correct ncurses config script name
The ncurses config script can have different names depending on the
configuration (e.g. wchar support enabled/disabled). So, use
$(NCURSES_CONFIG_SCRIPTS) from the ncurses package as it contains the
proper name.
Fixes:
http://autobuild.buildroot.net/results/c97554c05e121c76407be53ba37924cfcb658e9d/
http://autobuild.buildroot.net/results/b0a31a3491a30ee0d6e6e7dbba68a86f0e00943d/
http://autobuild.buildroot.net/results/a77241141cf8710fa945523ef62327798e3c4824/
[...]
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b3e4ed92380080334d3d09bb4a53dc6102edd8aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit ccf0e0767d6c73dd23852fad5de2900c6f88fd56
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Thu Mar 23 20:37:00 2017 +0100
package/ntp: fix build for toolchains without ssp
ntp defaults to use ssp support
http://bk1.ntp.org/ntp-stable/sntp/harden/README
by using these flags
http://bk1.ntp.org/ntp-stable/sntp/harden/linux
If the toolchain lacks SSP support this patch forces ntp to use an
empty set of flags: http://bk1.ntp.org/ntp-stable/sntp/harden/default
Fixes
http://autobuild.buildroot.net/results/1d5/1d58bd8745b22c8eb71fea4c7255d3ace69f6f7a/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 00968bcac0674250956e99b6fafbf9b373446488)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 30a9181448690d01d3aad51d0c2458b0c5ec1761
Author: Jörg Krause <joerg.krause@embedded.rocks>
Date: Fri Mar 24 08:53:21 2017 +0100
busybox: fix mdev.conf
mdev does not set "/dev/snd" and "/dev/input" group and permission
propery, because with commit c3cf1e30a3022453311a7e9fe11d94c7a381640e
(May 2013!) the behavior of mdev has changed.
The device name is now taken directly from the uevent file and does no
longer match the old rule.
Fix the rules for "/dev/snd" and "/dev/input" according to the example
given in [1].
[1] http://lists.busybox.net/pipermail/busybox/2015-February/082297.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit afb585468b33c76d41686cb92e7f56565fe150e4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 03316d1719645ea47aac6de3a29877345c5e0a67
Author: Jörg Krause <joerg.krause@embedded.rocks>
Date: Fri Mar 24 09:47:43 2017 +0100
upmpdcli: add user to the audio group
upmpdcli runs as user and group upmpdcli. In order to allow it to access
the ALSA devices add it to the audio group.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ab9842e360ae08954b07504a20cd053fe146f383)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 5bc876f43b1954e0494b5f360c8e0f9ddc5624e4
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Wed Mar 22 13:19:27 2017 +0000
linux-headers: bump 3.{2, 12}.x and 4.{1, 4, 9, 10}.x series
[Peter: drop 4.10.x update]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0d70d1dbf054f4a0609ba1076bc7e097305013d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 13eec966adfdc6c7659bff0cb7fd27056c248127
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Wed Mar 22 22:03:13 2017 +0100
package/ntp: security bump to 4.2.8p10
Changed NTP_SITE to https to circumvent "URL transformed to HTTPS due
to an HSTS policy" during download.
For details about the bugs fixed see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://www.kb.cert.org/vuls/id/633847
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b47aec79d2e19ef7e3f04d2758c3a2930d47cebe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 293f9d2f18d28e2f5f235ba4c94a6bb695ecf6c9
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Tue Mar 21 01:07:01 2017 +0100
squashfs: correct hash
When squashfs was bumped to 3de1687d in commit ee90313c64, the hash
file was not updated. This wasn't noticed before since hashes are not
checked for git downloads.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 85c832247e40f00f48ac328970bb39ab7851f042)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit a2c0793636adaf44df268dc9a406d12a8bd42e7f
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Tue Mar 21 01:07:00 2017 +0100
linux-firmware: correct hash
When linux-firmware was bumped to 6d3bc8886 in commit 3ff5896ff, a hash
file was added but the hash was wrong. This wasn't noticed before since
hashes are not checked for git downloads.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0409b136985ff582d561076f03685da9890fa325)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 2f426dadad24fa46909ed6504d19eb7ccbd55657
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Tue Mar 21 01:06:59 2017 +0100
fmc: correct hash file
It had sha256sum instead of sha256. This wasn't noticed before since
hashes for git downloads are not checked.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ba717fde72c862a283a035b3b44377bb48d08284)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit e6b2152cd15bd8a9ed8a72c2ef2c07959839d46d
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Tue Mar 21 01:06:57 2017 +0100
download/git: create GNU format tar files
On most distros, the tar format defaults to GNU. However, at build time
the default format may be changed to posix. Also, future versions of
tar will default to posix.
Since we want the tarballs created by the git download method to be
reproducible (so their hash can be checked), we should explicitly
specify the format. Since existing tarballs on sources.buildroot.org
use the GNU format, and also the existing hashes in the *.hash files
are based on GNU format tarballs, we use the GNU format.
In addition, the Posix format encodes atime and ctime as well as mtime,
but tar offers no option like --mtime to override them. In the GNU
format, atime and ctime are only encoded if the --incremental option is
given.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0f369a9231b2c67748f4f0c2dbb33ebdc2890478)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit ac75d32ae79aed38e003361503a601edad384d23
Author: Yegor Yefremov <yegorslists@googlemail.com>
Date: Tue Mar 21 09:22:33 2017 +0100
graph-depends: rename pkgutil.py to brpkgutil.py
pkgutil.py is also part of Python itself. Placing pkgutil.py as is
in a folder with other scripts that require original pkgutil will
break them. This is the case with scanpypi. So rename pkgutil.py
to brpkgutil.py to avoid naming collision.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=9766
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3b627c89dc8adf8c60efd773935bf66004e8433d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit eaadfab8e8c77d9b66b0b9b1215a6ebd0ca6307c
Author: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Tue Mar 21 22:21:20 2017 +0100
ltp-testsuite: disable Open POSIX testsuite
The Open POSIX testsuite builds and installs to the target directory a
program called 't0' that isn't cross-compiled, which is bad.
Since the LTP build system is autoconf but not automake based, and the
Open POSIX testsuite is a sort of sub-project inside it, fixing the
issue is not trivial.
Therefore, we simply disable the Open POSIX testsuite entirely. Oddly
enough, --without-open-posix-testsuite doesn't work due to another bug,
so we simply have to remove --with-open-posix-testsuite.
Open POSIX testsuite cross-compilation issue reported at
https://github.com/linux-test-project/ltp/issues/144.
Configure script bug reported at
https://github.com/linux-test-project/ltp/issues/143.
Fixes:
http://autobuild.buildroot.net/results/8326ba9eb257dfc92c1ad282ba6d3565e8250def/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b57e1355a72da407c19315cb4187767d28e4d064)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 55a23407aff9ab0b3e3c72b7c5fd6c8873a910d2
Author: Yann E. MORIN <yann.morin.1998@free.fr>
Date: Tue Mar 21 22:33:59 2017 +0100
package/dbus-cpp: fix cross-compilation
dbus-cpp has an ugly hack to not cross-build the tools when it detects
cross-compilation.
However, we already have a host variant that builds those tools (and we
anyway don't seem to need them to begin with).
Drop our patch that propagates the CXXFLAGS/LDFLAGS_FOR_BUILD. Replace
with a patch to cross-compile the tools.
Fixes:
http://autobuild.buildroot.org/results/110/1100539caae6ef62c61a3b96bc54f7c0a215cc62/
and many, many more.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f5dbd0dea159393e779f6a1f5fa53b9fa07ff34a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 3b9349e3cb8804bf3f1d2de3823f58371e735ab9
Author: Julien Beraud <julien.beraud@spectracom.orolia.com>
Date: Tue Mar 21 14:23:56 2017 +0100
apr: fix size of pid_t
pid_t is a signed 32bits integer on both 32bits and 64bits
architectures.
This fixes an issue with apache server which causes bad pid
to be written in PidFile
Signed-off-by: Julien Beraud <julien.beraud@spectracom.orolia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ee8cbc5fca779ff054a50ed8e6271952367147c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 22dd05433e0e0309628489b983569d2d47c57341
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Tue Mar 21 15:40:08 2017 +0000
memcached: bump version to 1.4.36
From the release notes
(https://github.com/memcached/memcached/wiki/ReleaseNotes1436):
Important bug fix that could lead to a hung slab mover. Also improves
memory efficiency of chunked items.
[Peter: add release notes link / mention important bug fix]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit adfe049d85b09a2ce780ce49f8e53d9cfaf90e2d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 2239406dc1820c1b9958f559737abc9d904d5142
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Mon Mar 13 11:43:50 2017 +0000
memcached: bump version to 1.4.35
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 36cabc5a744d97090784a29a4001a994728e0539)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit df0c78d61e142781b6da3d0cf789b8b7b1ae3055
Author: Baruch Siach <baruch@tkos.co.il>
Date: Tue Mar 21 15:11:22 2017 +0200
openssh: security bump to version 7.5
From the release notes (https://www.openssh.com/txt/release-7.5):
Security
--------
* ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
Note that the OpenSSH client disables CBC ciphers by default, sshd
offers them as lowest-preference options and will remove them by
default entriely in the next release. Reported by Jean Paul
Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of
Royal Holloway, University of London.
* sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
a recursive file transfer could be maniuplated by a hostile server to
perform a path-traversal attack. creating or modifying files outside
of the intended target directory. Reported by Jann Horn of Google
Project Zero.
[Peter: mention security fixes]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2204f4deb1c6c6ff4accd84b5aa2d42f5930b730)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit dc9ecb90c58908ffa0d896d4da5b1d4b917253c7
Author: Peter Seiderer <ps.report@gmx.net>
Date: Mon Mar 6 21:43:47 2017 +0100
gst1-plugins-bad: waylandsink needs wayland-protocols
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
----
Changes v1 -> v2:
- use select instead of depends for BR2_PACKAGE_WAYLAND_PROTOCOLS
(suggested by Thomas Petazzoni)
- add select BR2_PACKAGE_WAYLAND_PROTOCOLS to missing second
place (BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WAYLAND)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5a2d37ca125c1742864af0e9324234f8f3ecc071)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 1c1b702a466023f8826cfb6a386e9b4683880875
Author: Peter Seiderer <ps.report@gmx.net>
Date: Fri Mar 10 20:54:54 2017 +0100
libxkbcommon: disable wayland support
Disable wayland support (only needed for the interactive-wayland
test program). This fixes a compile failure in case wayland
support is autodetected:
GEN xdg-shell-unstable-v5-protocol.c
/bin/sh: /usr/bin/wayland-scanner: No such file or directory
Makefile:2426: recipe for target 'xdg-shell-unstable-v5-protocol.c' failed
make[3]: *** [xdg-shell-unstable-v5-protocol.c] Error 127
make[3]: *** Waiting for unfinished jobs....
GEN xdg-shell-unstable-v5-client-protocol.h
/bin/sh: /usr/bin/wayland-scanner: No such file or directory
Makefile:2428: recipe for target 'xdg-shell-unstable-v5-client-protocol.h' failed
make[3]: *** [xdg-shell-unstable-v5-client-protocol.h] Error 127
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7665b5870995ef059d1654c35557b53c04a71d1d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 51038b08eebee72d89ec7871d1ffe5c84abb2b9f
Author: Romain Naour <romain.naour@gmail.com>
Date: Sun Mar 19 21:51:53 2017 +0100
package/mesa3d: add lm-sensors optional dependency
radeon-pci-0008
Adapter: PCI adapter
temp1: +56.0 C (crit = +120.0 C, hyst = +90.0 C)
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 73401587e5984397bedddab61ad6c89712041267)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit b277a7f0db52b02f79a29a7816169abfefd51f91
Author: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Date: Mon Mar 20 20:41:18 2017 +0530
filemq: correct license
All source files, except src/filemq_client.c and src/filemq_server.c,
has MPL Version 2.0 license text in file header.
As confirmed with upstream [1] (L)GPLv3 license texts COPYING and
COPYING.LESSER are leftover from previous implementation.
[1] - https://github.com/zeromq/filemq/issues/74
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 205a0289d4a0aefc76b0c937c2f725517114c658)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit eb021f3547a721d77de73789bd23a44c6e3ea8f7
Author: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Date: Mon Mar 20 21:11:22 2017 +0100
skalibs: fix endianness detection on x86
Update the patch for compile time endianness detection so it works on
x86 platforms using GCC <= 4.4.
Fixes:
http://autobuild.buildroot.net/results/c2e8e1180571976b412cbba729c45a3698aea0b2
http://autobuild.buildroot.net/results/2ee47107d8a67470f7bc3e10cf763202d5455d17
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8eecaf2d122f7da6f59964f5eb00139a32373d06)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 05bc9b0c339d3ed0830cff3e702cdccefcf2b068
Author: Baruch Siach <baruch@tkos.co.il>
Date: Mon Mar 20 06:16:56 2017 +0200
wget: add upstream security fix
Fixes CVE-2017-6508: CRLF injection in the url_parse function in url.c
http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7132fc9c11573a460243895c85e66b514b71c041)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 55c742f83a563668caf4435526a780c80bdd6014
Author: Fabio Estevam <festevam@gmail.com>
Date: Sat Mar 18 11:21:42 2017 -0300
linux-headers: bump 4.{4, 9, 10}.x series
[Peter: drop 4.10.x update]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f4978bf018d4f03834f879f3dfc4e8237846742e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 8c6080b06cee662b409e2256cee0570684170f19
Author: Jan Kundrát <jan.kundrat@cesnet.cz>
Date: Fri Mar 17 17:02:54 2017 +0100
skeleton: fix permissions on /dev/pts/ptmx
Without this patch, it is not possible to allocate PTYs when a generated
rootfs image with a recent glibc and systemd is launched as a container on
an RHEL7 system via machinectl/systemd-nspawn. The container boots, but
`machinectl login mycontainer` fails. The culprit is /dev/pts/ptmx with
0000 perms.
On a typical system, there are two `ptmx` devices. One is provided by the
devpts at /dev/pts/ptmx and it is typically not directly accessed from
userspace. The other one which actually *is* opened by processes is
/dev/ptmx. Kernel's documentation says these days that /dev/ptmx should be
either a symlink, or a bind mount of the /dev/pts/ptmx from devpts.
When a container is launched via machinectl/machined/systemd-nspawn, the
container manager prepares a root filesystem so that the container can live
in an appropriate namespace (this is similar to what initramfs is doing on
x86 desktops). During these preparations, systemd-nspawn mounts a devpts
instance using a correct ptmxmode=0666 within the container-to-be's
/dev/pts, and it adds a compatibility symlink at /dev/ptmx. However, once
systemd takes over as an init in the container,
/lib/systemd/systemd-remount-fs applies mount options from /etc/fstab to
all fileystems. Because the buildroot's template used to not include the
ptmxmode=... option, a default value of 0000 was taking an effect which in
turn led to not being able to allocate any pseudo-terminals.
The relevant kernel option was introduced upstream in commit 1f8f1e29 back
in 2009. The oldest linux-headers referenced from buildroot's config is
3.0, and that version definitely has that commit. Mount options that are
not understood by the system are anyway ignored, so backward
compatibility is preserved.
Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: fix commit title, adjust commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8196b299ba12bd6741bf7f4462cad180dab77fb0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 74293a15bdfda83bb83f15f9dc459a54a6ab99f0
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Fri Mar 17 17:06:16 2017 +0100
fakeroot: depend on acl
Recent versions of fakeroot have grown support for acl. We don't really
need this since we don't use acls in Buildroot. However, it turns out
that "cp -a" does something funky with acls, with the result that
fakeroot without acl support looses the ownership and permissions on
the copied file. "cp -a" may be (is even likely to be) used in a
BR2_ROOTFS_POST_FAKEROOT_SCRIPT, so we need to support this.
Note that host-acl itself depends on host-attr, so this pulls in two
extra packages in each build. The impact on build time is about 10s.
Cc: Andreas Naumann <dev@andin.de>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2a222446b4614a38b4042df54b68b69b96939708)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit f6ba4399324396d690d95a2b1a11d87a4ffe173f
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Fri Mar 17 17:06:15 2017 +0100
acl: add host variant
We need host-acl to fix issues with fakeroot.
Unfortunately, all the hacks (except the .la fixup) have to be repeated.
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Andreas Naumann <dev@andin.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c83446fccace19694e20b1d0a730680244d724fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit c7c5c7e5f6837bd47fb95d2df96726aeacbaf28f
Author: Arnout Vandecappelle <arnout@mind.be>
Date: Fri Mar 17 17:06:14 2017 +0100
acl: make sure build picks up TARGET_CFLAGS
The acl build system doesn't use automake, therefore it is broken. It
doesn't use the CFLAGS passed by configure. Work around this by passing
CFLAGS in the environment. The makefiles append to CFLAGS, so this
works.
This issue hasn't led to build failures, but it is visible e.g. when
stack protector is enabled: the stack protector options are not applied
to acl. Also debug and optimisation options aren't applied.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 99c9b0affde4fcc3270425319b98a0e5e32f5964)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 3e386020722b85aaf89b9dccc0263905763c8d08
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Thu Mar 16 16:31:46 2017 +0100
xlib_libXv: correct license info
The license is actually closer to ISC than MIT, E.G.:
https://opensource.org/licenses/ISC
vs
https://opensource.org/licenses/MIT
>From COPYING:
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the names of Digital or MIT not be
used in advertising or publicity pertaining to distribution of the
software without specific, written prior permission.
E.G. this is very similar to the normal ISC text which has been extended
with a BSD-3c style advertisinc clause. Both are permissive licenses, but
it is more correct to call it ISC-like.
Notice: As pointed out by Rahul Bedarkar, this may actually be more closely
related to the OpenBSD template license:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.template?rev=HEAD
But that is also based on the ISC license, so calling it ISC-like is still
correct.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aad15918520391ea0952d742db9c52c3ac2b1f7e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 2a778d53fa6bf7c232ad57eedbd0fd9bf7328c84
Author: Romain Naour <romain.naour@gmail.com>
Date: Fri Mar 17 00:02:06 2017 +0100
package/cairo: update license information
As noticed by Rahul Bedarkar, the cairo library is LGPLv2.1 only
(not LGPLv2.1+) or MPLv1.1.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0768932a0229b2c201c292023f59a868ecdb1222)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit fd28c44ce87b7480a24e596f7a34e3d30e577333
Author: Baruch Siach <baruch@tkos.co.il>
Date: Thu Mar 16 20:41:23 2017 +0200
tcpreplay: patch security issue
Add upstream patch for CVE-2017-6429: Buffer overflow when reading crafted
pcap file with large packets.
https://github.com/appneta/tcpreplay/issues/278
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 62bf2bfd53885fbd62a8e9345c7f3d7a4d619342)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 8cd0e35189346419b4ca60f275f8663de21877c2
Author: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Date: Thu Mar 16 17:24:01 2017 +0530
taglib: update homepage link
Avoid redirect.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a411212d22cb84b92201b5a02ef8b860b0a17280)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit bae94a6e65449729a1c73dc38698e11379b645d6
Author: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Wed Mar 15 15:08:36 2017 -0300
mbedtls: security bump to verison 2.4.2
Fixes:
CVE-2017-2784 - Freeing of memory allocated on stack when validating a
public key with a secp224k1 curve.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 465ce2ea73cc1d98972cde45114f7b0e35e32ff2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit f2e01f9c189b3d04cae85c72263c88d49c171b8d
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Wed Mar 15 11:48:32 2017 +0100
mariadb: security bump to version 10.1.22
Fixes:
CVE-2017-3302 - C client library for MySQL (libmysqlclient.so) has
use-after-free defect which can cause crash of applications using that MySQL
client.
CVE-2017-3313 - Difficult to exploit vulnerability allows low privileged
attacker with logon to the infrastructure where MySQL Server executes to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized access to critical data or complete access to all
MySQL Server accessible data.
And a number of important, but non-security related fixes:
MDEV-11842: Fix a 10.1.21 regression with failed INSERT, BEFORE INSERT
triggers, and columns with no default value
MDEV-12075: Fix a 10.1.21 regression in the InnoDB data file extension code
For details, see the release notes:
https://mariadb.com/kb/en/mariadb/mariadb-10122-release-notes/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 467b38892aa23927ad1140119f0f17c23e896e7e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 604b463d534943701024d7878dd2017c45ed5088
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Tue Mar 14 23:58:22 2017 +0100
jasper: add upstream security fix
Fixes a NULL Pointer Dereference jp2_encode:
https://github.com/mdadams/jasper/issues/120
No CVE assigned yet.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 76da579431a78875afeaeda76e459aca69e85d36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 607c2635ca1f48f3aacb84404a4cd0ee49215827
Author: Peter Korsgaard <peter@korsgaard.com>
Date: Tue Mar 14 23:58:21 2017 +0100
jasper: add upstream security fix for CVE-2017-6850
Fixes a NULL pointer dereference in jp2_cdef_destroy:
https://blogs.gentoo.org/ago/2017/01/25/jasper-null-pointer-dereference-in-jp2_cdef_destroy-jp2_cod-c/
https://github.com/mdadams/jasper/issues/112
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a105443b24f7c75b10dab44c2916fc9f2b58363a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 1a1ec309d748d1d1cdb4f3b9dbcd7eb08c7b0e93
Author: Fabio Estevam <festevam@gmail.com>
Date: Wed Mar 15 08:07:38 2017 -0300
linux-headers: bump 4.{4, 9, 10}.x series
[Peter: skip 4.10.x]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b3d736b9b6b92b70a9020be470a4cf5f7f012b2e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 840969ed617f772c866ea61e27cab97eaaf63eff
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Mon Mar 13 12:31:20 2017 +0000
rpm: bump version to 4.13.0.1 (security)
Security fixes:
- Fix several out of bounds reads in the OpenPGP parser
- Fix handling of OpenPGP reserved tag (should be rejected)
- Fix various crashes from malformed packages with invalid tags
Release notes:
http://rpm.org/wiki/Releases/4.13.0.1
This patch also switches from GitHub to rpm.org since the last one seems
to be more up-to-date.
[Peter: use RPM_VERSION_MAJOR as suggested by Jerzy Grzegorek]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7adbcd174a17ff1b74c4b20d94ca4a9e7f396d68)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit fb398d3a4d806399e52c1f970a415cd718133403
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Mon Mar 13 11:41:44 2017 +0000
linux-headers: bump 4.{4, 9, 10}.x and 3.12.x series
[Peter: skip 4.10.x]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d18cdcebc238706d1bf50460b85ea36eaed83b21)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 3bf15bfc84f646efbdeead006378265fa56855a9
Author: Matthew Fornero <mfornero@mathworks.com>
Date: Mon Mar 13 15:35:02 2017 -0400
libiio: explicitly disable matlab bindings
If building on a machine with MATLAB installed, the MATLAB bindings will
default to ON, which is not the desired behavior for a cross build.
The bindings are designed to be called from within MATLAB, and we are
not currently running MATLAB on buildroot-generated targets.
This does not preclude the use of the bindings from a host connecting
over the network backend (assuming libiio on the host has the bindings
enabled).
Signed-off-by: Matthew Fornero <mfornero@mathworks.com>
Acked-By: Paul Cercueil <paul.cercueil@analog.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f358078b3374f3b316551660e89f5c463cb61608)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 14dc993718941fb0d1194fc2eedcab0b5fe33260
Author: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Date: Tue Mar 14 19:59:37 2017 +0530
zmqpp: update license
Since version 4.1.2, zmqpp is provided under MPLv2.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 87e9391e69cae06836723dcc5525e07d89c14acb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 8ddd530004229e032dda14c64db629b862b27fa3
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Sun Mar 12 12:44:57 2017 +0100
package/mplayer: add optional support for pulseaudio
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a085b7c3139b2c4543530fb0adf0047d8a4c1fd3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 9739750396da0af7a449eed9e38e003e0dc2d159
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Sun Mar 12 13:12:03 2017 +0100
package/git: fix pcre support
The current code contains some obvious typos.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d830807794245077e73ee1d3c78eecb8d224dc04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 32a9eb6e5abbc1787e0a82756d35aa8fb5b411cb
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Sun Mar 12 13:43:14 2017 +0100
package/git: add optional support for gettext
git links to libintl if available:
$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/bin/git | grep NEEDED
0x00000001 (NEEDED) Shared library: [libz.so.1]
0x00000001 (NEEDED) Shared library: [libintl.so.8]
0x00000001 (NEEDED) Shared library: [libc.so.0]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit aecab2f29c396a04d24e61479d7fc3f53149448f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 894a37c031cce0715d28f5003ccc58db07b1cce9
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Sun Mar 12 15:06:05 2017 +0100
package/python: add optional support for libintl
Python links to gettext when available:
$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/python2.7/lib-dynload/_locale.so | grep NEEDED
0x00000001 (NEEDED) Shared library: [libintl.so.8]
0x00000001 (NEEDED) Shared library: [libpython2.7.so.1.0]
0x00000001 (NEEDED) Shared library: [libc.so.0]
In comparison the same library compiled without gettext:
$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/python2.7/lib-dynload/_locale.so | grep NEEDED
0x00000001 (NEEDED) Shared library: [libpython2.7.so.1.0]
0x00000001 (NEEDED) Shared library: [libc.so.0]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 70759f5359d6e5f7b868b74399e20d8ea7956769)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit c365c42ef371d948570a2b41b4f87af193a0eab6
Author: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Sat Mar 11 17:32:59 2017 +0100
package/tor: bump version to 0.2.9.10
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 660651491ea2ff8fc82d503a8e28bbd54e8d9131)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit b3442f2fe397bbd33f9ab745ff2601a8994a7153
Author: Yann E. MORIN <yann.morin.1998@free.fr>
Date: Sun Mar 12 10:58:16 2017 +0100
package/nbd: fix utilities locations
Currently, the code expects both the client and server to be in
/usr/bin, while the client is in /usr/sbin
Fix that.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4aabbeb245794862e8434317e885d6d028d23679)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit a3d83660c5352249d8da2bab8520442d13a06cec
Author: Peter Seiderer <ps.report@gmx.net>
Date: Fri Mar 10 23:15:47 2017 +0100
qt5base: install libQt5EglFsKmsSupport
According to src/plugins/platforms/eglfs/deviceintegration/deviceintegration.pro
depends on eglfs_gbm which depends according to src/gui/configure.json
on features.eglfs and features.gbm and features.kms, so dependency
on BR2_PACKAGE_MESA3D_OPENGL_EGL which enables mesa3d gbm support
should be sufficient.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5efe07f9af53c0cf0795d316cb84d58e530a9619)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 91bb73cb5a5a6764054a6f07eae1b6da12ed4086
Author: Peter Seiderer <ps.report@gmx.net>
Date: Fri Mar 10 23:15:46 2017 +0100
qt5base: fix eglfs x11 header related compile failure
Add egl config and QT_EGL_NO_X11 define (as all other eglfs project
files do) to src/plugins/platforms/eglfs/eglfs-plugin.pro.
Fixes ([1]):
In file included from .../host/usr/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/EGL/egl.h:39:0,
from ../../../../include/QtEglSupport/5.8.0/QtEglSupport/private/../../../../../src/platformsupport/eglconvenience/qt_egl_p.h:63,
from ../../../../include/QtEglSupport/5.8.0/QtEglSupport/private/qt_egl_p.h:1,
from api/qeglfsglobal_p.h:56,
from api/qeglfsintegration_p.h:54,
from qeglfsmain.cpp:41:
.../host/usr/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/EGL/eglplatform.h:119:22: fatal error: X11/Xlib.h: No such file or directory
compilation terminated.
Makefile.eglfs-plugin:1024: recipe for target '.obj/qeglfsmain.o' failed
make[2]: *** [.obj/qeglfsmain.o] Error 1
make[2]: Leaving directory '.../qt5base-5.8.0/src/plugins/platforms/eglfs'
Makefile:71: recipe for target 'sub-eglfs-plugin-pro-make_first-ordered' failed
make[1]: *** [sub-eglfs-plugin-pro-make_first-ordered] Error 2
[1] http://lists.busybox.net/pipermail/buildroot/2017-March/186158.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5840e8bd505cef8846ed4f8fc769f306165ee174)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 2e1b15a6fba60f077fad070738801b592c794038
Author: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Mon Feb 13 18:24:51 2017 +0100
domoticz: fix build on powerpc64le
There is an issue with powerpc64le and boost::uuids::random_generator on the
following line of code (from include/boost/uuid/seed_rng.hpp):
sha.process_bytes( (unsigned char const*)&std::rand, sizeof( void(*)() ) )
This line "inspects the first couple bytes (here eight) of the std::rand
function to seed some rng. Due to the implementation of process_bytes and
inlining happening, it seems that one of the loops therein uses &rand-1 as
some boundary, compiling with -O0 makes that reloc come out as 'rand + 0' and
the link will succeed."
See: https://bugzilla.suse.com/show_bug.cgi?id=955832#c7
Fixes:
- http://autobuild.buildroot.org/results/454c0ea393615bae2d1b44be9920f25b5c49fc33
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 00d2a3da72455213b87069af475173060750d50d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit f63fab1bae878509a79219ebff634af208daab0b
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Fri Mar 10 17:06:18 2017 +0000
imagemagick: bump version to 7.0.5-0 (security)
- Fixed memory leak when creating nested exceptions in Magick++
https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634
- Fixed fd leak for webp coder
https://github.com/ImageMagick/ImageMagick/pull/382
- Fixed Spurious memory allocation message
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
Full changelog: http://imagemagick.org/script/changelog.php
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d6cc5462535acf954abccd585efc3a07623cc416)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 8d36b6d034ea07c9dbddd4f407f34f1d2d01ccd8
Author: Yann E. MORIN <yann.morin.1998@free.fr>
Date: Tue Mar 7 22:16:28 2017 +0100
package/rpi-userland: don't install file in random location
Currently, rpi-userland installs files in $(@D)/../../bin/ which is
entirely stupid, especially in cross-compilation.
Get rid of the dubious, broken, custom install command.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ffa39b23f7ece3a3d9ea914c2e385ce222bdf921)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit de33cffb6631ec116679fbd6352aef5cf912df65
Author: Romain Naour <romain.naour@gmail.com>
Date: Sat Mar 11 22:26:45 2017 +0100
package/gdb: fix gnulib issue with musl and uClibc toolchains again
The commit [1] doesn't fix this issue for all cases (it doesn't work
when BR2_PACKAGE_GDB_DEBUGGER=y).
So, leave the configure script alone and override
gl_cv_func_gettimeofday_clobber from GDB_MAKE_ENV.
[1] 560334bb2a46a77081a3944d092df7732dfca432
Fixes:
http://autobuild.buildroot.net/results/719/719a441421030b79c0aa1bbfb707130f3ac87338
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit faf38b78aee613a732f96d5022a2894efd024a25)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 34345f1b033e338b1933381a992d9f92f4fe9ae5
Author: Julien BOIBESSOT <julien.boibesso…
sbaldovi
pushed a commit
to sbaldovi/audiofile
that referenced
this issue
May 30, 2023
When building the library with NDEBUG, asserts are eliminated so it's better to always check that the number of coefficients is inside the array range. This fixes the 00191-audiofile-indexoob issue in mpruett#41
sbaldovi
pushed a commit
to sbaldovi/audiofile
that referenced
this issue
May 30, 2023
Check for multiplication overflow (using __builtin_mul_overflow if available) in MSADPCM.cpp decodeSample and return an empty decoded block if an error occurs. This fixes the 00193-audiofile-signintoverflow-MSADPCM case of mpruett#41
sbaldovi
pushed a commit
to sbaldovi/audiofile
that referenced
this issue
May 30, 2023
Checks that a multiplication doesn't overflow when calculating the buffer size, and if it overflows, reduce the buffer size instead of failing. This fixes the 00192-audiofile-signintoverflow-sfconvert case in mpruett#41
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
http://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
The text was updated successfully, but these errors were encountered: