- 27 Dec, 2017 40 commits
-
-
Fabio Estevam authored
[Peter: drop 4.14.x bump] Signed-off-by:
Fabio Estevam <festevam@gmail.com> Signed-off-by:
Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 634bdbd52e7451b615b8972f0d3973e5b76ef987) Signed-off-by:
-
Romain Naour authored
Backport 2 upstream fix. Fixes: http://autobuild.buildroot.net/results/0d1/0d131f9fa5cce259d999f7d57f9092675bfc24c7 Signed-off-by:
Romain Naour <romain.naour@gmail.com> Signed-off-by:
-
Romain Naour authored
Bump mfgtools to include the fix [1] for the C++ build issue reported by the autobuilders. This bump include only 4 small commits fixing memory leak and this build issue. Remove CPOL.htm (removed upstream) from MFGTOOLS_LICENSE_FILES but CPOL license is still valid. Add the README.txt file to MFGTOOLS_LICENSE_FILES since it contains licensing informations: Licenses: - CPOL: MfgToolLib/XmlLite.CPP and XmlLite.h - BSD: Others. Add license file hash. [1] https://github.com/codeauroraforum/mfgtools/commit/b370a43e548440025d274ff2abbb25342bbaa78c Fixes: http://autobuild.buildroot.net/results/7c2bbbe13ab315684f3502afd96958a76879b1d5 Signed-off-by:
-
Baruch Siach authored
The old SGI site is not accessible anymore. Use the link from the README file. Signed-off-by:
Baruch Siach <baruch@tkos.co.il> Signed-off-by:
-
Romain Naour authored
The last commit before the 1.4.0 release was to disable parallel build [1] [1] https://github.com/lipnitsk/libcue/commit/bebbc18a8c00a0b8c26bc6191af68c6a83629b40 Fixes: http://autobuild.buildroot.net/results/f25/f256037ca3d49f96add8ca2e2f9c980f5f9d764e http://autobuild.buildroot.net/results/d84/d84c7d0cb9cf5fa9996c42149eda5295700516f5 Signed-off-by:
"Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by:
-
Adrian Perez de Castro authored
This is a maintenance release of the current stable WebKitGTK+ version, which contains fixes for CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, and CVE-2017-13856. Additionally, this release brings improvements in the WebDriver spec-compliance, plugs several memory leaks in its GStreamer based multimedia backend, and fixes a bug when handling cookie removal. Release notes can be found in the announcement: https://webkitgtk.org/2017/12/19/webkitgtk2.18.4-released.html More details about the security fixes are provided in the following WebKitGTK+ Security Advisory report: https://webkitgtk.org/security/WSA-2017-0010.html Last but not least, this new release includes the fix for honoring the CMAKE_BUILD_TYPE value from CMake toolchain files and the corresponding patch is removed. Signed-off-by:
Adrian Perez de Castro <aperez@igalia.com> Signed-off-by:
-
Adrian Perez de Castro authored
Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@free-electrons.com> (cherry picked from commit e7f82694cfe98f659ff08b5834e32f8996ca55c5) Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: CVE-2017-13672: QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. CVE-2017-15118: Stack buffer overflow in NBD server triggered via long export name CVE-2017-15119: DoS via large option request CVE-2017-15268: Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. For more details, see the release announcement: https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg03618.html Signed-off-by:
-
Baruch Siach authored
This would make the unicode challenged menuconfig show something sensible. Split the sentence for the text to make sense. Signed-off-by:
-
Fabio Estevam authored
[Peter: drop 4.14.x bump] Signed-off-by:
Fabio Estevam <fabio.estevam@nxp.com> Signed-off-by:
-
Peter Korsgaard authored
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. For more details, see: https://bugzilla.samba.org/show_bug.cgi?id=13112 Signed-off-by:
-
Baruch Siach authored
The (deprecated) libsamplerate support is not enabled unless --enable-samplerate is passed to configure. Fix this. Signed-off-by:
-
Baruch Siach authored
Put together alsa-lib dependency and configure option code. As a side effect we now avoid alsa-lib dependency when the required support in alsa is missing. Use positive logic. Explicitly enable alsa support when available. Signed-off-by:
-
Baruch Siach authored
The ConsoleKit module is loaded by default from the default.pa configuration file, but its initialization fails because Buildroot has no ConsoleKit package yet. This breaks per-user pulseaudio daemon. The default.pa configuration load module-console-kit only when it exists. Remove module-console-kit to fix pulseaudio per-user startup. Signed-off-by:
-
Damien Riegel authoredlldpd currently depends on a C++ compiler to configure properly, but the package doesn't select that option, so builds fail if BR2_TOOLCHAIN_BUILDROOT_CXX is not selected with following errors: checking how to run the C++ preprocessor... /lib/cpp configure: error: in `/home/dkc/src/buildroot/build-zii/build/lldpd-0.9.4': configure: error: C++ preprocessor "/lib/cpp" fails sanity check This package actually builds fine without C++, so drop this check in configure.ac. Attached patch has already been accepted upstream [1]. [1] https://github.com/vincentbernat/lldpd/pull/261 [Peter: adjust autoreconf comment] Signed-off-by:
Damien Riegel <damien.riegel@savoirfairelinux.com>
Reviewed-by: Julien Floret <julien.floret@6wind.com> Signed-off-by:
-
Martin Bark authored
See https://nodejs.org/en/blog/release/v8.9.3/ [Peter: mention that this fixes security issues] Signed-off-by:
Martin Bark <martin@barkynet.com> Signed-off-by:
-
Yegor Yefremov authored
python-pycparser is mentioned in setup.py as install_requires, so select it in Config.in. As python-cffi will be installed with python-crossbar's dependencies, remove it from python-crossbar's Config.in. Signed-off-by:
Yegor Yefremov <yegorslists@googlemail.com> Signed-off-by:
-
Peter Seiderer authored
The gdb install target installs dynamic versions of libbfd and libopcode, accidentally overwriting the binutils provided versions (gdb itself links against the bundled static ones to avoid version problems, so the dynamic ones are un-needed). Prevent the installation by using the '--disable-install-libbfd' configure option. Signed-off-by:
Peter Seiderer <ps.report@gmx.net> Signed-off-by:
-
Fabio Estevam authored
Signed-off-by:
-
Ryan Coe authored
Release notes: https://mariadb.com/kb/en/mariadb-10129-release-notes/ Changelog: https://mariadb.com/kb/en/mariadb-10129-changelog/ Fixes the following security vulnerabilities: CVE-2017-10378 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2017 -10268 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. Signed-off-by:
Ryan Coe <bluemrp9@gmail.com> Signed-off-by:
-
Fabio Estevam authored
[Peter: drop 4.14.x bump] Signed-off-by:
-
Angelo Compagnucci authored
This patch bumps the Linux CIP version to v4.4.105-cip15. Signed-off-by:
Angelo Compagnucci <angelo@amarulasolutions.com> Signed-off-by:
-
Yann E. MORIN authored
Since 0542bb79 (uboot: Support multiple environment source files), missing user-supplied environment source files is no longer detected. This is because we cat them all, and feed the concatenation to the stdin of mkenvimage. So, if one source file is missing, the cat exits in error, but the compound command exits with the exit code of the last command, which is that of mkenvimage, which happens to be happy with whatever it is fed on its stdin, even is empty. We fix that by creating a temporary file, that we even leave afterward for the user to inspect. We also move it out of the _CMDS block and into a macro of its own, so that it is easier to write and maintain. Signed-off-by:
-
Baruch Siach authored
Fixes socket leak that might cause denial of service. https://bugzilla.redhat.com/show_bug.cgi?id=1523547 Signed-off-by:
-
Baruch Siach authored
Renumber the patch. Add license hash. Signed-off-by:
-
Bernd Kuhls authored
Version 2.2.7 fixes CVE-2017-10699 http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=0de56d69ff06afceb5b16721ea5965a676b938b9 Removed patches applied upstream: 0013-codec-avcodec-check-avcodec-visible-sizes.patch http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b 0014-decoder-check-visible-size-when-creating-buffer.patch http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49 Added all hashes provided by upstream, added license hashes. Switched _SITE to https. Signed-off-by:
Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by:
-
Julien BOIBESSOT authored
Since Linux kernel commit [1], the build of the iio tool has been changed to use the common Linux tools build system. The installation directory is now given by DESTDIR, like for all other Linux tools. We keep the INSTALL_DIR environment in the 'install' target to be compatible with kernels older than 4.14. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=18956cf2d78a8d4a5959e20240f04ce8d5a6c121 Signed-off-by:
Julien BOIBESSOT <julien.boibessot@armadeus.com> Signed-off-by:
-
Peter Korsgaard authored
Various bugfixes, including a compat fix for <= 3.10. Signed-off-by:
-
Bernd Kuhls authored
Signed-off-by:
-
Bernd Kuhls authored
This release fixes CVE-2017-17439: https://github.com/heimdal/heimdal/releases Signed-off-by:
-
Bernd Kuhls authored
Fixes CVE-2017-3737 & CVE-2017-3738: https://www.openssl.org/news/secadv/20171207.txt Added license hash. Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: wnpa-sec-2017-47: The IWARP_MPA dissector could crash. (Bug 14236) https://www.wireshark.org/security/wnpa-sec-2017-47.html wnpa-sec-2017-48: The NetBIOS dissector could crash. (Bug 14249) https://www.wireshark.org/security/wnpa-sec-2017-48.html wnpa-sec-2017-49: The CIP Safety dissector could crash. (Bug 14250) https://www.wireshark.org/security/wnpa-sec-2017-49.html For more information, see the release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.2.11.html Signed-off-by:
-
Baruch Siach authored
List of fixes from the 2.26 branch NEWS files: CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered from a one-byte overflow during ~ operator processing (either on the stack or the heap, depending on the length of the user name). Reported by Tim Rühsen. CVE-2017-15671: The glob function, when invoked with GLOB_TILDE, would sometimes fail to free memory allocated during ~ operator processing, leading to a memory leak and, potentially, to a denial of service. CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and without GLOB_NOESCAPE, could write past the end of a buffer while unescaping user names. Reported by Tim Rühsen. CVE-2017 -17426: The malloc function, when called with an object size near the value SIZE_MAX, would return a pointer to a buffer which is too small, instead of NULL. This was a regression introduced with the new malloc thread cache in glibc 2.26. Reported by Iain Buclaw. Cc: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by:
-
Petr Vorel authored
Fixes: http://autobuild.buildroot.net/results/6c0506423c76b61018da26c2549570e3d9eb5763/ Signed-off-by:
Petr Vorel <petr.vorel@gmail.com> Signed-off-by:
-
Baruch Siach authored
Fixes CVE-2017-17433 and CVE-2017 -17434: remote bypass of security restrictions. Signed-off-by:
-
Bernd Kuhls authored
Signed-off-by:
-
Johan Oudinet authored
The HDF5 package is used by flann for testing purpose only and is not part of buildroot packages. However, if present in the host, it will be used and trigger the unsafe header/library path used in cross-compilation error. Signed-off-by:
Johan Oudinet <johan.oudinet@gmail.com> Signed-off-by:
-
Norbert Lange authored
This new version includes a fix to allow compilation with compilers defaulting to -fpie (gcc 6+). It also a fix for a critical bug in Cobalt: http://xenomai.org/pipermail/xenomai/2017-November/037923.html Signed-off-by:
Norbert Lange <nolange79@gmail.com> Reviewed-by:
-
Fabio Estevam authored
Fixes CVE-2017 -1000405. [Peter: drop 4.14.x bump] Signed-off-by:
-
Bernd Kuhls authored
Signed-off-by:
-
