>From the release notes:
- Extend pow tables for layer III to properly handle files with i-stereo and
5-bit scalefactors. Never observed them for real, just as fuzzed input to
trigger the read overflow. Note: This one goes on record as CVE-2017-11126,
calling remote denial of service. While the accesses are out of bounds for
the pow tables, they still are safely within libmpg123's memory (other
static tables). Just wrong values are used for computation, no actual crash
unless you use something like GCC's AddressSanitizer, nor any information
disclosure.
- Avoid left-shifts of negative integers in layer I decoding.
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 474daa20f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Libgrcrypt is a direct dependency of WebKitGTK+, and as such it
should be selected.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: add missing dependency on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b61c805fca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This simply updates to the latest stable release. WebKitGTK+ versions
in the 2.1x series avoid bumping the dependencies in order to allow
distributions to provide updates, therefore no new dependencies are
needed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 23c0872442)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-7890 - Buffer over-read into uninitialized memory. The GIF
decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be
reached with a call to the imagecreatefromstring() function) uses
constant-sized color tables of size 3 * 256, but does not zero-out these
arrays before use.
CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229 -
Out-of-bonds access in oniguruma regexp library.
CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, the openssl extension PEM sealing code did not check the return value
of the OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative number in
ext/openssl/openssl.c, and an OpenSSL documentation omission.
CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, lack of a bounds check in the date extension's timelib_meridian
parsing code could be used by attackers able to supply date strings to leak
information from the interpreter, related to an ext/date/lib/parse_date.c
out-of-bounds read affecting the php_parse_date function.
CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x
through 7.1.7, lack of bounds checks in the date extension's
timelib_meridian parsing code could be used by attackers able to supply date
strings to leak information from the interpreter, related to
ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date
function. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2017-11145.
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 91f4c9d412)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As per LICENSE file, php uses PHP license version 3.01.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e066bfa664)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7.1.2 is a bugfix release, fixing a number of issues:
http://www.php.net/ChangeLog-7.php#7.1.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 34d19a23ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream patches fixing the following security issues:
CVE-2017-10971:
The endianess handling for X Events assumed a fixed size of X Event structures and
had a specific 32 byte stack buffer for that.
However "GenericEvents" can have any size, so if the events were sent in the wrong
endianess, this stack buffer could be overflowed easily.
So authenticated X users could overflow the stack in the X Server and with the X
server usually running as root gaining root prileveges.
CVE-2017-10972:
An information leak out of the X server due to an uninitialized stack area when swapping
event endianess.
For more details, see the advisory:
http://www.openwall.com/lists/oss-security/2017/07/06/6
[Apply 1.19.x patches to 1.19.1 instead of 1.19.3]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2015d83dd5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We had several remarks on the mailing list of users that were surprised
that patches were not applied for packages whose SITE_METHOD is local.
So document this.
Note that for OVERRIDE_SRCDIR itself it is already documented:
When Buildroot finds that for a given package, an
<pkg>_OVERRIDE_SRCDIR has been defined, it will no longer attempt to
download, extract and patch the package. Instead, it will directly use
the source code available in in the specified directory.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0611045c42)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the advisory:
https://irssi.org/security/irssi_sa_2017_07.txt
Two vulnerabilities have been located in Irssi.
(a) When receiving messages with invalid time stamps, Irssi would try
to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter
of Geeknik Labs. (CWE-690)
CVE-2017-10965 [2] was assigned to this bug
(b) While updating the internal nick list, Irssi may incorrectly use
the GHashTable interface and free the nick while updating it. This
will then result in use-after-free conditions on each access of
the hash table. Found by Brian 'geeknik' Carpenter of Geeknik
Labs. (CWE-416 caused by CWE-227)
CVE-2017-10966 [3] was assigned to this bug
Impact
------
(a) May result in denial of service (remote crash).
(b) Undefined behaviour.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9bf7844688)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure option --with-ncurses has been removed in version 1.0.0
and thus is no longer needed.
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a97b1e03fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While building I noticed:
>>> host-ccache 3.3.4 Building
conf.c: In function 'conf_create':
conf.c:314:2: warning: too many arguments for format [-Wformat-extra-args]
conf->cache_dir = format("/home/peko/.buildroot-ccache", get_home_directory());
^
As host-ccache gets installed into $(HOST_DIR) and is part of the SDK,
hardcoding the build user homedir isn't really nice for the relocatable
SDK feature (or simply for a SDK used by multiple users).
As the warning shows, CCache replaces "%s" with the current user home
directory, so rewrite BR_CACHE_DIR to use this feature if it begins with
$HOME.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bdca0d0581)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changing setup type to setuptools avoids installing as zipped .egg
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 37cb6e971c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The XVISOR_ARCH check added in commit
117fd5dfbc ("xvisor: fix build on
AArch64") broke Buildroot entirely on all architectures except ARM,
AArch64 and x86-64, because the $(error ...) test was not enclosed
inside a condition that made sure the xvisor package was enabled.
This commit fixes that, and allows Buildroot to be usable again on all
architectures.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 27ce235cdb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Xvisor was failing to build on AArch64 with:
package/xvisor/xvisor.mk:60: *** No Xvisor defconfig name specified, check your BR2_PACKAGE_XVISOR_DEFCONFIG setting. Stop.
The first problem is that the Config.in file had a typo: it was using
BR2_AARCH64 instead of BR2_aarch64, and therefore the
BR2_PACKAGE_XVISOR_DEFCONFIG variable had no value.
Once this is fixed, another problem occurs: the ARCH variable needs to
be specified as "arm" for XVisor, for both ARM and AArch64. Therefore,
a XVISOR_ARCH variable is introduced, which is calculated according to
the Buildroot configuration options. Only x86-64, arm and aarch64 are
supported by Xvisor currently, so it remains simple.
Fixes:
http://autobuild.buildroot.net/results/1719a63ff257f13634a06a14327abfb327984101/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 117fd5dfbc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
FEATURE_CLEAN_UP is a configuration feature to get busybox to explicitly
call free() on dynamic allocated memory just before exiting so memory leak
detectors like valgrind don't get confused. Upstream explicitly recommends
to NOT enable this option:
config FEATURE_CLEAN_UP
bool "Clean up all memory before exiting (usually not needed)"
default n
help
As a size optimization, busybox normally exits without explicitly
freeing dynamically allocated memory or closing files. This saves
space since the OS will clean up for us, but it can confuse debuggers
like valgrind, which report tons of memory and resource leaks.
Don't enable this unless you have a really good reason to clean
things up manually.
Having this option enabled adds a bit of bloat, but more significantly these
cleanup code paths don't get tested very often so some times get out of sync
with the allocation code which can lead to crashes (or security issues from
double frees), so it is safer to disable the option.
For people wanting to debug memory leak issues with busybox, the option can
still be enabled with a configuration fragment (or a custom config).
The size difference isn't huge (br-arm-full-static):
-rwxr-xr-x 1 peko peko 886K Jul 5 10:56 output-busybox1/target/bin/busybox
-rwxr-xr-x 1 peko peko 882K Jul 5 10:53 output-busybox2/target/bin/busybox
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 15e8e721f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default, libglib enables some fairly aggressive warnings, treated
as errors. In particular, the -Wformat=2 warning triggers a warning
due to the return value of the ngettext() macro from uClibc libintl
stub not being understood as being potentially a format string.
So, before we enable the stub libintl in uClibc, we disable such
warnings. A bug will be reported to upstream uClibc to get the actual
bug fixed, but disabling compiler warnings treated as errors is anyway
a good thing in the context of Buildroot.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f2800ac57c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The size parameter from sock_recvmsg() was removed from Linux kernel
API since 4.7. This commit adjusts the existing
0004-Port-one-one_udp.c-to-Linux-4.1.patch to fix the build with Linux
>= 4.7.
Signed-off-by: Matthew Shyu <matthew.shyu@amlogic.com>
[Thomas: improved commit title/log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0ae2cab416)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
systemd does not like being booted without any timezone info (especially
on a R/O filesystem), so we forcibly enable that.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
[Thomas: fix alphabetic ordering.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 81597b82e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patches downloaded from Github are not stable, so bring them in the
tree.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7ced54845c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since [1] syslinux is built with the target toolchain in order to
properly build with gnu-efi package. But toolchains built with
binutils 2.26 break the syslinux legacy-BIOS build as reported at [2],
due to binutils bug #19615.
Thanks to Benoît Allard for the investigation and the link to the
binutils bug [3].
[1] 6e432d5ecb
[2] http://lists.busybox.net/pipermail/buildroot/2017-July/196253.html
[3] https://sourceware.org/bugzilla/show_bug.cgi?id=19615
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Benoît Allard <benoit.allard@greenbone.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 42638a1d12)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If util-linux is not installed system-wide on the host, the build
fails with:
/usr/bin/gcc -Wp,-MT,isohybrid.o,-MMD,./.isohybrid.o.d -O2 -I/home/thomas/projets/buildroot/output/host/usr/include -W -Wall -Wstrict-prototypes -Os -fomit-frame-pointer -D_FILE_OFFSET_BITS=64 -I/home/thomas/projets/buildroot/output/build/syslinux-6.03/utils -c -o isohybrid.o /home/thomas/projets/buildroot/output/build/syslinux-6.03/utils/isohybrid.c
/home/thomas/projets/buildroot/output/build/syslinux-6.03/utils/isohybrid.c:40:23: fatal error: uuid/uuid.h: No such file or directory
#include <uuid/uuid.h>
^
compilation terminated.
Therefore, this commit adds a dependency on host-util-linux, which
will ensure that libuuid is available. The resulting isohybrid tool is
really installed, and linked with libuuid:
$ readelf -d output/host/usr/bin/isohybrid
Dynamic section at offset 0x3e00 contains 26 entries:
Tag Type Name/Value
0x0000000000000001 (NEEDED) Shared library: [libuuid.so.1]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
0x000000000000000f (RPATH) Library rpath: [/home/thomas/projets/buildroot/output/host/usr/lib]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d98d7d660e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet was
crafted in a particular way. This patch checks that there is enough data
for the required elements of an NAPTR record (2 int16, 3 bytes for string
lengths) before processing a record.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 4.7.3 release brings a number of bugfixes and improvements:
https://www.xenproject.org/downloads/xen-archives/xen-project-47-series/xen-473.html
Including fixes for the following security issues:
XSA-211: Cirrus VGA Heap overflow via display refresh (CVE-2016-9603)
XSA-212: x86: broken check in memory_exchange() permits PV guest breakout
(CVE-2017-7228)
XSA-213: x86: 64bit PV guest breakout via pagetable use-after-mode-change
(CVE-2017-8903)
XSA-214: grant transfer allows PV guest to elevate privileges (CVE-2017-8904)
XSA-215: possible memory corruption via failsafe callback (CVE-2017-8905)
XSA-216: blkif responses leak backend stack data (CVE-2017-10911)
XSA-217: page transfer may allow PV guest to elevate privilege
(CVE-2017-10912)
XSA-218: Races in the grant table unmap code (CVE-2017-10913 CVE-2017-10914)
XSA-219: x86: insufficient reference counts during shadow emulation
(CVE-2017-10915)
XSA-220: x86: PKRU and BND* leakage between vCPU-s (CVE-2017-10916)
XSA-221: NULL pointer deref in event channel poll (CVE-2017-10917)
XSA-222: stale P2M mappings due to insufficient error checking
(CVE-2017-10918)
XSA-223: ARM guest disabling interrupt may crash Xen (CVE-2017-10919)
XSA-224: grant table operations mishandle reference counts
(CVE-2017-10920 CVE-2017-10921 CVE-2017-10922)
XSA-225: arm: vgic: Out-of-bound access when sending SGIs (CVE-2017-10923)
Also change download location as bits.xensource.com seems to be down.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 435b4cce0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream removed the src/daemon/pulseaudio-kde.desktop.in since the
version 6.0 [1].
[1] f46799579f
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 90536c3dfc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2017-8372 - The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a
denial of service (assertion failure and application exit) via a crafted
audio file.
CVE-2017-8373 - The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted audio file.
CVE-2017-8374 - The mad_bit_skip function in bit.c in Underbit MAD libmad
0.15.1b allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) via a crafted audio file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6369a06150)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the WebRTC plugin option was introduced in commit
ee267886bc ("gst1-plugins-bad: enable
webrtc plugin"), it was incorrect added as "webrtc", while the actual
name of the plugin and corresponding configure option is "webrtcdsp".
This commit therefore fixes the .mk file to use the correct name. And
also, since we want to keep Buildroot option consistent with the name
of the GStreamer plugins, it renames the Config.in option as well, and
introduces the necessary Config.in.legacy handling.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c06d2490a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the release notes:
- Avoid memset(NULL, 0, 0) to calm down the paranoid.
- Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten
offset from the frame flag bytes (unnoticed in practice for a long time).
Fuzzers are in the house again. This one got CVE-2017-10683.
https://sourceforge.net/p/mpg123/bugs/252/
- Avoid a mostly harmless conditional jump depending on uninitialised
fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet.
- Fix undefined shifts on signed long mask in layer3.c (worked in practice,
never right in theory). Code might be a bit faster now, even. Thanks to
Agostino Sarubbo for reporting.
dlopen() is now directly used to load output modules (and the
--with-modules-suffix option has been removed), so adjust the modules logic
to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b3a0afd47f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before
2017-06-29, allows out-of-bounds heap memory write due to calling memcpy()
with a wrong size, leading to a denial of service (application crash) or
possibly code execution.
https://trac.videolan.org/vlc/ticket/18467
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b9153ed954)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: License is GPL-2.0+ / LGPL-2.1+]
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 56ed4a1ef2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default, cut prints the entire line if the specified delimiter is not
present at all:
$ printf "foo bar" | cut -d' ' -f2
bar
$ printf "foobar" | cut -d' ' -f2
foobar
In setlocalversion, cut is presented with the output of 'hg id' which has
the format:
"<revision> <tags-if-any>"
If the current revision is not tagged, the output of 'hg id' does not
contain the delimiter (space), cut prints the entire string, and
setlocalversion thinks the version is the tag.
As setlocalversion does not print anything for tagged versions, there is no
output overall, and no correct indication of the mercurial revision.
Fix by passing the extra cut option '--only-delimited', which suppresses
output if no delimiter is found.
This problem likely went unnoticed for so long, because the tag 'tip' (i.e.
most recent revision of the branch) is treated specially: in this case the
mercurial revision _is_ printed, i.e. the situation is treated as
'untagged'.
The problem is only seen when you are _not_ at the most recent revision in
your branch.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ec019bcf64)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone
transfers
An attacker who is able to send and receive messages to an authoritative DNS
server and who has knowledge of a valid TSIG key name may be able to
circumvent TSIG authentication of AXFR requests via a carefully constructed
request packet. A server that relies solely on TSIG keys for protection with
no other ACL protection could be manipulated into:
* providing an AXFR of a zone to an unauthorized recipient
* accepting bogus NOTIFY packets
https://kb.isc.org/article/AA-01504/74/CVE-2017-3142
CVE-2017-3041: An error in TSIG authentication can permit unauthorized dynamic
updates
An attacker who is able to send and receive messages to an authoritative DNS
server and who has knowledge of a valid TSIG key name for the zone and service
being targeted may be able to manipulate BIND into accepting an unauthorized
dynamic update.
https://kb.isc.org/article/AA-01503/74/CVE-2017-3143
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a0c53973f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
0001 patch already included in this release:
b218117cad
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f4a3853423)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-8312: Heap out-of-bound read in ParseJSS in VideoLAN VLC due
to missing check of string length allows attackers to read heap
uninitialized data via a crafted subtitles file.
[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b2f2f92887)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Automake currently has a unescaped left brace in it's automake.in folder
that generates the warning:
"Unescaped left brace in regex is deprecated, passed through in regex;"
This patch, which is backported from upstream fixes this warning.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: format patch using "git format-patch".]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 22dbe0035f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Static build with external musl toolchain leaves a dangling symlink to
libc.so. Don't create that symlink on static build.
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7cfd40f2d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
