Fixes (no CVEs yet):
Buffer over-write in finfo_open with malformed magic file.
Invalid memory write in phar on filename with \0 in name.
Parsing of tar file with duplicate filenames causes memory leak.
php_snmp_error() Format String Vulnerability.
Integer Overflow in php_raw_url_encode.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Release notes at http://fastd.readthedocs.org/en/v18/releases/v18.html
First patch rebased, second patch removed (gone upstream). Using tarball
and hashes instead of git now.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>From v6 to v7 just few changes were made for performance improvement and
compatibility.
Switched from git download to source tarballs and hashes.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patches upstream so drop them.
The 'bat' binary utility was renamed to 'alsabat' probably to avoid some
clash, keep the old .config symbol to avoid pointless legacy.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop 0001-add-missing-include.patch since it's upstream.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
These three are Zynq boards and the build procedure is almost the
same. Having the SoC name prefix "zynq_" would be more consistent.
Also, this is the way in which the Linux Device Trees and the U-Boot
configuration files do.
This commit renames as follows:
zedboard_defconfig -> zynq_zed_defconfig
microzed_defconfig -> zynq_microzed_defconfig
xilinx_zc706_defconfig -> zynq_zc706_defconfig
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The version check for the nfq_get_payload prototype is wrong since it's
done against linux headers when in fact it changed with the 1.0.0
release of libnetfilter_queue, leading to build failure in toolchains
that have old headers when libnetfilter_queue is present. Fixes:
http://autobuild.buildroot.net/results/c0e/c0e897a6db888d4a7e0302cdc1e0cbec7d1e88f3/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently systemd getty services ignore baudrates set in buildroot in
favour of a hardcoded 115200. This patch SEDs out that hardcoded value with
what is selected.
Signed-off-by: Cyril Bur <cyrilbur@gmail.com>
Reviewed-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
linuxthreads is the only threading option for noMMU xtensa, enable it.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2016-1950 - Fixed a heap-based buffer overflow related to the
parsing of certain ASN.1 structures. An attacker could create a
specially-crafted certificate which, when parsed by NSS, would cause a
crash or execution of arbitrary code with the permissions of the user.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that we use unbundled ffmpeg the licensing becomes much easier.
Relevant code is under ext/*, which according to COPYING and comments is
GPLv2+, except for ext/libswscale/gstffmpegscale.c which is LGPLv2+ -
however that's not built/used when using system ffmpeg.
The code under gst-libs/ is the bundled ffmpeg itself.
Tests are under LGPLv2+ as well but we don't build them since we
disabled gst-check support in the gstreamer1 package.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It avoids the crazy in handling all of the ffmpeg options here as well,
and potentially avoids target code duplication, hence resulting in a
size reduction.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: extend help text as suggested by Arnout.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The format of the ACL database in tvheadend has changed, and generating
a default user is a little bit more involved than just dumping a file in
the correct locations: filenames are now md5sum (of something?) and the
usernames and passwords now have their own DB.
However, tvheadend has a wizard mode, where it is possible to configure
the basic features, of which creating an admin user.
We remove our canned ACL database, and change the startup script to
start in wizard mode on first run. We also switch to using our infra to
set the permissions.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Remove the bundled sqlite unconditionally, as we always want to use
the external sqlite.
- Remove the --with-system-sqlite option as is only valid for the
bundled sqlite configure script which we will no longer use.
- Do not remove TDBC when BR2_PACKAGE_SQLITE is not selected as it may
be used for other TDBC drivers such as MySQL or PostgreSQL.
Fixes:
http://autobuild.buildroot.net/results/022/02296f8624d3406a63d3a179f53862f245c56dc1/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Those [0-9] expressions are needlessly complex, and they actually no
longer work now that sqlite3.11.0 is bundled internally (11 is two
digits, which was accounted for).
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
aer-inject allows to inject PCIE AER errors on the software level into
a running Linux kernel. This is intended for validation of the PCIE
driver error recovery handler and PCIE AER core handler.
Signed-off-by: Tiago Brusamarello <tiago.brusamarello@datacom.ind.br>
[Thomas:
- tweak commit log
- rewrap Config.in help text
- remove useless AER_INJECT_MAKE_OPTS variable, use
TARGET_CONFIGURE_OPTS directly
- add missing newline at end of .mk file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When a toolchain is glibc based, the getent package assumes that
$(STAGING_DIR)/usr/bin contains the getent program. Unfortunately, the
Codescape MIPS toolchains do not conform with this:
$(STAGING_DIR)/usr/{bin,sbin} are empty, and instead three directories
are provided: bin-o32, bin-n32 and bin-n64 (ditto for sbin), one for
each supported MIPS ABI.
Since this is a toolchain-specific oddity, we handle it by adding a
post-install fixup hook that creates $(STAGING_DIR)/usr/{bin,sbin} as
symbolic link to the appropriate directory.
Fixes:
http://autobuild.buildroot.org/results/9c0ee836021553319f166f9de88750535aee0a58/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It only provided the host variant, which was only used by crda (no
longer necessary), and wasn't available as a host selection.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add an upstream-submitted (but not accepted) patch in order to allow
crda to be built with python2 as well as python3.
This drops m2crypto usage (python2-only) in favour of pycrypto which can
be built against both major versions.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Will be used by the crda python3-enabling patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It's used for JUnit XML output support.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It doesn't have an enable/disable switch so it's just the dependency.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It's in the rpi backend block which makes no sense, and it depends on
xwayland being enabled which we currently don't support so remove it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>