Fixes CVE-2017-7805 - Martin Thomson discovered that nss, the Mozilla
Network Security Service library, is prone to a use-after-free vulnerability
in the TLS 1.2 implementation when handshake hashes are generated. A remote
attacker can take advantage of this flaw to cause an application using the
nss library to crash, resulting in a denial of service, or potentially to
execute arbitrary code.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libnss 3.33 needs libnspr >= 4.17.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Added all hashes provided by upstream.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bump the kernel to version 4.13.5 and U-Boot to 2017.09.
While at it, remove the custom scripts for generating the SD card image
and use the standard scripts instead.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
ifupdown-scripts has some .empty files to maintain empty directories
in git. Previously this package used to be part of the skeleton which
used SYSTEM_RSYNC to copy the directories to the target. When it was
split into a separate package, cp -a was used to do the copy instead,
which copies the .empty files.
Change to SYSTEM_RSYNC which excludes .empty files.
Signed-off-by: Cam Hutchison <camh@xdna.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As stated by the upstream developers, Prosody only supports
lua-5.1 or luajit (which is a lua-5.1 interpreter):
> Response from zash at zash.se:
>
>> I pegged the package to lua 5,1 based on the contents of the
>> INSTALL file. Is this a hard requirement?
>
> Up until Prosody 0.9 Lua 5.1 is required. However LuaJIT
> implements Lua 5.1 so it works.
The license terms are not very consistent: the source files all
state to be "MIT/X11 licensed" and defer to the COPYING file for
details, but that file only has the text for the MIT license.
Thus, we believe the license to be MIT/X11, as stated in the source
files.
This installs the base system with certificates for two domains:
localhost and example.com
The default runtime configuration is tweaked during installation
to properly setup logging and pid-file directories.
Prosody doesn't like being executed as root, and thus the daemon
is executed as the user prosody. The startup script creates the
pid file write location with appropriate permissions.
Signed-off-by: Dushara Jayasinghe <nidujay@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The WITH_PTHREADS_PF option was errantly categorized as a Windows only option.
WITH_PTHREADS_PF actually enables a parallelization framework that utilizes
pthreads to optimize some inner for loops of different OpenCV operations. This
optimization is available on any platform that has pthreads.
Signed-off-by: bradford barr <bradford@density.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The "virt" machine supports disk emulation, so use a ext4 rootfs instead of
initramfs for consistency with the other qemu defconfigs.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
lua.pc is generated from a common template in the build step.
install steps are restored like in BR 2017.05
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The license file got reformatted as reStructuredText, but the license itself
didn't change.
Drop unneeded md5sum and add license hash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, the target and host flex packages do not behave the same in
terms of patching: the target variant has a patch hook that disables
building the programs (because they are not needed, and do not build
on no-MMU platforms). However, this hook is obviously not executed for
host-flex, because we really want the host flex binary to be built.
In preparation for the introduction of out-of-tree package build, it
is important that we don't do different things in the patch hooks for
the target and host variant of a given package, because the source
tree will be shared between the target and host builds.
To solve this, we introduce a --disable-program configure option,
through a patch to the flex configure.ac and Makefile.am. This patch
makes the current 0001-flex-disable-documentation.patch no longer
needed.
Furthermore, building the documentation is a PITA: flex.1 depends on
configure.ac and a few other files generated during the build. Touching
flex.1 does not work, because automake will forcibly remove the files
when its prerequisites are too old, so pre-requisites of flex.1 will
always be more recent than flex.1. So, we add a patch that adds a
--disable-doc configure option.
Fixes:
http://autobuild.buildroot.org/results/f70/f70b39632535bb9692d0a032166b2f4104532967/http://autobuild.buildroot.org/results/525/52567afdfe7992b3518de0e01227ba14aa300f21/
[...]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[yann.morin.1998@free.fr:
- rebase on-top of master,
- add patch to not build the documentation, because simply touching
flex.1 is no longer enough.
- keep install in target/, for shared builds
]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Adrian Perez de Castro <aperez@igalia.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Upstream wiringpi apparently has some issues with their release
process: their 2.42 and 2.44 tags point to the exact same commit. And
at the 2.44 tag, the VERSION file was not updated to indicate that
it's version 2.44.
A follow-up commit added support for the RPi Zero-W, and fixed the
VERSION file to contain 2.44. So let's use this follow-up commit as
the new version for wiringpi.
This will hopefully clarify things, and avoid confusion such as the
one reported in bug #10391 [1].
[1] https://bugs.busybox.net/show_bug.cgi?id=10391
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Thomas: rewrite commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes [1] when building with musl:
find_event_devices.c: In function 'find_event_devices':
find_event_devices.c:60:14: error: 'PATH_MAX' undeclared (first use in this function)
char fname[PATH_MAX];
^~~~~~~~
[1] http://autobuild.buildroot.net/results/607/607bb29231f80a138e1b5423bc01c89e36efe78c/
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Neon is compulsory on AArch64, and BR2_ARM_CPU_HAS_NEON is false on
AArch64. Therefore, this change is needed to enable building VC4
gallium driver for Rpi3 using AArch64.
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Enable selection of VC4 driver when compiling for Rpi3 using aarch64
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update Linuxptp to the latest version from 1. September 2017
This update brings bugfixes and minor enhancements.
Signed-off-by: Petr Kulhavy <brain@jikos.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
hostapd project URL has been changed to w1.fi/hostapd.
The old domain epitest.fi has expired.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, the download directory, when specified with the -d option, is
only used to store the files downloaded by the testing infra, not those
downloaded by Buildroot.
So, we end up with this situation:
BR2_DL_DIR | -d DIR | test downloads | BR downloads
------------+----------+------------------+--------------
unset | unset | [error] | [error]
unset | set | in $(DIR) | in $(TOP_DIR)/dl
set | unset | in $(BR2_DL_DIR) | in $(BR2_DL_DIR)
set | set | in $(DIR) | in $(BR2_DL_DIR)
This is not very consistent.
We change the behaviour so that the value of -d always takes precedence,
and is used by Buildroot as well, giving this new behaviour:
BR2_DL_DIR | -d DIR | test downloads | BR downloads
------------+----------+------------------+--------------
unset | unset | [error] | [error]
unset | set | in $(DIR) | in $(DIR)
set | unset | in $(BR2_DL_DIR) | in $(BR2_DL_DIR)
set | set | in $(DIR) | in $(DIR)
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Finally there's working ARC port of glibc thanks to Vineet and Cuper!
This port is based on pretty recent glibc's master branch and ARC
changes are being reviewed now in glibc's mailing list.
Thus we again have to use sources from our GitHub but as soon as there's
a glibc release with our patches applied we'll switch to upstream releases
and will drop our glibc GitHub repo alltogether.
Note now we cut tags in glibc repo simultaneously with tags
in Binutils and GCC repos and so to make sure everything works in the best
way we plan to update glibc tag together with Binutils and GCC.
Also note as of today ARCompact (AKA ARCv1 ISA) is not supported in glibc
but we plan to fix it soonish so for now we make glibc intentionally
dependent on archs38.
Also note we are not creating directory "2.26" because all patches for glibc
ver 2.26 applies to arc glibc port.
Signed-off-by: Evgeniy Didin <didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
CC: Waldemar Brodkorb <wbx@openadk.org>
CC: Romain Naour <romain.naour@gmail.com>
Cc: Cupertino Miranda <cmiranda@synopsys.com>
Cc: Vineet Gupta <vgupta@synopsys.com>
Cc: Anton Kolesov <akolesov@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Mainline kernel is able to decode video via the coda driver.
Add support for it and also add some explanation on how VPU decoding
can be tested with Gstreamer.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix typo 'selectes' -> 'selects'.
Additionally, change 'will exclude' to 'excludes' to align with 'selects'.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes the following security issues:
CVE-2017-13720 - Check for end of string in PatternMatch
CVE-2017-13722 - pcfGetProperties: Check string boundaries
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>