This bumps to linux/linux-headers 5.0.
Signed-off-by: Shyam Saini <shyam.saini@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2019-6256: A Denial of Service issue was discovered in the LIVE555
Streaming Media libraries as used in Live555 Media Server 0.93. It can
cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when
RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in
a GET request and a POST request within the same TCP session. This occurs
because of a call to an incorrect virtual function pointer in the
readSocket function in GroupsockHelper.cpp.
- CVE-2019-7314: liblivemedia in Live555 before 2019.02.03 mishandles the
termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up,
which could lead to a Use-After-Free error that causes the RTSP server to
crash (Segmentation fault) or possibly have unspecified other impact.
- CVE-2019-9215: n Live555 before 2019.02.27, malformed headers lead to
invalid memory access in the parseAuthorizationHeader function.
The normal live555 web site is temporarily unavailable, so use an
alternative _SITE / drop upstream hash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hash of the README changed for reasons unrelated to licensing: a
new "ENVIRONMENT" section was added to the README.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas: re-add license file, explain in the commit log why its hash
changed]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file hash changed due to a copyright year update:
-Copyright (C) 2011-2018 by Salvador Fandino (salva@cpan.org).
+Copyright (C) 2011-2019 by Salvador Fandino (salva@cpan.org).
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas: explain why the license file hash is changed]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file is changed from README, which contained just the
following license details:
"""
This library is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
"""
to the more complete LICENSE file, which didn't exist back in the 6.02
version. This LICENSE file contains the usual GPL or Artistic license
text.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas: add details about the license file change]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hash of the license file changes only due to copyright year
changes:
-This software is copyright (c) 2016 by Adam Kennedy.
+This software is copyright (c) 2002-2019 by Adam Kennedy.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas: add details as to why the license file hash changed]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For the target, we only ever use the gettext-tiny source, while for
the host we also use that of gettext-gnu.
Fixes:
http://autobuild.buildroot.org/results/572/5724b246cf411d95702fcff6dbf2b809b899108c/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: "Giulio Benetti" <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since bump to version 4.14.2.1, binutils is not an optional dependency
anymore as bfd.h has been droped in 4.14.0 with
245b5a3b4b
So drop it and manage optional elfutils dependency through a
single line (and drop binutils/elfutils comment)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since libintl.a can be pulled in during the build of other shared libs,
it must be compiled with -fPIC, which is what gettext-tiny's Makefile
would do.
Since we provide our own CFLAGS, they override those in the Makefile.
Fix that by ensuring that -fPIC is used when building the static
library.
Fixes:
http://autobuild.buildroot.org/results/a38/a3800fd4ef2536cc2b82d38ea752baa2b227bc64/
Also, since GETTEXT_TINY_OPTS is used only once and contains a single
definition, get rid of it altogether.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the license list: it should be a space-separated list of files, it
is not a comma-separated list.
Fixes:
http://autobuild.buildroot.org/results/74b/74be940e5757d18452b0eb97b9973c278be20345/
Add hashes for the license files while at it, and cleanup the hash file
as well.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Even though gettext-tiny re-uses the gettext-gnu source code, it makes
a separate download in the gettext-tiny download folder, so use this
one, and not the one from the gettext-gnu download folder, which may
not exist.
Fixes:
http://autobuild.buildroot.net/results/4e289f30bc6e58ad81611e8e04779134dcbe1241/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
zstd support has been in version 4.14.0 and
3684424fe2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
openssl support has been added in version 4.14.0 with
64028f9a1c
Add a patch from upstream to fix build with openssl ad MD2 is disabled
by default:
https://github.com/rpm-software-management/rpm/pull/453
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
rpm depends on pthreads because it uses it, not because of beecrypt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It should be noted that dbus is enabled by default
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is not --{disable,enable}-lzma option
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is no --{disable,enable}-bzip2 option
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove first and second patches (already in version)
- Remove third and fourth patches (not needed since:
245b5a3b4b)
- Add hash for license file
- Drop autoreconf (as configure.ac is not patched anymore)
- Use new --with-crypto option
- Restrict symlink following on installation (CVE-2017-7500,
CVE-2017-7501)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Add COPYING and its hash to license files
- Drop all patches (not needed anymore or already in version)
- Drop autoreconf
- Drop --disable-strip-binaries (not available anymore)
- Drop all "hacks" as package now use pkg-config and automake
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add gettext-tiny package from the sabotage-linux project:
gettext-tiny provides lightweight replacements for tools typically used
from the GNU gettext suite, which is incredibly bloated and takes a lot
of time to build (in the order of an hour on slow devices). the most
notable component is msgfmt which is used to create binary translation
files in the .mo format out of textual input files in .po format. this
is the most important tool for building software from source, because it
is used from the build processes of many software packages.
Some files were taken from gettext-gnu (some po/* files and gettextize
script) to make possible perform gettextizing of packages.
The main purpose of gettext-tiny is to replace gettext for the "host" if
NLS support is not needed. There is no option to manually select
gettext-gnu or gettext-tiny, it is done automatically by virtual gettext
package. For the target gettext-tiny only installs gettext tool echo-wrapper
which might be called from shell scripts (i.e. ecryptfs-utils).
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Re-work gettext to be a virtual package which may allow to use
different gettext's providers, and rename the original one into
gettext-gnu package.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The XS modules have a high propability to fail (compared to Pure Perl modules),
so it is valuable to check XS dependencies before the check of the main module.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Add a dependency to glibc for execinfo.h and drop first patch (as it
was useful only for uclibc)
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Switch site to "real" upstream instead of debian as debian does not
have latest version
- Drop patch (not needed anymore as getline was renamed in my_getline)
- Add hash for license file
- Fix CVE-2013-0348 and CVE-2017-17663
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
the name derived from package name is not suitable,
so, we search in the built modules.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issue:
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
from Dovecot index. Exploiting this requires direct write access to
the index files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>