Fixes:
CVE-2017-2784 - Freeing of memory allocated on stack when validating a
public key with a secp224k1 curve.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2017-3302 - C client library for MySQL (libmysqlclient.so) has
use-after-free defect which can cause crash of applications using that MySQL
client.
CVE-2017-3313 - Difficult to exploit vulnerability allows low privileged
attacker with logon to the infrastructure where MySQL Server executes to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized access to critical data or complete access to all
MySQL Server accessible data.
And a number of important, but non-security related fixes:
MDEV-11842: Fix a 10.1.21 regression with failed INSERT, BEFORE INSERT
triggers, and columns with no default value
MDEV-12075: Fix a 10.1.21 regression in the InnoDB data file extension code
For details, see the release notes:
https://mariadb.com/kb/en/mariadb/mariadb-10122-release-notes/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now the code checks for PR_SET_NO_NEW_PRIVS before using it, so the kernel
headers dependency can be removed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security fixes:
- Fix several out of bounds reads in the OpenPGP parser
- Fix handling of OpenPGP reserved tag (should be rejected)
- Fix various crashes from malformed packages with invalid tags
Release notes:
http://rpm.org/wiki/Releases/4.13.0.1
This patch also switches from GitHub to rpm.org since the last one seems
to be more up-to-date.
[Peter: use RPM_VERSION_MAJOR as suggested by Jerzy Grzegorek]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Notice that this fixes a security issue:
CWE-416 (use after free condition during netjoin processing). No CVE
assigned yet:
https://irssi.org/security/irssi_sa_2017_03.txt
But the 0.8.x series is not believed to be vulnerable to this specific
issue. From the advisory:
Affected versions
-----------------
Irssi up to and including 1.0.1
We believe Irssi 0.8.21 and prior are not affected since a different
code path causes the netjoins to be flushed prior to reaching the use
after free condition.
Openssl is no longer optional, so select it and drop the enable/disable
handling.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
kmscube repository has been moved to freedesktop.org, so
update the URL accordingly.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since kmscube upstream commit a2dc60cf05b704 ("Add m4/.gitignore")
there is no need to manually create the m4 directory anymore, so
simply remove KMSCUBE_POST_PATCH_HOOKS.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
If building on a machine with MATLAB installed, the MATLAB bindings will
default to ON, which is not the desired behavior for a cross build.
The bindings are designed to be called from within MATLAB, and we are
not currently running MATLAB on buildroot-generated targets.
This does not preclude the use of the bindings from a host connecting
over the network backend (assuming libiio on the host has the bindings
enabled).
Signed-off-by: Matthew Fornero <mfornero@mathworks.com>
Acked-By: Paul Cercueil <paul.cercueil@analog.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
SPL is the name used for spl on i.MX6, so update the same on
BR2_TARGET_UBOOT_SPL_NAME help text.
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
[Thomas: rewrap Config.in help text.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Because Buildroot passes its own CFLAGS/LDFLAGS, this was overriding
the ones from the package Makefile, leading to build failures because
-fPIC was no longer being passed.
This commit fixes that by adding a patch that allows to keep the
package CFLAGS while passing additional ones through the make command
line. While doing this, it also removes a few hardcoded optimization
and hardening flags, leaving it to Buildroot to decide whether they
should be passed or not. This makes the workaround for stack protector
no longer needed.
Fixes:
http://autobuild.buildroot.net/results/b25/b256d003d841e492da073788198203e7cbc834cf/
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
[Thomas: tweak commit log and patch description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
nodejs 0.10.x is now end of life and is no longer maintained so remove it.
See https://github.com/nodejs/LTS
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since version 4.1.2, zmqpp is provided under MPLv2.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Starting with the release 2016.09 xtensa architecture is supported by
the U-Boot. Enable uimage target in xtensa linux kernel.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Linux configs are missing memmap= option that is required for xtfpga
boards configured w/o device tree starting with linux-4.9. Add it.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In the absence of full license text file, take a short source file that
mentions the license in its comment header.
[Peter: add DEVELOPERS entry]
Cc: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
[Thomas:
- Add entry to DEVELOPERS file for the new package
- Add dependency on !BR2_STATIC_LIBS, because the Makefile
unconditionally builds a shared library
- Use the "github" helper function to define <pkg>_SITE, get rid of
<pkg>_SOURCE.
- License is BSD-2c, not just BSD.
- Add <pkg>_LICENSE_FILES variable.
- Define LIBSCRYPT_DISABLE_STACK_PROTECTOR inside the
BR2_TOOLCHAIN_HAS_SSP condition, and move from a
LIBSCRYPT_POST_EXTRACT_HOOKS to a LIBSCRYPT_POST_PATCH_HOOKS.
- Pass $(TARGET_CONFIGURE_OPTS) instead of just passing CC.
- Pass $(TARGET_MAKE_ENV) when calling $(MAKE).]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
There is an issue with powerpc64le and boost::uuids::random_generator on the
following line of code (from include/boost/uuid/seed_rng.hpp):
sha.process_bytes( (unsigned char const*)&std::rand, sizeof( void(*)() ) )
This line "inspects the first couple bytes (here eight) of the std::rand
function to seed some rng. Due to the implementation of process_bytes and
inlining happening, it seems that one of the loops therein uses &rand-1 as
some boundary, compiling with -O0 makes that reloc come out as 'rand + 0' and
the link will succeed."
See: https://bugzilla.suse.com/show_bug.cgi?id=955832#c7
Fixes:
- http://autobuild.buildroot.org/results/454c0ea393615bae2d1b44be9920f25b5c49fc33
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
These aren't supported upstream any more so remove the options and add
them to legacy handling.
Switch older deprecations that used 3.18.x to 3.12.x
Remove stray version strings as well.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit bumps ARC toolchain to arc-2017.03-eng008.
Please note that it is an engineering build and it might have all kinds
of breakages, please don't use it for production builds.
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The sysinfo.h header conflict issue is now fixed since upstream commit
c414ecd9b9151 ("Fix build with musl libc"). Enable build with musl. Enable
reverse dependencies as well.
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
gstreamer-vaapi consists in a collection of VA-API based plugins for
GStreamer and helper libraries. These libraries are used for hardware
decoding and encoding of several video formats.
decoding formats:
JPEG, MPEG-2, MPEG-4:2, H.264 AVC, H.264 MVC, VP8, VC-1, WMV3, and HEVC.
encoding formats:
MPEG-2, H.264 AVC, H.264 MVC, JPEG, VP8, HEVC
The package won't compile without at least one renderer enabled, so I
chose to enable DRM by default, as X11, GLX, and wayland are heavy
handed with the dependencies. As such, I have disabled every option
defaulting to yes except for DRM for the first patch.
Also, these codecs are only for x86 and require a Intel CPU (See Hardware
Requirements on line 82 of the README file.)
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
[Thomas:
- Add entry to DEVELOPERS file.
- Add BR2_TOOLCHAIN_HAS_THREADS dependency to the main Config.in
option.
- Add BR2_PACKAGE_HAS_UDEV dependency to the main Config.in option.
- Add comments about the BR2_STATIC_LIBS config option.
- Rewrap Config.in help text and removing trailing tabs/spaces.
- Remove restriction to i386/x86-64
- Add patch to fix build with uClibc.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
