Fixes:
CVE-2016-0766 - privilege escalation issue for users of PL/Java.
CVE-2016-0773 - issue with regular expression (regex) parsing. Prior
code allowed users to pass in expressions which included out-of-range
Unicode characters, triggering a backend crash. This issue is critical
for PostgreSQL systems with untrusted users or which generate regexes
based on user input.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
MT7601u is a MediaTek Wifi 802.11n dongle
(New chipset from the combined ralink/mediaTek company)
Signed-off-by: Matt Weber <matt@thewebers.ws>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2016-1521 - An exploitable out-of-bounds read vulnerability exists
in the opcode handling functionality of Libgraphite. A specially crafted
font can cause an out-of-bounds read resulting in arbitrary code
execution. An attacker can provide a malicious font to trigger this
vulnerability.
CVE-2016-1522 - An exploitable NULL pointer dereference exists in the
bidirectional font handling functionality of Libgraphite. A specially
crafted font can cause a NULL pointer dereference resulting in a crash.
An attacker can provide a malicious font to trigger this vulnerability.
CVE-2016-1523 - An exploitable heap-based buffer overflow exists in the
context item handling functionality of Libgraphite. A specially crafted
font can cause a buffer overflow resulting in potential code execution.
An attacker can provide a malicious font to trigger this vulnerability.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* --with-dbuspolicydir, --with-dbussessionservicedir, and
--with-dbussystemservicedir are no longer needed since these are
defaults in recent releases.
* --disable-dbus has no effect when combined with --disable-tests. The
option itself only applies to tests, not the runtime.
Signed-off-by: Gabe Evans <gabe@hashrabbit.co>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Various DBus activated services fail to start with errors similar to:
Unit dbus-org.freedesktop.hostname1.service failed to load: File exists.
The message itself is rather vague and can be seen as a warning in
systemd-networkd logs. Meanwhile, tools like hostnamectl don't work
at all.
The post-install target hook SYSTEMD_SANITIZE_PATH_IN_UNITS was replacing
symlinks with duplicate files. The find command could have used -type f
to avoid this but I instead chose to remove the hook since this fix doesn't
seem to be needed anymore.
Signed-off-by: Gabe Evans <gabe@hashrabbit.co>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch bumps mono to the latest 4.2.2.30 version.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add the findfs utility option for util-linux package.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Cc: Zheng Yi <yzheng@techyauld.com>
[Thomas: respect alphabetic ordering.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The e2fsprogs package's findfs option provides no capabilities. When the
option is selected, a symbolic link is generated from findfs to e2label;
however, e2label will not handle findfs since the respective code is
explicitly disabled when `--disable-libblkid` is passed in. At this
time, the e2fsprogs package only supports findfs capabilities when
building its "private blkid library".
Note that the `--disable-libblkid` configuration argument must remain
to prevent conflicts with util-linux's libblkid and an e2fsprogs-
generated variant (see e1ffc2f791).
Since e2fsprogs cannot provide findfs capabilities, the option is being
removed in this change. A following change will be introduced to include
util-linux's findfs utility.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Cc: Zheng Yi <yzheng@techyauld.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Removed m4-hack after upstream adding m4/ to its repo:
8338c7e27f
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
CLOCK_MONOTONIC_RAW is a fairly recent addition, which may not be
available in old C libraries/kernels. This commit adds a libraw1394
patch that makes the use of CLOCK_MONOTONIC_RAW optional. The patch
has been submitted upstream.
Fixes:
http://autobuild.buildroot.net/results/198149e80be3e62eaf9f4731442031a1aa93409c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This Byte order mark is not recognized by gcc < 4.4, which is the case
on Blackfin where gcc 4.3.x is used. Since this BOM is not useful
anyway, we simply remove it. The patch has been submitted upstream.
Fixes:
http://autobuild.buildroot.net/results/143c4c2a1d8527c97362ce11507e8b5a79dd0d6b/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Otherwise, it fails to autoreconf with a weird error message:
configure.ac:15: error: possibly undefined macro: AC_SUBST
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
configure.ac:40: error: possibly undefined macro: AC_MSG_WARN
Indeed, the configure.ac uses PKG_CHECK_MODULES(), so we need to have
the corresponding m4 file installed by host-pkgconf.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It's used for some small functions like md5 support, non-essential since
samba has an internal fallback for those, but still add it for
predictability.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The boost build system does not recognize the fact that fenv.h is an
optional module in uClibc and tries to use it even if UCLIBC_HAS_FENV
is disabled. This patch disables fenv support completely when compiling
with a uClibc-based toolchain.
Fixes
http://autobuild.buildroot.net/results/160/160e1b98b204148ecf128144826554b6c523931b/
and many others
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Unless the tests are built with TEST_INSTALLED_UCLIBC their rpath will
point to the build directory rather than runtime directory, resulting in
non-executable tests for the target.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It was the only one with a trailing slash, it's only for coherence's
sake.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-1567: Impersonation between authenticated peers.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop 0003-Problem-return-code-of-sodium_init-is-not-checked.patch since
it's in this release.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Which also means moving from unstable->stable (odd numbers in gnome
project packages are development).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Which also means moving from unstable->stable (odd numbers in gnome
project packages are development).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Which also means moving from unstable->stable (odd numbers on gnome
project packages are development).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Kernels older than 3.9 (not counting stable releases) used the
timeconst.pl perl script for their build process.
The problem with this script is that it used deprecated perl features,
namely defined(@array) which was removed for the perl 5.22 release,
causing build failure of older kernels on newer distributions.
To fix this instead of going the hard way (moving to the new
timeconst.bc script) use the easy way by patching timeconst.pl with an
upstream patch used for stable releases.
First try a dry-run on the patch to see if it applies, if it does then
call a proper APPLY_PATCHES to it.
Tested against an arbitrary 2.6.30 kernel (applies and builds), against
4.4.1 for a missing timeconst.pl (does not apply since it's missing) and
3.8.13 (does not apply since it's fixed already).
Known broken distributions: fedora 23, debian testing (stretch) and unstable
(sid).
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/aee/aee4a895c74647292715705bfcdf742f3ea2f76f/
Since the bump to 1.0.3, xapp_xf86dga no longer uses libXt, libXaw and
libXmu. So these dependencies should be removed from the .mk file.
They were already removed from Config.in, leading to messages like:
Makefile:475: *** xlib_libXaw is in the dependency chain of xapp_xf86dga
that has added it to its _DEPENDENCIES variable without selecting it or
depending on it from Config.in. Stop.
[Peter: add autobuilder reference as suggested by Ricardo]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
