We unfortunately cannot easily download these because of the file names (not
ending in patch) and patch format (p0), so convert to p1 format and include
in package/bash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Revert the decision to remove the wrappers, but remove the extra
Config symbol and add it by default. Required for kmod package.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security related fixes:
- Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer
before 0.9.11 (CVE-2016-9941)
- Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer
before 0.9.11 (CVE-2016-9942)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfixes:
- CVE-2017-5193: Correct a NULL pointer dereference in the nickcmp function
found by Joseph Bisch (GL#1)
- CVE-2017-5194: Correct an error when receiving invalid nick message (GL#4,
#466)
- CVE-2017-5195: Correct an out of bounds read in certain incomplete control
codes found by Joseph Bisch (GL#2)
- CVE-2017-5196: Correct an out of bounds read in certain incomplete
character sequences found by Hanno Böck and independently by J. Bisch
(GL#3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop upstream patches and related autoreconf.
Re-enable parallel builds to check against the autobuilders.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We check for bc under required packages. It should be listed as such in the
docs.
Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patch #0002 which was already fixed upstream long time ago in
commit 276a0d9500b8efc879e4f0c23e9d0e361849e295 using a slightly
different approach.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The alsaucm man page rst source file is missing in the tarball. When rst2man
is detected on the host, build fails:
make[2]: *** No rule to make target 'alsaucm.1', needed by 'all-am'. Stop.
Upstream added[1] the missing file to the tarball to fix this issue. But since
we don't need the manpage to begin with, just disable rst2man to shorten build
time by a few milliseconds.
[1] http://git.alsa-project.org/?p=alsa-utils.git;a=commitdiff;h=c6bdde171e1532f7b37333a5a746b6e662f12c53
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update our patches:
- drop patch 1, replaced by an upstream equivalent; adapt config
options and env accordingly,
- drop patch 2, applied upstream,
- rename patch 3
gdlib-config and net-snmp-config are only used when said support is
enabled (resp. CGI and SNMP), so no need to pass them unconditionally.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security related fixes:
This flaw is caused by loading data from external sources (file, custom ctx,
etc) and are hard to validate before calling libgd APIs:
- fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
- bug #248, fix Out-Of-Bounds Read in read_image_tga
- gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)
Using application provided parameters, in these cases invalid data causes
the issues:
- Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
- fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
- improve color check for CropThreshold
The build system now enables -Wall and -Werror by default, so pass
--disable-werror to disable that. Notice that this issue has been fixed
upstream post-2.2.3:
https://github.com/libgd/libgd/issues/339
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changed _SITE url to the upstream project site because Sourceforge does
not provide the tarball for 1.2.10 as of now.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
enca and libguess options have been dropped so adjust accordingly.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Riemann-c-client is a C client library for the Riemann monitoring system,
providing a convenient and simple API, high test coverage and a copyleft
license, along with API and ABI stability.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Linux kernel versio to 4.9 and U-Boot to 2016.11.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-8859 - fixes a serious under-allocation bug in regexec due to
integer overflow.
Drop upstream patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a build failure with the PPS patchset since libva isn't populated.
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For some architectures, like Xtensa or HPPA, ld from binutils requires
the output file to be a regular file, as mentioned in a bug report on
the mailing list [1].
So, use a dummy file as output file for ld, instead of /dev/null, when
trying to detect some libraries at configuration time.
Fixes http://autobuild.buildroot.net/results/288/288fc31cd10ffe3cd93371c7be37d79452a91768/
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=19526
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
