It updates to the ffmpeg 3.2.4 codebase, fixing several security bugs.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2017-5847 - The gst_asf_demux_process_ext_content_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote
attackers to cause a denial of service (out-of-bounds heap read) via vectors
involving extended content descriptors.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2017-5848 - The gst_ps_demux_parse_psm function in
gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows
remote attackers to cause a denial of service (invalid memory read and
crash) via vectors involving PSM parsing.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It turned out that the troll character U+c2a0 was added by our own
patch.
So fix it amd drop our second patch.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a patch to btrfs-progs that fixes the build of
docker-engine, and possibly other packages including kerncompat.h from
btrfs-progs.
For the btrfs-progs build itself, a --disable-backtrace option allows to
indicate whether backtrace()/<execinfo.h> support should be used or
not. However, once btrfs-progs is installed, it simply looks at whether
__GLIBC__ is defined or not to decide to use backtrace() or not.
However, uClibc defines __GLIBC__ but does not provide backtrace()
functionality. The additional patch tweaks the kerncompat.h to look at
__UCLIBC__ and not use backtrace() functionality in this case.
Fixes:
http://autobuild.buildroot.net/results/9dc9370a79c5c44e6c92be6a44334842c211d923/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
Makefile:532: *** mbedtls is in the dependency chain of bctoolbox that
has added it to its _DEPENDENCIES variable without selecting it or
depending on it from Config.in. Stop.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update the comment about the ARC exception to match the one used in VLC,
so that a 'git grep "ARC toolchain issue"' returns the list of packages
to re-evaluate on ARC when the ARC toolchain gets upgraded.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package fails when building for ARC due to ARC toolchain issue.
Marking this with special comment "# ARC toolchain issue" as the package
is to be enabled as soon as the issue with the ARC toolchain is
resolved.
Fixes:
http://autobuild.buildroot.net/results/ebae0ed90b88db5a3b34a46f2ca1ff97e01fe83c/
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
[Thomas:
- add autobuilder reference
- propagate dependency to Config.in comment.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It assumes the MIPS target has an FPU and uses FPU assembler
instructions which cause the compilation to fail when building it for
soft-float.
Fixes:
http://autobuild.buildroot.net/results/f40/f407ca9245e2445619420a9dfd595856729a2b2b/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
[Thomas:
- propagate dependency to Config.in comment
- add comment above the "depends on" to explain why.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Because with libimxvpuapi older than 0.10.3, the gst1-imx-0.12.3 "imxvpu"
plugin will not build.
Changelog:
* properly pass on color format in simplified JPEG encoder interface
* add alternative write-callback-style encoding mode
also add encode example variant which uses write-callback style output
* add support for "fake grayscale mode" in encoders
this is done by using I420 internally and filling the U and V planes
with 0x80 bytes
* make sure JPEG quantization table is copied in standardized zig zag order
the VPU does not, so this has to be done explicitely
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-2629 - curl SSL_VERIFYSTATUS ignored
>From the advisory (http://www.openwall.com/lists/oss-security/2017/02/21/6):
Curl and libcurl support "OCSP stapling", also known as the TLS Certificate
Status Request extension (using the `CURLOPT_SSL_VERIFYSTATUS` option). When
telling curl to use this feature, it uses that TLS extension to ask for a
fresh proof of the server's certificate's validity. If the server doesn't
support the extension, or fails to provide said proof, curl is expected to
return an error.
Due to a coding mistake, the code that checks for a test success or failure,
ends up always thinking there's valid proof, even when there is none or if the
server doesn't support the TLS extension in question. Contrary to how it used
to function and contrary to how this feature is documented to work.
This could lead to users not detecting when a server's certificate goes
invalid or otherwise be mislead that the server is in a better shape than it
is in reality.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From https://www.kernel.org/pub/linux/utils/util-linux/v2.29/v2.29.2-ReleaseNotes
This release fixes su(1) security issue CVE-2017-2616:
It is possible for any local user to send SIGKILL to other processes with root
privileges. To exploit this, the user must be able to perform su with a
successful login. SIGKILL can only be sent to processes which were executed
after the su process. It is not possible to send SIGKILL to processes which
were already running.
Drop upstream patches and autoreconf since it's no longer required.
[Peter: extend commit message with CVE info / description]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit limits results from the javascript query for selecting
messages from the mailing list. It was not limited before.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes#9666 [1]
cp -dpfr .../host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/qml/QtQuick/PrivateWidgets .../target/usr/qml/QtQuick
cp: cannot stat ‘.../host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/qml/QtQuick/PrivateWidgets’: No such file or directory
[1] https://bugs.busybox.net/show_bug.cgi?id=9666
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 76838f6341.
The commit referenced above explicitly states that the function was
copied as-is from the gcc source code at the time. And indeed that is
exactly how the function appeared in gcc in commit
e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934.
However, our toolchain wrapper is "GPLv2 only", while the file this function
was copied from is "GPLv3 or later". As such we can't include that function
and still comply to both licenses.
Furthermore, the code is far from optimum.
Since this feature is not release-critical, revert it until we re-implement
it.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Jérôme Pouiller <jezz@sysmic.org>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default, bctoolbox adds the rpath to the shared library. Prevent this
by setting `CMAKE_SKIP_RPATH` [1] to a true value.
[1] https://cmake.org/cmake/help/latest/variable/CMAKE_SKIP_RPATH.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently we force selection on mbedtls for bctoolbox. If, for whatever
reason, mbedTLS is not found, bctoolbox searches for PolarSSL and, if
not present, fails with:
```
Could NOT find PolarSSL (missing: POLARSSL_INCLUDE_DIRS
HAVE_POLARSSL_SSL_H)
```
This happens because bctoolbox enables support for mbedTLS and PolarSSL
by default, whereas, if both are enabled, mbedTLS is preferred over
PolarSSL.
However, crypto support is not mandatory and support for both libraries
can be turned off. Therefore, optionally depend on mbedTLS or PolarSSL
and enable/disable the library support explicitly.
This fixes the issue of searching for PolarSSL altough the dependency is
not declared in the bctoolbox package.
Note, that this does not fix the issue why mbedtls is not found although
it is enabled. This issue is address in this thread [1].
Fixes:
http://autobuild.buildroot.net/results/cfe/cfeb2f542598e5d450b332fb51a6d79bae24158c/
.. and more.
[1] http://lists.busybox.net/pipermail/buildroot/2017-February/183055.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Static linking with bctoolbox fails when using pkg-config as the
generated bctoolbox.pc file only consists of an '-L' string without any
search path or libraries flags:
```
libtool: link: need path for `-L' option
```
That's because of an typo in mbedtls_library_path. However,
mbedtls_library_path contains a string of the mbedtls libraries
concatenated by an ';' which cannot be parsed by pkg-config.
Therefore, use MBEDTLS_LIBRARY instead of MBEDTLS_LIBRARIES to get
the library path.
Furthermore, add the three mbedtls libraries mbedtls, mbedcrypto, and
mbedx509 to LIBS_PRIVATE so these libraries are added to the
Libs.private field of bctoolbox.pc.
Fixes:
http://autobuild.buildroot.net/results/37d5625df4be11ccdc063871e9f6e13d5f59fb52http://autobuild.buildroot.net/results/1999c841fae41f860f00747a362327cb2857e687
.. and many more.
Upstream status: Pending
https://github.com/BelledonneCommunications/bctoolbox/pull/4
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 5c4d3560b9.
Although the patch fixes the build error it does not set the flags for
Libs.private properly. A follow-up patch will provide a better solution
for this issue.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Make license type lists more uniform:
* put content license applies to in parenthesis; ex: "GPLv2+ (programs)"
* use commas to separate types listed without conjuction; ex: "GPLv2, LGPLv2"
No attempt was made to validate the claimed licenses. This is just a tweak
to increase uniformity of the _LICENSE variables.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: replace semi-colons by commas in LIBURCU_LICENSE.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Select (and use) builroot provided freetype in case qt5base gui is
selected (gui without freetype/font support makes not much sense
and gives compile errors).
Qt 5.6 needs some support to find the include headers, 5.8 is
clever enough inherently.
Fixes [1] (by avoiding the build-in freetype library which depends
on activated libpng support):
Project ERROR: Library 'libpng' is not defined.
make[3]: *** [sub-3rdparty-freetype-make_first] Error 3
[1] http://autobuild.buildroot.net/results/219162ba616289f799a5053c4dcc6b8574284283
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Move the two comment lines to where they apply.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Pull an upstream fix to allow building schedutils (ionice, taskset,
chrt) when util-linux is configured with
$ configure --disable-all-programs --enable-schedutils
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=9656
Reported-by: Aaron Holtzman <aholtzma@gmail.com>
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The patch 0006-fix-client-gfx_state-initialisation.patch
add the initialisation for the variable gfx-state.
This patch was provided by the community and it is already
integrated in OpenEmbedded.
Signed-off-by: Philippe Reynes <philippe.reynes@sagemcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
http://autobuild.buildroot.net/results/197/197ab8a12bf1d780a986e5d447d1e0f5ee070405/
qt5.8 no longer supports ARMv4. From src/corelib/global/qprocessordetection.h:
if Q_PROCESSOR_ARM >= 6
define Q_PROCESSOR_ARM_V6
endif
if Q_PROCESSOR_ARM >= 5
define Q_PROCESSOR_ARM_V5
else
error "ARM architecture too old"
[Peter: also hide comment as pointed out by Baruch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Explicitly set the ERL_TOP environment variable to override values set
on a user's system. This prevents Erlang's configure scripts from
using source files outside of the ones that Buildroot downloaded.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The initial fix for this issue, re-including stdbool.h, is not
working.
Instead, fix using the method used for other packages with a similar
problem: add -std=gnu99, which prevents bool from being redefined and
removes the need for any source code change.
Fixes: 64904f0f6d
Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a workaround for a microblaze specific ld bug to avoid
segfault.
Fixes:
http://autobuild.buildroot.net/results/aef1b915ffd3e5678af8682727c22c5618edfd89
[Peter: force --gc-sections configure check to false instead of patching
configure]
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
