Extract from release announcement:
- (2.9, 2.7, 2.1) Fixed an issue in the X.509 module which could lead
to a buffer overread during certificate validation. Additionally, the
issue could also lead to unnecessary callback checks being made or to
some validation checks to be omitted. The overread could be triggered
remotely, while the other issues would require a non DER-compliant
certificate to be correctly signed by a trusted CA, or a trusted CA with
a non DER-compliant certificate. Found by luocm. Fixes#825.
- (2.9, 2.7, 2.1) Fixed the buffer length assertion in the
ssl_parse_certificate_request() function which could lead to an
arbitrary overread of the message buffer. The overreads could be caused
by receiving a malformed algorithms section which was too short. In
builds with debug output, this overread data was output with the debug
data.
- (2.9, 2.7, 2.1) Fixed a client-side bug in the validation of the
server's ciphersuite choice which could potentially lead to the client
accepting a ciphersuite it didn't offer or a ciphersuite that could not
be used with the TLS or DTLS version chosen by the server. This could
lead to corruption of internal data structures for some configurations.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update several of the licenses annotated in the gst1-plugins-bad.mk file.
1. Specify GPL-2.0 in license info.
* All of the *.[ch] that specify GPL also specify version 2 or later.
2. Remove GPL from audiovisualizers.
* Changlog notes move from GPL to LGPL. (2015-04-25)
* docs/plugins/inspect/plugin-audiovisualizers.xml claims "LGPL".
* All *.[ch] files under ./gst/audiovisualizers say "GNU Library General Public License".
3. Add GPL to yadif.
* Changelog notes that yadif is "GPL". (2013-02-07)
* docs/plugins/inspect/plugin-yadif.xml claims "GPL".
* All *.[ch] files under ./gst/yadif say "GNU General Public License" except for one "GNU Library General Public License".
4. Remove UNKNOWN from fdk_aac.
* docs/plugins/inspect/plugin-fdkaac.xml claims "LGPL".
* All *.[ch] files under ./ext/fdkaac say "GNU Lesser" or "GNU Library General Public License".
5. Add BSD-2c to dtls.
* docs/plugins/inspect/plugin-dtls.xml claims "BSD".
* All *.[ch] files under ./gst/dtls have BSD-2c text.
6. Add BSD-2c to openh264.
* Changelog notes that openh264 is "BSD-2". (2014-10-03)
* docs/plugins/inspect/plugin-openh264.xml claims "BSD".
* All *.[ch] files under ./ext/openh264 have BSD-2c text.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ltrace works fine on aarch64, so allow enabling it on that architecture.
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since uClibc-ng commit cde74b83f9b2 "ARC: remove special CFLAGS/LDFLAGS handling"
i.e. starting v1.0.23 CONFIG_ARC_CPU_xx options are not used.
Instead uClibc relies on toolchain defaults or build-system CFLAGS
for selection of ARC-specific code (i.e. distinguishes between
ARCompact and ARCv2 ISAs).
So we drop corresponding quirks from Buildroot as well.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Dropped patch applied by upstream + LTP_TESTSUITE_AUTORECONF = YES which
this patch required and thus not needed any more.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other packages can actually provide Wayland libraries like imx-gpu-viv.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With this commit we update u-boot version to 2018.05 for
Synopsys boards. U-boot version 2018.05 was released recently
and includes significant changes for ARC boards:
* Fix for compile-time warning for AXS10x
* Add support of platform-specific commands for HSDK
* Add support for on-board SPI flash on HSDK
Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With this commit we update Linux kernel version to 4.16.8
and Linux headers version to 4.16.
Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Don't rely on a random host package to create the include/ directory for
us. Some packages do the wrong thing since they implicitly assume that
this directory exists already. Commit a557aedad2 (zstd: fix host headers
installation) shows an example of that.
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Having imx-usb-loader on the target might be useful when you're
building a system that itself will be responsible for booting/flashing
i.MX based devices.
Signed-off-by: Vincent Prince <vincent.prince.fr@gmail.com>
[Thomas:
- improve commit log
- fix indentation
- drop BR2_arm dependency
- add missing host-pkgconf dependency
- fix prefix variable to install in $(TARGET_DIR)/usr]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package has been tested with Wayland back-end using weston-imx
repository on a i.MX6Q Nitrogen6x:
https://source.codeaurora.org/external/imx/weston-imx/
(tag rel_imx_4.9.51_8mq_ga to work with both i.MX6 and i.MX8MQ)
Weston was started as follows:
# export XDG_RUNTIME_DIR=/tmp
# weston --tty=1 --device=/dev/fb0
Finally the Vivante sample apps were started from weston-terminal:
# cd /usr/share/examples/viv_samples/vdk/
# ./tutorial7
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libnsl from Glibc is deprecated and should not be used anymore.
Remove libnsl.so.* from GLIBC_LIBS_LIB.
libnsl is now an separate library that can be packaged later if
necessary [1].
Note: libnsl from Glibc doesn't build with gcc 8 due new warning [2].
[1] https://github.com/thkukuk/libnsl.git
[2] http://patchwork.sourceware.org/patch/26437
This reverts commit 398747f5fa.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
glibc now considers its built-in libnsl as being obsolete, and requires
passing --enable-obsolete-libnsl to have it built and installed. libnsl
is now provided as a separate project [1], but it isn't packaged yet in
Buildroot.
In preparation for dropping --enable-obsolete-libnsl from the glibc
package, this commit ensures that exim doesn't use libnsl. It was
already the case for uclibc and musl toolchains, so this commit simply
extends that to make sure libnsl is also not used with glibc toolchains.
Only Exim's nis.so and nisplus.so lookup modules require libnsl,
but they are not build by default. So we can safely remove -lnsl
from the Makefile-Linux. If someone want these modules, a new libnsl
package must be added first to provide nsl library.
Since we remove -lnsl unconditionally, use a patch instead of a sed command.
[1] https://github.com/thkukuk/libnsl.git
[2] https://fedoraproject.org/wiki/Changes/NISIPv6
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: David De Grave (Essensium/Mind) <david.degrave@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add upstream patch, fixes [1]:
../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglwindow.cpp: In member function 'void QtWaylandClient::QWaylandXCompositeEGLWindow::createEglSurface()':
../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglwindow.cpp:124:82: error: invalid conversion from 'Window {aka long unsigned int}' to 'EGLNativeWindowType {aka void*}' [-fpermissive]
m_surface = eglCreateWindowSurface(m_glxIntegration->eglDisplay(), m_config, m_xWindow,0);
^~~~~~~~~
In file included from ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglclientbufferintegration.h:57:0,
from ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglwindow.h:46,
from ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglwindow.cpp:40:
.../host/arm-buildroot-linux-musleabihf/sysroot/usr/include/EGL/egl.h:265:31: note: initializing argument 3 of 'void* eglCreateWindowSurface(EGLDisplay, EGLConfig, EGLNativeWindowType, const EGLint*)'
EGLAPI EGLSurface EGLAPIENTRY eglCreateWindowSurface(EGLDisplay dpy, EGLConfig config,
[1] http://autobuild.buildroot.net/results/9bcc76ed9e23c0d525f20b4da7f3bb5efe3083d4
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rust supports powerpc64le to the same level as powerpc64, so allow it.
Signed-off-by: Sam Bobroff <sbobroff@linux.ibm.com>
Tested-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Acked-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The gdb configure script is given --enable-gdbserver when
BR2_PACKAGE_GDB_SERVER is set, but it is not given --disable-gdbserver
when BR2_PACKAGE_GDB_SERVER is unset.
gdb gdb/configure.ac defaults to enabling gdbserver in "native"
(host=target) cases, which is always the case when buildroot builds a
gdb which runs on the target hardware. The gdbserver will overwrite
BR2_TOOLCHAIN_EXTERNAL_GDB_SERVER_COPY gdbserver, if any.
Fix that by passing --disable-gdbserver when BR2_PACKAGE_GDB_SERVER is
unset.
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The libopusenc library provides a high-level API for encoding opus audio files
and live streams.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[Thomas: add missing select on opus in Config.in file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The linux-nfs project switched to a new homepage. Update the help text
link.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use Python 3 style print calls, in order to make pkg-stats Python 3
compliant.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
faketime currently doesn't build on host machines that use gcc 8.x due
to stricter checks done by gcc, and the fact that it is built with
-Werror.
As a simple stop-gap measure, this commit patches the faketime
Makefile to not use -Werror anymore.
The actual fixes for the gcc 8.x issues have been submitted upstream
at https://github.com/wolfcw/libfaketime/pull/161, but disabling
-Werror is a much smaller fix.
Also, it is worth mentioning that removing -Werror makes the existing
patch 0001-Disable-the-non-null-compare-warning-error.patch (which was
just disabling one specific warning). We nonetheless keep this patch
around as it is a backport from upstream.
Fixes:
http://autobuild.buildroot.net/results/bd223dfa1c4baa68e427d4941bd2e9917e22da84/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop upstream patch.
This release fixes the security issues listed below.
CVE-2018-1000300: curl might overflow a heap based memory buffer when
closing down an FTP connection with very long server command replies.
https://curl.haxx.se/docs/adv_2018-82c2.html
CVE-2018-1000301: curl can be tricked into reading data beyond the end
of a heap based buffer used to store downloaded content.
https://curl.haxx.se/docs/adv_2018-b138.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
After years of inactivity, several bugfixes and features are merged
Signed-off-by: Martijn de Gouw <martijn.de.gouw@prodrive-technologies.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use "i.MX8MQ" (in capital letters) for the SoC name for better
readability.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Improve the documentation by adding the configuration of SW801 and SW802
switches for SD card boot.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The kernel used is from 4.16 version, so adjust the comment.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The existing patch 0001-Build-buildconfig-for-the-host.patch changes
the exim build system to use the host compiler to build the
"buildconfig" program instead of the cross-compiler.
However, it still uses $(LIBS) which lists the target libraries to
link with, which shouldn't be used. Since buildconfig doesn't use any
library beyond the C library, we can simply drop using $(LIBS).
This will fix build failures of exim on Fedora 28, where libnsl is no
longer provided by the C library, causing build failures such as:
/usr/bin/gcc buildconfig.c
/usr/bin/ld: cannot find -lnsl
Fixes:
http://autobuild.buildroot.net/results/ac78fe18657558b3c12c03c08bf1081d7c06ca85/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Kconfig uses either pkg-config or hard-coded /usr/include paths to find
the ncurses or ncursesw library. If ncursesw is found, it will include
<ncursesw.h>. Since Buildroot's host-ncurses doesn't install a .pc file,
and linux.mk anyway doesn't pass the pkg-config options to find the host
pkg-config files, Kconfig will always find the system's ncursesw.h.
However, since commit dde090c299 (linux: fix passing of host CFLAGS and
LDFLAGS) HOST_LDFLAGS is passed to the linux build system. Thus, if
host-ncurses was already built before 'make linux-menuconfig' is called,
the build will pick up libncurses from the host directory, which is NOT
widechar. Thus, two different ncurses configurations are mixed into the
final mconf program. This will result in serious breakage in the
rendering of the menus (lots of @ and question mark characters).
As a workaround (suggested by Yann), don't pass HOST_CFLAGS and
HOST_LDFLAGS when running kconfig commands. For kconfig, we should never
need host packages anyway. This way, the kconfig calls will always use
the system's ncurses and never our host-ncurses.
Note that the same problem could pop up for other kconfig packages as
well if we ever pass HOST_CFLAGS/HOST_LDFLAGS to them. We could force
HOSTCC=$(HOSTCC) directly in kconfig-package. However, for now there
are no other packages that exhibit this problem, so this can be
revisited when they do.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: David De Grave <david.degrave@essensium.com>
Cc: Scott Fan <fancp2007@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5.0.2 is API and ABI compatible with 5.0.0 and 5.0.1 and includes
mitigations for CVE-2017-5715 (Spectre Variant 2) for X86 and MIPS.
Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>