This reverts commit 5a18eabdf0.
It did not take into account all the possible situations. A different fix
will be provided in a forthcomming patch.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-0381: A remote code execution vulnerability in
silk/NLSF_stabilize.c in libopus in Mediaserver could enable an attacker
using a specially crafted file to cause memory corruption during media file
and data processing.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
And drop patches now upstream. Also enable internal glob() handling in ash,
as busybox now errors out if this isn't enabled when building for uClibc
because of bugs in the the glob(3) implementation in uClibc and musl since:
commit 3a4cdf45f928de0af09088bbbb96f60d9ac44e87
Author: Denys Vlasenko <vda.linux@googlemail.com>
Date: Wed Dec 21 04:13:23 2016 +0100
ash: error out if ASH_INTERNAL_GLOB is not selected on uClibc
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Parallel build still fails on heavilly multicore machines (e.g. -j25)
and hacks likecommit 32f4957b15 do not
seem to be effective.
Let's simply use MAKE1 for the build step, instead.
Fixes:
http://autobuild.buildroot.net/results/388/38834ad3013fe79e5e4f75997133f1bd827be6dc
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Inspired on the confusion in [1], we want to warn the user that building
without busybox may not lead to a working system.
[1] https://bugs.busybox.net/show_bug.cgi?id=9526
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
compile also open possix
remove power management (compiled by default since commit
b74bbed51b0c0d44b70b136326a8a23cbc64db01)
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes static linking of pifmrds [1]:
host/usr/bin/arm-linux-gcc -static -o pi_fm_rds rds.o waveforms.o pi_fm_rds.o fm_mpx.o control_pipe.o -lsndfile -lm
.../host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libsndfile.a(flac.o): In function `sf_flac_error_callback':
flac.c:(.text+0x44c): undefined reference to `FLAC__StreamDecoderErrorStatusString'
host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libsndfile.a(ogg.o): In function `ogg_close':
ogg.c:(.text+0x10): undefined reference to `ogg_sync_clear'
host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libsndfile.a(ogg_vorbis.o): In function `vorbis_read_sample':
ogg_vorbis.c:(.text+0x26c): undefined reference to `vorbis_synthesis_pcmout'
[1] http://autobuild.buildroot.net/results/9b7/9b7638caa8f3e82e38fb68b0321cb649618a0131
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Use GitHub instead of PyPI because PyPI release if out-of-date.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2016-9317 - gdImageCreate() doesn't check for oversized images and
as such is prone to DoS vulnerabilities.
CVE-2016-6912 - double-free in gdImageWebPtr()
(without CVE):
Potential unsigned underflow in gd_interpolation.c
DOS vulnerability in gdImageCreateFromGd2Ctx()
Signed Integer Overflow gd_io.c
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
[Thomas:
- move condition to a different place in the .mk file, with other
similar conditions.
- add an 'else' clause to pass -no-libinput in order to explicitly
disable libinput support when the libinput package is not available.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
And tweak 0003-Sanitize-the-installation-process.patch for this new
release.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit bumps mono to version 4.6.2.16
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
