Fixes:
CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests.
CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names.
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patch is upstream so remove it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add patch to support newer (>2.4.2) versions.
Adjust patch logic to check for patchlevel greater than 2 (apply new patch) or
not (apply current patch).
Some people/distributions used unreleased versions, with the string being
2.4.2.x, this packages are AUTORECONFed and have to be kept like this since
the up-to-2.4.2 patch doesn't work, neither does the from-2.4.3 version patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This is an alternative to python-enum34 with a somewhat different API.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, we can build a static-only zlib, but not a shared-only one.
This is because zlib's build-system is a custom ./configure (not using
autotools), and does not allow building/installing only the shared
library.
Simply remove the .a as a post-staging install hook. We don't care
removing it from target, since it is not used at link time to build
other packages, and it is anyway removed later before assembling the
filesystem images anyway.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove opcontrol and oprofiled from the install list, they are no longer
present in the package.
Remove all patches, they have been integrated upstream.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
rpi-userland is a provider for some virtual packages, so we can not
select it, as instructed in the manual:
http://nightly.buildroot.org/#_infrastructure_for_virtual_packages
---8<---
If your package really requires a specific provider, then you’ll
have to make your package depends on this provider; you can not select a
provider.
---8<---
Instead, just depend on it. Remove the comment as well.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
ERROR: unsafe header/library path used in cross-compilation: '/usr/include/libnl3'
Add a dependancy on host-pkgconf when BR2_PACKAGE_LIBNL is enabled.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Reported-by: Jörg Krause <jkrause@posteo.de>
Cc: Jörg Krause <jkrause@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
json-c website and download locations have changed, the project is now
hosted on Github.
Signed-off-by: Sagaert Johan <sagaert.johan@skynet.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
old SITE is now password-protected
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
old SITE is now password-protected
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- old SITE is now password-protected
- add hash
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If libatomic_ops was enabled, then the host-erlang dependency was lost.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Snappy doesn't configure without host pkg-config, causing this totally
unhelpful diagnostic from autoconf:
configure.ac:42: error: possibly undefined macro: AC_DEFINE
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
configure.ac:44: error: possibly undefined macro: AC_MSG_FAILURE
So add host-pkgconf to the package's DEPENDENCIES list.
Signed-off-by: Steve James <ste@junkomatic.net>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To fix:
CVE-2013-7041 - use case sensitive comparison in pam_userdb
CVE-2014-2583 - potential path traversal issue in pam_timestamp
Also add hash file (computed, the hash files upstream cover up to 1.1.7)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2014-8142 - Use after free vulnerability in unserialize()
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2014-1569 - The definite_length_decoder function in
lib/util/quickder.c in Mozilla Network Security Services (NSS) before
3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding
of an ASN.1 length is properly formed, which allows remote attackers to
conduct data-smuggling attacks by using a long byte sequence for an
encoding.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use proper status messages, make spacing standard instead of a mix of
spacing/tabbing, drop boringly obvious comment from the header.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The CF_LIB_SONAME macro doesn't work when cross compiling so we need to
specify the lib name for libgpm explicitly. While at it make gpm support
explicit in the form of --without-gpm when it's not selected and adding
it to dependencies when it is. Fixes:
http://autobuild.buildroot.net/results/32a/32a5ba3905772a3f2f2ec9d1b290a109fe22d9f9/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When running 'make printvars', the output stops at the time we dump the
Linux related variables, with:
linux/linux.mk:109: *** Recursive variable `LINUX_TARGET_NAME'
references itself (eventually). Stop.
And that's expected, since we have:
109 LINUX_TARGET_NAME = $(LINUX_IMAGE_NAME)
[...]
112 ifeq ($(LINUX_IMAGE_NAME),)
113 LINUX_IMAGE_NAME = $(LINUX_TARGET_NAME)
114 endif
Even though they are defined in a way that ensures they are in fact not
recursively defined (the if-block ensures that), 'printvars' does dump
all our variables by evaluating all of them, which in that specific case
implies they are recursively defined.
Fix that by explicitly setting LINUX_IMAGE_NAME in each if-block.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
