Fixes:
CVE-2016-2088 - Duplicate EDNS COOKIE options in a response could
trigger an assertion failure.
Drop libressl support patch since it's upstream now.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream patching fixing CVE-2016-2447: psk configuration parameter update
allowing arbitrary data to be written.
See http://w1.fi/security/2016-1/psk-parameter-config-update.txt for details.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream patch fixing CVE-2016-2447: psk configuration parameter update
allowing arbitrary data to be written.
See http://w1.fi/security/2016-1/psk-parameter-config-update.txt for details.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
x264 uses madvise() which is not available in the bfin external toolchain.
Fixes:
http://autobuild.buildroot.net/results/837/837fd5a63d59b5c65818ec005a565cb7741a1cdd/
[Peter: Issue is specific to bfin toolchain, so only disable for that one]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a few regressions from the previous security bump.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Packages installed for the host should have their prefix set to
$(HOST_DIR)/usr, and therefore not use DESTDIR at installation time.
Using PREFIX=/usr DESTDIR=$(HOST_DIR) is wrong, and leads for example to
luajit.pc containing prefix=/usr, which means pkg-config returns
incorrect results for host-luajit.
This patch fixes the luajit package to conform to this rule.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
[Thomas: rewrite commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
These header files are required by swupdate.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Building crda with GCC 6 fails because of all compiler warnings are treated as
errors. Disable the compiler option '-Werror':
keys-gcrypt.c:94:32: error: ‘keys’ defined but not used [-Werror=unused-const-variable=]
static const struct key_params keys[] = {
^~~~
cc1: all warnings being treated as errors
Add a patch to drop '-Werror' from CFLAGS.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
GCC 6 defaults to -std=gnu++14 instead of -std=gnu++98. The C++11 standard does
not allow "narrowing conversions" which is why building fdk-aac with GCC 6
fails:
libAACenc/src/aacEnc_rom.cpp:661:1: error: narrowing conversion of '2180108801u' from 'unsigned int' to 'FIXP_DBL {aka long int}' inside { } [-Wnarrowing]
Use '-std=gnu++98' as suggested by "Porting to GCC 6" [1].
[1] https://gcc.gnu.org/gcc-6/porting_to.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It already includes the fixes for CVE-2016-3994 and CVE-2011-5326 so
drop the patches, and additionally fixes:
CVE-2016-4024 - integer overflow in imlib2, which result in insufficient
heap allocation.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop patches applied upstream:
- 0001: notify: Don't use constexpr on Haiku
- 0002: notify: use "constexpr" only with glibc
Renumber remaining patches.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Includes numerous stablity and cleanup passes by ulli-kroll.
A hash file is also added, as it was missing before.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also drop BR2_PACKAGE_MIDORI_HTTPS option since it's now handled in the
webkitgtk package to satisfy MiniBrowser.
This version can't work with the older webkitgtk24 engine so it switches
to the new version.
Also make gcr support conditional on x11 support for libgtk3, it doesn't
work otherwise.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add the latest 2.12.x upstream stable branch.
Both 2.4.x and 2.12.x can live side-by-side, however only the latest
stable branch/releases are security-maintained, so add it unslotted.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package allows to build the fastboot and adb host utilities,
which can be used to interact with target devices implementing one of
these protocols.
The work behind the host utilities was funded by ECA Group
<http://www.ecagroup.com>. ECA Group is the copyright owner of the
contributed code.
The package also allows to build fastboot, adb and adbd daemon for the
target.
Regarding adbd, the target is required to have the FunctionFS USB Gadget
configuration. Then the following commands enable the use of adb:
# modprobe g_ffs idVendor=0x18d1 idProduct=0x4e42 \
iSerialNumber="buildroot"
# mkdir -p /dev/usb-ffs/adb
# mount -t functionfs adb /dev/usb-ffs/adb -o uid=2000,gid=2000
# adbd &
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Tested-by: Julien Corjon <corjon.j@ecagroup.com>
[Thomas:
- update on top of master.
- fix Config.in.host prompt, it should have been "host android-tools"
and not just "android-tools".]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add support for m68k/coldfire. A gcc patch is required
to avoid gcc ICE.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Config can be used by other noMMU targets as qemu-system-m68k
with coldfire emulation.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
opkg requires libarchive. This was expressed in the Config.in file with a
select, but not in the .mk file.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2016-2167 - svnserve/sasl may authenticate users using the wrong
realm.
CVE-2016-2168 - Remotely triggerable DoS vulnerability in mod_authz_svn
during COPY/MOVE authorization check.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See https://nodejs.org/en/blog/release/v6.0.0/
The patches from 5.11.0 have been copied to 6.0.0 with the following
changes:
- Removed 0001-Remove-dependency-on-Python-bz2-module.patch,
0003-Fix-va_list-not-declared.patch and
0004-Fix-support-for-uClibc-ng.patch as all 3 have been fixed upstream
- Renamed 0002-gyp-force-link-command-to-use-CXX.patch to
0001-gyp-force-link-command-to-use-CXX.patch
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The VA-API acceleration requires one or more of the egl-drm, wayland
and/or x11 backends.
Since the egl-drm backend means LIBGL (X11) + EGL + DRM we'll handle it
later once the mesa3d libgl hidden knob is applied.
So for now we'll support wayland and x11 until that happens. Fixes:
http://autobuild.buildroot.net/results/4b9/4b98d0c2c0617715e77fb47b3d97037c6b7562ec/
[Peter: pass --disable-vaapi if libva isn't enabled,
invert wayland/X11 test as suggested by Thomas]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
Enhancements
------------
* Add support for NTP and command response rate limiting
* Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris
* Add require and trust options for source selection
* Enable logchange by default (1 second threshold)
* Set RTC on Mac OS X with rtcsync directive
* Allow binding to NTP port after dropping root privileges on NetBSD
* Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled
* Resolve names in separate process when seccomp filter is enabled
* Replace old records in client log when memory limit is reached
* Don't reveal local time and synchronisation state in client packets
* Don't keep client sockets open for longer than necessary
* Ignore poll in KoD RATE packets as ntpd doesn't always set it correctly
* Warn when using keys shorter than 80 bits
* Add keygen command to generate random keys easily
* Add serverstats command to report NTP and command packet statistics
Bug fixes
---------
* Fix clock correction after making step on Mac OS X
* Fix building on Solaris
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
