libglib2 recently changed to use the result of the autoconf macro to
decide how to use strerror_r() in g_strerror() instead of embedding the
same preprocessor condition as in glibc's strings.h (upstream commit
c8e268bb was first included in release 2.53.4).
Following this change, if ac_cv_func_strerror_r_char_p is incorrectly
set to "no", the error string is an uninitialized buffer which cannot be
encoded as UTF-8. The final result of this is that GLib functions that
are expected to fill in an error pointer on failure in fact leave this
pointing to NULL which is likely to cause a segfault in client
applications.
In fact the autoconf check compiles a test file but does not need to run
it, so the test is safe when cross-compiling and returns the correct
answer. So remove this cached value and let the configure script figure
it out for itself, fixing g_strerror() on glibc systems.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The script was changed via modernize utility. The only manual
made part was the handling of StringIO.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
AST-2018-002: Crash when given an invalid SDP media format description
By crafting an SDP message with an invalid media format description Asterisk
crashes when using the pjsip channel driver because pjproject's sdp parsing
algorithm fails to catch the invalid media format description.
AST-2018-003: Crash with an invalid SDP fmtp attribute
By crafting an SDP message body with an invalid fmtp attribute Asterisk
crashes when using the pjsip channel driver because pjproject's fmtp
retrieval function fails to check if fmtp value is empty (set empty if
previously parsed as invalid).
AST-2018-004: Crash when receiving SUBSCRIBE request
When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the
accepted formats present in the Accept headers of the request. This code
did not limit the number of headers it processed despite having a fixed
limit of 32. If more than 32 Accept headers were present the code would
write outside of its memory and cause a crash.
AST-2018-005: Crash when large numbers of TCP connections are closed suddenly
A crash occurs when a number of authenticated INVITE messages are sent over
TCP or TLS and then the connection is suddenly closed. This issue leads to
a segmentation fault.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use the new upstream url.
Added all hashes provided by upstream.
Rebase patch on top of 8.4.0 and convert it to git formated patch.
Add a comment above "MESA3D_DEMOS_AUTORECONF = YES"
See https://lists.freedesktop.org/archives/mesa-dev/2018-February/186542.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Replace the shell script with pkgconf without creating a new process.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The shell expands "$@" as "$1" "$2" "$3"... while it expands $@ as $1 $2
$3. With the second form, we loses spaces in positional parameters.
As example, the following call
pkg-config --cflags "one two" three
is wrapped as
pkgconf --cflags one two three
while we are expecting
pkgconf --cflags "one two" three
"$@" is really useful when writing wrappers. It passes the positional
arguments *as* they are given.
Double quote $@ to prevent from splitting elements.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We have quite a bit more than "hundreds of packages" nowadays:
find package -name \*.mk | wc -l
2285
So adjust the text to say 'several thousand' instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
liblo uses atomic builtins that are only available inside libatomic on
some architectures, so link with it when available.
Fixes:
http://autobuild.buildroot.net/results/c8bed3a3fa7d2b2258f573cbfcb01af07419e0bf/
Signed-off-by: Alex Baldwin <alexbaldwinmusic@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For some boards, for example the Raspberry Pi, it's necessary to build
in-tree dts files as well as custom/out of tree dts-files (dt-blob.bin).
The existing logic made these two options exclusive, this commit changes
that to allow both in-tree as well as custom sources for dts files.
Signed-off-by: Simon van der Veldt <simon.vanderveldt@gmail.com>
[Arnout: re-wrap help, add extra empty line, change = into +=]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Also removed a patch fixing the build with musl as it made its way into
the 1.6.2 version.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2016-10713: Out-of-bounds access within pch_write_line() in
pch.c can possibly lead to DoS via a crafted input file.
Add upstream patch fixing CVE-2018-6951: There is a segmentation fault,
associated with a NULL pointer dereference, leading to a denial of
service in the intuit_diff_type function in pch.c, aka a "mangled
rename" issue.
This bump does NOT fix CVE-2018-6952. See upstream bug #53133
(https://savannah.gnu.org/bugs/index.php?53133).
Add license file hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2018-0487: Remote attackers can execute arbitrary code or cause a
denial of service (buffer overflow) via a crafted certificate chain that
is mishandled during RSASSA-PSS signature verification within a TLS or
DTLS session.
CVE-2018-0488: When the truncated HMAC extension and CBC are used,
allows remote attackers to execute arbitrary code or cause a denial of
service (heap corruption) via a crafted application packet within a TLS
or DTLS session.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
sunxi-mali-mainline-driver builds using parallel compilation by default,
using -j $(nproc), but this could be not wanted.
Pass -j $(PARALLEL_JOBS) to build using jobs configured in buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With the currently used ARC glibc version the profiling build fails with
linking error to __mcount. The ARC glibc version arc-2018.03-eng007+
fixes this, therefore when glibc is bumped, this restriction can be
removed.
Fixes:
http://autobuild.buildroot.net/results/88870f5bf4aff557d8eac4e1cc5d3e397e607af0/
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2018-6789: Meh Chang discovered a buffer overflow flaw in a utility
function used in the SMTP listener of Exim, a mail transport agent. A
remote attacker can take advantage of this flaw to cause a denial of
service, or potentially the execution of arbitrary code via a specially
crafted message.
Dropped ChangeLog hunk and adjusted file path of upstream commit so it
applies to tarball.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2018-5378
It was discovered that the Quagga BGP daemon, bgpd, does not
properly bounds check data sent with a NOTIFY to a peer, if an
attribute length is invalid. A configured BGP peer can take
advantage of this bug to read memory from the bgpd process or cause
a denial of service (daemon crash).
https://www.quagga.net/security/Quagga-2018-0543.txt
CVE-2018-5379
It was discovered that the Quagga BGP daemon, bgpd, can double-free
memory when processing certain forms of UPDATE message, containing
cluster-list and/or unknown attributes, resulting in a denial of
service (bgpd daemon crash).
https://www.quagga.net/security/Quagga-2018-1114.txt
CVE-2018-5380
It was discovered that the Quagga BGP daemon, bgpd, does not
properly handle internal BGP code-to-string conversion tables.
https://www.quagga.net/security/Quagga-2018-1550.txt
CVE-2018-5381
It was discovered that the Quagga BGP daemon, bgpd, can enter an
infinite loop if sent an invalid OPEN message by a configured peer.
A configured peer can take advantage of this flaw to cause a denial
of service (bgpd daemon not responding to any other events; BGP
sessions will drop and not be reestablished; unresponsive CLI
interface).
https://www.quagga.net/security/Quagga-2018-1975.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Qt WebEngine auto-guesses if it compiles support for alsa. When the
alsa-lib config is enabled but the features mixer, rawmidi, hwdep and
seq are not also enabled, it leads to a build failure.
Lets the developer decide whether or not support for alsa in Qt
WebEngine by adding the new config BR2_PACKAGE_QT5WEBENGINE_ALSA that
selects the features it needs when it is set.
Fixes [1].
[1]: http://autobuild.buildroot.net/results/d81537a8f67bb0a3625057560b2f16daf4828f98/build-end.log
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit bumps the Go programming language to the 1.10 release.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop 0001-libext2fs-fix-build-failure-in-swapfs.c-on-big-endia.patch as it
is now upstream.
Only contains minor bugfixes since 1.43.8 and no new features.
>From the release notes:
Remove the huge file flag from libe2p (and hence from chattr/lsattr),
since it was never made visible by the kernel. Remove the description
of some compression related flags, and add a description of the
encrypted file flag, and the project hierarchy flag.
Remove a misplaced "MNP is unsupported" message from debugfs.
Fix a build failure in lib/ext2fs/swapfs.c on big-endian systems.
(Addresses Debian Bug #886119)
Fix various Debian packaging issues. (Addresses Debian Bug #269569).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes: https://mariadb.com/kb/en/mariadb-10131-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10131-changelog/
Fixes the following security vulnerabilities:
CVE-2018-2562 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server : Partition). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server as well as unauthorized update, insert or
delete access to some of MySQL Server accessible data.
CVE-2018-2622 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.5.58
and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
CVE-2018-2640 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
CVE-2018-2665 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
CVE-2018-2668 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
CVE-2018-2612 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and
prior and 5.7.20 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access to critical data or all
MySQL Server accessible data and unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When compiling host-jq with gcc 6+, running it gives an immediate segfault.
Reported upstream: https://github.com/stedolan/jq/issues/1598
The issue can be solved by compiling with _GNU_SOURCE as extra preprocessor
define. Once the issue is solved upstream, this change can be reverted.
As the issue will normally be the same for target, apply the same fix there.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-14632: Libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in info.c
when vi->channels<=0, a similar issue to Mozilla bug 550184.
CVE-2017-14633: In libvorbis 1.3.5, an out-of-bounds array read
vulnerability exists in the function mapping0_forward() in mapping0.c, which
may lead to DoS when operating on a crafted audio file with
vorbis_analysis().
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues according to NEWS:
CVE-2018-6485: An integer overflow in the implementation of the
posix_memalign in memalign functions in the GNU C Library (aka
CVE-2018-6551: The malloc implementation in the GNU C Library (aka glibc or
libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on
i386, did not properly handle malloc calls with arguments close to SIZE_MAX
and could return a pointer to a heap region that is smaller than requested,
eventually leading to heap corruption.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit d2f0a9bba4 (libcpprestsdk: fix building as a static library)
changed libcpprestsdk to use pkg-config to find the linker flags for
openssl, so ensure it is available.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For 4.15 support and various fixes. This version now uses quilt to apply
patches, which is not a required dependency of Buildroot - So add a
POST_PATCH hook to change it to use apply-patches.sh instead.
git shortlog --invert-grep --grep travis --no-merges 42c7c139c14103a83bb2ad7e7a1f0ed491f96500..
Giulio Benetti (7):
Fix bulding driver twice.
Fix 0014-mali-Make-devfreq-optional.patch
Add unapply_patches function in build.sh
Fix 0013-mali-support-building-against-4.15.patch
Add clean option to build.sh
Add parallel building by default and -j option to override jobs number.
Add 0015 parallel build patch to quilt series
Jonathan Liu (2):
Add note about FRONTBUFFER_LOCKING environment variable
Fix Qt capitalization and add link to website
Maxime Ripard (12):
mali: Fix build in 4.15
mali: Make reserved memory optional as it should be
mali: sunxi: Set platform bus type right after device allocation
mali: Make devfreq optional
mali: Actually fix the build
build: Treat patch and make failures as errors
build: Make patch return immediately on error
build: Make sure that we're building a supported release
README: fix the casing of sunXi
README: Talk about triple buffering
build: Switch to quilt
patches: Move version-specific patches to their directory
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add allwinner mali kernel driver package. Used in combination with
userspace Allwinner openGL libraries, it gives possibility to use 3D openGL
SoC acceleration.
[Peter: Rename to sunxi-mali-mainline-driver. Use revision selection from
sunxi-mali-mainline package. Depend on that package and default to
y if dependencies are met. Tweak Linux config]
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add Allwinner Mali openGL userspace driver r6p2.
Used combined with kernelspace Mali driver,
it gives possibility to use 3D openGL SoC acceleration.
It provides fbdev libraries and headers.
It is compatible with Linux >= 4.4 as sunxi-mali-driver-mainline.
[Peter: Move version logic to Config.in, ensure directories exists]
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Reviewed-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ublibc-ng does not provide PF_VSOCK/AF_VSOCK definitions. Add them
locally until ucblibc-ng updates its headers.
Fixes:
http://autobuild.buildroot.net/results/3d5/3d5a29e3c61ff071628c2937844ea4156059b3dd/
Cc: Petr Vorel <petr.vorel@gmail.com>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
uriparser 0.8.5 with bugfixes has been released. It has also moved from
SourceForge to GitHub:
https://uriparser.github.io/
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Orange-Pi Zero Plus2 board has AP6212 WiFi/BT combo, but does
not have ethernet port. So it makes sense to enable wireless
networking by default:
- add DTS patch enabling AP6212 WiFi/BT combo support
-- this patch is on its way to mainline Linux v4.16
- enable WiFi support in kernel config
- enable Broadcom brcmfmac kernel driver in kernel config
- add Broadcom wireless firmware package to image
- add basic wireless tools to image
- add mdev to image to enable module autoloading
- add rootfs overlay with proper NVRAM file for on-board AP6212 chip
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
