Fixes the following security issues:
- CVE-2018-16543: In Artifex Ghostscript before 9.24, gssetresolution and
gsgetresolution allow attackers to have an unspecified impact
- CVE-2018-17183: Artifex Ghostscript before 9.25 allowed a user-writable
error exception table, which could be used by remote attackers able to
supply crafted PostScript to potentially overwrite or replace error
handlers to inject code.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Carlos O'Donell (1):
Fix tst-setcontext9 for optimized small stacks.
DJ Delorie (3):
RISC-V: Fix rounding save/restore bug.
Regen RISC-V rvd ULPs
Improve ChangeLog message.
Florian Weimer (6):
Linux: Rewrite __old_getdents64 [BZ #23497]
error, error_at_line: Add missing va_end calls
nscd: Deallocate existing user names in file parser
nss_files: Fix file stream leak in aliases lookup [BZ #23521]
regex: Add test tst-regcomp-truncated [BZ #23578]
misc: New test misc/tst-gethostid
H.J. Lu (1):
i386: Use ENTRY and END in start.S [BZ #23606]
Martin Kuchta (1):
pthread_cond_broadcast: Fix waiters-after-spinning case [BZ #23538]
Mingli Yu (1):
Linux gethostid: Check for NULL value from gethostbyname_r [BZ #23679]
Paul Eggert (1):
regex: fix uninitialized memory access
Samuel Thibault (2):
hurd: Add missing symbols for proper libc_get/setspecific
hurd: Avoid PLTs for __pthread_get/setspecific
Stefan Liebler (1):
Fix segfault in maybe_script_execute.
Wilco Dijkstra (1):
Fix strstr bug with huge needles (bug 23637)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
HAProxy is a free, very fast and reliable solution offering
high availability, load balancing, and proxying for TCP and
HTTP-based applications.
http://www.haproxy.org
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump the package to the most up to date version and fix the sha256 hash.
linux-firmware was failing due to an incorrect sha256 hash, as follows:
Fetching all references
warning: redirecting to https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/
remote: Counting objects: 6972, done.
remote: Total 6972 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6972/6972), 196.63 MiB | 4.22 MiB/s, done.
Resolving deltas: 100% (4516/4516), done.
>From http://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware
* [new branch] master -> origin/master
warning: redirecting to https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/
warning: refname '8d69bab7a3da1913113ea98cefb73d5fa6988286' is ambiguous.
Git normally never creates a ref that ends with 40 hex characters
because it will be ignored when you just specify 40-hex. These refs
may be created by mistake. For example,
git checkout -b $br $(git rev-parse ...)
where "$br" is somehow empty and a 40-hex ref is created. Please
examine these refs and maybe delete them. Turn this message off by
running "git config advice.objectNameWarning false"
ERROR: linux-firmware-8d69bab7a3da1913113ea98cefb73d5fa6988286.tar.gz has wrong sha256 hash:
ERROR: expected: 905be20e4e2d7628dea4e2e99195520fc0cce8b247faabdc52fc44a3ff2ceb04
ERROR: got : b9fce72a7b0b55eb311701dfd47914bc9e037134fa401d33e6e73ab9ebc9d116
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump the kernel version to 4.18.10.
Tested with qemu 2.11.2 on bios and UEFI virtual machines.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The latest uClibc-ng version (1.0.30) provides clock_nanosleep() even
for non NPTL configurations.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't display comment if BR2_USE_MMU is true
Moreover, move BR2_USE_MMU dependency at the top of dependency list
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update LICENSE.adoc: change was zlib and year bump.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The libXdmcp configure script uses pkg-config, but the Buildroot
package does not depend on host-pkgconf. This is not seen by the
autobuilders most likely because another package that is always built
before libXdmcp builds pkg-config.
However, running:
$ make xlib_libXdmcp
triggers the following build failure:
checking pkg-config is at least version 0.9.0... ./configure: line 12323: /home/thomas/projets/buildroot/output/host/bin/pkg-config: No such file or directory
no
[...]
checking for XDMCP... configure: error: in `/home/thomas/projets/buildroot/output/build/xlib_libXdmcp-1.1.2':
configure: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
This was detected using per-package target/host folders, because with
this, only the dependencies explicitly expressed by a package are
available to the package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Move to cmake infrastructure
- Do not enforce zlib dependency
- Add optional bzip2 dependency
- Add mandatory host-pkgconf and libbsd dependency
- Remove miniunzip from Config.in, miniunzip (miniunz) has been merged
with minizip:
a66cc31fac
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The woff2 dependency is used to support Web fonts in WOFF2 format.
This is a Web-facing feature that Web sites expect WebKit to support,
and it is recommended to be unconditionally enabled. While it is
possible to disable the feature at build time, upstream only recommends
doing so if the target system cannot provide a woff2 package.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
