This is a maintenance release of the current stable WebKitGTK+ version,
which contains fixes for CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, and
CVE-2017-13856. Additionally, this release brings improvements in the
WebDriver spec-compliance, plugs several memory leaks in its GStreamer based
multimedia backend, and fixes a bug when handling cookie removal.
Release notes can be found in the announcement:
https://webkitgtk.org/2017/12/19/webkitgtk2.18.4-released.html
More details about the security fixes are provided in the following
WebKitGTK+ Security Advisory report:
https://webkitgtk.org/security/WSA-2017-0010.html
Last but not least, this new release includes the fix for honoring the
CMAKE_BUILD_TYPE value from CMake toolchain files and the corresponding
patch is removed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The (deprecated) libsamplerate support is not enabled unless
--enable-samplerate is passed to configure. Fix this.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Put together alsa-lib dependency and configure option code. As a side
effect we now avoid alsa-lib dependency when the required support in
alsa is missing.
Use positive logic.
Explicitly enable alsa support when available.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-13672: QEMU (aka Quick Emulator), when built with the VGA display
emulator support, allows local guest OS privileged users to cause a denial
of service (out-of-bounds read and QEMU process crash) via vectors involving
display update.
CVE-2017-15118: Stack buffer overflow in NBD server triggered via long
export name
CVE-2017-15119: DoS via large option request
CVE-2017-15268: Qemu through 2.10.0 allows remote attackers to cause a
memory leak by triggering slow data-channel read operations, related to
io/channel-websock.c.
For more details, see the release announcement:
https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg03618.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for Orangepi PC2
board with below features:
- U-Boot 2017.11
- Linux 4.14
- Default packages from buildroot
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for Orangepi Zero Plus2
board with below features:
- U-Boot 2017.11
- Linux 4.14
- Default packages from buildroot
Cc: zhaoyifan <zhao_steven@263.net>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for Orangepi Prime
board with below features:
- U-Boot 2017.11
- Linux 4.14
- Default packages from buildroot
Cc: zhaoyifan <zhao_steven@263.net>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for Orangepi Win/Win Plus
board with below features:
- U-Boot 2017.11
- Linux 4.14
- Default packages from buildroot
Cc: zhaoyifan <zhao_steven@263.net>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for Olimex A64-OLinuXino
board with below features:
- U-Boot 2017.11
- Linux 4.14
- Default packages from buildroot
Cc: Tsvetan Usunov <usunov@olimex.com>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for FriendlyARM Nanopi NEO2 board with below features:
- U-Boot 2017.11
- Linux 4.14
- Default packages from buildroot
Cc: Yuefei <yftan@friendlyarm.com>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for FriendlyARM Nanopi A64
board with below features:
- U-Boot 2017.11
- Linux 4.14
- Default packages from buildroot
Cc: Yuefei <yftan@friendlyarm.com>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for SoPine board
with below features:
- U-Boot 2017.11
- Linux 4.14
- Default packages from buildroot
Cc: TL Lim <tllim@pine64.org>
Cc: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for Pine64 board
with below features:
- U-Boot 2017.11
- Linux 4.14
- Default packages from buildroot
Cc: TL Lim <tllim@pine64.org>
Cc: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for bananapi M64 board
with below features:
- U-Boot 2017.11
- Linux 4.14
- Default packages from buildroot
Cc: Jason <manager@sinovoip.com.cn>
Cc: hailymei@banana-pi.com <hailymei@banana-pi.com>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This would make the unicode challenged menuconfig show something
sensible.
Split the sentence for the text to make sense.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development
does not check for a trailing '\0' character in an xattr name, which allows
remote attackers to cause a denial of service (heap-based buffer over-read
and application crash) or possibly have unspecified other impact by sending
crafted data to the daemon.
For more details, see:
https://bugzilla.samba.org/show_bug.cgi?id=13112
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add drivers for Atheros 10k (QCA998X) chipset.
Both firmware versions are imported, and unused should be pruned as
required.
[Peter: use upper case 'K' in symbol name]
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ConsoleKit module is loaded by default from the default.pa
configuration file, but its initialization fails because Buildroot has
no ConsoleKit package yet. This breaks per-user pulseaudio daemon.
The default.pa configuration load module-console-kit only when it
exists. Remove module-console-kit to fix pulseaudio per-user startup.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
lldpd currently depends on a C++ compiler to configure properly, but
the package doesn't select that option, so builds fail if
BR2_TOOLCHAIN_BUILDROOT_CXX is not selected with following errors:
checking how to run the C++ preprocessor... /lib/cpp
configure: error: in `/home/dkc/src/buildroot/build-zii/build/lldpd-0.9.4':
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
This package actually builds fine without C++, so drop this check in
configure.ac. Attached patch has already been accepted upstream [1].
[1] https://github.com/vincentbernat/lldpd/pull/261
[Peter: adjust autoreconf comment]
Signed-off-by: Damien Riegel <damien.riegel@savoirfairelinux.com>
Reviewed-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit cb7aa25df8 has disabled upnp support
as --disable-upnp and --enable-upnp are both set if libupnp or libupnp18
is enabled
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ATF >= 1.3 builds a host program called fiptool which uses
OpenSSL, so we need to build host-openssl. We could have made it an
optional dependency like U-Boot does, but since most ATF versions are
going to be >= 1.3 in the near future, we simply make host-openssl a
mandatory dependency.
However, the ATF build system is not very good, and you can't easily
pass flags that will affect the build of host programs. Therefore, we
take the approach of building fiptool separately before triggering the
real build process.
It would obviously be better to fix ATF itself, but as usual with
those bootloader packages, we fetch different versions depending on
the platform/configuration, making it difficult to use patches.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/44868961
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See https://nodejs.org/en/blog/release/v8.9.3/
[Peter: mention that this fixes security issues]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When package installation fails it is good to know what happened.
Signed-off-by: Alexey Roslyakov <alexey.roslyakov@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
MIPS N64 ABI has been missing getdents64 wire up until kernel version
3.10. Disable use of getdents on older kernels.
Fixes:
http://autobuild.buildroot.net/results/961/9619062ce6642ae4121d7debb3b4c632c88723d5/
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Philipp Claves <claves@budelmann-elektronik.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix licence information and add licence checksum.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
python-pycparser is mentioned in setup.py as install_requires, so
select it in Config.in.
As python-cffi will be installed with python-crossbar's dependencies,
remove it from python-crossbar's Config.in.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
iproute2 renamed the configure script output file to config.mk. Update
the config tweaking code accordingly.
The configure script now detects xtables correctly, drop this part.
Add a comment to explain the TC_CONFIG_XT disable tweak.
Cc: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit fixes the ordering of the Config.in option properties, as
reported by check-package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit fixes the warnings reported by check-package on the help
text of all package Config.in files, related to the formatting of the
help text: should start with a tab, then 2 spaces, then at most 62
characters.
The vast majority of warnings fixed were caused by too long lines. A
few warnings were related to spaces being used instead of a tab to
indent the help text.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>