Fixed CVEs:
- CVE-2016-9387
- CVE-2016-9388
- CVE-2016-9389
- CVE-2016-9390
- CVE-2016-9391
- CVE-2016-9392
- CVE-2016-9393
- CVE-2016-9394
- CVE-2016-9395
- CVE-2016-9396
- CVE-2016-9397
- CVE-2016-9398
- CVE-2016-9399
- CVE-2016-9557
- CVE-2016-9560
Changes to jasper.mk:
- Switched site method to GitHub. 1.900.31 is not released as a tarball
in the official website.
- Autoreconf necessary since there isn't any configure script. We need
to generate it.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport 2 patches from upstream (from 3.18-rc1) for gcc 5.x support and a
patch from Marco Franceschetti (https://github.com/vonfritz/kernel/) to fix
gcc 5.x compat issues in the bsp wifi drivers.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ntpq and ntpdc may depends on libedit and libcap.
$ arm-linux-readelf -d ./usr/bin/ntpdc | grep NEEDED
0x00000001 (NEEDED) Shared library: [libcap.so.2]
0x00000001 (NEEDED) Shared library: [libm.so.6]
0x00000001 (NEEDED) Shared library: [libedit.so.0]
0x00000001 (NEEDED) Shared library: [libncursesw.so.6]
0x00000001 (NEEDED) Shared library: [libssl.so.1.0.0]
0x00000001 (NEEDED) Shared library: [libcrypto.so.1.0.0]
0x00000001 (NEEDED) Shared library: [libpthread.so.0]
0x00000001 (NEEDED) Shared library: [libc.so.6]
However, build order with these libraries is not defined.
In order to keep things simple, we enforce build order even if ntpq/ntpdc are
not selected.
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
[Thomas: use --without-lineeditlibs.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As detailed by Chris Evans, the flic decoder contains a buffer overflow which
can be exploited to cause arbitrary code execution as the user running
gstreamer:
https://scarybeastsecurity.blogspot.be/2016/11/0day-exploit-advancing-exploitation.html
Fixes CVE-2016-9634, CVE-2016-9635 and CVE-2016-9636.
add the upstream patches to fix this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 173135df5b ("core: re-enter make if
$(CURDIR) or $(O) are not canonical paths") introduced the CANONICAL_O
variable, defined as:
CANONICAL_O := $(shell mkdir -p $(O) >/dev/null 2>&1)$(realpath $(O))
This duplicates the definition of BASE_DIR, by different means:
BASE_DIR := $(shell mkdir -p $(O) && cd $(O) >/dev/null && pwd)
So one of these shell calls is redundant. CANONICAL_O is defined first,
so this commit replaces the BASE_DIR derivation with $(CANONICAL_O).
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
0002-xserverfix.patch added xlib_libXfont as new dependency.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2016-9556 (Heap buffer overflow in IsPixelGray).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested with a boot in Qemu (g3beige).
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Kernel 4.8.11 brings commit 5f95e68daae397 ("clk: imx: fix integer overflow
in AV PLL round rate"), which fixes a PLL calculation bug, so bump to this
version.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 8035ceb56c.
Moving to pseudo brought a number of issues (and longer compilation time),
so lets stick with fakeroot now that the reported ubi issue has been worked
around.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
