gdb 7.12+ by default builds with a C++ compiler, which naturally doesn't
work when we don't have C++ support in the toolchain.
Fix it by passing --disable-build-with-cxx for such setups.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On Darwin, user's trust preferences for root certificates were not honored.
If the user had a root certificate loaded in their Keychain that was
explicitly not trusted, a Go program would still verify a connection using
that root certificate. This is addressed by https://golang.org/cl/33721,
tracked in https://golang.org/issue/18141. Thanks to Xy Ziemba for
identifying and reporting this issue.
The net/http package's Request.ParseMultipartForm method starts writing to
temporary files once the request body size surpasses the given "maxMemory"
limit. It was possible for an attacker to generate a multipart request
crafted such that the server ran out of file descriptors. This is addressed
by https://golang.org/cl/30410, tracked in https://golang.org/issue/17965.
Thanks to Simon Rawet for the report.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default, mariadb's cmake script tries to detect dtrace support. On
hosts that have dtrace installed, this incorrectly enables dtrace and
causes compile errors.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a package containing a C library and a set of command-line tools
for controlling GPIOs from user space using the new character device
interface on linux.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
[Thomas:
- add comment about autoreconf=yes (suggested by Romain Naour)
- add more conventional syntax for the --{enable,disable}-tools usage
(suggested by Romain Naour)
- add patch to fix musl build.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
RunC allowed additional container processes via runc exec to be ptraced by
the pid 1 of the container. This allows the main processes of the
container, if running as root, to gain access to file-descriptors of these
new processes during the initialization and can lead to container escapes or
modification of runC state before the process is fully placed inside the
container.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
http://autobuild.buildroot.net/results/833/8334631b54fdfd43d38ca00f42e4d5a98e3a70c4/http://autobuild.buildroot.net/results/9c0/9c08e0b745fab671123facb4a46f60eec5afd718/
Commit 24d90db52a (package/nodejs: disable icu support for host build)
added --with-intl=none to host configure flags to fix an issue related to
icu. The 0.10.x version unfortunately doesn't understand this configure
flag and errors out when provided, breaking the build:
configure: error: no such option: --with-intl
The 0.10.x version doesn't seem to have this icu issue (E.G. no autobuilder
issues before this commit and unable to reproduce locally), so fix it by
only passing --with-intl=none for the 6.9.x version.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
No need to fetch the musl patch from upstream anymore.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 5a18eabdf0.
It did not take into account all the possible situations. A different fix
will be provided in a forthcomming patch.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-0381: A remote code execution vulnerability in
silk/NLSF_stabilize.c in libopus in Mediaserver could enable an attacker
using a specially crafted file to cause memory corruption during media file
and data processing.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
And drop patches now upstream. Also enable internal glob() handling in ash,
as busybox now errors out if this isn't enabled when building for uClibc
because of bugs in the the glob(3) implementation in uClibc and musl since:
commit 3a4cdf45f928de0af09088bbbb96f60d9ac44e87
Author: Denys Vlasenko <vda.linux@googlemail.com>
Date: Wed Dec 21 04:13:23 2016 +0100
ash: error out if ASH_INTERNAL_GLOB is not selected on uClibc
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Parallel build still fails on heavilly multicore machines (e.g. -j25)
and hacks likecommit 32f4957b15 do not
seem to be effective.
Let's simply use MAKE1 for the build step, instead.
Fixes:
http://autobuild.buildroot.net/results/388/38834ad3013fe79e5e4f75997133f1bd827be6dc
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>