Fixed CVEs:
- CVE-2016-9387
- CVE-2016-9388
- CVE-2016-9389
- CVE-2016-9390
- CVE-2016-9391
- CVE-2016-9392
- CVE-2016-9393
- CVE-2016-9394
- CVE-2016-9395
- CVE-2016-9396
- CVE-2016-9397
- CVE-2016-9398
- CVE-2016-9399
- CVE-2016-9557
- CVE-2016-9560
Changes to jasper.mk:
- Switched site method to GitHub. 1.900.31 is not released as a tarball
in the official website.
- Autoreconf necessary since there isn't any configure script. We need
to generate it.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport 2 patches from upstream (from 3.18-rc1) for gcc 5.x support and a
patch from Marco Franceschetti (https://github.com/vonfritz/kernel/) to fix
gcc 5.x compat issues in the bsp wifi drivers.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ntpq and ntpdc may depends on libedit and libcap.
$ arm-linux-readelf -d ./usr/bin/ntpdc | grep NEEDED
0x00000001 (NEEDED) Shared library: [libcap.so.2]
0x00000001 (NEEDED) Shared library: [libm.so.6]
0x00000001 (NEEDED) Shared library: [libedit.so.0]
0x00000001 (NEEDED) Shared library: [libncursesw.so.6]
0x00000001 (NEEDED) Shared library: [libssl.so.1.0.0]
0x00000001 (NEEDED) Shared library: [libcrypto.so.1.0.0]
0x00000001 (NEEDED) Shared library: [libpthread.so.0]
0x00000001 (NEEDED) Shared library: [libc.so.6]
However, build order with these libraries is not defined.
In order to keep things simple, we enforce build order even if ntpq/ntpdc are
not selected.
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
[Thomas: use --without-lineeditlibs.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As detailed by Chris Evans, the flic decoder contains a buffer overflow which
can be exploited to cause arbitrary code execution as the user running
gstreamer:
https://scarybeastsecurity.blogspot.be/2016/11/0day-exploit-advancing-exploitation.html
Fixes CVE-2016-9634, CVE-2016-9635 and CVE-2016-9636.
add the upstream patches to fix this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 173135df5b ("core: re-enter make if
$(CURDIR) or $(O) are not canonical paths") introduced the CANONICAL_O
variable, defined as:
CANONICAL_O := $(shell mkdir -p $(O) >/dev/null 2>&1)$(realpath $(O))
This duplicates the definition of BASE_DIR, by different means:
BASE_DIR := $(shell mkdir -p $(O) && cd $(O) >/dev/null && pwd)
So one of these shell calls is redundant. CANONICAL_O is defined first,
so this commit replaces the BASE_DIR derivation with $(CANONICAL_O).
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
0002-xserverfix.patch added xlib_libXfont as new dependency.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2016-9556 (Heap buffer overflow in IsPixelGray).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested with a boot in Qemu (g3beige).
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Kernel 4.8.11 brings commit 5f95e68daae397 ("clk: imx: fix integer overflow
in AV PLL round rate"), which fixes a PLL calculation bug, so bump to this
version.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 8035ceb56c.
Moving to pseudo brought a number of issues (and longer compilation time),
so lets stick with fakeroot now that the reported ubi issue has been worked
around.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#9386
GNU sed -i misbehaves on systems with SELinux enabled, as it tries to copy
to the SELinux security context (xattr) from the source file to to the new
destination file, which fails under fakeroot and leaves the file with 000
permissions, causing ubinize to fail when it cannot read to configuration
file.
So as a workaround, combine the install and tweak steps in a single
sed with a redirect to the destination file instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
