Fixed CVEs:
- CVE-2016-9387
- CVE-2016-9388
- CVE-2016-9389
- CVE-2016-9390
- CVE-2016-9391
- CVE-2016-9392
- CVE-2016-9393
- CVE-2016-9394
- CVE-2016-9395
- CVE-2016-9396
- CVE-2016-9397
- CVE-2016-9398
- CVE-2016-9399
- CVE-2016-9557
- CVE-2016-9560
Changes to jasper.mk:
- Switched site method to GitHub. 1.900.31 is not released as a tarball
in the official website.
- Autoreconf necessary since there isn't any configure script. We need
to generate it.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport 2 patches from upstream (from 3.18-rc1) for gcc 5.x support and a
patch from Marco Franceschetti (https://github.com/vonfritz/kernel/) to fix
gcc 5.x compat issues in the bsp wifi drivers.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ntpq and ntpdc may depends on libedit and libcap.
$ arm-linux-readelf -d ./usr/bin/ntpdc | grep NEEDED
0x00000001 (NEEDED) Shared library: [libcap.so.2]
0x00000001 (NEEDED) Shared library: [libm.so.6]
0x00000001 (NEEDED) Shared library: [libedit.so.0]
0x00000001 (NEEDED) Shared library: [libncursesw.so.6]
0x00000001 (NEEDED) Shared library: [libssl.so.1.0.0]
0x00000001 (NEEDED) Shared library: [libcrypto.so.1.0.0]
0x00000001 (NEEDED) Shared library: [libpthread.so.0]
0x00000001 (NEEDED) Shared library: [libc.so.6]
However, build order with these libraries is not defined.
In order to keep things simple, we enforce build order even if ntpq/ntpdc are
not selected.
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
[Thomas: use --without-lineeditlibs.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As detailed by Chris Evans, the flic decoder contains a buffer overflow which
can be exploited to cause arbitrary code execution as the user running
gstreamer:
https://scarybeastsecurity.blogspot.be/2016/11/0day-exploit-advancing-exploitation.html
Fixes CVE-2016-9634, CVE-2016-9635 and CVE-2016-9636.
add the upstream patches to fix this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 173135df5b ("core: re-enter make if
$(CURDIR) or $(O) are not canonical paths") introduced the CANONICAL_O
variable, defined as:
CANONICAL_O := $(shell mkdir -p $(O) >/dev/null 2>&1)$(realpath $(O))
This duplicates the definition of BASE_DIR, by different means:
BASE_DIR := $(shell mkdir -p $(O) && cd $(O) >/dev/null && pwd)
So one of these shell calls is redundant. CANONICAL_O is defined first,
so this commit replaces the BASE_DIR derivation with $(CANONICAL_O).
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
0002-xserverfix.patch added xlib_libXfont as new dependency.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2016-9556 (Heap buffer overflow in IsPixelGray).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested with a boot in Qemu (g3beige).
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Kernel 4.8.11 brings commit 5f95e68daae397 ("clk: imx: fix integer overflow
in AV PLL round rate"), which fixes a PLL calculation bug, so bump to this
version.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 8035ceb56c.
Moving to pseudo brought a number of issues (and longer compilation time),
so lets stick with fakeroot now that the reported ubi issue has been worked
around.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#9386
GNU sed -i misbehaves on systems with SELinux enabled, as it tries to copy
to the SELinux security context (xattr) from the source file to to the new
destination file, which fails under fakeroot and leaves the file with 000
permissions, causing ubinize to fail when it cannot read to configuration
file.
So as a workaround, combine the install and tweak steps in a single
sed with a redirect to the destination file instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Details at https://github.com/rhinstaller/efibootmgr/issues/61.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[Thomas: efivar still doesn't build on musl, so same for efibootmgr.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Details at https://github.com/rhinstaller/efivar/issues/76.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[Thomas: tweak the dependency, efivar still doesn't build with musl.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Use newest release.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add an option to QEMU to include the "tools" (configure option:
--enable-tools) in the target. This adds a dependency on pixman, but
that's already present.
Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
gcc 4.7 introduced the sync_8 builtin functions for ARM. For ARM < v7,
this requires calling into the kernel. However, the failure path of
that call reports an error with the __write() function, which is a
glibc internal function. Therefore, it fails to link with uClibc or
musl. This was fixed in gcc 5.2.0, by replacing the __write() with
a plain write().
For sync_8 itself we have solved this with the conditions on
BR2_TOOLCHAIN_ARM_HAS_SYNC_8. However, the same function is also used
for the implementation of atomics.
For the internal toolchain, we can fix this by backporting the patch
to 4.9.4 and 4.8.5.
Fixes:
http://autobuild.buildroot.net/results/1db64b4830f499621e44523e0ef68191505e2ce9
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
