Fixes the following security issues and adds a number of other bigfixes:
2.8.1: Changelog:
https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg06332.html
CVE-2017-2615 - display: cirrus: oob access while doing bitblt copy backward
mode
CVE-2017-2620 - display: cirrus: out-of-bounds access issue while in
cirrus_bitblt_cputovideo
CVE-2017-2630 - nbd: oob stack write in client routine drop_sync
2.8.1.1 Changelog:
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg03460.html
CVE-2017-7471 - 9p: virtfs allows guest to change filesystem attributes on
host
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes
http://autobuild.buildroot.net/results/8e6/8e639ab8912e7d884fd8e6dbb1ca8b49451dd766/
/home/test/autobuild/run/instance-1/output/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libcrypto.a(c_zlib.o):
In function `zlib_stateful_expand_block':
c_zlib.c:(.text+0x54): undefined reference to `inflate'
/home/test/autobuild/run/instance-1/output/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libcrypto.a(c_zlib.o):
In function `zlib_stateful_compress_block':
c_zlib.c:(.text+0xd4): undefined reference to `deflate'
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
./configure: --disable-uuid is obsolete, UUID support is always built
Change-Id: I9e278418d19e15bbbd3ea233658cd62f75e3385c
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building Qt with QtWebKit on configuration step there is
a check which disables QtWebKit build with GCC 6+.
Back in the day nobody thought about building Qt with GCC
version greater than 5.x. And now with modern GCCs like
6.x and 7.x this assumption gets in the way.
Given in Buildroot today we don't have GCC older than 4.9
it should be safe to remove now meaningless check completely
by adding patch to qt.
Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, bridge-utils wants to grap the headers from the linux-headers
package, so we point it directly there, as has been the case since we
first added bridge-utils in 2003 (c8eea31d3f), and then further refined
in 2005 (178a317d26) which is the first moment we pointed to the linux-
headers directory.
However, ther are two things wrong with that.
First, the headers are not directly in $(LINUX_HEADERS_DIR). Instead,
they are in a sub-directory thereof. So, we could not have found them
the way we are doing now.
Second, this definitely does not work when using an external toolchain,
because there is not linux-headers package enabled then.
Yet, against all odds, bridge-utils has valiantly deflected all rocks
thrown its way, day-in day-out building without any issue in every
autobuilders it's been confronted with. Good boy, good boy. :-)
And indeed, it turns out that the required headers are easily found from
within the sysroot of the toolchain. Wonders! :-)
But there's still a gotcha: the default search path is still a hard
coded path pointing to the installed kernel source tree on the host.
So, we still have to pass this option, but we can simply point to the
sysroot.
[Peter: point to sysroot instead of non-existing directory]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Like for nfs-utils and strongswan, add stdint.h header for
UINT16_MAX definition
Reported-by: Ross <grunpferd@netscape.net>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Glibc bump to 2.26 exposed this missing header when building with the
following combination using an i386 internal toolchain:
gcc5.4.0
bin2.28.1
linux4.1.43
Logfile snippet:
2017-10-02T00:08:11 ^
2017-10-02T00:08:12 rpc.c: In function ‘nsm_recv_getport’:
2017-10-02T00:08:12 rpc.c:469:13: error: ‘UINT16_MAX’ undeclared (first use in this function)
Upstream: https://bugzilla.linux-nfs.org/show_bug.cgi?id=312
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Recent releases of glibc don't include the full stdint.h
header in some network headers included by utils.h.
Upstream is targetting a 5.6.1 release of the fix.
Ustream: https://wiki.strongswan.org/issues/2425
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove xlocale.h header include since it's removed from glibc 2.26.
Reported-by: Ross <grunpferd@netscape.net>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The COPYING file is part of the xf86-input-tslib project's source tree.
Let's include the hash for it's current version.
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Those cores are not supported in upstream gcc, not even in master.
The only toolchain that supported those core was the 2014R1 ADI
rebuilt toolchain, but we removed it in 311bc13 (toolchain: kill
ADI Blackfin toolchain) because there was too many issues with it.
ADI has not released any newer toolchain since then.
There is little hope for those cores now, so remove them.
Support for those cores has been useless and unusable for a while
without nobody noticing, therefore we intentionally skip adding
Config.in.legacy. This would require keeping code in
arch/Config.in.bfin since the options being removed are inside a
choice...endchoice block.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Thomas: explain why we don't add the options to Config.in.legacy.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Some cores are not supported by upstream gcc.
Use the newly-introduced symbol to state so, rather than have the
exclusion in the toolchain choice.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Some cores are not supported by upstream gcc.
Use the newly-introduced symbol to state so, rather than have the
exclusion in the toolchain choice.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Upstream gcc does not have support for C-Sky, and we do not have a
vendor tree for it either (yet?).
Use the newly-introduced symbol to state so, rather than have the
exclusion in the toolchain choice.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Some architectures or specific cores do not have support in upstream
gcc. Currently, they are individually listed as exclusions in the
toolchain choice.
This poses a maintainance burden, as the knowledge about what gcc
version supports what architecture is split across many places: the
toolchain choice, the gcc version choice, the external toolchains.
As a first step, add a blind option that architectures or individual
cores may select to indicate they lack support in our internal backend.
Actual use of the option will come in followup patches.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since tslib's COPYING file in part of the source tree, we can easily
include it's hash for the given version here.
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop direct sed'ing of config.h for HAVE_CONNTRACK, HAVE_LUASCRIPT, and
HAVE_DBUS. Use MAKE_OPTS COPTS parameters instead, like we do already
for all other options.
Rename DNSMASQ_ENABLE_LUA to DNSMASQ_TWEAK_LIBLUA since it now does only
that.
Merge two conntrack and three dbus conditional sections.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Supported Lua version is now 5.2.
Add licenses hash.
Fixes a number of security issues:
CVE-2017-13704 - Crash when DNS query exceeded 512 bytes (a regression
in 2.77, so technically not fixed by this bump)
CVE-2017-14491 - Heap overflow in DNS code
CVE-2017-14492 - Heap overflow in IPv6 router advertisement code
CVE-2017-14493 - Stack overflow in DHCPv6 code
CVE-2017-14494 - Information leak in DHCPv6
CVE-2017-14496 - Invalid boundary checks allows a malicious DNS queries
to trigger DoS
CVE-2017-14495 - Out-of-memory Dos vulnerability
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bump version and remove patches that were merged upstream
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the extraction commands entirely remove the urg directory,
which means the downloaded stamp will get removed, and thus a subsequent
build would try to re-download it.
It turns out that the directory extracted by urg is already correctly
named, so we just need to extract out of the build directory. This
highly simplifies the command.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As usual, musl is more conservative than the alternatives, wrt to
headers that are internally included.
Fixes:
http://autobuild.buildroot.org/results/a7a/a7a6b17dff09a45a35185a0e02704523b815dd57/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream does not provide a .tar.xz archive for this release. Revert to
.tar.gz.
Cc: Phil Eichinger <phil.eichinger@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
