Commit Graph

36662 Commits

Author SHA1 Message Date
Baruch Siach
b3eca09500 expat: security bump to version 2.2.2
Changes (security fixes):

[MOX-006]      Fix non-NULL parser parameter validation in XML_Parse;
                 resulted in NULL dereference, previously

Drop upstream patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-16 23:25:54 +02:00
Peter Korsgaard
d8a806e2b8 libosip2: add upstream security fix
Fixes CVE-2016-10324 - In libosip2 in GNU oSIP 4.1.0, a malformed SIP
message can lead to a heap buffer overflow in the osip_clrncpy() function
defined in osipparser2/osip_port.c.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-16 23:25:42 +02:00
Vicente Olivert Riera
9a0a0a976b arch/mips: add support for MIPS32 FP mode
MIPS32 support different FP modes (32,xx,64), so give the user the
opportunity to choose between them. That will cause host-gcc to be built
using the --with-fp-32=[32|xx|64] configure option. Also the
-mfp[32|xx|64] gcc option will be added to TARGET_CFLAGS and to the
toolchain wrapper.

FP mode option shouldn't be used for soft-float, so we add logic in the
toolchain wrapper if -msoft-float is among the arguments in order to not
append the -fp[[32|xx|64] option, otherwise the compilation may fail.

Information about FP modes here:

- https://sourceware.org/binutils/docs/as/MIPS-Options.html
- https://dmz-portal.imgtec.com/wiki/MIPS_O32_ABI_-_FR0_and_FR1_Interlinking#5._Generating_modeless_code

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 16:45:22 +02:00
Vicente Olivert Riera
2d8f3fc430 arch/mips: add support for MIPS NaN
MIPS supports two different NaN encodings, legacy and 2008. Information
about MIPS NaN encodings can be found here:

  https://sourceware.org/binutils/docs/as/MIPS-NaN-Encodings.html

NaN legacy is the only option available for R2 cores and older.
NaN 2008 is the only option available for R6 cores.
R5 cores can have either NaN legacy or NaN 2008, depending on the
implementation. So, if the user selects a generic R5 target architecture
variant, we show a choice menu with both options available. For well
known R5 cores we directly select the NaN enconding they use.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 16:35:39 +02:00
Yegor Yefremov
14645274a4 python-zope-interface: bump to version 4.4.2
Add setuptools as a runtime dependency because zope-interface
uses pkg_resources during initialization.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 16:21:45 +02:00
Bernd Kuhls
fae7573fca package/kodi-peripheral-xarcade: new package
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 16:16:01 +02:00
Bernd Kuhls
b0432b5d79 package/kodi-peripheral-steamcontroller: new package
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 16:12:25 +02:00
Bernd Kuhls
8cdb958e42 package/kodi-peripheral-joystick: new package
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 16:09:03 +02:00
Erico Nunes
0802ede021 grub2: move usage notes to package readme.txt
As discussed in the mailing list, grub2 usage notes were growing too big
for a Config.in documentation, and so it was agreed that a readme.txt in
the package directory is a better place to put them.

This commit simply moves the documentation as-is to preserve the
original contents as they were in Config.in which can be worked on in
further commits.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 15:25:27 +02:00
Erico Nunes
5ffafd2353 grub2: bump up version
After many years since the last release and a long time with grub 2.02
in beta, there is finally a release and it brings many bug fixes and
interesting features such as support for ARM.

Patch boot/grub2/0001-remove-gets.patch doesn't seem to be required
anymore as grub-core/gnulib/stdio.in.h has changed significantly since
"053cfcd Import new gnulib." and has another treatment for gets.
Patch
boot/grub2/0002-grub-core-gettext-gettext.c-main_context-secondary_c.patch
was a backport which is present after the bump and therefore is also no
longer necessary.

Since we're adding a Config.in comment, we also introduce a
BR2_TARGET_GRUB2_ARCH_SUPPORTS hidden boolean, in order to avoid
repeating the architecture dependencies.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: add BR2_TARGET_GRUB2_ARCH_SUPPORTS, remove bogus dependencies
on ARM and AArch64, since enabling Grub2 on those architectures is
done in another commit.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 14:55:33 +02:00
Peter Korsgaard
d4afb3288b minnowboard_max: bump to kernel 4.12.2
And drop the version number from the linux configuration.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 09:59:15 +02:00
Peter Korsgaard
1eec520aeb minnowboard_max-graphical_defconfig: use uClibc-ng
Now that we have wordexp support in uClibc-ng and nodm is available, we can
use it for the graphical defconfig.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 09:59:14 +02:00
Bernd Kuhls
e2f03a6bde package/kodi: fix build with newer gcc versions.
Using this defconfig produces a build error with kodi:

BR2_arm=y
BR2_cortex_a8=y
BR2_ARM_INSTRUCTIONS_THUMB2=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_KODI=y
BR2_PACKAGE_SUNXI_MALI=y
BR2_PACKAGE_PYTHON=y
BR2_PACKAGE_PYTHON_PY_ONLY=y

/home/buildroot/buildroot/output/build/kodi-17.3-Krypton/xbmc/filesystem/FTPParse.cpp:37:1:
 error: ‘string’ does not name a type
 string CFTPParse::getName()
 ^~~~~~
/home/buildroot/buildroot/output/build/kodi-17.3-Krypton/xbmc/filesystem/FTPParse.cpp:62:25:
 error: variable or field ‘setTime’ declared void
 void CFTPParse::setTime(string str)
                         ^~~~~~
/home/buildroot/buildroot/output/build/kodi-17.3-Krypton/xbmc/filesystem/FTPParse.cpp:62:25:
 error: ‘string’ was not declared in this scope

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 09:58:21 +02:00
Peter Seiderer
a9e053b5a8 qt5base: fix qthash error attribute(target("+crc")) is unknown
Add patch 0005-Fix-error-attribute-target-crc-is-unknown.patch.

Upstream: https://codereview.qt-project.org/200171

Fixes buildroot Bug 9916 ([1]).

[1] https://bugs.busybox.net/show_bug.cgi?id=9916

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 09:49:55 +02:00
Peter Seiderer
d558ca1713 binutils/2.27: backport patch to enable CRC instructions on supported ARMv8-A CPUs
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 09:49:52 +02:00
Martin Bark
65212d497e configs/raspberrypi3_64_defconfig: bump kernel version to 4.9.36
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 23:16:41 +02:00
Martin Bark
3ad020d0b4 configs/raspberrypi3_defconfig: bump kernel version to 4.9.36
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 23:16:39 +02:00
Martin Bark
440ecfd724 configs/raspberrypi2_defconfig: bump kernel version to 4.9.36
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 23:16:37 +02:00
Martin Bark
3aed1afd35 configs/raspberrypi0_defconfig: bump kernel version to 4.9.36
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 23:16:36 +02:00
Martin Bark
ff94fdc63e configs/raspberrypi_defconfig: bump kernel version to 4.9.36
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 23:16:34 +02:00
Martin Bark
bc537f98ee package/rpi-userland: bump version
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 23:16:32 +02:00
Martin Bark
cfcc470be8 package/rpi-firmware: bump version
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 23:16:30 +02:00
Adam Duskett
84f7745875 sngrep: remove ncurses wchar support
sngrep currently doesn't really use wchar support anyways, and when
checking for wchar support, it's checking the host systems ncurses
libraries.

Remove support for ncurses wchar until it's used in sngrep, and remove
the patches used to fix ncurses wchar detection.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 23:14:16 +02:00
Baruch Siach
de66071850 git: fix build with NLS disabled
Since commit bbfb02598b (git: use the new gettext logic) host-gettext is no
longer an unconditional dependency of git. When NLS is disabled host-gettext
is not built. This breaks the build of git, because the git Makefile runs
msgfmt unless NO_GETTEXT is defined.

Define NO_GETTEXT when NLS is disabled to fix the build.

Fixes:
http://autobuild.buildroot.net/results/c87/c8717619a1307f21cb9fe61196511cea44f72015/
http://autobuild.buildroot.net/results/e7a/e7acff51f988c333c3fe0c4a18eed42a273932d3/
http://autobuild.buildroot.net/results/153/153b17959847ec2079883c087cee27afbdf9571e/

Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Sagaert Johan <sagaert.johan@skynet.be>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-15 17:49:28 +02:00
Fabio Estevam
7d44e53b95 configs/mx53loco: Bump kernel and U-Boot versions
Bump Linux kernel version to 4.12.1 and U-Boot to 2017.05.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-15 17:37:20 +02:00
Jörg Krause
ea8aec0c26 configs/bananapro: bump Linux kernel to 4.12.1
Drop the board specific patches which has been applied upstream.

[Peter: also drop now unused BR2_GLOBAL_PATCH_DIR]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-15 17:34:25 +02:00
Fabio Estevam
a78c0935d9 linux-headers: bump 4.{4, 9, 11, 12}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-15 17:29:03 +02:00
Fabio Estevam
adb4356d7c linux: bump default to version 4.12.2
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-15 17:28:56 +02:00
Romain Naour
aac99867ce package/lshw: don't use NONLS when BR2_SYSTEM_ENABLE_NLS is not set
Since [1], NONLS is added to LSHW_CFLAGS even for glibc based toolchain.
Previously it was not the case since BR2_ENABLE_LOCALE is always
selected for glibc based toolchain.

With NONLS, config.h try to redefine two Intl function (textdomain and
bindtextdomain) that are used by glibc internally.

This break the build with the following error:
sysroot/usr/include/libintl.h:82:52: error: expected unqualified-id before 'throw'
 extern char *textdomain (const char *__domainname) __THROW;

The NONLS mode is really for cases where the C library does not provide
*any* gettext implementation, as would be the case with uClibc without
intl stubs enabled.

But in the context of Buildroot, all C libraries provide a gettext
implementation. It might be full-featured or minimal, but it always
exists.

So, remove NONLS from CFLAGS to avoid the build issue with glibc
toolchains.

Build tested with a uClibc toolchain without locale enabled.

Fixes:
http://autobuild.buildroot.net/results/9bf/9bf5437b4348ea8077013b80a51ce05fa328247d

[1] 3acd9f845d

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 14:46:33 +02:00
Luca Ceresoli
ee13aaf487 docs/website/support: clarify the bugtracker is for bugs only
The bugtracker is intended to be used for bug reports only, so clarify
it's not meant to be used for "any problem".

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 14:46:32 +02:00
Calin Crisan
9e03dd1cef pulseaudio: add optional dependency on bluez5_utils
The pulseaudio configure script autodetects the presence of
bluez 4.x and 5.x packages on the system and will exclude the
bluetooth-related modules in their absence.

This commit ensures that bluez5_utils, if selected, are installed
before pulseaudio. The same already happens for bluez_utils (4.x).

Signed-off-by: Calin Crisan <ccrisan at gmail dot com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 11:46:52 +02:00
Bernd Kuhls
d1fe23a9b2 package/libglfw: bump version to 3.2.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 11:39:33 +02:00
Bernd Kuhls
248310be74 package/bluez5_utils: bump to version 5.46
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 11:36:55 +02:00
Bernd Kuhls
9a3e677548 package/{mesa3d, mesa3d-headers}: bump version to 17.1.5
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 11:36:53 +02:00
Matt Weber
5c90f6a7b6 gcc: fix build of libsanitizer in gcc 4.9 and 5.x on PowerPC
libsanitizer in gcc fails to build on PowerPC with gcc versions 4.9
and 5.x used in conjunction with glibc 2.25, with the following error:

../../../../gcc-host/libsanitizer/asan/asan_linux.cc: In function 'bool __asan::AsanInterceptsSignal(int)':
../../../../gcc-host/libsanitizer/asan/asan_linux.cc:222:20: error: 'SIGSEGV' was not declared in this scope
   return signum == SIGSEGV && common_flags()->handle_segv;

This commit adds a patch that has been submitted to upstream gcc
(https://patchwork.ozlabs.org/patch/725596/) but not merged. The patch
is no longer needed with gcc 6.x and later because the code has been
reworked.

Fixes Buildroot bug #10061

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: rework commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 10:24:28 +02:00
Oleksandr G Zhadan
0aa8612dc4 board/arcturus/ppc-ucp1020: add patch to fix build with gcc 6.x.
This commit adds a Linux kernel patch to solve a build failure with
the arcturus_ucp1020_defconfig with gcc 6.x:

arch/powerpc/kernel/ptrace.c:407:24: warning: index 32 denotes an offset greater than size of 'u64[32][1] {aka long long unsigned int[32][1]}' [-Warray-bounds]
        offsetof(struct thread_fp_state, fpr[32][0]));
                        ^

The patch is upstream in Linux, and can be dropped when
arcturus_ucp1020_defconfig is updated to use a new Linux kernel
version.

Signed-off-by: Oleksandr Zhadan <oleks@arcturusnetworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 10:14:59 +02:00
Baruch Siach
972e55b7db kvazaar: fix build with gcc 7
Add upstream fix for a gcc 7 -Werror build failure.

Fixes:
http://autobuild.buildroot.net/results/ea1/ea1495696a0e810adb6695dad6b9f3d3363e81d5/
http://autobuild.buildroot.net/results/2c1/2c1fba63553afa735c5ac29d7f5de8368c794628/
http://autobuild.buildroot.net/results/d07/d07bfcb8efcb76cdea3c66e0cc24728f418e3872/

Cc: Alexandre Esse <alexandre.esse.dev@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 10:12:28 +02:00
Peter Korsgaard
0e99bef2fb package/Makefile.in: export O= to post-build/image scripts for out-of-tree builds
Sometimes it can be interesting to call back into buildroot from a
post-build/image script (E.G. make printvars or similar). For this to work
correctly with out-of-tree builds we need to pass O= to make, but this is
currently not available in the environment of post-build/image scripts.

In concept, O could be derrived from BUILD_DIR (E.G. by stripping /build),
but directly exporting O is cleaner.

O= cannot be exported globally as it interferes with various build systems,
so instead add it to EXTRA_ENV.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 10:10:56 +02:00
Yann E. MORIN
a3da7980eb package/rpi-firmware: install missing library
The vcdbg utility is linked to a few libraries, which so far were all
provided by the rpi-userland package.

But a not-so-recent bump of rpi-firmware pulled in a vcdbg that is
linked to an additional library, which is not privided by rpi-userland,
so we must install it.

Reported-by: cluelessperson on #buildroot
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 10:10:09 +02:00
Gwenhael Goavec-Merou
d68b83e10e librtlsdr: backport pull request to fix build with newer compilers
Fix:
http://autobuild.buildroot.net/results/ece/ece557db739aaad9b53130a8ecb4d98f6f67aedf

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 09:17:32 +02:00
Adam Duskett
6c0fb459c6 libressl: bump version to 2.5.5
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-15 00:07:01 +02:00
Evgeniy Didin
05827480fa strace: bump version to 4.18
This patch bumps the strace package to 4.18 upstream version.

Patch 0001-nios2-arch_regs-fix-nios2_sp_ptr-definition.patch has been
removed because it is part of 4.18.

Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: arc-buildroot@synopsys.com
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-14 23:13:13 +02:00
Yann E. MORIN
3268968ccc support/tests: fix ext4 runtime test
The current test fails because of a legacy option, renamed during the
recent ext overhaul.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-14 19:37:14 +02:00
Peter Korsgaard
544ac6bca0 tiff: add upstream security fix for CVE-2017-10688
Fixes CVE-2017-10688 - n LibTIFF 4.0.8, there is a assertion abort in the
TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c.  A
crafted input will lead to a remote denial of service attack.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-14 19:31:03 +02:00
Peter Korsgaard
31bd29fe09 spice: add upstream security fixes for CVE-2017-7506
Fixes CVE-2017-7506 - Possible buffer overflow via invalid monitor
configurations.

For more details, see:
https://marc.info/?l=oss-security&m=150001782924095

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-14 19:29:31 +02:00
Yegor Yefremov
45c468f6a5 python-simplejson: bump to version 3.11.1
Remove Python2 only dependency as the package is compatible
with Python3.

Add a dot at the end of the help text.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-14 15:14:39 +02:00
Peter Korsgaard
e67e6a72fd nginx: security bump to version 1.12.1
Fixes CVE-2017-7529 - Nginx versions since 0.5.6 up to and including 1.13.2
are vulnerable to integer overflow vulnerability in nginx range filter
module resulting into leak of potentially sensitive information triggered by
specially crafted request.

For more details, see:
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-14 15:13:55 +02:00
Peter Korsgaard
f5f3eb0bc2 nginx-upload: bump version to fix build against nginx-1.12.x
Fixes:
http://autobuild.buildroot.net/results/9ec/9ecf714667736bf61f643ad55588d3d6ebdde603/
http://autobuild.buildroot.net/results/cea/cea64e30e98543e10c8819f6337babfec6d7ac0f/

Bump to the latest commit on the 2.255 branch, which contains pull request
88 (work with latest nginx versions):

https://github.com/vkholodkov/nginx-upload-module/pull/88

git shortlog aba1e3f34c754551f4f49e572bc86863d535609d..
Anton (1):
      Add files via upload

Valery Kholodkov (5):
      Added tag for version 2.0.8
      Recreated tag for version 2.0.8
      Backported to nginx 0.5.37 by Anthony Kholodkov
      Updated Changelog
      Merge pull request #88 from antonbarinov/2.255

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-14 15:13:47 +02:00
Samuel Martin
2b2d53c334 package/nginx: fix build
Add a patch to nginx configuration system fixing misdetected unneeded PCRE
dependency.

This patch has been submitted upstream [1].

Fixes:
  http://autobuild.buildroot.net/results/bc7/bc7458b97a88785653845afd30fe9d5f3a69905b/build-end.log

[1] http://mailman.nginx.org/pipermail/nginx-devel/2017-July/010308.html

Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-14 15:04:52 +02:00
Martin Bark
476ccdb3e4 package/nodejs: security bump to version 8.1.4
Fixes CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet was
crafted in a particular way.  This patch checks that there is enough data
for the required elements of an NAPTR record (2 int16, 3 bytes for string
lengths) before processing a record.

See https://nodejs.org/en/blog/release/v8.1.4/

[Peter: add CVE info]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-13 22:54:53 +02:00