Fixes:
CVE-2014-1492 - The cert_TestHostName function in lib/certdb/certdb.c in
the certificate-checking implementation in Mozilla Network Security
Services (NSS) before 3.16 accepts a wildcard character that is embedded
in an internationalized domain name's U-label, which might allow
man-in-the-middle attackers to spoof SSL servers via a crafted
certificate.
CVE-2014-1491 - Mozilla Network Security Services (NSS) before 3.15.4,
as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,
Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does
not properly restrict public values in Diffie-Hellman key exchanges,
which makes it easier for remote attackers to bypass cryptographic
protection mechanisms in ticket handling by leveraging use of a certain
value.
CVE-2014-1490 - Race condition in libssl in Mozilla Network Security
Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0,
Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before
2.24, and other products, allows remote attackers to cause a denial of
service (use-after-free) or possibly have unspecified other impact via
vectors involving a resumption handshake that triggers incorrect
replacement of a session ticket.
CVE-2013-1740 - The ssl_Do1stHandshake function in sslsecur.c in libssl
in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS
False Start feature is enabled, allows man-in-the-middle attackers to
spoof SSL servers by using an arbitrary X.509 certificate during certain
handshake traffic.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2014-1545 - Mozilla Netscape Portable Runtime (NSPR) before
4.10.6 allows remote attackers to execute arbitrary code or cause a
denial of service (out-of-bounds write) via vectors involving the
sprintf and console functions.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It's there for some historical reason and breaks libpcap with dbus
support for static linkage scenarios (like the one used by tcpreplay).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for the Lego Mindstorms EV3 programmable brick.
The Lego Mindstorms EV3 brick comprises a Texas Instruments AM1808 SoC, with
an ARM 926EJ-S main processor running at 300 MHz.
https://en.wikipedia.org/wiki/Lego_Mindstorms_EV3
This configuration uses the Linux kernel of the ev3dev project.
https://github.com/mindboards/ev3sources
More info is available in the board/lego/ev3/readme.txt file, shamelessly
documented in the same way as the SoCkit folks did.
[Peter: lock kernel headers to match]
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All of the new toolchain requirements (ipv6, threads, rpc) aren't
actually new - this package failed to build for ages, it just wasn't
picked up by the autobuilders because the main Makefile just doesn't
care about bailing out properly.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: check for avahi-daemon, not just the base avahi package]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump knock to version 0.7 and switch away from a git snapshot, it's
nicer and avoids the need to autoreconf.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream removed support for libxml2 as xml backend, select expat
unconditionally.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Unfortunately the gitorious page/wiki says nothing useful so use the
elinux.org page for now.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove ADI toolchain 2012R1 package kludges since that version is gone
since the last bump.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2014-1684: The ASF_ReadObject_file_properties function in
modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media
Player before 2.1.3 allows remote attackers to cause a denial of service
(divide-by-zero error and crash) via a zero minimum and maximum data
packet size in an ASF file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also make the menu entry less melodramatic.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently we configure uClibc to use kernel headers from "staging" folder with
KERNEL_HEADERS="$(STAGING_DIR)/usr/include". This path is added to include
search path of uClibc build system in Rules.mak "CFLAGS += -I$(KERNEL_HEADERS)".
At the same time on uClibc installation to "staging" we point to the same
location "$(STAGING_DIR)/usr" (headers effectively go in "usr/include").
So after every installation to "staging" dependences get touched (even though we
copy the same headers every time) and so we may see lots of sources in uClibc
get rebuilt.
This has 2 consequences:
1. Longer build time - becase even on ordinary buildroot build uClibc is built
twice. On "uclibc building" and on "uclibc installation to target".
2. Symbols in libuClibc built initially (that is later installed in
"staging/sysroot") are situated with different offset compared to second build
(later copied in "target"). This happens because as described above only part
of sources get rebuilt and then on final linkage object files are linked in
different order.
And (2) leads to problems on remote rebugging: gdbserver reports offsets that
correspond to pointless assembly in libuClibc on host.
Here's how it looks like.
Before this patch:
$ cd ~/br2_output/i586/target/lib
$ i586-buildroot-linux-uclibc-readelf -s libuClibc-0.9.33.2.so | grep kill
423: 0000c42c 54 FUNC GLOBAL DEFAULT 7 kill
$ cd ~/br2_output/i586/staging/lib
$ i586-buildroot-linux-uclibc-readelf -s libuClibc-0.9.33.2.so | grep kill
423: 0000b518 54 FUNC GLOBAL DEFAULT 7 kill
After this patch:
$ cd ~/br2_output/i586/target/lib
$ i586-buildroot-linux-uclibc-readelf -s libuClibc-0.9.33.2.so | grep kill
423: 0000b518 54 FUNC GLOBAL DEFAULT 7 kill
$ cd ~/br2_output/i586/staging/lib
$ i586-buildroot-linux-uclibc-readelf -s libuClibc-0.9.33.2.so | grep kill
423: 0000b518 54 FUNC GLOBAL DEFAULT 7 kill
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Noam Camus <noamc@ezchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The fltk buildsystem no longer tries to strip binaries during installation,
so these can be dropped.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
