Fixed CVEs:
- CVE-2016-9387
- CVE-2016-9388
- CVE-2016-9389
- CVE-2016-9390
- CVE-2016-9391
- CVE-2016-9392
- CVE-2016-9393
- CVE-2016-9394
- CVE-2016-9395
- CVE-2016-9396
- CVE-2016-9397
- CVE-2016-9398
- CVE-2016-9399
- CVE-2016-9557
- CVE-2016-9560
Changes to jasper.mk:
- Switched site method to GitHub. 1.900.31 is not released as a tarball
in the official website.
- Autoreconf necessary since there isn't any configure script. We need
to generate it.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport 2 patches from upstream (from 3.18-rc1) for gcc 5.x support and a
patch from Marco Franceschetti (https://github.com/vonfritz/kernel/) to fix
gcc 5.x compat issues in the bsp wifi drivers.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ntpq and ntpdc may depends on libedit and libcap.
$ arm-linux-readelf -d ./usr/bin/ntpdc | grep NEEDED
0x00000001 (NEEDED) Shared library: [libcap.so.2]
0x00000001 (NEEDED) Shared library: [libm.so.6]
0x00000001 (NEEDED) Shared library: [libedit.so.0]
0x00000001 (NEEDED) Shared library: [libncursesw.so.6]
0x00000001 (NEEDED) Shared library: [libssl.so.1.0.0]
0x00000001 (NEEDED) Shared library: [libcrypto.so.1.0.0]
0x00000001 (NEEDED) Shared library: [libpthread.so.0]
0x00000001 (NEEDED) Shared library: [libc.so.6]
However, build order with these libraries is not defined.
In order to keep things simple, we enforce build order even if ntpq/ntpdc are
not selected.
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
[Thomas: use --without-lineeditlibs.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As detailed by Chris Evans, the flic decoder contains a buffer overflow which
can be exploited to cause arbitrary code execution as the user running
gstreamer:
https://scarybeastsecurity.blogspot.be/2016/11/0day-exploit-advancing-exploitation.html
Fixes CVE-2016-9634, CVE-2016-9635 and CVE-2016-9636.
add the upstream patches to fix this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2016-9556 (Heap buffer overflow in IsPixelGray).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested with a boot in Qemu (g3beige).
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Kernel 4.8.11 brings commit 5f95e68daae397 ("clk: imx: fix integer overflow
in AV PLL round rate"), which fixes a PLL calculation bug, so bump to this
version.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 8035ceb56c.
Moving to pseudo brought a number of issues (and longer compilation time),
so lets stick with fakeroot now that the reported ubi issue has been worked
around.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#9386
GNU sed -i misbehaves on systems with SELinux enabled, as it tries to copy
to the SELinux security context (xattr) from the source file to to the new
destination file, which fails under fakeroot and leaves the file with 000
permissions, causing ubinize to fail when it cannot read to configuration
file.
So as a workaround, combine the install and tweak steps in a single
sed with a redirect to the destination file instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gcc 4.7 introduced the sync_8 builtin functions for ARM. For ARM < v7,
this requires calling into the kernel. However, the failure path of
that call reports an error with the __write() function, which is a
glibc internal function. Therefore, it fails to link with uClibc or
musl. This was fixed in gcc 5.2.0, by replacing the __write() with
a plain write().
For sync_8 itself we have solved this with the conditions on
BR2_TOOLCHAIN_ARM_HAS_SYNC_8. However, the same function is also used
for the implementation of atomics.
For the internal toolchain, we can fix this by backporting the patch
to 4.9.4 and 4.8.5.
Fixes:
http://autobuild.buildroot.net/results/1db64b4830f499621e44523e0ef68191505e2ce9
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Chrony has the ability to support PPS. Its enablement is determined
primarily from the existence of `sys/timepps.h`. This file is provided
from the pps-tools package. Adjusting Chrony's Makefile to depend on the
pps-tools package if a developer has included pps-tools as part of a
build. Relates to 2cfc966f43.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libuuid depends on libintl in specific scenarios, but since taskd wasn't
using pkg-config to detect libuuid, this dependency on libintl was not
taken into account. This commit adds a patch to taskd that uses
pkg-config to detect libuuid.
Fixes:
http://autobuild.buildroot.net/results/cb5ea871812651025722d42508d4f37702088800/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
host-python3 currently detect if there is an usable OpenSSL installation
and conditionnaly compiles the 'ssl', '_ssl' and '_hashlib' modules.
This may break compilation if the system's OpenSSL has been updated to
1.1.0 because of a bug in python, see https://bugs.python.org/issue26470
for details.
Unlike Python 2.7, Python 3 unconditionnaly compiles fallbacks for
common hash algorithm, so disabling OpenSSL will still leave Python 3
with implementations of common hash algorithm.
This adds a patch to configure.ac patch to implement a --disable-openssl
option.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Tested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Instead of creating our own .pc file with a patch, just tell qmake to
do it by adding create_pc to CONFIG.
This corrects the .pc file for Qt5. Previously, the include directory
was set to /usr/include, while for Qt5 it should be /usr/include/qt5.
This hasn't caused any autobuild failures since no other package uses
qextserialport.
Note, however, that the package is now called Qt5ExtSerialPort in Qt5,
while before it was qextserialport like in the Qt4 case.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When building C++ parts of gpsd (for example Qt bindings) with gcc 6.x following
failure happens, see [1]:
------------------------------>8-------------------------------
<command-line>:0:0: warning: "_LARGEFILE_SOURCE" redefined
<command-line>:0:0: note: this is the location of the previous definition
In file included from clock_gettime.c:10:0:
compiler.h: In function 'void memory_barrier()':
compiler.h:93:25: error: 'memory_order_seq_cst' was not declared in this scope
atomic_thread_fence(memory_order_seq_cst);
^~~~~~~~~~~~~~~~~~~~
compiler.h:93:25: note: suggested alternative:
In file included from .../output/host/usr/arc-buildroot-linux-uclibc/include/c++/6.2.1/atomic:41:0,
from compiler.h:75,
from clock_gettime.c:10:
.../output/host/usr/arc-buildroot-linux-uclibc/include/c++/6.2.1/bits/atomic_base.h:62:7: note: 'memory_order_seq_cst'
memory_order_seq_cst
^~~~~~~~~~~~~~~~~~~~
In file included from clock_gettime.c:10:0:
compiler.h:93:45: error: 'atomic_thread_fence' was not declared in this scope
atomic_thread_fence(memory_order_seq_cst);
^
compiler.h:93:45: note: suggested alternative:
In file included from .../output/host/usr/arc-buildroot-linux-uclibc/include/c++/6.2.1/atomic:41:0,
from compiler.h:75,
from clock_gettime.c:10:
.../output/host/usr/arc-buildroot-linux-uclibc/include/c++/6.2.1/bits/atomic_base.h:101:3: note: 'std::atomic_thread_fence'
atomic_thread_fence(memory_order __m) noexcept
^~~~~~~~~~~~~~~~~~~
scons: *** [qt-clock_gettime.os] Error 1
scons: building terminated because of errors.
------------------------------>8-------------------------------
As discussed on gpsd mailng list here [2] the only work-around as of today is to
add "-std=gnu++98" to both CFLAGS and CXXFLAGS which we implement here.
Fixes:
http://autobuild.buildroot.net/results/e8593a8ebf2f05cc93235a8129a2ba8b839d6d90http://autobuild.buildroot.net/results/ff766f4f514c9cb4891873167f4e9b7870051883http://autobuild.buildroot.net/results/1a4/1a4dbd9ee5e0c7255843228731beab030ca005cahttp://autobuild.buildroot.net/results/1a4/1a4dbd9ee5e0c7255843228731beab030ca005ca
and many others, see http://autobuild.buildroot.net/?reason=gpsd-3.16
[1] http://autobuild.buildroot.net/results/e85/e8593a8ebf2f05cc93235a8129a2ba8b839d6d90/build-end.log
[2] http://lists.nongnu.org/archive/html/gpsd-dev/2016-09/msg00082.html
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Sergio Prado <sergio.prado@e-labworks.com>
Cc: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, the br2-external script uses bash-4's associative arrays.
However, some oldish enterprise-class distros like RHEL5 still use
bash-3.1 which lacks associative arrays.
We restore compatibility with those oldish distros using 'eval' to
emulate associative arrays, as suggested by Arnout.
Reported-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Compact casesi patterns don't have a reload version. This causes build
failures of "trousers" package for ARC.
Current patch disables compact casesi patterns for ARCv1 (750D and 770D)
via passing "-mno-compact-casesi" option when compiling "trousers".
This change is a temporary workaround and the feature is going to be
fixed in the next ARC toolchain release version.
Fixes:
http://autobuild.buildroot.org/results/d2c/d2c16d8ba022b070c4dbeba5e7ea41f14d706691//
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The distclean target no longer removes the "output" directory for
in-tree builds, because $(O) is no longer just "output" in that
case. Change the test to be against "$(CURDIR)/output", to match
the O setting, and a similar test elsewhere in the same Makefile.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
gr-fec needs gsl. Without this dependency cmake search gsl in the host system.
This issue produce errors like :
arm-buildroot-linux-uclibcgnueabihf-gcc: ERROR: unsafe header/library path used
in cross-compilation: '-I/usr/include'
make[3]: *** [gr-fec/lib/CMakeFiles/gnuradio-fec.dir/reed-solomon/encode_rs.c.o] Error 1
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
RHEL 5.x does have magic.h, but it does not define all expected symbols.
In particular, the NO_CHECK symbols were only added in file 4.20 and RHEL
5.x is using 4.17. Don't use magic.h and libmagic when building host
package.
Suggested-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
By default, qextserialport will attempt to build a shared library.
qesp_static has to be set in CONFIG to build static. Note that
static+shared is not supported, in that case we just build shared.
The install target commands also have to be gated in that case,
because the *.so files don't exist. For completeness we both set
QEXTSERIALPORT_INSTALL_STAGING to NO and don't define
QEXTSERIALPORT_INSTALL_TARGET_CMDS for static builds, although one
of them would be sufficient.
Fixes:
http://autobuild.buildroot.net/results/c9233ad71fd60d0e6a85731a8bd4e598bd84947a
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
qmake hardcodes the path to the sysroot in the install commands, so
we can't use it for target. But it's perfectly usable for staging.
By using 'make install', we get:
- the extserialport.prf file is installed to the mkspecs directory and
libqextserialport.prl in staging/usr/lib, so qmake can do its magic
and add the necessary compiler options;
- it also works for static build, when *.so files don't exist.
The QExtSerialPort and qextserialport.pc files are created by
Buildroot so they still have to be installed explicitly. Note that
upstream installs in the QtExtSerialPort directory, not QExtSerialPort,
so we follow that decision.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: also adjust 0003-pkgconfig.patch to fix the header path.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Distinguish qt/qt5 by defining QEXTSERIALPORT_QMAKE, like is done e.g.
for quazip.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Kernel 4.8.8 brings commit 235bde1ed3f0ff ("net: fec: Call swap_buffer()
prior to IP header alignment"), which makes Ethernet functional again
on mx28.
Bump to this version.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The wscript checks the following.
'func': check_libs(['atomic'],
check_statement('stdint.h',
'int64_t test = 0;'
'test = __atomic_add_fetch(&test, 1, __ATOMIC_SEQ_CST)')),
and
'func': check_statement('stdint.h',
'int64_t test = 0;'
'__typeof__(test) x = ({int a = 1; a;});'
'test = __sync_add_and_fetch(&test, 1)'),
It fails if neither of these are available.
Fixes
http://autobuild.buildroot.net/results/8c20f719f784af1312294600e39004c1d382368a
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>