Fixes CVE-2014-6272 - integer overflow bugs in evbuffer_add() and
related functions.
Also file hash file (was stale) and switch to sourceforge for a
stable/proper hash.
Patch 0002-Avoid-using-top_srcdir-in-TESTS.patch is upstream so remove.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Quite a number of scripts use xxd, so install it as well.
Install it unconditionally as the size is trivial compared to vim (~10kb vs
~1.5MB).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On machines where xzcat/unxz is not available, we build host-xz. So if
host-xz is itself downloaded as a xz-compressed archive, it doesn't
work. Revert back to a .bz2 archive.
Fixes:
http://autobuild.buildroot.org/results/79e/79ecba46f353546ba60ae86dd3898b4d86c056a0/
(and many similar failures)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Bump version to 1.3.6
- Update the hash value
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
There is no need to have "AUTORECONF = YES" since the patch which
modified the "configure.in" file was removed in the last version bump.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Bump version to 0.161
- Remove the portability patch. We don't need to have it in Buildroot
since it includes the version number so we can download it safely
without having collisions between versions.
- Adapt the patches that need to be adapted.
- Rename patches to start from 0001.
- Update the hash value and add a new value for the portability patch.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Bump version to 4.6.1
-Add a hash file
-Use xz tarball to save space and bandwidth
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Bump version to 5.2.0
-Update hash file
-Use xz tarball instead of bz2 to save space and bandwidth
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It's now a split option with pki and scep, with some other tools being
deprecated upstream so select both when tools was selected to get as
close as possible.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-9221 - denial-of-service vulnerability triggered by an
IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025.
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Make gzip install binaries to / rather than /usr to fix bug #7766, it's
the FHS mandated target.
This also avoids duplicating binaries with busybox when both are
installed.
Also make gzip install after busybox if both are enabled to make the
proper gzip package override any busybox version since it's usually more
lightweight in functionality and slower.
And add a hash file while at it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adding a patch to move AC_CONFIG_AUX_DIR up a few lines so the autotools
can find it.
This patch is based on the same solution adopted by Debian:
https://lists.debian.org/debian-release/2014/11/msg01231.html
This will prevent a build failure like this one caused by a version bump
of the automake package:
configure: error: cannot find install-sh, install.sh, or shtool in "."
"./.." "./../.."
Related:
http://lists.busybox.net/pipermail/buildroot/2015-January/116604.html
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-8148 - If a system service installs unsafe security
policy rules that allow arbitrary method calls then this prevents memory
consumption and possible privilege escalation via
UpdateActivationEnvironment.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2013-7296 - JBIG2Stream::readSegments()" Denial of Service
Vulnerability.
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes many of the reported security audit vulnerabilities:
http://www.openwall.com/lists/oss-security/2014/12/24/1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
http://autobuild.buildroot.org/results/3f0/3f07574e6e4edda9e31fcb0de520a4dbabe6b94a/
[Thomas:
- Improved configure.ac logic, as suggested by Yann E. Morin.
- Added a comment in the .mk file to indicate why we're using
AUTORECONF = YES. Suggested by Yann as well.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We expresely call printf in the git helper, calls which were not
addresed in the previous silent-build patchset.
Just redirect stdout to oblivion when being silent.
Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Tested-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The license is really a 3 clauses BSD license, so let's specify this
in python-django.mk.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- Bump to Django 1.7.2, the latest available version;
- Support Python 3 in addition to Python 2.
- Use a download location from pypi.python.org since the download
location from djangoproject.com didn't work as is and is
impractical to use with Buildroot: the full URL of the tarball is
https://www.djangoproject.com/download/1.7.2/tarball/. I.e, it does
not end with the tarball file name.]
Signed-off-by: oli vogt <oli.vogt.pub01@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Should hopefully fix:
http://autobuild.buildroot.net/results/2cc40ae3fc8b7a287c43528b3e4ffdbcd5033c09/
[Thomas:
- Rename patch to the new naming convention.
- Add SoB line from Alex inside the patch itself.
- Adjust the commit log to contain the reference to the autobuilder
failure.]
Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The comment was missing the dependency on BR2_USE_MMU, and was using
'depends on !BR2_TOOLCHAIN_HAS_THREADS && BR2_STATIC_LIBS' while it
should in fact be '!BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS',
since we want show the comment *either* when we don't have threads
*or* when we are building a purely static lib system.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
For some platforms, hardware-assisted compare-and-swap may not be
available, so libatomic_ops will not provide it.
However, libatomic_ops can provide a purely software CAS emulation, but
must be instructed to do so. erlang just forgot to tell libatomic_ops
that it does require CAS.
Fix that by defining AO_REQUIRE_CAS before including atmoic_ops.h, like
is done in libunwind, as pointed out by Thomas.
Also, erlang has a convoluted, mind-alterating set on aclocal.m4 macros,
that just forgets to link against -latomic_ops when checking CAS is
available, so that even if CAS is available, configure chokes.
Since I would like to keep the little sanity I still have, just force
linking with -latomic_ops. This is useless when the check is natrally
sucessful (i.e. on platforms where CAS is available in HW), but we
would eventually link with -latomic_ops there, too; it's just redundant.
Overall, just consider that erlang requires libatomic_ops, so forcibly
depend on it, it is easier than trying to disable it. We can revisit
that whenever someone wants to run erlang on a platform for which there
is no libatomic_ops support.
Fixes a slew of autobuild ARM failures:
http://autobuild.buildroot.org/results/e7b/e7bfc4893dea6b133f0794ef44d50ad89bcb6662/http://autobuild.buildroot.org/results/3e9/3e9c307f1ec6536482641019dcaa94677f7267a3/http://autobuild.buildroot.org/results/a85/a85ca414e5b67af46510abd7b610eb5ae8661de4/
[...]
[Thomas: fix minor typos in commit log, add dependency on
BR2_PACKAGE_LIBATOMIC_ARCH_SUPPORTS to the Erlang comment about thread
and shared library dependency.]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Do not hard-code QUIET in our download commands, since it is handled in
the backends.
Suggested by Fabio.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
If doing a silent build (make -s -> QUIET=-q), silence all downloads,
by passing the -q flag downward to backends as well as to check-hash.
Change a printf to use the trace functions.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add an option flag to all backends, as well as the check-hash script, so
as to silence download helpers when the user wants a silent build.
Additionaly, make the default be verbose.
Inspired by Fabio's patch on git/svn.
[Thomas: fix a typo "Environemnt" -> "Environment"
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In addition to bumping the version:
- drop license comment from help, we have PKG_LICENSE* for that.
- add optional dependency on libsecret
- remove --without-gnome-keyring option
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes build issues like, observed on a stripped-down build system:
compress.cpp:32:18: fatal error: zlib.h: No such file or directory
#include <zlib.h>
^
compilation terminated.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Change to usenix.org.uk mirror since nluug.nl doesn't seem to mirror
files as quickly and is down at the moment.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
aice sources use fork function, which is only available on architecture
with MMU.
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Some adapters are automatically enabled, but may not be built because of
missing (archecture) dependencies. So, just set the options symetrically.
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Even though technically libselinux could make its <dlfcn.h> include
optional, the build system isn't really suited to build and install
only the static variant of libselinux, so let's make libselinux and
its reverse dependency not available in pure-static environments.
Fixes:
http://autobuild.buildroot.org/results/90d/90dc73980a45b9b0441be3d493b22e3afea3cd6e/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
