Commit Graph

35479 Commits

Author SHA1 Message Date
Gonçalo Salazar
eddaf1f00e mosh: add notes to clarify runtime issues
Added notes to the mosh package help to clarify some runtime
issues related with it to ensure mosh will work properly after adding it.
This includes adding a proper LOCALE and an extra flag when using
mosh with dropbear.

Signed-off-by: Gonçalo Salazar <glbsalazar@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-30 08:59:45 +02:00
Peter Korsgaard
9e9dee2534 mosquitto: security bump to version 1.4.12
Fixes CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set
their username/client id to ‘#’ or ‘+’.  This allows locally or remotely
connected clients to access MQTT topics that they do have the rights to.
The same issue may be present in third party authentication/access control
plugins for Mosquitto.

For more details, see:
https://mosquitto.org/2017/05/security-advisory-cve-2017-7650/

Remove 0001-Remove-lanl-when-WITH_ADNS-is-unset.patch as that patch is now
upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-30 08:58:28 +02:00
Baruch Siach
27e0626e99 elfutils: security bump to version 0.169
Fixes a number of security issues: CVE-2017-7607, CVE-2017-7608,
CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613.

Rebase patches, and convert to git format.

Remove --disable-werror; unrecognized configure option.

Use upstream provided hash.

Cc: Stefan Fröberg <stefan.froberg@petroprogram.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 23:53:47 +02:00
Alistair Francis
92c1b8132d package/xen: add dependency on host-acpica
This commit adds a dependency on the host ACPICA package as Xen tools
require iasl to build.

Fixes:

  http://autobuild.buildroot.net/results/afa199864d6b546fe759bb582a9c10702ea7fa78/

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Acked-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas: tweak commit log, add autobuilder reference.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 23:49:40 +02:00
Alistair Francis
bd6ec23ed3 package/acpica: add host package
Add support to build the ACPICA package for the host. This is useful
for the iasl command which is required to build some packages,
including Xen tools.

This is a necessary requirement before changing the Xen package to
address:

  http://autobuild.buildroot.net/results/afa199864d6b546fe759bb582a9c10702ea7fa78/

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Acked-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas: use PREFIX= and not DESTDIR= for host installation, tweak
commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 23:47:38 +02:00
Thomas Petazzoni
2d9f199061 ffmpeg: do not build on m68k coldfire
m68k coldfire causes ffmpeg to think atomic intrinsics are available,
so ffmpeg doesn't use its fallback on pthreads based atomic
operations. However, m68k coldfire doesn't provide properly working
sync 4 atomics, causing a build failure.

Since fixing ffmpeg on m68k coldfire is not really important (who
wants to use ffmpeg on such platform?), we simply disallow the
selection of ffmpeg on this platform.

Alternate approaches have been proposed in the past:

 - Bernd Kuhls proposed in http://patchwork.ozlabs.org/patch/766909/
   to add a dependency on BR2_TOOLCHAIN_HAS_SYNC_4, but this is wrong
   because other architectures that lack sync 4 atomics, such as
   Sparc, can build ffmpeg perfectly fine thanks to the pthreads based
   fallback code.

 - Waldemar Brodkorb proposed in
   https://patchwork.ozlabs.org/patch/756664/ to add an explicit
   option in ffmpeg configure to force the use of pthreads based
   atomics. However, we believe that running ffmpeg on m68k coldfire
   is such an unlikely use case that it isn't worth carrying a patch
   for this.

Fixes:

  http://autobuild.buildroot.net/results/b3e/b3eaaf6d73cd49f5919143aeaa5cbb4d15a7ccc3/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 23:31:51 +02:00
Bernd Kuhls
12687c5c76 package/samba4: security bump to version 4.5.10
Fixes CVE-2017-7494:
https://www.samba.org/samba/history/samba-4.5.10.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 23:17:23 +02:00
Bernd Kuhls
30ed9de2fd package/gnutls: disable for static build
The gnutils code uses __attribute__((constructor)) and
__attribute__((destructor)) to call constructor/desctructor when a
shared library is loaded.
Constructor/desctructor are not used when a static library is used
(except when if -Wl,--whole-archive -lgnutls -Wno-whole-archive is
used, not tested).

Even if gnutls initialization (_gnutls_global_init()) may be
called manually, the gnutls maintainer said it's not supported [1].

"Note that static linking applications with gnutls is not something
 supported. gnutls relies on library constructors and destructors
 which are not loaded when linking statically."

Now the gnutls script warns about static linking [2].

So disable gnutls statically by adding "depends on !BR2_STATIC_LIBS"
at Kconfig level and --disable-static in GNUTLS_CONF_OPTS.

Fixes:
[taskd] http://autobuild.buildroot.net/results/c2d/c2dd5c1c9dc87d2943c15e58ee56e67d7375368c
[ffmpeg] http://autobuild.buildroot.net/results/892/8926d319d6d1cd1ee72239ad7d9ca869d2355628
[sngrep] http://autobuild.buildroot.net/results/f7f/f7fb42d3742f6f01000a0d181e0c785640284405

[1] https://gitlab.com/gnutls/gnutls/issues/203
[2] 6b74888679

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Romain: merge our two patches together
    add some option comment
    disable static libgnutls.a
    add sngrep autobuilder reference]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: do not disable libgnutls.a]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 22:52:34 +02:00
Romain Naour
557f8d649d package/google-breakpad: use PRE_CONFIGURE hooks to copy linux_syscall_support.h
As reported by Bernd [1], using POST_EXTRACT to copy
linux_syscall_support.h break the legal-info target when
google-breakpad package is selected:

/usr/bin/install: cannot stat '/home/bernd/buildroot/buildroot/output/ost/usr/i586-buildroot-linux-uclibc/sysroot/usr/include/linux_syscall_support.h': No such file or directory

This is because linux_syscall_support.h is installed by a dependency
of google-breakpad, and dependencies are only guaranteed to be
available for the configure step of a package. To fix this, we use a
PRE_CONFIGURE hook instead of POST_EXTRACT hook.

[1] http://lists.busybox.net/pipermail/buildroot/2017-May/192844.html

Reported-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 22:20:07 +02:00
Romain Naour
80ebba2b5a package/firejail: remove broken package
firejail has been marked as broken since 3ad100fdcb

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Chris Frederick <chrisf@cdf123.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 22:16:17 +02:00
Bernd Kuhls
d35b447f09 package/ftop: Fix broken download URL
Also use bz2 tarball and provide md5 & sha256 hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 21:58:37 +02:00
Bernd Kuhls
96f3ae6c24 package/armadillo: fix download URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 21:57:21 +02:00
Bernd Kuhls
3f0cdaad8b package/libev: fix download URL
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 21:53:19 +02:00
Bernd Kuhls
eca61c93d5 package/mxml: fix download URL
The project moved to github, the current download URL is broken:

$ wget -q  http://www.msweet.org/files/project3/mxml-2.10.tar.gz
$ file mxml-2.10.tar.gz
mxml-2.10.tar.gz: HTML document, UTF-8 Unicode text, with very long lines

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 21:51:17 +02:00
Frank Hunleth
01ad3a38d2 erlang: fix check-package help text warnings
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 21:50:10 +02:00
Baruch Siach
e692e1f2b2 ola: remove package
ola does not build with current protobuf. Upstream bug report is still open.

https://github.com/OpenLightingProject/ola/issues/1192

Cc: Dave Skok <blanco.ether@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 21:48:57 +02:00
Bernd Kuhls
8225042e0e package/libmicrohttpd: security bump version to 0.9.55
For details refer to release notes:
http://lists.gnu.org/archive/html/info-gnu/2017-05/msg00014.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 21:48:27 +02:00
Bernd Kuhls
621408e595 package/stella: fix project URLs
The project moved to github: http://stella.sourceforge.net/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 21:46:45 +02:00
Thomas Petazzoni
27d7ef126b DEVELOPERS: remove Andrew Ruder
His e-mail address is bouncing:

<andrew.ruder@elecsyscorp.com>: host mx1-us1.ppe-hosted.com[67.231.154.162]
    said: 550 5.7.1 <andrew.ruder@elecsyscorp.com>: Recipient address rejected:
    User email address is marked as invalid. (in reply to RCPT TO command)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 09:04:29 +02:00
Bernd Kuhls
019ad60567 package/redis: fix static linking with libatomic
Fixes
http://autobuild.buildroot.net/results/7f1/7f1ecccbfdb6bd95824d9c884f1577e71e0e1e09/
http://autobuild.buildroot.net/results/c0b/c0b1bdcc5fbddf8b996b923015184d753882d4b8/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas:
 - improve comment to explain the fix
 - remove useless LDFLAGS related code]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-28 16:26:56 +02:00
Bernd Kuhls
db55de2b42 package/flashrom: security bump to version 0.9.9
Fixes buffer overflow:
https://mail.coreboot.org/pipermail/flashrom/2016-March/014523.html

Removed patch 0002-sys-io.h.patch, not needed anymore, hwaccess.h now
contains a similar fix:

  elif defined(__linux__) || defined(__GLIBC__)

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-28 16:14:16 +02:00
Bernd Kuhls
4f9190f14e package/kodi: security bump to version 17.3
Release notes:
https://kodi.tv/article/kodi-v173-minor-bug-fix-and-security-release

"Fix possible security flaw which could abused .zip files which try to
 traverse to a parent directory"

For details about the security bug refer to
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-28 15:45:20 +02:00
Romain Naour
0e42273072 package/openpowerlink: use pcap-config to fix static linking with libpcap
When linking demo_mn_console statically with pcap, the CMake build
system forget to link with other libraries linked with libpcap
(-lnl-genl-3 -lnl-3 -ldbus-1 -pthread).

[100%] Linking C executable demo_mn_console
lib64/libpcap.a(pcap-linux.o): In function nl80211_init': pcap-linux.c:(.text+0x41e): undefined reference tonl_socket_alloc'

To fix this, the build system could use pcap-config:
pcap-config --libs --static
-L/path/to/sysroot/usr/lib -lpcap -L/path/to/sysroot/usr/lib/.libs
-lnl-genl-3 -lnl-3 -L/path/to/sysroot/usr/lib -ldbus-1 -pthread

Also don't use getopt() from contrib directory to avoid a clash with
libc definition.

Fixes:
http://autobuild.buildroot.net/results/f43/f437d09ac6c689c911e1885b95da33b692f2cb3c
http://autobuild.buildroot.net/results/385/3859dc0f4de7e3284a96d5841f040f69f71842df
https://github.com/OpenAutomationTechnologies/openPOWERLINK_V2/issues/187

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-28 15:24:25 +02:00
Bernd Kuhls
a7777eecd4 package/audiofile: Fix static linking with libsndfile
Fixes mpd:
http://autobuild.buildroot.net/results/799/7997ccd698f03885f98d00bd150dc3a578e4b161/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-28 15:23:54 +02:00
Bernd Kuhls
a2ad9cf71d package/audiofile: add security fix
Fixes CVE-2015-7747

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-28 15:08:26 +02:00
Luca Ceresoli
ad79bb5085 support/testing: rename variables for readability
The 'lines' variable is overwritten with its own fields. Thus it
contains a line first, and then a list of fields -- it never contains
'lines'.

Use two different variables named 'line' and 'fields' to make the code
more readable.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Acked-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-28 14:54:43 +02:00
Luca Ceresoli
cfecdfadc1 support/testing: fs/ext: add a negative test for the "extent" feature
We only have a positive test for it, in ext4. Let's have a negative
one as well.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-28 14:48:08 +02:00
Adam Duskett
e0a7876691 DEVELOPERS: add selinux packages under Adam Duskett
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-27 17:24:17 +02:00
Romain Naour
6ddab6c28e package/dhcp: create tmpfiles.d directory
dhcp.mk tries to create dhcp.conf in a non-existant directory.

Fixes:
http://autobuild.buildroot.net/results/40e/40e48f74b586ce380766cf31473932e43090671e

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-27 17:18:20 +02:00
Bernd Kuhls
da5816561b package/popt: fix libiconv dependency
Make sure that libiconv is built before popt when needed.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-27 17:17:47 +02:00
Bernd Kuhls
cbf2b6e3db package/opencv: fix build with old glibc versions
Prior to glibc 2.18, definitions like SIZE_MAX or INT_FAST32_MAX from
<stdint.h> were only made available for C code, or in C++ if
__STDC_LIMIT_MACROS was defined.

The code from jasper uses such definitions, without defining
__STDC_LIMIT_MACROS. Unfortunately, defining __STDC_LIMIT_MACROS in
the jasper headers doesn't work, since <stdint.h> has already been
included before, at a point where __STDC_LIMIT_MACROS was not defined.

So to solve this problem, we simply pass -D__STDC_LIMIT_MACROS in
CXXFLAGS when building opencv with jasper support.

This patch uses the same solution used for libraw:
https://git.buildroot.net/buildroot/commit/package/libraw?id=d246cf5fd01bb0d20a0e64194ffed514ea8dd0aa

Fixes:
http://autobuild.buildroot.net/results/095/095f7574afdb633c59a625cd063de03644b6d3a7/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-27 17:16:06 +02:00
Bernd Kuhls
e1404d5b4e package/libv4l: fix udev configure options
AC_ARG_WITH([libudev] was removed in version 1.12.0:
https://git.linuxtv.org/v4l-utils.git/commit/configure.ac?id=3aba7817cd1994e6da00651114368db8171eabcc

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-27 17:15:18 +02:00
Ilias Apalodimas
d01b0bbad0 keepalived: needs headers >= 3.4
keepalived fails to build on toolchains with headers older than 3.4,
because of a namespace clash between the xt_set.h header from the
kernel and the linux_ip_set.h header installed by ipset.

Even though keepalived does check for pre-3.4 headers, the check
somehow fails to work correctly.

We fix that by making keepalived depend on headers 3.4 or later.

Fixes:
http://autobuild.buildroot.org/results/770/770d8fd2f3bacbdbe233da1b4d6e64e20a84d5a5/
http://autobuild.buildroot.org/results/1ad/1adb710b915427f681eae37452a0942833ce533e/
http://autobuild.buildroot.org/results/70b/70b31547e51ec7213372d2ef07bec34c5df77560/
[...]

Signed-off-by: Ilias Apalodimas <apalos@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-27 17:10:21 +02:00
Bernd Kuhls
9b853b7844 linux: bump default version to 4.11.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-26 15:10:22 +02:00
Bernd Kuhls
f19a4433d4 linux-headers: bump 4.{4, 9, 11}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-26 15:10:02 +02:00
Alexey Brodkin
2c1d080c2d Revert "libcdio: disable on ARC, triggers a toolchain bug"
This reverts commit 459f7302df.

libcdio building is fixed for ARC in
2b360bd547 "gcc: arc-2017.03-rc2: Fix "unrecognized supposed constant" error"

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-25 15:54:24 +02:00
Alexey Brodkin
a71fb422ba gcc: arc: add patch to fix tst_movb pattern
Fixes building of quagga [1]:

------------------------------>8---------------------------
839:1: error: unrecognizable insn:
 }
 ^
(insn 183 24 26 4 (set (reg:CC_ZN 61 cc)
        (and:SI (reg:SI 0 r0 [orig:192 _12->id.s_addr ] [192])
            (const_int -256 [0xffffffffffffff00]))) ospf_ri.c:790 -1
     (nil))
ospf_ri.c:839:1: internal compiler error: in extract_insn, at recog.c:2287
------------------------------>8---------------------------

[1] http://autobuild.buildroot.net/results/3c1/3c12c4609d4a77ab8ccd3ea94840884d70520efai

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-25 15:25:38 +02:00
Alexey Brodkin
0ade154f23 toolchain: Bump ARC tools to arc-2017.03 release
This commit finally bumps ARC toolchain to arc-2017.03 release.
More info on this release could be found here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2017.03

Note mentioned above web-page is not yet populated but should be very soon.
As a safe fall-back interested could refer to RC2 page here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2017.03-rc2

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-25 15:20:34 +02:00
Matt Weber
6bc8de6f9d DEVELOPERS: Remove Niranjan Reddy from cgroupfs-mount
He can re-add with a new email if he wants, but his
current Rockwell email will bounce.

Signed-off-by: Matt Weber <matt@thewebers.ws>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-24 15:49:09 +02:00
Dustin Johnson
675101b0fe mono: remove copy of host etc files on install
When the mono package is installed, the autotools installer installs
the /etc/mono files to the target. A post_install hook then copies
over the mono libraries to the target as well as the host /etc/mono
files which overrides the target files. The target specific mono
configuration file (/etc/mono/config) is overridden with the host
settings. This causes mono on the target to be unable to locate target
specific .so files as it overrides the changes enacted by the patches
for the package.

Signed-off-by: Dustin Johnson <dustin.r.johnson@gmail.com>
Tested-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Reviewed-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Acked-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-23 16:28:25 +02:00
Thomas Petazzoni
556434fb83 libepoxy: make EGL support optional
This commit adds a patch to the libepoxy package to make the EGL
support optional, which allows libepoxy to build with a pure OpenGL
Mesa3D configuration (i.e without EGL/OpenGLES).

Fixes:

  http://autobuild.buildroot.net/results/88774af2845e17cab021a72c8f3171fe30b3a1ff/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-23 15:43:02 +02:00
Baruch Siach
fa397537bb toolchain: disable PIE for static build with musl
As mentioned in commit 3c93901bcd (toolchain: add hidden symbol for PIE
support), support for static PIE using musl requires a gcc patch[1]. Buildroot
doesn't carry this patch. Don't enable BR2_TOOLCHAIN_SUPPORTS_PIE in static
build with musl.

Fixes:
http://autobuild.buildroot.net/results/d19/d19bcfcfb33cc5f5b082b97bbd5852d479823b97/
http://autobuild.buildroot.net/results/91f/91f7c6954c337b03f5ac141050d9b1bee1623376/
http://autobuild.buildroot.net/results/996/996116da9241686110b9525eed08cc5acfd379a6/

[1] b854a42fc1/patches/gcc-6.3.0/0010-static-pie-support.diff

Acked-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-23 15:36:08 +02:00
Bernd Kuhls
a396b3ab1e package/c-icap: fix bzip2 configure option
The configure option controlling bzip2 support got its current name in
2012 with its initial commit:

https://sourceforge.net/p/c-icap/code/890/#diff-2

This patch fixes the configure warning:

configure: WARNING: unrecognized options: [...] --without-bzip2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-22 21:55:10 +02:00
Bernd Kuhls
3d1234dab8 package/c-icap: fix berkeleydb configure option
The configure option controlling berkeleydb support got its current
name in 2009: https://sourceforge.net/p/c-icap/code/322/

This patch fixes a configure warning:

configure: WARNING: unrecognized options: [...] --without-berkeleydb, [...]

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-22 21:55:10 +02:00
Bernd Kuhls
3c54b7086f package/python-enum34: change setup type to setuptools
With version 1.1.3 the project switched to setuptools:
589b4f9d2e

Fixes
http://autobuild.buildroot.net/results/cb6/cb678ca9e57382a876f3f6034a47a4e2c59bc8d0/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-22 11:12:02 +02:00
Peter Korsgaard
a0c4cf0f96 libminiupnpc: add upstream security fix for CVE-2017-8798
CVE-2017-8798: Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221
through v2.0 allows remote attackers to cause a denial of service or
possibly have unspecified other impact.

For more details including a PoC, see:
https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-22 00:00:13 +02:00
Ryan Coe
e6213e8ee6 mariadb: security bump to version 10.1.23
Fixes:

CVE-2017-3302 - Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and
5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29,
10.1.x through 10.1.21, and 10.2.x through 10.2.3.

CVE-2017-3313 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: MyISAM). Supported versions that are affected are
5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to
exploit vulnerability allows low privileged attacker with logon to the
infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized access
to critical data or complete access to all MySQL Server accessible data.

CVE-2017-3308 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are 5.5.54
and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. While the vulnerability is
in MySQL Server, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server.

CVE-2017-3309 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily
"exploitable" vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server. While the
vulnerability is in MySQL Server, attacks may significantly impact
additional products. Successful attacks of this vulnerability can result
in unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2017-3453 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily
"exploitable" vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2017-3456 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are 5.5.54
and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2017-3464 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.5.54
and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Server accessible data.

And a number of important, but non-security related fixes:

MDEV-12602: Fixed some race conditions in InnoDB encryption

MariaDB Backup alpha introduced

Galera wsrep library updated to 25.3.20

For details, see the release notes:
https://mariadb.com/kb/en/mariadb/mariadb-10123-release-notes/

[Peter: drop COPYING.LESSER and add a reference to the bugtracker issue
	explaining why]
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-21 23:55:38 +02:00
Peter Korsgaard
8644a83bd8 dropbear: security bump to version 2017.75
Fixes:

- CVE-2017-9078: A double-free in the server could be triggered by an
  authenticated user if dropbear is running with -a (Allow connections to
  forwarded ports from any host) This could potentially allow arbitrary code
  execution as root by an authenticated user.  Affects versions 2013.56 to
  2016.74.  Thanks to Mark Shepard for reporting the crash.

- CVE-2017-9079: Dropbear parsed authorized_keys as root, even if it were a
  symlink.  The fix is to switch to user permissions when opening
  authorized_keys.
  A user could symlink their ~/.ssh/authorized_keys to a root-owned file
  they couldn't normally read.  If they managed to get that file to contain
  valid authorized_keys with command= options it might be possible to read
  other contents of that file.  This information disclosure is to an already
  authenticated user.  Thanks to Jann Horn of Google Project Zero for
  reporting this.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-21 23:32:16 +02:00
Peter Korsgaard
8213190bfa linux: bump default version to 4.11.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-21 23:32:10 +02:00
Peter Korsgaard
daf1c35025 linux-headers: bump 4.{4, 9, 10, 11}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-21 23:32:02 +02:00