Fixes:
CVE-2015-8126 - incorrect implementation of png_set_PLTE() that uses
png_ptr not info_ptr, that left png_set_PLTE() open to this vuln.
(fix in previous release was incomplete)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 371e2f7f3c)
Fixes:
CVE-2015-3193 - BN_mod_exp may produce incorrect results on x86_64
CVE-2015-3194 - Certificate verify crash with missing PSS parameter
CVE-2015-3195 - X509_ATTRIBUTE memory leak
Enable IDEA as well since otherwise the build breaks (always great
upstream) - it's no longer patent encumbered.
[Peter: correct sha256]
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e9fb14ecef)
0002-unzip.patch was added in 69516e0 to fix a segmentation fault in the
gunzip applet. However, it introduced a new issue that made the unzipping
of some files fail.
Add an upstream patch that fixes this new issue.
Fixes#8501.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Jason Rush <rush0033@hotmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 63fdab6b4f)
gawk has an optional dependency on mpfr (and thus gmp) and readline,
and will probe for them. If they are present, they are used; if they
are missing, that's not an error. mpfr (and gmp) is used for "BIGNUM"
support on gawk; readline is used by the gawk debugger.
However, mpfr (bringing gmp) are also host-packages in Buildroot, but in
the standard build order (i.e. a plain 'make'), they are built after
gawk. Ditto readline (from ncurses).
If the user has the development files for gmp and mpfr, then gawk is
linked to them. Ditto readline.
Now, further on in the build, we build gmp and mpfr (for gcci or guile),
so we install them in the host dir. Ditto readline (for gdb, ncurses
itself and a few other packages...)
But because we forcibly set an RPATH tag on all our host binaries, our
host gawk will now dynamically link with our versions, when it was in
fact built against the host ones.
This did not seem to cause any harm so far, but is far from ideal.
Since we do not really need BIGNUM or the debugger in our host gawk, we
just forcibly disable them and configure gawk without readline or mpfr
(there's no switch for gmp, but it's not a direct dependency, it comes
just with mpfr).
[Adjust comment as suggested by Thomas/Yann]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fc08a57305)
Despite the comment saying so, the trailing '/' in the host directory is
not removed. Note however that it is properly removed from extracted
RPATH tags.
This is not visible when the host directory is our default $(O)/host
location, but breaks for user-supplied external host directory, when
the user leaves a trailing slash in the path.
Fix that.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f42e262199)
Building conntrack-tools with kernel headers >= 4.2 + musl fails due to
a well-known symbol clash that occurs when userspace and kernel headers
are included simultaneously (see [1], question 7, for details).
In the case of conntrack-tools, the inclusion of both 'netinet/in.h' and
'linux/in.h' occurs inside the C helper files (src/helpers/*.c)
indirectly via e.g. 'libnetfilter_conntrack/libnetfilter_conntrack.h',
which itself includes 'netinet/in.h', and 'linux/netfilter.h', which
includes 'linux/in.h' in kernel headers >= 4.2.
The approach to solving this type of conflict with musl usually involves
removing the inclusion of kernel headers or refactoring the code so as
to avoid the mentioned simultaneous inclusion. This is unfortunately
non-trivial in the case of conntrack-tools since the clashing headers
get included indirectly by headers that are strictly necessary (because
of definitions used in some helper callbacks).
Work around the issue by defining __GLIBC__ when musl is used. This
eliminates the conflicts as the kernel headers avoid redefining certain
symbols when they see __GLIBC__ defined (linux/libc-compat.h). Note that
other glibc-compatible libraries, like uClibc, already do that
internally.
Fixes:
http://autobuild.buildroot.net/results/66e/66ec247fa0fc385bef8d2084c65bf5cad3a8e8ca/http://autobuild.buildroot.net/results/624/624a0d48decd819eb58cbb3c58ee904b87ebfb21/
[1] http://wiki.musl-libc.org/wiki/FAQ
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#8491
glib/valgrind.h contains inline asm not compatible with thumb1, so build it
in arm mode:
CC libglib_2_0_la-gstringchunk.lo
/tmp/ccSVEXME.s: Assembler messages:
/tmp/ccSVEXME.s:587: Error: shifts in CMP/MOV instructions are only supported
in unified syntax -- `mov r12,r12,ror#3'
/tmp/ccSVEXME.s:587: Error: shifts in CMP/MOV instructions are only supported
in unified syntax -- `mov r12,r12,ror#13'
/tmp/ccSVEXME.s:588: Error: shifts in CMP/MOV instructions are only supported
in unified syntax -- `mov r12,r12,ror#29'
/tmp/ccSVEXME.s:588: Error: shifts in CMP/MOV instructions are only supported
in unified syntax -- `mov r12,r12,ror#19'
/tmp/ccSVEXME.s:589: Error: lo register required -- `orr r10,r10,r10'
Makefile:2087: recipe for target 'libglib_2_0_la-gslice.lo' failed
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the target uses a merged /usr setup, gdbserver will only report
paths in /lib to the remote gdb, which in turn will only look for
libraries in staging/lib and never in staging/usr/lib.
So. the merged (or non-merged) /usr setup must be replicated in the
staging.
The best solution where to do so is in the skeleton package, since it
is guaranteed to come before any package that installs things in the
staging, and even before the (internal or external) toolchain as well.
Reported-by: Pieterjan Camerlynck <pieterjan.camerlynck@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Pieterjan Camerlynck <pieterjan.camerlynck@gmail.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
currently, we only make the merged symlinks or non-merged mkdirs in the
target directory. This is fine, as long as one does not run gdb.
However, as soon as one wants to run gdbserver on the target,
gdb will only search for libraries in /lib in the sysroot.
In preparation for a patch to fix that, make the symlink-or-mkdir macro
a function that takes as parameter the base directory where to create
symlinks or mkdir in.
Move the function declarations out of the custom/non-custom skeleton
conditional block, so they are always available.
Reported-by: Pieterjan Camerlynck <pieterjan.camerlynck@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Pieterjan Camerlynck <pieterjan.camerlynck@gmail.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a force-reload operation that restarts minidlnad and makes it
rebuild its database. This is what Debian does, and this is useful when
media_dir is changed in the configuration file or when inotify can not
detect changes inside the media directories (e.g. in case of a mount).
Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As noticed by Peter Korsgaard, all the links to links.html are broken,
they should point to support.html instead.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The ./configure script is not up-to-date with what is in configure.ac,
which prevents --with-ssh from working properly.
So, we autoreconfigure autossh, which fixes the issue.
Note however that this is not really an autotools package, since it only
uses autoconf and not automake. However, making it a generic pacakge is
not trivial, since autossh really wants config.h as generated by
./configure. Using the autotools infra in this case helps us easily
autoreconfiguring without to manual depend on all the autotools-relates
host packages.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When building with musl, the build fails with a conflicting type
qualifier error.
This is because musl defines stdout and stderr as const pointers
and RaspiVidYUV.c adds an extern declaration as normal pointers.
Since this declaration already comes in on the header (stdio.h),
there is no need to add an extern declaration, so removes it.
Fixes:
http://autobuild.buildroot.net/results/27bd6f32cecdb4e7c95247c1feaf2732c1d8e3fa
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/c34/c343c68d3e0dae4a7ecd59693298a9622bc56662/
Is not yet supported and the compilation will fail like this:
[ 4%] Building C object library/CMakeFiles/polarssl.dir/bignum.c.o
/tmp/ccLDxl9G.s: Assembler messages:
/tmp/ccLDxl9G.s:92: Error: opcode not supported on this processor:
mips32r6 (mips32r6) `multu $13,$14'
/tmp/ccLDxl9G.s:93: Error: opcode not supported on this processor:
mips32r6 (mips32r6) `addi $10,$10,4'
/tmp/ccLDxl9G.s:94: Error: opcode not supported on this processor:
mips32r6 (mips32r6) `mflo $14'
/tmp/ccLDxl9G.s:95: Error: opcode not supported on this processor:
mips32r6 (mips32r6) `mfhi $9'
[...]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This got removed with the addition of the new website, but it is used by the
manual so it no longer builds.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gstreamer can optionally build against libxml2, so account for it in
the dependencies.
Functionality seems somewhat reduced without it, an example being
misdetecting subtitle (.srt) files as subrip mime type instead of
subtitle itself.
A failed scenario would be:
$ gst-typefind-0.10 some.srt
some.srt - application/x-subrip
When built with libxml2:
$ gst-typefind-0.10 some.srt
some.srt - application/x-subtitle
This doesn't affect gstreamer 1.x since it dropped any use of libxml2.
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It is general safe to use -fPIC for all architectures.
-fpic breaks sparc64 compile.
Generally gcc just optimize position independent code
for m68k, powerpc and sparc with -fpic.
The size differences are minimal, f.e. for powerpc:
text data bss dec hex filename
235983 5336 684 242003 3b153 output/target/usr/lib/libjim.0.75
236255 8456 684 245395 3be93 output/target/usr/lib/libjim.so.0.75
So instead of keeping special settings for sparc64 it would be better
to always use -fPIC in general.
Runtime tested on Qemu ARM, MIPS, PPC and SPARC64.
Fixes:
http://autobuild.buildroot.net/results/98f391ad13f22828c022f185c0166daabdb4c1ad/
[Peter: tweak comment as suggested by Thomas]
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
