Bugfixes:
- CVE-2017-5193: Correct a NULL pointer dereference in the nickcmp function
found by Joseph Bisch (GL#1)
- CVE-2017-5194: Correct an error when receiving invalid nick message (GL#4,
#466)
- CVE-2017-5195: Correct an out of bounds read in certain incomplete control
codes found by Joseph Bisch (GL#2)
- CVE-2017-5196: Correct an out of bounds read in certain incomplete
character sequences found by Hanno Böck and independently by J. Bisch
(GL#3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop upstream patches and related autoreconf.
Re-enable parallel builds to check against the autobuilders.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patch #0002 which was already fixed upstream long time ago in
commit 276a0d9500b8efc879e4f0c23e9d0e361849e295 using a slightly
different approach.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update our patches:
- drop patch 1, replaced by an upstream equivalent; adapt config
options and env accordingly,
- drop patch 2, applied upstream,
- rename patch 3
gdlib-config and net-snmp-config are only used when said support is
enabled (resp. CGI and SNMP), so no need to pass them unconditionally.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security related fixes:
This flaw is caused by loading data from external sources (file, custom ctx,
etc) and are hard to validate before calling libgd APIs:
- fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
- bug #248, fix Out-Of-Bounds Read in read_image_tga
- gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)
Using application provided parameters, in these cases invalid data causes
the issues:
- Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
- fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
- improve color check for CropThreshold
The build system now enables -Wall and -Werror by default, so pass
--disable-werror to disable that. Notice that this issue has been fixed
upstream post-2.2.3:
https://github.com/libgd/libgd/issues/339
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changed _SITE url to the upstream project site because Sourceforge does
not provide the tarball for 1.2.10 as of now.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
enca and libguess options have been dropped so adjust accordingly.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Riemann-c-client is a C client library for the Riemann monitoring system,
providing a convenient and simple API, high test coverage and a copyleft
license, along with API and ABI stability.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Linux kernel versio to 4.9 and U-Boot to 2016.11.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-8859 - fixes a serious under-allocation bug in regexec due to
integer overflow.
Drop upstream patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even though 'CONFIG_USB=n' does the job, let's switch to the more
standard way for disabling a Kconfig symbol.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV allows the Broadcom wireless driver
to be automatically loaded on boot.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump kernel to version 4.9 and U-Boot to 2016.11.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream commit a8c696bf09d8151323f6e99348c4bc8989f829c8 makes ifup and
ifdown individually selectable, but forgets to update the dependency to
IFUPDOWN_UDHCPC_CMD_OPTIONS, so it is not selectable anymore.
Add a patch which fixes the dependency by checking for IFUP or IFDOWN,
instead of the obsolete IFUPDOWN.
Upstream status: Pending
http://lists.busybox.net/pipermail/busybox/2016-December/085034.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 44a563dbc0 bumps busybox to version
1.26.0, but does not update the minimal configuration file. There is at
least one issue using the old configuration with the newer busybox:
* IFUPDOWN is split into IFUP and IFDOWN in version 1.26.0
Update the minimal configuration file by loading the busybox.config file
and saving it back.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 44a563dbc0 bumps busybox to version
1.26.0, but does not update the configuration file. There is at least
one issue using the old configuration with the newer busybox:
* IFUPDOWN is split into IFUP and IFDOWN in version 1.26.0
Update the configuration file by loading the busybox.config file and
saving it back.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
