This project is mirrored from git://git.buildroot.net/buildroot.
Pull mirroring updated .
- Mar 16, 2020
-
-
Peter Korsgaard authored
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
- Mar 15, 2020
-
-
Carlos Santos authored
They are at /sbin, not /usr/sbin. Signed-off-by: Carlos Santos <unixmania@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Peter Korsgaard authored
Changelog: https://www.php.net/ChangeLog-7.php#7.3.15 Fixes CVE-2020-7061, CVE-2020-7062 & CVE-2020-7063 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/4eba7c4585d318efdb9b965d58d879426588aa14 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 05e47e84) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Max Filippov authored
xtensa ld fails with the following message ld: BFD (GNU Binutils) 2.31.1 internal error, aborting at elf32-xtensa.c:3283 in elf_xtensa_finish_dynamic_sections during domoticz package build. It happens because of mismatch between the size allocated for dynamic relocations in the executable image and the number of PLT relocations actually written to the image. The mismatch is caused by the fact that undefined weak symbol is treated as dynamic (and thus needing PLT relocation), but xtensa linker not expecting that. Fixes: http://autobuild.buildroot.net/results/7885705f1b1c0f31cf21b464150f5509929c1906/ Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Backported from: e15a8da9c71336b06cb5f2706c3f6b7e6ddd95a3 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 1b887cfc) [Peter: drop 2.32 / 2.33.1 patch] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Chris Packham authored
Apply patch from upstream and set PPPD_INGORE_CVES appropriately. Signed-off-by: Chris Packham <judge.packham@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit cfbff145) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
- Switch site to github to get latest release - Drop first and second patches (already in version) - Drop third patch and OPENSSL_INCLUDE_DIR (not needed since https://github.com/paulusmack/ppp/commit/4e713175eae56cb863b39bc19d377f95a35823a8 ) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit d97153be) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Nicolas Carrier authored
for : * pppd/tdb.c * pppd/plugins/pppoatm/COPYING * pppdump/bsd-comp.c * pppd/ccp.c * pppd/plugins/passprompt.c Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> (cherry picked from commit 09d5d650) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Alexander Mukhin authored
glibc since 2.28 dropped DES encryption routines setkey() and encrypt(), but uclibc still provides them. So, if building with uclibc, we can avoid using huge openssl library. Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit b519bcaf) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
Add an option to enable or disable mod_cap and select libcap accordingly instead of using bundled libcap which raise a build failure with headers < 4.3 due to PR_CAP_AMBIENT and will be removed in version 1.3.7: https://github.com/proftpd/proftpd/commit/8c845703fcf2c7978614784126bd074ffc4477f9 Fixes: - http://autobuild.buildroot.org/results/4d680d8204bdf1f3deec2c3eeb9a2d9e6eabe4d5 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit eed76c51) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Alexey Lukyanchuk authored
The web-interface files (~1.8MB) are by default installed under /usr/share/doc/cups, which is unfortunate as Buildroot removes usr/share/doc in target-finalize, breaking the webui. As a fix, store the web-interface files under /usr/share/cups/doc-root, similar to how it is done in Debian. Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru> [Peter: use --with-docdir, update description] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 07ea16bd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Thomas Petazzoni authored
The SWUPDATE_SET_BUILD_OPTIONS macro sets a number of swupdate configuration options with local build details, especially the cross-compiler path and sysroot path. This means that if one stores an swupdate defconfig file as part of Buildroot, generated with "make swupdate-update-defconfig", it will contain things like: CONFIG_CROSS_COMPILE="/home/thomas/projets/buildroot/output/host/bin/arm-linux-" CONFIG_SYSROOT="/home/thomas/projets/buildroot/output/host/arm-buildroot-linux-uclibcgnueabi/sysroot" which obviously are not good, as they are specific to where the build was done. So instead this commit: - Uses the CROSS_COMPILE environment variable to pass the cross-compiler path. - Drops entirely the use of CONFIG_SYSROOT, since all it does is pass a --sysroot option to the compiler, which is not needed in the context of Buildroot. - Pass EXTRA_CFLAGS/EXTRA_LDFLAGS also through the environment. Thanks to that the swupdate defconfig file no longer contains any local build details, and can be re-used by different users of a given Buildroot configuration. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 716f4315) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Peter Seiderer authored
- disable introspection unconditionally (as already done for all other original gstreamer1 packages) - use '=' instead of '+=' for the first usage of GST1_VALIDATE_CONF_OPTS Fixes: http://autobuild.buildroot.net/results/e6e43fb85c71af9bb599ea8bbe2e805b392cf1ad GEN GstValidate-1.0.gir Couldn't find include 'GstPbutils-1.0.gir' (search path: '['/nvmedata/autobuild/instance-6/output-1/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/bin/../share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/nvmedata/autobuild/instance-6/output-1/host/share', 'gir-1.0', '/nvmedata/autobuild/instance-6/output-1/host/share/gir-1.0', '/usr/share/gir-1.0']') make[5]: *** [Makefile:1612: GstValidate-1.0.gir] Error 1 Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 4f64face) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
host-thrift can fail if a broken Qt4 is found on host: CMake Error in lib/cpp/CMakeLists.txt: Imported target "Qt4::QtCore" includes non-existent path "/nvmedata/autobuild/instance-4/output-1/host/usr/mkspecs/default" in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include: * The path was deleted, renamed, or moved to another location. * An install or uninstall procedure did not complete successfully. * The installation package was faulty and references files it does not provide. Fixes: - http://autobuild.buildroot.org/results/57cad5313896c868e99b0b9534678f1c83a386f2 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 2f818657) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/d0ab5334f195a400a6d6dd6c49e3c1a2001b2b70 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit c7e56163) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/9605aac6f760bfff190d0ab95fa50f65486ffe90 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 5d136a7c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 3426b37e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 27acdca7) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Yann E. MORIN authored
Several users of rolling-release distributions have been reporting on IRC that Buildroot is broken now that they have switched to the newly released make 4.3. It turns out that the constructs we use to generated and include the internal br2-external related fragments is no longer working with make-4.3. Indeed, an upstream bug report [0] seems to imply that it so far was working by chance. There has been no further feedback, whether this is really considered a fix for a previous ill-defined behaviour, or an actual regression... In the meantime, we add a workaround, suggested in that same bug report, that fixes the issue for make 4.3, and that should not break on older make versions either (verified on all relevant versions: from 3.81, 3.82, 4.0, 4.1, and 4.2). [0] https://savannah.gnu.org/bugs/?57676 Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Tested-by: Mircea Gliga <mgliga@bitdefender.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 9e2128bf) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
- Fix CVE-2019-1010301: jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. - Fix CVE-2019-1010302: jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file. - Fix CVE-2019-19035: jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file. - Update indentation of hash file (two spaces) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit faf755b4) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
- Remove patch (already in version) - Add hash for license file Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 58a40003) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Peter Seiderer authored
- bump version to 1.3.1 Changelog: * Incorrect alpha value when converting 32-bit framebuffers. * Documentation for github instead of own homepage. - update project URL Fixes bug 12606 ([1]). [1] https://bugs.busybox.net/show_bug.cgi?id=12606 Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Timo Ketola <timo.ketola@exertus.fi> Acked-by: Timo Ketola <timo.ketola@exertus.fi> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit 7e87817d) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit ad9c3393) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 0835550c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/bcc701055dd5876005fa6f78f38500399394cd75 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit a8dc83b8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 05bf029c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit b10cee53) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
This will fix a build failure with vlc and without zlib Fixes: - http://autobuild.buildroot.org/results/7d5f5980f1ba248a1d95b380d422eaeeaca265f8 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 0bb5d1ce) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
Disable libvncserver for static builds and drop second patch following upstream feedback on patch fixing openssl issue: https://github.com/LibVNC/libvncserver/pull/319 This will also fix build failure when building statically with libgcrypt Don't update x11vnc, the reverse dependency of libvncserver, because BR2_PACKAGE_XORG7 already depends on !BR2_STATIC_LIBS Fixes: - http://autobuild.buildroot.org/results/8d7b109d085e3931a874c4fb99f465789485565a Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 726dcc6e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/c3f75480cb4b8b042cdf6a34cc5568ea13e51342 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit a61a8161) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/16aaa4e86a2dbf1acf95f10d5131b0f7b8a3d61a Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit ca393d7a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit aa3687ea) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
- Remove patch (already in version) - autotools is no more available, switch to cmake - Disable ffmpeg (used for example) - Add LZO dependency (to avoid using internal LZO) through the new WITH_LZO option added by https://github.com/LibVNC/libvncserver/commit/139da17b6ed0ccd1acd824a87972182834671f92 - Add hash for license file Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit ee590237) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 70b2411c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 85ed0d1c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Peter Korsgaard authored
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit c7a9e2be) [Peter: drop 5.4.x bump] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
- Mar 14, 2020
-
-
Peter Korsgaard authored
Fixes the following security issues: 2.6.13: - CVE-2019-19553: In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. 2.6.15: - CVE-2020-9428: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. - CVE-2020-9430: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. - CVE-2020-9431: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. Same patch as for CVE-2017-14160 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> [yann.morin.1998@free.fr: - update 0001-*.patch to also reference CVE-2018-10393 ] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit e21730db) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit 3321eef6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-
Fabrice Fontaine authored
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit 8c0ecc91) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-