Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
commit b1ae86c7f7250249ad3faeb7c473e80a71f9fd74 Merge: ddaca9d5c 476067a78 Author: Frank Schütte <[email protected]> Date: Sat Apr 8 14:37:16 2017 +0200 Add 'buildroot/' from commit '604f4058d2b57f9e764aac344f72e117c852c641' git-subtree-dir: buildroot git-subtree-mainline: ddaca9d5cc201ffb618e21e86a32ac980ed327c1 git-subtree-split: 604f4058d2b57f9e764aac344f72e117c852c641 commit ddaca9d5cc201ffb618e21e86a32ac980ed327c1 Author: Frank Schütte <[email protected]> Date: Sat Apr 8 14:36:04 2017 +0200 rm subtree buildroot 2016.11 commit 476067a78d4fd1ddb141a8cccc63cf3e75cbe7a3 Author: Peter Korsgaard <[email protected]> Date: Wed Apr 5 13:35:15 2017 +0200 Update for 2017.02.1 Signed-off-by: Peter Korsgaard <[email protected]> commit c836666c7b89936dbed15e350f4edf7e895c524c Author: Matt Weber <[email protected]> Date: Mon Apr 3 21:06:11 2017 -0500 libselinux: query for python site-packages dir directly With the bump to version 2.6, the following commit needs to be taken into consideration for overloading paths. https://github.com/SELinuxProject/selinux/commit/8162f10e670da963eb65ccf1e7de69ea85aba30d The PYLIBVER is no longer used and the PYTHONLIBDIR is renamed to PYSITEDIR with slightly different pathing. More details can be found in the issue ticket which was marked as a non-issue after analysis that a Buildroot fix was the resolution. https://github.com/SELinuxProject/selinux/issues/51 Signed-off-by: Matthew Weber <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 6a6ce10eba24d43412aada7df7de2ab78e8ffee2) Signed-off-by: Peter Korsgaard <[email protected]> commit f8d1e5f1ea26f7b125bfbb4338dc24ab97e76120 Author: Thomas Petazzoni <[email protected]> Date: Thu Mar 23 00:04:56 2017 +0100 gst-ffmpeg: work-around bogus configure logic on SPARC The libav version built into the gst-ffmpeg code produces a bogus binary on SPARC, which causes the following error of the check-bin-arch script: ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstffmpeg.so is Sparc v8+, should be Sparc ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstpostproc.so is Sparc v8+, should be Sparc ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstffmpegscale.so is Sparc v8+, should be Sparc The problem is the following bit of code in gst-lib/ext/libav/configure: elif enabled sparc; then enabled vis && check_asm vis '"pdist %f0, %f0, %f0"' -mcpu=ultrasparc && add_cflags -mcpu=ultrasparc -mtune=ultrasparc I.e, it checks if the architecture supports the pdist instruction... but forces -mcpu to ultrasparc while doing so. So it's like "let's see if this Ultrasparc instruction exists when I force the compiler to think I'm using Ultrasparc", which is non-sensical. This has been fixed later on in libav upstream: https://git.libav.org/?p=libav.git;a=commit;h=6aa93689abe8c095cec9fa828c2dee3131008995 However, this commit cannot be backported as-is since the shell function check_inline_asm did not exist in the old libav version bundled in gst-ffmpeg. Therefore, we take the simpler route of disabling the VIS optimizations on SPARCv8 and Leon3. Fixes: http://autobuild.buildroot.net/results/e82d179c3d4f92ad7423693a4b1d42379a3f5411/ Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit d2b73875c3b8a6ec518c1424eaf92c1257fa40aa) Signed-off-by: Peter Korsgaard <[email protected]> commit c61338a628879610671826f0aa766473023c8219 Author: Julien BOIBESSOT <[email protected]> Date: Mon Apr 3 14:25:43 2017 +0200 package/tyrian: fixes compilation with static libs Has been tested with: "./support/scripts/test-pkg -c tyrian.cfg -p opentyrian" Fixes: http://autobuild.buildroot.net/results/0e2345db82b33f591958fc0f72ad914adafe0522 and some similar previous build failure. Thanks Thomas for the tip ;-). Signed-off-by: Julien BOIBESSOT <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit dd99f2cb7d10f20568cab22c498a9e1831b5a351) Signed-off-by: Peter Korsgaard <[email protected]> commit eeec31f2a05b72c5616cbdd775b326a481ecdb39 Author: Yegor Yefremov <[email protected]> Date: Mon Apr 3 10:14:41 2017 +0200 libsoc: add host-pkgconf dependency Without pkg-config PKG_CHECK_MODULES won't be expanded and ./configure script produces following error message: ./configure: line 12237: syntax error near unexpected token `PYTHON,' ./configure: line 12237: ` PKG_CHECK_MODULES(PYTHON, python-"$PYTHON_VERSION")' Fixes: http://autobuild.buildroot.net/results/86e/86e04bd2b10527130306451e56a7693ed4b4befd Signed-off-by: Yegor Yefremov <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 8975e9f2c77c6861964906e6b5ebd894cdccf45f) Signed-off-by: Peter Korsgaard <[email protected]> commit 1a58c4c7b0dade55fae1fd325b5d2a129502467b Author: Fabio Estevam <[email protected]> Date: Sun Apr 2 15:15:14 2017 -0300 linux-headers: bump 4.{4, 9, 10}.x series [Peter: drop 4.10.x bump] Signed-off-by: Fabio Estevam <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 69356afc81cee7a1b1c749274b26db507133b8d6) Signed-off-by: Peter Korsgaard <[email protected]> commit 6338df7dea0dcca5c1ff2689008dd058bce677e8 Author: Peter Korsgaard <[email protected]> Date: Thu Mar 30 23:03:35 2017 +0200 audiofile: add security patch for CVE-2017-6839 Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ https://github.com/mpruett/audiofile/issues/41 Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 844a7c6281eb442881330a5d36d5a0719f2870bf) Signed-off-by: Peter Korsgaard <[email protected]> commit c9890cfa67a887bf24aea7043d912ee6e8e669c0 Author: Peter Korsgaard <[email protected]> Date: Thu Mar 30 23:03:34 2017 +0200 audiofile: add security patch for CVE-2017-6831 Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp https://github.com/mpruett/audiofile/issues/35 Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit bd5f84d301c4e74ca200a9336eca88468ec0e1f3) Signed-off-by: Peter Korsgaard <[email protected]> commit 16daa3c10dbba15bc1e2bec590c1489c967a59e0 Author: Peter Korsgaard <[email protected]> Date: Thu Mar 30 23:03:33 2017 +0200 audiofile: add security patch for CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838 CVE-2017-6830: A heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp https://github.com/mpruett/audiofile/issues/34 CVE-2017-6834: A heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp https://github.com/mpruett/audiofile/issues/38 CVE-2017-6836: A heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h https://github.com/mpruett/audiofile/issues/40 CVE-2017-6838: Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ https://github.com/mpruett/audiofile/issues/41 Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 4a1a8277bba490d227f413e218138e39f1fe1203) Signed-off-by: Peter Korsgaard <[email protected]> commit 5e24ed52e4513ed49810455a91c70f496efbc9cc Author: Peter Korsgaard <[email protected]> Date: Thu Mar 30 23:03:32 2017 +0200 audiofile: add security patch for CVE-2017-6829 The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp https://github.com/mpruett/audiofile/issues/33 Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 434890df2a7c131b40fec1c49e6239972ab299d2) Signed-off-by: Peter Korsgaard <[email protected]> commit 4f533d049ae78647431a9384206b8fe8733b61d9 Author: Peter Korsgaard <[email protected]> Date: Thu Mar 30 23:03:31 2017 +0200 audiofile: add security patch for CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837 CVE-2017-6827: A heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp https://github.com/mpruett/audiofile/issues/32 CVE-2017-6828: A Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp https://github.com/mpruett/audiofile/issues/31 CVE-2017-6832: A Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp https://github.com/mpruett/audiofile/issues/36 CVE-2017-6833: The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp https://github.com/mpruett/audiofile/issues/37 CVE-2017-6835: The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp https://github.com/mpruett/audiofile/issues/39 CVE-2017-6837: WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. http://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ https://github.com/mpruett/audiofile/issues/41 Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit cc00bde57fc20d11f8fa4e8ec5f193c091714c55) Signed-off-by: Peter Korsgaard <[email protected]> commit 9eb481bbfea238ee6c0b9258ef039a9a20a3dac4 Author: Baruch Siach <[email protected]> Date: Fri Mar 31 14:09:36 2017 +0300 pcre: add upstream security fixes Take Debian adapted patches of upstream. Fixes: CVE-2017-6004: crafted regular expression may cause denial of service CVE-2017-7186: invalid Unicode property lookup may cause denial of service Signed-off-by: Baruch Siach <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 3143910eec12a5b23e853b3177bf316ac186b87a) Signed-off-by: Peter Korsgaard <[email protected]> commit 40192c1aa1339514ec166ef1ffbf1657f47d8c86 Author: Fabio Estevam <[email protected]> Date: Thu Mar 30 11:24:45 2017 -0300 linux-headers: bump 4.{4, 9, 10}.x series [Peter: drop 4.10.x bump] Signed-off-by: Fabio Estevam <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit c720701c4d3b23e35908319e6ade082c9e5a1433) Signed-off-by: Peter Korsgaard <[email protected]> commit 1244b189543a11f1d712caf12efb7ee8703eba97 Author: Thomas Petazzoni <[email protected]> Date: Sun Mar 26 23:43:40 2017 +0200 system: do not overwrite /bin/sh Busybox symlink The BR2_SYSTEM_BIN_SH hidden option defines to what binary the /bin/sh symlinks should point to. If busybox is chosen, then /bin/sh is created to point to /bin/busybox. This works fine with the default installation mode of Busybox, but it fails with the upcoming "individual binaries" mode, in which each applet is installed as its own binary, and /bin/busybox doesn't exist: we get /bin/sh as a broken symlink to /bin/busybox. Since Busybox already installs its own /bin/sh symlink, properly pointing to /bin/ash or /bin/hush depending on the selected shell, it doesn't make sense for the BR2_SYSTEM_BIN_SH logic to override this. Just let Busybox install its own /bin/sh by making BR2_SYSTEM_BIN_SH empty when Busybox shell is selected as /bin/sh. Signed-off-by: Thomas Petazzoni <[email protected]> Reviewed-by: Matthew Weber <[email protected]> Acked-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit fc91501e6b32ef1b015ac9b0fbf6d64aa1ce0162) Signed-off-by: Peter Korsgaard <[email protected]> commit d09c7e4d45261ef03277c9f46a07c81686f5e5bb Author: Pawel Sikora <[email protected]> Date: Mon Mar 27 00:44:14 2017 +0200 syslog-ng: Bump version header in conf file to 3.9 Package version of syslog-ng is 3.9.1. Bumping version number in syslog-ng.conf to 3.9 Fixing warning message about configuration file being too old. Signed-off-by: Pawel Sikora <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 3dad25466d2931eeecde23867bed79b1d7213887) Signed-off-by: Peter Korsgaard <[email protected]> commit 119e94b830a14a2c82d11bf5dfc16b46ece06702 Author: Peter Korsgaard <[email protected]> Date: Tue Mar 28 17:18:08 2017 +0200 samba4: security bump to version 4.5.7 Fixes CVE-2017-2619: All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. Samba uses the realpath() system call to ensure when a client requests access to a pathname that it is under the exported share path on the server file system. Clients that have write access to the exported part of the file system via SMB1 unix extensions or NFS to create symlinks can race the server by renaming a realpath() checked path and then creating a symlink. If the client wins the race it can cause the server to access the new symlink target after the exported share path check has been done. This new symlink target can point to anywhere on the server file system. This is a difficult race to win, but theoretically possible. Note that the proof of concept code supplied wins the race reliably only when the server is slowed down using the strace utility running on the server. Exploitation of this bug has not been seen in the wild. Signed-off-by: Peter Korsgaard <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 493cedf3af061b90a899826e0c184c2f484414f6) Signed-off-by: Peter Korsgaard <[email protected]> commit e29fa95b8368f9b85a1bfb2cef9741c6218c59b3 Author: Yann E. MORIN <[email protected]> Date: Sat Jan 28 11:41:32 2017 +0100 core/br2-external: properly report unexpected errors Unextected error in the br2-external script are properly caught, but they are not reported properly, and we end up in either of two situations: - the .br2-external.mk file is not generated, in which case make will try to find a rule to generate it (because the 'include' directive tries to generate missing files); - the .br-external.mk file is generated but does not contain the error variable, and thus the build might not get interrupted. We fix that by using a trap on the pseudo ERR signal, to emit the error variable on unexpected errors. Signed-off-by: "Yann E. MORIN" <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit c5fa9308ea4e3810a7f7d9d0df75cbf090c414c4) Signed-off-by: Peter Korsgaard <[email protected]> commit 74ed2a833da74b33e0ad8c4fd77e789885b3a9fd Author: Rahul Bedarkar <[email protected]> Date: Wed Mar 22 23:18:52 2017 +0530 taglib: fix legal info taglib is dual licensed under LGPLv2.1 or MPLv1.1. Almost all source files have license text mentioning LGPLv2.1 or alternatively MPLv1.1. Signed-off-by: Rahul Bedarkar <[email protected]> [Thomas: use MPL-1.1 instead of MPLv1.1, since MPL-1.1 is the SPDX license code for this license.] Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit f30a3940c8dc5fc9bbe3a0ace457201808142183) Signed-off-by: Peter Korsgaard <[email protected]> commit c1be21ac128640dd600da2ad5840c74d72a799ee Author: Rahul Bedarkar <[email protected]> Date: Wed Mar 22 23:18:51 2017 +0530 dbus-triggerd: add license file In absence of license file, use source file as a license file since it has license header in comments. Signed-off-by: Rahul Bedarkar <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 50284570fbefa37c8874b47cd5998bd890e54632) Signed-off-by: Peter Korsgaard <[email protected]> commit 0b670f3879eaa1bc56b6eaeeed54f36aba831219 Author: Rahul Bedarkar <[email protected]> Date: Wed Mar 22 23:18:50 2017 +0530 dbus-glib: fix legal info dbus glib bindings are dual licensed under AFLv2.1 or GPLv2+. Separate licenses using 'or' keyword. Signed-off-by: Rahul Bedarkar <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit f70f0b497f8a072eb22aff0bd934467b706cffd8) Signed-off-by: Peter Korsgaard <[email protected]> commit 2d7d618f7c8d53da9fb828ced4b445635ddb44c0 Author: Fabio Estevam <[email protected]> Date: Sun Mar 26 10:49:43 2017 -0300 linux-headers: bump 4.{4, 9, 10}.x series [Peter: drop 4.10.x update] Signed-off-by: Fabio Estevam <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit b718c776ca1a5d204f2ae9a765331a32e87e9560) Signed-off-by: Peter Korsgaard <[email protected]> commit 3400806b9d555cf2f30154feeecd19221b8b52a0 Author: Rodrigo Rebello <[email protected]> Date: Sun Mar 26 03:36:54 2017 -0300 htop: use correct ncurses config script name The ncurses config script can have different names depending on the configuration (e.g. wchar support enabled/disabled). So, use $(NCURSES_CONFIG_SCRIPTS) from the ncurses package as it contains the proper name. Signed-off-by: Rodrigo Rebello <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 8cd1554ee162f6344dab078233f4f6c0d93e7c24) Signed-off-by: Peter Korsgaard <[email protected]> commit 9d70c89b8029cef33a3abfa2ab98f1f68656c947 Author: Rodrigo Rebello <[email protected]> Date: Sun Mar 26 03:36:53 2017 -0300 slang: use correct ncurses config script name The ncurses config script can have different names depending on the configuration (e.g. wchar support enabled/disabled). So, use $(NCURSES_CONFIG_SCRIPTS) from the ncurses package as it contains the proper name. Fixes: http://autobuild.buildroot.net/results/c97554c05e121c76407be53ba37924cfcb658e9d/ http://autobuild.buildroot.net/results/b0a31a3491a30ee0d6e6e7dbba68a86f0e00943d/ http://autobuild.buildroot.net/results/a77241141cf8710fa945523ef62327798e3c4824/ [...] Signed-off-by: Rodrigo Rebello <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit b3e4ed92380080334d3d09bb4a53dc6102edd8aa) Signed-off-by: Peter Korsgaard <[email protected]> commit ccf0e0767d6c73dd23852fad5de2900c6f88fd56 Author: Bernd Kuhls <[email protected]> Date: Thu Mar 23 20:37:00 2017 +0100 package/ntp: fix build for toolchains without ssp ntp defaults to use ssp support http://bk1.ntp.org/ntp-stable/sntp/harden/README by using these flags http://bk1.ntp.org/ntp-stable/sntp/harden/linux If the toolchain lacks SSP support this patch forces ntp to use an empty set of flags: http://bk1.ntp.org/ntp-stable/sntp/harden/default Fixes http://autobuild.buildroot.net/results/1d5/1d58bd8745b22c8eb71fea4c7255d3ace69f6f7a/ Signed-off-by: Bernd Kuhls <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 00968bcac0674250956e99b6fafbf9b373446488) Signed-off-by: Peter Korsgaard <[email protected]> commit 30a9181448690d01d3aad51d0c2458b0c5ec1761 Author: Jörg Krause <[email protected]> Date: Fri Mar 24 08:53:21 2017 +0100 busybox: fix mdev.conf mdev does not set "/dev/snd" and "/dev/input" group and permission propery, because with commit c3cf1e30a3022453311a7e9fe11d94c7a381640e (May 2013!) the behavior of mdev has changed. The device name is now taken directly from the uevent file and does no longer match the old rule. Fix the rules for "/dev/snd" and "/dev/input" according to the example given in [1]. [1] http://lists.busybox.net/pipermail/busybox/2015-February/082297.html Signed-off-by: Jörg Krause <[email protected]> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit afb585468b33c76d41686cb92e7f56565fe150e4) Signed-off-by: Peter Korsgaard <[email protected]> commit 03316d1719645ea47aac6de3a29877345c5e0a67 Author: Jörg Krause <[email protected]> Date: Fri Mar 24 09:47:43 2017 +0100 upmpdcli: add user to the audio group upmpdcli runs as user and group upmpdcli. In order to allow it to access the ALSA devices add it to the audio group. Signed-off-by: Jörg Krause <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit ab9842e360ae08954b07504a20cd053fe146f383) Signed-off-by: Peter Korsgaard <[email protected]> commit 5bc876f43b1954e0494b5f360c8e0f9ddc5624e4 Author: Vicente Olivert Riera <[email protected]> Date: Wed Mar 22 13:19:27 2017 +0000 linux-headers: bump 3.{2, 12}.x and 4.{1, 4, 9, 10}.x series [Peter: drop 4.10.x update] Signed-off-by: Vicente Olivert Riera <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 0d70d1dbf054f4a0609ba1076bc7e097305013d2) Signed-off-by: Peter Korsgaard <[email protected]> commit 13eec966adfdc6c7659bff0cb7fd27056c248127 Author: Bernd Kuhls <[email protected]> Date: Wed Mar 22 22:03:13 2017 +0100 package/ntp: security bump to 4.2.8p10 Changed NTP_SITE to https to circumvent "URL transformed to HTTPS due to an HSTS policy" during download. For details about the bugs fixed see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://www.kb.cert.org/vuls/id/633847 Signed-off-by: Bernd Kuhls <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit b47aec79d2e19ef7e3f04d2758c3a2930d47cebe) Signed-off-by: Peter Korsgaard <[email protected]> commit 293f9d2f18d28e2f5f235ba4c94a6bb695ecf6c9 Author: Arnout Vandecappelle <[email protected]> Date: Tue Mar 21 01:07:01 2017 +0100 squashfs: correct hash When squashfs was bumped to 3de1687d in commit ee90313c64, the hash file was not updated. This wasn't noticed before since hashes are not checked for git downloads. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]> Cc: Thomas De Schampheleire <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 85c832247e40f00f48ac328970bb39ab7851f042) Signed-off-by: Peter Korsgaard <[email protected]> commit a2c0793636adaf44df268dc9a406d12a8bd42e7f Author: Arnout Vandecappelle <[email protected]> Date: Tue Mar 21 01:07:00 2017 +0100 linux-firmware: correct hash When linux-firmware was bumped to 6d3bc8886 in commit 3ff5896ff, a hash file was added but the hash was wrong. This wasn't noticed before since hashes are not checked for git downloads. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]> Cc: Adam Duskett <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 0409b136985ff582d561076f03685da9890fa325) Signed-off-by: Peter Korsgaard <[email protected]> commit 2f426dadad24fa46909ed6504d19eb7ccbd55657 Author: Arnout Vandecappelle <[email protected]> Date: Tue Mar 21 01:06:59 2017 +0100 fmc: correct hash file It had sha256sum instead of sha256. This wasn't noticed before since hashes for git downloads are not checked. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]> Cc: Matthew Weber <[email protected]> Reviewed-by: Matthew Weber <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit ba717fde72c862a283a035b3b44377bb48d08284) Signed-off-by: Peter Korsgaard <[email protected]> commit e6b2152cd15bd8a9ed8a72c2ef2c07959839d46d Author: Arnout Vandecappelle <[email protected]> Date: Tue Mar 21 01:06:57 2017 +0100 download/git: create GNU format tar files On most distros, the tar format defaults to GNU. However, at build time the default format may be changed to posix. Also, future versions of tar will default to posix. Since we want the tarballs created by the git download method to be reproducible (so their hash can be checked), we should explicitly specify the format. Since existing tarballs on sources.buildroot.org use the GNU format, and also the existing hashes in the *.hash files are based on GNU format tarballs, we use the GNU format. In addition, the Posix format encodes atime and ctime as well as mtime, but tar offers no option like --mtime to override them. In the GNU format, atime and ctime are only encoded if the --incremental option is given. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]> Cc: Peter Seiderer <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 0f369a9231b2c67748f4f0c2dbb33ebdc2890478) Signed-off-by: Peter Korsgaard <[email protected]> commit ac75d32ae79aed38e003361503a601edad384d23 Author: Yegor Yefremov <[email protected]> Date: Tue Mar 21 09:22:33 2017 +0100 graph-depends: rename pkgutil.py to brpkgutil.py pkgutil.py is also part of Python itself. Placing pkgutil.py as is in a folder with other scripts that require original pkgutil will break them. This is the case with scanpypi. So rename pkgutil.py to brpkgutil.py to avoid naming collision. Fixes: https://bugs.busybox.net/show_bug.cgi?id=9766 Signed-off-by: Yegor Yefremov <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 3b627c89dc8adf8c60efd773935bf66004e8433d) Signed-off-by: Peter Korsgaard <[email protected]> commit eaadfab8e8c77d9b66b0b9b1215a6ebd0ca6307c Author: Thomas Petazzoni <[email protected]> Date: Tue Mar 21 22:21:20 2017 +0100 ltp-testsuite: disable Open POSIX testsuite The Open POSIX testsuite builds and installs to the target directory a program called 't0' that isn't cross-compiled, which is bad. Since the LTP build system is autoconf but not automake based, and the Open POSIX testsuite is a sort of sub-project inside it, fixing the issue is not trivial. Therefore, we simply disable the Open POSIX testsuite entirely. Oddly enough, --without-open-posix-testsuite doesn't work due to another bug, so we simply have to remove --with-open-posix-testsuite. Open POSIX testsuite cross-compilation issue reported at https://github.com/linux-test-project/ltp/issues/144. Configure script bug reported at https://github.com/linux-test-project/ltp/issues/143. Fixes: http://autobuild.buildroot.net/results/8326ba9eb257dfc92c1ad282ba6d3565e8250def/ Signed-off-by: Thomas Petazzoni <[email protected]> Reviewed-by: "Yann E. MORIN" <[email protected]> Tested-by: "Yann E. MORIN" <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit b57e1355a72da407c19315cb4187767d28e4d064) Signed-off-by: Peter Korsgaard <[email protected]> commit 55a23407aff9ab0b3e3c72b7c5fd6c8873a910d2 Author: Yann E. MORIN <[email protected]> Date: Tue Mar 21 22:33:59 2017 +0100 package/dbus-cpp: fix cross-compilation dbus-cpp has an ugly hack to not cross-build the tools when it detects cross-compilation. However, we already have a host variant that builds those tools (and we anyway don't seem to need them to begin with). Drop our patch that propagates the CXXFLAGS/LDFLAGS_FOR_BUILD. Replace with a patch to cross-compile the tools. Fixes: http://autobuild.buildroot.org/results/110/1100539caae6ef62c61a3b96bc54f7c0a215cc62/ and many, many more. Signed-off-by: "Yann E. MORIN" <[email protected]> Cc: Gustavo Zacarias <[email protected]> Cc: Thomas Petazzoni <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit f5dbd0dea159393e779f6a1f5fa53b9fa07ff34a) Signed-off-by: Peter Korsgaard <[email protected]> commit 3b9349e3cb8804bf3f1d2de3823f58371e735ab9 Author: Julien Beraud <[email protected]> Date: Tue Mar 21 14:23:56 2017 +0100 apr: fix size of pid_t pid_t is a signed 32bits integer on both 32bits and 64bits architectures. This fixes an issue with apache server which causes bad pid to be written in PidFile Signed-off-by: Julien Beraud <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit ee8cbc5fca779ff054a50ed8e6271952367147c7) Signed-off-by: Peter Korsgaard <[email protected]> commit 22dd05433e0e0309628489b983569d2d47c57341 Author: Vicente Olivert Riera <[email protected]> Date: Tue Mar 21 15:40:08 2017 +0000 memcached: bump version to 1.4.36 From the release notes (https://github.com/memcached/memcached/wiki/ReleaseNotes1436): Important bug fix that could lead to a hung slab mover. Also improves memory efficiency of chunked items. [Peter: add release notes link / mention important bug fix] Signed-off-by: Vicente Olivert Riera <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit adfe049d85b09a2ce780ce49f8e53d9cfaf90e2d) Signed-off-by: Peter Korsgaard <[email protected]> commit 2239406dc1820c1b9958f559737abc9d904d5142 Author: Vicente Olivert Riera <[email protected]> Date: Mon Mar 13 11:43:50 2017 +0000 memcached: bump version to 1.4.35 Signed-off-by: Vicente Olivert Riera <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 36cabc5a744d97090784a29a4001a994728e0539) Signed-off-by: Peter Korsgaard <[email protected]> commit df0c78d61e142781b6da3d0cf789b8b7b1ae3055 Author: Baruch Siach <[email protected]> Date: Tue Mar 21 15:11:22 2017 +0200 openssh: security bump to version 7.5 From the release notes (https://www.openssh.com/txt/release-7.5): Security -------- * ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed. Note that the OpenSSH client disables CBC ciphers by default, sshd offers them as lowest-preference options and will remove them by default entriely in the next release. Reported by Jean Paul Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of Royal Holloway, University of London. * sftp-client(1): [portable OpenSSH only] On Cygwin, a client making a recursive file transfer could be maniuplated by a hostile server to perform a path-traversal attack. creating or modifying files outside of the intended target directory. Reported by Jann Horn of Google Project Zero. [Peter: mention security fixes] Signed-off-by: Baruch Siach <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 2204f4deb1c6c6ff4accd84b5aa2d42f5930b730) Signed-off-by: Peter Korsgaard <[email protected]> commit dc9ecb90c58908ffa0d896d4da5b1d4b917253c7 Author: Peter Seiderer <[email protected]> Date: Mon Mar 6 21:43:47 2017 +0100 gst1-plugins-bad: waylandsink needs wayland-protocols Signed-off-by: Peter Seiderer <[email protected]> ---- Changes v1 -> v2: - use select instead of depends for BR2_PACKAGE_WAYLAND_PROTOCOLS (suggested by Thomas Petazzoni) - add select BR2_PACKAGE_WAYLAND_PROTOCOLS to missing second place (BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WAYLAND) Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 5a2d37ca125c1742864af0e9324234f8f3ecc071) Signed-off-by: Peter Korsgaard <[email protected]> commit 1c1b702a466023f8826cfb6a386e9b4683880875 Author: Peter Seiderer <[email protected]> Date: Fri Mar 10 20:54:54 2017 +0100 libxkbcommon: disable wayland support Disable wayland support (only needed for the interactive-wayland test program). This fixes a compile failure in case wayland support is autodetected: GEN xdg-shell-unstable-v5-protocol.c /bin/sh: /usr/bin/wayland-scanner: No such file or directory Makefile:2426: recipe for target 'xdg-shell-unstable-v5-protocol.c' failed make[3]: *** [xdg-shell-unstable-v5-protocol.c] Error 127 make[3]: *** Waiting for unfinished jobs.... GEN xdg-shell-unstable-v5-client-protocol.h /bin/sh: /usr/bin/wayland-scanner: No such file or directory Makefile:2428: recipe for target 'xdg-shell-unstable-v5-client-protocol.h' failed make[3]: *** [xdg-shell-unstable-v5-client-protocol.h] Error 127 Signed-off-by: Peter Seiderer <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 7665b5870995ef059d1654c35557b53c04a71d1d) Signed-off-by: Peter Korsgaard <[email protected]> commit 51038b08eebee72d89ec7871d1ffe5c84abb2b9f Author: Romain Naour <[email protected]> Date: Sun Mar 19 21:51:53 2017 +0100 package/mesa3d: add lm-sensors optional dependency radeon-pci-0008 Adapter: PCI adapter temp1: +56.0 C (crit = +120.0 C, hyst = +90.0 C) Signed-off-by: Romain Naour <[email protected]> Cc: Bernd Kuhls <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 73401587e5984397bedddab61ad6c89712041267) Signed-off-by: Peter Korsgaard <[email protected]> commit b277a7f0db52b02f79a29a7816169abfefd51f91 Author: Rahul Bedarkar <[email protected]> Date: Mon Mar 20 20:41:18 2017 +0530 filemq: correct license All source files, except src/filemq_client.c and src/filemq_server.c, has MPL Version 2.0 license text in file header. As confirmed with upstream [1] (L)GPLv3 license texts COPYING and COPYING.LESSER are leftover from previous implementation. [1] - https://github.com/zeromq/filemq/issues/74 Signed-off-by: Rahul Bedarkar <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 205a0289d4a0aefc76b0c937c2f725517114c658) Signed-off-by: Peter Korsgaard <[email protected]> commit eb021f3547a721d77de73789bd23a44c6e3ea8f7 Author: Eric Le Bihan <[email protected]> Date: Mon Mar 20 21:11:22 2017 +0100 skalibs: fix endianness detection on x86 Update the patch for compile time endianness detection so it works on x86 platforms using GCC <= 4.4. Fixes: http://autobuild.buildroot.net/results/c2e8e1180571976b412cbba729c45a3698aea0b2 http://autobuild.buildroot.net/results/2ee47107d8a67470f7bc3e10cf763202d5455d17 Signed-off-by: Eric Le Bihan <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 8eecaf2d122f7da6f59964f5eb00139a32373d06) Signed-off-by: Peter Korsgaard <[email protected]> commit 05bc9b0c339d3ed0830cff3e702cdccefcf2b068 Author: Baruch Siach <[email protected]> Date: Mon Mar 20 06:16:56 2017 +0200 wget: add upstream security fix Fixes CVE-2017-6508: CRLF injection in the url_parse function in url.c http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html Signed-off-by: Baruch Siach <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 7132fc9c11573a460243895c85e66b514b71c041) Signed-off-by: Peter Korsgaard <[email protected]> commit 55c742f83a563668caf4435526a780c80bdd6014 Author: Fabio Estevam <[email protected]> Date: Sat Mar 18 11:21:42 2017 -0300 linux-headers: bump 4.{4, 9, 10}.x series [Peter: drop 4.10.x update] Signed-off-by: Fabio Estevam <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit f4978bf018d4f03834f879f3dfc4e8237846742e) Signed-off-by: Peter Korsgaard <[email protected]> commit 8c6080b06cee662b409e2256cee0570684170f19 Author: Jan Kundrát <[email protected]> Date: Fri Mar 17 17:02:54 2017 +0100 skeleton: fix permissions on /dev/pts/ptmx Without this patch, it is not possible to allocate PTYs when a generated rootfs image with a recent glibc and systemd is launched as a container on an RHEL7 system via machinectl/systemd-nspawn. The container boots, but `machinectl login mycontainer` fails. The culprit is /dev/pts/ptmx with 0000 perms. On a typical system, there are two `ptmx` devices. One is provided by the devpts at /dev/pts/ptmx and it is typically not directly accessed from userspace. The other one which actually *is* opened by processes is /dev/ptmx. Kernel's documentation says these days that /dev/ptmx should be either a symlink, or a bind mount of the /dev/pts/ptmx from devpts. When a container is launched via machinectl/machined/systemd-nspawn, the container manager prepares a root filesystem so that the container can live in an appropriate namespace (this is similar to what initramfs is doing on x86 desktops). During these preparations, systemd-nspawn mounts a devpts instance using a correct ptmxmode=0666 within the container-to-be's /dev/pts, and it adds a compatibility symlink at /dev/ptmx. However, once systemd takes over as an init in the container, /lib/systemd/systemd-remount-fs applies mount options from /etc/fstab to all fileystems. Because the buildroot's template used to not include the ptmxmode=... option, a default value of 0000 was taking an effect which in turn led to not being able to allocate any pseudo-terminals. The relevant kernel option was introduced upstream in commit 1f8f1e29 back in 2009. The oldest linux-headers referenced from buildroot's config is 3.0, and that version definitely has that commit. Mount options that are not understood by the system are anyway ignored, so backward compatibility is preserved. Signed-off-by: Jan Kundrát <[email protected]> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]> [Thomas: fix commit title, adjust commit log.] Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 8196b299ba12bd6741bf7f4462cad180dab77fb0) Signed-off-by: Peter Korsgaard <[email protected]> commit 74293a15bdfda83bb83f15f9dc459a54a6ab99f0 Author: Arnout Vandecappelle <[email protected]> Date: Fri Mar 17 17:06:16 2017 +0100 fakeroot: depend on acl Recent versions of fakeroot have grown support for acl. We don't really need this since we don't use acls in Buildroot. However, it turns out that "cp -a" does something funky with acls, with the result that fakeroot without acl support looses the ownership and permissions on the copied file. "cp -a" may be (is even likely to be) used in a BR2_ROOTFS_POST_FAKEROOT_SCRIPT, so we need to support this. Note that host-acl itself depends on host-attr, so this pulls in two extra packages in each build. The impact on build time is about 10s. Cc: Andreas Naumann <[email protected]> Cc: Maxime Hadjinlian <[email protected]> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 2a222446b4614a38b4042df54b68b69b96939708) Signed-off-by: Peter Korsgaard <[email protected]> commit f6ba4399324396d690d95a2b1a11d87a4ffe173f Author: Arnout Vandecappelle <[email protected]> Date: Fri Mar 17 17:06:15 2017 +0100 acl: add host variant We need host-acl to fix issues with fakeroot. Unfortunately, all the hacks (except the .la fixup) have to be repeated. Cc: Yegor Yefremov <[email protected]> Cc: Andreas Naumann <[email protected]> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit c83446fccace19694e20b1d0a730680244d724fe) Signed-off-by: Peter Korsgaard <[email protected]> commit c7c5c7e5f6837bd47fb95d2df96726aeacbaf28f Author: Arnout Vandecappelle <[email protected]> Date: Fri Mar 17 17:06:14 2017 +0100 acl: make sure build picks up TARGET_CFLAGS The acl build system doesn't use automake, therefore it is broken. It doesn't use the CFLAGS passed by configure. Work around this by passing CFLAGS in the environment. The makefiles append to CFLAGS, so this works. This issue hasn't led to build failures, but it is visible e.g. when stack protector is enabled: the stack protector options are not applied to acl. Also debug and optimisation options aren't applied. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]> Cc: Yegor Yefremov <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 99c9b0affde4fcc3270425319b98a0e5e32f5964) Signed-off-by: Peter Korsgaard <[email protected]> commit 3e386020722b85aaf89b9dccc0263905763c8d08 Author: Peter Korsgaard <[email protected]> Date: Thu Mar 16 16:31:46 2017 +0100 xlib_libXv: correct license info The license is actually closer to ISC than MIT, E.G.: https://opensource.org/licenses/ISC vs https://opensource.org/licenses/MIT >From COPYING: Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the names of Digital or MIT not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. E.G. this is very similar to the normal ISC text which has been extended with a BSD-3c style advertisinc clause. Both are permissive licenses, but it is more correct to call it ISC-like. Notice: As pointed out by Rahul Bedarkar, this may actually be more closely related to the OpenBSD template license: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.template?rev=HEAD But that is also based on the ISC license, so calling it ISC-like is still correct. Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit aad15918520391ea0952d742db9c52c3ac2b1f7e) Signed-off-by: Peter Korsgaard <[email protected]> commit 2a778d53fa6bf7c232ad57eedbd0fd9bf7328c84 Author: Romain Naour <[email protected]> Date: Fri Mar 17 00:02:06 2017 +0100 package/cairo: update license information As noticed by Rahul Bedarkar, the cairo library is LGPLv2.1 only (not LGPLv2.1+) or MPLv1.1. Signed-off-by: Romain Naour <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 0768932a0229b2c201c292023f59a868ecdb1222) Signed-off-by: Peter Korsgaard <[email protected]> commit fd28c44ce87b7480a24e596f7a34e3d30e577333 Author: Baruch Siach <[email protected]> Date: Thu Mar 16 20:41:23 2017 +0200 tcpreplay: patch security issue Add upstream patch for CVE-2017-6429: Buffer overflow when reading crafted pcap file with large packets. https://github.com/appneta/tcpreplay/issues/278 Signed-off-by: Baruch Siach <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 62bf2bfd53885fbd62a8e9345c7f3d7a4d619342) Signed-off-by: Peter Korsgaard <[email protected]> commit 8cd0e35189346419b4ca60f275f8663de21877c2 Author: Rahul Bedarkar <[email protected]> Date: Thu Mar 16 17:24:01 2017 +0530 taglib: update homepage link Avoid redirect. Signed-off-by: Rahul Bedarkar <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit a411212d22cb84b92201b5a02ef8b860b0a17280) Signed-off-by: Peter Korsgaard <[email protected]> commit bae94a6e65449729a1c73dc38698e11379b645d6 Author: Gustavo Zacarias <[email protected]> Date: Wed Mar 15 15:08:36 2017 -0300 mbedtls: security bump to verison 2.4.2 Fixes: CVE-2017-2784 - Freeing of memory allocated on stack when validating a public key with a secp224k1 curve. Signed-off-by: Gustavo Zacarias <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 465ce2ea73cc1d98972cde45114f7b0e35e32ff2) Signed-off-by: Peter Korsgaard <[email protected]> commit f2e01f9c189b3d04cae85c72263c88d49c171b8d Author: Peter Korsgaard <[email protected]> Date: Wed Mar 15 11:48:32 2017 +0100 mariadb: security bump to version 10.1.22 Fixes: CVE-2017-3302 - C client library for MySQL (libmysqlclient.so) has use-after-free defect which can cause crash of applications using that MySQL client. CVE-2017-3313 - Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. And a number of important, but non-security related fixes: MDEV-11842: Fix a 10.1.21 regression with failed INSERT, BEFORE INSERT triggers, and columns with no default value MDEV-12075: Fix a 10.1.21 regression in the InnoDB data file extension code For details, see the release notes: https://mariadb.com/kb/en/mariadb/mariadb-10122-release-notes/ Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 467b38892aa23927ad1140119f0f17c23e896e7e) Signed-off-by: Peter Korsgaard <[email protected]> commit 604b463d534943701024d7878dd2017c45ed5088 Author: Peter Korsgaard <[email protected]> Date: Tue Mar 14 23:58:22 2017 +0100 jasper: add upstream security fix Fixes a NULL Pointer Dereference jp2_encode: https://github.com/mdadams/jasper/issues/120 No CVE assigned yet. Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 76da579431a78875afeaeda76e459aca69e85d36) Signed-off-by: Peter Korsgaard <[email protected]> commit 607c2635ca1f48f3aacb84404a4cd0ee49215827 Author: Peter Korsgaard <[email protected]> Date: Tue Mar 14 23:58:21 2017 +0100 jasper: add upstream security fix for CVE-2017-6850 Fixes a NULL pointer dereference in jp2_cdef_destroy: https://blogs.gentoo.org/ago/2017/01/25/jasper-null-pointer-dereference-in-jp2_cdef_destroy-jp2_cod-c/ https://github.com/mdadams/jasper/issues/112 Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit a105443b24f7c75b10dab44c2916fc9f2b58363a) Signed-off-by: Peter Korsgaard <[email protected]> commit 1a1ec309d748d1d1cdb4f3b9dbcd7eb08c7b0e93 Author: Fabio Estevam <[email protected]> Date: Wed Mar 15 08:07:38 2017 -0300 linux-headers: bump 4.{4, 9, 10}.x series [Peter: skip 4.10.x] Signed-off-by: Fabio Estevam <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit b3d736b9b6b92b70a9020be470a4cf5f7f012b2e) Signed-off-by: Peter Korsgaard <[email protected]> commit 840969ed617f772c866ea61e27cab97eaaf63eff Author: Vicente Olivert Riera <[email protected]> Date: Mon Mar 13 12:31:20 2017 +0000 rpm: bump version to 4.13.0.1 (security) Security fixes: - Fix several out of bounds reads in the OpenPGP parser - Fix handling of OpenPGP reserved tag (should be rejected) - Fix various crashes from malformed packages with invalid tags Release notes: http://rpm.org/wiki/Releases/4.13.0.1 This patch also switches from GitHub to rpm.org since the last one seems to be more up-to-date. [Peter: use RPM_VERSION_MAJOR as suggested by Jerzy Grzegorek] Signed-off-by: Vicente Olivert Riera <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 7adbcd174a17ff1b74c4b20d94ca4a9e7f396d68) Signed-off-by: Peter Korsgaard <[email protected]> commit fb398d3a4d806399e52c1f970a415cd718133403 Author: Vicente Olivert Riera <[email protected]> Date: Mon Mar 13 11:41:44 2017 +0000 linux-headers: bump 4.{4, 9, 10}.x and 3.12.x series [Peter: skip 4.10.x] Signed-off-by: Vicente Olivert Riera <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit d18cdcebc238706d1bf50460b85ea36eaed83b21) Signed-off-by: Peter Korsgaard <[email protected]> commit 3bf15bfc84f646efbdeead006378265fa56855a9 Author: Matthew Fornero <[email protected]> Date: Mon Mar 13 15:35:02 2017 -0400 libiio: explicitly disable matlab bindings If building on a machine with MATLAB installed, the MATLAB bindings will default to ON, which is not the desired behavior for a cross build. The bindings are designed to be called from within MATLAB, and we are not currently running MATLAB on buildroot-generated targets. This does not preclude the use of the bindings from a host connecting over the network backend (assuming libiio on the host has the bindings enabled). Signed-off-by: Matthew Fornero <[email protected]> Acked-By: Paul Cercueil <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit f358078b3374f3b316551660e89f5c463cb61608) Signed-off-by: Peter Korsgaard <[email protected]> commit 14dc993718941fb0d1194fc2eedcab0b5fe33260 Author: Rahul Bedarkar <[email protected]> Date: Tue Mar 14 19:59:37 2017 +0530 zmqpp: update license Since version 4.1.2, zmqpp is provided under MPLv2. Signed-off-by: Rahul Bedarkar <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 87e9391e69cae06836723dcc5525e07d89c14acb) Signed-off-by: Peter Korsgaard <[email protected]> commit 8ddd530004229e032dda14c64db629b862b27fa3 Author: Bernd Kuhls <[email protected]> Date: Sun Mar 12 12:44:57 2017 +0100 package/mplayer: add optional support for pulseaudio Signed-off-by: Bernd Kuhls <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit a085b7c3139b2c4543530fb0adf0047d8a4c1fd3) Signed-off-by: Peter Korsgaard <[email protected]> commit 9739750396da0af7a449eed9e38e003e0dc2d159 Author: Bernd Kuhls <[email protected]> Date: Sun Mar 12 13:12:03 2017 +0100 package/git: fix pcre support The current code contains some obvious typos. Signed-off-by: Bernd Kuhls <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit d830807794245077e73ee1d3c78eecb8d224dc04) Signed-off-by: Peter Korsgaard <[email protected]> commit 32a9eb6e5abbc1787e0a82756d35aa8fb5b411cb Author: Bernd Kuhls <[email protected]> Date: Sun Mar 12 13:43:14 2017 +0100 package/git: add optional support for gettext git links to libintl if available: $ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/bin/git | grep NEEDED 0x00000001 (NEEDED) Shared library: [libz.so.1] 0x00000001 (NEEDED) Shared library: [libintl.so.8] 0x00000001 (NEEDED) Shared library: [libc.so.0] Signed-off-by: Bernd Kuhls <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit aecab2f29c396a04d24e61479d7fc3f53149448f) Signed-off-by: Peter Korsgaard <[email protected]> commit 894a37c031cce0715d28f5003ccc58db07b1cce9 Author: Bernd Kuhls <[email protected]> Date: Sun Mar 12 15:06:05 2017 +0100 package/python: add optional support for libintl Python links to gettext when available: $ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/python2.7/lib-dynload/_locale.so | grep NEEDED 0x00000001 (NEEDED) Shared library: [libintl.so.8] 0x00000001 (NEEDED) Shared library: [libpython2.7.so.1.0] 0x00000001 (NEEDED) Shared library: [libc.so.0] In comparison the same library compiled without gettext: $ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/python2.7/lib-dynload/_locale.so | grep NEEDED 0x00000001 (NEEDED) Shared library: [libpython2.7.so.1.0] 0x00000001 (NEEDED) Shared library: [libc.so.0] Signed-off-by: Bernd Kuhls <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 70759f5359d6e5f7b868b74399e20d8ea7956769) Signed-off-by: Peter Korsgaard <[email protected]> commit c365c42ef371d948570a2b41b4f87af193a0eab6 Author: Bernd Kuhls <[email protected]> Date: Sat Mar 11 17:32:59 2017 +0100 package/tor: bump version to 0.2.9.10 Signed-off-by: Bernd Kuhls <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 660651491ea2ff8fc82d503a8e28bbd54e8d9131) Signed-off-by: Peter Korsgaard <[email protected]> commit b3442f2fe397bbd33f9ab745ff2601a8994a7153 Author: Yann E. MORIN <[email protected]> Date: Sun Mar 12 10:58:16 2017 +0100 package/nbd: fix utilities locations Currently, the code expects both the client and server to be in /usr/bin, while the client is in /usr/sbin Fix that. Signed-off-by: "Yann E. MORIN" <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 4aabbeb245794862e8434317e885d6d028d23679) Signed-off-by: Peter Korsgaard <[email protected]> commit a3d83660c5352249d8da2bab8520442d13a06cec Author: Peter Seiderer <[email protected]> Date: Fri Mar 10 23:15:47 2017 +0100 qt5base: install libQt5EglFsKmsSupport According to src/plugins/platforms/eglfs/deviceintegration/deviceintegration.pro depends on eglfs_gbm which depends according to src/gui/configure.json on features.eglfs and features.gbm and features.kms, so dependency on BR2_PACKAGE_MESA3D_OPENGL_EGL which enables mesa3d gbm support should be sufficient. Signed-off-by: Peter Seiderer <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 5efe07f9af53c0cf0795d316cb84d58e530a9619) Signed-off-by: Peter Korsgaard <[email protected]> commit 91bb73cb5a5a6764054a6f07eae1b6da12ed4086 Author: Peter Seiderer <[email protected]> Date: Fri Mar 10 23:15:46 2017 +0100 qt5base: fix eglfs x11 header related compile failure Add egl config and QT_EGL_NO_X11 define (as all other eglfs project files do) to src/plugins/platforms/eglfs/eglfs-plugin.pro. Fixes ([1]): In file included from .../host/usr/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/EGL/egl.h:39:0, from ../../../../include/QtEglSupport/5.8.0/QtEglSupport/private/../../../../../src/platformsupport/eglconvenience/qt_egl_p.h:63, from ../../../../include/QtEglSupport/5.8.0/QtEglSupport/private/qt_egl_p.h:1, from api/qeglfsglobal_p.h:56, from api/qeglfsintegration_p.h:54, from qeglfsmain.cpp:41: .../host/usr/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/EGL/eglplatform.h:119:22: fatal error: X11/Xlib.h: No such file or directory compilation terminated. Makefile.eglfs-plugin:1024: recipe for target '.obj/qeglfsmain.o' failed make[2]: *** [.obj/qeglfsmain.o] Error 1 make[2]: Leaving directory '.../qt5base-5.8.0/src/plugins/platforms/eglfs' Makefile:71: recipe for target 'sub-eglfs-plugin-pro-make_first-ordered' failed make[1]: *** [sub-eglfs-plugin-pro-make_first-ordered] Error 2 [1] http://lists.busybox.net/pipermail/buildroot/2017-March/186158.html Signed-off-by: Peter Seiderer <[email protected]> Acked-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 5840e8bd505cef8846ed4f8fc769f306165ee174) Signed-off-by: Peter Korsgaard <[email protected]> commit 2e1b15a6fba60f077fad070738801b592c794038 Author: Fabrice Fontaine <[email protected]> Date: Mon Feb 13 18:24:51 2017 +0100 domoticz: fix build on powerpc64le There is an issue with powerpc64le and boost::uuids::random_generator on the following line of code (from include/boost/uuid/seed_rng.hpp): sha.process_bytes( (unsigned char const*)&std::rand, sizeof( void(*)() ) ) This line "inspects the first couple bytes (here eight) of the std::rand function to seed some rng. Due to the implementation of process_bytes and inlining happening, it seems that one of the loops therein uses &rand-1 as some boundary, compiling with -O0 makes that reloc come out as 'rand + 0' and the link will succeed." See: https://bugzilla.suse.com/show_bug.cgi?id=955832#c7 Fixes: - http://autobuild.buildroot.org/results/454c0ea393615bae2d1b44be9920f25b5c49fc33 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 00d2a3da72455213b87069af475173060750d50d) Signed-off-by: Peter Korsgaard <[email protected]> commit f63fab1bae878509a79219ebff634af208daab0b Author: Vicente Olivert Riera <[email protected]> Date: Fri Mar 10 17:06:18 2017 +0000 imagemagick: bump version to 7.0.5-0 (security) - Fixed memory leak when creating nested exceptions in Magick++ https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634 - Fixed fd leak for webp coder https://github.com/ImageMagick/ImageMagick/pull/382 - Fixed Spurious memory allocation message https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438 Full changelog: http://imagemagick.org/script/changelog.php Signed-off-by: Vicente Olivert Riera <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit d6cc5462535acf954abccd585efc3a07623cc416) Signed-off-by: Peter Korsgaard <[email protected]> commit 8d36b6d034ea07c9dbddd4f407f34f1d2d01ccd8 Author: Yann E. MORIN <[email protected]> Date: Tue Mar 7 22:16:28 2017 +0100 package/rpi-userland: don't install file in random location Currently, rpi-userland installs files in $(@D)/../../bin/ which is entirely stupid, especially in cross-compilation. Get rid of the dubious, broken, custom install command. Signed-off-by: "Yann E. MORIN" <[email protected]> Tested-by: Peter Seiderer <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit ffa39b23f7ece3a3d9ea914c2e385ce222bdf921) Signed-off-by: Peter Korsgaard <[email protected]> commit de33cffb6631ec116679fbd6352aef5cf912df65 Author: Romain Naour <[email protected]> Date: Sat Mar 11 22:26:45 2017 +0100 package/gdb: fix gnulib issue with musl and uClibc toolchains again The commit [1] doesn't fix this issue for all cases (it doesn't work when BR2_PACKAGE_GDB_DEBUGGER=y). So, leave the configure script alone and override gl_cv_func_gettimeofday_clobber from GDB_MAKE_ENV. [1] 560334bb2a46a77081a3944d092df7732dfca432 Fixes: http://autobuild.buildroot.net/results/719/719a441421030b79c0aa1bbfb707130f3ac87338 Signed-off-by: Romain Naour <[email protected]> Cc: Thomas Petazzoni <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit faf38b78aee613a732f96d5022a2894efd024a25) Signed-off-by: Peter Korsgaard <[email protected]> commit 34345f1b033e338b1933381a992d9f92f4fe9ae5 Author: Julien BOIBESSOT <julien.boibesso…
- Loading branch information