exim: security bump to version 4.86.2Fixes:
CVE-2016-1531 - All installations having Exim set-uid root and using
'perl_startup' are vulnerable to a local privilege escalation. Any user
who can start an instance of Exim (and this is normally *any* user) can
gain root privileges. If you do not use 'perl_startup' you *should* be
safe.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@kor...
cpio: add security patch to fix CVE-2016-2037Fixes:
CVE-2016-2037 - The cpio_safer_name_suffix function in util.c in cpio
2.11 allows remote attackers to cause a denial of service (out-of-bounds
write) via a crafted cpio file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
python-cryptography: bump to version 1.2.3Is now compatible with openssl 1.0.2g+ hence fixes:
http://autobuild.buildroot.net/results/5fc/5fc28bafa3cd7171ce6343d21f65af090536f443/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
attr: disable gettext for host variantOtherwise it leads to build failure and we don't need it. Fixes:
http://autobuild.buildroot.net/results/59e/59e7e1db122523b292d34405df6dca9faa616da2/
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
graphite2: bump to version 1.3.6Also change SOURCE since the tarball got renamed with the bump.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/kodi-screensaver/visualisation-*: mass version bump, add hashesSigned-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/kodi-pvr-*: mass version bump, add hashesSigned-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/kodi-audio??coder-*: mass version bump, add hashesThis patch bumps all audio-en- and decoder addons.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
nvme: fix legal-infoFixes:
http://autobuild.buildroot.net/results/441/441afa17dfd6f259642526850d92f1c9965d8353/
The license file is called LICENSE, not COPYING.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
x265: depends on BR2_TOOLCHAIN_HAS_SYNC_4It uses __sync_fetch_and_add_4() and other 32-bit atomics, fixes:
http://autobuild.buildroot.net/results/6cf/6cf4cdfdcd00f92176fd8a901884a3fd0c784f24/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
webkitgtk24: fix gstreamer dependencyFixes:
http://autobuild.buildroot.net/results/a28/a280f23cc29f77ab440edbda05b4e58d6f4856e7/
The .mk file was checking for gst1-plugins-base but then adding
gst1-plugins-good to dependencies.
According to Source/autotools/FindDependencies.m4, the video and web audio
options need the .pc files provided by gst1-plugins-base, so use that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
avahi: move libdns_sd compat hook definition inside conditional blockAs directed in the buildroot manual, "Optional hooks: keep hook
definition and assignment together in one if block". And also
to be consistent with the rest of avahi.mk.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
slang: fix static link with readlineslang forgets to link with ncurses that is a dependency of readline when
linking the slsh binary. Correct this.
While at it, also make sure to use staging ncurses5-config script and not the
host one. slang uses ncurses5-config to find terminfo location, and only
staging ncurses5-config provides the correct run-time location.
Fixes:
http://autobuild.buildroot.net/results/1dc/1dc52048254c32a240...
heirloom-mailx: disable SSLv2 supportNow that openssl has dropped SSLv2 support from the latest security bump
we need to patch it out here as well. Fixes:
http://autobuild.buildroot.net/results/dab/dab1629cfcb5cb33706d0c762dba57baa43299a5/
Patch status: debian upstream.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
tn5250: don't reference SSLv2/v3 functions if openssl is built without themFixes:
http://autobuild.buildroot.net/results/83e/83e29482cad6adef18a0e97bc8e75df302467dbb/
The recent openssl security bump disabled SSLv2 support, but tn5250 was
still referencing SSLv2 functions breaking the build.
Include a patch from OpenBSD to only reference the SSLv2 / SSLv3 symbols if
openssl is built with support for them.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
python-m2crypto: don't reference SSLv2 functions if openssl is built without SSLv2 supportFixes:
http://autobuild.buildroot.net/results/018/0183ba8c9fccc87f9e72279c49c2fdc1a9fcb556/
The recent openssl security bump disabled SSLv2 support, but python-m2crypto
was still referencing SSLv2 functions causing undefined symbols when the
module was imported. Backport an upstream patch to only reference these
symbols if openssl is built with SSLv2 support.
Signed-off-by: Peter Korsgaard <...
imx-gpu-viv: fix build dependencies when linking against libGAL.soPackages like QT5 Base with OpenGL and X support link against libGAL.so
at build time. This results in an error because some X functions used
in libGAL.so aren't referenced as the libXdamage, libXext and libXfixes
packages aren't built and installed into sysroot at the time. Fix this
by adding these three packages as build dependencies of imx-gpu-viv.
Signed-off-by: Antoine Tenart <antoine.ten...
radvd: bump to version 2.12musl build patch is upstream so it's no longer necessary.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
zsh: use the correct target pcre-configzsh configure script mis-detects the location of pcre-config, and may use that
of host-pcre or that of the host instead of the target. Make configure use the
correct pcre-config.
Thanks to Thomas Petazzoni for pointing me at the right direction.
Fixes:
http://autobuild.buildroot.net/results/b12/b12aadf3016dab0941cae780fa9ee7bf9be8fcda/
http://autobuild.buildroot.net/results/8e8/8e8b12dbca4ef8...
docs/manual: add section about patch licensingUse the same text that is used in COPYING.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Steve Calfee <stevecalfee@gmail.com>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-ele...
sox: disable SSP when using MIPS Codescape toolchainsMIPS Codescape toolchains don't support stack-smashing protection
despite of using glibc, therefore we see failures like this one:
mips-img-linux-gnu/bin/ld: cannot find -lssp
Fixes:
http://autobuild.buildroot.net/results/957/95721f7b88c46a20202fb02e408817097df965c3/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libfcgi:add security patch for CVE-2012-6687Fix-CVE-2012-6687 - remote attackers cause a denial of service (crash)
via a large number of connections (http://www.cvedetails.com/cve/CVE-2012-6687/).
use poll in os_unix.c instead of select to avoid problem with > 1024 connections.
The patch libfcgi_2.4.0-8.3.debian.tar.xz is taken from the below link:
(https://launchpad.net/ubuntu/+source/libfcgi/2.4.0-8.3)
The next release of libfcgi is 2....
package/kodi: Remove dependency for BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 from sub packagesKodi itself already depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7, there is
no need to duplicate this as reverse dependencies in sub options which
depend on Kodi.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/kodi: Remove dependency for BR2_STATIC_LIBS from sub packagesKodi itself already depends on !BR2_STATIC_LIBS, there is no need to
duplicate this as reverse dependencies in sub options which depend on
Kodi.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/kodi: reorder select/depends>From [1]:
"Even though the ordering has absolutely no consequences in Kconfig, it
is not logical (when reading). It is more logical and far easier to
understand when depends come first, followed by the selects."
Also, the Config.in example in the manual suggests to use this coding
style [2].
[1] http://lists.busybox.net/pipermail/buildroot/2015-October/142955.html
[2] http://buildroot.uclibc...
package/kodi: not available using a musl-based toolchainThe build stops with
configure: error: unsupported host (i586-buildroot-linux-musl)
due to musl not being supported in
https://github.com/xbmc/xbmc/blob/Isengard/m4/xbmc_arch.m4
Removing this obstacle will show that musl is really not being
supported, the build will fail:
In file included from emu_msvcrt.cpp:64:0:
emu_msvcrt.h:93:3: error: ‘__off64_t’ does not name a type
__off64_t dll_lse...
package/kodi: enable samba support with uClibc toolchainSigned-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/kodi: bump version to 16.0-JarvisAdd two new hard dependencies:
- libdcadec
https://github.com/xbmc/xbmc/commit/0997117a659a09e7b1c5bcb110f3526ea16698be
- libcrossguid
https://github.com/xbmc/xbmc/commit/6f8171f53992fc2eaabf71f6fa47ebed1da0d43d
Kodi moved to C++11 so we need gcc >= 4.7:
https://github.com/xbmc/xbmc/pull/6412
wavpack support was removed in favour of ffmpeg:
https://github.com/xbmc/xbmc/commit/7916902c9e6f7a...
Gustavo Zacarias
Gustavo Zacarias
Bernd Kuhls
Peter Korsgaard
Danomi Manchego
Baruch Siach
Antoine Ténart
Sergio Prado
Luca Ceresoli
Vicente Olivert Riera
niranjan.reddy
Thomas Petazzoni