* [Buildroot] [git commit] icu: add upstream security fix for utf-8 handling
From: Peter Korsgaard @ 2017-04-27 12:12 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=0135204868e4888cf162755a90087b10b40093ed
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes:
CVE-2017-7867 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_setNativeIndex* function.
CVE-2017-7868 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_moveIndex32* function.
Upstream: http://bugs.icu-project.org/trac/changeset/39671
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...-utext-problems-with-handling-of-bad-utf8.patch | 173 +++++++++++++++++++++
1 file changed, 173 insertions(+)
diff --git a/package/icu/0006-utext-problems-with-handling-of-bad-utf8.patch b/package/icu/0006-utext-problems-with-handling-of-bad-utf8.patch
new file mode 100644
index 0000000..a4e51ae
--- /dev/null
+++ b/package/icu/0006-utext-problems-with-handling-of-bad-utf8.patch
@@ -0,0 +1,173 @@
+ticket:12888 UText, problems with handling of bad UTF-8
+
+Fixes:
+
+CVE-2017-7867 - International Components for Unicode (ICU) for C/C++ before
+2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
+related to the utf8TextAccess function in common/utext.cpp and the
+utext_setNativeIndex* function.
+
+CVE-2017-7868 - International Components for Unicode (ICU) for C/C++ before
+2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
+related to the utf8TextAccess function in common/utext.cpp and the
+utext_moveIndex32* function.
+
+Upstream: http://bugs.icu-project.org/trac/changeset/39671
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+
+Index: /trunk/icu4c/source/common/utext.cpp
+===================================================================
+--- icu4c/source/common/utext.cpp (revision 39670)
++++ icu4c/source/common/utext.cpp (revision 39671)
+@@ -848,7 +848,13 @@
+
+ // Chunk size.
+-// Must be less than 85, because of byte mapping from UChar indexes to native indexes.
+-// Worst case is three native bytes to one UChar. (Supplemenaries are 4 native bytes
+-// to two UChars.)
++// Must be less than 42 (256/6), because of byte mapping from UChar indexes to native indexes.
++// Worst case there are six UTF-8 bytes per UChar.
++// obsolete 6 byte form fd + 5 trails maps to fffd
++// obsolete 5 byte form fc + 4 trails maps to fffd
++// non-shortest 4 byte forms maps to fffd
++// normal supplementaries map to a pair of utf-16, two utf8 bytes per utf-16 unit
++// mapToUChars array size must allow for the worst case, 6.
++// This could be brought down to 4, by treating fd and fc as pure illegal,
++// rather than obsolete lead bytes. But that is not compatible with the utf-8 access macros.
+ //
+ enum { UTF8_TEXT_CHUNK_SIZE=32 };
+@@ -890,5 +896,5 @@
+ // one for a supplementary starting in the last normal position,
+ // and one for an entry for the buffer limit position.
+- uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*3+6]; // Map native offset from bufNativeStart to
++ uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*6+6]; // Map native offset from bufNativeStart to
+ // correspoding offset in filled part of buf.
+ int32_t align;
+@@ -1033,4 +1039,5 @@
+ u8b = (UTF8Buf *)ut->p; // the current buffer
+ mapIndex = ix - u8b->toUCharsMapStart;
++ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars));
+ ut->chunkOffset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx;
+ return TRUE;
+@@ -1299,4 +1306,8 @@
+ // If index is at the end, there is no character there to look at.
+ if (ix != ut->b) {
++ // Note: this function will only move the index back if it is on a trail byte
++ // and there is a preceding lead byte and the sequence from the lead
++ // through this trail could be part of a valid UTF-8 sequence
++ // Otherwise the index remains unchanged.
+ U8_SET_CP_START(s8, 0, ix);
+ }
+@@ -1312,5 +1323,8 @@
+ uint8_t *mapToNative = u8b->mapToNative;
+ uint8_t *mapToUChars = u8b->mapToUChars;
+- int32_t toUCharsMapStart = ix - (UTF8_TEXT_CHUNK_SIZE*3 + 1);
++ int32_t toUCharsMapStart = ix - sizeof(UTF8Buf::mapToUChars) + 1;
++ // Note that toUCharsMapStart can be negative. Happens when the remaining
++ // text from current position to the beginning is less than the buffer size.
++ // + 1 because mapToUChars must have a slot at the end for the bufNativeLimit entry.
+ int32_t destIx = UTF8_TEXT_CHUNK_SIZE+2; // Start in the overflow region
+ // at end of buffer to leave room
+@@ -1339,4 +1353,5 @@
+ // Special case ASCII range for speed.
+ buf[destIx] = (UChar)c;
++ U_ASSERT(toUCharsMapStart <= srcIx);
+ mapToUChars[srcIx - toUCharsMapStart] = (uint8_t)destIx;
+ mapToNative[destIx] = (uint8_t)(srcIx - toUCharsMapStart);
+@@ -1368,4 +1383,5 @@
+ mapToUChars[sIx-- - toUCharsMapStart] = (uint8_t)destIx;
+ } while (sIx >= srcIx);
++ U_ASSERT(toUCharsMapStart <= (srcIx+1));
+
+ // Set native indexing limit to be the current position.
+@@ -1542,4 +1558,5 @@
+ U_ASSERT(index<=ut->chunkNativeLimit);
+ int32_t mapIndex = index - u8b->toUCharsMapStart;
++ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars));
+ int32_t offset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx;
+ U_ASSERT(offset>=0 && offset<=ut->chunkLength);
+Index: /trunk/icu4c/source/test/intltest/utxttest.cpp
+===================================================================
+--- icu4c/source/test/intltest/utxttest.cpp (revision 39670)
++++ icu4c/source/test/intltest/utxttest.cpp (revision 39671)
+@@ -68,4 +68,6 @@
+ case 7: name = "Ticket12130";
+ if (exec) Ticket12130(); break;
++ case 8: name = "Ticket12888";
++ if (exec) Ticket12888(); break;
+ default: name = ""; break;
+ }
+@@ -1584,2 +1586,62 @@
+ utext_close(&ut);
+ }
++
++// Ticket 12888: bad handling of illegal utf-8 containing many instances of the archaic, now illegal,
++// six byte utf-8 forms. Original implementation had an assumption that
++// there would be at most three utf-8 bytes per UTF-16 code unit.
++// The five and six byte sequences map to a single replacement character.
++
++void UTextTest::Ticket12888() {
++ const char *badString =
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80";
++
++ UErrorCode status = U_ZERO_ERROR;
++ LocalUTextPointer ut(utext_openUTF8(NULL, badString, -1, &status));
++ TEST_SUCCESS(status);
++ for (;;) {
++ UChar32 c = utext_next32(ut.getAlias());
++ if (c == U_SENTINEL) {
++ break;
++ }
++ }
++ int32_t endIdx = utext_getNativeIndex(ut.getAlias());
++ if (endIdx != (int32_t)strlen(badString)) {
++ errln("%s:%d expected=%d, actual=%d", __FILE__, __LINE__, strlen(badString), endIdx);
++ return;
++ }
++
++ for (int32_t prevIndex = endIdx; prevIndex>0;) {
++ UChar32 c = utext_previous32(ut.getAlias());
++ int32_t currentIndex = utext_getNativeIndex(ut.getAlias());
++ if (c != 0xfffd) {
++ errln("%s:%d (expected, actual, index) = (%d, %d, %d)\n",
++ __FILE__, __LINE__, 0xfffd, c, currentIndex);
++ break;
++ }
++ if (currentIndex != prevIndex - 6) {
++ errln("%s:%d: wrong index. Expected, actual = %d, %d",
++ __FILE__, __LINE__, prevIndex - 6, currentIndex);
++ break;
++ }
++ prevIndex = currentIndex;
++ }
++}
+Index: /trunk/icu4c/source/test/intltest/utxttest.h
+===================================================================
+--- icu4c/source/test/intltest/utxttest.h (revision 39670)
++++ icu4c/source/test/intltest/utxttest.h (revision 39671)
+@@ -39,4 +39,5 @@
+ void Ticket10983();
+ void Ticket12130();
++ void Ticket12888();
+
+ private:
^ permalink raw reply related
* [Buildroot] [PATCH 1/1] package/libqmi: bump version to 1.18.0
From: Peter Korsgaard @ 2017-04-27 11:44 UTC (permalink / raw)
To: buildroot
In-Reply-To: <CANQCQpY=4Ag39u3YDetPzq8VNr5sqcmXhjZhMr69P3sRFvxhQw@mail.gmail.com>
>>>>> "Matthew" == Matthew Weber <matthew.weber@rockwellcollins.com> writes:
Hi,
>> > -# we don't want -Werror
>> > -LIBQMI_CONF_OPTS = --enable-more-warnings=no
>> > +# we don't want -Werror and disable gudev Gobject bindings
>>
>> Why? It would be good to describe why we don't want udev support.
> Sure, should I add more to the comment in the file or patch submission
> that the gudev package currently isn't part of buildroot to provide
> the Gobject bindings between libqmi and eudev?
Just adding it in the patch description is fine, thanks!
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [PATCH] aircrack-ng: don't build SSE code for non SSE target
From: Baruch Siach @ 2017-04-27 11:30 UTC (permalink / raw)
To: buildroot
Fixes:
http://autobuild.buildroot.net/results/763/7631470016f923e8f4a7696e65437c71b8668b6e/
http://autobuild.buildroot.net/results/621/621588651b5cf54726bbf5361399a2dc301b8a29/
http://autobuild.buildroot.net/results/628/628a66ef766308fba699f1faa942306e600e5575/
Cc: Laurent Cans <laurent.cans@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/aircrack-ng/aircrack-ng.mk | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/package/aircrack-ng/aircrack-ng.mk b/package/aircrack-ng/aircrack-ng.mk
index b728624003c1..6b384c072003 100644
--- a/package/aircrack-ng/aircrack-ng.mk
+++ b/package/aircrack-ng/aircrack-ng.mk
@@ -53,6 +53,12 @@ else
AIRCRACK_NG_MAKE_OPTS += sqlite=false
endif
+ifeq ($(BR2_X86_CPU_HAS_SSE),y)
+AIRCRACK_NG_MAKE_OPTS += NEWSSE=true
+else
+AIRCRACK_NG_MAKE_OPTS += NEWSSE=false
+endif
+
define AIRCRACK_NG_BUILD_CMDS
$(TARGET_CONFIGURE_OPTS) LDFLAGS="$(AIRCRACK_NG_LDFLAGS)" \
$(MAKE) -C $(@D) $(AIRCRACK_NG_MAKE_OPTS)
--
2.11.0
^ permalink raw reply related
* [Buildroot] [PATCH 1/1] package/libqmi: bump version to 1.18.0
From: Matthew Weber @ 2017-04-27 11:18 UTC (permalink / raw)
To: buildroot
In-Reply-To: <871ssemfh8.fsf@dell.be.48ers.dk>
Peter,
On Thu, Apr 27, 2017 at 3:17 AM, Peter Korsgaard <peter@korsgaard.com> wrote:
>>>>>> "Matt" == Matt Weber <matthew.weber@rockwellcollins.com> writes:
>
> > Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
> > ---
> > package/libqmi/libqmi.hash | 2 +-
> > package/libqmi/libqmi.mk | 6 +++---
> > 2 files changed, 4 insertions(+), 4 deletions(-)
>
> > diff --git a/package/libqmi/libqmi.hash b/package/libqmi/libqmi.hash
> > index 08da1ae..3f40154 100644
> > --- a/package/libqmi/libqmi.hash
> > +++ b/package/libqmi/libqmi.hash
> > @@ -1,2 +1,2 @@
> > # Locally computed:
> > -sha256 7ab6bb47fd23bf4d3fa17424e40ea5552d08b19e5ee4f125f21f316c8086ba2a libqmi-1.16.0.tar.xz
> > +sha256 a0a42c55935e75a630208e2f70840bd4407f56fe1c5258f5b0f6c0aaedf88cec libqmi-1.18.0.tar.xz
> > diff --git a/package/libqmi/libqmi.mk b/package/libqmi/libqmi.mk
> > index caa4398..92b635d 100644
> > --- a/package/libqmi/libqmi.mk
> > +++ b/package/libqmi/libqmi.mk
> > @@ -4,7 +4,7 @@
> > #
> > ################################################################################
>
> > -LIBQMI_VERSION = 1.16.0
> > +LIBQMI_VERSION = 1.18.0
> > LIBQMI_SITE = http://www.freedesktop.org/software/libqmi
> > LIBQMI_SOURCE = libqmi-$(LIBQMI_VERSION).tar.xz
> > LIBQMI_LICENSE = LGPL-2.0+ (library), GPL-2.0+ (programs)
> > @@ -13,7 +13,7 @@ LIBQMI_INSTALL_STAGING = YES
>
> > LIBQMI_DEPENDENCIES = libglib2
>
> > -# we don't want -Werror
> > -LIBQMI_CONF_OPTS = --enable-more-warnings=no
> > +# we don't want -Werror and disable gudev Gobject bindings
>
> Why? It would be good to describe why we don't want udev support.
Sure, should I add more to the comment in the file or patch submission
that the gudev package currently isn't part of buildroot to provide
the Gobject bindings between libqmi and eudev?
Matt
^ permalink raw reply
* [Buildroot] [PATCH] libnl: add upstream security fix
From: Baruch Siach @ 2017-04-27 10:50 UTC (permalink / raw)
To: buildroot
CVE-2017-0553: An elevation of privilege vulnerability in libnl could enable a
local malicious application to execute arbitrary code within the context of
the Wi-Fi service
https://www.mail-archive.com/debian-bugs-dist at lists.debian.org/msg1511855.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/libnl/libnl.hash | 1 +
package/libnl/libnl.mk | 2 ++
2 files changed, 3 insertions(+)
diff --git a/package/libnl/libnl.hash b/package/libnl/libnl.hash
index 9761a9580cc9..f357927ef773 100644
--- a/package/libnl/libnl.hash
+++ b/package/libnl/libnl.hash
@@ -1,2 +1,3 @@
# From https://github.com/thom311/libnl/releases/download/libnl3_2_29/libnl-3.2.29.tar.gz.sha256sum
sha256 0beb593dc6abfffa18a5c787b27884979c1b7e7f1fd468c801e3cc938a685922 libnl-3.2.29.tar.gz
+sha256 b7bb929194eefc56c786a7e1ae5176b54713f9013ccec63760f232742ae80361 3e18948f17148e6a3c4255bdeaaf01ef6081ceeb.patch
diff --git a/package/libnl/libnl.mk b/package/libnl/libnl.mk
index 6de6825ca3bf..8226f87487d1 100644
--- a/package/libnl/libnl.mk
+++ b/package/libnl/libnl.mk
@@ -13,6 +13,8 @@ LIBNL_DEPENDENCIES = host-bison host-flex host-pkgconf
# Patching configure.ac
LIBNL_AUTORECONF = YES
+LIBNL_PATCH = https://github.com/thom311/libnl/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb.patch
+
ifeq ($(BR2_PACKAGE_LIBNL_TOOLS),y)
LIBNL_CONF_OPTS += --enable-cli
else
--
2.11.0
^ permalink raw reply related
* [Buildroot] [RFC PATCH v3 00/10] Make the SDK relocatable
From: Wolfgang Grandegger @ 2017-04-27 9:37 UTC (permalink / raw)
To: buildroot
In-Reply-To: <6799ad7b-a16e-d89e-eb73-d7d91880d341@mind.be>
Hello Arnout,
Am 12.04.2017 um 15:59 schrieb Arnout Vandecappelle:
>
>
> On 23-03-17 08:54, Wolfgang Grandegger wrote:
>> Hello,
>>
>> this is v3 of my RFC patch series to make the buildroot SDK (HOST_DIR)
>> relocatable. It sanitizes the RPATH of all ELF files in the "target"
>> and "host" tree using "patchelf --make-rpath-relative". I have started
>> the mainlining process implementing "--make-rpath-relative" using
>> GitHub pull request [1]... till now, no answer!
>>
>> Furthermore this patch creates the script "relocate-sdk.sh" in the top
>> directory of the "host" tree allowing to relocate the SDK after it has
>> been moved to a new location. It replaces the old path with the new
>> one in all text files identified by "file --mime-type". The location
>> is stored in "usr/share/buildroot/sdk-location".
>>
>> Unfortunately, "qmake" uses hard-coded pathes compiled into the QT5
>> libraries. To overcome this problem, "qt5pase" now creates "qt.conf".
>>
>> Other Questions:
>>
>> - Why do we want relative RPATHs starting with "$ORIGIN" also for ELF
>> files in the target tree. "/lib" and "/usr/lib" have been removed
>> already.
>
> Good point, I don't think we want that... Neither for the ones in staging, I
> suppose. The RPATHs there should all be absolute paths which should be
> interpreted relative to $(TARGET_DIR) resp. $(STAGING_DIR).
Could be done, no problem. Just requires some further modifications to
patchelf. BTW, so far I have not received any response to my related
Github pull request... like many others:
https://github.com/NixOS/patchelf/pulls
The project seems not really to be maintained... or I use the wrong
channel. In principle we could maintain your own version.
> I'm not entirely sure about staging, whether ld will use RPATH as an
> alternative to -L and in that case whether it is done relative to sysroot or not.
So far, the patch series works for me very well. Just my usecase, of course.
>> Things not yet addressed:
>>
>> - "make toolchain" creates a toolchain tree which still has references
>> to the build system (in ELF and text files).
>
> A solution to this (and other problems) is to use the same approach as
> check-bin-arch: do it as an instrumentation hook for each package, and only look
> at the files added by that package. That way, the overhead is spread out over
> the entire build process, and doing rebuilds doesn't run patchelf on all files
> anymore in the finalize step.
This is just to solve the issue mentioned above or a general approach
(instead of doning rtpath sanitation at the end)?
How should I go ahead to get this patch series accepted sooner than
later? We could make the option configurable, for example, to reduce the
risk of breaking something.
Wolfgang.
^ permalink raw reply
* [Buildroot] [git commit] tslib: speed up the build by skipping autoreconf
From: Peter Korsgaard @ 2017-04-27 9:30 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=4d9774812997dd51f39fc23855c8bc270bd254be
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
We are not carrying any patches modifying auto* files, so autoreconf isn't
needed.
[Peter: extend commit message]
Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/tslib/tslib.mk | 1 -
1 file changed, 1 deletion(-)
diff --git a/package/tslib/tslib.mk b/package/tslib/tslib.mk
index e0f307a..27d960d 100644
--- a/package/tslib/tslib.mk
+++ b/package/tslib/tslib.mk
@@ -10,7 +10,6 @@ TSLIB_SOURCE = tslib-$(TSLIB_VERSION).tar.xz
TSLIB_LICENSE = GPL, LGPL
TSLIB_LICENSE_FILES = COPYING
-TSLIB_AUTORECONF = YES
TSLIB_INSTALL_STAGING = YES
TSLIB_INSTALL_STAGING_OPTS = DESTDIR=$(STAGING_DIR) LDFLAGS=-L$(STAGING_DIR)/usr/lib install
^ permalink raw reply related
* [Buildroot] [PATCH] tslib: speed up the build by skipping autoreconf
From: Peter Korsgaard @ 2017-04-27 9:30 UTC (permalink / raw)
To: buildroot
In-Reply-To: <1493284513-7365-1-git-send-email-martin.kepplinger@ginzinger.com>
>>>>> "Martin" == Martin Kepplinger <martin.kepplinger@ginzinger.com> writes:
> Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
> ---
> hi,
> this is more of a question what buildroot's stand is on this. Can there be
> benefit from doing autoreconf in a real tarball release? In case there is
> no patch against the relevant build sources, I guess not, but you'll know
> better.
Committed, thanks.
In Buildroot we only do autoreconf if it is needed, E.G. if we have a
patch modifying one of the auto* files (configure.ac, Makefile.am,
..). Apparently the AUTORECONF = YES line was not removed from tslib.mk
when such patches were removed in a version bump.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [PATCH] libmpeg2: fix sparc32 build
From: Thomas Petazzoni @ 2017-04-27 9:22 UTC (permalink / raw)
To: buildroot
In-Reply-To: <87o9viky89.fsf@dell.be.48ers.dk>
Hello,
On Thu, 27 Apr 2017 11:15:34 +0200, Peter Korsgaard wrote:
> > I am not sure this is the completely correct solution, and Arnout
> > proposed another solution, see:
>
> > https://patchwork.ozlabs.org/patch/749138/
> > https://patchwork.ozlabs.org/patch/749137/
>
> > The second patch has the explanation why Waldemar patch is not really
> > correct.
>
> Ok. Can I take this as an acked-by for the check-bin-arch / pkg-generic
> changes then? ;)
I haven't reviewed the implementation details, but on the general
principles, yes, I'm OK. It's a bit annoying to extend the package
infrastructure for such a specific case, but I don't really see a
better solution here, except hacking libmpeg2 to remove the runtime
detection logic.
On the other hand, do we care enough about libmpeg2 on SPARC to extend
the package infrastructure just for this purpose? In the end, even if
Waldemar's solution is not "correct", it avoids the need to extend the
package infrastructure just for a purpose of a single package that will
most likely never ever be used on SPARC.
Arnout, what do you think?
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply
* [Buildroot] [PATCH] libmpeg2: fix sparc32 build
From: Peter Korsgaard @ 2017-04-27 9:15 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170427102645.523f96c1@free-electrons.com>
>>>>> "\Thomas" == Thomas Petazzoni <thomas.petazzoni@free-electrons.com> writes:
> Hello,
> On Thu, 27 Apr 2017 07:36:09 +0200, Waldemar Brodkorb wrote:
>> +- sparc-* | sparc64-*)
>> ++ sparc64-*)
>> + AC_DEFINE([ARCH_SPARC],,[sparc architecture])
>> + TRY_CFLAGS="$OPT_CFLAGS -mcpu=ultrasparc -mvis"
>> + AC_TRY_CFLAGS([$TRY_CFLAGS $CFLAGS],[OPT_CFLAGS="$TRY_CFLAGS"]);;
> I am not sure this is the completely correct solution, and Arnout
> proposed another solution, see:
> https://patchwork.ozlabs.org/patch/749138/
> https://patchwork.ozlabs.org/patch/749137/
> The second patch has the explanation why Waldemar patch is not really
> correct.
Ok. Can I take this as an acked-by for the check-bin-arch / pkg-generic
changes then? ;)
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [PATCH] tslib: speed up the build by skipping autoreconf
From: Martin Kepplinger @ 2017-04-27 9:15 UTC (permalink / raw)
To: buildroot
Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
---
hi,
this is more of a question what buildroot's stand is on this. Can there be
benefit from doing autoreconf in a real tarball release? In case there is
no patch against the relevant build sources, I guess not, but you'll know
better.
thanks
martin
package/tslib/tslib.mk | 1 -
1 file changed, 1 deletion(-)
diff --git a/package/tslib/tslib.mk b/package/tslib/tslib.mk
index e0f307a..27d960d 100644
--- a/package/tslib/tslib.mk
+++ b/package/tslib/tslib.mk
@@ -10,7 +10,6 @@ TSLIB_SOURCE = tslib-$(TSLIB_VERSION).tar.xz
TSLIB_LICENSE = GPL, LGPL
TSLIB_LICENSE_FILES = COPYING
-TSLIB_AUTORECONF = YES
TSLIB_INSTALL_STAGING = YES
TSLIB_INSTALL_STAGING_OPTS = DESTDIR=$(STAGING_DIR) LDFLAGS=-L$(STAGING_DIR)/usr/lib install
--
2.1.4
^ permalink raw reply related
* [Buildroot] [PATCH] libmpeg2: fix sparc32 build
From: Thomas Petazzoni @ 2017-04-27 8:26 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170427053609.GA20301@waldemar-brodkorb.de>
Hello,
On Thu, 27 Apr 2017 07:36:09 +0200, Waldemar Brodkorb wrote:
> +- sparc-* | sparc64-*)
> ++ sparc64-*)
> + AC_DEFINE([ARCH_SPARC],,[sparc architecture])
> + TRY_CFLAGS="$OPT_CFLAGS -mcpu=ultrasparc -mvis"
> + AC_TRY_CFLAGS([$TRY_CFLAGS $CFLAGS],[OPT_CFLAGS="$TRY_CFLAGS"]);;
I am not sure this is the completely correct solution, and Arnout
proposed another solution, see:
https://patchwork.ozlabs.org/patch/749138/
https://patchwork.ozlabs.org/patch/749137/
The second patch has the explanation why Waldemar patch is not really
correct.
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply
* [Buildroot] [PATCH 1/1] tovid: bump version to 0.35.2
From: Peter Korsgaard @ 2017-04-27 8:19 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170427052921.3343-1-skenton@ou.edu>
>>>>> "Steve" == Steve Kenton <skenton@ou.edu> writes:
> Signed-off-by: Steve Kenton <skenton@ou.edu>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [git commit] tovid: bump version to 0.35.2
From: Peter Korsgaard @ 2017-04-27 8:19 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=3046f64c6a341165a3108900fc978579af6959f3
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Signed-off-by: Steve Kenton <skenton@ou.edu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/tovid/tovid.hash | 4 ++--
package/tovid/tovid.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/tovid/tovid.hash b/package/tovid/tovid.hash
index 9ddd750..0bd7668 100644
--- a/package/tovid/tovid.hash
+++ b/package/tovid/tovid.hash
@@ -1,2 +1,2 @@
-# Locally computed:
-sha256 06f7cb00b213bbe83d72f4f2076b675a662697034e1d2cdc2dce987e35c827bc tovid-0.35.0.tar.gz
+# Locally calculated
+sha256 3193d081a7aa8e00f946b7514066f1fb7647f533ab1ebcc36b5ced927b0a1ab5 tovid-0.35.2.tar.gz
diff --git a/package/tovid/tovid.mk b/package/tovid/tovid.mk
index 079fada..c904b98 100644
--- a/package/tovid/tovid.mk
+++ b/package/tovid/tovid.mk
@@ -4,8 +4,8 @@
#
################################################################################
-TOVID_VERSION = 0.35.0
-TOVID_SITE = https://github.com/tovid-suite/tovid/releases/download/v$(TOVID_VERSION)
+TOVID_VERSION = 0.35.2
+TOVID_SITE = https://github.com/tovid-suite/tovid/releases/download/$(TOVID_VERSION)
TOVID_LICENSE = GPL-2.0+
TOVID_LICENSE_FILES = COPYING
TOVID_SETUP_TYPE = distutils
^ permalink raw reply related
* [Buildroot] [PATCH] libmpeg2: fix sparc32 build
From: Peter Korsgaard @ 2017-04-27 8:18 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170427053609.GA20301@waldemar-brodkorb.de>
>>>>> "Waldemar" == Waldemar Brodkorb <wbx@openadk.org> writes:
> The output detection recognized wrong target output, because
> sparcv9 optimization flags used for sparcv8 build.
> Fixes:
> http://autobuild.buildroot.net/results/1b3158b03f7eaf5afb5a4dab9526091888f6c9b8
> Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Committed, thanks. Don't forget to submit it upstream as well.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [git commit] libmpeg2: fix sparc32 build
From: Peter Korsgaard @ 2017-04-27 8:18 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=43155c5b4c458c4526be47834c5e99bd11245d56
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
The output detection recognized wrong target output, because
sparcv9 optimization flags used for sparcv8 build.
Fixes:
http://autobuild.buildroot.net/results/1b3158b03f7eaf5afb5a4dab9526091888f6c9b8
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/libmpeg2/0004-fix-sparc.patch | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/package/libmpeg2/0004-fix-sparc.patch b/package/libmpeg2/0004-fix-sparc.patch
new file mode 100644
index 0000000..d876b66
--- /dev/null
+++ b/package/libmpeg2/0004-fix-sparc.patch
@@ -0,0 +1,16 @@
+Do not use sparcv9 optimization flags for sparcv8 builds
+
+Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
+
+diff -Nur libmpeg2-0.5.1.orig/configure.ac libmpeg2-0.5.1/configure.ac
+--- libmpeg2-0.5.1.orig/configure.ac 2008-07-18 16:30:17.000000000 +0200
++++ libmpeg2-0.5.1/configure.ac 2017-04-26 21:09:15.780838339 +0200
+@@ -95,7 +95,7 @@
+ break
+ fi
+ done;;
+- sparc-* | sparc64-*)
++ sparc64-*)
+ AC_DEFINE([ARCH_SPARC],,[sparc architecture])
+ TRY_CFLAGS="$OPT_CFLAGS -mcpu=ultrasparc -mvis"
+ AC_TRY_CFLAGS([$TRY_CFLAGS $CFLAGS],[OPT_CFLAGS="$TRY_CFLAGS"]);;
^ permalink raw reply related
* [Buildroot] [PATCH 1/1] package/libqmi: bump version to 1.18.0
From: Peter Korsgaard @ 2017-04-27 8:17 UTC (permalink / raw)
To: buildroot
In-Reply-To: <1493254942-38586-1-git-send-email-matthew.weber@rockwellcollins.com>
>>>>> "Matt" == Matt Weber <matthew.weber@rockwellcollins.com> writes:
> Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
> ---
> package/libqmi/libqmi.hash | 2 +-
> package/libqmi/libqmi.mk | 6 +++---
> 2 files changed, 4 insertions(+), 4 deletions(-)
> diff --git a/package/libqmi/libqmi.hash b/package/libqmi/libqmi.hash
> index 08da1ae..3f40154 100644
> --- a/package/libqmi/libqmi.hash
> +++ b/package/libqmi/libqmi.hash
> @@ -1,2 +1,2 @@
> # Locally computed:
> -sha256 7ab6bb47fd23bf4d3fa17424e40ea5552d08b19e5ee4f125f21f316c8086ba2a libqmi-1.16.0.tar.xz
> +sha256 a0a42c55935e75a630208e2f70840bd4407f56fe1c5258f5b0f6c0aaedf88cec libqmi-1.18.0.tar.xz
> diff --git a/package/libqmi/libqmi.mk b/package/libqmi/libqmi.mk
> index caa4398..92b635d 100644
> --- a/package/libqmi/libqmi.mk
> +++ b/package/libqmi/libqmi.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
> -LIBQMI_VERSION = 1.16.0
> +LIBQMI_VERSION = 1.18.0
> LIBQMI_SITE = http://www.freedesktop.org/software/libqmi
> LIBQMI_SOURCE = libqmi-$(LIBQMI_VERSION).tar.xz
> LIBQMI_LICENSE = LGPL-2.0+ (library), GPL-2.0+ (programs)
> @@ -13,7 +13,7 @@ LIBQMI_INSTALL_STAGING = YES
> LIBQMI_DEPENDENCIES = libglib2
> -# we don't want -Werror
> -LIBQMI_CONF_OPTS = --enable-more-warnings=no
> +# we don't want -Werror and disable gudev Gobject bindings
Why? It would be good to describe why we don't want udev support.
> +LIBQMI_CONF_OPTS = --enable-more-warnings=no --without-udev
> $(eval $(autotools-package))
> --
> 1.9.1
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [PATCH] DEVELOPERS: remove bouncing email address
From: Peter Korsgaard @ 2017-04-27 8:16 UTC (permalink / raw)
To: buildroot
In-Reply-To: <6c539cc31246b13ff2ca22527dcb1dd1064aac34.1493209883.git.baruch@tkos.co.il>
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> The DEVELOPERS email address of Waldemar Rymarkiewicz is bouncing. Remove his
> entry.
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [PATCH] libsndfile: security bump to version 1.0.28
From: Peter Korsgaard @ 2017-04-27 8:15 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170426115214.8152-1-peter@korsgaard.com>
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes:
> CVE-2017-7585 - In libsndfile before 1.0.28, an error in the
> "flac_buffer_copy()" function (flac.c) can be exploited to cause a
> stack-based buffer overflow via a specially crafted FLAC file.
> CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()"
> function (common.c) when handling ID3 tags can be exploited to cause a
> stack-based buffer overflow via a specially crafted FLAC file.
> CVE-2017-7741 - In libsndfile before 1.0.28, an error in the
> "flac_buffer_copy()" function (flac.c) can be exploited to cause a
> segmentation violation (with write memory access) via a specially crafted
> FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
> CVE-2017-7742 - In libsndfile before 1.0.28, an error in the
> "flac_buffer_copy()" function (flac.c) can be exploited to cause a
> segmentation violation (with read memory access) via a specially crafted
> FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
> Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer
> applies. Instead pass --disable-full-suite to disable man pages,
> documentation and programs, as that was presumably the reason for the patch.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [PATCH] ncftp: use tar.gz to workaround upstream changing tarball post-release
From: Peter Korsgaard @ 2017-04-27 8:15 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170426064824.18049-1-peter@korsgaard.com>
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> As explained here:
> http://lists.busybox.net/pipermail/buildroot/2017-March/185550.html
> Upstream has silently updated their 3.2.6 tarball some time between our
> version bump in late November and December 4th. The changed tarball also
> contains a significant amount of source changes:
> libncftp/c_opennologin.c | 4
> libncftp/ftp.c | 31
> libncftp/ftw.c | 2
> libncftp/io_getmem.c | 2
> libncftp/io_list.c | 6
> libncftp/io_sendfile.c | 4
> libncftp/io_util.c | 4
> libncftp/ncftp.h | 2
> libncftp/open.c | 4
> libncftp/rftw.c | 2
> libncftp/rglobr.c | 2
> libncftp/u_decodehost.c | 2
> libncftp/u_decodeurl.c | 2
> libncftp/u_getpass.c | 2
> libncftp/u_misc.c | 2
> libncftp/u_pathcat.c | 4
> libncftp/u_scram.c | 2
> libncftp/wincfg.h | 1
> ncftp/cmds.c | 38 -
> ncftp/gl_getline.c | 26
> ncftp/ls.c | 9
> ncftp/ls.h | 9
> ncftp/progress.c | 9
> ncftp/readln.c | 4
> ncftp/shell.h | 10
> ncftp/spoolutil.c | 8
> ncftp/version.c | 2
> sh/mksrctar.sh | 1
> sh_util/gpshare.c | 12
> sh_util/ncftpbatch.c | 110 --
> sh_util/ncftpget.c | 6
> sh_util/ncftpls.c | 5
> sh_util/ncftpput.c | 14
> sio/DNSUtil.c | 4
> sio/Makefile.in | 16
> sio/SBind.c | 35
> sio/SConnect.c | 9
> sio/SNew.c | 115 ---
> sio/SRead.c | 6
> sio/StrAddr.c | 6
> sio/config.h.in | 24
> sio/configure.in | 8
> sio/sio.h | 18
> sio/wincfg.h | 1
> vis/bmed.c | 13
> vis/wgets.c | 12
> vis/wgets.h | 7
> vis/wutil.c | 6
> vis/wutil.h | 6
> Upstream has been contacted to verify if this change was intentional and the
> reason why. From the mail:
>> Is this update intentional? Why was the tarball regenerated?
> Yes.
> The old hash was unfortunately already used in the 2017.02 (and .1)
> releases, so just changing the hash and updating the tarball on
> sources.buildroot.org would break ncftp for users of those releases.
> Instead change to use the .tar.gz tarball as suggested by Arnout.
> Cc: Arnout Vandecappelle <arnout@mind.be>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [git commit] DEVELOPERS: remove bouncing email address
From: Peter Korsgaard @ 2017-04-27 8:15 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=20cc38be8e22714b00e456fbbd615e8534069ac4
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
The DEVELOPERS email address of Waldemar Rymarkiewicz is bouncing. Remove his
entry.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
DEVELOPERS | 4 ----
1 file changed, 4 deletions(-)
diff --git a/DEVELOPERS b/DEVELOPERS
index 123a8f9..985fa73 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -1654,10 +1654,6 @@ F: package/uclibc/
F: package/uclibc-ng-test/
F: package/mksh/
-N: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
-F: package/ccid/
-F: package/pcsc-lite/
-
N: Will Newton <will.newton@gmail.com>
F: package/enchant/
F: package/erlang/
^ permalink raw reply related
* [Buildroot] [git commit] libsndfile: security bump to version 1.0.28
From: Peter Korsgaard @ 2017-04-27 8:15 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=c363e070d8ee036052fbcadd153d8c39ce0db55b
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes:
CVE-2017-7585 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()"
function (common.c) when handling ID3 tags can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7741 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with write memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
CVE-2017-7742 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with read memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer
applies. Instead pass --disable-full-suite to disable man pages,
documentation and programs, as that was presumably the reason for the patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/libsndfile/0001-srconly.patch | 17 -----------------
package/libsndfile/libsndfile.hash | 2 +-
package/libsndfile/libsndfile.mk | 5 +++--
3 files changed, 4 insertions(+), 20 deletions(-)
diff --git a/package/libsndfile/0001-srconly.patch b/package/libsndfile/0001-srconly.patch
deleted file mode 100644
index 417e340..0000000
--- a/package/libsndfile/0001-srconly.patch
+++ /dev/null
@@ -1,17 +0,0 @@
----
- Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: libsndfile-1.0.18/Makefile.in
-===================================================================
---- libsndfile-1.0.18.orig/Makefile.in
-+++ libsndfile-1.0.18/Makefile.in
-@@ -260,7 +260,7 @@
- top_srcdir = @top_srcdir@
- DISTCHECK_CONFIGURE_FLAGS = --enable-gcc-werror
- @BUILD_OCTAVE_MOD_TRUE at octave_dir = Octave
--SUBDIRS = M4 man doc Win32 src $(octave_dir) examples regtest tests programs
-+SUBDIRS = src
- DIST_SUBDIRS = M4 man doc Win32 src Octave examples regtest tests programs
- EXTRA_DIST = libsndfile.spec.in sndfile.pc.in Mingw-make-dist.sh
- pkgconfigdir = $(libdir)/pkgconfig
diff --git a/package/libsndfile/libsndfile.hash b/package/libsndfile/libsndfile.hash
index a87b7c3..31500cd 100644
--- a/package/libsndfile/libsndfile.hash
+++ b/package/libsndfile/libsndfile.hash
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
-sha256 a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0 libsndfile-1.0.27.tar.gz
+sha256 1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9 libsndfile-1.0.28.tar.gz
diff --git a/package/libsndfile/libsndfile.mk b/package/libsndfile/libsndfile.mk
index 936f4be..22909ff 100644
--- a/package/libsndfile/libsndfile.mk
+++ b/package/libsndfile/libsndfile.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBSNDFILE_VERSION = 1.0.27
+LIBSNDFILE_VERSION = 1.0.28
LIBSNDFILE_SITE = http://www.mega-nerd.com/libsndfile/files
LIBSNDFILE_INSTALL_STAGING = YES
LIBSNDFILE_LICENSE = LGPL-2.1+
@@ -13,6 +13,7 @@ LIBSNDFILE_LICENSE_FILES = COPYING
LIBSNDFILE_CONF_OPTS = \
--disable-sqlite \
--disable-alsa \
- --disable-external-libs
+ --disable-external-libs \
+ --disable-full-suite
$(eval $(autotools-package))
^ permalink raw reply related
* [Buildroot] [git commit] ncftp: use tar.gz to workaround upstream changing tarball post-release
From: Peter Korsgaard @ 2017-04-27 8:14 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=c3b548020404b5ca5b52d388d2a5bc9926db0b45
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
As explained here:
http://lists.busybox.net/pipermail/buildroot/2017-March/185550.html
Upstream has silently updated their 3.2.6 tarball some time between our
version bump in late November and December 4th. The changed tarball also
contains a significant amount of source changes:
libncftp/c_opennologin.c | 4
libncftp/ftp.c | 31
libncftp/ftw.c | 2
libncftp/io_getmem.c | 2
libncftp/io_list.c | 6
libncftp/io_sendfile.c | 4
libncftp/io_util.c | 4
libncftp/ncftp.h | 2
libncftp/open.c | 4
libncftp/rftw.c | 2
libncftp/rglobr.c | 2
libncftp/u_decodehost.c | 2
libncftp/u_decodeurl.c | 2
libncftp/u_getpass.c | 2
libncftp/u_misc.c | 2
libncftp/u_pathcat.c | 4
libncftp/u_scram.c | 2
libncftp/wincfg.h | 1
ncftp/cmds.c | 38 -
ncftp/gl_getline.c | 26
ncftp/ls.c | 9
ncftp/ls.h | 9
ncftp/progress.c | 9
ncftp/readln.c | 4
ncftp/shell.h | 10
ncftp/spoolutil.c | 8
ncftp/version.c | 2
sh/mksrctar.sh | 1
sh_util/gpshare.c | 12
sh_util/ncftpbatch.c | 110 --
sh_util/ncftpget.c | 6
sh_util/ncftpls.c | 5
sh_util/ncftpput.c | 14
sio/DNSUtil.c | 4
sio/Makefile.in | 16
sio/SBind.c | 35
sio/SConnect.c | 9
sio/SNew.c | 115 ---
sio/SRead.c | 6
sio/StrAddr.c | 6
sio/config.h.in | 24
sio/configure.in | 8
sio/sio.h | 18
sio/wincfg.h | 1
vis/bmed.c | 13
vis/wgets.c | 12
vis/wgets.h | 7
vis/wutil.c | 6
vis/wutil.h | 6
Upstream has been contacted to verify if this change was intentional and the
reason why. From the mail:
> Is this update intentional? Why was the tarball regenerated?
Yes.
The old hash was unfortunately already used in the 2017.02 (and .1)
releases, so just changing the hash and updating the tarball on
sources.buildroot.org would break ncftp for users of those releases.
Instead change to use the .tar.gz tarball as suggested by Arnout.
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/ncftp/ncftp.hash | 2 +-
package/ncftp/ncftp.mk | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/package/ncftp/ncftp.hash b/package/ncftp/ncftp.hash
index 0a7c26c..f6f7310 100644
--- a/package/ncftp/ncftp.hash
+++ b/package/ncftp/ncftp.hash
@@ -1,2 +1,2 @@
# Locally computed:
-sha256 7abd3e8f848f0efb4bb6a4bc5da58a59524d4378fc8d70a52adb0fe1fd00b89d ncftp-3.2.6-src.tar.xz
+sha256 129e5954850290da98af012559e6743de193de0012e972ff939df9b604f81c23 ncftp-3.2.6-src.tar.gz
diff --git a/package/ncftp/ncftp.mk b/package/ncftp/ncftp.mk
index 11bfcca..816e0f1 100644
--- a/package/ncftp/ncftp.mk
+++ b/package/ncftp/ncftp.mk
@@ -5,7 +5,9 @@
################################################################################
NCFTP_VERSION = 3.2.6
-NCFTP_SOURCE = ncftp-$(NCFTP_VERSION)-src.tar.xz
+# use .gz as upstream .xz tarball has changed after the hash was added for
+# 2017.02. Can be changed back to .xz when version is bumped
+NCFTP_SOURCE = ncftp-$(NCFTP_VERSION)-src.tar.gz
NCFTP_SITE = ftp://ftp.ncftp.com/ncftp
NCFTP_TARGET_BINS = ncftp
NCFTP_LICENSE = Clarified Artistic License
^ permalink raw reply related
* [Buildroot] [PATCH 1/2] tiff: add upstream security fixes
From: Peter Korsgaard @ 2017-04-27 7:39 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170427073633.28576-1-peter@korsgaard.com>
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Add upstream post-4.0.7 commits (except for ChangeLog modifications) fixing
> the following security issues:
Ups, I didn't mean to resend this. Please ignore.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [PATCH] python-django: security bump to version 1.10.7
From: Peter Korsgaard @ 2017-04-27 7:37 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
Since 1.10.3:
CVE-2016-9013 - User with hardcoded password created when running tests on
Oracle
Marti Raudsepp reported that a user with a hardcoded password is created
when running tests with an Oracle database.
CVE-2016-9014 - DNS rebinding vulnerability when DEBUG=True
Aymeric Augustin discovered that Django does not properly validate the Host
header against settings.ALLOWED_HOSTS when the debug setting is enabled. A
remote attacker can take advantage of this flaw to perform DNS rebinding
attacks.
Since 1.10.7:
CVE-2017-7233 - Open redirect and possible XSS attack via user-supplied
numeric redirect URLs
It was discovered that is_safe_url() does not properly handle certain
numeric URLs as safe. A remote attacker can take advantage of this flaw to
perform XSS attacks or to use a Django server as an open redirect.
CVE-2017-7234 - Open redirect vulnerability in django.views.static.serve()
Phithon from Chaitin Tech discovered an open redirect vulnerability in the
django.views.static.serve() view. Note that this view is not intended for
production use.
Cc: Oli Vogt <oli.vogt.pub01@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/python-django/python-django.hash | 4 ++--
package/python-django/python-django.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
index 38b303bbf..09be18440 100644
--- a/package/python-django/python-django.hash
+++ b/package/python-django/python-django.hash
@@ -1,3 +1,3 @@
# md5 from https://pypi.python.org/pypi/django/json, sha256 locally computed
-md5 5342e77374b2acd2eafa86d2bb68f8c9 Django-1.10.2.tar.gz
-sha256 e127f12a0bfb34843b6e8c82f91e26fff6445a7ca91d222c0794174cf97cbce1 Django-1.10.2.tar.gz
+md5 693dfeabad62c561cb205900d32c2a98 Django-1.10.7.tar.gz
+sha256 593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8 Django-1.10.7.tar.gz
diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
index 9065a687e..9056f00cf 100644
--- a/package/python-django/python-django.mk
+++ b/package/python-django/python-django.mk
@@ -4,10 +4,10 @@
#
################################################################################
-PYTHON_DJANGO_VERSION = 1.10.2
+PYTHON_DJANGO_VERSION = 1.10.7
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
# The official Django site has an unpractical URL
-PYTHON_DJANGO_SITE = https://pypi.python.org/packages/57/9e/59444485f092b6ed4f1931e7d2e13b67fdab967c041d02f58a0d1dab8c23
+PYTHON_DJANGO_SITE = https://pypi.python.org/packages/15/b4/d4bb7313e02386bd23a60e1eb5670321313fb67289c6f36ec43bce747aff
PYTHON_DJANGO_LICENSE = BSD-3-Clause
PYTHON_DJANGO_LICENSE_FILES = LICENSE
PYTHON_DJANGO_SETUP_TYPE = setuptools
--
2.11.0
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox