* [Buildroot] [git commit branch/2017.02.x] imagemagick: add upstream security fix for CVE-2017-7606
From: Peter Korsgaard @ 2017-04-28 12:28 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=a1b9e5cb32329fd1af070ab8f7e77f9952f4336a
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x
This is not yet part of any release.
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
representable values of type unsigned char" undefined behavior issue, which
might allow remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted image.
For more details, see:
https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 665560856edfcdd18b2053e26bc8a44754dffca2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...ub.com-ImageMagick-ImageMagick-issues-415.patch | 52 ++++++++++++++++++++++
1 file changed, 52 insertions(+)
diff --git a/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch b/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch
new file mode 100644
index 0000000..943679e
--- /dev/null
+++ b/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch
@@ -0,0 +1,52 @@
+From b218117cad34d39b9ffb587b45c71c5a49b12bde Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Fri, 31 Mar 2017 15:24:33 -0400
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/415
+
+Fixes CVE-2017-7606
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ coders/pnm.c | 2 +-
+ coders/rle.c | 5 +++--
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/coders/pnm.c b/coders/pnm.c
+index 9a1221d79..c525ebb8f 100644
+--- a/coders/pnm.c
++++ b/coders/pnm.c
+@@ -1979,7 +1979,7 @@ static MagickBooleanType WritePNMImage(const ImageInfo *image_info,Image *image,
+ pixel=ScaleQuantumToChar(GetPixelRed(image,p));
+ else
+ pixel=ScaleQuantumToAny(GetPixelRed(image,p),
+- max_value);
++ max_value);
+ }
+ q=PopCharPixel((unsigned char) pixel,q);
+ p+=GetPixelChannels(image);
+diff --git a/coders/rle.c b/coders/rle.c
+index 2318901ec..ec071dc7b 100644
+--- a/coders/rle.c
++++ b/coders/rle.c
+@@ -271,7 +271,8 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ p=colormap;
+ for (i=0; i < (ssize_t) number_colormaps; i++)
+ for (x=0; x < (ssize_t) map_length; x++)
+- *p++=(unsigned char) ScaleShortToQuantum(ReadBlobLSBShort(image));
++ *p++=(unsigned char) ScaleQuantumToChar(ScaleShortToQuantum(
++ ReadBlobLSBShort(image)));
+ }
+ if ((flags & 0x08) != 0)
+ {
+@@ -476,7 +477,7 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ for (x=0; x < (ssize_t) number_planes; x++)
+ {
+ ValidateColormapValue(image,(size_t) (x*map_length+
+- (*p & mask)),&index,exception);
++ (*p & mask)),&index,exception);
+ *p=colormap[(ssize_t) index];
+ p++;
+ }
+--
+2.11.0
+
^ permalink raw reply related
* [Buildroot] [git commit branch/2017.02.x] imagemagick: bump version to 7.0.5-4
From: Peter Korsgaard @ 2017-04-28 12:28 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=1b8f4d29ed1e33d02f3bc566dc933ab6162a7927
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 49a3ed0feee3ce58563fdec94b3d64112f41696b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/imagemagick/imagemagick.hash | 2 +-
package/imagemagick/imagemagick.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/imagemagick/imagemagick.hash b/package/imagemagick/imagemagick.hash
index 3f9f84e..ff7b24a 100644
--- a/package/imagemagick/imagemagick.hash
+++ b/package/imagemagick/imagemagick.hash
@@ -1,2 +1,2 @@
# From http://www.imagemagick.org/download/releases/digest.rdf
-sha256 dbc0a1cc0e4e3d4e3c772724fcbfe24a00ff4434c8b12c513c447a5fb422ffa6 ImageMagick-7.0.5-3.tar.xz
+sha256 4a1dde5bdfec0fc549955a051be25b7ff96dfb192060997699e43c7ce0f06ab2 ImageMagick-7.0.5-4.tar.xz
diff --git a/package/imagemagick/imagemagick.mk b/package/imagemagick/imagemagick.mk
index d6923f5..9bef6f7 100644
--- a/package/imagemagick/imagemagick.mk
+++ b/package/imagemagick/imagemagick.mk
@@ -4,7 +4,7 @@
#
################################################################################
-IMAGEMAGICK_VERSION = 7.0.5-3
+IMAGEMAGICK_VERSION = 7.0.5-4
IMAGEMAGICK_SOURCE = ImageMagick-$(IMAGEMAGICK_VERSION).tar.xz
IMAGEMAGICK_SITE = http://www.imagemagick.org/download/releases
IMAGEMAGICK_LICENSE = Apache-2.0
^ permalink raw reply related
* [Buildroot] [git commit branch/2017.02.x] imagemagick: bump version to 7.0.5-3
From: Peter Korsgaard @ 2017-04-28 12:28 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=83e50860e77ee2ec0703524d73a09802dc17805b
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 84bc1fb5320568a9475aaca03d24196ecad48ec0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/imagemagick/imagemagick.hash | 2 +-
package/imagemagick/imagemagick.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/imagemagick/imagemagick.hash b/package/imagemagick/imagemagick.hash
index 5a281cf..3f9f84e 100644
--- a/package/imagemagick/imagemagick.hash
+++ b/package/imagemagick/imagemagick.hash
@@ -1,2 +1,2 @@
# From http://www.imagemagick.org/download/releases/digest.rdf
-sha256 a7c55f0fd5203cbff12bf4a8d9158c002fab8d4290859a8087c3d329013b1af8 ImageMagick-7.0.5-2.tar.xz
+sha256 dbc0a1cc0e4e3d4e3c772724fcbfe24a00ff4434c8b12c513c447a5fb422ffa6 ImageMagick-7.0.5-3.tar.xz
diff --git a/package/imagemagick/imagemagick.mk b/package/imagemagick/imagemagick.mk
index ac10cd6..d6923f5 100644
--- a/package/imagemagick/imagemagick.mk
+++ b/package/imagemagick/imagemagick.mk
@@ -4,7 +4,7 @@
#
################################################################################
-IMAGEMAGICK_VERSION = 7.0.5-2
+IMAGEMAGICK_VERSION = 7.0.5-3
IMAGEMAGICK_SOURCE = ImageMagick-$(IMAGEMAGICK_VERSION).tar.xz
IMAGEMAGICK_SITE = http://www.imagemagick.org/download/releases
IMAGEMAGICK_LICENSE = Apache-2.0
^ permalink raw reply related
* [Buildroot] [git commit branch/2017.02.x] imagemagick: bump version to 7.0.5-2
From: Peter Korsgaard @ 2017-04-28 12:27 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=33adae56f9abc36791040b7c9bbde7714ac31beb
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 22562f7f056623ce8ca6a90e89fb2b2cbd35ff19)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/imagemagick/imagemagick.hash | 2 +-
package/imagemagick/imagemagick.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/imagemagick/imagemagick.hash b/package/imagemagick/imagemagick.hash
index 75bc9a9..5a281cf 100644
--- a/package/imagemagick/imagemagick.hash
+++ b/package/imagemagick/imagemagick.hash
@@ -1,2 +1,2 @@
# From http://www.imagemagick.org/download/releases/digest.rdf
-sha256 7362805eaa9f9b90cdb67a1f8762782bef4a42ca44939629aecad3c40305bf4c ImageMagick-7.0.5-0.tar.xz
+sha256 a7c55f0fd5203cbff12bf4a8d9158c002fab8d4290859a8087c3d329013b1af8 ImageMagick-7.0.5-2.tar.xz
diff --git a/package/imagemagick/imagemagick.mk b/package/imagemagick/imagemagick.mk
index d1cd608..ac10cd6 100644
--- a/package/imagemagick/imagemagick.mk
+++ b/package/imagemagick/imagemagick.mk
@@ -4,7 +4,7 @@
#
################################################################################
-IMAGEMAGICK_VERSION = 7.0.5-0
+IMAGEMAGICK_VERSION = 7.0.5-2
IMAGEMAGICK_SOURCE = ImageMagick-$(IMAGEMAGICK_VERSION).tar.xz
IMAGEMAGICK_SITE = http://www.imagemagick.org/download/releases
IMAGEMAGICK_LICENSE = Apache-2.0
^ permalink raw reply related
* [Buildroot] [PATCH 1/2] libcroco: add upstream security fixes
From: Peter Korsgaard @ 2017-04-28 12:27 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170425141700.30077-1-peter@korsgaard.com>
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> These have been added to upstream git after 0.6.12 was released.
> CVE-2017-7960 - The cr_input_new_from_uri function in cr-input.c in libcroco
> 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service
> (heap-based buffer over-read) via a crafted CSS file.
> CVE-2017-7961 - The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco
> 0.6.11 and 0.6.12 has an "outside the range of representable values of type
> long" undefined behavior issue, which might allow remote attackers to cause
> a denial of service (application crash) or possibly have unspecified other
> impact via a crafted CSS file.
> For more details, see:
> https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [git commit branch/2017.02.x] libcroco: add upstream security fixes
From: Peter Korsgaard @ 2017-04-28 12:27 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=0cef3aad7be515594e887b03e9cde15accb1b16d
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x
These have been added to upstream git after 0.6.12 was released.
CVE-2017-7960 - The cr_input_new_from_uri function in cr-input.c in libcroco
0.6.11 and 0.6.12 allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted CSS file.
CVE-2017-7961 - The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco
0.6.11 and 0.6.12 has an "outside the range of representable values of type
long" undefined behavior issue, which might allow remote attackers to cause
a denial of service (application crash) or possibly have unspecified other
impact via a crafted CSS file.
For more details, see:
https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 52bfb4b1ce25d870f9bab72d285f326ec7d0ad77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...-check-end-of-input-before-reading-a-byte.patch | 62 ++++++++++++++++++++++
...02-tknzr-support-only-max-long-rgb-values.patch | 46 ++++++++++++++++
2 files changed, 108 insertions(+)
diff --git a/package/libcroco/0001-input-check-end-of-input-before-reading-a-byte.patch b/package/libcroco/0001-input-check-end-of-input-before-reading-a-byte.patch
new file mode 100644
index 0000000..831b1a7
--- /dev/null
+++ b/package/libcroco/0001-input-check-end-of-input-before-reading-a-byte.patch
@@ -0,0 +1,62 @@
+From 898e3a8c8c0314d2e6b106809a8e3e93cf9d4394 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Sun, 16 Apr 2017 13:13:43 +0200
+Subject: [PATCH] input: check end of input before reading a byte
+
+Fixes CVE-2017-7960
+
+When reading bytes we weren't check that the index wasn't
+out of bound and this could produce an invalid read which
+could deal to a security bug.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/cr-input.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/cr-input.c b/src/cr-input.c
+index 49000b1..3b63a88 100644
+--- a/src/cr-input.c
++++ b/src/cr-input.c
+@@ -256,7 +256,7 @@ cr_input_new_from_uri (const gchar * a_file_uri, enum CREncoding a_enc)
+ *we should free buf here because it's own by CRInput.
+ *(see the last parameter of cr_input_new_from_buf().
+ */
+- buf = NULL ;
++ buf = NULL;
+ }
+
+ cleanup:
+@@ -404,6 +404,8 @@ cr_input_get_nb_bytes_left (CRInput const * a_this)
+ enum CRStatus
+ cr_input_read_byte (CRInput * a_this, guchar * a_byte)
+ {
++ gulong nb_bytes_left = 0;
++
+ g_return_val_if_fail (a_this && PRIVATE (a_this)
+ && a_byte, CR_BAD_PARAM_ERROR);
+
+@@ -413,6 +415,12 @@ cr_input_read_byte (CRInput * a_this, guchar * a_byte)
+ if (PRIVATE (a_this)->end_of_input == TRUE)
+ return CR_END_OF_INPUT_ERROR;
+
++ nb_bytes_left = cr_input_get_nb_bytes_left (a_this);
++
++ if (nb_bytes_left < 1) {
++ return CR_END_OF_INPUT_ERROR;
++ }
++
+ *a_byte = PRIVATE (a_this)->in_buf[PRIVATE (a_this)->next_byte_index];
+
+ if (PRIVATE (a_this)->nb_bytes -
+@@ -477,7 +485,6 @@ cr_input_read_char (CRInput * a_this, guint32 * a_char)
+ if (*a_char == '\n') {
+ PRIVATE (a_this)->end_of_line = TRUE;
+ }
+-
+ }
+
+ return status;
+--
+2.11.0
+
diff --git a/package/libcroco/0002-tknzr-support-only-max-long-rgb-values.patch b/package/libcroco/0002-tknzr-support-only-max-long-rgb-values.patch
new file mode 100644
index 0000000..1a9bcd9
--- /dev/null
+++ b/package/libcroco/0002-tknzr-support-only-max-long-rgb-values.patch
@@ -0,0 +1,46 @@
+From 9ad72875e9f08e4c519ef63d44cdbd94aa9504f7 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Sun, 16 Apr 2017 13:56:09 +0200
+Subject: [PATCH] tknzr: support only max long rgb values
+
+Fixes CVE-2017-7961
+
+This fixes a possible out of bound when reading rgbs which
+are longer than the support MAXLONG
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/cr-tknzr.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/cr-tknzr.c b/src/cr-tknzr.c
+index 1a7cfeb..1548c35 100644
+--- a/src/cr-tknzr.c
++++ b/src/cr-tknzr.c
+@@ -1279,6 +1279,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)
+ status = cr_tknzr_parse_num (a_this, &num);
+ ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));
+
++ if (num->val > G_MAXLONG) {
++ status = CR_PARSING_ERROR;
++ goto error;
++ }
++
+ red = num->val;
+ cr_num_destroy (num);
+ num = NULL;
+@@ -1298,6 +1303,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)
+ status = cr_tknzr_parse_num (a_this, &num);
+ ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));
+
++ if (num->val > G_MAXLONG) {
++ status = CR_PARSING_ERROR;
++ goto error;
++ }
++
+ PEEK_BYTE (a_this, 1, &next_bytes[0]);
+ if (next_bytes[0] == '%') {
+ SKIP_CHARS (a_this, 1);
+--
+2.11.0
+
^ permalink raw reply related
* [Buildroot] [PATCH] python-web2py: security bump to version 2.14.6
From: Peter Korsgaard @ 2017-04-28 12:26 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170425134423.3313-1-peter@korsgaard.com>
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> CVE-2016-4806 - Web2py versions 2.14.5 and below was affected by Local File
> Inclusion vulnerability, which allows a malicious intended user to
> read/access web server sensitive files.
> CVE-2016-4807 - Web2py versions 2.14.5 and below was affected by Reflected
> XSS vulnerability, which allows an attacker to perform an XSS attack on
> logged in user (admin).
> CVE-2016-4808 - Web2py versions 2.14.5 and below was affected by CSRF (Cross
> Site Request Forgery) vulnerability, which allows an attacker to trick a
> logged in user to perform some unwanted actions i.e An attacker can trick an
> victim to disable the installed application just by sending a URL to victim.
> CVE-2016-10321 - web2py before 2.14.6 does not properly check if a host is
> denied before verifying passwords, allowing a remote attacker to perform
> brute-force attacks.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [git commit branch/2017.02.x] python-web2py: security bump to version 2.14.6
From: Peter Korsgaard @ 2017-04-28 12:25 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=32e514709f9955a29fea8f307b8907ec6f955ba9
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x
CVE-2016-4806 - Web2py versions 2.14.5 and below was affected by Local File
Inclusion vulnerability, which allows a malicious intended user to
read/access web server sensitive files.
CVE-2016-4807 - Web2py versions 2.14.5 and below was affected by Reflected
XSS vulnerability, which allows an attacker to perform an XSS attack on
logged in user (admin).
CVE-2016-4808 - Web2py versions 2.14.5 and below was affected by CSRF (Cross
Site Request Forgery) vulnerability, which allows an attacker to trick a
logged in user to perform some unwanted actions i.e An attacker can trick an
victim to disable the installed application just by sending a URL to victim.
CVE-2016-10321 - web2py before 2.14.6 does not properly check if a host is
denied before verifying passwords, allowing a remote attacker to perform
brute-force attacks.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a534030c6e67ff0319f8af2b55fe977a06f17dfd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/python-web2py/python-web2py.hash | 2 +-
package/python-web2py/python-web2py.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/python-web2py/python-web2py.hash b/package/python-web2py/python-web2py.hash
index 3de8dbf..9c1de90 100644
--- a/package/python-web2py/python-web2py.hash
+++ b/package/python-web2py/python-web2py.hash
@@ -1,2 +1,2 @@
# sha256 locally computed
-sha256 7e22a5624d8d2909e165110f0bec6b43ee36ff6834d689f4027e06dece662031 python-web2py-R-2.12.3.tar.gz
+sha256 6079aeaa352ec51e0da5e6abc71fa74cdb3a781e06a311b5826618624362a7b2 python-web2py-R-2.14.6.tar.gz
diff --git a/package/python-web2py/python-web2py.mk b/package/python-web2py/python-web2py.mk
index 38faabc..af13e69 100644
--- a/package/python-web2py/python-web2py.mk
+++ b/package/python-web2py/python-web2py.mk
@@ -4,7 +4,7 @@
#
################################################################################
-PYTHON_WEB2PY_VERSION = R-2.12.3
+PYTHON_WEB2PY_VERSION = R-2.14.6
PYTHON_WEB2PY_SITE = $(call github,web2py,web2py,$(PYTHON_WEB2PY_VERSION))
PYTHON_WEB2PY_LICENSE = LGPLv3
PYTHON_WEB2PY_LICENSE_FILES = LICENSE
^ permalink raw reply related
* [Buildroot] [PATCH 1/2] linux-headers: bump 4.{4, 9, 10}.x series
From: Peter Korsgaard @ 2017-04-28 12:24 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170421090746.50195-1-Vincent.Riera@imgtec.com>
>>>>> "Vicente" == Vicente Olivert Riera <Vincent.Riera@imgtec.com> writes:
> Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [PATCH] minicom: security bump to version 2.7.1
From: Peter Korsgaard @ 2017-04-28 12:23 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170425114434.1728-1-peter@korsgaard.com>
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes CVE-2017-7467 - minicom and prl-vzvncserver vt100.c escparms[] buffer
> overflow.
> For more details about the issue, see the nice writeup on oss-security:
> http://www.openwall.com/lists/oss-security/2017/04/18/5
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [git commit branch/2017.02.x] minicom: security bump to version 2.7.1
From: Peter Korsgaard @ 2017-04-28 12:23 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=cf113c76dfd262dd8ba17e4eb19e7d3deed437bc
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x
Fixes CVE-2017-7467 - minicom and prl-vzvncserver vt100.c escparms[] buffer
overflow.
For more details about the issue, see the nice writeup on oss-security:
http://www.openwall.com/lists/oss-security/2017/04/18/5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 027a0d5b61326da318fb916ff52324b9f238d768)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/minicom/minicom.hash | 2 +-
package/minicom/minicom.mk | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/minicom/minicom.hash b/package/minicom/minicom.hash
index 33ba4ef..ca30871 100644
--- a/package/minicom/minicom.hash
+++ b/package/minicom/minicom.hash
@@ -1,2 +1,2 @@
# Locally calculated
-sha256 9ac3a663b82f4f5df64114b4792b9926b536c85f59de0f2d2b321c7626a904f4 minicom-2.7.tar.gz
+sha256 532f836b7a677eb0cb1dca8d70302b73729c3d30df26d58368d712e5cca041f1 minicom-2.7.1.tar.gz
diff --git a/package/minicom/minicom.mk b/package/minicom/minicom.mk
index 94a4628..3aa11ed 100644
--- a/package/minicom/minicom.mk
+++ b/package/minicom/minicom.mk
@@ -4,8 +4,8 @@
#
################################################################################
-MINICOM_VERSION = 2.7
-MINICOM_SITE = https://alioth.debian.org/frs/download.php/file/3977
+MINICOM_VERSION = 2.7.1
+MINICOM_SITE = https://alioth.debian.org/frs/download.php/file/4215
MINICOM_LICENSE = GPLv2+
MINICOM_LICENSE_FILES = COPYING
^ permalink raw reply related
* [Buildroot] [git commit branch/2017.02.x] linux-headers: bump 4.{4, 9, 10}.x series
From: Peter Korsgaard @ 2017-04-28 12:21 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=6b671fa3b63d80ca0226ad297af64e77064aaeec
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x
[Peter: drop 4.10.x bump]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 37159734b01b2246272f1d419110b750df40cad5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
| 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--git a/package/linux-headers/Config.in.host b/package/linux-headers/Config.in.host
index 7e246b9..747f24d 100644
--- a/package/linux-headers/Config.in.host
+++ b/package/linux-headers/Config.in.host
@@ -222,7 +222,7 @@ config BR2_DEFAULT_KERNEL_HEADERS
default "3.19.8" if BR2_KERNEL_HEADERS_3_19
default "4.0.9" if BR2_KERNEL_HEADERS_4_0
default "4.1.39" if BR2_KERNEL_HEADERS_4_1
- default "4.4.62" if BR2_KERNEL_HEADERS_4_4
+ default "4.4.63" if BR2_KERNEL_HEADERS_4_4
default "4.8.17" if BR2_KERNEL_HEADERS_4_8
- default "4.9.23" if BR2_KERNEL_HEADERS_4_9
+ default "4.9.24" if BR2_KERNEL_HEADERS_4_9
default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
^ permalink raw reply related
* [Buildroot] [PATCH] ghostscript: add upstream security fixes for CVE-2017-8291
From: Peter Korsgaard @ 2017-04-28 12:15 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170428074930.26043-1-peter@korsgaard.com>
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> CVE-2017-8291 - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
> and remote command execution via a "/OutputFile (%pipe%" substring in a
> crafted .eps document that is an input to the gs program, as exploited in
> the wild in April 2017.
> For more details, see https://bugzilla.suse.com/show_bug.cgi?id=1036453
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [git commit] ghostscript: add upstream security fixes for CVE-2017-8291
From: Peter Korsgaard @ 2017-04-28 12:15 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=874becfd019bc8f4e126684d08c4164e984b11c3
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
CVE-2017-8291 - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
and remote command execution via a "/OutputFile (%pipe%" substring in a
crafted .eps document that is an input to the gs program, as exploited in
the wild in April 2017.
For more details, see https://bugzilla.suse.com/show_bug.cgi?id=1036453
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...-697799-have-.eqproc-check-its-parameters.patch | 33 ++++++++++++
...7799-have-.rsdparams-check-its-parameters.patch | 62 ++++++++++++++++++++++
2 files changed, 95 insertions(+)
diff --git a/package/ghostscript/0003-Bug-697799-have-.eqproc-check-its-parameters.patch b/package/ghostscript/0003-Bug-697799-have-.eqproc-check-its-parameters.patch
new file mode 100644
index 0000000..becdc66
--- /dev/null
+++ b/package/ghostscript/0003-Bug-697799-have-.eqproc-check-its-parameters.patch
@@ -0,0 +1,33 @@
+From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 27 Apr 2017 13:03:33 +0100
+Subject: [PATCH] Bug 697799: have .eqproc check its parameters
+
+The Ghostscript custom operator .eqproc was not check the number or type of
+the parameters it was given.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ psi/zmisc3.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 54b304246..37293ff4b 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
+ ref2_t stack[MAX_DEPTH + 1];
+ ref2_t *top = stack;
+
++ if (ref_stack_count(&o_stack) < 2)
++ return_error(gs_error_stackunderflow);
++ if (!r_is_array(op - 1) || !r_is_array(op)) {
++ return_error(gs_error_typecheck);
++ }
++
+ make_array(&stack[0].proc1, 0, 1, op - 1);
+ make_array(&stack[0].proc2, 0, 1, op);
+ for (;;) {
+--
+2.11.0
+
diff --git a/package/ghostscript/0004-Bug-697799-have-.rsdparams-check-its-parameters.patch b/package/ghostscript/0004-Bug-697799-have-.rsdparams-check-its-parameters.patch
new file mode 100644
index 0000000..9ba170b
--- /dev/null
+++ b/package/ghostscript/0004-Bug-697799-have-.rsdparams-check-its-parameters.patch
@@ -0,0 +1,62 @@
+From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 27 Apr 2017 13:21:31 +0100
+Subject: [PATCH] Bug 697799: have .rsdparams check its parameters
+
+The Ghostscript internal operator .rsdparams wasn't checking the number or
+type of the operands it was being passed. Do so.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ psi/zfrsd.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/psi/zfrsd.c b/psi/zfrsd.c
+index 191107d8a..950588d69 100644
+--- a/psi/zfrsd.c
++++ b/psi/zfrsd.c
+@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
+ ref *pFilter;
+ ref *pDecodeParms;
+ int Intent = 0;
+- bool AsyncRead;
++ bool AsyncRead = false;
+ ref empty_array, filter1_array, parms1_array;
+ uint i;
+- int code;
++ int code = 0;
++
++ if (ref_stack_count(&o_stack) < 1)
++ return_error(gs_error_stackunderflow);
++ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
++ return_error(gs_error_typecheck);
++ }
+
+ make_empty_array(&empty_array, a_readonly);
+- if (dict_find_string(op, "Filter", &pFilter) > 0) {
++ if (r_has_type(op, t_dictionary)
++ && dict_find_string(op, "Filter", &pFilter) > 0) {
+ if (!r_is_array(pFilter)) {
+ if (!r_has_type(pFilter, t_name))
+ return_error(gs_error_typecheck);
+@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
+ return_error(gs_error_typecheck);
+ }
+ }
+- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
++ if (r_has_type(op, t_dictionary))
++ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+ if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
+ return code;
+- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
+- )
+- return code;
++ if (r_has_type(op, t_dictionary))
++ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
++ return code;
+ push(1);
+ op[-1] = *pFilter;
+ if (pDecodeParms)
+--
+2.11.0
+
^ permalink raw reply related
* [Buildroot] [PATCH 1/1] openocd: bump to 0.10.0
From: Peter Korsgaard @ 2017-04-28 12:15 UTC (permalink / raw)
To: buildroot
In-Reply-To: <1493364505-17299-1-git-send-email-christophe.priouzeau@st.com>
>>>>> "Christophe" == Christophe PRIOUZEAU <christophe.priouzeau@st.com> writes:
> Update openocd to 0.10.0
> Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
And no changes to any configure flags or pkg-config? Looking at the
release notes it mentions several changes:
https://sourceforge.net/p/openocd/mailman/message/35570895/
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [autobuild.buildroot.net] Build results for 2017-04-27
From: Peter Korsgaard @ 2017-04-28 10:01 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170428110851.03eff198@free-electrons.com>
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@free-electrons.com> writes:
> Hello,
> On Fri, 28 Apr 2017 11:44:33 +0300, Baruch Siach wrote:
>> Incompatibility of ola with protobuf 3.2.0. An upstream issue[1] is open since
>> January.
>>
>> Should we revert the protobuf bump? Remove ola?
> Remove ola is I believe the right approach. According to the Github
> issue, Fedora has done the same thing.
> I believe it's more important to stay up-to-date with protobuf than it
> is to keep ola as a package, especially since ola is not used as a
> dependency for any other package.
> Maybe just mark it BROKEN for now?
Yes, I think that is the best way forward as well.
--
Bye, Peter Korsgaard
^ permalink raw reply
* [Buildroot] [PATCH 2/2] Add DEPENDENCIES_HOST_PREREQ to the list of packages
From: Alfredo Alvarez Fernandez @ 2017-04-28 9:35 UTC (permalink / raw)
To: buildroot
In-Reply-To: <1493372121-32177-1-git-send-email-alfredo.alvarez_fernandez@nokia.com>
That way packages included in that list like ccache will also be
regarded as a normal packages for targets like external-deps,
show-targets or legal-info
Signed-off-by: Alfredo Alvarez Fernandez <alfredo.alvarez_fernandez@nokia.com>
---
Makefile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Makefile b/Makefile
index 919d589..f041567 100644
--- a/Makefile
+++ b/Makefile
@@ -484,6 +484,8 @@ include package/Makefile.in
-include $(wildcard arch/arch.mk.*)
include support/dependencies/dependencies.mk
+PACKAGES += $(DEPENDENCIES_HOST_PREREQ)
+
include toolchain/*.mk
include toolchain/*/*.mk
--
2.7.4
^ permalink raw reply related
* [Buildroot] [PATCH 1/2] Use HOSTCC_NOCCACHE for both core-dependencies and DEPENDENCIES_HOST_PREREQ
From: Alfredo Alvarez Fernandez @ 2017-04-28 9:35 UTC (permalink / raw)
To: buildroot
This also fixes make clean host-ccache
Signed-off-by: Alfredo Alvarez Fernandez <alfredo.alvarez_fernandez@nokia.com>
---
support/dependencies/dependencies.mk | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/support/dependencies/dependencies.mk b/support/dependencies/dependencies.mk
index d4b0409..ef2ae9b 100644
--- a/support/dependencies/dependencies.mk
+++ b/support/dependencies/dependencies.mk
@@ -23,8 +23,8 @@ core-dependencies:
DL_TOOLS="$(sort $(DL_TOOLS_DEPENDENCIES))" \
$(TOPDIR)/support/dependencies/dependencies.sh
-dependencies: HOSTCC=$(HOSTCC_NOCCACHE)
-dependencies: HOSTCXX=$(HOSTCXX_NOCCACHE)
+core-dependencies $(DEPENDENCIES_HOST_PREREQ): HOSTCC=$(HOSTCC_NOCCACHE)
+core-dependencies $(DEPENDENCIES_HOST_PREREQ): HOSTCXX=$(HOSTCXX_NOCCACHE)
dependencies: core-dependencies $(DEPENDENCIES_HOST_PREREQ)
################################################################################
--
2.7.4
^ permalink raw reply related
* [Buildroot] [autobuild.buildroot.net] Build results for 2017-04-27
From: Thomas Petazzoni @ 2017-04-28 9:08 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170428084433.7pb5lamlgxy2hzau@tarshish>
Hello,
On Fri, 28 Apr 2017 11:44:33 +0300, Baruch Siach wrote:
> Incompatibility of ola with protobuf 3.2.0. An upstream issue[1] is open since
> January.
>
> Should we revert the protobuf bump? Remove ola?
Remove ola is I believe the right approach. According to the Github
issue, Fedora has done the same thing.
I believe it's more important to stay up-to-date with protobuf than it
is to keep ola as a package, especially since ola is not used as a
dependency for any other package.
Maybe just mark it BROKEN for now?
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply
* [Buildroot] [autobuild.buildroot.net] Build results for 2017-04-27
From: Baruch Siach @ 2017-04-28 8:44 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170428062842.1E44E20E06@mail.free-electrons.com>
Hi Thomas, all,
On Fri, Apr 28, 2017 at 08:28:42AM +0200, Thomas Petazzoni wrote:
> arm | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/02f731fa25356650367f82482d0560cd91f73fd6 |
> powerpc | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/f51e44049e75b9459b9a214604d0f3fef2b6c9d8 |
> arc | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/ba9d2c9d0547e5ea0ae5c74d03b830983477cf13 |
> arm | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/e2f743a49db9f2be2940a30acfd1a9277a683536 |
> arm | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/4975dbe9c0b78edbe4a8ee98a954a95f0945c4ac |
> sh4 | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/4a4ddce130c3e921d37fdc1756f97e44ce7d5cdf |
> mips64el | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/2c2a0f9745fb0b9043ef83d1e7c3d3c0463f0b4d |
> arm | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/aa78260d85d22124c62b4307ffce7b9a15b3073c |
> xtensa | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/ca412df3c23317f20465fbddc994e1f914dc58a9 |
> powerpc | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/1f3e8ad6e019099f262ec5b7d48678c079c743c6 |
> m68k | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/a1f0072c1c634186b6f3c9835c1b6fefd5639ac2 |
> powerpc64le | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/358980f2ea11de64a7e1f0e1c41672e1c92cecf4 |
> i686 | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/0e64a8e89a26065946b3d06f654717fd5b06cb65 |
> arm | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/2b779b54234bbf5eef99bbc03fdc789c30a91e9b |
> mips64el | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/197057bba433136833d3f26733ef090f200ff8d2 |
> mips64el | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/198c9363b768a9627cdbc7c8ff4da40f55983bc3 |
> mips64el | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/6cce4b0282f8b6edc39f64ef1edae5c383714522 |
> mips | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/d87915146a81660bce24138f3afd48963e211477 |
> arm | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/04100c7c98b3e041409b8f245476fe9a8ce054d1 |
> sparc64 | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/2d75ca65cf60f4332a04c43ed8f9eac670c62c32 |
Incompatibility of ola with protobuf 3.2.0. An upstream issue[1] is open since
January.
Should we revert the protobuf bump? Remove ola?
[1] https://github.com/OpenLightingProject/ola/issues/1192
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
^ permalink raw reply
* [Buildroot] [PATCH] ghostscript: add upstream security fixes for CVE-2017-8291
From: Peter Korsgaard @ 2017-04-28 7:49 UTC (permalink / raw)
To: buildroot
CVE-2017-8291 - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
and remote command execution via a "/OutputFile (%pipe%" substring in a
crafted .eps document that is an input to the gs program, as exploited in
the wild in April 2017.
For more details, see https://bugzilla.suse.com/show_bug.cgi?id=1036453
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...-697799-have-.eqproc-check-its-parameters.patch | 33 ++++++++++++
...7799-have-.rsdparams-check-its-parameters.patch | 62 ++++++++++++++++++++++
2 files changed, 95 insertions(+)
create mode 100644 package/ghostscript/0003-Bug-697799-have-.eqproc-check-its-parameters.patch
create mode 100644 package/ghostscript/0004-Bug-697799-have-.rsdparams-check-its-parameters.patch
diff --git a/package/ghostscript/0003-Bug-697799-have-.eqproc-check-its-parameters.patch b/package/ghostscript/0003-Bug-697799-have-.eqproc-check-its-parameters.patch
new file mode 100644
index 000000000..becdc6605
--- /dev/null
+++ b/package/ghostscript/0003-Bug-697799-have-.eqproc-check-its-parameters.patch
@@ -0,0 +1,33 @@
+From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 27 Apr 2017 13:03:33 +0100
+Subject: [PATCH] Bug 697799: have .eqproc check its parameters
+
+The Ghostscript custom operator .eqproc was not check the number or type of
+the parameters it was given.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ psi/zmisc3.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 54b304246..37293ff4b 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
+ ref2_t stack[MAX_DEPTH + 1];
+ ref2_t *top = stack;
+
++ if (ref_stack_count(&o_stack) < 2)
++ return_error(gs_error_stackunderflow);
++ if (!r_is_array(op - 1) || !r_is_array(op)) {
++ return_error(gs_error_typecheck);
++ }
++
+ make_array(&stack[0].proc1, 0, 1, op - 1);
+ make_array(&stack[0].proc2, 0, 1, op);
+ for (;;) {
+--
+2.11.0
+
diff --git a/package/ghostscript/0004-Bug-697799-have-.rsdparams-check-its-parameters.patch b/package/ghostscript/0004-Bug-697799-have-.rsdparams-check-its-parameters.patch
new file mode 100644
index 000000000..9ba170b31
--- /dev/null
+++ b/package/ghostscript/0004-Bug-697799-have-.rsdparams-check-its-parameters.patch
@@ -0,0 +1,62 @@
+From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 27 Apr 2017 13:21:31 +0100
+Subject: [PATCH] Bug 697799: have .rsdparams check its parameters
+
+The Ghostscript internal operator .rsdparams wasn't checking the number or
+type of the operands it was being passed. Do so.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ psi/zfrsd.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/psi/zfrsd.c b/psi/zfrsd.c
+index 191107d8a..950588d69 100644
+--- a/psi/zfrsd.c
++++ b/psi/zfrsd.c
+@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
+ ref *pFilter;
+ ref *pDecodeParms;
+ int Intent = 0;
+- bool AsyncRead;
++ bool AsyncRead = false;
+ ref empty_array, filter1_array, parms1_array;
+ uint i;
+- int code;
++ int code = 0;
++
++ if (ref_stack_count(&o_stack) < 1)
++ return_error(gs_error_stackunderflow);
++ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
++ return_error(gs_error_typecheck);
++ }
+
+ make_empty_array(&empty_array, a_readonly);
+- if (dict_find_string(op, "Filter", &pFilter) > 0) {
++ if (r_has_type(op, t_dictionary)
++ && dict_find_string(op, "Filter", &pFilter) > 0) {
+ if (!r_is_array(pFilter)) {
+ if (!r_has_type(pFilter, t_name))
+ return_error(gs_error_typecheck);
+@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
+ return_error(gs_error_typecheck);
+ }
+ }
+- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
++ if (r_has_type(op, t_dictionary))
++ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+ if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
+ return code;
+- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
+- )
+- return code;
++ if (r_has_type(op, t_dictionary))
++ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
++ return code;
+ push(1);
+ op[-1] = *pFilter;
+ if (pDecodeParms)
+--
+2.11.0
+
--
2.11.0
^ permalink raw reply related
* [Buildroot] [PATCH 1/1] openocd: bump to 0.10.0
From: Christophe PRIOUZEAU @ 2017-04-28 7:28 UTC (permalink / raw)
To: buildroot
Update openocd to 0.10.0
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
---
package/openocd/openocd.hash | 6 +++---
package/openocd/openocd.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/openocd/openocd.hash b/package/openocd/openocd.hash
index 4ca11e2..b36c816 100644
--- a/package/openocd/openocd.hash
+++ b/package/openocd/openocd.hash
@@ -1,3 +1,3 @@
-# From http://sourceforge.net/projects/openocd/files/openocd/0.9.0/
-sha1 bcf99bb21f09513065b2c9ece148ace7d16cdd0c openocd-0.9.0.tar.bz2
-md5 665cc98ae9e7297e09ec6ac7235fee49 openocd-0.9.0.tar.bz2
+# From http://sourceforge.net/projects/openocd/files/openocd/0.10.0/
+sha1 3245d43d60a1a93f8b0f6b1ce20b53e38cab7a4a openocd-0.10.0.tar.bz2
+md5 b412bdef0481a3859c6585eb69f6f6ba openocd-0.10.0.tar.bz2
diff --git a/package/openocd/openocd.mk b/package/openocd/openocd.mk
index 911d311..7c76c59 100644
--- a/package/openocd/openocd.mk
+++ b/package/openocd/openocd.mk
@@ -4,7 +4,7 @@
#
################################################################################
-OPENOCD_VERSION = 0.9.0
+OPENOCD_VERSION = 0.10.0
OPENOCD_SOURCE = openocd-$(OPENOCD_VERSION).tar.bz2
OPENOCD_SITE = http://sourceforge.net/projects/openocd/files/openocd/$(OPENOCD_VERSION)
--
2.7.4
^ permalink raw reply related
* [Buildroot] [PATCH v2] x11vnc: update to 0.9.14
From: Martin Kepplinger @ 2017-04-28 7:02 UTC (permalink / raw)
To: buildroot
In-Reply-To: <1493210235-7076-1-git-send-email-martin.kepplinger@ginzinger.com>
On 2017-04-26 14:37, Martin Kepplinger wrote:
> This uses x11vnc's new upstream location at github. Autoreconf is
> added because it's really only a code snapshot release.
>
> Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
> ---
>
> In the end you're right and there's nothing special here. Without any reason,
> buildroot doesn't hold on an old version. People do releases. People break
> stuff. People fix stuff. Since I happen to need a fix in the upcoming 0.9.15
> this is probably more reason to randomly update than other updates have.
>
> ... I tested it. For me, using Xfbdev, this 0.9.14 works just fine :)
>
>
> revision history
> ----------------
> v2: use the github helper instead of a URL
> v1: initial proposal to update 0.9.13 to 0.9.14
>
Any objections? What *is* to note here maybe, is that with 0.9.14 they
renamed their x11vnc souce directory to src internally. In case people
have patches, they need to be adapted. But again, that's nothing special
here :)
thanks
martin
^ permalink raw reply
* [Buildroot] [autobuild.buildroot.net] Build results for 2017-04-27
From: Thomas Petazzoni @ 2017-04-28 6:28 UTC (permalink / raw)
To: buildroot
Hello,
Build statistics for 2017-04-27
================================
successes : 129
failures : 56
timeouts : 0
TOTAL : 185
Classification of failures by reason
====================================
ola-0.10.2 | 20
aircrack-ng-1.2-rc4 | 12
mpir-3.0.0 | 4
mpv-0.25.0 | 4
uboot-tools-2017.03 | 4
libsndfile-1.0.28 | 3
protobuf-3.2.0 | 3
libxml2-2.9.4 | 2
binutils-2.27 | 1
qt5base-5.8.0 | 1
sdl2-2.0.5 | 1
shairport-sync-3.0.1 | 1
Detail of failures
===================
mipsel | aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/3c1a467756b91417b9a2f8889ec50e4f336f7775 |
microblazeel | aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/f60292327b0ad188925523d8e2d7bc55e50c9dc4 |
powerpc | aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/39c49943b07e362ef1f6473c3a56484e596e9680 |
powerpc | aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/621588651b5cf54726bbf5361399a2dc301b8a29 |
nios2 | aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/1211176a82430f555b09606abc64137a196ded2d |
arm | aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/628a66ef766308fba699f1faa942306e600e5575 |
powerpc | aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/9d546af634c31d6d745c5267f9712f3a2e7d8ec1 |
m68k | aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/0bf1dd99a742b505a119383ffe60ca047d526c02 |
arm | aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/e02e832a49972ba464f7749cb89d2b20b8df4484 |
arm | aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/14bdbd5f48952d3ce454f048239a6e66fdd66de7 |
nios2 | aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/248ae80deba887afd2263dc9c258de4e87112d87 |
sparc64 | aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/e0ae341030f1278a65284a33c68d300115969b08 |
bfin | binutils-2.27 | NOK | http://autobuild.buildroot.net/results/10b523fff4876003edf01223fdcae1004cb6ee18 | ORPH
arm | libsndfile-1.0.28 | NOK | http://autobuild.buildroot.net/results/0bf4a305710a210605539d94b65e100b3e619d67 |
x86_64 | libsndfile-1.0.28 | NOK | http://autobuild.buildroot.net/results/d04032c4e84abbce8bdee99802532fda90f64470 |
arm | libsndfile-1.0.28 | NOK | http://autobuild.buildroot.net/results/cdcf7dfcac9b65f5258de7164525da5b983ab905 |
arm | libxml2-2.9.4 | NOK | http://autobuild.buildroot.net/results/fb6f88934465fab5ebbcbbd65727506e701d7163 | ORPH
arm | libxml2-2.9.4 | NOK | http://autobuild.buildroot.net/results/68a47885bfd17946deeffb50dfa92a57a76d947a | ORPH
powerpc64le | mpir-3.0.0 | NOK | http://autobuild.buildroot.net/results/be1478836b2e7b580174641f48de92c9b02512a7 |
powerpc64le | mpir-3.0.0 | NOK | http://autobuild.buildroot.net/results/05ef4b61ce923282eea806db32f539f59e76e4d9 |
mips64el | mpir-3.0.0 | NOK | http://autobuild.buildroot.net/results/77fe48deb073f7310f8f42f0057f17785152841d |
mips64el | mpir-3.0.0 | NOK | http://autobuild.buildroot.net/results/3cd863fc36ca1e1d49d29233e0cd7b6a80bc92b4 |
mips64el | mpv-0.25.0 | NOK | http://autobuild.buildroot.net/results/afe572dfe72c127aeac33f2f8375b76fe156be8a |
x86_64 | mpv-0.25.0 | NOK | http://autobuild.buildroot.net/results/e408957b6eb263a97f6c8702228182d50233789b |
mips64el | mpv-0.25.0 | NOK | http://autobuild.buildroot.net/results/1df718f8dae6bd6dae5324582b266cb34b50b256 |
aarch64 | mpv-0.25.0 | NOK | http://autobuild.buildroot.net/results/2524af71ce6dfc8aedb1d287b6d9af018ce57bd9 |
arm | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/02f731fa25356650367f82482d0560cd91f73fd6 |
powerpc | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/f51e44049e75b9459b9a214604d0f3fef2b6c9d8 |
arc | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/ba9d2c9d0547e5ea0ae5c74d03b830983477cf13 |
arm | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/e2f743a49db9f2be2940a30acfd1a9277a683536 |
arm | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/4975dbe9c0b78edbe4a8ee98a954a95f0945c4ac |
sh4 | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/4a4ddce130c3e921d37fdc1756f97e44ce7d5cdf |
mips64el | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/2c2a0f9745fb0b9043ef83d1e7c3d3c0463f0b4d |
arm | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/aa78260d85d22124c62b4307ffce7b9a15b3073c |
xtensa | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/ca412df3c23317f20465fbddc994e1f914dc58a9 |
powerpc | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/1f3e8ad6e019099f262ec5b7d48678c079c743c6 |
m68k | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/a1f0072c1c634186b6f3c9835c1b6fefd5639ac2 |
powerpc64le | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/358980f2ea11de64a7e1f0e1c41672e1c92cecf4 |
i686 | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/0e64a8e89a26065946b3d06f654717fd5b06cb65 |
arm | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/2b779b54234bbf5eef99bbc03fdc789c30a91e9b |
mips64el | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/197057bba433136833d3f26733ef090f200ff8d2 |
mips64el | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/198c9363b768a9627cdbc7c8ff4da40f55983bc3 |
mips64el | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/6cce4b0282f8b6edc39f64ef1edae5c383714522 |
mips | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/d87915146a81660bce24138f3afd48963e211477 |
arm | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/04100c7c98b3e041409b8f245476fe9a8ce054d1 |
sparc64 | ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/2d75ca65cf60f4332a04c43ed8f9eac670c62c32 |
i586 | protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/3b3fe16978f19e65a6c6dc1712d72cb349eed0d5 | ORPH
arm | protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/fc5ea266eecb6ecab011ea3542f0bb680fb8fb3b | ORPH
i586 | protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/f307e9286e5eb069c137340a364f3dba914ca8c5 | ORPH
sparc | qt5base-5.8.0 | NOK | http://autobuild.buildroot.net/results/4081e77196810af391af30fedde89348d61cd7d4 |
arm | sdl2-2.0.5 | NOK | http://autobuild.buildroot.net/results/005fe68512ac8b6f7baa692a4b15b69cf23ac8f5 |
powerpc | shairport-sync-3.0.1 | NOK | http://autobuild.buildroot.net/results/56edac103c3bf4740b45f0044f4aca9bf997f4d6 |
x86_64 | uboot-tools-2017.03 | NOK | http://autobuild.buildroot.net/results/65e102efb7f692812a10bd47210527cafa847a40 | ORPH
arc | uboot-tools-2017.03 | NOK | http://autobuild.buildroot.net/results/1d98ffe53bcb0a1868715257cc69c176a5ae39b6 | ORPH
sparc64 | uboot-tools-2017.03 | NOK | http://autobuild.buildroot.net/results/ea73119872a885b64b2e9846c02042f27984d99e | ORPH
i686 | uboot-tools-2017.03 | NOK | http://autobuild.buildroot.net/results/22d6cc87bd160b0c973856acddb3d9d05ccb2286 | ORPH
--
http://autobuild.buildroot.net
^ permalink raw reply
* [Buildroot] [PATCH] protobuf: fix musl build
From: Baruch Siach @ 2017-04-28 6:24 UTC (permalink / raw)
To: buildroot
In-Reply-To: <CAKKQwLSUE_Th7oV=PW4wUWDo+W+kZSE9LZ5yRE4AnKmM18mXaA@mail.gmail.com>
Hi Mario,
On Thu, Apr 27, 2017 at 06:12:14PM -0300, Mario Rugiero wrote:
> Looks good to me.
Thanks.
Care to send a formal Acked-by for patchwork to note?
baruch
> 2017-04-27 17:19 GMT-03:00 Baruch Siach <baruch@tkos.co.il>:
> > Add upstream patch fixing conflict with musl defined major/minor macros.
> >
> > Fixes:
> > http://autobuild.buildroot.net/results/fc5/fc5ea266eecb6ecab011ea3542f0bb680fb8fb3b/
> > http://autobuild.buildroot.net/results/3b3/3b3fe16978f19e65a6c6dc1712d72cb349eed0d5/
> > http://autobuild.buildroot.net/results/1da/1dac9d5e49342700036c90ed4785fff7398b8966/
> >
> > Cc: Mario J. Rugiero <mrugiero@gmail.com>
> > Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> > ---
> > package/protobuf/protobuf.hash | 1 +
> > package/protobuf/protobuf.mk | 2 ++
> > 2 files changed, 3 insertions(+)
> >
> > diff --git a/package/protobuf/protobuf.hash b/package/protobuf/protobuf.hash
> > index 9ec6bc759d8f..8c2ade37e7cd 100644
> > --- a/package/protobuf/protobuf.hash
> > +++ b/package/protobuf/protobuf.hash
> > @@ -1,2 +1,3 @@
> > # Locally calculated
> > sha256 51d773e4297238b282eaa4c1dd317099675b12eef2b414732b851c00459225c6 protobuf-cpp-3.2.0.tar.gz
> > +sha256 da80c39838515913633f4cbd875fdd4ad711be95c83a50ff5096b9f1254033b3 416f90939d4de58fe1a4e2489120010313183291.patch
> > diff --git a/package/protobuf/protobuf.mk b/package/protobuf/protobuf.mk
> > index a3e96d4f898c..610da8c04a94 100644
> > --- a/package/protobuf/protobuf.mk
> > +++ b/package/protobuf/protobuf.mk
> > @@ -19,6 +19,8 @@ PROTOBUF_CONF_OPTS = --with-protoc=$(HOST_DIR)/usr/bin/protoc
> >
> > PROTOBUF_INSTALL_STAGING = YES
> >
> > +PROTOBUF_PATCH = https://github.com/google/protobuf/commit/416f90939d4de58fe1a4e2489120010313183291.patch
> > +
> > ifeq ($(BR2_PACKAGE_ZLIB),y)
> > PROTOBUF_DEPENDENCIES += zlib
> > endif
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox