Fixes CVE-2014-9402 - denial of service in getnetbyname function.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- Indicate in the Config.in help text that this policy compiler is
SELinux related.
- Rewrap Config.in help text and remove trailing white space.
- Add a comment in the .mk file to indicate why we're passing
DESTDIR= at build time.]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Irqbalance is a daemon to help balance the cpu load generated by
interrupts across all of a systems cpus.
[Thomas:
- Add upstream URL in Config.in help text.
- Fix indentation of init script.]
Signed-off-by: Karoly Kasza <kaszak@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
For portability. All other Buildroot scripts (i.e. scripts that run on
host) already use the "/usr/bin/env bash" shebang.
This change is needed for NixOS, which lacks a global /bin/bash.
Signed-off-by: Bjørn Forsman <bjorn.forsman@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The libiio library will compile fine with a toolchain that doesn't
support threads (tested with br-arm-full-nothread.config).
Only the IIOD program requires support for threading.
Signed-off-by: Paul Cercueil <paul.cercueil@analog.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2015-0559, CVE-2015-0560 - The WCCP dissector could crash.
CVE-2015-0561 - The LPP dissector could crash.
CVE-2015-0562 - The DEC DNA Routing Protocol dissector could crash.
CVE-2015-0563 - The SMTP dissector could crash.
CVE-2015-0564 - Wireshark could crash while decypting TLS/SSL sessions.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2014-8150 - When libcurl sends a request to a server via a HTTP
proxy, it copies the entire URL into the request and sends if off.
If the given URL contains line feeds and carriage returns those will be
sent along to the proxy too, which allows the program to for example
send a separate HTTP request injected embedded in the URL.
CVE-2014-8151 - libcurl stores TLS Session IDs in its associated Session
ID cache when it connects to TLS servers. In subsequent connects it
re-uses the entry in the cache to resume the TLS connection faster than
when doing a full TLS handshake. The actual implementation for the
Session ID caching varies depending on the underlying TLS backend.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Getting the hashes from upstream is not always possible:
- Mentor's Sourcery: seems to require an account
- TI's Arago: not able to locate the upstream.
- Linaro: only signatures
- Misc other toolchains.
So, all hashes were locally computed.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When using a custom local tree, we're using the OVERRIDE_SRCDIR
internally, which means we do not apply patches. Since this is the
expected behavior, make BR2_LINUX_KERNEL_PATCH and
BR2_LINUX_KERNEL_CUSTOM_LOCAL options exclusive.
Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Our curl package is really named libcurl.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This makes "make menuconfig" also work on systems where ncurses is not
installed in a standard location (such as on NixOS).
This patch changes ccflags() so that it tries pkg-config first, and only
if pkg-config fails does it go back to the fallback/manual checks. This
is the same algorithm that ldflags() already uses.
[This patch is already applied upstream (is part of linux v3.18):
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=be8af2d54a66911693eddc556e4f7a866670082b
I'm adding this instead of doing a full upstream kconfig sync because
there was a conflict in one of the Buildroot kconfig patches (against
linux 3.18-rc1), which I was unable to resolve. Just drop this patch next time
Buildroot kconfig is synced against upstream.
]
Signed-off-by: Bjørn Forsman <bjorn.forsman@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Buildroot unexports PKG_CONFIG_PATH in the top-level Makefile for purity
reasons. But it has an unfortunate side-effect in that "make menuconfig"
will not (necessarily) be able to pick up ncurses via host pkg-config,
breaking "make menuconfig" on systems where ncurses is installed in a
non-standard location.
This patch saves the original PKG_CONFIG_PATH variable in
HOST_PKG_CONFIG_PATH and restores the original PKG_CONFIG_PATH variable
only in the sub-processes that builds the various menuconfig/nconfig/...
targets.
(PKG_CONFIG_PATH has to be placed in front of the make command so that it
propagates to sub-processes. If given as an argument, it doesn't work.)
Signed-off-by: Bjørn Forsman <bjorn.forsman@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Bump version to 1.15
-Add a hash file
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thanks to Baruch Siach for the suggestion.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add a patch to install headers and static library separately.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also remove tests since they require static libraries.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- Change the dependency logic in the Config.in file. We don't want to
have a 'depends on BR2_PACKAGE_QT5GRAPHICALEFFECTS': it should be
selected automatically. Instead, let's have a dependency on Qt5 and
OpenGL, and select everything else automatically. A comment is
added, shown only when Qt5 is available, on the right platforms
(which have JSCore support), to explain that we need an OpenGL
backend.
- Change the prompt of the package to be qt5cinex, to match the
package name.
- Replace "High-definition support" by "High-definition version".
- Fix a typo in the Config.in help text: definifition -> definition.
- Add a comment in the .mk file explaining why we install a wrapper
shell script (explanation taken from Pierre's e-mail).
- Fix indentation in the install target commands.
- Keep only sha256 hashes, those are sufficient. Replace the comment
in the hash file by the more traditional "Locally computed".]
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-6272 - integer overflow bugs in evbuffer_add() and
related functions.
Also file hash file (was stale) and switch to sourceforge for a
stable/proper hash.
Patch 0002-Avoid-using-top_srcdir-in-TESTS.patch is upstream so remove.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Quite a number of scripts use xxd, so install it as well.
Install it unconditionally as the size is trivial compared to vim (~10kb vs
~1.5MB).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On machines where xzcat/unxz is not available, we build host-xz. So if
host-xz is itself downloaded as a xz-compressed archive, it doesn't
work. Revert back to a .bz2 archive.
Fixes:
http://autobuild.buildroot.org/results/79e/79ecba46f353546ba60ae86dd3898b4d86c056a0/
(and many similar failures)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Bump version to 1.3.6
- Update the hash value
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
There is no need to have "AUTORECONF = YES" since the patch which
modified the "configure.in" file was removed in the last version bump.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Bump version to 0.161
- Remove the portability patch. We don't need to have it in Buildroot
since it includes the version number so we can download it safely
without having collisions between versions.
- Adapt the patches that need to be adapted.
- Rename patches to start from 0001.
- Update the hash value and add a new value for the portability patch.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Bump version to 4.6.1
-Add a hash file
-Use xz tarball to save space and bandwidth
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Bump version to 5.2.0
-Update hash file
-Use xz tarball instead of bz2 to save space and bandwidth
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It's now a split option with pki and scep, with some other tools being
deprecated upstream so select both when tools was selected to get as
close as possible.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-9221 - denial-of-service vulnerability triggered by an
IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025.
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Make gzip install binaries to / rather than /usr to fix bug #7766, it's
the FHS mandated target.
This also avoids duplicating binaries with busybox when both are
installed.
Also make gzip install after busybox if both are enabled to make the
proper gzip package override any busybox version since it's usually more
lightweight in functionality and slower.
And add a hash file while at it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adding a patch to move AC_CONFIG_AUX_DIR up a few lines so the autotools
can find it.
This patch is based on the same solution adopted by Debian:
https://lists.debian.org/debian-release/2014/11/msg01231.html
This will prevent a build failure like this one caused by a version bump
of the automake package:
configure: error: cannot find install-sh, install.sh, or shtool in "."
"./.." "./../.."
Related:
http://lists.busybox.net/pipermail/buildroot/2015-January/116604.html
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
