aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* package/qt5/qt5base: exclude OpenSSL functionality for Qt 5.6.xGravatar James Grant2019-03-011-0/+5
| | | | | | | | | No patch back-porting OpenSSL 1.1.x support to Qt 5.6.x is available. https://development.qt-project.narkive.com/RW4wxYXY/openssl-1-1-x-support-on-qt-5-6-5-9 Signed-off-by: James Grant <james.grant@jci.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/qt5/qt5base: add custom configure options lastGravatar James Grant2019-03-011-2/+3
| | | | | | | | This allows all options set by Buildroot to be overridden. Signed-off-by: James Grant <james.grant@jci.com> [Peter: drop original line as pointed out by Thomas] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* support/dependencies: require at least CMake 3.8Gravatar Fabrice Fontaine2019-03-012-93/+3
| | | | | | | | | | | | | | | | | gerbera package in version 1.3 unfortunately now requires CMake >= 3.8 for C++17 macros: https://github.com/gerbera/gerbera/commit/b5fd39f30fb10385ec228b71377685206a609c3a So we need to bump our requirement from 3.1 to 3.8. If the host doesn't have a CMake >= 3.8, Buildroot will build its own host-cmake package. Also drop patch that relax cmake requirement on json-for-modern-cpp Fixes: - http://autobuild.buildroot.org/results/6405647b47b132ff5d0d211b92d407322d52d507 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/zbar: needs c99 modeGravatar Peter Seiderer2019-02-281-0/+2
| | | | | | | | | | | | | | | Fixes [1]: bar/sqcode.c: In function 'sq_scan_shape': zbar/sqcode.c:171:5: error: 'for' loop initial declarations are only allowed in C99 or C11 mode for (int x = x0 - 1; x < x0 + width + 1; x++) { ^ zbar/sqcode.c:171:5: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code [1] http://autobuild.buildroot.net/results/7d544275756f655f9d42c05562aca653923155b1 Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* {linux, linux-headers}: bump 4.{4, 9, 14, 19, 20}.x seriesGravatar Peter Korsgaard2019-02-273-11/+11
| | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* runc: depend on linux headers >= 3.11 for O_TMPFILEGravatar Christian Stewart2019-02-273-5/+11
| | | | | | | | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/63e9d88ae5177541be463f1e2aafec59aa410479 Add dependency on headers >= 3.11 for O_TMPFILE, used by runc after the fix for CVE-2019-5736 and propagate to the reverse dependencies of runc. Notice that C library support for O_TMPFILE is also needed, which was added in glibc 2.19 and musl 0.9.15. Signed-off-by: Christian Stewart <christian@paral.in> [Peter: squash series, extend commit message, mention C library dependency, fix indentation] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/systemd: add upstream security fixesGravatar Baruch Siach2019-02-262-0/+247
| | | | | | | | | | CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message from unprivileged user Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/stress-ng: add libbsd optional dependencyGravatar Baruch Siach2019-02-261-0/+4
| | | | | | | | stress-ng optionally detects and uses BSD wcsl* wchar string functions. Cc: Romain Naour <romain.naour@gmail.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* DEVELOPERS: Add myself to several packages.Gravatar Adam Duskett2019-02-261-0/+4
| | | | | Signed-off-by: Adam Duskett <Aduskett@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/cryptopp: fix dos/unix newlines in patchGravatar Peter Korsgaard2019-02-261-8/+8
| | | | | | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/0a26265961747600388258d32ba7dc9226c9249b/ Commit 40005b9a0da6 (package/cryptopp: fix build with gcc < 4.9) added a patch to fix building with old toolchains. The source code unfortunately contains a mix of DOS and UNIX newlines, and the DOS new lines got stripped by the mailing list, causing the patch to no longer apply. Fix up the patch manually. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/gcc: bump to version 8.3.0Gravatar Romain Naour2019-02-264-83/+3
| | | | | | | | | | | | Remove upsteam xtensa patches: https://github.com/gcc-mirror/gcc/commit/68ca69a4854af36c90531b33a4c540464dbc6a23 https://github.com/gcc-mirror/gcc/commit/972057cb254e355805bfcd4a47d5c6f743cb76f4 Tested using Toolchain-builder: https://gitlab.com/kubu93/toolchains-builder/pipelines/48904471 Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* boot/syslinux: fix build with EFI supportGravatar Carlos Santos2019-02-261-0/+45
| | | | | | | | | Commit 1a437fd22f bumped gnu-efi to version 3.0.9. This breaks the build of syslinux with EFI support due to multiple definitions of 'memset' and 'memcpy'. Backport a patch already applied upstream to fix the problem. Signed-off-by: Carlos Santos <casantos@datacom.com.br> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/iproute2: backport patch to fix compilation under glibc < 2.18Gravatar Thomas De Schampheleire2019-02-251-0/+39
| | | | | | | | | | | When compiling iproute2 using a toolchain containing glibc 2.17 and older, it fails due to a missing definition of AF_VSOCK. Add a submitted and accepted upstream patch to fix this issue. Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Reviewed-by: Petr Vorel <petr.vorel@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/pkg-meson: fix meson cpu_family formatGravatar James Hilliard2019-02-251-1/+1
| | | | | | | | | meson requires a custom cpu_family format https://mesonbuild.com/Reference-tables.html#cpu-families Signed-off-by: James Hilliard <james.hilliard1@gmail.com> Reviewed-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/libssh: bump to version 0.8.7Gravatar Baruch Siach2019-02-253-32/+3
| | | | | | | | | | | | | | | Drop upstream patch. Fixes strict-overflow build error with older toolchains. Fixes: http://autobuild.buildroot.net/results/b95b1939a55111fc6b90ef253a32402b87f9c4ab/ http://autobuild.buildroot.net/results/281cb7b940178e4fe98940ddeed07ad546b23931/ http://autobuild.buildroot.net/results/e95d5957c19ff01120903a66d1167279a34da2ce/ Cc: Scott Fan <fancp2007@gmail.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/stress-ng: Fix author email in 0003-test-test-bsd-wchar-...patchGravatar Vadim Kochan2019-02-251-1/+1
| | | | | | | | Author's and sign-off's emails differs, so fix the author's one which is not valid anymore. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/ibrcommon: fix dos/unix newlines in patchGravatar Peter Korsgaard2019-02-241-49/+49
| | | | | | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/e88/e881667f388eea4cce2f804b373af4e3038e7b52/ commit fc9f9cd76f (package/ibrcommon: fix static build with openssl) added a patch to fix static linking. The source code unfortunately contains a mix of DOS and UNIX newlines, and the DOS new lines got stripped by the mailing list, causing the patch to no longer apply. Fix up the patch manually. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/botan: link with libatomic when neededGravatar Fabrice Fontaine2019-02-241-0/+7
| | | | | | | | | | | | | | | | On some architectures, atomic built-ins are provided by the libatomic library from gcc. Linking with libatomic is therefore necessary, otherwise the build fails with: sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line This is often for example the case on sparcv8 32 bit. Fixes: - http://autobuild.buildroot.org/results/a442734c570e4a02854014d831ba3aab9f592430 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/libcpprestsdk: link with libatomic when neededGravatar Fabrice Fontaine2019-02-241-0/+4
| | | | | | | | | | | | | | | | On some architectures, atomic binutils are provided by the libatomic library from gcc. Linking with libatomic is therefore necessary, otherwise the build fails with: sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line This is often for example the case on sparcv8 32 bit. Fixes: - http://autobuild.buildroot.org/results/983537ceb38add50ca0a2316f39a2964db1b83c5 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/i2pd: link with libatomic when neededGravatar Fabrice Fontaine2019-02-241-0/+4
| | | | | | | | | | | | | | | | On some architectures, atomic binutils are provided by the libatomic library from gcc. Linking with libatomic is therefore necessary, otherwise the build fails with: sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line This is often for example the case on sparcv8 32 bit. Fixes: - http://autobuild.buildroot.org/results/515160349b11f06a090f3e13992e30da9a402c17 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/lua-curl: add variant definition of lcurl_url_tGravatar Francois Perrad2019-02-241-0/+40
| | | | | | | | | | | | | | | lua-curl has separate code paths for compilers that support forward typedef declarations and those who don't. For the latter case, one structure was not properly defined, causing a build failure with older compilers. Fixes: http://autobuild.buildroot.org/results/8d76ad49837b368a7bba3c3dfd445a035471268a/ Signed-off-by: Francois Perrad <francois.perrad@gadz.org> [Thomas: improve commit log] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/clamav: link with libatomic when neededGravatar Bernd Kuhls2019-02-241-0/+4
| | | | | | | | | | | | | | Configure check for OpenSSL fails: /accts/mlweber1/rclinux/rc-buildroot-test/scripts/instance-3/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_atomic_add': threads_pthread.c:(.text+0x1dc): undefined reference to `__atomic_is_lock_free' threads_pthread.c:(.text+0x1f4): undefined reference to `__atomic_fetch_add_4' Fixes http://autobuild.buildroot.net/results/cae8da81adff3ba493154e0ba8b21d90367f82eb/ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/qt5base: fix double-conversion compile for riscvGravatar Peter Seiderer2019-02-241-0/+31
| | | | | | | | | | | | Fixes [1], [2]: ../3rdparty/double-conversion/include/double-conversion/utils.h:83:2: error: #error Target architecture was not detected as supported by Double-Conversion. [1] http://autobuild.buildroot.net/results/8bdb6a2b56f6ea96649184e5fef6ce2c56b9ec2b [2] http://autobuild.buildroot.net/results/63ba267674b424786bb10c97c565f4306147f95a Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/upmpdcli: needs NPTLGravatar Fabrice Fontaine2019-02-241-3/+5
| | | | | | | | | | | | The software uses pthread_mutexattr_setrobust which isn't available in uClibc-ng Linuxthreads support. Fixes: - http://autobuild.buildroot.org/results/197615ad077b0a719954024c3ba182dac43a0555 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Acked-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/systemd: fix build with older kernelsGravatar Fabrice Fontaine2019-02-244-0/+133
| | | | | | | | | | | | These 4 patches have been sent upstream and merged in version 241: https://github.com/systemd/systemd/pull/11641 Fixes: - http://autobuild.buildroot.org/results/970b09e1d49b53dff12a07ca4ad424ef9dd29a69 - http://autobuild.buildroot.org/results/0a671b08d5e74ff0b04024e729c498c4444e3e92 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* docs/website: update for 2018.11.3Gravatar Peter Korsgaard2019-02-242-9/+28
| | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Update for 2018.11.3Gravatar Peter Korsgaard2019-02-241-0/+30
| | | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 8147c71039f775c8b10e6eceab78d43bb557bde5) [Peter: drop Makefile changes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* docs/website: update for 2018.02.11Gravatar Peter Korsgaard2019-02-232-9/+28
| | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Update for 2018.02.11Gravatar Peter Korsgaard2019-02-231-0/+22
| | | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 56347fc8eabc7c563bb9794ac5a9429fb9d2a6d9) [Peter: drop Makefile changes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/ibrcommon: fix static build with opensslGravatar Fabrice Fontaine2019-02-231-0/+94
| | | | | | | | | | | | | | | | | gf_mul is already defined in libcrypto (openssl) so rename it into ibrdtn_gf_mul to fix the following build failure in ibrdtnd package: /home/buildroot/autobuild/instance-3/output/host/bin/../arm-buildroot-uclinux-uclibcgnueabi/sysroot/usr/lib/libcrypto.a(f_impl.o): In function `gf_mul': f_impl.c:(.text+0x0): multiple definition of `gf_mul' /home/buildroot/autobuild/instance-3/output/host/arm-buildroot-uclinux-uclibcgnueabi/sysroot/usr/lib/libibrcommon.a(gf128mul.o):gf128mul.cpp:(.text+0x30): first defined here collect2: error: ld returned 1 exit status Makefile:560: recipe for target 'dtnd' failed Fixes: - http://autobuild.buildroot.org/results/1d3b4b6cf043a3e185ce758b617a0a18c3d36cdb Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/luaexpat: restore getcurrentbytecount, required by prosodyGravatar Francois Perrad2019-02-231-0/+40
| | | | | | | | | Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/158295314 Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Update for 2019.02-rc22019.02-rc2Gravatar Peter Korsgaard2019-02-234-11/+57
| | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/tor: security bump to 0.3.5.8Gravatar Bernd Kuhls2019-02-232-3/+3
| | | | | | | | | | | | | | | | Release notes: https://blog.torproject.org/new-releases-tor-0402-alpha-0358-03411-and-03312 Fixes CVE-2019-8955: KIST can write above outbuf highwater mark https://trac.torproject.org/projects/tor/ticket/29168 Updated license hash after upstream commit https://gitweb.torproject.org/tor.git/commit/LICENSE?h=maint-0.3.5&id=efe55b88987c2539c218fdf1f46f16f9bdc3a8eb which bumps copyright date to 2019. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* configs/imx23evk: Bump the U-Boot versionGravatar Fabio Estevam2019-02-231-1/+1
| | | | | | | | | | | | | | | | | | | | | Thomas Petazzoni reports: "The imx23evk_defconfig no longer builds: https://gitlab.com/buildroot.org/buildroot/-/jobs/158295124 This is due to the bump of OpenSSL to 1.1.x. This issue seems to have been fixed in U-Boot commit 7bae13b7579a6bc42330427496330fe2a29cbd56, which is part of U-Boot since 2017.01, but the defconfig is using 2016.09." Bump to the U-Boot 2019.01 to fix this problem. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/158295124 Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Fabio Estevam <festevam@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/stress-ng: Fix build issue with libbsd wchar checkGravatar Vadim Kochan2019-02-231-0/+29
| | | | | | | | | | | | | stress-ng uses test/test-bsd-wchar.c program to check if there is support for libbsd's wchar, but the test fails because wchar.h also requires the FILE* definition from stdio.h which is not included automatically, so fix it by include stdio.h explicitly. Fixes: http://autobuild.buildroot.net/results/6def1bba8e7ec05682e74c4edc3a35c8c118d28b Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/cryptopp: fix build with gcc < 4.9Gravatar Fabrice Fontaine2019-02-221-0/+40
| | | | | | | | | | Disable AVX2 if gcc < 4.9 Fixes: - http://autobuild.buildroot.org/results/195e40b34344f773da51a3fbff9d8e76c517eed1 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* configs/orangepi_{lite2, one_plus}: use correct kernel headers versionGravatar Thomas Petazzoni2019-02-222-4/+4
| | | | | | | | | | | | | | | | | | | | | | In the following commits: 85f4bd9425b4ee74839202ab012d193a0175c5fa configs/orangepi_lite2: fix kernel headers option 506cdeb2d08811f309c6dc80c0098bf1ccdee21a configs/orangepi_one_plus: fix kernel headers option We fixed the orangepi_lite2 and orangepi_one_plus defconfigs to use the BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_X_Y option. However, we were mistaken by the existing comment saying that 4.18 kernel headers should be used. This was wrong, as the kernel source code in use is 4.19, so this commit fixes the BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_X_Y to use the correct version. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/165766089 https://gitlab.com/buildroot.org/buildroot/-/jobs/165766093 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/gdb: disable inprocess-agent in static buildGravatar Fabrice Fontaine2019-02-221-0/+5
| | | | | | | | Fixes: - http://autobuild.buildroot.org/results/b40bdbca6669a81301fca523e982dbc9584a4e65 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* configs/rock64: Linux needs host OpenSSLGravatar Thomas Petazzoni2019-02-221-0/+1
| | | | | | | | | | | | | | | | | The Linux configuration used in the rock64_defconfig requires host-openssl to be built, otherwise the build fails with: scripts/extract-cert.c:21:25: fatal error: openssl/bio.h: No such file or directory #include <openssl/bio.h> So let's enable BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/165766161 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/reaver: fix build on m68kGravatar Fabrice Fontaine2019-02-221-0/+32
| | | | | | | | Fixes: - http://autobuild.buildroot.org/results/935c038b921ffa0f185571de41223e4c201e964b Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* configs/zynq_zybo: remove defconfigGravatar Thomas Petazzoni2019-02-228-163/+0
| | | | | | | | | | | | | | | | This defconfig was added in October 2016 and was never updated since then. It currently fails to build because U-Boot is too old and doesn't build with host-openssl in version 1.1.x. On February 13, 2019, the original submitter was notified, but didn't reply, so let's remove the defconfig for this platform. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/165766194 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/bind: security bump to version 9.11.5-P4Gravatar Peter Korsgaard2019-02-222-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: - named could crash during recursive processing of DNAME records when deny-answer-aliases was in use. This flaw is disclosed in CVE-2018-5740. [GL #387] - When recursion is enabled but the allow-recursion and allow-query-cache ACLs are not specified, they should be limited to local networks, but they were inadvertently set to match the default allow-query, thus allowing remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309] - Code change #4964, intended to prevent double signatures when deleting an inactive zone DNSKEY in some situations, introduced a new problem during zone processing in which some delegation glue RRsets are incorrectly identified as needing RRSIGs, which are then created for them using the current active ZSK for the zone. In some, but not all cases, the newly-signed RRsets are added to the zone's NSEC/NSEC3 chain, but incompletely -- this can result in a broken chain, affecting validation of proof of nonexistence for records in the zone. [GL #771] - named could crash if it managed a DNSSEC security root with managed-keys and the authoritative zone rolled the key to an algorithm not supported by BIND 9. This flaw is disclosed in CVE-2018-5745. [GL #780] - named leaked memory when processing a request with multiple Key Tag EDNS options present. ISC would like to thank Toshifumi Sakaguchi for bringing this to our attention. This flaw is disclosed in CVE-2018-5744. [GL #772] - Zone transfer controls for writable DLZ zones were not effective as the allowzonexfr method was not being called for such zones. This flaw is disclosed in CVE-2019-6465. [GL #790] For more details, see the release notes: http://ftp.isc.org/isc/bind9/9.11.5-P4/RELEASE-NOTES-bind-9.11.5-P4.html Change the upstream URL to HTTPS as the webserver uses HSTS: >>> bind 9.11.5-P4 Downloading URL transformed to HTTPS due to an HSTS policy Update the hash of the license file to account for a change of copyright year: -Copyright (C) 1996-2018 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 1996-2019 Internet Systems Consortium, Inc. ("ISC") Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/unzip: add security and bug fix patches from DebianGravatar Baruch Siach2019-02-222-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Debian bug #741384: Buffer overflow Debian bug #744212: Buffer overflow CVE-2014-8139: CRC32 verification heap-based overflow CVE-2014-8140: Out-of-bounds write issue in test_compr_eb() CVE-2014-8141: Out-of-bounds read issues in getZip64Data() CVE-2014-9636: Heap overflow CVE-2015-7696: Heap overflow when extracting password-protected archive CVE-2015-7697: Infinite loop when extracting password-protected archive Red Hat Bugzilla #1260944: Unsigned overflow on invalid input Debian bug #842993: Do not ignore Unix Timestamps CVE-2014-9913: Buffer overflow CVE-2016-9844: Buffer overflow in zipinfo CVE-2018-1000035: Buffer overflow in password protected ZIP archives Cc: Luca Ceresoli <luca@lucaceresoli.net> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/proftpd: prevent openssl pthread detectionGravatar Matt Weber2019-02-221-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | The proftpd configure script doesn't use pkg-config to detect openssl libraries. Instead, it just adds -lcrypto. Since openssl may be linked with pthread, it tries to detect that by calling 'openssl version -f', which gives the arguments with which openssl was compiled. Since the openssl executable used is either host-openssl or the system installed openssl, the output of 'openssl version -f' is useless in Buildroot context. If the target toolchain doesn't have threads support, it will wrongly pick up -pthread from host-openssl. Fortunately there is a simple workaround: --without-openssl-cmdline says that there is no openssl executable and skips the test, so -pthread is not added. It turns out -pthread is never needed, even in static linking cases, because openssl/libressl puts the thread support in a separate object file that only gets linked in if the program actually uses threads (which proftpd doesn't). Fixes: http://autobuild.buildroot.net/results/9c25c3cb3cf93b76c0538c5376a803641bf6575b Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> [Rewrite commit log, after additional analysis and testing] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/dtc: additional fix of include guards for older u-bootGravatar Thomas De Schampheleire2019-02-211-4/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With recent dtc but old u-boot, compilation issues occur related to libfdt. These problems really are u-boot issue since it does not properly set include paths so that its own headers are included. Nevertheless, since the u-boot version is typically decided by users and stuck at some version provided by a SoC or board vendor, it is not feasible to fix those old versions. Instead, already several fixes were made in the past, in Buildroot. See commits: c7ffd8a75d5 "package/dtc: fix include guards for older kernel/u-boot" f437bf547ca "uboot: fix build for older uboot source trees" bf733342324 "uboot: fix build when libfdt-devel is installed system-wide" 0bf80e4bcd5 "uboot: ensure host includes are searched before system default includes" b15a7a62d3f "uboot: revert "uboot: use local libfdt.h"" baae5156ce3 "uboot: use local fdt headers" 3a6573ccee2 "uboot: use local libfdt.h" Commit c7ffd8a75d55e24d793106eabbb80964ab91081f fixes the problem caused by dtc having changed their include guards from _FOO_H to FOO_H (leading underscore removed). Old u-boot would still use _FOO_H, which (combined with host-dtc headers that use FOO_H) would cause the inclusion of two different copies of the same nominal include file, e.g. libfdt.h or libfdt_env.h, causing 'error: redefinition of xxx' compilation issues. The fix sets the 'new' include guard when the 'old' one is detected, preventing a second inclusion of the same nominal file. For some u-boot versions, however, this change not only needs to be made in libfdt.h and libfdt_env.h, but also in 'fdt.h'. Update the dtc patch to do just that. Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/madplay: fix static buildGravatar Fabrice Fontaine2019-02-212-2/+26
| | | | | | | | | | | Add a patch to use pkg-config to find id3tag dependency (-lz) Fixes: - http://autobuild.buildroot.org/results/5e4882ddacf205a92a3ff1e79649cf16e4b6c0ae Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> [Arnout: add comment to AUTORECONF to refer to the patch] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/libid3tag: fix id3tag.pcGravatar Fabrice Fontaine2019-02-211-0/+1
| | | | | | | | Add -lz to id3tag.pc, this fix is needed to be able to use pkg-config in madplay to find id3tag dependencies Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/swupdate: update license filesGravatar Fabrice Fontaine2019-02-202-3/+7
| | | | | | | | | | | | | | COPYING contains only the license for GPL-2.0 so use the new license files that have been added in the Licenses directory since version 2018.03 and https://github.com/sbabic/swupdate/commit/32c1f98eaca69e362be074197f84a59d994c0876 Also update GPL-2.0+ to "GPL-2.0+ with OpenSSL exception" and add Exceptions file, see: https://github.com/sbabic/swupdate/commit/66d0dbe80f49eb49f8999c9d738579651fc38134 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/imagemagick: fixup help text layoutGravatar Yann E. MORIN2019-02-201-2/+2
| | | | | Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* DEVELOPERS: update email address for Gary BissonGravatar Gary Bisson2019-02-201-1/+1
| | | | | Signed-off-by: Gary Bisson <bisson.gary@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>