Gary Bisson [Tue, 24 Jan 2017 16:40:20 +0000 (17:40 +0100)]
configs: nitrogen*: bump kernel and u-boot revisions
Here are the main U-Boot modifications:
- Fix second Ethernet port for SoloX
- Fix LCD disable sequence
- Fix LVDS2 as primary display
Here are the main Linux modifications:
- Rebase on top of NXP 4.1.15_2.0.0 branch
- Fix touch screens interrupt conflicts
- Backport tw686x features from mainline
- Fix multiple ft5x06 touch instantiation
- Fix dirty cow vulnerability
- Various improvements to TC358743 driver
Chris Packham [Tue, 24 Jan 2017 10:14:22 +0000 (23:14 +1300)]
micropython-lib: needs pcre
The micropython libs load libpcre dynamically using the foreign function
interface (libffi). Without pcre the build will succeed but at run time
anything that uses the 're' module will have issues.
James Knight [Mon, 9 Jan 2017 14:08:17 +0000 (09:08 -0500)]
rpm: disable static build support
The RPM package requires dynamic linking support (dlfcn.h) for its
capabilities related to plugins (and possibly more). The following
commit adds a dependency to !BR2_STATIC_LIBS.
--enable-password-save option has been removed
(https://github.com/OpenVPN/openvpn/commit/9ffd00e7541d83571b9eec087c6b3545ff68441f). Since
it now defaults to "enabled" in the upstream package, there is no
point in adding Config.in.legacy support for it: Config.in.legacy
logic only kicks in when the option is enabled, but the upstream
package precisely preserve the compatibility with this situation.
rng-tools: Fix disabling package on non-x86 architectures.
Commit 2f89476 ("package/libgpg-error: bump to version 1.23") introduced
a BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS which was added as a dependency
to all libgpg-error reverse dependencies.
However, rng-tools only select libgpg-error if BR2_i386 || BR2_x86_64
(for RDRAND) but the rng-tools dependency was added as
BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS && (BR2_i386 || BR2_x86_64),
Therefore limiting rng-tools to the x86 architecture.
This patch changes it as ..._ARCH_SUPPORT || !(BR2_i386 || BR2_x86_64).
Peter Korsgaard [Mon, 23 Jan 2017 15:17:46 +0000 (16:17 +0100)]
go: security bump to version 1.7.4
On Darwin, user's trust preferences for root certificates were not honored.
If the user had a root certificate loaded in their Keychain that was
explicitly not trusted, a Go program would still verify a connection using
that root certificate. This is addressed by https://golang.org/cl/33721,
tracked in https://golang.org/issue/18141. Thanks to Xy Ziemba for
identifying and reporting this issue.
The net/http package's Request.ParseMultipartForm method starts writing to
temporary files once the request body size surpasses the given "maxMemory"
limit. It was possible for an attacker to generate a multipart request
crafted such that the server ran out of file descriptors. This is addressed
by https://golang.org/cl/30410, tracked in https://golang.org/issue/17965.
Thanks to Simon Rawet for the report.
Frank Hunleth [Mon, 23 Jan 2017 19:47:17 +0000 (14:47 -0500)]
mariadb: explicitly disable dtrace detection
By default, mariadb's cmake script tries to detect dtrace support. On
hosts that have dtrace installed, this incorrectly enables dtrace and
causes compile errors.
Add a package containing a C library and a set of command-line tools
for controlling GPIOs from user space using the new character device
interface on linux.
Signed-off-by: Bartosz Golaszewski <[email protected]>
[Thomas:
- add comment about autoreconf=yes (suggested by Romain Naour)
- add more conventional syntax for the --{enable,disable}-tools usage
(suggested by Romain Naour)
- add patch to fix musl build.] Signed-off-by: Thomas Petazzoni <[email protected]>
Peter Korsgaard [Sun, 22 Jan 2017 21:39:56 +0000 (22:39 +0100)]
runc: security bump to fix CVE-2016-9962
RunC allowed additional container processes via runc exec to be ptraced by
the pid 1 of the container. This allows the main processes of the
container, if running as root, to gain access to file-descriptors of these
new processes during the initialization and can lead to container escapes or
modification of runC state before the process is fully placed inside the
container.
Commit 24d90db52a74 (package/nodejs: disable icu support for host build)
added --with-intl=none to host configure flags to fix an issue related to
icu. The 0.10.x version unfortunately doesn't understand this configure
flag and errors out when provided, breaking the build:
configure: error: no such option: --with-intl
The 0.10.x version doesn't seem to have this icu issue (E.G. no autobuilder
issues before this commit and unable to reproduce locally), so fix it by
only passing --with-intl=none for the 6.9.x version.
Carlos Santos [Sun, 22 Jan 2017 03:15:42 +0000 (01:15 -0200)]
util-linux: fix ncurses/wchar handling (again)
Since commit 006a328ad6bed214ec3c4d92120510ea37329dd1 ("util-linux: fix
build with ncurses"), we have a build failure that occurs with musl and
uClibc-ng toolchains when wide-char support is not enabled in ncurses.
The problem occurs because util-linux #defines its own wchar_t (as char)
when configured without widechar support. It was fixed upstream, so pull
the corresponding patch from the util-linux git repository.
Peter Korsgaard [Sat, 21 Jan 2017 13:40:37 +0000 (14:40 +0100)]
opus: security bump to 1.1.4
Fixes CVE-2017-0381: A remote code execution vulnerability in
silk/NLSF_stabilize.c in libopus in Mediaserver could enable an attacker
using a specially crafted file to cause memory corruption during media file
and data processing.
The previous version 3.15.11 failed to build because of:
```
hpijs/hpcupsfax.cpp: In function 'int main(int, char**)':
prnt/hpijs/hpcupsfax.cpp:651:5: error: 'ppd_file_t' was not declared in
this scope
ppd_file_t *ppd;
^
```
`ppd_file_t` is defined in "cups/ppd.h" which was not included in 3.15.11, but
is in 3.16.11.
Peter Korsgaard [Fri, 20 Jan 2017 14:46:27 +0000 (15:46 +0100)]
busybox: bump version to 1.26.2
And drop patches now upstream. Also enable internal glob() handling in ash,
as busybox now errors out if this isn't enabled when building for uClibc
because of bugs in the the glob(3) implementation in uClibc and musl since:
Carlos Santos [Fri, 20 Jan 2017 18:18:54 +0000 (16:18 -0200)]
poco: avoid build failures on multicore hosts
Parallel build still fails on heavilly multicore machines (e.g. -j25)
and hacks likecommit 32f4957b153bdabe7af60d529942aca7d1a4783d do not
seem to be effective.
Let's simply use MAKE1 for the build step, instead.
Peter Seiderer [Thu, 19 Jan 2017 20:11:32 +0000 (21:11 +0100)]
libsndfile: disable external library dependencies
Fixes static linking of pifmrds [1]:
host/usr/bin/arm-linux-gcc -static -o pi_fm_rds rds.o waveforms.o pi_fm_rds.o fm_mpx.o control_pipe.o -lsndfile -lm
.../host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libsndfile.a(flac.o): In function `sf_flac_error_callback':
flac.c:(.text+0x44c): undefined reference to `FLAC__StreamDecoderErrorStatusString'
host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libsndfile.a(ogg.o): In function `ogg_close':
ogg.c:(.text+0x10): undefined reference to `ogg_sync_clear'
host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libsndfile.a(ogg_vorbis.o): In function `vorbis_read_sample':
ogg_vorbis.c:(.text+0x26c): undefined reference to `vorbis_synthesis_pcmout'
Gustavo Zacarias [Thu, 19 Jan 2017 13:44:51 +0000 (10:44 -0300)]
gd: security bump to version 2.2.4
Fixes:
CVE-2016-9317 - gdImageCreate() doesn't check for oversized images and
as such is prone to DoS vulnerabilities.
CVE-2016-6912 - double-free in gdImageWebPtr()
(without CVE):
Potential unsigned underflow in gd_interpolation.c
DOS vulnerability in gdImageCreateFromGd2Ctx()
Signed Integer Overflow gd_io.c
Signed-off-by: Wolfgang Grandegger <[email protected]>
[Thomas:
- move condition to a different place in the .mk file, with other
similar conditions.
- add an 'else' clause to pass -no-libinput in order to explicitly
disable libinput support when the libinput package is not available.] Signed-off-by: Thomas Petazzoni <[email protected]>
projects / buildroot-mgba.git / log