Fixes a critical authentication vulnerability in the MQTT plugin
(CVE-2016-9877):
MQTT (MQ Telemetry Transport) connection authentication with a
username/password pair succeeds if an existing username is provided but the
password is omitted from the connection request. Connections that use TLS
with a client-provided certificate are not affected.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The problem addressed by 0001 patch has been fixed upstream and is that
fix is included in this release:
aa107497cd
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patches from 4.8 version don't apply. Update them by backporting
liteBoard support from Linux master branch.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is already support in newest U-Boot version, so drop existing
U-Boot patches.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
0001-Fix-Add-missing-pthread.h-include.patch already included in this
release:
5f702b6071
--with-xml-prefix configure option doesn't exist, so drop it:
configure:22815: WARNING: unrecognized options: [snip], --with-xml-prefix
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfixes:
- CVE-2016-9131: A malformed response to an ANY query can cause an
assertion failure during recursion
- CVE-2016-9147: An error handling a query response containing inconsistent
DNSSEC information could cause an assertion failure
- CVE-2016-9444: An unusually-formed DS record response could cause an
assertion failure
- CVE-2016-9778: An error handling certain queries using the
nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use upstream provided tarball.
Upstream switched to cmake.
libjpeg dependency is now optional.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Include this bugfix [1] (freeze with DRI2).
Tested using Enlightenment and Lugaru game on x86_64 target using DRI2.
[1] https://bugs.freedesktop.org/show_bug.cgi?id=99333
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Although tremor (the library is named vorbisidec) provides a pkg-config
file, mpd does not use it to find tremor. Since version 0.20 does throw
an error instead of a warning, that's why the issue was left unnoticed
by the autobuilders.
Help mpd to find tremor by providing the path to the library and passing
LIBS through the environment. We use the host pkg-config tool to get the
correct values from the vorbisidec.pc file.
Fixes:
http://autobuild.buildroot.net/results/6b9/6b97403e70caa12c32494b1c82ce61d3e4e456f6/
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to U-Boot 2017.01, which supports mx6sx_udoo_neo by default.
Remove the U-Boot patch that we used for the previous version.
Also adjust the 'fdtfile' name as it has been changed in U-Boot
mainline.
[Peter: part 2, boot.scr / defconfig changed accidently got dropped]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host build of the ustr package also needs to not run the ldconfig to
prevent a build failure caused by the symlink creating a race condition.
Related commit for target build change was 22069232.
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For the newer versions the collectd configure script expects
libgcrypt-config as parameter rather than the location for the
libgcrypt-config script. Adjust the package to account for this.
Fixes:
http://autobuild.buildroot.net/results/a49/a494bc905e4509528c4932f76a094b9ea8e70bd3/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to U-Boot 2017.01, which supports mx6sx_udoo_neo by default.
Remove the U-Boot patch that we used for the previous version.
Also adjust the 'fdtfile' name as it has been changed in U-Boot
mainline.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version is marked as "stable" on php-imagick's website, plus is
necessary for the upcoming php-7.1 version bump.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 3.5.x has been promoted to stable, hence 3.4.x is deprecated and
3.3.x kept as old-stable.
libdane now specifies LGPLv2.1+ so drop the README kludge (which is also
gone regarding licensing).
libunistring is a new dependency, even though gnutls ships a builtin version
we prefer to use unbundled to avoid duplication with other users and target
size growth.
Fixes:
GNUTLS-SA-2017-01 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted X.509 certificate with
Proxy Certificate Information extension present could lead to a double
free.
GNUTLS-SA-2017-02 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted OpenPGP certificate
could lead to heap and stack overflows.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2016-8707 (Fix possible buffer overflow when writing
compressed TIFFS). This CVE fix is included since 7.0.3-9:
fde5f55af9
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also remove the patch since it's already contained in this release.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 3d707d2b (mysql: rename package to oracle-mysql, make a virtual
package) introduced a user selectable virtual BR2_PACKAGE_MYSQL package, but
didn't propagate the (common) dependencies of the two variants to it, so the
virtual package can now be selected even though neither of the variants are
available.
As several packages enable mysql support when BR2_PACKAGE_MYSQL is selected,
this causes a number of autobuilder issues:
http://autobuild.buildroot.net/results/7fe/7fe0d0a3e7ed0430852dc42b718dd037557207e8/http://autobuild.buildroot.net/results/cc4/cc4c2d936f3e1ba6c0a9782b2218de54a4ff75d2/
Fix it by propagating the common dependencies of the two variants to the
virtual package to ensure it cannot be enabled unless at least one of them
are available.
Also move the toolchain comment outside the conditional so it is visible
when mysql isn't available.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add support for the KMS video sink element. From the Gstreamer 1.10
release notes:
"New element kmssink to render video using Direct Rendering Manager (DRM)
and Kernel Mode Setting (KMS) subsystems in the Linux kernel. It is oriented
to be used mostly in embedded systems."
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard
Alvaro G. M
Adam Duskett
Vicente Olivert Riera
Marcin Niestroj
Jörg Krause
Bernd Kuhls
Baruch Siach
Romain Naour
Danomi Manchego
Yegor Yefremov
Daniel Mack
Martin Kepplinger
Gustavo Zacarias
Fabio Estevam
Clayton Shotwell
Stewart Smith
Francois Perrad
Fabio Estevam