| Age | Commit message (Collapse) | Author |
|---|
|
It was here just for backwards compatibility and is not used by any
package or board after commits
59856480b6 packages/devmem2: remove from all board configurations
2f6e3eae55 package/ti-gfx: do not use devmem2 in script
There are address casting issues with 32bit access on a 64bit bus (like
on the SoC FPGA ARM processors) with this tool. The Busybox version of
devmem is the most up to date and supports quadword access.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=10171
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>
|
|
This patch brings the libmali package from Rockchip's Buildroot BSP.
Contrary to their BSP version, we name a github repo with a specific
git commit ID as source.
Signed-off-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>
|
|
This patch is a backport of Rockchip's SoC differentiation mechanism
used in their Buildroot BSP. It does not bring any package at all, but
allows packages to control their behaviour based on the selected
target SoC (e.g. install different drivers).
In order to keep compatibility with Rockchip packages we add support
for the differentiation mechanism as well.
Signed-off-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>
|
|
This patch adds the ability to use the "rockchip" DRM module
for glmark2. That's needed in order to be able to find a proper
DRM module. This patch is actually a backport of 0f81f3c.
Note, that updating the glmark2 package does not work as of now.
When using mainline glmark2, we observe an EGL error.
Since this is proprietary code, we cannot do much
besides using the vendor proposed solution
(old version of glmark2 with an additional patch).
Error with mainline glmark2:
Debug: Using Udev to detect the right DRM node to use
Debug: Looking for the main GPU DRM node...
Debug: Not found!
Debug: Looking for a concrete GPU DRM node...
Debug: Success!
Debug: Trying to use the DRM node /dev/dri/card0
Debug: Success!
Error: Loading EGL entry points failed
Debug: Using eglGetPlatformDisplayEXT()
Thus this patch is the best solution for now.
Signed-off-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>
|
|
This is a not yet merged commit to add support for the PX30
to mkimage.
Signed-off-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>
|
|
ldd is a very useful tool for analysing shared object dependencies.
The tool is a standard helper in Linux systems and deserves to exist
in embedded systems as well.
Signed-off-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>
|
|
Changelog: https://www.php.net/ChangeLog-7.php#7.3.7
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7accdcb3a943d420b13a73c497d29cb15db156e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Version 2.24.3 is a minor update which contains many bugfixes.
>From the announcement:
- Fix previous/next gestures in RTL mode.
- Fix rendering artifacts in popular sites (YouTube, GitHub, etc.)
- Fix media playback annoyances (volume randomly changing, HLS streams
starting too slowly, some audio streams would not play, etc.)
- Fix build with audio and video disabled.
https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3ff05d9094be1329b5987589d6b6fefb152ff006)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 173ed657f3ff322e523912f7cd3c651b758debe2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes:
- http://autobuild.buildroot.org/results/1497d7c2485c4a107ab82c870d78744981efb6d3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3bd1574aefb877e415e4a496d5c0394bad9759f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes the following security vulnerabilities:
CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via
HTTPS
For more details, see the announcement:
https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9f87b3785fe15d0b57f9b1820456b29f3c6a7284)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
CVE-2018-20194: Stack buffer overflow on invalid input
CVE-2018-20362: Null pointer dereference when processing crafted AAC
input
Add two more crash fixes from upstream.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7f4dde33185f820fa37195cc9ab3bc0f4e45b9af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes the following security vulnerability:
CVE-2019-13045: Use after free when sending SASL login to the server found
by ilbelkyr
For more details, see the advisory:
https://irssi.org/security/html/irssi_sa_2019_06/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 0a1b957d4ed3ec41c645fc81ba6029921116ab4f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
When TARGET_CFLAGS (or _LDFLAGS or _CXXFLAGS) are empty, but were
constructed by appending other variables, like:
TARGET_CFLAGS = $(SOMETHING) $(SOMETHING_ELSE)
and both variables are empty, then $(TARGET_CFLAGS) is _not_ the
null-string; it's value is a string made of a single space.
This means that the construct:
$(if $(TARGET_CFLAGS),true,false)
will in fact return 'true'.
In our case, it means that we will call:
`printf '"%s", ' `
which expands to just:
"",
which we are then happy to insert as-is in the generated
cross-compilation.conf.
Then meson, will happily call the compiler with an empty argument.
The compiler is less happy, though:
arm-none-linux-gnueabi-gcc: error: : No such file or directory
And this is not even trivial to debug either... The only clue being that
there seems to be something missing between ': :'
We fix that testing the $(strip)ed value. We can still pass the
non-$(strip) expansion, because the shell will just do it for us, and we
are then sure there is at least one non-blank word in there.
Thanks a lot to Adam for his invaluable help debugging this!
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e9de6d9e0ac66883b9c8b7b4c623b27dab8087ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes:
- http://autobuild.buildroot.org/results/9287ffbb86a7dc09cda5f99f87445fa884e77625
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 0953377a9ea4ea518a87a0b48169626c762b5fea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes the following security vulnerabilites:
CVE-2018-20843: In libexpat in Expat before 2.2.7, XML input including XML
names that contain a large number of colons could make the XML parser
consume a high amount of RAM and CPU resources while processing (enough to
be usable for denial-of-service attacks).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 84fd08cf4f860914b0d7b6e48dbe6819e96cc423)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes CVE-2018-15664: API endpoints behind the 'docker cp' command are
vulnerable to a symlink-exchange attack with Directory Traversal, giving
attackers arbitrary read-write access to the host filesystem with root
privileges, because daemon/archive.go does not do archive operations on a
frozen filesystem (or from within a chroot).
And includes additional post-18.09.6 fixes:
Builder
- Fixed a panic error when building dockerfiles that contain only comments.
moby/moby#38487
- Added a workaround for GCR authentication issue. moby/moby#38246
- Builder-next: Fixed a bug in the GCR token cache implementation
workaround. moby/moby#39183
Runtime
- Added performance optimizations in aufs and layer store that helps in
massively parallel container creation and removal. moby/moby#39107,
moby/moby#39135
- daemon: fixed a mirrors validation issue. moby/moby#38991
- Docker no longer supports sorting UID and GID ranges in ID maps.
moby/moby#39288
Logging
- Added a fix that now allows large log lines for logger plugins.
moby/moby#39038
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit cdbb3ced003a3fbf141964d4acaabda969d742b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes CVE-2018-15664: API endpoints behind the 'docker cp' command are
vulnerable to a symlink-exchange attack with Directory Traversal, giving
attackers arbitrary read-write access to the host filesystem with root
privileges, because daemon/archive.go does not do archive operations on a
frozen filesystem (or from within a chroot).
And includes additional post-18.09.6 fixes:
Builder
- Fixed a panic error when building dockerfiles that contain only comments.
moby/moby#38487
- Added a workaround for GCR authentication issue. moby/moby#38246
- Builder-next: Fixed a bug in the GCR token cache implementation
workaround. moby/moby#39183
Runtime
- Added performance optimizations in aufs and layer store that helps in
massively parallel container creation and removal. moby/moby#39107,
moby/moby#39135
- daemon: fixed a mirrors validation issue. moby/moby#38991
- Docker no longer supports sorting UID and GID ranges in ID maps.
moby/moby#39288
Logging
- Added a fix that now allows large log lines for logger plugins.
moby/moby#39038
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 13cf6f0c0bf0df313712aca8e4197ce96e29de89)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Buildroots autobuild identified a failure on GCC v6.2 and GCC v6.3,
producing the following warning (reported as error due to -Werror):
event_dispatcher_poll.cpp:231:13: error: types may not be defined
in a for-range-declaration [-Werror]
for (const struct pollfd &pfd : pollfds) {
^~~~~~
cc1plus: all warnings being treated as errors
A fix has been integrated upstream, bump the package to incorporate it.
Fixes: http://autobuild.buildroot.net/results/f6dd4c60c04892c8b1669e6000fce7edb2b6349e/
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1db7890e0a7c7fb1b849300b5805e6be3fd5622f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Patch to resolve cve-2019-12900 which affects bzip2 versions 1.0.6 and older
More information can be found at
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6581c441dfc06c5e5e3666718e5c2e9801485ede)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Also add a standard sha256 hash for the package itself.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cc7581a850fcae8de601b9678f65a00d46db76af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit abc782c0b3be3b4d5346a23ac46b8417ff8a900c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes CVE-2019-12450: file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0
through 2.61.1 does not properly restrict file permissions while a copy
operation is in progress. Instead, default permissions are used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
When the target toolchain does not support C++, the provided
libcdaudio configure script tries to run a check with the C++
pre-processor provided by the host (/lib/cpp) which may not exist on
some systems.
This issue is fixed by autoreconfiguring the package, as newly
generated configure scripts do not have this issue.
Fixes:
http://autobuild.buildroot.net/results/f725a41ef992c42ceef7514d1a8dcac99e6b9114/
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8307fd013292d6f02116b8f4054c70746dddc009)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 015b714cdedd93a3bf28078aa598633ee02f5dd2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Starting from Qt5 5.9.0, -optimize-debug is enabled by default for
debug builds causing -Og flag to be appended to CFLAGS and
consequently override TARGET_CFLAGS. We don't want this so let's pass
-no-optimize-debug to QT5BASE_CONFIGURE_OPTS if QT5_VERSION_LATEST=y.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5857ab6a96be17615a05ff4e6a91d8f475890980)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Release notes: https://www.postgresql.org/docs/11/release-11-4.html
Fixes CVE-2019-10164.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b262c7d578e7b15b95d68bead7cb8f0a97755d20)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Changelog: https://wiki.znc.in/ChangeLog/1.7.4
Fixes CVE-2019-12816:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12816
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3269f2a761db8317945f0ca259cafb2a928b3265)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
libvncserver homepage is https://libvnc.github.io/, last version on
sourceforge is 0.9.9 (seven years ago)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5324d7e07a2a0e6db48b6fdd4d38c4a18d53a77b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
We want to install the lmbench script along with the other executables,
so we add it to the appropriate list.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1956fbe5a4735dfeb4f448f022f42e32c018dca8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
scripts/build makes use of the "+=" operator which is not supported by
a pure POSIX shell. We switch to /bin/bash in order to avoid errors of
the form:
../scripts/build: 21: ../scripts/build: LDLIBS+= -lm: not found
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 037d5ffcb67dc72d37db7a0383145e9e99b36fc7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
jimtcl, perl, usb_modeswitch and x264 are registering
UPDATE_CONFIG_HOOK as a post patch hook to get their gnuconfig files
updated. lmbench is the only package calling CONFIG_UPDATE directly,
so for consistency, let's make it use the same logic as jimtcl, perl,
usb_modeswitch and x264.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2b8b6767ab1cc803a888cca91730732945f95b85)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a724e8e0512212a309e581ab1b48d67584510fb6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b93c71c83dd4dd5422c8cb258e97b4f08fb1a42a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1872915bd35e757e683074bcf2438c8e3a3363bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Package tvheadend builds using '-pie' linker flag in any case. This
leads to linking failure if toolchain doesn't support 'pie'.
Add patch to fix tvheadend's Makefile bug where '-pie' flag is hardcoded
making it depend on '--disable-pie' as compiler's flags already are
treated.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dd0907d465a0d82a4844e7aaf3eb3be69103642b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 32a0d3a8e2cf78f0f36b948ba5ea5aa85c2ceeb1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Add hash for COPYING file
Fixes:
$: make haveged-legal-info
>>> haveged 1.9.4 Collecting legal info
ERROR: No hash found for COPYING
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0ae29b98d1293b0e89fa2f5686fe743af1f45c34)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Includes fixes for the "TCP SACK PANIC" vulnerability:
https://access.redhat.com/security/vulnerabilities/tcpsack
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19f6b3281c03a1892900723c47cc766e6770e862)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
In glibc 2.27 the following change occurred:
"Statically compiled applications attempting to load locales compiled
for the GNU C Library version 2.27 will fail and fall back to the
builtin C/POSIX locale."
This impacts us since upstream buildroot uses a localdef built against
an older eglibc release, as reported at [0].
This is a combination of my patch to move to glibc and Peter Seiderer's
patch to avoid building all of glibc just for localedef.
[0] https://bugs.busybox.net/show_bug.cgi?id=11096
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
[localedef build & fixups:]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Thomas: share the tarball with the glibc package]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0ec7169e6c8cfb4bb54defb685bd04bb1da0a2aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Add hash for COPYING file
Fixes:
$: make logrotate-legal-info
>>> logrotate 3.15.0 Collecting legal info
ERROR: No hash found for COPYING
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 38626b4b63bf877c3cfeb356a4b0dc0e79bdbc75)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
See https://github.com/cesanta/mongoose/releases/tag/6.15
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit da7fdfe6a3f9f1ee9439654e5f4d003fa538f9b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes CVE-2019-10160: urlsplit does not handle NFKC normalization (2nd fix)
While the fix for CVE-2019-9936 is included in 3.7.3, the followup
regression fixes unfortunatly aren't.
https://bugs.python.org/issue36742
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b57490563c065e813e176173017e45dbd764939b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes CVE-2019-9636: urlsplit does not handle NFKC normalization
https://bugs.python.org/issue36216
The fix unfortunately introduced regressions, so also apply the followup
fixes.
https://bugs.python.org/issue36742
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 58d0bc2f29fa427aa07876783dbc89e92b5e4302)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes CVE-2019-9948: Unnecessary URL scheme exists to allow file:// reading
file in urllib.
https://bugs.python.org/issue35907
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6522aad76a250e2f59669c7eb3aa1565502db117)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
There is no support for nds32 in gdb.
Fixes:
http://autobuild.buildroot.net/results/1a40b1ac5f06c856c2e30dbbb4e485022c438c72
Signed-off-by: Nylon Chen <nylon7@andestech.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 93173c614ef04c988e04647c653381727e2d3092)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2676d4fb2ab72f8756d23a8f2661ba57cf8ebbd0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes the following security issues:
- CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic links
in their own home directory to bypass authentication and connect to a
DBusServer with elevated privileges. The standard system and session
dbus-daemons in their default configuration were immune to this attack
because they did not allow DBUS_COOKIE_SHA1, but third-party users of
DBusServer such as Upstart could be vulnerable. Thanks to Joe Vennix of
Apple Information Security.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2019/06/11/2
Also contains a number of other smaller fixes, including fixes for memory
leaks. For details, see NEWS:
https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 992b106d1de70b2bf1ad6a2211b937f5534b2c8a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Nehalem, the predecessor to westmere, is best match for westmere
architecture in current openblas.
Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b04f1deab3ddf57db63490cdc5532fc7d448483e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
The licensing text in README.md has changed slightly. The reference to
COPYING.LESSER has been removed. The file itself has been gone for awhile
now. COPYING.thirdparty has also been renamed to THIRDPARTY.
Release notes:
https://mariadb.com/kb/en/library/mariadb-10315-release-notes/
Changelog:
https://mariadb.com/kb/en/mariadb-10315-changelog/
Fixes the following security vulnerabilities:
CVE-2019-2614 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication). Supported versions that are affected
are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to
exploit vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2019-2627 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Security: Privileges). Supported versions that are
affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior.
Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability
to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server.
CVE-2019-2628 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and
prior and 8.0.15 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 033844c44df13da70d9ca19e4ad057b9e730aef6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
