Copy vapi files to unversioned vala dir.
Added vala/host to PKG_BUILD_DEPENDS.
Removed TARGET_LDFLAGS
Removed copyright lines
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry-picked from 2cf76d5278)
- CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
- CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
- CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
- CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
- CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
- CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
- CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
- CVE-2019-3862
Out-of-bounds memory comparison
- CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
A remote code execution vuln has been found in sqlite. Infos available
here:
https://blade.tencent.com/magellan/index_en.html
sqlite 3.26.0 contains the fix.
This commit also changes source URL to https. It also adds a depend on
zlib, which is now required.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This bumps libtiff's minor version from 9 to 10. In addition to the CVE
fixes that we already included this fixes:
CVE-2017-17095
CVE-2018-17101
CVE-2018-18557
The update is 100% backwards compatible, no symbol changes.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Debian uses libxml2 2.9.4 in Stretch. This adds their security related
fixes from 2.9.4+dfsg1-2.2+deb9u2 to LEDE's 17.01 release.
Fixed CVEs:
CVE-2016-4658
CVE-2016-5131
CVE-2017-0663
CVE-2017-15412
CVE-2017-7375
CVE-2017-7376
CVE-2017-9047
CVE-2017-9048
CVE-2017-9049
CVE-2017-9050
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Backport Rosen's commit in master to 17.01 to address open CVEs. This
fixes:
CVE-2017-11613
CVE-2018-5784
CVE-2018-7456
CVE-2018-8905
CVE-2018-10963
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This update includes fixes for the following CVEs:
- CVE-2018-1053
- CVE-2018-1058
- CVE-2018-10915
- CVE-2018-10925
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
I got into troubles to be behind a proxy and my build then fails
because it cannot connect to git://github.com urls
To avoid such problems for others I think it is useful to replace
them for the whole repo. This changes make it work for me again.
Signed-off-by: Matthias Kesler <krombel@krombel.de>
When compiling against uClibc on lede-17.01 it's detected in the linking
phase that '__isnan' is nowhere to be found:
sqlite3-sqlite3.o: In function `serialGet':
sqlite3.c:(.text+0x6364): undefined reference to `__isnan'
sqlite3-sqlite3.o: In function `sqlite3_result_double':
sqlite3.c:(.text+0x10faa): undefined reference to `__isnan'
sqlite3-sqlite3.o: In function `sqlite3VXPrintf':
sqlite3.c:(.text+0x175ca): undefined reference to `__isnan'
sqlite3-sqlite3.o: In function `sqlite3_bind_double':
sqlite3.c:(.text+0x1b0ac): undefined reference to `__isnan'
sqlite3-sqlite3.o: In function `sqlite3VdbeExec':
sqlite3.c:(.text+0x3b77e): undefined reference to `__isnan'
collect2: error: ld returned 1 exit status
To fix this libm needs to be linked in as well in the uClibc case. So
add libm ('-lm') to the TARGET_LDFLAGS accordingly.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This allows prevents build error due to trust-paths not being
specified. The trust module was not being used in openwrt.
Resolves#5528
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
- Version bump to 4.0.9, as otherwise ca. a dozen patches would need
to be added to fix the open CVEs. There have been no API/ABI
changes between 4.0.6 and 4.0.9, so this is OK.
- Adds patches copied from Debian for CVE-2017-18013 and CVE-2017-9935
on top.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- there are multiple open CVEs, this adds patches for them
- adds --disable-silent-rules for verbose build output
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- currently zlib is never detected, although there is a dependency on
it, fix that.
- change links from http to https
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Currently alsa-lib fails to build on uClibc:
parser.c: In function 'snd_tplg_build_file':
parser.c:262:35: error: 'S_IRUSR' undeclared (first use in this function)
open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
^
parser.c:262:35: note: each undeclared identifier is reported only once for each function it appears in
parser.c:262:45: error: 'S_IWUSR' undeclared (first use in this function)
open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
^
parser.c: In function 'snd_tplg_build':
parser.c:330:35: error: 'S_IRUSR' undeclared (first use in this function)
open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
^
parser.c:330:45: error: 'S_IWUSR' undeclared (first use in this function)
open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
^
Makefile:390: recipe for target 'parser.lo' failed
Fix this by adding an upstream fix as a backport.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Contains fixes for
* CVE-2017-15099
* CVE-2017-15098
* CVE-2017-12172
* CVE-2017-7548
* CVE-2017-7547
* CVE-2017-7546
* CVE-2017-7486
* CVE-2017-7485
* CVE-2017-7484
Note that some fixes apply for newly created databases only!
To mitigate CVE-2017-7486 and CVE-2017-7547 in existing databases,
a procedure described in the the release notes of PostgreSQL 9.5.8
is necessary!
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
While recently building asterisk, the make system stalled on gnutls. On my install of Ubuntu 16.04 on WSL, it seems curl can't download from ftp and doesn't even time out properly. Easiest solution is to switch the gnutls Makefile to use HTTPS instead.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fixed recently in master as part of upgrading, but the same issue
applies to 17.01. The two variant packages both now PROVIDE
libwebsockets, the virtual package.
Signed-off-by: Karl Palsson <karlp@etactica.com>
libidn.pc file was missing in package staging area causing build
failures for other packages expecting to find libidn package config
files.
refreshed patches to clear existing patch fuzz
take over maintainership
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Update liboping/oping/noping to upstream release 1.9.0
Also introduce new location of downloads and correct
the licence to LGPL-2.1+ (as seen in liboping's README)
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Rosen Penev