Also drop the CVE patches which are already covered by this new release.
Compile tested for and run tested on mxs platform.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit d5f0331c91)
Embarrasingly, I missed this one last time.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit b7870ea711)
This commit fixes the bug described in issue #8146 [1], where the
package fails to build if the boost package is selected without
selecting any of the internal non-header-only libraries.
[1]: https://github.com/openwrt/packages/issues/8146
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
(cherry-picked from 92c93ca0f4)
Forum user portuquesa raised a topic (see [1]) about being unable to use
Asterisk on his armeb xscale device. We narrowed it down to sqlite3.
Asterisk was unable to insert a simple table into its db.
In short, sqlite3 assumes little endian for every ARM device. This worked OK
for 4 Byte (unaligned) access. But once upstream (back in 2015) added a
function which accesses 2 Bytes (see [2]) this failed for some (if not all) ARM
big endian devices. ARM CPUs are bi-endian for 4 Byte reads but not for 2 Byte
reads.
This patch fixes the problem by setting the endianness adequately for
ARM targets, for both 32 bit and 64 bit varieties. The patch was applied
upstream (see [3]).
[1] https://forum.openwrt.org/t/solved-asterisk13-or-15-sqlite3-database-problem/36856
[2] 329428e208
[3] https://www.sqlite.org/src/info/b7aad929619f7043
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* include /etc/netconfig
* cleanup old patches
* update via patch to 1.0.4-rc2
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(cherry picked from commit 4896e9c36e)
Added PKG_BUILD_PARALLEL for faster compilation.
Removed PKG_FORMAT_SECURITY as it's not needed to be disabled anymore.
Removed patch as musl has been updated.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[ Upstream commit 2bc28eb40c ]
Update to 10.03.0000.
--with-unixodbc should point to the odbc_config binary, not to the top
of the install directory $(STAGING_DIR)/usr.
Acked-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Save a copy of unixodbc_conf.h in STAGING_DIR to be used by host build.
Use STAGING_DIR/tmp/unixodbc instead of include.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
For host compilation, the configure-generated config.h from the target
compilation is used in place of the host-generated file. When the
target package is compiled with clean-build, that file is gone. This
saves the file under $(STAGING_DIR), and fetch it from there.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
When copying config.h from PKG_BUILD_DIR to HOST_BUILD_DIR, LIB_PREFIX
is set to /usr/lib. Then when odbc_config is run, it reports /usr/lib
as the --lib-dir, and in --libs as well, and dependent packages may
fail. Set it to $(STAGING_DIR)/usr/lib to make it right.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
- CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
- CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
- CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
- CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
- CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
- CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
- CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
- CVE-2019-3862
Out-of-bounds memory comparison
- CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Revert the addition of build dependency in commit 2d1694ff7
to a non-existent host build of zlib.
The host build of zlib was removed already in April 2018 by
8dcd941d8b (diff-1ed408c61d79f9c6c5d197333e94ce8d)
which made zlib a build tool defined in /tools
The newly introduced build dependency causes always a warning like:
WARNING: Makefile 'package/feeds/packages/postgresql/Makefile'
has a build dependency on 'zlib/host', which does not exist
Not sure what was the error that 2d1694ff7 tried to fix,
but reference to a non-existent host build is not the solution.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit d8e61d49da)
spotted on buildbot trying postgresql/host build:
configure: error: zlib library not found
Fix this by adding zlib/host to HOST_BUILD_DEPENDS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit 2d1694ff7c)
cherry-pick and squash commits from master for GNUnet
04eb431cb libgabe: add package
7831fb63b libgabe: update to shared library version
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
cherry-pick commit 4c5d25458 libpbc: add new package
from master as GNUnet started to depend on libgabe which depends on
libpbc.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Backport and squash the following commits from master:
43ec390bd postgresql: security bump to 9.6.10
845aab78a postgresql: Update to 9.6.11
fe6597dd7 postgresql: update to version 9.6.12
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Backport and squash the following commits from master:
853e9d1c3 libextractor: Update to 1.7
1a23de5db libextractor: update to version 1.8
a50f26941 libextractor: fix PKG_HASH
6709d9b82 libextractor: update to version 1.9
Defaulting to -fPIC is a bad idea, especially for executables (here:
sqlite3-cli). In short, there are certain security implications as well
as overhead/performance penalties. Details see:
https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
The configure script is able to detect the need for PIC and adds the
flag when needed anyway (when compiling the library).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
A remote code execution vuln has been found in sqlite. Infos available
here:
https://blade.tencent.com/magellan/index_en.html
sqlite 3.26.0 contains the fix.
This commit also changes source URL to https.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This bumps libtiff's minor version from 9 to 10. In addition to the CVE
fixes that we already included this fixes:
CVE-2017-17095
CVE-2018-17101
CVE-2018-18557
The update is 100% backwards compatible, no symbol changes.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
