| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE identifiers: CVE-2019-6212,
CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226,
CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, and CVE-2019-6234.
Additionally, it contains a few minor fixes.
Release notes can be found in the announcement:
https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html
More details on the issues covered by securit fixes can be found
in the corresponding security advisory:
https://webkitgtk.org/security/WSA-2019-0001.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
| |
python 2.7 is required by the cmake stuff.
bison & flex are not used in the webkitgtk tree.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
| |
fixed upstream by https://trac.webkit.org/changeset/220007/webkit
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE identifiers: CVE-2018-4437,
CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, and
CVE-2018-4464. Additionally, it fixes a couple of build failures in
unusual build configurations.
Release notes can be found in the announcement:
https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html
More details on the issues covered by security fixes can be found
in the corresponding security advisory:
https://webkitgtk.org/security/WSA-2018-0009.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE-2018-4345, CVE-2018-4372,
CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,
CVE-2018-4382, CVE-2018-4386, CVE-2018-4392, and CVE-2018-4416.
Additionally, it fixes a few build failures, and a crash when using
certain version of Cairo.
Release notes can be found in the announcement:
https://webkitgtk.org/2018/11/21/webkitgtk2.22.4-released.html
More details on the issues covered by security fixes can be found
in the corresponding security advisory:
https://webkitgtk.org/security/WSA-2018-0008.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently JavaScriptCore does not support JIT on MIPS32 R6, so remove
it from the list of supported architectures. Reported upstream:
https://bugs.webkit.org/show_bug.cgi?id=191258
This fixes the following autobuilder failure:
http://autobuild.buildroot.net/results/eeaf3edbf6f5bf468b10adc3d053f703c6ceba96/
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release notes:
https://webkitgtk.org/2018/10/29/webkitgtk2.22.3-released.html
Patch "0001-ARM-Building-FELightingNEON.cpp-fails-due-to-missing.patch"
is removed because it is included in the new release.
This is a maintenance release which further improves playback of video
when using media source extensions (MSE), specially for WebM content,
and provides a few correctness fixes.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This covers the case where GL/GLES is available (so -DENABLE_OPENGL=ON
gets passed), which makes the webkitgtk build system assume GStreamer-GL
is available, while actually it is not.
Also, providing an option to manually disable usage of GStremer-GL can
help with certain target configurations in which using OpenGL for video
handling might result in incorrect rendering.
This fixes some autobuilder failures like the following:
http://autobuild.buildroot.net/results/187796535af53ece426641ff7d88aabada281674
http://autobuild.buildroot.net/results/00c1a8ea23a99728a4f3f4478705f2383414ae41
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
| |
WebKitGTK+ is known to work on all 32-bit MIPS R2 processors
or newer, in little-endian mode.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
| |
64-bit ARM is well supported, particularly in little-endian
configurations, where JavaScriptCore JIT can be enabled as well.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
|
| |
This is done in preparation to enable the JavaScriptCore JIT support
for more platforms. Having the logic in Config.in scales better than
checking in the .mk file.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The woff2 dependency is used to support Web fonts in WOFF2 format.
This is a Web-facing feature that Web sites expect WebKit to support,
and it is recommended to be unconditionally enabled. While it is
possible to disable the feature at build time, upstream only recommends
doing so if the target system cannot provide a woff2 package.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release notes:
https://webkitgtk.org/2018/09/03/webkitgtk2.22.0-released.html
https://webkitgtk.org/2018/09/20/webkitgtk2.22.1-released.html
https://webkitgtk.org/2018/09/21/webkitgtk2.22.2-released.html
No corresponding security advisories for 2.22.x have been published.
Nevertheless, due to skipping over versions in the 2.20.x series,
the following 2.20.x advisories apply:
https://webkitgtk.org/security/WSA-2018-0003.html
https://webkitgtk.org/security/WSA-2018-0004.html
https://webkitgtk.org/security/WSA-2018-0005.html
https://webkitgtk.org/security/WSA-2018-0006.html
This also bumps the required GCC version, due to the WebKit code
now using more modern C++ features which were introduced in version
6.x of the compiler. The dependency is propagated to the midori
package as well. Last but not least, BR2_PACKAGE_WEBP_DEMUX and
BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_MPEGTSDEMUX are selected as
they are unconditionally needed by the newer WebKitGTK+ releases
when multimedia support is enabled.
An upstream patch for 32-bit ARM which did not make it to be included
in this new version is included as well, and can be removed once it
gets picked in a new release.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE-2018-4088, CVE-2017-13885,
CVE-2017-7165, CVE-2017-13884, CVE-2017-7160, CVE-2017-7153,
CVE-2017-7153, CVE-2017-7161, and CVE-2018-4096. Additionally, it solves
a GStreamer deadlock when stopping video playback, and contains fixes
and improvements for the WebDriver implementation.
Release notes can be found in the announcement:
https://webkitgtk.org/2018/01/24/webkitgtk2.18.6-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
| |
Nowadays libtasn1 is always required and if not present the CMake
configuration step would fail.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a maintenance release of the current stable WebKitGTK+ version,
which contains mitigations for CVE-2017-5753 and CVE-2017-5715, the
vulnerabilities known as the "Spectre" attack. It also contains a fix
which allows building the reference documentation with newer gtk-doc
versions.
Release notes can be found in the announcement:
https://webkitgtk.org/2018/01/10/webkitgtk2.18.5-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a maintenance release of the current stable WebKitGTK+ version,
which contains fixes for CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, and
CVE-2017-13856. Additionally, this release brings improvements in the
WebDriver spec-compliance, plugs several memory leaks in its GStreamer based
multimedia backend, and fixes a bug when handling cookie removal.
Release notes can be found in the announcement:
https://webkitgtk.org/2017/12/19/webkitgtk2.18.4-released.html
More details about the security fixes are provided in the following
WebKitGTK+ Security Advisory report:
https://webkitgtk.org/security/WSA-2017-0010.html
Last but not least, this new release includes the fix for honoring the
CMAKE_BUILD_TYPE value from CMake toolchain files and the corresponding
patch is removed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes the warnings reported by check-package on the help
text of all package Config.in files, related to the formatting of the
help text: should start with a tab, then 2 spaces, then at most 62
characters.
The vast majority of warnings fixed were caused by too long lines. A
few warnings were related to spaces being used instead of a tab to
indent the help text.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make WebKitGTK+ honor the value of CMAKE_BUILD_TYPE defined in the CMake
toolchain file by backporting the following upstream WebKit patch:
https://trac.webkit.org/changeset/225168
This reduces the generated binary sizes when building in "Release" mode
(BR2_ENABLE_DEBUG=n), for example when targeting ARMv8 the size reduction
is ~17 MiB.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a maintenance release of the current stable WebKitGTK+ version,
which contains a minor rendering fix, another for the WebDriver
implementation, and security fixes for CVE-2017-13798, CVE-2017-13788,
and CVE-2017-13803.
Release notes:
https://webkitgtk.org/2017/11/10/webkitgtk2.18.3-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a maintenance release of the current stable WebKitGTK+ version,
which contains bugfixes; mostly for crashes and rendering issues, plus
one important fix for the layout or Arabic text.
Release notes:
https://webkitgtk.org/2017/10/27/webkitgtk2.18.2-released.html
Even though an acconpanying security advisory has not been published
for this release, the release contains fixes for several crashes (one
of them for the decoder of the very common GIF image format), which
arguably can be considered potential security issues.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a maintenance release of the current stable WebKitGTK+ version,
which contains bugfixes (many of them related to rendering, plus one
important fix for touch input) and many security fixes.
Release notes:
https://webkitgtk.org/2017/10/18/webkitgtk2.18.1-released.html
Fixes CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090,
CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094,
CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099,
CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107,
CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120,
CVE-2017-7142:
https://webkitgtk.org/security/WSA-2017-0008.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
| |
Version 2.18.x includes support for remotely controlling WebKitGTK+
based browsers using the standard WebDriver API. Typically this is used
by Web developers, and in most cases it will be desirable to disable it
from builds.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release notes:
https://webkitgtk.org/2017/09/11/webkitgtk2.18.0-released.html
No corresponding WebKit Security Advisory (WSA) has been published.
All patches have been applied upstream.
This also bumps the required target GCC version, due to the WebKit code
now using more modern C++ features which were introduced in version
5.x of the compiler.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[Arnout:
- propagate dependency to midori;
- mention in commit message why patches were removed.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This solves build failures caused by WebKit trying to include X11 headers
when support for X11 is disabled in Mesa3D. A common situation is when
configuring both GTK+ and WebKitGTK+ only with Wayland support.
Once the fix for https://bugs.webkit.org/show_bug.cgi?id=175125 makes it
into a release, the patch can be dropped.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
|
| |
|
|
|
|
|
|
| |
This includes a slightly modified version of the patch for bug
https://bugs.webkit.org/show_bug.cgi?id=174940
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
| |
Explicitly pass "-DENABLE_MEDIA_STREAM=OFF" to CMake, to workaround a
missing feature dependency in the WebKitGTK+ build files.
Related upstream bug: https://bugs.webkit.org/show_bug.cgi?id=174940
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The two added patches allow building WebKitGTK+ when the compiler
scpecifically targets ARMv8-A, and reports as such be pre-defining
__ARCH_ARM_8A__ instead of just __ARCH_ARM_8__. Both patches were
pulled from the corresponding upstream bug reports and edited to
remove the conflicting parts which edit the ChangeLog files.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
CVE-2017-7018 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7030 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7034 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7037 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7039 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7046 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7048 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7055 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7056 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7061 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7064 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
The issue involves the "WebKit" component. It allows attackers to bypass
intended memory-read restrictions via a crafted app.
For more details, see the announcement:
https://webkitgtk.org/2017/07/24/webkitgtk2.16.6-released.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Adrian Perez de Castro" <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
| |
Version 2.16.5 of WebKitGTK+ already includes the fix added by the
removed patch, which is now unneeded.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
| |
Libgrcrypt is a direct dependency of WebKitGTK+, and as such it
should be selected.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: add missing dependency on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
| |
This simply updates to the latest stable release. WebKitGTK+ versions
in the 2.1x series avoid bumping the dependencies in order to allow
distributions to provide updates, therefore no new dependencies are
needed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
http://autobuild.buildroot.net/results/821/821eae7add252e3711ed069a2d292a04427fa43b/
Commit 87f43c3403 (package/icu: needs host gcc >= 4.8) added a new toolchain
dependency to icu, but didn't propagate it to the reverse dependencies of
icu.
Some of these have been fixed in later commits, but not all.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The gnutils code uses __attribute__((constructor)) and
__attribute__((destructor)) to call constructor/desctructor when a
shared library is loaded.
Constructor/desctructor are not used when a static library is used
(except when if -Wl,--whole-archive -lgnutls -Wno-whole-archive is
used, not tested).
Even if gnutls initialization (_gnutls_global_init()) may be
called manually, the gnutls maintainer said it's not supported [1].
"Note that static linking applications with gnutls is not something
supported. gnutls relies on library constructors and destructors
which are not loaded when linking statically."
Now the gnutls script warns about static linking [2].
So disable gnutls statically by adding "depends on !BR2_STATIC_LIBS"
at Kconfig level and --disable-static in GNUTLS_CONF_OPTS.
Fixes:
[taskd] http://autobuild.buildroot.net/results/c2d/c2dd5c1c9dc87d2943c15e58ee56e67d7375368c
[ffmpeg] http://autobuild.buildroot.net/results/892/8926d319d6d1cd1ee72239ad7d9ca869d2355628
[sngrep] http://autobuild.buildroot.net/results/f7f/f7fb42d3742f6f01000a0d181e0c785640284405
[1] https://gitlab.com/gnutls/gnutls/issues/203
[2] https://gitlab.com/gnutls/gnutls/commit/6b748886799f88ddee9721dba4fc4d52854832ae
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Romain: merge our two patches together
add some option comment
disable static libgnutls.a
add sngrep autobuilder reference]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: do not disable libgnutls.a]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-2c is BSD-2-Clause.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-2c/BSD-2-Clause/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
[Thomas: add upstream patch description in the patch.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
CVE-2016-4590 - mishandles about: URLs, which allows remote attackers to
bypass the Same Origin Policy via a crafted web site.
CVE-2016-4591 - mishandles the location variable, which allows remote
attackers to access the local filesystem via unspecified vectors.
CVE-2016-4622 - allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via a crafted web site, a
different vulnerability than CVE-2016-4589, CVE-2016-4623, and
CVE-2016-4624.
CVE-2016-4624 - allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via a crafted web site, a
different vulnerability than CVE-2016-4589, CVE-2016-4622, and
CVE-2016-4623.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following the removal of eglibc support, this commit replaces all
occurences of "(e)glibc" by just "glibc". Most of the occurences are in
package Config.in comments.
In addition, when the form "an (e)glibc ..." was used, it is replaced by
"a glibc ...".
[Peter: add new efi* packages, s/uclibc/uClibc as suggested by Romain,
systemd / liquid-dsp tweaks as suggested by Yann]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes:
CVE-2016-1856 - allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via a crafted web site
CVE-2016-1857 - allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via a crafted web site
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
|
Add the latest 2.12.x upstream stable branch.
Both 2.4.x and 2.12.x can live side-by-side, however only the latest
stable branch/releases are security-maintained, so add it unslotted.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
