<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot, branch 2017.02.1</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2017.02.1</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2017.02.1'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2017-04-05T15:18:54+00:00</updated>
<entry>
<title>Update for 2017.02.1</title>
<updated>2017-04-05T15:18:54+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-04-05T11:35:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=476067a78d4fd1ddb141a8cccc63cf3e75cbe7a3'/>
<id>urn:sha1:476067a78d4fd1ddb141a8cccc63cf3e75cbe7a3</id>
<content type='text'>
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libselinux: query for python site-packages dir directly</title>
<updated>2017-04-04T21:47:49+00:00</updated>
<author>
<name>Matt Weber</name>
<email>matthew.weber@rockwellcollins.com</email>
</author>
<published>2017-04-04T02:06:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=c836666c7b89936dbed15e350f4edf7e895c524c'/>
<id>urn:sha1:c836666c7b89936dbed15e350f4edf7e895c524c</id>
<content type='text'>
With the bump to version 2.6, the following commit needs
to be taken into consideration for overloading paths.
https://github.com/SELinuxProject/selinux/commit/8162f10e670da963eb65ccf1e7de69ea85aba30d

The PYLIBVER is no longer used and the PYTHONLIBDIR is
renamed to PYSITEDIR with slightly different pathing.

More details can be found in the issue ticket which was
marked as a non-issue after analysis that a Buildroot fix
was the resolution.
https://github.com/SELinuxProject/selinux/issues/51

Signed-off-by: Matthew Weber &lt;matthew.weber@rockwellcollins.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
(cherry picked from commit 6a6ce10eba24d43412aada7df7de2ab78e8ffee2)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>gst-ffmpeg: work-around bogus configure logic on SPARC</title>
<updated>2017-04-04T21:46:37+00:00</updated>
<author>
<name>Thomas Petazzoni</name>
<email>thomas.petazzoni@free-electrons.com</email>
</author>
<published>2017-03-22T23:04:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=f8d1e5f1ea26f7b125bfbb4338dc24ab97e76120'/>
<id>urn:sha1:f8d1e5f1ea26f7b125bfbb4338dc24ab97e76120</id>
<content type='text'>
The libav version built into the gst-ffmpeg code produces a bogus
binary on SPARC, which causes the following error of the
check-bin-arch script:

  ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstffmpeg.so is Sparc v8+, should be Sparc
  ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstpostproc.so is Sparc v8+, should be Sparc
  ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstffmpegscale.so is Sparc v8+, should be Sparc

The problem is the following bit of code in
gst-lib/ext/libav/configure:

elif enabled sparc; then

    enabled vis &amp;&amp; check_asm vis '"pdist %f0, %f0, %f0"' -mcpu=ultrasparc &amp;&amp;
        add_cflags -mcpu=ultrasparc -mtune=ultrasparc

I.e, it checks if the architecture supports the pdist
instruction... but forces -mcpu to ultrasparc while doing so. So it's
like "let's see if this Ultrasparc instruction exists when I force the
compiler to think I'm using Ultrasparc", which is non-sensical. This
has been fixed later on in libav upstream:

  https://git.libav.org/?p=libav.git;a=commit;h=6aa93689abe8c095cec9fa828c2dee3131008995

However, this commit cannot be backported as-is since the shell
function check_inline_asm did not exist in the old libav version
bundled in gst-ffmpeg.

Therefore, we take the simpler route of disabling the VIS
optimizations on SPARCv8 and Leon3.

Fixes:

  http://autobuild.buildroot.net/results/e82d179c3d4f92ad7423693a4b1d42379a3f5411/

Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
(cherry picked from commit d2b73875c3b8a6ec518c1424eaf92c1257fa40aa)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/tyrian: fixes compilation with static libs</title>
<updated>2017-04-04T21:44:51+00:00</updated>
<author>
<name>Julien BOIBESSOT</name>
<email>julien.boibessot@armadeus.com</email>
</author>
<published>2017-04-03T12:25:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=c61338a628879610671826f0aa766473023c8219'/>
<id>urn:sha1:c61338a628879610671826f0aa766473023c8219</id>
<content type='text'>
Has been tested with: "./support/scripts/test-pkg -c tyrian.cfg -p opentyrian"
Fixes: http://autobuild.buildroot.net/results/0e2345db82b33f591958fc0f72ad914adafe0522
and some similar previous build failure.

Thanks Thomas for the tip ;-).

Signed-off-by: Julien BOIBESSOT &lt;julien.boibessot@armadeus.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
(cherry picked from commit dd99f2cb7d10f20568cab22c498a9e1831b5a351)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libsoc: add host-pkgconf dependency</title>
<updated>2017-04-04T21:44:32+00:00</updated>
<author>
<name>Yegor Yefremov</name>
<email>yegorslists@googlemail.com</email>
</author>
<published>2017-04-03T08:14:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=eeec31f2a05b72c5616cbdd775b326a481ecdb39'/>
<id>urn:sha1:eeec31f2a05b72c5616cbdd775b326a481ecdb39</id>
<content type='text'>
Without pkg-config PKG_CHECK_MODULES won't be expanded
and ./configure script produces following error message:

./configure: line 12237: syntax error near unexpected token `PYTHON,'
./configure: line 12237: `	PKG_CHECK_MODULES(PYTHON, python-"$PYTHON_VERSION")'

Fixes:

http://autobuild.buildroot.net/results/86e/86e04bd2b10527130306451e56a7693ed4b4befd

Signed-off-by: Yegor Yefremov &lt;yegorslists@googlemail.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
(cherry picked from commit 8975e9f2c77c6861964906e6b5ebd894cdccf45f)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>linux-headers: bump 4.{4, 9, 10}.x series</title>
<updated>2017-04-03T08:40:55+00:00</updated>
<author>
<name>Fabio Estevam</name>
<email>festevam@gmail.com</email>
</author>
<published>2017-04-02T18:15:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=1a58c4c7b0dade55fae1fd325b5d2a129502467b'/>
<id>urn:sha1:1a58c4c7b0dade55fae1fd325b5d2a129502467b</id>
<content type='text'>
[Peter: drop 4.10.x bump]
Signed-off-by: Fabio Estevam &lt;festevam@gmail.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
(cherry picked from commit 69356afc81cee7a1b1c749274b26db507133b8d6)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>audiofile: add security patch for CVE-2017-6839</title>
<updated>2017-04-03T08:32:05+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-03-30T21:03:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=6338df7dea0dcca5c1ff2689008dd058bce677e8'/>
<id>urn:sha1:6338df7dea0dcca5c1ff2689008dd058bce677e8</id>
<content type='text'>
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka
audiofile) 0.3.6 allows remote attackers to cause a denial of service
(crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://github.com/mpruett/audiofile/issues/41

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 844a7c6281eb442881330a5d36d5a0719f2870bf)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>audiofile: add security patch for CVE-2017-6831</title>
<updated>2017-04-03T08:31:56+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-03-30T21:03:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=c9890cfa67a887bf24aea7043d912ee6e8e669c0'/>
<id>urn:sha1:c9890cfa67a887bf24aea7043d912ee6e8e669c0</id>
<content type='text'>
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in
Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
denial of service (crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp
https://github.com/mpruett/audiofile/issues/35

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit bd5f84d301c4e74ca200a9336eca88468ec0e1f3)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>audiofile: add security patch for CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838</title>
<updated>2017-04-03T08:31:48+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-03-30T21:03:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=16daa3c10dbba15bc1e2bec590c1489c967a59e0'/>
<id>urn:sha1:16daa3c10dbba15bc1e2bec590c1489c967a59e0</id>
<content type='text'>
CVE-2017-6830: A heap-based buffer overflow in the alaw2linear_buf function
in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
attackers to cause a denial of service (crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp
https://github.com/mpruett/audiofile/issues/34

CVE-2017-6834: A heap-based buffer overflow in the ulaw2linear_buf function
in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
attackers to cause a denial of service (crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp
https://github.com/mpruett/audiofile/issues/38

CVE-2017-6836: A heap-based buffer overflow in the Expand3To4Module::run
function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka
audiofile) 0.3.6 allows remote attackers to cause a denial of service
(crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h
https://github.com/mpruett/audiofile/issues/40

CVE-2017-6838: Integer overflow in sfcommands/sfconvert.c in Audio File
Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of
service (crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://github.com/mpruett/audiofile/issues/41

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 4a1a8277bba490d227f413e218138e39f1fe1203)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>audiofile: add security patch for CVE-2017-6829</title>
<updated>2017-04-03T08:31:40+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-03-30T21:03:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=5e24ed52e4513ed49810455a91c70f496efbc9cc'/>
<id>urn:sha1:5e24ed52e4513ed49810455a91c70f496efbc9cc</id>
<content type='text'>
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile)
0.3.6 allows remote attackers to cause a denial of service (crash) via a
crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp
https://github.com/mpruett/audiofile/issues/33

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 434890df2a7c131b40fec1c49e6239972ab299d2)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
</feed>
