OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2017.08 2017-07-11T19:30:52+00:00 2017-07-11T19:30:52+00:00 Peter Korsgaard peter@korsgaard.com 2017-07-11T09:02:20+00:00 urn:sha1:91f4c9d41209a19d16c9b7813facdea2e32e2015 Fixes the following security issues: CVE-2017-7890 - Buffer over-read into uninitialized memory. The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be reached with a call to the imagecreatefromstring() function) uses constant-sized color tables of size 3 * 256, but does not zero-out these arrays before use. CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229 - Out-of-bonds access in oniguruma regexp library. CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function. CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7, lack of bounds checks in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11145. While we're at it, add a hash for the license file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-07-04T23:34:03+00:00 Thomas Petazzoni thomas.petazzoni@free-electrons.com 2017-07-03T21:13:28+00:00 urn:sha1:0747f21e126d4eea94bd0ee0478612b2560fe73e This commit switches to use the new gettext logic, which involves: - using TARGET_NLS_DEPENDENCIES instead of hand-encoded dependencies on gettext/host-gettext - dropping BR2_PACKAGE_GETTEXT selection. Thanks to this, we can drop the BR2_USE_WCHAR dependency Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-06-10T21:03:52+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2017-06-10T08:43:33+00:00 urn:sha1:214a76d045f906c1a8d687b7c7e7bc85c5b09906 Propagate icu reverse dependencies. Php lacks "-std=c++11", provided by icu-config, when compiling icu support leading to a build failure: /home/peko/autobuild/instance-1/output/host/usr/sh4-buildroot-linux-uclibc/sysroot/usr/include/unicode/umachine.h:347:13: error: 'char16_t' does not name a type typedef char16_t UChar; Fixes http://autobuild.buildroot.net/results/238/238d0e4bb205c0e7288903c6498e6c1787d86a1b/ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-06-10T21:02:47+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2017-06-10T08:24:53+00:00 urn:sha1:0b5d531e6d6c79d4165d4f8f2d1e1d848bfcf7a6 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-15T21:07:48+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2017-05-12T12:45:14+00:00 urn:sha1:f9aee682f9db9ee367afb4e3876d20c6a7ca4dc3 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-05-01T17:01:15+00:00 Adam Duskett Aduskett@gmail.com 2017-04-22T17:18:02+00:00 urn:sha1:289137ed619e134f3f57584ecbd93ad76d7ed197 The check-package script when ran gives warnings on ordering issues on all of these Config files. This patch cleans up all warnings related to the ordering in the Config files for packages starting with the letter p in the package directory. The appropriate ordering is: type, default, depends on, select, help See http://nightly.buildroot.org/#_config_files for more information. Signed-off-by: Adam Duskett <Adamduskett@outlook.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-04-18T15:39:20+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2017-04-18T10:15:21+00:00 urn:sha1:9f6357117b7a2b1ef747183834444030a5298478 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-04-01T20:39:19+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-04-01T19:06:31+00:00 urn:sha1:e066bfa66487f5754ab69a750f49866ace3f4c72 As per LICENSE file, php uses PHP license version 3.01. Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-03-16T21:11:44+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2017-03-16T15:53:33+00:00 urn:sha1:fca8df85c116a1ee455ba484d102fff4c869df3c Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-03-10T16:19:02+00:00 Peter Korsgaard peter@korsgaard.com 2017-03-10T12:11:06+00:00 urn:sha1:34d19a23ad8d46166a83da9cd84910ae1c5b2a43 7.1.2 is a bugfix release, fixing a number of issues: http://www.php.net/ChangeLog-7.php#7.1.2 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>