OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build 2018-05-21T15:47:08+00:00 2018-05-21T15:47:08+00:00 Peter Korsgaard peter@korsgaard.com 2018-05-21T13:27:20+00:00 urn:sha1:bc730557571815cbb42a52b1f26d7119d1d14ac3 Fixes the following security issues: CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks. CVE-2018-10537: An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks. CVE-2018-10538: An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. CVE-2018-10539: An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. CVE-2018-10540: An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2018-02-28T08:13:53+00:00 Peter Korsgaard peter@korsgaard.com 2018-02-27T21:26:52+00:00 urn:sha1:4de7e07e6efba7dae79a7f61f397864873272fd3 Fixes the following security issues: CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file. CVE-2018-7254: The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-07-02T22:05:18+00:00 Thomas Petazzoni thomas.petazzoni@free-electrons.com 2017-07-02T16:53:42+00:00 urn:sha1:0a2576d37ebb4175aea1daf3c14c947df39cdcaa Patches downloaded from Github are not stable, so bring them in the tree. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-04-01T13:26:57+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:38+00:00 urn:sha1:9f59b378a36ae81db2672b417a68c7358b41ccc3 We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-3c is BSD-3-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-02-19T22:05:10+00:00 Jörg Krause joerg.krause@embedded.rocks 2017-02-19T15:00:13+00:00 urn:sha1:90ef9a24bce917f8d2e9619c1ebeda92633be251 Wrap help text to fit 72 columns. Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-02-19T22:03:54+00:00 Jörg Krause joerg.krause@embedded.rocks 2017-02-19T15:00:12+00:00 urn:sha1:4bb5e380f07f21c48cb315cc385fb60f5d3c0a46 The recent bump to version 5.1.0 added a dependency on wchar: ``` import_id3.c:37:34: error: unknown type name 'wchar_t' ``` This issue has been reported upstream [1] and a fix was commited by upstream to remove the wchar dependency [2]. Fixes: http://autobuild.buildroot.net/results/9a6/9a693f5b798571917f36cfb7661e2f2638aac550/ http://autobuild.buildroot.net/results/44c/44c8227043045baf4f043da44b8129e43dfff687/ http://autobuild.buildroot.net/results/a80/a80221dcc0860046ebdf0bbf454e056b1e20df83/ .. and more. The build was successfully tested with the 'br-arm-basic-2017.02-rc1-2-g133c5ac' toolchain. [1] https://github.com/dbry/WavPack/issues/19 [2] https://github.com/dbry/WavPack/commit/876fc3f3907e871d0938ac6c8c5252f5f31abd1f Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-01-22T22:35:15+00:00 Jörg Krause joerg.krause@embedded.rocks 2017-01-22T20:39:21+00:00 urn:sha1:dbc108d6729a082d247910d1476df358570036ab Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-12-15T12:52:52+00:00 Jörg Krause joerg.krause@embedded.rocks 2016-12-15T12:44:52+00:00 urn:sha1:0dbe92b0d037bdcf40edeb29534e64bfd9a8a98b Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-10-17T14:26:11+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2015-10-17T12:28:29+00:00 urn:sha1:aec1ea344632e9283f33acdf91d70a750c0caf53 wavpack fails to link with libiconv /bin/bash ../libtool --tag=CC --mode=link /home/bernd/buildroot/br3/output/host/usr/bin/i586-buildroot-linux-uclibc-gcc -I../include -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -o wvunpack wvunpack-wvunpack.o wvunpack-utils.o wvunpack-md5.o ../src/.libs/libwavpack.la -lm libtool: link: /home/bernd/buildroot/br3/output/host/usr/bin/i586-buildroot-linux-uclibc-gcc -I../include -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -o wvunpack wvunpack-wvunpack.o wvunpack-utils.o wvunpack-md5.o ../src/.libs/libwavpack.so -lm -Wl,-rpath -Wl,/home/bernd/buildroot/br3/output/build/wavpack-4.75.2/src/.libs /home/bernd/buildroot/br3/output/host/usr/lib/gcc/i586-buildroot-linux-uclibc/4.9.3/../../../../i586-buildroot-linux-uclibc/bin/ld: wvunpack-wvunpack.o: undefined reference to symbol 'libiconv_open' using this defconfig BR2_TOOLCHAIN_BUILDROOT_WCHAR=y BR2_PACKAGE_WAVPACK=y Patch suggested by Peter: http://lists.busybox.net/pipermail/buildroot/2014-February/090596.html Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-10-17T09:36:59+00:00 Jörg Krause joerg.krause@embedded.rocks 2015-10-16T06:46:41+00:00 urn:sha1:a8886025c3c7a67d32c1771ec47eaacdfe0c2fdc Autoreconf is not necessary anymore. WavPack "autodetects" CPU type to enable ASM code. However, the assembly code for ARM is written for ARMv7 only and building WavPack for an ARM-non-v7 architecture will fail. We explicitly enable ASM for the supported architectures x86, x64 and ARMv7 and disable it for all others. Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>