<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package, branch 2017.11.2</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2017.11.2</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2017.11.2'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2018-01-21T20:19:55+00:00</updated>
<entry>
<title>package/xen: Force disable SDL for xen-qemu build</title>
<updated>2018-01-21T20:19:55+00:00</updated>
<author>
<name>Alistair Francis</name>
<email>alistair.francis@xilinx.com</email>
</author>
<published>2018-01-18T21:52:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=fd656bcec4c584795103e35bfd13c29c4e077d56'/>
<id>urn:sha1:fd656bcec4c584795103e35bfd13c29c4e077d56</id>
<content type='text'>
Fixes autobuilder issue:
http://autobuild.buildroot.net/results/8bcb80dc93d38bb38ca32ad93d52c22d1176d57e/

Signed-off-by: Alistair Francis &lt;alistair.francis@xilinx.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit a5dd72181e1a79ffe65c788a2c1db9acdf6aa933)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>rpcbind: Backport fixes to memory leak security fix</title>
<updated>2018-01-21T20:18:25+00:00</updated>
<author>
<name>Ed Blake</name>
<email>ed.blake@sondrel.com</email>
</author>
<published>2018-01-18T18:05:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=637f2b5e121bc7e1c9a96d0b6d636e4ef237a4ee'/>
<id>urn:sha1:637f2b5e121bc7e1c9a96d0b6d636e4ef237a4ee</id>
<content type='text'>
Commit 954509f added a security fix for CVE-2017-8779, involving
pairing all svc_getargs() calls with svc_freeargs() to avoid a memory
leak.  However it also introduced a couple of issues:

- The call to svc_freeargs() from rpcbproc_callit_com() may result in
  an attempt to free static memory, resulting in undefined behaviour.

- A typo in the svc_freeargs() call from pmapproc_dump() causes NIS
  (aka ypbind) to fail.

Backport upstream fixes for these issues to version 0.2.3.

Signed-off-by: Ed Blake &lt;ed.blake@sondrel.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
(cherry picked from commit 5a9a95d0eb15c189f1361c12c105eb0ba8842c77)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>iputils: fix ping and traceroute6 executable permissions</title>
<updated>2018-01-21T20:17:41+00:00</updated>
<author>
<name>Einar Jon Gunnarsson</name>
<email>tolvupostur@gmail.com</email>
</author>
<published>2018-01-13T20:19:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=371d7e8495a46d800c4c7322c5c1d09612ed181c'/>
<id>urn:sha1:371d7e8495a46d800c4c7322c5c1d09612ed181c</id>
<content type='text'>
The iputils executables are installed without the setuid bit set,
which prevents some programs from working.

This patch adds a permission table to fix the permissions of the ping
and traceroute6 executables.

Signed-off-by: Einar Jon Gunnarsson &lt;tolvupostur@gmail.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
(cherry picked from commit b0e2d00289eeb1a7201ba49e5cedfd3175f92140)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>linux-headers: bump 4.{4, 9, 14}.x series</title>
<updated>2018-01-21T20:15:50+00:00</updated>
<author>
<name>Fabio Estevam</name>
<email>fabio.estevam@nxp.com</email>
</author>
<published>2018-01-17T11:24:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=71c80c0b690a4adfe298ebb581e81791cc831edc'/>
<id>urn:sha1:71c80c0b690a4adfe298ebb581e81791cc831edc</id>
<content type='text'>
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam &lt;fabio.estevam@nxp.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
(cherry picked from commit f8fc447c20745bf851ceba8ac0963439103acb0e)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>bind: security bump to version 9.11.2-P1</title>
<updated>2018-01-21T20:14:37+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2018-01-17T07:42:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=9ced00d68602f4611e3ba0264abd7089346a8238'/>
<id>urn:sha1:9ced00d68602f4611e3ba0264abd7089346a8238</id>
<content type='text'>
Fixes the following security issue:

CVE-2017-3145: Improper sequencing during cleanup can lead to a
use-after-free error, triggering an assertion failure and crash in
named.

For more details, see the advisory:
https://lists.isc.org/pipermail/bind-announce/2018-January/001072.html

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
(cherry picked from commit d72a2b9247d885c4fc5c2ca6066d3ae6a27a8653)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>linux-firmware: fix install for Chelsio T[45]</title>
<updated>2018-01-16T22:24:13+00:00</updated>
<author>
<name>Ricardo Martincoski</name>
<email>ricardo.martincoski@gmail.com</email>
</author>
<published>2018-01-16T01:53:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=2ab9c34961624f01b433939a48dc70ddd66f3cd5'/>
<id>urn:sha1:2ab9c34961624f01b433939a48dc70ddd66f3cd5</id>
<content type='text'>
It's broken since 1c9846ec "linux-firmware: Bump to the latest version"

Fix it by updating the name of the file to install.
Do not use * since it would install also old versions that would take
1MB extra space in the target.

Signed-off-by: Ricardo Martincoski &lt;ricardo.martincoski@gmail.com&gt;
Cc: Peter Korsgaard &lt;peter@korsgaard.com&gt;
Cc: Yann E. MORIN &lt;yann.morin.1998@free.fr&gt;
Cc: Yegor Yefremov &lt;yegorslists@googlemail.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/ti-cgt-pru: bump to 2.2.1</title>
<updated>2018-01-16T19:33:45+00:00</updated>
<author>
<name>Romain Naour</name>
<email>romain.naour@gmail.com</email>
</author>
<published>2018-01-09T20:13:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=4c2d4737801917115bc64f3d64a2820837a5e5db'/>
<id>urn:sha1:4c2d4737801917115bc64f3d64a2820837a5e5db</id>
<content type='text'>
See: http://www.ti.com/tool/download/PRU-CGT-2-2

The ti-cgt-pru v2.1.x installer are affected by a bug with recent
distribution (Fedora 27 and Ubuntu 17.10) using kernel 4.13 or 4.14
with a glibc 2.26.
The installer is stuck in a futex(wait) system call.

While at it, add license hash.

Fixes:
http://autobuild.buildroot.net/results/68f/68f60ad38d9b6eae83b5d233966616a25d8c9391

Signed-off-by: Romain Naour &lt;romain.naour@gmail.com&gt;
Cc: Ash Charles &lt;ash.charles@savoirfairelinux.com&gt;
Cc: Matthew Weber &lt;matthew.weber@rockwellcollins.com&gt;
Tested-by: Matt Weber &lt;matthew.weber@rockwellcollins.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
(cherry picked from commit 0e162b932d67668a4f075da803efb62b01ec917d)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>mcookie: correct wrong memset argument</title>
<updated>2018-01-16T18:45:05+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2018-01-10T22:03:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=c57572b95e9da33c1367e3706f4191147c9ad4c4'/>
<id>urn:sha1:c57572b95e9da33c1367e3706f4191147c9ad4c4</id>
<content type='text'>
Fixes #10216

Building mcookie generates a warning about possible wrong arguments to
memset:

mcookie.c:207:26: warning: argument to ‘sizeof’ in ‘memset’ call is the same expression
  as the destination; did you mean to dereference it? [-Wsizeof-pointer-memaccess]
     memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */

ctx is a pointer to a structure, so the code should use the size of the
structure and not the size of the pointer when it tries to clear the
structure, similar to how it got fixed upstream back in 2009:

https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/lib/md5.c?id=6596057175c6ed342dc20e85eae8a42eb29b629f

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 40f4191f2a1246b792ffc0c02b6c9bd2d62649f2)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>lz4: install programs as well as libraries</title>
<updated>2018-01-16T18:44:55+00:00</updated>
<author>
<name>Thomas Petazzoni</name>
<email>thomas.petazzoni@free-electrons.com</email>
</author>
<published>2018-01-10T22:40:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=2e18e017c53441c634e539463de9e11266913185'/>
<id>urn:sha1:2e18e017c53441c634e539463de9e11266913185</id>
<content type='text'>
Prior to commit 8ad38a4fc2007df4bee9a941aed46c8771b6a84c
("package/lz4: bump version to r131"), the lz4 package was installing
both libraries and programs, but this commit changed the behavior to
only install libraries.

The contributor might have been confused by the fact that the build
command was "$(MAKE) ... -C $(@D) liblz4", suggesting that only the
library was built. But since the install command was "$(MAKE) ... -C
$(@D) install", the programs were effectively built as part of the
install step, and installed as well.

Since it makes sense for lz4 to also installs its programs, this
commit adjusts the package accordingly.

It is worth mentioning that using the "all" target during the build
step is important. Indeed, otherwise the programs/Makefile has a
"default" target that doesn't build everything (especially the lz4c
program) and it end up being built as part of the install step, due to
how the makefile dependencies are handled in the lz4 project. To make
sure that everything gets built during the build step, we explicitly
use the "all" target.

Fixes bug #9996

Reported-by: Jamin Collins &lt;jamin.collins@gmail.com&gt;
Initial-analysis-by: Arnout Vandecappelle &lt;arnout@mind.be&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 6f1c11f79a64387c1f1749550804f8aae0cfa7a7)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>busybox: don't remove S01logging when CONFIG_SYSLOGD is disabled</title>
<updated>2018-01-16T18:43:50+00:00</updated>
<author>
<name>Thomas Petazzoni</name>
<email>thomas.petazzoni@free-electrons.com</email>
</author>
<published>2018-01-10T22:03:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=6c97236d04e7ec493dedf91030afa649f8303572'/>
<id>urn:sha1:6c97236d04e7ec493dedf91030afa649f8303572</id>
<content type='text'>
The current busybox.mk explicitly removes S01logging if CONFIG_SYSLOGD
is disabled in the Busybox configuration. However:

 - This causes the removal of the S01logging script potentially
   installed by another package (currently syslog-ng, rsyslog and
   sysklogd can all install a S01logging script).

 - We generally don't try to clean-up stuff that we may have installed
   in a previous make invocation and that is no longer needed
   following a configuration change.

Fixes bug #10176

Reported-by: Karl Krach &lt;mail@kkrach.de&gt;
Fix-provided-by: Karl Krach &lt;mail@kkrach.de&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
(cherry picked from commit 84e835ea9261b3e844f1a18489dd89253e3eb839)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
</feed>
