Commit Graph

1111 Commits

Author SHA1 Message Date
Hirokazu MORIKAWA 20984d673e icu: fix CVE-2017-15422
[lede-17.01]

Maintainer: me

Compile tested: ar71xx, mips_24kc_gcc-5.4.0_musl-1.1.16, lede-17.01 r3863-fad29d2
Run tested: NONE

Description:
CVE-2017-15422 : integer overflow in icu
https://security-tracker.debian.org/tracker/CVE-2017-15422

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2018-03-27 17:05:45 +09:00
champtar 56331e808f Merge pull request #5492 from micmac1/fix-sqlite3-on-uclibc
sqlite3 [lede-17.01]: fix uClibc builds
2018-01-31 07:55:37 -08:00
Sebastian Kemper b8e6fc3eb7 sqlite3: fix uClibc builds
When compiling against uClibc on lede-17.01 it's detected in the linking
phase that '__isnan' is nowhere to be found:

sqlite3-sqlite3.o: In function `serialGet':
sqlite3.c:(.text+0x6364): undefined reference to `__isnan'
sqlite3-sqlite3.o: In function `sqlite3_result_double':
sqlite3.c:(.text+0x10faa): undefined reference to `__isnan'
sqlite3-sqlite3.o: In function `sqlite3VXPrintf':
sqlite3.c:(.text+0x175ca): undefined reference to `__isnan'
sqlite3-sqlite3.o: In function `sqlite3_bind_double':
sqlite3.c:(.text+0x1b0ac): undefined reference to `__isnan'
sqlite3-sqlite3.o: In function `sqlite3VdbeExec':
sqlite3.c:(.text+0x3b77e): undefined reference to `__isnan'
collect2: error: ld returned 1 exit status

To fix this libm needs to be linked in as well in the uClibc case. So
add libm ('-lm') to the TARGET_LDFLAGS accordingly.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-01-30 20:48:45 +01:00
Nikos Mavrogiannopoulos acc974f84c p11-kit: disable trust module
This allows prevents build error due to trust-paths not being
specified. The trust module was not being used in openwrt.

Resolves #5528

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2018-01-30 20:36:51 +01:00
Sebastian Kemper 4e93c8bf46 tiff: version bump to address open CVEs
- Version bump to 4.0.9, as otherwise ca. a dozen patches would need
  to be added to fix the open CVEs. There have been no API/ABI
  changes between 4.0.6 and 4.0.9, so this is OK.
- Adds patches copied from Debian for CVE-2017-18013 and CVE-2017-9935
  on top.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-01-30 15:17:42 +01:00
Sebastian Kemper 2847e03934 libxslt: add patches copied from Debian to fix CVEs
- there are multiple open CVEs, this adds patches for them
- adds --disable-silent-rules for verbose build output

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-01-30 15:09:51 +01:00
Sebastian Kemper 902542faa0 libssh: fix zlib detection
- currently zlib is never detected, although there is a dependency on
  it, fix that.
- change links from http to https

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-01-30 15:06:08 +01:00
Sebastian Kemper dc7f2ccad2 alsa-lib: fix uClibc builds
Currently alsa-lib fails to build on uClibc:

parser.c: In function 'snd_tplg_build_file':
parser.c:262:35: error: 'S_IRUSR' undeclared (first use in this function)
   open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
                                   ^
parser.c:262:35: note: each undeclared identifier is reported only once for each function it appears in
parser.c:262:45: error: 'S_IWUSR' undeclared (first use in this function)
   open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
                                             ^
parser.c: In function 'snd_tplg_build':
parser.c:330:35: error: 'S_IRUSR' undeclared (first use in this function)
   open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
                                   ^
parser.c:330:45: error: 'S_IWUSR' undeclared (first use in this function)
   open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
                                             ^
Makefile:390: recipe for target 'parser.lo' failed

Fix this by adding an upstream fix as a backport.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-01-27 11:49:02 +01:00
Daniel Golle eb3a0d828e postgresql: update to version 9.5.10
Contains fixes for
 * CVE-2017-15099
 * CVE-2017-15098
 * CVE-2017-12172
 * CVE-2017-7548
 * CVE-2017-7547
 * CVE-2017-7546
 * CVE-2017-7486
 * CVE-2017-7485
 * CVE-2017-7484

Note that some fixes apply for newly created databases only!
To mitigate CVE-2017-7486 and CVE-2017-7547 in existing databases,
a procedure described in the the release notes of PostgreSQL 9.5.8
is necessary!

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-01-05 00:20:31 +01:00
Rosen Penev 81571ac0ef gnutls: Use HTTPS instead of FTP
While recently building asterisk, the make system stalled on gnutls. On my install of Ubuntu 16.04 on WSL, it seems curl can't download from ftp and doesn't even time out properly. Easiest solution is to switch the gnutls Makefile to use HTTPS instead.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-12-30 22:31:17 +01:00
Nikos Mavrogiannopoulos f2131de798 gnutls: updated to 3.5.16
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-11-04 23:41:09 +01:00
Etienne Champetier 9ce3deb840 sqlite3: update to 3.19.3
fix possible database corruption
https://www.sqlite.org/releaselog/3_19_3.html

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2017-10-25 11:36:18 -07:00
Daniel Engberg 6bca857952 libs/sqlite3: Update to 3190200
Update sqlite to 3190200
Remove obsolete tarball hash variable

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-10-25 11:36:18 -07:00
Ian Leonard 0a279576a9 sqlite: update to 3.17.0
Signed-off-by: Ian Leonard <antonlacon@gmail.com>
2017-10-25 11:36:18 -07:00
Karl Palsson 58a1a733e5 libwebsockets: add PROVIDES to both variants
Fixed recently in master as part of upgrading, but the same issue
applies to 17.01.  The two variant packages both now PROVIDE
libwebsockets, the virtual package.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-10-25 11:15:12 +00:00
Hirokazu MORIKAWA e967fd8ca8 icu: fix CVE-2017-14952 Double-Free Vulnerability [lede-17.01]
http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/

https://security-tracker.debian.org/tracker/CVE-2017-14952

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2017-10-24 02:34:06 -05:00
Steven Hessing 9040b270b5 noddos: new backport of noddos from master branch
Signed-off-by: Steven Hessing <steven.hessing@gmail.com>
2017-10-07 21:24:43 -07:00
Thomas Heil a6a44f91f3 pcre: Added fix for CVE-2017-11164 by adding stack recursion limit
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
2017-09-03 15:15:20 +02:00
Thomas Heil 1434dbdf55 pcre: upgrade to version 8.41
- fixes security issues

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
2017-09-03 15:15:20 +02:00
Nikos Mavrogiannopoulos e8af9ce46e gnutls: updated to 3.5.13
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-06-18 13:26:24 +02:00
Nikos Mavrogiannopoulos 4c26df19ad libtasn1: updated to 4.12
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-06-18 13:26:24 +02:00
W. Michael Petullo ca5d4b08e5 openldap: update to 2.4.45
Fixes CVE-2017-9287

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2017-06-14 18:31:29 -04:00
Hannu Nyman 14f08bc825 Merge pull request #4443 from MikePetullo/lede-17.01-libdmapsharing
libdmapsharing: update to 2.9.38
2017-06-06 09:50:51 +03:00
W. Michael Petullo 33d8f9e567 libdmapsharing: update to 2.9.38
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2017-06-05 17:28:29 -04:00
Nikos Mavrogiannopoulos 73011d3a90 gnutls: updated to 3.5.11
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-05-08 05:58:42 +02:00
Hirokazu MORIKAWA bb0828957d [lede-17.01] icu: fix CVE-2017-7867 CVE-2017-7868
icu: CVE-2017-7867 CVE-2017-7868: Heap-buffer-overflow in utf8TextAccess

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>

icu: increase PKG_RELEASE
2017-04-19 18:12:56 +09:00
Thomas Heil 94987aaff7 [libs/pcre]: fix CVE-2017-7186
Fix CVE-2017-7186 mentioned in https://bugs.exim.org/show_bug.cgi?id=2052

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
2017-03-27 10:06:32 +02:00
Nikos Mavrogiannopoulos 01c15dc2ce gnutls: updated to 3.5.9
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-02-12 11:28:17 +01:00
Daniel Engberg 225ced086e libs/gnutls: Don't link libidn unintentionally
Fixes compilation reported by by buildbots.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit c7c951eada)
2017-02-08 10:46:57 +02:00
Ian Leonard 92541f9171 opus: update to 1.1.4
Includes fix for CVE 2017-0381.

Assume maintainership.

Signed-off-by: Ian Leonard <antonlacon@gmail.com>
2017-02-07 17:45:41 +01:00
heil 7d74e5e9d8 package: pcre bump to version 8.40
Signed-off-by: heil <heil@terminal-consulting.de>
2017-02-05 20:10:03 +01:00
Kevin Darbyshire-Bryant 2232cedc17 libidn: install libidn.pc in staging area & refresh patches
libidn.pc file was missing in package staging area causing build
failures for other packages expecting to find libidn package config
files.

refreshed patches to clear existing patch fuzz

take over maintainership

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-05 19:52:32 +01:00
p-wassi 0f4b5c25b8 libs/liboping: update to 1.9.0
Update liboping/oping/noping to upstream release 1.9.0
Also introduce new location of downloads and correct
the licence to LGPL-2.1+ (as seen in liboping's README)

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2017-02-05 19:36:51 +01:00
Luiz Angelo Daros de Luca 28d1e7b77b libvpx: bump to 1.6.1
v1.6.1:
- Faster VP9 encoding and decoding
- Bug Fixes

Now the ABI_VERSION is derived from PKG_VERSION

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2017-01-25 23:14:49 -02:00
Vladimir Ulrich 5cb98f890e [libs/fftw3] Updated to version 3.3.6
Signed-off-by: Vladimir Ulrich <admin@evl.su>
2017-01-16 01:19:10 +03:00
Nikos Mavrogiannopoulos 4563af5d95 gnutls: updated to 3.5.8
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-01-15 21:32:38 +01:00
Luka Perkov ee9b3f8e7e libuv: bump to 1.10.2
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
2017-01-15 19:30:03 +01:00
Matthias Schiffer ee211f94ec libxslt: revert $(STAGING_DIR_HOSTPKG) to $(STAGING_DIR)/host where appropriate
Host files installed in Build/InstallDev are target-specific and will stay
in $(STAGING_DIR)/host after the STAGING_DIR_HOSTPKG unification.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-14 19:01:13 +01:00
Matthias Schiffer 68699b6811 libgpg-error: revert $(STAGING_DIR_HOSTPKG) to $(STAGING_DIR)/host where appropriate
Host files installed in Build/InstallDev are target-specific and will stay
in $(STAGING_DIR)/host after the STAGING_DIR_HOSTPKG unification.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-14 19:01:11 +01:00
Ted Hess 1c2107e462 libshout: Update to 2.4.1. Create -nossl variant
Signed-off-by: Ted Hess <thess@kitschensync.net>
2017-01-13 17:01:43 -05:00
Ted Hess 867453bd52 Merge pull request #3785 from diizzyy/patch-17
libs/libstrophe: Fix source tarball filename
2017-01-13 13:37:05 -05:00
Peter Wagner e7e68c08ba glib2: add --enable-libmount=no to HOST_CONFIGURE_ARGS
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2017-01-13 19:14:28 +01:00
Peter Wagner ae19abe330 glib2: update to 2.50.2
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2017-01-13 09:40:56 +01:00
Matthias Schiffer 3823ef9bc4 Merge pull request #3813 from NeoRaider/hostpkg
Use STAGING_DIR_HOSTPKG where appropriate
2017-01-11 21:54:09 +01:00
Hannu Nyman 89d23ead80 Merge pull request #3703 from nxhack/icu-update-to-v58_2
icu: Bumped to v58.2
2017-01-11 09:38:20 +02:00
Hirokazu MORIKAWA 67b5e98f5b icu: Bumped to v58.2
Maintainer: @nxhack
Compile tested: ar71xx mips_24kc_musl-1.1.15 LEDE r2610-324bdf3
Run tested: NONE

Description:
icu: Bumped to v58.2
for emoji handling

previous PR #2817

add patches/001-disable-strtod_l.patch
missing xlocale.h in case of using musl.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2017-01-11 11:13:35 +09:00
Daniel Golle 5589f9aa15 Merge pull request #3814 from thess/libextractor-update
libextractor: Add Debian ffmpeg api updates. Fix gstreamer dependencies
2017-01-11 01:43:25 +01:00
Ted Hess e15fc66660 libextractor: Add Debian ffmpeg api updates. Fix gstreamer dependencies
Signed-off-by: Ted Hess <thess@kitschensync.net>
2017-01-10 15:59:19 -05:00
Hannu Nyman 1d8515806a Merge pull request #3762 from diizzyy/patch-10
libs/poco: Use bz2 tarball instead of gz
2017-01-10 22:54:58 +02:00
Daniel Engberg 99a07470e1 libs/poco: Use bz2 tarball instead of gz
Use bz2 instead of gz tarball, saves about 900kbyte in size
Do minor adjustments to download URL

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-10 21:48:37 +01:00