Chris Lesiak [Tue, 23 Jan 2018 23:15:58 +0000 (17:15 -0600)]
package/systemd: Set fallback hostname
When BR2_TARGET_GENERIC_HOSTNAME is set, use the config option
--with-fallback-hostname to specify the fallback hostname to use
if none is configured in /etc/hostname. This is useful in a
pristine installation with an empty /etc.
Signed-off-by: Chris Lesiak <chris.lesiak@licor.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Chris Lesiak [Tue, 23 Jan 2018 23:13:50 +0000 (17:13 -0600)]
Makefile: Store OS release in /usr/lib/os-release
It is recommended that vendor trees store OS release information
in /usr/lib/os-release and that /etc/os-release should be a relative
symlink to /usr/lib/os-release.
Matt Weber [Wed, 24 Jan 2018 04:09:41 +0000 (22:09 -0600)]
security hardening: add RELFO, FORTIFY options
This enables a user to build a complete system using these
options. It is important to note that not all packages will
build correctly to start with.
Modeled after OpenWRT approach
https://github.com/openwrt/openwrt/blob/master/config/Config-build.in#L176
A good testing tool to check a target's elf files for compliance
to an array of hardening techniques can be found here:
https://github.com/slimm609/checksec.sh
[Peter: reword fortify help texts, glibc comment] Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: add license hash, install in /usr/sbin, tweak help text] Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: add host-pkgconf to dependencies] Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Fri, 19 Jan 2018 13:59:29 +0000 (14:59 +0100)]
package/physfs: needs threads support
When physfs is built for a Linux system the PHYSFS_PLATFORM_POSIX (which
enable code that use pthread_*()) symbol must be defined, so threads support
is required. The physfs build system used by the previous version didn't
correctly set PHYSFS_PLATFORM_POSIX for system without pthread support.
Carlos Santos [Fri, 26 Jan 2018 10:21:57 +0000 (08:21 -0200)]
hwdata: bump to version 0.308
The hwdata collection is hosted at GitHub now and provides additional
databases, besides pci.ids and usb.ids:
- Individual Address Block (IAB) and Organizationally Unique Identifier
(OUI) databases, from IEEE Registration Authority
- PNP ID database (from Microsoft)
Install only pci.ids and usb.ids by default, to keep compatibility with
previous versions.
In the future we can make other packages (pciutils, lshw) use the common
files instead of installing their own copies, thus saving some storage
space.
[Peter: drop BR2_PACKAGE_HWDATA_ANY and build time error, rework install step] Signed-off-by: Carlos Santos <casantos@datacom.ind.br> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Wed, 24 Jan 2018 22:00:29 +0000 (23:00 +0100)]
swupdate: add upstream patch to fix build error
When building SWUpdate with the following defconfig:
```
CONFIG_DOWNLOAD=y
```
.. the build process breaks with:
```
corelib/channel_curl.c:27:10: fatal error: json-c/json.h: No such file or directory
#include <json-c/json.h>
```
Looking at the SWUpdate Kconfig based build system shows that `CONFIG_DOWNLOAD`
depends on `HAVE_LIBCURL`, which selects CURL, which eventually enables the
(unnecessary) build of channel_curl.o.
The upstream fixes the condition for building channel_curl.o by adding a new
hidden config option `CHANNEL_CURL`, which is only selected by the
dependent options.
Yegor Yefremov [Fri, 26 Jan 2018 12:54:06 +0000 (13:54 +0100)]
scanpypi: ignore empty elements in package requirements
Depending on how setup.py reads requirements files empty elements can occur.
This patch takes care, that such elements will be ignored and don't crash
the scanpypi script.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com> Tested-by: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Carlos Santos [Fri, 26 Jan 2018 00:16:52 +0000 (22:16 -0200)]
util-linux: disable useless programs in the host package
Disable all programs that depend on ncurses, as well as utilities that
are useless on the host: agetty, chfn-chsh, chmem, login, lslogins,
mesg, more, newgrp, nologin, nsenter, pg, rfkill, schedutils, setpriv,
setterm, su, sulogin, tunelp, ul, unshare, uuidd, vipw, wall, wdctl,
write, zramctl.
Also add dependency on host-zlib if host cramfs utils are to be built.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE-2018-4088, CVE-2017-13885,
CVE-2017-7165, CVE-2017-13884, CVE-2017-7160, CVE-2017-7153,
CVE-2017-7153, CVE-2017-7161, and CVE-2018-4096. Additionally, it solves
a GStreamer deadlock when stopping video playback, and contains fixes
and improvements for the WebDriver implementation.
SQUID-2018:2 Due to incorrect pointer handling Squid is vulnerable to
denial of service attack when processing ESI responses or downloading
intermediate CA certificates.
Jörg Krause [Thu, 18 Jan 2018 12:51:21 +0000 (13:51 +0100)]
swupdate: add upstream patch to fix musl build issue
Add upstream patch to fix build issue with the musl C library, as musl
does not provide the GNU extension `strndupa()` breaking the build with
an undefined reference:
```
ipc/lib.a(network_ipc.o): In function `ipc_postupdate':
network_ipc.c:(.text.ipc_postupdate+0x39): undefined reference to `strndupa'
```
The upstream patch provides a compatibility header file adding a definition
of `strndupa` if it is not already defined.
Ed Blake [Thu, 18 Jan 2018 18:05:31 +0000 (18:05 +0000)]
rpcbind: Backport fixes to memory leak security fix
Commit 954509f added a security fix for CVE-2017-8779, involving
pairing all svc_getargs() calls with svc_freeargs() to avoid a memory
leak. However it also introduced a couple of issues:
- The call to svc_freeargs() from rpcbproc_callit_com() may result in
an attempt to free static memory, resulting in undefined behaviour.
- A typo in the svc_freeargs() call from pmapproc_dump() causes NIS
(aka ypbind) to fail.
Backport upstream fixes for these issues to version 0.2.3.
Signed-off-by: Ed Blake <ed.blake@sondrel.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thomas Petazzoni [Thu, 18 Jan 2018 11:07:38 +0000 (12:07 +0100)]
cups-filters: needs at least gcc 4.8 for C++11 features
With gcc 4.7, it fails to build with:
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features by default... no
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features with -std=c++11... no
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features with +std=c++11... no
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features with -h std=c++11... no
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features with -std=c++0x... no
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features with +std=c++0x... no
checking whether /home/buildroot/build/instance-0/output/host/bin/powerpc-ctng_e500v2-linux-gnuspe-g++ supports C++11 features with -h std=c++0x... no
configure: error: *** A compiler with support for C++11 language features is required.
Thomas Petazzoni [Thu, 18 Jan 2018 08:48:07 +0000 (09:48 +0100)]
open-lldp: add patch to remove -Werror
-Werror causes a number of build failures with recent versions of gcc
that have additional warnings (turned into error due to -Werror). So
let's remove -Werror.
Thomas Petazzoni [Tue, 16 Jan 2018 22:48:08 +0000 (23:48 +0100)]
toolchain/toolchain-external: libatomic should also be copied for musl toolchains
libatomic, like libgcc_s, is provided by gcc, so there is no reason to
copy it over only for the glibc and uclibc cases, it should also be
copied for the musl case. Without this, a program linked with
libatomic on a musl system will fail to run due to the missing
library.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>