The advantages of using a pre-existing coding style instead of creating
our own are:
- documenting on the manual takes a single sentence;
- there are automatic tools to help during development/review.
So document that PEP8 recommendation should be followed.
Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Samuel Martin <s.martin49@gmail.com> Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 27 Apr 2017 07:37:18 +0000 (09:37 +0200)]
python-django: security bump to version 1.10.7
Fixes the following security issues:
Since 1.10.3:
CVE-2016-9013 - User with hardcoded password created when running tests on
Oracle
Marti Raudsepp reported that a user with a hardcoded password is created
when running tests with an Oracle database.
CVE-2016-9014 - DNS rebinding vulnerability when DEBUG=True
Aymeric Augustin discovered that Django does not properly validate the Host
header against settings.ALLOWED_HOSTS when the debug setting is enabled. A
remote attacker can take advantage of this flaw to perform DNS rebinding
attacks.
Since 1.10.7:
CVE-2017-7233 - Open redirect and possible XSS attack via user-supplied
numeric redirect URLs
It was discovered that is_safe_url() does not properly handle certain
numeric URLs as safe. A remote attacker can take advantage of this flaw to
perform XSS attacks or to use a Django server as an open redirect.
CVE-2017-7234 - Open redirect vulnerability in django.views.static.serve()
Phithon from Chaitin Tech discovered an open redirect vulnerability in the
django.views.static.serve() view. Note that this view is not intended for
production use.
Cc: Oli Vogt <oli.vogt.pub01@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Thu, 27 Apr 2017 12:52:02 +0000 (07:52 -0500)]
package/libqmi: bump version to 1.18.0
udev support was added with this bump, however
the support was disabled, as Buildroot currently
doesn't support the gudev package. libqmi is
looking for the Gobject bindings provided by
that package to access libudev.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2017-0553: An elevation of privilege vulnerability in libnl could enable a
local malicious application to execute arbitrary code within the context of
the Wi-Fi service
Peter Korsgaard [Wed, 26 Apr 2017 21:58:14 +0000 (23:58 +0200)]
tiff: add upstream security fixes
Add upstream post-4.0.7 commits (except for ChangeLog modifications) fixing
the following security issues:
CVE-2016-10266 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_read.c:351:22.
CVE-2016-10267 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_ojpeg.c:816:8.
CVE-2016-10269 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 512" and
libtiff/tif_unix.c:340:2.
CVE-2016-10270 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 8" and
libtiff/tif_read.c:523:22.
CVE-2017-5225 - LibTIFF version 4.0.7 is vulnerable to a heap buffer
overflow in the tools/tiffcp resulting in DoS or code execution via a
crafted BitsPerSample value.
CVE-2017-7592 - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7
has a left-shift undefined behavior issue, which might allow remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image.
CVE-2017-7593 - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata
is properly initialized, which might allow remote attackers to obtain
sensitive information from process memory via a crafted image.
CVE-2017-7594 - The OJPEGReadHeaderInfoSecTablesDcTable function in
tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (memory leak) via a crafted image.
CVE-2017-7595 - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7
allows remote attackers to cause a denial of service (divide-by-zero error
and application crash) via a crafted image.
CVE-2017-7598 - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers
to cause a denial of service (divide-by-zero error and application crash)
via a crafted image.
CVE-2017-7601 - LibTIFF 4.0.7 has a "shift exponent too large for 64-bit
type long" undefined behavior issue, which might allow remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted image.
CVE-2017-7602 - LibTIFF 4.0.7 has a signed integer overflow, which might
allow remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted image.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 26 Apr 2017 12:57:13 +0000 (14:57 +0200)]
icu: add upstream security fix for utf-8 handling
Fixes:
CVE-2017-7867 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_setNativeIndex* function.
CVE-2017-7868 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_moveIndex32* function.
Peter Korsgaard [Wed, 26 Apr 2017 11:52:14 +0000 (13:52 +0200)]
libsndfile: security bump to version 1.0.28
Fixes:
CVE-2017-7585 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()"
function (common.c) when handling ID3 tags can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7741 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with write memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
CVE-2017-7742 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with read memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer
applies. Instead pass --disable-full-suite to disable man pages,
documentation and programs, as that was presumably the reason for the patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 26 Apr 2017 06:48:24 +0000 (08:48 +0200)]
ncftp: use tar.gz to workaround upstream changing tarball post-release
As explained here:
http://lists.busybox.net/pipermail/buildroot/2017-March/185550.html
Upstream has silently updated their 3.2.6 tarball some time between our
version bump in late November and December 4th. The changed tarball also
contains a significant amount of source changes:
Upstream has been contacted to verify if this change was intentional and the
reason why. From the mail:
> Is this update intentional? Why was the tarball regenerated?
Yes.
The old hash was unfortunately already used in the 2017.02 (and .1)
releases, so just changing the hash and updating the tarball on
sources.buildroot.org would break ncftp for users of those releases.
Instead change to use the .tar.gz tarball as suggested by Arnout.
Cc: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Cc: Steve Kenton <skenton@ou.edu> Suggested-by: Thomas Schmitt <scdbackup@gmx.net> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Acked-by: Steve Kenton <skenton@ou.edu> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Tue, 25 Apr 2017 15:35:54 +0000 (17:35 +0200)]
imagemagick: add upstream security fix for CVE-2017-7606
This is not yet part of any release.
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
representable values of type unsigned char" undefined behavior issue, which
might allow remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted image.
For more details, see:
https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 25 Apr 2017 14:16:59 +0000 (16:16 +0200)]
libcroco: add upstream security fixes
These have been added to upstream git after 0.6.12 was released.
CVE-2017-7960 - The cr_input_new_from_uri function in cr-input.c in libcroco
0.6.11 and 0.6.12 allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted CSS file.
CVE-2017-7961 - The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco
0.6.11 and 0.6.12 has an "outside the range of representable values of type
long" undefined behavior issue, which might allow remote attackers to cause
a denial of service (application crash) or possibly have unspecified other
impact via a crafted CSS file.
For more details, see:
https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 25 Apr 2017 13:44:23 +0000 (15:44 +0200)]
python-web2py: security bump to version 2.14.6
CVE-2016-4806 - Web2py versions 2.14.5 and below was affected by Local File
Inclusion vulnerability, which allows a malicious intended user to
read/access web server sensitive files.
CVE-2016-4807 - Web2py versions 2.14.5 and below was affected by Reflected
XSS vulnerability, which allows an attacker to perform an XSS attack on
logged in user (admin).
CVE-2016-4808 - Web2py versions 2.14.5 and below was affected by CSRF (Cross
Site Request Forgery) vulnerability, which allows an attacker to trick a
logged in user to perform some unwanted actions i.e An attacker can trick an
victim to disable the installed application just by sending a URL to victim.
CVE-2016-10321 - web2py before 2.14.6 does not properly check if a host is
denied before verifying passwords, allowing a remote attacker to perform
brute-force attacks.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removing clear and reset from the busybox config when the ncurses tools
are enabled is not really needed.
Since commit 802bff9c42, the busybox install will not overwrite
existing programs. Therefore, the tools will be installed correctly
regardless of the order of the build:
- if busybox is built first, the clear and reset apps are installed,
but they will be overwritten by ncurses;
- if ncurses is built first, it will install the clear and reset apps,
and busybox will no longer install them.
We prefer not to modify the busybox configuration when not strictly
necessary, because it is surprising for the user that his configuration
is not applied. Clearly, it's not ideal that busybox is configured with
redundant apps, but if the user wants to shrink it, it's possible to
provide a custom config.
Removed configure option --with-gpg, it was removed upstream in 2013:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commitdiff;h=02ba35c1b6a2cbb3361b2f2ad507c53564b2be0b#patch3
[Peter: drop comment referring to --with-gpg option] Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Library is licensed under BSD-3-Clause. Some programs are licensed
under GPL-2.0+ while other are BSD-3-Clause. Annotate licenses with
components and improve readability of license strings when
conditionally specifying license for programs using := instead of +=.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
binutils: arc: fix 0301-PATCH-check-ldrunpath-length.patch after version bump
This commit fixes another brown-paper-bag issue that I've introduced by
my following patch:
toolchain: Bump ARC tools to arc-2017.03-rc1
(5f8ef7e25c5cc5c2e4ae4c8b6e8caa029ddf9a94)
arc-2017.03-rc1 differs a bit from 2.28. And so corresponding
of-the-tree patch should be updated appropriately.
libbson is a dependency of the mongo-c-driver that syslog-ng uses. Buildroot
doesn't package mongo-c-driver so syslog-ng uses the bundled one. The bundled
mongo-c-driver in turn may optionally use a bundled libbson. When Buildroot
builds libbson mongo-c-driver detects that and does not configure its bundled
libbson. This breaks the build of the syslog-ng mongodb module because it adds
the bundled libbson to the headers search path.
Adam Duskett [Fri, 21 Apr 2017 15:24:48 +0000 (11:24 -0400)]
package makefiles: clean up backslash spacing.
The check-package script when ran gave warnings on only using
one space before backslashes on all of these makefiles.
This patch cleans up all warnings related to the one space before
backslashes rule in the make files in the package directory.
Signed-off-by: Adam Duskett <aduskett@codeblue.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Carlos Santos [Sat, 22 Apr 2017 11:59:47 +0000 (13:59 +0200)]
e2fsprogs: remove uuidgen support
In fact, uuidgen was never built because we pass --disable-libuuid. So
the option was a NOP.
Remove the license info for libuuid.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
[Arnout:
- do not remove --disable-uuidd - even though that is implied by
--disable-libuuid, it's better to be explicit about it;
- remove license info of libuuid] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
xenomai: add string option for additional configure options
Xenomai has many configure options that users may or may not want to set.
Providing individual Buildroot config options for every single one of them
is not maintainable.
Therefore, add a string option to allow the needed flexibility.
Important options, or those that have 'select/depends on' impact, can still
be turned into real Buildroot config options.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas: rewrap Config.in help text.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add a config option to enable the Xenomai registry, which allows accessing
internal Xenomai state.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas:
- add missing Config.in comment.
- rewrap Config.in help text.
- tweak the .mk file logic for the registry path to avoid the super
long line.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Xenomai 3 installs quite some utils and other programs to the target
filesystem, many of which will not be used by most users.
As it is currently unclear which utils are effectively useful, and as it is
undesirable to create config options for each individual util, remove all
remaining utils such that only the Xenomai libraries remain.
At the point it becomes clear that certain utils _are_ desired by some
users, we can identify how to group them in relevant config options.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since Xenomai 3, the list of files installed for Analogy is longer, causing
the extra files to remain on the target filesystem even if Analogy is not
selected.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Xenomai has a skin 'Smokey' that Buildroot is currently unaware of, which
means that the associated files are present on target even though most users
will not need them.
Add a config option and associated logic to remove the skin if not selected.
Additionally, fixup order of VxWorks skin removal entry.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
xenomai: group skin selection in separate menu and cleanup
Clarify the Xenomai config options by grouping the skin-related options in a
separate menu.
Additionally:
- update proper capitalization of skin names
- sort entries
- replace 'skin library' by 'skin' to match the terminology in Xenomai
sources
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since the introduction of Xenomai 3, the native skin is dubbed Alchemy.
Update the config menu (but leave the symbol name to avoid hurting existing
users needlessly) and fix the unselected-skin cleanup code.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
0001-nodoc.patch is no longer necessary since a new --disable-doc
configure option has been added by this commit:
https://dev.mutt.org/hg/mutt/rev/b45bfce1bb0e
Use that option and remove the patch. Since we are not patching
Makefile.am we also don't need to autoreconf.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Carlos Santos [Wed, 19 Apr 2017 11:51:52 +0000 (08:51 -0300)]
gtest: fix usage on ARM platforms
Ensure that GTest is compiled with -fPIC to allow linking the static
libraries with dynamically linked programs. This is not a requirement
for most architectures but is mandatory for ARM.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently the check-package script uses many files in the same
directory. This commit keeps the main script in support/scripts/ and
moves the rest into a subdirectory.
The modules were previously prefixed to make it easy to identify which
script they belong to. This is no longer needed when using a
subdirectory, so the prefix is removed.
Note: if this commit is checked out and the script is run, and later on
a previous version is checked out, the file
support/scripts/checkpackagelib/__init__.pyc needs to be manually
removed to prevent Python interpreter to look for checkpackagelib
package when only the checkpackagelib module is available.
Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The removal of the .git dir before creating the tarball is not anymore
just an optimization. It is necessary to make the tarball reproducible.
Also, without the removal, large tarballs (gigabytes) would be created
for some linux trees.
The latest docker-engine release changes the vendor tree slightly. The
Go tool will recognize a ./vendor directory and use it as a vendor tree
automatically, but only when run inside a valid GOPATH. This patch
adjusts how the GOPATH is built - now docker/docker is linked into a
blank tree, and the Go tool recognizes the ./vendor directory correctly.
Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
board/synopsys: remove patch for linux vdk defconfig
The patch for linux vdk defconfig introduced ARC_SMP_HALT_ON_RESET
config symbol. In fact that is not required as this symbol is enabled by
default if ARC_UBOOT_SUPPORT config symbol is set (and it is set in
vdk configs).
Also this commit fixes build failure, pointed us by Arnout:
https://gitlab.com/buildroot.org/buildroot/builds/14419270
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
support/test-pkg: calculate toolchain name only once
The toolchain name was calculated in main() for reporting to the user,
and again in build_one() for creating the build directory. Calculate
it only once, in main(), and pass the build directory as an argument
to build_one().
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/libunwind: disable for x86 with uClibc toolchain
libunwind use sigreturn() while building for x86 [1] but this function
is not available with uClibc-ng.
This throw a warning during libunwind build:
In file included from x86/Los-linux.c:4:0:
x86/Gos-linux.c: In function ‘_ULx86_local_resume’:
x86/Gos-linux.c:298:7: warning: implicit declaration of function ‘sigreturn’ [-Wimplicit-function-declaration]
sigreturn (sc);
^
But any program trying to link against libunwind-generic.so fail to build:
[...]usr/lib/libunwind-generic.so: undefined reference to `sigreturn'
collect2: error: ld returned 1 exit status
Disable libunwind for x86 target when uClibc-ng is used.