Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b67b65b3bab01f8dc3b06a3af69bdc8537b55ed8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Thu, 15 Mar 2018 18:06:19 +0000 (20:06 +0200)]
libcurl: security bump to version 7.59.0
CVE-2018-1000120: curl could be fooled into writing a zero byte out of
bounds when curl is told to work on an FTP URL with the setting to only
issue a single CWD command, if the directory part of the URL contains a
"%00" sequence.
https://curl.haxx.se/docs/adv_2018-9cd6.html
CVE-2018-1000121: curl might dereference a near-NULL address when
getting an LDAP URL.
https://curl.haxx.se/docs/adv_2018-97a2.html
CVE-2018-1000122: When asked to transfer an RTSP URL, curl could
calculate a wrong data length to copy from the read buffer.
https://curl.haxx.se/docs/adv_2018-b047.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf3476e5b1527ac91c0a12949be7da5253ea66c1) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 12 Mar 2018 22:36:03 +0000 (23:36 +0100)]
pkg-virtual.mk: explicitly set <pkg>_VERSION / _SOURCE for robustness
Recently a build failure was reported which was traced back to to the fact
that the user had a TOOLCHAIN_VERSION environment variable set which leads
to a strange looking error message:
toolchain/toolchain/toolchain.mk:40: *** TOOLCHAIN_SITE cannot be empty when
TOOLCHAIN_SOURCE is not. Stop.
Environment variables automatically gets converted to make variables by GNU
make - E.G. from the manual
(https://www.gnu.org/software/make/manual/html_node/Environment.html):
Variables in make can come from the environment in which make is run. Every
environment variable that make sees when it starts up is transformed into a
make variable with the same name and value
So we end up in make with TOOLCHAIN_VERSION set to the value of the
environment variable. As virtual packages do not have a version, there is
no explicit TOOLCHAIN_VERSION = .. line in toolchain.mk overriding this
value, and the logic in package/pkg-generic.mk sets a default value for
TOOLCHAIN_SOURCE when TOOLCHAIN_VERSION is set, and finally errors out as
TOOLCHAIN_SITE isn't set.
As a workaround, explicitly set <pkg>_VERSION and <pkg>_SOURCE to the empty
string in the virtual package infrastructure.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 32d2de2a6fb823a8eacb02d203b260c729522837) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2018-1057: Authenticated users might change any other users'
passwords, including administrative users and privileged service
accounts (eg Domain Controllers).
Baruch Siach [Tue, 13 Mar 2018 12:54:01 +0000 (14:54 +0200)]
uclibc-ng-test: fix build with musl and older kernel headers
musl libc provides its own system call macros, including
preadv2/pwritev2. Having these macros defined is not enough to determine
availability of other related macros in kernel headers.
Jan Kundrát [Mon, 12 Mar 2018 18:41:00 +0000 (19:41 +0100)]
cmake: Fix RPATH for host libraries built by CMake
The host shared libraries produced by CMake were missing a proper
DT_RPATH. That became a problem because the DT_RPATH handling is not
transitive by design.
Consider the following scenario:
- pkg-a provides a library (`liba`) which links to `libpcre`
- pkg-b provides a binary (`foo`) and a shared library (`libb`) which is
needed by that binary
- `libb` links to `liba`
- pkg-a and pkg-b are both built by CMake
In this scenario, `foo` is correctly marked with DT_RPATH pointing to
host/lib/, but that path is not used when (recursively) resolving PCRE's
symbols in `liba`. When attempting to run the `foo` binary, the linker
correctly finds both `liba` and `libb`, but it cannot find the
libpcre.so as built by Buildroot for host.
Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz> Reviewed-by: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7d43534625ac06ae01987113e912ffaf1aec2302) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Martin Bark [Thu, 8 Mar 2018 16:16:41 +0000 (16:16 +0000)]
package/libhttpparser: bump version to 2.8.0
Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4a646da62850a6e4e38d422988e1c5bd123943cd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Martin Bark [Thu, 8 Mar 2018 16:16:40 +0000 (16:16 +0000)]
package/c-ares: bump version to 1.14.0
Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 103855a2e0ef04851cd460176c31393589ceb1de) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Martin Bark [Thu, 8 Mar 2018 16:16:39 +0000 (16:16 +0000)]
package/libuv: bump version to 1.19.2
Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2d2dbca68b32ec040ecd00728f3e2b9bfc484222) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Stefan Becker [Mon, 12 Mar 2018 12:34:09 +0000 (14:34 +0200)]
uboot: fix build for older uboot source trees
The change in commit bf733342324b414a1142b57781504111f81c97ea only works
for newer uboot source trees. Add a check that scripts/dtc/libfdt
directory exists before making this change.
[Peter: add comment explaining why] Signed-off-by: Stefan Becker <chemobejk@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f437bf547ca44849db4578c31707afdd96b85018) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
docker-proxy is needed by docker-engine at runtime, and was
previously not included. This leads to the following error
when attempting to port-map ports to a container:
$ docker run -p 8080:8080 nginx
docker: Error response from daemon: driver failed programming external
connectivity on endpoint:
exec: "docker-proxy": executable file not found in $PATH.
Docker expects the docker-proxy binary to exist in the PATH.
Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8d125cd9f646420467aa1426ebb45078eb815ef7) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add docker-proxy package to Buildroot. Needed by docker-engine at
runtime, and previously not included. This leads to the following error
when attempting to port-map ports to a container:
$ docker run -p 8080:8080 nginx
docker: Error response from daemon: driver failed programming external
connectivity on endpoint:
exec: "docker-proxy": executable file not found in $PATH.
Docker expects the docker-proxy binary to exist in the PATH.
Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 81750410033ab5ebeec8257d80297f05e9534f36) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vivien Didelot [Mon, 5 Mar 2018 17:15:05 +0000 (12:15 -0500)]
DEVELOPERS: add myself as the ts5500 maintainer
Add a new entry for myself listing the TS-5500 board directory and
defconfig file.
Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 79586d2ed5c47a59a3142678e9c414c74589194f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vivien Didelot [Mon, 5 Mar 2018 17:15:04 +0000 (12:15 -0500)]
board/technologic/ts5x00: rename to ts5500
Rename the confusing and misleading ts5x00 directory to a real reference
platform name, ts5500. The readme.txt file already states the support
for both TS-5500 and TS-5400 platforms.
Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9f17540b170395d5c29eb111bfcacdb2540a2fb0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vivien Didelot [Mon, 5 Mar 2018 17:15:03 +0000 (12:15 -0500)]
board/technologic/ts5x00: bump kernel to 4.14
Bump the 3.17 kernel used for the Technologic Systems TS-5500 platform
to the latest LTS kernel 4.14.
This fixes the ts5x00_defconfig build with GCC 6.x.
The linux-3.17.config file has been renamed to linux-4.14.config to
match the new kernel version, and its changes are the result of make
linux-update-defconfig. However only comments are affected.
Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6461d76992ec2ceffabd7a5ccb59bb707ea2cb0a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
uboot-tools: backport patch fixing build failure with libfdt-devel installed
U-Boot host programs fail to build when libfdt-devel is installed
system-wide, with errors like this:
HOSTCC tools/aisimage.o
In file included from tools/../include/../lib/libfdt/libfdt.h:10:0,
from tools/../include/libfdt.h:1,
from tools/fdt_host.h:11,
from tools/imagetool.h:24,
from tools/aisimage.c:8:
/usr/include/libfdt_env.h:70:30: error: conflicting types for ‘fdt64_t’
typedef uint64_t FDT_BITWISE fdt64_t;
^~~~~~~
In file included from <command-line>:0:0:
././include/libfdt_env.h:19:16: note: previous declaration of ‘fdt64_t’ was here
typedef __be64 fdt64_t;
^~~~~~~
In file included from ././include/libfdt_env.h:12:0,
from <command-line>:0:
/usr/include/libfdt_env.h:90:24: error: expected ‘)’ before ‘x’
static inline uint32_t fdt32_to_cpu(fdt32_t x)
^
This commit backports an upstream patch that fixes this problem.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1cbfc94c5a0ac4120925aa8c7337eb7957dc4678) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
uboot: fix build when libfdt-devel is installed system-wide
When libfdt-devel is installed system-wide, the build of U-Boot host
programs currently fails with lots of:
HOSTCC tools/aisimage.o
In file included from tools/../include/../lib/libfdt/libfdt.h:10:0,
from tools/../include/libfdt.h:1,
from tools/fdt_host.h:11,
from tools/imagetool.h:24,
from tools/aisimage.c:8:
/usr/include/libfdt_env.h:70:30: error: conflicting types for ‘fdt64_t’
typedef uint64_t FDT_BITWISE fdt64_t;
^~~~~~~
In file included from <command-line>:0:0:
././include/libfdt_env.h:19:16: note: previous declaration of ‘fdt64_t’ was here
typedef __be64 fdt64_t;
^~~~~~~
In file included from ././include/libfdt_env.h:12:0,
from <command-line>:0:
/usr/include/libfdt_env.h:90:24: error: expected ‘)’ before ‘x’
static inline uint32_t fdt32_to_cpu(fdt32_t x)
^
This commit adds a fixup in the U-Boot code to fix this problem. The
fixup is equivalent to applying upstream commit
http://git.denx.de/?p=u-boot.git;a=commitdiff;h=e0d20dc1521e74b82dbd69be53a048847798a90a,
but we can't use a patch for the uboot package, since people are using
arbitrary versions.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf733342324b414a1142b57781504111f81c97ea) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Martin Bark [Thu, 8 Mar 2018 16:16:38 +0000 (16:16 +0000)]
package/nodejs: bump version to 8.10.0
See https://nodejs.org/en/blog/release/v8.10.0/
Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit df33aae5f59eaaf40e800acdfefc83e57216ffe8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f124c2f0765b1098f86cca71f2df18d1788cba57) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Timo Ketola [Thu, 8 Mar 2018 10:42:33 +0000 (12:42 +0200)]
fbgrab: Fix some problems in the patch metadata
The patch description was missing Upstream-Status tag. It was given in the
commit which added this patch but not in the patch itself as should be.
Signed-off-by tag accidentally didn't follow the usual format.
Signed-off-by: Timo Ketola <timo.ketola@exertus.fi> Reviewed-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1a0b4b2be2c76b836f4461fcf59f5e95dcd8549b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Timo Ketola [Thu, 8 Mar 2018 08:28:37 +0000 (10:28 +0200)]
DEVELOPERS: Add myself as a maintainer of fbgrab
Daniel's address is bouncing and my touch on fbgrab is now the most
recent one.
Signed-off-by: Timo Ketola <timo.ketola@exertus.fi> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8ea3dd2d6258cabecaa5796d58bce31d94abe056) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Timo Ketola [Thu, 8 Mar 2018 07:22:05 +0000 (09:22 +0200)]
fbgrab: add patch fixing pixel format report
When verbosive, fbgrab reports pixel format. Green and blue offset and
msb_right fields are accidentally swapped there. This commit adds a patch
which straightens them up.
Signed-off-by: Timo Ketola <timo.ketola@exertus.fi> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5be0b3440e81aa364fb337b5e981f3396bdf8e02) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Wed, 7 Mar 2018 21:51:24 +0000 (22:51 +0100)]
support/check-bin-arch: exclude kernel modules for merged /usr
When using a merged /usr, the kernel module path is really
/usr/lib/modules, as /lib is a symlink to usr/lib .
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1b9a57442d0a234b03585235f516d755372f29b3) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some packages (mostly, out-of-tree) may want to install binary blobs for
another architecture, outside the locations we currently exclude, like
in /opt or whatever...
Add support in check-bin-arch to accept any arbitrary location, that
individual package can each request to excude from the check, when they
are installed.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 01d90f0d093ff16ab3c1a9466430cee6fb7842d8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This defconfig fails to build with gcc 6.x, even though we switched to
using gcc 6.x as the default gcc version in May 2017.
It hasn't been updated since April 2017, and the original submitter,
Fabio Porcedda said:
Unfortunately a newer kernel doesn't boot and I don't have the time
to fix the issue. If having a defconfig that doesn't build on gcc
6.x is unacceptable feel free to remove it.
So, let's get rid of this defconfig, which will remove the following
build error:
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 13fb1c49128d4c039fc23fcf32317008862f8b4b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 6 Mar 2018 15:46:51 +0000 (16:46 +0100)]
linux: Config.in: correct typo in kernel compression format help text
s/build/built/.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d233cc72c4b901f1ea0ae4ce895ff665bd0b78d9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Wed, 7 Mar 2018 06:59:41 +0000 (08:59 +0200)]
ntp: fix build without SSP support
In version 4.2.8p11 ntp changed its configure script build hardening
parameter to '--with-hardenfile'. Update the parameter name to avoid
-fstack-protector-all when the toolchain does not support this option.
Baruch Siach [Tue, 6 Mar 2018 17:00:47 +0000 (19:00 +0200)]
ntp: security bump to version 4.2.8p11
Fixed or improved security issues:
CVE-2016-1549 (fixed in 4.2.8p7; this release adds protection): A
malicious authenticated peer can create arbitrarily-many ephemeral
associations in order to win the clock selection algorithm
CVE-2018-7182: Buffer read overrun leads to undefined behavior and
information leak
configs/ts4900: explicitly specify Linux kernel version
The ts4900 defconfig currently fails to build because it selects
kernel headers 4.12, but doesn't specify a kernel version, and
therefore 4.15 is built causing the following error:
Incorrect selection of kernel headers: expected 4.12.x, got 4.15.x
In commit 7c3a7d808e751d4b608a4c50a0ae4d13dedebab7 ("configs/ts4900:
bump kernel version to 4.12"), when this defconfig was switched from
using a vendor provided kernel to the mainline kernel, the kernel
version was no longer explicitly specified.
Since this commit indicated 4.12, and the kernel headers version
selected is also 4.12, we also use that as the fixed kernel version.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a3f2e977cdda32ceea9b6e445066fc9d1ab2bdd2) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 41dca854e641044a01402897a34518c4cab5095a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b732fed265203a6c112007982c1ea601892f900f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e9151fd0be5369302933c9f0f26f97008786552d) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 63bab546562bf69add47f01ea9c6f361d7b8f041) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 770a75600ccfa0be6ec783340c2cd6cc9cfa3a72) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3575f84c4e53964fc0ffb53ec7eca362c1c3973e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3982d28cfbdcaf34a844fdce63ef68634adcf79f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d329ec701e1c78171528139c0c6757cdca18e94d) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 11f07c20081fdbac6b56f81b7d03b717184fda30) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ddbfee735e9bf13ebe6bec28790d18579ec37837) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e929742b84651ffee8a81a1bfe014a0c9772ebf4) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5dac3b9b8d72ea2b4aa264bfaa54e41f32595009) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit da9678f426e6664b6839e180dcc374dae2830f34) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 53f0ffe34a05394e4135c81ca2622be5b8741c79) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bc575cf9de36750f76a232493508f63c3c18979e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 661c81b2fe8e349b83c05c60b1489eacbd47f212) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a645de1362a16e89430b39f6a31049a3fdbc9f57) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
configs/qemu_x86_defconfig: remove kernel options that need openssl
Wireless support ends up enabling CONFIG_SYSTEM_TRUSTED_KEYRING, which
requires openssl to be available on the host, so disable wireless
support, which isn't needed in Qemu.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5c5f1b07434a1d17cace941ffcec791f3633b5ea) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
configs/qemu_x86_64_defconfig: remove kernel options that need openssl/libelf
The ORC unwinder requires libelf to be available on the host, so use
the frame pointer unwinder instead. Using the frame pointer unwinder
is probably good enough in our default Qemu configurations.
Wireless support ends up enabling CONFIG_SYSTEM_TRUSTED_KEYRING, which
requires openssl to be available on the host, so disable wireless
support, which isn't needed in Qemu.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 248161d6faedc928a49391dccf9f4e39838ef73e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some Linux kernel configuration options (such as CONFIG_UNWINDER_ORC)
require building a host program that needs libelf.
Users who have libelf installed on their system won't see a problem,
but users who don't have libelf installed will get a build
failure. Therefore, this commit adds an option that allows a user to
indicate that his Linux kernel configuration requires libelf. When
this option is enabled, we add host-elfutils to the dependencies of
the linux package (host-elfutils provides the libelf library).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f7cd72b3d4e2b1d993c293e355e350bedbed4eab) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some Linux kernel configuration options (such as
CONFIG_SYSTEM_TRUSTED_KEYRING) require building a host program called
extract-cert, which itself needs OpenSSL.
Users having OpenSSL installed on their system won't see a problem,
but users who don't have OpenSSL installed will get a build
failure. This commit adds a new option that allows users to indicate
that their Linux configuration requires building host-openssl.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 93a7edf4bc9bfcf821f608815870d06198eb2adf) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We were passing HOSTCFLAGS="$(HOSTCFLAGS)" to Linux. However:
- HOSTCFLAGS in Buildroot doesn't exist, and is empty, so this
assignment never did anything. The name of the variable in
Buildroot in HOST_CFLAGS.
- HOSTCFLAGS in Linux isn't used everywhere, and passing it overrides
the default HOSTCFLAGS value defined in the main Linux kernel
Makefile.
In addition, there is no way to pass additional host LDFLAGS in the
Linux kernel build system.
Therefore, we simply shoehorn our HOST_CFLAGS and HOST_LDFLAGS while
passing HOSTCC to the Linux kernel build system. This has been tested
to work fine with host OpenSSL and host libelf only available in
$(HOST_DIR).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Tested-by: Frank Hunleth <fhunleth@troodon-software.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dde090c299b0357fdb1a4ec44ad8d332ac57f65e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Mon, 5 Mar 2018 02:47:00 +0000 (20:47 -0600)]
freescale_p1010rdb_pa_defconfig: remove board
This defconfig currently doesn't build with GCC6 (Linux 4.1).
https://gitlab.com/buildroot.org/buildroot/-/jobs/55306827
A maintainer w/board isn't available to make updates, so removing
this config.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9f13f8c2374e8240c1b85c702257341df80bd797) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b0fd706c2fe77157ec9d157568acf535d7d8daca) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 49d2638276e2d464e016effa1f95a15545cf9208) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In addition, the U-Boot build had already been removed in commit 12c01e4a05c8e4f4e0c4e8b74fac7824efdc8b41
("configs/freescale_mpc8315erdb: remove U-Boot build"), back in
October 2016, and nobody bothered fixing it.
This defconfig was originally contributed and maintained by Gustavo
Zacarias, but he is no longer active in Buildroot, and nobody
expressed interest in this defconfig, so let's get rid of it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f08dd9f4cbba2b88fe62e68c37e49fba4e3895c9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Mon, 26 Feb 2018 17:47:21 +0000 (18:47 +0100)]
package/linux: drop useless intermediate DTS booleans
Just use whatever the user specified in the list. An empty list means no
DTS was specified.
No need to add legacy option, as the behaviour does not change.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Simon van der Veldt <simon.vanderveldt@gmail.com> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Tested-by: Joshua Henderson <joshua.henderson@microchip.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f142f23ecf9ee69326fd6a4387133443513afdd2) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For some boards, for example the Raspberry Pi, it's necessary to build
in-tree dts files as well as custom/out of tree dts-files (dt-blob.bin).
The existing logic made these two options exclusive, this commit changes
that to allow both in-tree as well as custom sources for dts files.
Signed-off-by: Simon van der Veldt <simon.vanderveldt@gmail.com>
[Arnout: re-wrap help, add extra empty line, change = into +=] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 382fe9f9261812682eab2d35e47aa94dc554380e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The musl/kernel headers workaround was added in commit 196932cd91
(toolchain: workaround musl/kernel headers conflict) to fix definition
collisions in networking related headers between musl headers and kernel
headers. Kernel headers from version 4.15 and newer do not need this
workaround anymore since kernel commit c0bace798436bc (uapi libc compat:
add fallback for unsupported libcs). The C library does not have to
define the __GLIBC__ macro to make the __UAPI_DEF_* macros effective.
Updated the comment to accordingly.
Tested with the xl2tp package. This package fails to build with older
kernel headers without the workaround (struct in_pktinfo redefinition,
among others). With 4.15 headers, xl2tp builds fine with this patch
applied. That is, no workaround needed.
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6afee03e3cc3b9afa4861cc0a9bbc6be03a16be8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 13 Feb 2018 12:27:49 +0000 (14:27 +0200)]
musl: add more kernel headers guards
Kernel version 4.15 (not 4.16 as the musl commit log claims) allows
disabling of more parts of the kernel headers definitions. Add upstream
musl patch that defines the relevant macros. This solves issues of
networking related symbols redefinition in kernel headers that cause
headers conflicts. With that in place a subsequent commit will limit the
musl/kernel headers conflict avoidance workaround in Buildroot to kernel
headers older than 4.15. This workaround has been introduced in commit 196932cd91 (toolchain: workaround musl/kernel headers conflict).
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b99ca5ce3243cf06c45917bd07872aaf00d25e0a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is no reason to have a BR2_JLEVEL option in such toolchain
defconfigs.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 14fdb63804f1548b5d1ab9598100c7f103d4512d) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
support/config-fragments: add internal defconfigs for glibc and musl
While we have several defconfigs building internal toolchains with
uClibc, we don't have any building internal toolchain with glibc and
musl. However, having such defconfigs is nice when we bump the C
library version, in order to immediately get feedback on build
failures.
Note that while the ARC internal defconfig uses glibc, it uses the
special ARC glibc version, so it doesn't test version bumps of the
upstream glibc C library.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6030986311434d554635761925925bfd351b836b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 4 Mar 2018 17:06:16 +0000 (18:06 +0100)]
package/skeleton-systemd: invert factory logic
Currently, we handle the factory by redirectoring /var with a symlink at
build time, and with some trickery during the filesystem generation,
depending on whether we need to remount the filesystem read-write or
not.
However, this is causing quite some pain with the latest systemd, now that
they have moved their dbus socket to /run instead of /var/run.
As such, trying to play tricks with /var/run as a symlink is difficult,
because at times it is in .usr/share/factory/var/run (during build) and
then it is in /var/run (at runtime). So a relative symlink is not
possible. But an absolute symlink is not possible either, because we are
installing out-of-tree.
Oh the joys of cross-compilation... :-)
We fix all this mess by making /var a real directory from the onset, so
that we can use the runtime-expected layout even during the build.
Then, during filesystem generation, we move /var away to the factory,
and populate it as we used to do. This still requires a post-fs hook to
restore /var after the filesystem generation.
This leaves a situation that, should the filesystem generation fails,
/var will be left in an inconsistent state. But that is not worse than
what we already had anyway.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Trent Piepho <tpiepho@impinj.com> Cc: Adam Duskett <aduskett@gmail.com> Cc: Romain Naour <romain.naour@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Trent Piepho [Sun, 4 Mar 2018 17:06:15 +0000 (18:06 +0100)]
package/skeleton-init-systemd: work around for /var/lib not populating
When using a RO root with systemd, it is intended that /var/lib should be
populated at boot time by tmpfiles system mirroring it from
/usr/share/factory/var/lib.
However, this will only happen if /var/lib does not already exist at the
time systemd-tmpfiles runs. If it does exist, then tmpfiles will
(silently) skip it and do nothing.
It turns out /var/lib will exist, because some part of systemd creates
/var/lib/systemd/catalog on boot before tmpfiles runs.
The fix used here is to also create tmpfiles entries for the contents of
/var/lib/* and /var/lib/systemd/*. This way, when those directories
already exist, the entire tree is not skipped and instead the
not-yet-existing contents of /var/lib and /var/lib/systemd will be still
be mirrored from the factory dir.
And if /var/lib/systemd, or a prefix of that, stops getting created and
does not exist, it'll still mirror properly.
It does cause some warnings from systemd:
systemd[1]: Starting Create Volatile Files and Directories...
systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:7] Duplicate line for path "/var/lib/systemd", ignoring.
systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:8] Duplicate line for path "/var/lib/systemd/coredump", ignoring.
But they can be ignored.
IMHO, I think a better solution would be for systemd-tmpfiles to gain a
"merge tree" operation that is like "C" but doesn't abort if the
destination exists, but rather merges the source into it.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
[yann.morin.1998@free.fr: slight rework of commit title] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Tested-by: Adam Duskett <aduskett@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 4 Mar 2018 10:29:06 +0000 (11:29 +0100)]
core: drop no-longer used C.UTF-8 locale option
Its use has been globbed into the more generic
BR2_NEEDS_HOST_UTF8_LOCALE option now.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Julius Kriukas <julius@kriukas.lt> Cc: Christian Stewart <kidovate@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 4 Mar 2018 10:29:05 +0000 (11:29 +0100)]
package/systemd: needs any UTF-8 locale
Not all distributions have the language-agnostic C.UTF-8 locale (Gentoo,
I'm frowning at you!).
Instead, use any UTF-8 locale provided by the system.
Reported-by: Christian Stewart <kidovate@gmail.com> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Julius Kriukas <julius@kriukas.lt> Cc: Christian Stewart <kidovate@gmail.com> Cc: Trent Piepho <tpiepho@impinj.com> Cc: Adam Duskett <aduskett@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 4 Mar 2018 10:29:04 +0000 (11:29 +0100)]
core: find a host UTF-8 locale
Some packages really want to use an UTF-8 locale, or they break.
However, there is no guarantee that any given locale is available on a
system. For example,, while most mainstream distros (Debian and
derivatives, Fedora...) do have the generic, language-agnostic C.UTF-8
locale, Gentoo does not provide it.
So, find the first UTF-8 locale available on the system, and take any
that is available. We however do favour using the user-set current
locale, then using the language-agnostic C.UTF-8, and eventually any
random UTF-8 locale.
Note: we only need to enforce LC_ALL, because setting it implies
everything else:
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
"""
1. If the LC_ALL environment variable is defined and is not null,
the value of LC_ALL shall be used.
"""
[Peter: use same regexp as in dependencies.sh] Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 4 Mar 2018 10:29:03 +0000 (11:29 +0100)]
support/dependencies: unbreak check for UTF-8 locale
Although the UTF-8 locales in mainstream distributions all are suffixed
with just 'utf8', the nomenclature is a bit ambiguous with the way they
are to be specified with the various LC_* variables, suffixed there with
'UTF-8'.
Also, POSIX, ISO, and IEC do not enforce any specific suffix in LC_*
variables:
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
"""
If the locale value has the form:
language[_territory][.codeset]
it refers to an implementation-provided locale, where settings of
language, territory, and codeset are implementation-defined.
"""
To avoid any confusion, use a regexp that is a bit more lax when
matching locales.
Also, quote the regexp, so that the '?' and '$' are not interpreted by
the shell.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sat, 3 Mar 2018 16:55:56 +0000 (17:55 +0100)]
package/systemd: create groups required for udevd
udevd needs extra groups for its bundled rules:
Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'render' unknown
Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'kvm' unknown
Add those missing groups.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Julius Kriukas <julius@kriukas.lt> Cc: Trent Piepho <tpiepho@impinj.com> Cc: Adam Duskett <aduskett@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: add upstream submission link as suggested by Baruch] Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Sat, 3 Mar 2018 19:43:56 +0000 (21:43 +0200)]
dhcp: add upstream security fixes
CVE-2018-5732: The DHCP client incorrectly handled certain malformed
responses. A remote attacker could use this issue to cause the DHCP
client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated
by the dhclient AppArmor profile.
CVE-2018-5733: The DHCP server incorrectly handled reference counting. A
remote attacker could possibly use this issue to cause the DHCP server
to crash, resulting in a denial of service.
Both issues are fixed in version 4.4.1. But we are close to release, so
backport the fixes instead of bumping version.
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qemu-system-ppc64le doesn't necessarily exist: it isn't installed by
Qemu, and only created as a symlink to qemu-system-ppc64 by some
distributions (Ubuntu). Other distributions (Fedora) just have
qemu-system-ppc64.
But qemu-system-ppc64 is capable of running little-endian PPC64
systems, so use this one instead.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
support/dependencies/dependencies.sh: check for Python argparse module
The script support/scripts/check-uniq-files uses the argparse Python
module. In most recent Python versions (starting with 2.7), the
argparse module is part of the standard library, and we already check
for the availability of Python in
support/dependencies/dependencies.sh.
However, when running on an ancient distribution with Python 2.6, the
argparse module is not part of the Python standard library, but
available as an external module. Without this module, the build fails,
because check-uniq-files, which is used in target-finalize, fails to
run.
To avoid this failure, this commit adds a check in
support/dependencies/dependencies.sh to verify that the argparse
module is available.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>