Matt Weber [Thu, 13 Jul 2017 20:00:05 +0000 (15:00 -0500)]
gcc: fix build of libsanitizer in gcc 4.9 and 5.x on PowerPC
libsanitizer in gcc fails to build on PowerPC with gcc versions 4.9
and 5.x used in conjunction with glibc 2.25, with the following error:
../../../../gcc-host/libsanitizer/asan/asan_linux.cc: In function 'bool __asan::AsanInterceptsSignal(int)':
../../../../gcc-host/libsanitizer/asan/asan_linux.cc:222:20: error: 'SIGSEGV' was not declared in this scope
return signum == SIGSEGV && common_flags()->handle_segv;
This commit adds a patch that has been submitted to upstream gcc
(https://patchwork.ozlabs.org/patch/725596/) but not merged. The patch
is no longer needed with gcc 6.x and later because the code has been
reworked.
Fixes Buildroot bug #10061
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: rework commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
board/arcturus/ppc-ucp1020: add patch to fix build with gcc 6.x.
This commit adds a Linux kernel patch to solve a build failure with
the arcturus_ucp1020_defconfig with gcc 6.x:
arch/powerpc/kernel/ptrace.c:407:24: warning: index 32 denotes an offset greater than size of 'u64[32][1] {aka long long unsigned int[32][1]}' [-Warray-bounds]
offsetof(struct thread_fp_state, fpr[32][0]));
^
The patch is upstream in Linux, and can be dropped when
arcturus_ucp1020_defconfig is updated to use a new Linux kernel
version.
Signed-off-by: Oleksandr Zhadan <oleks@arcturusnetworks.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Fri, 14 Jul 2017 13:04:17 +0000 (15:04 +0200)]
package/Makefile.in: export O= to post-build/image scripts for out-of-tree builds
Sometimes it can be interesting to call back into buildroot from a
post-build/image script (E.G. make printvars or similar). For this to work
correctly with out-of-tree builds we need to pass O= to make, but this is
currently not available in the environment of post-build/image scripts.
In concept, O could be derrived from BUILD_DIR (E.G. by stripping /build),
but directly exporting O is cleaner.
O= cannot be exported globally as it interferes with various build systems,
so instead add it to EXTRA_ENV.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The vcdbg utility is linked to a few libraries, which so far were all
provided by the rpi-userland package.
But a not-so-recent bump of rpi-firmware pulled in a vcdbg that is
linked to an additional library, which is not privided by rpi-userland,
so we must install it.
Reported-by: cluelessperson on #buildroot Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The current test fails because of a legacy option, renamed during the
recent ext overhaul.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Sébastien Szymanski <sebastien.szymanski@armadeus.com> Cc: Samuel Martin <s.martin49@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Fri, 14 Jul 2017 14:24:26 +0000 (16:24 +0200)]
tiff: add upstream security fix for CVE-2017-10688
Fixes CVE-2017-10688 - n LibTIFF 4.0.8, there is a assertion abort in the
TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A
crafted input will lead to a remote denial of service attack.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Fri, 14 Jul 2017 09:08:12 +0000 (11:08 +0200)]
nginx: security bump to version 1.12.1
Fixes CVE-2017-7529 - Nginx versions since 0.5.6 up to and including 1.13.2
are vulnerable to integer overflow vulnerability in nginx range filter
module resulting into leak of potentially sensitive information triggered by
specially crafted request.
For more details, see:
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Valery Kholodkov (5):
Added tag for version 2.0.8
Recreated tag for version 2.0.8
Backported to nginx 0.5.37 by Anthony Kholodkov
Updated Changelog
Merge pull request #88 from antonbarinov/2.255
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Martin Bark [Thu, 13 Jul 2017 12:24:31 +0000 (13:24 +0100)]
package/nodejs: security bump to version 8.1.4
Fixes CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet was
crafted in a particular way. This patch checks that there is enough data
for the required elements of an NAPTR record (2 int16, 3 bytes for string
lengths) before processing a record.
See https://nodejs.org/en/blog/release/v8.1.4/
[Peter: add CVE info] Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All versions of Samba from 4.0.0 onwards using embedded Heimdal
Kerberos are vulnerable to a man-in-the-middle attack impersonating
a trusted server, who may gain elevated access to the domain by
returning malicious replication or authorization data.
Samba binaries built against MIT Kerberos are not vulnerable.
CVE-2017-7244 - The _pcre32_xclass function in pcre_xclass.c in libpcre1 in
PCRE 8.40 allows remote attackers to cause a denial of service (invalid
memory read) via a crafted file.
CVE-2017-7245 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 4) or possibly have unspecified
other impact via a crafted file.
CVE-2017-7246 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 268) or possibly have unspecified
other impact via a crafted file.
Thomas Petazzoni [Thu, 13 Jul 2017 17:27:27 +0000 (19:27 +0200)]
python-twisted: add missing dependency on host-python-incremental
The recent change on PYTHONPATH for Python 2.x has revealed a missing
dependency in the python-twisted package. The incremental Python
module is listed in both setup_requires and install_requires, so we
must depend on both its target *and* host variants.
Thomas Petazzoni [Wed, 12 Jul 2017 16:28:01 +0000 (18:28 +0200)]
python: remove target Python packages from PYTHONPATH
We currently have
$(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages/
inside the PYTHON_PATH variable, which gets used to define PYTHONPATH,
passed to the host Python interpreter when building/installing target
packages.
However, this is terribly wrong, as it causes the host interpreter to
potentially import target Python packages. This is wrong for several
reasons:
- Some Python packages might need some Python modules to be installed
on the host (described in setup_requires in setup.py), but their
installation currently works because by luck the corresponding
Python module is installed for the target. Some of those cases were
happening for real, and fixed by previous patches.
- Some Python packages include some native code, therefore built for
a specific CPU architecture. When you point the host Python
interpreter to native libraries built for the target, you get nice
build failures, such as the one affecting the python-cffi related
packages.
Making this change allows to fix the python-cffi related build
failures:
Thomas Petazzoni [Wed, 12 Jul 2017 16:28:00 +0000 (18:28 +0200)]
python-treq: needs host-python-incremental
The python-treq package lists the incremental Python module as part of
its setup_requires variable in setup.py, so it must be added as a host
dependency of the python-treq package to avoid build failures.
So far, this issue wasn't visible because python-treq selects
python-twisted, which itself selects the target python-incremental
package. Because python-incremental was before python-treq in the
alphabetic ordering, it was always built before python-treq. And due
to the fact that PYTHONPATH currently contains the directory with
target Python modules, the host Python interpreter was happily using
the target python-incremental while running on the host. But as we are
going to clean up PYTHONPATH, this will no longer be the case, and
hence python-treq needs to be fixed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thomas Petazzoni [Wed, 12 Jul 2017 16:27:58 +0000 (18:27 +0200)]
python-json-schema-validator: needs versiontools on the host
python-json-schema-validator does not need versiontools on the target,
but only on the host, as it's listed in setup_requires in setup.py.
This was not noticed so far because host Python interpreter is started
with a PYTHONPATH that contains a directory with target Python
packages, so versiontools was found there. But as we are about to fix
PYTHONPATH to no longer include such a directory,
python-json-schema-validator would fail due to versiontools being
missed on the host.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thomas Petazzoni [Wed, 12 Jul 2017 16:27:56 +0000 (18:27 +0200)]
python-u-msgpack: switch to setuptools instead of distutils
python-u-msgpack can use setuptools instead of distutils, and
using setuptools is generally preferred.
In addition, using setuptools allows to make sure the package will
continue to build when we will adjust the PYTHONPATH variable to no
longer point to target Python modules. Without such a change to
setuptools, the build would fail with:
=====================================================================
running install
Checking .pth file support in /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
/home/test/buildroot/output/host/bin/python -E -c pass
TEST FAILED: /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/ does NOT support .pth files
error: bad install directory or PYTHONPATH
You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from. The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:
Here are some of your options for correcting the problem:
* You can choose a different installation directory, i.e., one that is
on PYTHONPATH or supports .pth files
* You can add the installation directory to the PYTHONPATH environment
variable. (It must then also be on PYTHONPATH whenever you run
Python and want to use the package(s) you are installing.)
* You can set up the installation directory to support ".pth" files by
using one of the approaches described here:
Thomas Petazzoni [Wed, 12 Jul 2017 16:27:55 +0000 (18:27 +0200)]
python-pyro: switch to setuptools instead of distutils
python-pyro can use setuptools instead of distutils, and using
setuptools is generally preferred.
In addition, using setuptools allows to make sure the package will
continue to build when we will adjust the PYTHONPATH variable to no
longer point to target Python modules. Without such a change to
setuptools, the build would fail with:
=====================================================================
running install
Checking .pth file support in /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
/home/test/buildroot/output/host/bin/python -E -c pass
TEST FAILED: /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/ does NOT support .pth files
error: bad install directory or PYTHONPATH
You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from. The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:
Here are some of your options for correcting the problem:
* You can choose a different installation directory, i.e., one that is
on PYTHONPATH or supports .pth files
* You can add the installation directory to the PYTHONPATH environment
variable. (It must then also be on PYTHONPATH whenever you run
Python and want to use the package(s) you are installing.)
* You can set up the installation directory to support ".pth" files by
using one of the approaches described here:
Thomas Petazzoni [Wed, 12 Jul 2017 16:27:54 +0000 (18:27 +0200)]
python-pyasn: switch to setuptools instead of distutils
python-pyasn can use setuptools instead of distutils, and using
setuptools is generally preferred.
In addition, using setuptools allows to make sure the package will
continue to build when we will adjust the PYTHONPATH variable to no
longer point to target Python modules. Without such a change to
setuptools, the build would fail with:
=====================================================================
running install
Checking .pth file support in /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
/home/test/buildroot/output/host/bin/python -E -c pass
TEST FAILED: /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/ does NOT support .pth files
error: bad install directory or PYTHONPATH
You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from. The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:
Here are some of your options for correcting the problem:
* You can choose a different installation directory, i.e., one that is
on PYTHONPATH or supports .pth files
* You can add the installation directory to the PYTHONPATH environment
variable. (It must then also be on PYTHONPATH whenever you run
Python and want to use the package(s) you are installing.)
* You can set up the installation directory to support ".pth" files by
using one of the approaches described here:
ARM64: dts: meson-gxl: rename Nexbox A95x for consistency
Since the GXL family has S905X and S905D SoCs, we're keeping the SoC
name in the DTS filename for clarity. Rename this file accordingly to
be consistent with the rest of the GXL DTS files.
Cc: Neil Armstrong <narmstrong@baylibre.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Kevin Hilman <khilman@baylibre.com>
So adjust the defconfig and boot script to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
olimex_a20_olinuxino_micro: bump to U-Boot 2017.5 and fix build
This defconfig does not build anymore since commit 6cda724efb20682bb98e6d738e5f7c909415ae07 ("package/gcc: switch to gcc
6.x as the default"). Fix by upgrading to the latest U-Boot version.
Fixes:
In file included from include/linux/compiler.h:54:0,
from include/linux/bitops.h:5,
from ./include/common.h:20:
include/linux/compiler-gcc.h:114:30: fatal error: linux/compiler-gcc6.h: No such file or directory
#include gcc_header(__GNUC__)
^
compilation terminated.
[Build- and run-tested] Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Mon, 10 Jul 2017 18:51:22 +0000 (20:51 +0200)]
pcre2: enable no MMU build
Use '--disable-pcre2grep-callout' for !BR2_USE_MMU, disables
fork usage.
Fixes [1]:
CCLD pcre2grep
src/pcre2grep-pcre2grep.o: In function `pcre2grep_callout':
pcre2grep.c:(.text+0x402): undefined reference to `fork'
collect2: error: ld returned 1 exit status
Peter Korsgaard [Tue, 11 Jul 2017 10:28:57 +0000 (12:28 +0200)]
mpg123: security bump to version 1.25.2
>From the release notes:
- Extend pow tables for layer III to properly handle files with i-stereo and
5-bit scalefactors. Never observed them for real, just as fuzzed input to
trigger the read overflow. Note: This one goes on record as CVE-2017-11126,
calling remote denial of service. While the accesses are out of bounds for
the pow tables, they still are safely within libmpg123's memory (other
static tables). Just wrong values are used for computation, no actual crash
unless you use something like GCC's AddressSanitizer, nor any information
disclosure.
- Avoid left-shifts of negative integers in layer I decoding.
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 11 Jul 2017 09:02:20 +0000 (11:02 +0200)]
php: security bump to version 7.1.7
Fixes the following security issues:
CVE-2017-7890 - Buffer over-read into uninitialized memory. The GIF
decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be
reached with a call to the imagecreatefromstring() function) uses
constant-sized color tables of size 3 * 256, but does not zero-out these
arrays before use.
CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, the openssl extension PEM sealing code did not check the return value
of the OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative number in
ext/openssl/openssl.c, and an OpenSSL documentation omission.
CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, lack of a bounds check in the date extension's timelib_meridian
parsing code could be used by attackers able to supply date strings to leak
information from the interpreter, related to an ext/date/lib/parse_date.c
out-of-bounds read affecting the php_parse_date function.
CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x
through 7.1.7, lack of bounds checks in the date extension's
timelib_meridian parsing code could be used by attackers able to supply date
strings to leak information from the interpreter, related to
ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date
function. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2017-11145.
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit b78b50465c20c1733753a8dd47945cf80c9155f8, the initialisation
of BRTest.builddir was moved to the __init__ function. However, it is
set based on BRTest.outputdir and that is only set when the -o argument
is given to run-tests. When called as "run-tests -l", there is no -o
argument so BRTest.outputdir remains unset.
To fix, keep BRTest.builddir at None when BRTest.outputdir is None.
While we're at it, drop the direct access to the class member. If a
subclass wishes to set outputdir to something else before calling
BRTest.__init__, they are free to do so.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Reported-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
toolchain-external: default BR2_TOOLCHAIN_EXTERNAL_PATH to empty
It makes no sense to default to an arbitrary path. In addition, it in
fact works correctly when it is empty. In that case, the toolchain will
be searched in PATH.
Update the help text to explain the above, and also that the compiler
is supposed to be in the bin subdirectory.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
support/testing: move BRTest initialisation to __init__
BRTest's setUp() method contains a few assignments that initialize its
member variables. Since we will want to use these in test case
overrides, move them to the __init__ function.
Also allow the config member to be overridden, rather than always
taking the class member.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Up to now we created the $(HOST_DIR)/usr compatibility symlink as part
of the creation of $(HOST_DIR) itself. However, when the user specifies
a custom BR2_HOST_DIR, it is possible that the directory already exists
so this rule will never trigger.
Therefore, add an explicit rule for creating $(HOST_DIR)/usr and add
this rule to the dependencies of the dirs target. HOST_DIR itself goes
back to the standard rule for directories. The order-only dependency of
STAGING_DIR isn't needed any more either: HOST_DIR is implicitly
created if needed by mkdir -p, and we don't need to trigger the
HOST_DIR rule any more if the directory already exists.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libssh2 uses the implicit 'yes' argument of the --with-libgcrypt parameter as
a library path prefix, which breaks the build. Pass the library path as
--with-libgcrypt argument to fix that. Drop the unneeded
--with-libgcrypt-prefix.
manual: patches are not applied for SITE_METHOD = local
We had several remarks on the mailing list of users that were surprised
that patches were not applied for packages whose SITE_METHOD is local.
So document this.
Note that for OVERRIDE_SRCDIR itself it is already documented:
When Buildroot finds that for a given package, an
<pkg>_OVERRIDE_SRCDIR has been defined, it will no longer attempt to
download, extract and patch the package. Instead, it will directly use
the source code available in in the specified directory.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Max Filippov [Sun, 9 Jul 2017 12:22:01 +0000 (05:22 -0700)]
uboot: apply xtensa overlay
Xtensa core configuration must be added to U-Boot before it can be
built for that xtensa CPU variant. Extract configuration files from the
xtensa overlay as is done for other packages that need to be configured
for a specific xtensa core.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Max Filippov [Sun, 9 Jul 2017 12:22:00 +0000 (05:22 -0700)]
linux: apply xtensa overlay
Xtensa core configuration must be added to linux before it can be
built for that xtensa CPU variant. Extract configuration files from the
xtensa overlay as is done for other packages that need to be configured
for a specific xtensa core.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It can be interesting to get the overlay from a remote server, rather
than expect it to be present locally.
Since that file can be any URL, we can't know its hash, so we just
exclude it.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
[Thomas: use DL_DIR instead of BR2_DL_DIR.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
arch/xtensa: allow specifying path to tarball file
currently, specifying a custom Xtrensa core is done with two variables:
- the core name
- the directory containing the overlay tarball
However, the core name only serves to construct the tarball name, and is
not used whatsoever to configure any of the toolchain components
(binutils, gcc or gdb), except through the files that are overlayed in
their respective source trees.
This has two main drawbacks:
- the overlay file must be named after the core,
- the tarball can not be compressed.
Furthermore, it also makes it extremely complex to implement a download
of that tarball.
So, those two variables can be squeezed into a single variable, that is
the complete path of the overlay tarball.
Update the qemu-xtensa defconfig accordingly.
Note: we do not add a legacy entry for BR2_XTENSA_CORE_NAME, since it
was previously a blind option in the last release, and there's been no
release since we removed BR2_XTENSA_CUSTOM_NAME. So, we just update the
legacy comments for BR2_XTENSA_CUSTOM_NAME, since that's all the user
could have seen in any of our releases so far.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
arch/xtensa: get rid of an intermediate blind kconfig option
It is not needed to have an intermediate blind option, we can just
hide the prompt behind the same dependency as the non-blind symbol.
Update our qemu-xtensa defconfig acordingly (note: it was using
different values for both options, which is not possible; the blind
option was just set to the non-blind one in the .config).
Also remove an unneeded empty default for the BR2_XTENSA_OVERLAY_DIR
string option (strings are empty by default).
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Samuel Martin [Sun, 9 Jul 2017 05:00:38 +0000 (07:00 +0200)]
fs/ext2: rename BR2_TARGET_ROOTFS_EXT2_BLOCKS to BR2_TARGET_ROOTFS_EXT2_SIZE
This change deprecates the ext2/3/4 rootfs size in blocks symbol in
favor of one that mimic the fs-size argument behavior of mkfs (i.e.
size in a human readable format accepting k, m, g or t suffix or their
upper-case variants).
This change also updates the defconfigs that used to set
BR2_TARGET_ROOTFS_EXT2_BLOCKS symbol.
Signed-off-by: Samuel Martin <s.martin49@gmail.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Thu, 6 Jul 2017 14:40:50 +0000 (10:40 -0400)]
libressl: new package
Libressl is a fork of openssl from OpenSSL in 2014. Its goal is to
modernize the OpenSSL codebase, improve security, and apply best
practice development processes.
Right now, libressl is API compatible with OpenSSL 1.0.1, but does not
yet include all new APIs from OpenSSL 1.0.2 and later.
Signed-off-by: Adam Duskett <aduskett@codeblue.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 8 Jul 2017 14:34:33 +0000 (16:34 +0200)]
irssi: security bump to version 1.0.4
>From the advisory:
https://irssi.org/security/irssi_sa_2017_07.txt
Two vulnerabilities have been located in Irssi.
(a) When receiving messages with invalid time stamps, Irssi would try
to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter
of Geeknik Labs. (CWE-690)
CVE-2017-10965 [2] was assigned to this bug
(b) While updating the internal nick list, Irssi may incorrectly use
the GHashTable interface and free the nick while updating it. This
will then result in use-after-free conditions on each access of
the hash table. Found by Brian 'geeknik' Carpenter of Geeknik
Labs. (CWE-416 caused by CWE-227)
CVE-2017-10966 [3] was assigned to this bug
Impact
------
(a) May result in denial of service (remote crash).
(b) Undefined behaviour.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 6 Jul 2017 10:48:41 +0000 (12:48 +0200)]
ccache: make default host-ccache cache dir fit for multi-user setups
While building I noticed:
>>> host-ccache 3.3.4 Building
conf.c: In function 'conf_create':
conf.c:314:2: warning: too many arguments for format [-Wformat-extra-args]
conf->cache_dir = format("/home/peko/.buildroot-ccache", get_home_directory());
^
As host-ccache gets installed into $(HOST_DIR) and is part of the SDK,
hardcoding the build user homedir isn't really nice for the relocatable
SDK feature (or simply for a SDK used by multiple users).
As the warning shows, CCache replaces "%s" with the current user home
directory, so rewrite BR_CACHE_DIR to use this feature if it begins with
$HOME.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We no longer have automatic derivation of DEPENDENCIES for host
packages, so the comment that we don't want a host-busybox dependency
is no longer valid.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Eric Le Bihan [Fri, 7 Jul 2017 17:09:46 +0000 (19:09 +0200)]
execline: restore --shebangdir configure option
Passing the option --shebangdir=/usr/bin to the configuration script adds the
CPP definition EXECLINE_SHEBANGPREFIX to
execline-x.y.z/src/include/execline/config.h. It is used by `s6-rc-compile` from
the s6-rc package to set the path to the execline interpreter in the scripts it
generates.
So, when building the host variant of execline, this path will be used in the
target service scripts generated by the host variant of `s6-rc-compile`. If not
forced to /usr/bin, the location of the execline interpreter on the target, it
will default to $(HOST_DIR)/bin thus leading to non-working scripts on the
target.
So, restore this option for the host variant.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since mtd was converted to the package infrastructure in commit de4cf4e9135e198d4c3beefc8ad63c03870eb78a ("mtd: convert to gentargets,
add host package"), its host variant depended on host-e2fsprogs. At
the time, only a host variant of the mtd package was available.
When a target variant of mtd was introduced in commit b50e0fa113bf641a3764ae99b94bb7ba4e1e8f85 ("mtd: add option to build
mkfs.ubifs for target"), it depended on util-linux.
So today, the target variant continues to depend on util-linux, while
the host variant depends on e2fsprogs. What mkfs.ubifs really needs
is libuuid, which is provided by util-linux. It was in fact provided
by the fact that host-e2fsprogs depends on host-util-linux.
But really, host-e2fsprogs is not needed as a dependency, so use
host-util-linux to be consistent with the target variant.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Building the MTD test programs requires the MS_DIRSYNC, which is not
necessarily available on old build machines. But obviously, MTD test
programs are not needed, so we can simply disable them, as they were
prior to the migration to mtd 2.0.
toolchain-wrapper: fix breakage after host/usr removal
The toolchain wrapper, when called through PATH, strips the last three
levels of /proc/self/exe to find HOST_DIR. However, after the host/usr
removal, this should be just two levels.
The toolchain wrapper has different logic for when it is called with a
full path (i.e. $HOST_DIR/usr/bin/arm-linux-gcc) then when it is called
through the PATH (i.e. just arm-linux-gcc). The latter is never used
internally in Buildroot, that's why this wasn't discovered through
testing.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Cc: Mark Jackson <mpfj-list@newflow.co.uk> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
pkg-cmake.mk: Set CMAKE_SYSTEM_PROCESSOR_ARM_VARIANT for ARMv8
This is needed for correctly building some CMake-based packages which
use this variable. For example, this is needed for WebKitGTK+ 2.16.x
to build correctly when an ARMv8 target is configured.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
With 2000+ packages it's not trivial to identify i.e.:
- all packages that don't have a hash file;
- all packages that have patches;
- all packages that have code style warnings;
User experience can be improved by dynamically sorting the resulting
table.
There is an open-source solution that does that in the client-side and
requires minimal changes to our script: sorttable.js. The script is
MIT licensed as stated in its website.
Also add a hint to the user that the table can be sorted.
linuxptp: refactor with LINUXPTP_MAKE_{ENV,OPTS} variables
Since there is quite some duplication in the variables to be passed in
the make environment and as make options between the build and install
steps, this commit introduces LINUXPTP_MAKE_ENV and LINUXPTP_MAKE_OPTS
to avoid the duplication.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>