Thomas Petazzoni [Wed, 10 Jan 2018 21:19:14 +0000 (22:19 +0100)]
package/kmsxx: don't install static libraries when BR2_SHARED_STATIC_LIBS=y
The kmsxx build system can only build either shared libraries *or*
static libraries, not both. Therefore, the build currently fails when
BR2_SHARED_STATIC_LIBS=y because we try to install the static
libraries, that haven't been built.
We fix this by not installing the static libraries when
BR2_SHARED_STATIC_LIBS=y, making BR2_SHARED_STATIC_LIBS=y essentially
the same as BR2_SHARED_LIBS=y for this package.
Fixes bug #10331.
Reported-by: Frederic MATHIEU <frederic.mathieu@dualis.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 28d5ca9c96f5144e86fac7ec6485fa5634cd6e97) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Wed, 10 Jan 2018 19:53:58 +0000 (20:53 +0100)]
package/avahi: fix typo in avahi_tmpfiles.conf
There is an obvious typo in avahi_tmpfiles.conf: avahi-autoipd is
badly spelled.
Fixes bug #10641.
Reported-by: Michael Heinemann <posted@heine.so> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c427ce4d9f54d9b6433969ecb0fc8a4a5a9ba9b5) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a maintenance release of the current stable WebKitGTK+ version,
which contains mitigations for CVE-2017-5753 and CVE-2017-5715, the
vulnerabilities known as the "Spectre" attack. It also contains a fix
which allows building the reference documentation with newer gtk-doc
versions.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c5bc08ba3198075dcf6f96b34684d577cfe5a69) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 8 Jan 2018 10:08:15 +0000 (11:08 +0100)]
asterisk: security bump to version 14.7.5
Fixes the following security issues:
* AST-2017-014: Crash in PJSIP resource when missing a contact header A
select set of SIP messages create a dialog in Asterisk. Those SIP
messages must contain a contact header. For those messages, if the header
was not present and using the PJSIP channel driver, it would cause
Asterisk to crash. The severity of this vulnerability is somewhat
mitigated if authentication is enabled. If authentication is enabled a
user would have to first be authorized before reaching the crash point.
For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-13185-1475-1515-and-1318-cert2-now-available-security
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4f13dc362d5c9c63fb5a21ede7cf902c1281cef0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 7 Jan 2018 22:59:40 +0000 (23:59 +0100)]
ntp: does not work with libressl
Fixes #10556
The --with-crypto handling in ntp only works with libopenssl, not with
libressl, where it ends up with compilation issues like:
ntp_control.c:(.text+0x64): undefined reference to `EVP_MD_CTX_new'
ntp_control.c:(.text+0x10c): undefined reference to `EVP_MD_CTX_free'
libntpd.a(ntp_crypto.o): In function `bighash':
ntp_crypto.c:(.text+0x2e8): undefined reference to `EVP_MD_CTX_new'
ntp_crypto.c:(.text+0x328): undefined reference to `EVP_MD_CTX_free'
libntpd.a(ntp_crypto.o): In function `crypto_verify':
ntp_crypto.c:(.text+0x6cc): undefined reference to `EVP_MD_CTX_new'
ntp_crypto.c:(.text+0x710): undefined reference to `EVP_MD_CTX_free'
ntp_crypto.c:(.text+0x72c): undefined reference to `EVP_MD_CTX_free'
So ensure we only pass --with-crypto when libopenssl is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 522111f81c7d535f4f362ad4a15d141d0eb39ec5) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 7 Jan 2018 21:46:29 +0000 (22:46 +0100)]
asterisk: security bump to version 14.6.2
Fixes the following security issues:
14.6.1:
* AST-2017-005 (applied to all released versions): The "strictrtp" option in
rtp.conf enables a feature of the RTP stack that learns the source address
of media for a session and drops any packets that do not originate from
the expected address. This option is enabled by default in Asterisk 11
and above. The "nat" and "rtp_symmetric" options for chan_sip and
chan_pjsip respectively enable symmetric RTP support in the RTP stack.
This uses the source address of incoming media as the target address of
any sent media. This option is not enabled by default but is commonly
enabled to handle devices behind NAT.
A change was made to the strict RTP support in the RTP stack to better
tolerate late media when a reinvite occurs. When combined with the
symmetric RTP support this introduced an avenue where media could be
hijacked. Instead of only learning a new address when expected the new
code allowed a new source address to be learned at all times.
If a flood of RTP traffic was received the strict RTPsupport would allow
the new address to provide media and with symmetric RTP enabled outgoing
traffic would be sent to this new address, allowing the media to be
hijacked. Provided the attacker continued to send traffic they would
continue to receive traffic as well.
* AST-2017-006 (applied to all released versions): The app_minivm module has
an “externnotify” program configuration option that is executed by the
MinivmNotify dialplan application. The application uses the caller-id
name and number as part of a built string passed to the OS shell for
interpretation and execution. Since the caller-id name and number can
come from an untrusted source, a crafted caller-id name or number allows
an arbitrary shell command injection.
* AST-2017-007 (applied only to 13.17.1 and 14.6.1): A carefully crafted URI
in a From, To or Contact header could cause Asterisk to crash
For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-11252-13171-1461-116-cert17-1313-cert5-now-available-security
14.6.2:
* AST-2017-008: Insufficient RTCP packet validation could allow reading
stale buffer contents and when combined with the “nat” and “symmetric_rtp”
options allow redirecting where Asterisk sends the next RTCP report.
The RTP stream qualification to learn the source address of media always
accepted the first RTP packet as the new source and allowed what
AST-2017-005 was mitigating. The intent was to qualify a series of
packets before accepting the new source address.
For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-11253-13172-1462-116-cert18-1313-cert6-now-available-security
Drop 0004-configure-in-cross-complation-assimne-eventfd-are-av.patch as this
is now handled differently upstream (by disabling eventfd for cross
compilation, see commit 2e927990b3d2 (eventfd: Disable during cross
compilation)). If eventfd support is needed then this should be submitted
upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3f1d2c6c746a04d19a493f4e7b866e84e3aa7dc8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 7 Jan 2018 21:03:18 +0000 (22:03 +0100)]
irssi: security bump to version 1.0.6
>From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):
Multiple vulnerabilities have been located in Irssi.
(a) When the channel topic is set without specifying a sender, Irssi
may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)
CVE-2018-5206 was assigned to this issue.
(b) When using incomplete escape codes, Irssi may access data beyond
the end of the string. (CWE-126) Found by Joseph Bisch.
CVE-2018-5205 was assigned to this issue.
(c) A calculation error in the completion code could cause a heap
buffer overflow when completing certain strings. (CWE-126) Found
by Joseph Bisch.
CVE-2018-5208 was assigned to this issue.
(d) When using an incomplete variable argument, Irssi may access data
beyond the end of the string. (CWE-126) Found by Joseph Bisch.
CVE-2018-5207 was assigned to this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit aebdb1cd4b4034542eb7c50fc4b6a265c5ba5c77) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jan Heylen [Thu, 4 Jan 2018 12:28:30 +0000 (13:28 +0100)]
toolchain: m68k coldfire is also affected by gcc bug 64735
Verified experimentally by using exception_ptr with m68k_cf5208 and
looking at the value of ATOMIC_INT_LOCK_FREE. ATOMIC_INT_LOCK_FREE=1,
so the issue is present. Also verified that gcc 7.x fixed it also for
cf5208.
Signed-off-by: Jan Heylen <jan.heylen@nokia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 98b3b83fb54323cd1be0f38084a51c4e0c939e65) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Wed, 3 Jan 2018 17:39:52 +0000 (18:39 +0100)]
core/infra: fix build on toolchain without C++
Autotools-based packages that do not need C++ but check for it, and use
libtool, will fail to configure on distros that lack /lib/cpp.
This is the case for example on Arch Linux, where expat fails to build
with:
configure: error: in `/home/dkc/src/buildroot/build/build/expat-2.2.4':
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
This is because libtool uses AC_PROC_CXXCPP, which can not be avoided,
and does require a cpp that passes some "sanity" checks (does not choke
on valid input, but does choke on invalid input). So we can use neither
/bin/false nor /bin/true...
We instead need something that can digest some basic C++ preprocessor
input. We can't use the target preprocessor: that does not work, because
it obviously has no C++ cupport:
arm-linux-cpp.br_real: error: conftest.cpp: C++ compiler not
installed on this system
We can however consider that the host machine does have a C++ compiler,
so we use the host' cpp, which is gcc's compiler wrapper that ends up
calling the host's C++ preprocessor.
That would give us a valid C++ preprocessor when we don't have one, in
fact. But autotools will then correctly fail anyway, because there is
indeed no C++ compiler at all, as we can see in this excerpt of a
configure log from expat:
checking whether we are using the GNU C++ compiler... no
checking whether false accepts -g... no
checking dependency style of false... none
checking how to run the C++ preprocessor... cpp
checking whether the false linker (/home/ymorin/dev/buildroot/O/host/bin/arm-linux-ld) supports shared libraries... yes
libtool.m4: error: problem compiling CXX test program
checking for false option to produce PIC... -DPIC
checking if false PIC flag -DPIC works... no
checking if false static flag works... no
checking if false supports -c -o file.o... no
checking if false supports -c -o file.o... (cached) no
checking whether the false linker (/home/ymorin/dev/buildroot/O/host/bin/arm-linux-ld) supports shared libraries... yes
So, using the host's C++ preprocessor (by way of gcc's wrapper) leads to
a working situation, where the end result is as expected.
Reported-by: Damien Riegel <damien.riegel@savoirfairelinux.com> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Damien Riegel <damien.riegel@savoirfairelinux.com> Cc: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bd39d11d2eaa679f09ab49fd3e4cd5511a168d1c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2017-15365 - Replication in sql/event_data_objects.cc occurs before ACL
checks.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca1f2d266ddba2f530731e91ebbf792638cee8bb) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Make sure that the pie charts produced by 'graph-build' and 'graph-size'
targets are sorted on the size of each piece of the pie. Otherwise, making
visual analysis is difficult, as one needs to look at the legends of each
piece and do the sorting manually in their head.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a3f37c53d5b7ecd8ebae4b0baabb66147896302b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Carlos Santos [Thu, 12 Oct 2017 23:33:32 +0000 (20:33 -0300)]
coreutils: expand list of files moved from /usr/bin to /bin
BusyBox installs kill, link, mktemp, nice and printenv on /bin, so
ensure that coreutils replaces them.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 443897bce4b01eae98155ac947d3387e6a2f289e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Fri, 29 Dec 2017 20:26:08 +0000 (21:26 +0100)]
tar: do not build SELinux support for host variant
If we don't explicitly disable SELinux support in the host-tar build,
it might pick up system-wide installed SELinux libraries, causing the
tar in HOST_DIR/bin/ to depend on the host SELinux libraries, which is
not desirable to make the SDK portable/relocatable.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 121807c08927c0a0d04c965beb6a8785ea89e47f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sat, 23 Dec 2017 16:15:40 +0000 (17:15 +0100)]
package/matchbox-lib: correctly fix the .pc file
First, the .pc file was so far fixed as a post-configure hook of the
matchbox-fakekey package, by directly tweaking the .pc file installed in
staging by matchbox-lib. That's uterly wrong and bad.
So, we move the fix to matchbox-lib.
Second, it was incorreclty tweaking the .pc file when xlib_libXft was
not enabled, because only then a path to staging was present.
Third, even when xlib_libXft was enabled, the tweaking was still wrong,
because unnecessary.
Fix all that.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 84a2645e5b2600d28d91005937c17bec554dd4d1) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Marcus Folkesson [Wed, 27 Dec 2017 12:35:55 +0000 (13:35 +0100)]
libiio: fix libavahi-client dependency
Avahi needs avahi-daemon and D-Bus to build avahi-client.
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 18e00edb7796790b1ac1a0f6982ab8e25e27c691) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1d8de10c5fb36619708898a529977058886f31d1) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Tue, 26 Dec 2017 13:19:21 +0000 (14:19 +0100)]
package/mfgtools: bump to 0.02
Bump mfgtools to include the fix [1] for the C++ build issue reported
by the autobuilders.
This bump include only 4 small commits fixing memory leak and this
build issue.
Remove CPOL.htm (removed upstream) from MFGTOOLS_LICENSE_FILES but CPOL
license is still valid.
Add the README.txt file to MFGTOOLS_LICENSE_FILES since it contains
licensing informations:
Licenses:
- CPOL: MfgToolLib/XmlLite.CPP and XmlLite.h
- BSD: Others.
This is a maintenance release of the current stable WebKitGTK+ version,
which contains fixes for CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, and
CVE-2017-13856. Additionally, this release brings improvements in the
WebDriver spec-compliance, plugs several memory leaks in its GStreamer based
multimedia backend, and fixes a bug when handling cookie removal.
More details about the security fixes are provided in the following
WebKitGTK+ Security Advisory report:
https://webkitgtk.org/security/WSA-2017-0010.html
Last but not least, this new release includes the fix for honoring the
CMAKE_BUILD_TYPE value from CMake toolchain files and the corresponding
patch is removed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fbf6a483e00a87fb561fa5fe9a423c4a14867f50) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e7f82694cfe98f659ff08b5834e32f8996ca55c5) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 20 Dec 2017 11:26:01 +0000 (12:26 +0100)]
qemu: security bump to version 2.10.2
Fixes the following security issues:
CVE-2017-13672: QEMU (aka Quick Emulator), when built with the VGA display
emulator support, allows local guest OS privileged users to cause a denial
of service (out-of-bounds read and QEMU process crash) via vectors involving
display update.
CVE-2017-15118: Stack buffer overflow in NBD server triggered via long
export name
CVE-2017-15119: DoS via large option request
CVE-2017-15268: Qemu through 2.10.0 allows remote attackers to cause a
memory leak by triggering slow data-channel read operations, related to
io/channel-websock.c.
For more details, see the release announcement:
https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg03618.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eb2b3df62666b0e2dc3042efdfecd7f62513bc9a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 19 Dec 2017 11:56:28 +0000 (12:56 +0100)]
rsync: add upstream security fix for CVE-2017-16548
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development
does not check for a trailing '\0' character in an xattr name, which allows
remote attackers to cause a denial of service (heap-based buffer over-read
and application crash) or possibly have unspecified other impact by sending
crafted data to the daemon.
For more details, see:
https://bugzilla.samba.org/show_bug.cgi?id=13112
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7f33f1d848908975b513f852873ae4fdb2702183) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Put together alsa-lib dependency and configure option code. As a side
effect we now avoid alsa-lib dependency when the required support in
alsa is missing.
Use positive logic.
Explicitly enable alsa support when available.
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8a560563f94e2aa2053db1cd41aa6c74ece1957c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 19 Dec 2017 15:12:32 +0000 (17:12 +0200)]
pulseaudio: remove the ConsoleKit module
The ConsoleKit module is loaded by default from the default.pa
configuration file, but its initialization fails because Buildroot has
no ConsoleKit package yet. This breaks per-user pulseaudio daemon.
The default.pa configuration load module-console-kit only when it
exists. Remove module-console-kit to fix pulseaudio per-user startup.
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 64dab3c67256e5373eaf4d5e5d6f3f29602b6587) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Damien Riegel [Mon, 18 Dec 2017 21:19:35 +0000 (16:19 -0500)]
lldpd: remove check on CXX compiler
lldpd currently depends on a C++ compiler to configure properly, but
the package doesn't select that option, so builds fail if
BR2_TOOLCHAIN_BUILDROOT_CXX is not selected with following errors:
checking how to run the C++ preprocessor... /lib/cpp
configure: error: in `/home/dkc/src/buildroot/build-zii/build/lldpd-0.9.4':
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
This package actually builds fine without C++, so drop this check in
configure.ac. Attached patch has already been accepted upstream [1].
Martin Bark [Mon, 18 Dec 2017 18:17:34 +0000 (18:17 +0000)]
package/nodejs: security bump to version 8.9.3
See https://nodejs.org/en/blog/release/v8.9.3/
[Peter: mention that this fixes security issues] Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 380c3d5e4067fcd0d551890083dc83edd6b8a055) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Fri, 8 Dec 2017 21:29:52 +0000 (22:29 +0100)]
gdb: prevent installation of libbfd.so and libopcode.so
The gdb install target installs dynamic versions of libbfd and
libopcode, accidentally overwriting the binutils provided versions
(gdb itself links against the bundled static ones to avoid
version problems, so the dynamic ones are un-needed).
Prevent the installation by using the '--disable-install-libbfd'
configure option.
Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b54c7931952874a814e48df75093e13ad955604f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2017-10378 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily
exploitable vulnerability allows low privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server.
CVE-2017-10268 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication). Supported versions that are affected are
5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to
exploit vulnerability allows high privileged attacker with logon to the
infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized access to
critical data or complete access to all MySQL Server accessible data.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e299197a2c2a267d05e5ae7cb7298bce0faceb51) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 0542bb79e8 (uboot: Support multiple environment source files),
missing user-supplied environment source files is no longer detected.
This is because we cat them all, and feed the concatenation to the stdin
of mkenvimage. So, if one source file is missing, the cat exits in error,
but the compound command exits with the exit code of the last command,
which is that of mkenvimage, which happens to be happy with whatever it
is fed on its stdin, even is empty.
We fix that by creating a temporary file, that we even leave afterward
for the user to inspect.
We also move it out of the _CMDS block and into a macro of its own, so
that it is easier to write and maintain.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Cam Hutchison <camh@xdna.net> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c9b6604fa7871087120cd8a469452807d14a4c1c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/linux-tools: fixes build of iio with 4.14+ kernels
Since Linux kernel commit [1], the build of the iio tool has been
changed to use the common Linux tools build system. The installation
directory is now given by DESTDIR, like for all other Linux tools.
We keep the INSTALL_DIR environment in the 'install' target to be
compatible with kernels older than 4.14.
Peter Korsgaard [Mon, 11 Dec 2017 11:20:14 +0000 (12:20 +0100)]
wireguard: bump version
Various bugfixes, including a compat fix for <= 3.10.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6bfa6b2a046775abe90506930fd1a6aa13d02531) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For more information, see the release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.11.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d2bc1e2bbbabc70f2e9436387b8a40ff96216372) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Fri, 8 Dec 2017 07:12:56 +0000 (09:12 +0200)]
glibc: security bump to the latest 2.26 branch
List of fixes from the 2.26 branch NEWS files:
CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
suffered from a one-byte overflow during ~ operator processing (either
on the stack or the heap, depending on the length of the user name).
Reported by Tim Rühsen.
CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
would sometimes fail to free memory allocated during ~ operator
processing, leading to a memory leak and, potentially, to a denial
of service.
CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
without GLOB_NOESCAPE, could write past the end of a buffer while
unescaping user names. Reported by Tim Rühsen.
CVE-2017-17426: The malloc function, when called with an object size near
the value SIZE_MAX, would return a pointer to a buffer which is too small,
instead of NULL. This was a regression introduced with the new malloc
thread cache in glibc 2.26. Reported by Iain Buclaw.
Cc: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 971ed9653e7434d5c02488405d6572483ee201e0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Petr Vorel <petr.vorel@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9e46f59482282364fdcc816cd5961ccb42b3cdb3) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Johan Oudinet [Wed, 6 Dec 2017 14:47:53 +0000 (15:47 +0100)]
flann: Disable find package for HDF5
The HDF5 package is used by flann for testing purpose only and is
not part of buildroot packages. However, if present in the host, it will
be used and trigger the unsafe header/library path used in
cross-compilation error.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f6ee339e92360fc43ebe17928656c06634b09c97) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop 4.14.x bump] Signed-off-by: Fabio Estevam <festevam@gmail.com>
[Thomas: adjust commit description to mention the CVE being fixed.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9f5178fa3495b5b59c4d86c2d1a6fca23bf4e6f3) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 3 Dec 2017 18:23:10 +0000 (19:23 +0100)]
package/kodi-pvr-stalker: needs libxml2
Since
https://git.buildroot.net/buildroot/commit/package/kodi?id=bf9bfd065ba3fab328fd041ca040f2bf134fecf2
kodi itself does not depend on libxml2 anymore which previously
provided libxml2 still needed by kodi-pvr-stalker:
https://github.com/kodi-pvr/pvr.stalker/blob/Krypton/CMakeLists.txt#L12
Fixes a build error not caught by autobuilders because they do not have
host jdk installed:
CMake Error at /usr/share/cmake-3.7/Modules/FindPackageHandleStandardArgs.cmake:138 (message):
Could NOT find LibXml2 (missing: LIBXML2_LIBRARIES LIBXML2_INCLUDE_DIR)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7be5653b865938af3fdbcbd1553145a8e90426a1) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CC clients/weston_simple_dmabuf_drm-simple-dmabuf-drm.o
clients/simple-dmabuf-drm.c: In function 'create_display':
clients/simple-dmabuf-drm.c:758:15: warning: implicit declaration of function 'eglQueryString' [-Wimplicit-function-declaration]
extensions = eglQueryString(EGL_NO_DISPLAY, EGL_EXTENSIONS);
^~~~~~~~~~~~~~
clients/simple-dmabuf-drm.c:758:30: error: 'EGL_NO_DISPLAY' undeclared (first use in this function)
extensions = eglQueryString(EGL_NO_DISPLAY, EGL_EXTENSIONS);
^~~~~~~~~~~~~~
clients/simple-dmabuf-drm.c:758:30: note: each undeclared identifier is reported only once for each function it appears in
clients/simple-dmabuf-drm.c:758:46: error: 'EGL_EXTENSIONS' undeclared (first use in this function)
extensions = eglQueryString(EGL_NO_DISPLAY, EGL_EXTENSIONS);
^~~~~~~~~~~~~~
clients/simple-dmabuf-drm.c:759:21: warning: implicit declaration of function 'weston_check_egl_extension' [-Wimplicit-function-declaration]
if (extensions && !weston_check_egl_extension(extensions,
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit be420d12f10d5b2c9c5d3675c73b2dffc3a66e3c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Wed, 29 Nov 2017 23:08:39 +0000 (00:08 +0100)]
package/checkpolicy: rename variable
We use package names as poor-man's namespace, so fix that.
Reported by utils/check-package.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Adam Duskett <aduskett@gmail.com> Cc: Clayton Shotwell <clayton.shotwell@rockwellcollins.com> Cc: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas: use CHECKPOLICY_MAKE_OPTS instead of
CHECKPOLICY_TARGET_MAKE_OPTS, as it is more consistent with
HOST_CHECKPOLICY_MAKE_OPTS being used for the host variant.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d9f771b9020bda091804fdc3ff75a2d5b18a0e6c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yegor Yefremov [Fri, 1 Dec 2017 12:40:20 +0000 (13:40 +0100)]
uboot-tools: fix dtc invocation
Since uboot 2017.09 path to dtc will be configured via Kconfig. As BR
skips this step for uboot-tools building one has to provide
CONFIG_MKIMAGE_DTC_PATH=dtc on the build command line. Otherwise
mkimage will not be able to create FIT images, i.e.:
mkimage -f kernel-fit.its kernel-fit.itb
will fail with very weird errors.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 21ab88c4171ff9efa8a364bd8015c7d46628f9ec) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
https://git.buildroot.net/buildroot/commit/package/linknx?id=b56083099f113817edc6811e2cdd820df1c80450
removed autoreconf but did not re-add libcurl as optional dependency by
mistakenly assuming that libcurl is needed only for autoreconf.
checking for curl-config... /usr/bin/curl-config
checking for the version of libcurl... 7.52.1
checking for libcurl >= version 7.14.0... yes
checking whether libcurl is usable... no
and with this patch
checking for curl-config... /home/buildroot/br4/output/host/i586-buildroot-linux-uclibc/sysroot/usr/bin/curl-config
checking for the version of libcurl... 7.57.0
checking for libcurl >= version 7.14.0... yes
checking whether libcurl is usable... yes
checking for curl_free... yes
Inspired by the fli4l project
https://web.nettworks.org/repo/changelog/fli4l?cs=49347
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 22c8b9fce95740c2d34d533110f6c2c6cfd77203) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 42dfbdfe51a62d6c2c007c3c47ec64647179f306) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Philippe Proulx <eeppeliteloop@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Andrey Yurovsky [Tue, 28 Nov 2017 03:37:07 +0000 (19:37 -0800)]
support/scripts/size-stats: avoid divide-by-zero
Some packages (ex: skeleton-init-systemd) have a zero size so we cannot
divide by the package size. In that case make their percent zero
explicitly and avoid a ZeroDivisionError exception.
Signed-off-by: Andrey Yurovsky <yurovsky@gmail.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Danomi Manchego [Wed, 29 Nov 2017 02:55:24 +0000 (21:55 -0500)]
samba4: ensure that copied cache.txt is writable
If the Buildroot tree is read-only, then cache.txt is copied read-only into
the build directory, and the configuration step fails. Fix this in the
same way we do in other places, by opening permissions as we copy the file
using $(INSTALL).
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
webkitgtk: Add upstream patch to ensure CMAKE_BUILD_TYPE is honored
Make WebKitGTK+ honor the value of CMAKE_BUILD_TYPE defined in the CMake
toolchain file by backporting the following upstream WebKit patch:
https://trac.webkit.org/changeset/225168
This reduces the generated binary sizes when building in "Release" mode
(BR2_ENABLE_DEBUG=n), for example when targeting ARMv8 the size reduction
is ~17 MiB.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Carlos Santos [Tue, 28 Nov 2017 16:06:51 +0000 (14:06 -0200)]
mtools: do not link to libbsd
If libbsd is found by the configuration process, mtools unnecessarily
adds a NEEDED field with libbsd to its dynamic section, but it does not
actually use anything from libbsd under Linux. The same may happen to
host-mtools if some libbsd package is installed on the host machine.
Prevent this by forcing configure to bypass the checking for the
existence of a gethostbyname function in libbsd.
I stumbled on this problem when I built host-mtools and later removed
libbsd to upgrade to Fedora 27, due to Bug 1504831[1]. The previously
built host/bin/mtools started to fail due to the missing libbsd.so.0.
Baruch Siach [Tue, 28 Nov 2017 15:23:21 +0000 (17:23 +0200)]
libevent: disable openssl for host
As host-libevent does not depend on host-openssl, it might attempt to
build against the host installed openssl. This does not work very well
on various hosts. Since we don't really need encryption support in
host-libevent just disable openssl support.
Disable build of example code as we already do for the target libevent.
Peter Korsgaard [Wed, 29 Nov 2017 07:37:49 +0000 (08:37 +0100)]
Update for 2017.08.2
[Peter: drop Makefile changes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1d02d0be586bfdaff926a7c6c8930d186cdd92b2) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 27 Nov 2017 21:56:06 +0000 (22:56 +0100)]
Update for 2017.02.8
[Peter: drop Makefile changes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d745e94683d70d12a10a413a58e833df60042c50) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>