Chris Lesiak [Mon, 30 Apr 2018 17:14:11 +0000 (12:14 -0500)]
Makefile: Update mtime of $(TARGET_DIR)/usr in target-finalize
The systemd ConditionNeedsUpdate option is useful when offline updates
of the vendor operating system resources in /usr require updating of
/etc or /var on the next following boot.
Two examples of services making use of this option are
systemd-hwdb-update.service and systemd-sysusers.service.
ConditionNeedsUpdate=/etc will be true if the mtime of /etc/.updated
is older than the mtime of /usr. After services conditional on
ConditionNeedsUpdate have run, systemd-update-done.service will
synch the mtime of /usr to /etc/.updated so that the condition will
be false on subsequent boots.
For systems with writable /usr partitions where updates are done to
the running system, the update program will touch /usr as a final step.
But with Buildroot, where updates are often done by dumping a new
image onto the device, and where /usr is on a filesystem mounted
read-only, touching /usr as part of the update process is not practical.
Instead, it should be done a build time.
For testers, please note that systemd-update-done in v234 added a
regression where the mtime of /etc/.updated is set to the current time
instead of the mtime or /usr. This will be fixed in v239.
For more details, see:
http://0pointer.de/public/systemd-man/systemd.unit.html
http://0pointer.de/public/systemd-man/systemd-update-done.service.html
Signed-off-by: Chris Lesiak <chris.lesiak@licor.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bbe5c6dad4da9cd174d5ef21caa73557e4592b31) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Stefan Becker [Wed, 2 May 2018 09:05:08 +0000 (12:05 +0300)]
host-mkpasswd: fix crash on Fedora 28 build host
crypt() is an optional glibc feature. Some distros, like Fedora 28, are
phasing it out to be replaced with libxcrypt [1]. Unfortunately this
change is only ABI compatible, not source code compatible, i.e. the code
will compile with warnings about undefined crypt(), but the resulting
binary will crash.
Follow the guidance in the Fedora bug and include crypt.h when
_XOPEN_CRYPT is not defined.
Signed-off-by: Stefan Becker <chemobejk@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3c514c2dc5186c4357b2c0fc2e1c4b47e0f555c7) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Stefan Becker [Wed, 2 May 2018 11:14:48 +0000 (14:14 +0300)]
package/python: add upstream GCC8 build fix
Fedora 28 switched to GCC8.
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
[Thomas: fixup location of SoB in the patch.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a1b7f5e64d392a802adb586b97deea0a6f4f500e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Stefan Becker [Wed, 2 May 2018 10:09:04 +0000 (13:09 +0300)]
Config.in: add BR2_HOST_GCC_AT_LEAST_8
Fedora 28 switched to GCC 8.x.
Signed-off-by: Stefan Becker <chemobejk@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e13ab2e04a300f332d80f9b81c8830df07e3fd61) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
John Keeping [Tue, 1 May 2018 12:28:41 +0000 (13:28 +0100)]
core/pkg-generic: only save latest package list
When rebuilding a package, simply appending the package's file list to
the global list means that the package list grows for every rebuild, as
does the time taken to check for files installed by multiple packages.
Furthermore, we get false positives where a file is reported as being
installed by multiple copies of the same package.
With this approach we may end up with orphaned files in the target
filesystem if a package that has been updated and rebuilt no longer
installs the same set of files, but we know that only a clean build will
produce reliable results. In fact it may be helpful to identify these
orphaned files as evidence that the build is not clean.
Signed-off-by: John Keeping <john@metanate.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d3dca1e9936bcaa0eed226a5bcb8c6a4d1fd1472) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Fri, 20 Apr 2018 14:07:13 +0000 (16:07 +0200)]
bluez5_utils: add patch to fix readline issue
Since bluez5_utils 5.48, some code using readline was compiled even if
readline was not available. After this issue was reported upstream, a
patch was proposed by an upstream developer to address the issue. This
commit integrates this patch (under review upstream), which fixes the
problem.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d4158df6c19c76ea3405975b87f13b1c092a40e0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 30 Apr 2018 12:04:59 +0000 (14:04 +0200)]
sdl2_image: security bump to version 2.0.3
Fixes the following security issues:
CVE-2017-12122: An exploitable code execution vulnerability exists in the
ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted
ILBM image can cause a heap overflow resulting in code execution. An
attacker can display a specially crafted image to trigger this
vulnerability.
CVE-2017-14440: An exploitable code execution vulnerability exists in the
ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted
ILBM image can cause a stack overflow resulting in code execution. An
attacker can display a specially crafted image to trigger this
vulnerability.
CVE-2017-14441: An exploitable code execution vulnerability exists in the
ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted
ICO image can cause an integer overflow, cascading to a heap overflow
resulting in code execution. An attacker can display a specially crafted
image to trigger this vulnerability.
CVE-2017-14442: An exploitable code execution vulnerability exists in the
BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted
BMP image can cause a stack overflow resulting in code execution. An
attacker can display a specially crafted image to trigger this
vulnerability.
CVE-2017-14448: An exploitable code execution vulnerability exists in the
XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted
XCF image can cause a heap overflow resulting in code execution. An
attacker can display a specially crafted image to trigger this
vulnerability.
CVE-2017-14449: A double-Free vulnerability exists in the XCF image
rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image
can cause a Double-Free situation to occur. An attacker can display a
specially crafted image to trigger this vulnerability.
CVE-2017-14450: A buffer overflow vulnerability exists in the GIF image
parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image
can lead to a buffer overflow on a global section. An attacker can display
an image to trigger this vulnerability.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5fb8fbbb3e776a186731ae929244a82ea2db1878) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 30 Apr 2018 12:04:58 +0000 (14:04 +0200)]
sdl2: bump version to 2.0.8
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f26654596ecfe40963cb51ba939c00de458fa82e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libtomcrypt installs its headers by default in /usr/local/include under
the staging sysroot. This path is not in the default search patch of
some toolchains. This breaks the build of dropbear. Set the PREFIX make
variable to fix that.
While at it, split the long install command for better readability.
Eric Le Bihan [Sat, 28 Apr 2018 22:14:13 +0000 (00:14 +0200)]
support/testing: set $USER in rust tests
When the run-time tests to build rust and rust-bin packages are run via Docker,
the $USER environment variable is not set, which makes cargo fail when
initializing the test project.
So add it to make cargo happy.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 09a5eb427a6d9160e74ab56941640c02334eabf1) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jonas Zaddach [Tue, 10 Apr 2018 19:37:22 +0000 (12:37 -0700)]
package/gdb: don't remove support files if python chosen
If one wants to use GDB with python support on the target, you need the support
files installed by GDB. These get usually deleted to save some space, so I just
wrapped the Makefile code deleting them in a conditional block depending on if
python support is active or not.
Signed-off-by: Jonas Zaddach <jzaddach@cisco.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas:
- use positive logic "if python is disabled"
- put the comment inside the condition, as suggested by Arnout] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fa5ca6974d2504dccc35f43dcabcf30f076d8685) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CMake < 3.11 doesn't support add_library() without any source file
(i.e add_library(foo SHARED)). But flann CMake use a trick that use
an empty string "" as source list (i.e add_library(foo SHARED "")).
This look like a bug in CMake < 3.11.
With CMake >= 3.11, the new behaviour of add_library() break the
existing flann CMake code.
>From CMake Changelog [1]:
"add_library() and add_executable() commands can now be called without
any sources and will not complain as long as sources are added later
via the target_sources() command."
Note: flann CMake code doesn't use target_sources() since no source file
are provided intentionally since the flann shared library is created by
linking with the flann_cpp_s static library with this line:
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 062dcceed0ba0d2b1929597ad9b0393dbdb21628) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 54e210522faf7dff3e68e22bb802102f891098c8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Mon, 23 Apr 2018 19:59:54 +0000 (21:59 +0200)]
support/testing: fix Marvell ATF source code
The version of the ARM Trusted Firmware from Marvell was a Git branch,
not a Git commit, leading to unreproducible results. So let's use a
Git commit instead, which is the latest available from the branch that
was previously used.
More specifically, this branch has recently seen a fix that is needed
for ATF to build properly with recent gcc versions:
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ac260a2acec20f30705fdfd3911ff966c1f4a0df) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Mon, 23 Apr 2018 19:59:53 +0000 (21:59 +0200)]
configs/solidrun_macchiatobin_*: use a Git commit for ATF
The version of the ARM Trusted Firmware from Marvell was a Git branch,
not a Git commit, leading to unreproducible results. So let's use a
Git commit instead, which is the latest available from the branch that
was previously used.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Tested-by: Sergey Matyukevich <geomatsi@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c0f8d166214d54cedd4b3d09bccf5bb59205e301) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Mon, 23 Apr 2018 20:14:56 +0000 (22:14 +0200)]
support/testing: fix ATF Vexpress test case
This test case currently fails to build with:
./build/juno/release/bl1/context_mgmt.o: In function `cm_prepare_el3_exit':
context_mgmt.c:(.text.cm_prepare_el3_exit+0x54): undefined reference to `cm_set_next_context'
context_mgmt.c:(.text.cm_prepare_el3_exit+0x54): relocation truncated to fit: R_AARCH64_JUMP26 against undefined symbol `cm_set_next_context'
This issue has been fixed upstream in commit 10c252c14b7f446c0b49ef1aafbd5d37804577dd, available since v1.3. So
while we bump, let's bump to the latest version of ATF, v1.5.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e74a7cd1e0a85718dfc20dc4d94a5cac051d2514) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The release announcement mentions these security fixes:
Defend against Bellcore glitch attacks by verifying the results of RSA
private key operations.
Fix implementation of the truncated HMAC extension. The previous
implementation allowed an offline 2^80 brute force attack on the HMAC
key of a single, uninterrupted connection (with no resumption of the
session).
In commit 2a27294e9ade6130a12ced9a1f152c51431a870e ("grub2: force
-fno-stack-protector in CFLAGS"), a fix was made to the grub2 package
to make it build properly even when SSP support is enabled.
syslog-ng: bump version header in conf file to 3.10
Remove a runtime warning message about configuration file being too old.
Do the same as commit 3dad25466d "syslog-ng: Bump version header in conf
file to 3.9". Package version of syslog-ng is 3.10.1, so bump version
number in syslog-ng.conf to 3.10.
Also add a comment to avoid the same warning message reappears when the
package is bumped.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br> Cc: Chris Packham <judge.packham@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 905f8d814ad21af9c3fd22ececce0824cb20db80) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/wmctrl: x-includes and x-libraries must be set for cross-compiling
set x-includes and x-libraries configure option for cross-compiling.
wmctrl can use poisoned paths if these options are not passed to
configure script.
usb_modeswitch: set CXX to false when C++ is missing
Similar to the openocd fix in commit 5966e2dc54 (package/openocd: fix
fallout after no-C++ fixups) the jimctl that is bundled with
usb_modeswitch also wants to find a binary. This broke with commit 4cd1ab158 (core: alternate solution to disable C++). Revert to 'false'
instead of 'no' here as well.
qt53d: install missing QML modules, plugins and examples
Some files were missing on the first build of qt53d but added later:
- by qt5base for the plugins because it copies the whole /usr/lib/qt/plugins
directory
- by qt5declarative for the QML modules because it copies the whole
/usr/qml directory
Also, the qt53d examples were not installed if
BR2_PACKAGE_QT5BASE_EXAMPLES was set.
Signed-off-by: Romain Reignier <rom.reignier@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4fd448c9c1e3ed7ca0f09441bf8a854eb9130190) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 12 Apr 2018 11:50:09 +0000 (13:50 +0200)]
support/scripts/fix-rpath: exclude /lib/firmware in the target
The /lib/firmware directory contains random firmware for various
devices. It happens that some of them might be or appear to be ELF
files, but they shouldn't be checked by fix-rpath. For example, one of
the Qualcomm VPU firmware file appears to be an ELF file, but patchelf
isn't happy about it:
Even though patchelf definitely shouldn't crash, it anyway doesn't
make sense to check ELF files in /lib/firmware, so let's exclude this
directory from our check.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 184cb52f6d9368c333c79665080e7808c5713117) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Revert "package/bash: add /bin/bash to /etc/shells"
Commit 4d279697af added /bin/bash to /etc/shells. In the default
skeleton, however, /etc/shells doesn't exist, so in fact it creates
this file, containing only /bin/bash. Therefore, when bash is selected,
/bin/sh does not appear in /etc/shells and bash is the only shell
allowed. Since /bin/sh is the shell that is used for root in the
default skeleton's /etc/passwd, root is no longer able to log in.
The proper solution is to add all available shells to /etc/shells. For
now, however, just revert commit 4d279697af as a stop-gap measure. That
way, the default situation still works, and only people who update
/etc/passwd with additional logins but don't update /etc/shells will
suffer.
Fixes CVE-2018-1000156: arbitrary command execution in ed-style patches.
Depend on MMU for now, because the patch adds a fork() call. Upstream
later switched to gnulib provided execute(), so this dependency can be
dropped on the next version bump.
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f4a4df2084b923f29eca2130976ca10a7aa6b719) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Where _estrdup is the actual function implemented by the PHP core. If
this header file is not included, and some code uses estrdup, one ends
up with an undefined reference. This happens when libexpat support is
enabled. This commit adds a PHP patch that fixes this issue. The patch
has been submitted upstream through a Github pull request.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fc4b66dbc1b71e871129ce14b289fcda6eb3ea10) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
André Hentschel [Sat, 7 Apr 2018 12:59:03 +0000 (14:59 +0200)]
wireshark: bump version to 2.2.14 (security)
Security fixes since 2.2.12:
- wnpa-sec-2018-15
The MP4 dissector could crash. (Bug 13777)
- wnpa-sec-2018-16
The ADB dissector could crash. (Bug 14460)
- wnpa-sec-2018-17
The IEEE 802.15.4 dissector could crash. (Bug 14468)
- wnpa-sec-2018-18
The NBAP dissector could crash. (Bug 14471)
- wnpa-sec-2018-19
The VLAN dissector could crash. (Bug 14469)
- wnpa-sec-2018-20
The LWAPP dissector could crash. (Bug 14467)
- wnpa-sec-2018-23
The Kerberos dissector could crash. (Bug 14576)
- wnpa-sec-2018-05
The IEEE 802.11 dissector could crash. Bug 14442, CVE-2018-7335
- wnpa-sec-2018-06
Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors (Bug 14444), along with the DICOM (Bug 14411), DMP (Bug 14408), LLTD (Bug 14419), OpenFlow (Bug 14420), RELOAD (Bug 14445), RPCoRDMA (Bug 14449), RPKI-Router (Bug 14414), S7COMM (Bug 14423), SCCP (Bug 14413), Thread (Bug 14428), Thrift (Bug 14379), USB (Bug 14421), and WCCP (Bug 14412) dissectors were susceptible.
- wnpa-sec-2018-07
The UMTS MAC dissector could crash. Bug 14339, CVE-2018-7334
- wnpa-sec-2018-09
The FCP dissector could crash. Bug 14374, CVE-2018-7336
- wnpa-sec-2018-10
The SIGCOMP dissector could crash. Bug 14398, CVE-2018-7320
- wnpa-sec-2018-11
The pcapng file parser could crash. Bug 14403, CVE-2018-7420
- wnpa-sec-2018-12
The IPMI dissector could crash. Bug 14409, CVE-2018-7417
- wnpa-sec-2018-13
The SIGCOMP dissector could crash. Bug 14410, CVE-2018-7418
- wnpa-sec-2018-14
The NBAP disssector could crash. Bug 14443, CVE-2018-7419
Signed-off-by: André Hentschel <nerv@dawncrow.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c5c87c2bb61efb31421b345bdbf6931b882ff6a9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
board/atmel: use correct sam-ba binary in flasher.sh script
Instead of using the install of sam-ba under host/opt directly, use the symlink
created in host/bin. The side effect of doing this instead allows the correct
sam-ba binary to be used based on the host arch being 32 bit or 64 bit.
Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e1452fe8434c4613d1727034db525c0a9bbc6dfd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
projects / coffee / buildroot.git / log