Daniel Sabogal [Tue, 23 May 2017 17:19:31 +0000 (13:19 -0400)]
bash: disable bash malloc by default
Bash's malloc relies on sbrk which is implemented as a fail-only stub in
musl. Presently, it is disabled when configured for static
libs. Instead, default to using libc malloc.
Peter Korsgaard [Wed, 31 May 2017 06:47:18 +0000 (08:47 +0200)]
sudo: add upstream security patch for CVE-2017-1000367
CVE-2017-1000367 - Potential overwrite of arbitrary files on Linux
On Linux systems, sudo parses the /proc/[pid]/stat file to determine the
device number of the process's tty (field 7). The fields in the file are
space-delimited, but it is possible for the command name (field 2) to
include spaces, which sudo does not account for. A user with sudo
privileges can cause sudo to use a device number of the user's choosing by
creating a symbolic link from the sudo binary to a name that contains a
space, followed by a number.
If SELinux is enabled on the system and sudo was built with SELinux support,
a user with sudo privileges may be able to to overwrite an arbitrary file.
This can be escalated to full root access by rewriting a trusted file such
as /etc/shadow or even /etc/sudoers.
For more details, see: https://www.sudo.ws/alerts/linux_tty.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 30 May 2017 13:03:24 +0000 (15:03 +0200)]
strongswan: add upstream security patches
Fixes:
CVE-2017-9022 - RSA public keys passed to the gmp plugin aren't
validated sufficiently before attempting signature verification, so that
invalid input might lead to a floating point exception and crash of the
process. A certificate with an appropriately prepared public key sent by a
peer could be used for a denial-of-service attack.
CVE-2017-9023 - ASN.1 CHOICE types are not correctly handled by the ASN.1
parser when parsing X.509 certificates with extensions that use such types.
This could lead to infinite looping of the thread parsing a specifically
crafted certificate.
Alistair Francis [Tue, 30 May 2017 17:26:13 +0000 (10:26 -0700)]
package/xen: Backport a header include fix for makedev
maekdev() is available from sys/types.h but only due to a bug in glibc. This
is being fixed by printing an error when using makedev() from sys/types.h.
To fix the issue we should include sys/sysmacros.h for makedev(). As this
has already been fixed in upstream Xen we can backport the patch.
Romain Naour [Tue, 30 May 2017 14:53:17 +0000 (16:53 +0200)]
package/madplay: add custom libtool patch
madplay use a libtool script in version 1.5.2 but the libtool patch
"buildroot-libtool-v1.5.patch.patch" doesn't apply.
From [1]:
"It's libtool dropping -static. That's because madplay has a
weird version of libtool, on which our libtool patch doesn't apply so
we have MADPLAY_LIBTOOL_PATCH = NO. Therefore, the hack we have that
makes libtool -static behave like -all-static isn't applied, causing
this build failure."
Thomas Petazzoni [Tue, 30 May 2017 09:34:17 +0000 (11:34 +0200)]
toolchain-external: adjust musl dynamic linker symlink for mips-sf
The external toolchain code has some logic to calculate the correct name
for the dynamic linker symbolic link that needs to be created when the
musl C library is being used. There was already some handling for the
mipsel+soft-float case, but not for the mips+soft-float case. Due to
this, the symbolic link was incorrectly named, and programs were
referencing an non-existing file.
Reported-by: Florent Jacquet <florent.jacquet@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The Docker engine can optionally log to systemd-journald. For this
driver to work correctly, Docker needs to build against
systemd-journald's client library.
This patch conditionally adds a build-time dependency on systemd and
enables compiling the journald driver in docker-engine if systemd is
used as the Buildroot init process.
Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 29 May 2017 21:54:48 +0000 (23:54 +0200)]
libtasn1: security bump to version 4.12
Fixes CVE-2017-7650: Two errors in the "asn1_find_node()" function
(lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to
cause a stacked-based buffer overflow by tricking a user into processing a
specially crafted assignments file via the e.g. asn1Coding utility.
Gonçalo Salazar [Mon, 29 May 2017 21:53:41 +0000 (22:53 +0100)]
mosh: add notes to clarify runtime issues
Added notes to the mosh package help to clarify some runtime
issues related with it to ensure mosh will work properly after adding it.
This includes adding a proper LOCALE and an extra flag when using
mosh with dropbear.
Signed-off-by: Gonçalo Salazar <glbsalazar@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 29 May 2017 21:19:59 +0000 (23:19 +0200)]
mosquitto: security bump to version 1.4.12
Fixes CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set
their username/client id to ‘#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT topics that they do have the rights to.
The same issue may be present in third party authentication/access control
plugins for Mosquitto.
For more details, see:
https://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
Remove 0001-Remove-lanl-when-WITH_ADNS-is-unset.patch as that patch is now
upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Alistair Francis [Wed, 24 May 2017 20:30:29 +0000 (13:30 -0700)]
package/acpica: add host package
Add support to build the ACPICA package for the host. This is useful
for the iasl command which is required to build some packages,
including Xen tools.
This is a necessary requirement before changing the Xen package to
address:
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Acked-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas: use PREFIX= and not DESTDIR= for host installation, tweak
commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thomas Petazzoni [Mon, 29 May 2017 21:31:51 +0000 (23:31 +0200)]
ffmpeg: do not build on m68k coldfire
m68k coldfire causes ffmpeg to think atomic intrinsics are available,
so ffmpeg doesn't use its fallback on pthreads based atomic
operations. However, m68k coldfire doesn't provide properly working
sync 4 atomics, causing a build failure.
Since fixing ffmpeg on m68k coldfire is not really important (who
wants to use ffmpeg on such platform?), we simply disallow the
selection of ffmpeg on this platform.
Alternate approaches have been proposed in the past:
- Bernd Kuhls proposed in http://patchwork.ozlabs.org/patch/766909/
to add a dependency on BR2_TOOLCHAIN_HAS_SYNC_4, but this is wrong
because other architectures that lack sync 4 atomics, such as
Sparc, can build ffmpeg perfectly fine thanks to the pthreads based
fallback code.
- Waldemar Brodkorb proposed in
https://patchwork.ozlabs.org/patch/756664/ to add an explicit
option in ffmpeg configure to force the use of pthreads based
atomics. However, we believe that running ffmpeg on m68k coldfire
is such an unlikely use case that it isn't worth carrying a patch
for this.
Bernd Kuhls [Thu, 25 May 2017 16:34:43 +0000 (18:34 +0200)]
package/gnutls: disable for static build
The gnutils code uses __attribute__((constructor)) and
__attribute__((destructor)) to call constructor/desctructor when a
shared library is loaded.
Constructor/desctructor are not used when a static library is used
(except when if -Wl,--whole-archive -lgnutls -Wno-whole-archive is
used, not tested).
Even if gnutls initialization (_gnutls_global_init()) may be
called manually, the gnutls maintainer said it's not supported [1].
"Note that static linking applications with gnutls is not something
supported. gnutls relies on library constructors and destructors
which are not loaded when linking statically."
Now the gnutls script warns about static linking [2].
So disable gnutls statically by adding "depends on !BR2_STATIC_LIBS"
at Kconfig level and --disable-static in GNUTLS_CONF_OPTS.
Romain Naour [Mon, 29 May 2017 20:13:29 +0000 (22:13 +0200)]
package/google-breakpad: use PRE_CONFIGURE hooks to copy linux_syscall_support.h
As reported by Bernd [1], using POST_EXTRACT to copy
linux_syscall_support.h break the legal-info target when
google-breakpad package is selected:
/usr/bin/install: cannot stat '/home/bernd/buildroot/buildroot/output/ost/usr/i586-buildroot-linux-uclibc/sysroot/usr/include/linux_syscall_support.h': No such file or directory
This is because linux_syscall_support.h is installed by a dependency
of google-breakpad, and dependencies are only guaranteed to be
available for the configure step of a package. To fix this, we use a
PRE_CONFIGURE hook instead of POST_EXTRACT hook.
Signed-off-by: Romain Naour <romain.naour@gmail.com> Cc: Chris Frederick <chrisf@cdf123.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sun, 28 May 2017 21:37:38 +0000 (23:37 +0200)]
package/mxml: fix download URL
The project moved to github, the current download URL is broken:
$ wget -q http://www.msweet.org/files/project3/mxml-2.10.tar.gz
$ file mxml-2.10.tar.gz
mxml-2.10.tar.gz: HTML document, UTF-8 Unicode text, with very long lines
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thomas Petazzoni [Mon, 29 May 2017 07:04:29 +0000 (09:04 +0200)]
DEVELOPERS: remove Andrew Ruder
His e-mail address is bouncing:
<andrew.ruder@elecsyscorp.com>: host mx1-us1.ppe-hosted.com[67.231.154.162]
said: 550 5.7.1 <andrew.ruder@elecsyscorp.com>: Recipient address rejected:
User email address is marked as invalid. (in reply to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Romain Naour [Sat, 27 May 2017 22:51:19 +0000 (00:51 +0200)]
package/openpowerlink: use pcap-config to fix static linking with libpcap
When linking demo_mn_console statically with pcap, the CMake build
system forget to link with other libraries linked with libpcap
(-lnl-genl-3 -lnl-3 -ldbus-1 -pthread).
[100%] Linking C executable demo_mn_console
lib64/libpcap.a(pcap-linux.o): In function nl80211_init': pcap-linux.c:(.text+0x41e): undefined reference tonl_socket_alloc'
To fix this, the build system could use pcap-config:
pcap-config --libs --static
-L/path/to/sysroot/usr/lib -lpcap -L/path/to/sysroot/usr/lib/.libs
-lnl-genl-3 -lnl-3 -L/path/to/sysroot/usr/lib -ldbus-1 -pthread
Also don't use getopt() from contrib directory to avoid a clash with
libc definition.
Bernd Kuhls [Sat, 27 May 2017 11:52:37 +0000 (13:52 +0200)]
package/opencv: fix build with old glibc versions
Prior to glibc 2.18, definitions like SIZE_MAX or INT_FAST32_MAX from
<stdint.h> were only made available for C code, or in C++ if
__STDC_LIMIT_MACROS was defined.
The code from jasper uses such definitions, without defining
__STDC_LIMIT_MACROS. Unfortunately, defining __STDC_LIMIT_MACROS in
the jasper headers doesn't work, since <stdint.h> has already been
included before, at a point where __STDC_LIMIT_MACROS was not defined.
So to solve this problem, we simply pass -D__STDC_LIMIT_MACROS in
CXXFLAGS when building opencv with jasper support.
Ilias Apalodimas [Sat, 27 May 2017 12:47:47 +0000 (15:47 +0300)]
keepalived: needs headers >= 3.4
keepalived fails to build on toolchains with headers older than 3.4,
because of a namespace clash between the xt_set.h header from the
kernel and the linux_ip_set.h header installed by ipset.
Even though keepalived does check for pre-3.4 headers, the check
somehow fails to work correctly.
We fix that by making keepalived depend on headers 3.4 or later.
Alexey Brodkin [Tue, 23 May 2017 18:41:37 +0000 (21:41 +0300)]
toolchain: Bump ARC tools to arc-2017.03 release
This commit finally bumps ARC toolchain to arc-2017.03 release.
More info on this release could be found here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2017.03
Note mentioned above web-page is not yet populated but should be very soon.
As a safe fall-back interested could refer to RC2 page here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2017.03-rc2
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Dustin Johnson [Wed, 15 Mar 2017 02:24:58 +0000 (22:24 -0400)]
mono: remove copy of host etc files on install
When the mono package is installed, the autotools installer installs
the /etc/mono files to the target. A post_install hook then copies
over the mono libraries to the target as well as the host /etc/mono
files which overrides the target files. The target specific mono
configuration file (/etc/mono/config) is overridden with the host
settings. This causes mono on the target to be unable to locate target
specific .so files as it overrides the changes enacted by the patches
for the package.
Signed-off-by: Dustin Johnson <dustin.r.johnson@gmail.com> Tested-by: Angelo Compagnucci <angelo.compagnucci@gmail.com> Reviewed-by: Angelo Compagnucci <angelo.compagnucci@gmail.com> Acked-by: Angelo Compagnucci <angelo.compagnucci@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thomas Petazzoni [Fri, 19 May 2017 19:22:40 +0000 (21:22 +0200)]
libepoxy: make EGL support optional
This commit adds a patch to the libepoxy package to make the EGL
support optional, which allows libepoxy to build with a pure OpenGL
Mesa3D configuration (i.e without EGL/OpenGLES).
Baruch Siach [Mon, 22 May 2017 22:07:09 +0000 (01:07 +0300)]
toolchain: disable PIE for static build with musl
As mentioned in commit 3c93901bcd2 (toolchain: add hidden symbol for PIE
support), support for static PIE using musl requires a gcc patch[1]. Buildroot
doesn't carry this patch. Don't enable BR2_TOOLCHAIN_SUPPORTS_PIE in static
build with musl.
Peter Korsgaard [Fri, 19 May 2017 13:48:02 +0000 (15:48 +0200)]
libminiupnpc: add upstream security fix for CVE-2017-8798
CVE-2017-8798: Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221
through v2.0 allows remote attackers to cause a denial of service or
possibly have unspecified other impact.
For more details including a PoC, see:
https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ryan Coe [Mon, 8 May 2017 15:37:16 +0000 (08:37 -0700)]
mariadb: security bump to version 10.1.23
Fixes:
CVE-2017-3302 - Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and
5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29,
10.1.x through 10.1.21, and 10.2.x through 10.2.3.
CVE-2017-3313 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: MyISAM). Supported versions that are affected are
5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to
exploit vulnerability allows low privileged attacker with logon to the
infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized access
to critical data or complete access to all MySQL Server accessible data.
CVE-2017-3308 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are 5.5.54
and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. While the vulnerability is
in MySQL Server, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server.
CVE-2017-3309 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily
"exploitable" vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server. While the
vulnerability is in MySQL Server, attacks may significantly impact
additional products. Successful attacks of this vulnerability can result
in unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2017-3453 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily
"exploitable" vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2017-3456 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are 5.5.54
and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2017-3464 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.5.54
and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Server accessible data.
And a number of important, but non-security related fixes:
MDEV-12602: Fixed some race conditions in InnoDB encryption
MariaDB Backup alpha introduced
Galera wsrep library updated to 25.3.20
For details, see the release notes:
https://mariadb.com/kb/en/mariadb/mariadb-10123-release-notes/
[Peter: drop COPYING.LESSER and add a reference to the bugtracker issue
explaining why] Signed-off-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 20 May 2017 15:15:48 +0000 (17:15 +0200)]
dropbear: security bump to version 2017.75
Fixes:
- CVE-2017-9078: A double-free in the server could be triggered by an
authenticated user if dropbear is running with -a (Allow connections to
forwarded ports from any host) This could potentially allow arbitrary code
execution as root by an authenticated user. Affects versions 2013.56 to
2016.74. Thanks to Mark Shepard for reporting the crash.
- CVE-2017-9079: Dropbear parsed authorized_keys as root, even if it were a
symlink. The fix is to switch to user permissions when opening
authorized_keys.
A user could symlink their ~/.ssh/authorized_keys to a root-owned file
they couldn't normally read. If they managed to get that file to contain
valid authorized_keys with command= options it might be possible to read
other contents of that file. This information disclosure is to an already
authenticated user. Thanks to Jann Horn of Google Project Zero for
reporting this.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Fri, 19 May 2017 04:20:37 +0000 (07:20 +0300)]
toolchain: limit musl workaround to kernel headers 3.12+
The libc-compat.h first appeared in kernel version 3.12. Trying to build a
musl toolchain using earlier headers leads to the following failure:
/bin/sed: can't read .../output/host/usr/arm-buildroot-linux-musleabi/sysroot/usr/include/linux/libc-compat.h: No such file or directory
package/pkg-generic.mk:266: recipe for target '.../output/build/toolchain/.stamp_staging_installed' failed
Thomas Petazzoni [Wed, 17 May 2017 21:53:21 +0000 (23:53 +0200)]
cppcms: fix build on machines with libgpg-error installed
In configuration where target architecture == host architecture, and
libgpg-error is installed system-wide with development files, the build
of cppcms fails with:
/home/test/buildroot/output/host/usr/bin/x86_64-amd-linux-gnu-g++ --sysroot=/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -Wall -Wextra -DNDEBUG CMakeFiles/base64_test.dir/tests/base64_test.cpp.o -o base64_test -L/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib -Wl,-rpath,/home/test/buildroot/output/build/cppcms-1.0.5:/home/test/buildroot/output/build/cppcms-1.0.5/booster:/usr/lib -rdynamic libcppcms.so.1.0.5 booster/libbooster.so.0.0.3 -lpthread /home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libpcre.so /home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so /home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libdl.so /home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libz.so
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_err_set_errno@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpgrt_lock_init@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpgrt_lock_destroy@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_err_code_from_syserror@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_err_code_from_errno@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpgrt_lock_unlock@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_strerror@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_strsource@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpgrt_lock_lock@GPG_ERROR_1.0'
The problem comes from the
"-Wl,-rpath,/home/test/buildroot/output/build/cppcms-1.0.5:/home/test/buildroot/output/build/cppcms-1.0.5/booster:/usr/lib"
option, which tells the linker to search for libraries in /usr/lib.
This commit fixes that by asking CMake to not add any rpath when
building cppcms.
Luca Ceresoli [Wed, 10 May 2017 21:33:46 +0000 (23:33 +0200)]
support/testing: simplify logging by keeping the log file open
We currently call infra.smart_open() to open log files each time we
need to write to them.
Opening the file once in the constructor of Builder and Emulator and
writing to it whenever needed is simpler and slightly more efficient.
Remove smart_open and instead create a new open_log_file() function
which just opens the logfile. Also let it compute the filename, in
order to simplify even further the Builder and Emulator code.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Luca Ceresoli [Tue, 16 May 2017 20:45:31 +0000 (22:45 +0200)]
support/testing/run-tests: help: put the one-letter form before the long form
This is what the manpages usually do, and what Python does with the
automatically-added -h/--help parameter:
Before the change:
$ ./support/testing/run-tests
[...]
optional arguments:
-h, --help show this help message and exit
--list, -l list of available test cases
--all, -a execute all test cases
After the change:
$ ./support/testing/run-tests
[...]
optional arguments:
-h, --help show this help message and exit
-l, --list list of available test cases
-a, --all execute all test cases
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Luca Ceresoli [Tue, 16 May 2017 20:45:29 +0000 (22:45 +0200)]
support/testing: rename check_broken_links to has_broken_links
has_broken_links makes it self-explanatory that this is a predicate
function, and that the return value tells whether there _are_ broken
links, not the opposite.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Wed, 17 May 2017 14:52:51 +0000 (16:52 +0200)]
fbgrab: explicitly build fbgrab target to workaround gzip issue
Fixes #9871
gzip reads default command line options from the environment variable GZIP.
The fbgrab Makefile internally also uses a GZIP make variable to know what
command to use to compress the manpage. Unfortunaly make will export the
value of this make variable to the environment if GZIP is already present in
the enviroment, confusing gzip (as 'gzip' isn't a valid command line argument).
This can either be triggered by users having GZIP set in their environment
(E.G. for custom options), or by enabling BR2_REPRODUCIBLE, where we use
this feature to force the -n option (to not store name/timestamp) to gzip.
We don't really need to compress the manpage as it isn't installed anyway,
so work around the issue by only building the fbgrab application.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Matt Weber [Mon, 15 May 2017 02:26:00 +0000 (21:26 -0500)]
libqmi: move canonicalize_file_name()
Previously was defined in qmi-util.h to fix musl
compatibility. It was missed that this is a shared
header which causes other dependent package builds
to fail, so the static definition was moved into the
implementation where it was used.
Upstream bug report has been updated and this resolves
the following autobuilder related failures.
Thomas Petazzoni [Sun, 14 May 2017 21:22:42 +0000 (23:22 +0200)]
rabbitmq-c: openssl/popt sub-options don't work in static linking
rabbitmq-c currently fails to build in a number of static linking
situations, due to two issues:
- CMake FindOpenSSL module is buggy. Even though it uses pkg-config,
it doesn't use the information returned by pkg-config, and
therefore doesn't know about second order libraries that need be
part of the link for static linking to succeed. Due to this, -lz is
not passed, and therefore rabbitmq-c fails when linking against
libssl/libcrypto. This issue has been reported to upstream CMake at
https://gitlab.kitware.com/cmake/cmake/issues/16885.
- popt might use libintl, but CMake doesn't know about that. For
autotools based packages, we typically work around this by passing
LIBS=, but CMake apparently has no equivalent to LIBS=.
To workaround this, we only use the OpenSSL and Popt optional
dependencies in dynamic linking situations.
Peter Seiderer [Tue, 16 May 2017 18:52:01 +0000 (20:52 +0200)]
qt5declarative: fix examples compile without OpenGL support
Fixes [1]:
main.cpp:(.text._ZN11QQmlPrivate10createIntoI6FbItemEEvPv[_ZN11QQmlPrivate10createIntoI6FbItemEEvPv]+0x18): undefined reference to `QQuickFramebufferObject::QQuickFramebufferObject(QQuickItem*)'
.obj/main.o: In function `QQmlPrivate::QQmlElement<FbItem>::~QQmlElement()':
main.cpp:(.text._ZN11QQmlPrivate11QQmlElementI6FbItemED2Ev[_ZN11QQmlPrivate11QQmlElementI6FbItemED5Ev]+0x5c): undefined reference to `vtable for QQuickFramebufferObject'
.obj/main.o: In function `QQmlPrivate::QQmlElement<FbItem>::~QQmlElement()':
main.cpp:(.text._ZN11QQmlPrivate11QQmlElementI6FbItemED0Ev[_ZN11QQmlPrivate11QQmlElementI6FbItemED0Ev]+0x64): undefined reference to `vtable for QQuickFramebufferObject'
.obj/main.o:(.data.rel.ro._ZTVN11QQmlPrivate11QQmlElementI6FbItemEE[_ZTVN11QQmlPrivate11QQmlElementI6FbItemEE]+0x48): undefined reference to `QQuickFramebufferObject::isTextureProvider() const'
.obj/main.o:(.data.rel.ro._ZTVN11QQmlPrivate11QQmlElementI6FbItemEE[_ZTVN11QQmlPrivate11QQmlElementI6FbItemEE]+0x4c): undefined reference to `QQuickFramebufferObject::textureProvider() const'
.obj/main.o:(.data.rel.ro._ZTVN11QQmlPrivate11QQmlElementI6FbItemEE[_ZTVN11QQmlPrivate11QQmlElementI6FbItemEE]+0xb4): undefined reference to `QQuickFramebufferObject::geometryChanged(QRectF const&, QRectF const&)'
.obj/main.o:(.data.rel.ro._ZTVN11QQmlPrivate11QQmlElementI6FbItemEE[_ZTVN11QQmlPrivate11QQmlElementI6FbItemEE]+0xb8): undefined reference to `QQuickFramebufferObject::updatePaintNode(QSGNode*, QQuickItem::UpdatePaintNodeData*)'
.obj/main.o:(.data.rel.ro._ZTVN11QQmlPrivate11QQmlElementI6FbItemEE[_ZTVN11QQmlPrivate11QQmlElementI6FbItemEE]+0xbc): undefined reference to `QQuickFramebufferObject::releaseResources()'
.obj/moc_fbitem.o: In function `FbItem::qt_metacast(char const*)':
moc_fbitem.cpp:(.text+0x70): undefined reference to `QQuickFramebufferObject::qt_metacast(char const*)'
.obj/moc_fbitem.o: In function `FbItem::qt_metacall(QMetaObject::Call, int, void**)':
moc_fbitem.cpp:(.text+0x80): undefined reference to `QQuickFramebufferObject::qt_metacall(QMetaObject::Call, int, void**)'
.obj/moc_fbitem.o: In function `FbItem::~FbItem()':
moc_fbitem.cpp:(.text._ZN6FbItemD2Ev[_ZN6FbItemD5Ev]+0x38): undefined reference to `vtable for QQuickFramebufferObject'
.obj/moc_fbitem.o: In function `FbItem::~FbItem()':
moc_fbitem.cpp:(.text._ZN6FbItemD0Ev[_ZN6FbItemD0Ev]+0x40): undefined reference to `vtable for QQuickFramebufferObject'
.obj/moc_fbitem.o:(.data.rel.ro+0x8): undefined reference to `typeinfo for QQuickFramebufferObject'
.obj/moc_fbitem.o:(.data.rel.ro+0x58): undefined reference to `QQuickFramebufferObject::isTextureProvider() const'
.obj/moc_fbitem.o:(.data.rel.ro+0x5c): undefined reference to `QQuickFramebufferObject::textureProvider() const'
.obj/moc_fbitem.o:(.data.rel.ro+0xc4): undefined reference to `QQuickFramebufferObject::geometryChanged(QRectF const&, QRectF const&)'
.obj/moc_fbitem.o:(.data.rel.ro+0xc8): undefined reference to `QQuickFramebufferObject::updatePaintNode(QSGNode*, QQuickItem::UpdatePaintNodeData*)'
.obj/moc_fbitem.o:(.data.rel.ro+0xcc): undefined reference to `QQuickFramebufferObject::releaseResources()'
.obj/moc_fbitem.o:(.data.rel.ro+0xf0): undefined reference to `QQuickFramebufferObject::staticMetaObject'
Romain Naour [Sun, 14 May 2017 21:45:56 +0000 (23:45 +0200)]
package/boost: disable boost-locale for static only build with icu
Boost fails to build with the following error:
error: Tried to build the target twice, with property sets having
error: these incompatible properties:
error:
error: - <runtime-link>static <warnings>all
error: - <runtime-link>shared <warnings>on
when the following conditions are met:
- BR2_STATIC_LIBS=y
- BR2_PACKAGE_ICU=y
- BR2_PACKAGE_BOOST_LOCALE=y
- Another BR2_PACKAGE_BOOST_xyz option is enabled, which enables a
feature not provided just by header files, but that requires
building a library.
In such a situation, Boost absolutely wants to build the libboost
libraries as shared libraries. Not having boost-locale, or not having
icu is sufficient to avoid the issue.
So, as a simple work-around, we prevent from building boost-locale
when icu and static linking are used.
Thomas Petazzoni [Tue, 16 May 2017 07:38:38 +0000 (09:38 +0200)]
fxload: disable on Microblaze
gcc on Microblaze is affected by PR63261, which causes a build failure
when optimization *and* debugging symbols are enabled. Since anyway
fxload is unlikely to be useful on Microblaze, let's disable this
package on this architecture.
Peter Korsgaard [Mon, 15 May 2017 15:32:29 +0000 (17:32 +0200)]
rtmpdump: security bump to current HEAD
Fixes:
- CVE-2015-8271: The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows
remote RTMP Media servers to execute arbitrary code
https://www.talosintelligence.com/reports/TALOS-2016-0067/
- CVE-2015-8272: RTMPDump 2.4 allows remote attackers to trigger a denial of
service (NULL pointer dereference and process crash).
https://www.talosintelligence.com/reports/TALOS-2016-0068/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Mon, 15 May 2017 14:44:47 +0000 (16:44 +0200)]
git: security bump to version 2.12.3
Fixes CVE-2017-8386 - Git Shell Bypass By Abusing Less
For more details, see:
https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
http://www.mail-archive.com/git@vger.kernel.org/msg120982.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Mon, 15 May 2017 21:01:24 +0000 (23:01 +0200)]
rpcbind: add upstream security fix for CVE-2017-8779
CVE-2017-8779: rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc
through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC
data size during memory allocation for XDR strings, which allows remote
attackers to cause a denial of service (memory consumption with no
subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
For more details, see:
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
Backport upstream fix to version 0.2.3 and unconditionally include syslog.h
to fix a build issue when RPCBIND_DEBUG is disabled (which it is in
Buildroot).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This fixes the following problem:
------------------------------------>8--------------------------------
arc-linux-gcc -c -Os -fPIC iso9660.i
iso9660.c: In function 'strip_trail':
iso9660.c:155:1: error: unrecognized supposed constant
}
^
(unspec:SI [
(symbol_ref:SI ("*.LANCHOR1") [flags 0x182])
] ARC_UNSPEC_GOTOFFPC)
iso9660.c:155:1: internal compiler error: in arc_legitimate_constant_p, at config/arc/arc.c:6028
------------------------------------>8--------------------------------
Found by Buildroot autobuilder [1].
The fix [2] is in arc-2017.03 development branch of ARC GCC and once it
becomes a part the next release of ARC tools this should be removed
from Buildroot.
Thomas Petazzoni [Sun, 14 May 2017 20:06:26 +0000 (22:06 +0200)]
libv4l: add patch to link qv4l2 tool with librt
The qv4l2 tool in libv4l uses clock_gettime(), so it should link
against librt to build properly with old versions of glibc. Therefore,
we add a patch to libv4l to fix this issue. Autoreconfiguring libv4l
is now necessary since the patch touches Makefile.am.
Romain Naour [Sun, 14 May 2017 19:55:18 +0000 (21:55 +0200)]
package/bluez_utils: select BR2_PACKAGE_CHECK
Commit [1] added check package to bluez_utils dependencies without
selecting it at Kconfig level.
Fixes:
Makefile:535: *** check is in the dependency chain of bluez_utils that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in.
projects / coffee / buildroot.git / log