Fixed or improved security issues:
CVE-2016-1549 (fixed in 4.2.8p7; this release adds protection): A
malicious authenticated peer can create arbitrarily-many ephemeral
associations in order to win the clock selection algorithm
CVE-2018-7182: Buffer read overrun leads to undefined behavior and
information leak
CVE-2018-7170: Multiple authenticated ephemeral associations
CVE-2018-7184: Interleaved symmetric mode cannot recover from bad
state
CVE-2018-7185: Unauthenticated packet can reset authenticated
interleaved association
CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit
Drop patch #3. libntpq_a_CFLAGS now includes NTP_HARD_CFLAGS via
AM_CFLAGS.
Add license file hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ts4900 defconfig currently fails to build because it selects
kernel headers 4.12, but doesn't specify a kernel version, and
therefore 4.15 is built causing the following error:
Incorrect selection of kernel headers: expected 4.12.x, got 4.15.x
In commit 7c3a7d808e ("configs/ts4900:
bump kernel version to 4.12"), when this defconfig was switched from
using a vendor provided kernel to the mainline kernel, the kernel
version was no longer explicitly specified.
Since this commit indicated 4.12, and the kernel headers version
selected is also 4.12, we also use that as the fixed kernel version.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/55306955
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Wireless support ends up enabling CONFIG_SYSTEM_TRUSTED_KEYRING, which
requires openssl to be available on the host, so disable wireless
support, which isn't needed in Qemu.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ORC unwinder requires libelf to be available on the host, so use
the frame pointer unwinder instead. Using the frame pointer unwinder
is probably good enough in our default Qemu configurations.
Wireless support ends up enabling CONFIG_SYSTEM_TRUSTED_KEYRING, which
requires openssl to be available on the host, so disable wireless
support, which isn't needed in Qemu.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some Linux kernel configuration options (such as CONFIG_UNWINDER_ORC)
require building a host program that needs libelf.
Users who have libelf installed on their system won't see a problem,
but users who don't have libelf installed will get a build
failure. Therefore, this commit adds an option that allows a user to
indicate that his Linux kernel configuration requires libelf. When
this option is enabled, we add host-elfutils to the dependencies of
the linux package (host-elfutils provides the libelf library).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some Linux kernel configuration options (such as
CONFIG_SYSTEM_TRUSTED_KEYRING) require building a host program called
extract-cert, which itself needs OpenSSL.
Users having OpenSSL installed on their system won't see a problem,
but users who don't have OpenSSL installed will get a build
failure. This commit adds a new option that allows users to indicate
that their Linux configuration requires building host-openssl.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We were passing HOSTCFLAGS="$(HOSTCFLAGS)" to Linux. However:
- HOSTCFLAGS in Buildroot doesn't exist, and is empty, so this
assignment never did anything. The name of the variable in
Buildroot in HOST_CFLAGS.
- HOSTCFLAGS in Linux isn't used everywhere, and passing it overrides
the default HOSTCFLAGS value defined in the main Linux kernel
Makefile.
In addition, there is no way to pass additional host LDFLAGS in the
Linux kernel build system.
Therefore, we simply shoehorn our HOST_CFLAGS and HOST_LDFLAGS while
passing HOSTCC to the Linux kernel build system. This has been tested
to work fine with host OpenSSL and host libelf only available in
$(HOST_DIR).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This defconfig currently doesn't build with GCC6 (Linux 4.1).
https://gitlab.com/buildroot.org/buildroot/-/jobs/55306827
A maintainer w/board isn't available to make updates, so removing
this config.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the original submitter of this defconfig:
"""
I no longer have access to ci40 board. It would be difficult for me to
maintain it.
"""
And this defconfig currently fails to build with gcc 6.x. Therefore,
drop it.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/55306806
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable man pages and pdf build to avoid dependency on docbook and
dblatex.
Drop upstream patch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove also a redundant dot from description text.
Add upstream hashes, and a license file hash.
Cc: Francisco Gonzalez <gzmorell@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 1296d57918 (musl: bump to version 1.1.19) forgot to remove an
upstream patch. Do that now.
Fixes:
http://autobuild.buildroot.net/results/3ea/3ea23854c501d12aa69012df9d38d33cd10ac83c/
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
No other changes necessary, 4.15 builds and boots fine.
Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump U-Boot to version 2018.01 and kernel to 4.15.7.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This defconfig currently fails to build the Linux kernel:
https://gitlab.com/buildroot.org/buildroot/-/jobs/55306826
In addition, the U-Boot build had already been removed in commit
12c01e4a05
("configs/freescale_mpc8315erdb: remove U-Boot build"), back in
October 2016, and nobody bothered fixing it.
This defconfig was originally contributed and maintained by Gustavo
Zacarias, but he is no longer active in Buildroot, and nobody
expressed interest in this defconfig, so let's get rid of it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I would like to help maintaining the following defconfigs:
imx23evk_defconfig
imx6-sabreauto_defconfig
imx7dpico_defconfig
mx25pdk_defconfig
mx51evk_defconfig
mx53loco_defconfig
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Recent systemd bump has broken DBus dameon and DBus applications can no
longer find the daemon. So we want to catch those kind of failures
early.
We also want to check that the system as a whole is stable: no unit
should be failed.
Finally, ensure that we can read the jounrnal, even when we are doing our
tricks on read-only systems.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, we handle the factory by redirectoring /var with a symlink at
build time, and with some trickery during the filesystem generation,
depending on whether we need to remount the filesystem read-write or
not.
However, this is causing quite some pain with the latest systemd, now that
they have moved their dbus socket to /run instead of /var/run.
As such, trying to play tricks with /var/run as a symlink is difficult,
because at times it is in .usr/share/factory/var/run (during build) and
then it is in /var/run (at runtime). So a relative symlink is not
possible. But an absolute symlink is not possible either, because we are
installing out-of-tree.
Oh the joys of cross-compilation... :-)
We fix all this mess by making /var a real directory from the onset, so
that we can use the runtime-expected layout even during the build.
Then, during filesystem generation, we move /var away to the factory,
and populate it as we used to do. This still requires a post-fs hook to
restore /var after the filesystem generation.
This leaves a situation that, should the filesystem generation fails,
/var will be left in an inconsistent state. But that is not worse than
what we already had anyway.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Trent Piepho <tpiepho@impinj.com>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>