Commit Graph

39615 Commits

Author SHA1 Message Date
Trent Piepho
7e811708f3 package/skeleton-init-systemd: work around for /var/lib not populating
When using a RO root with systemd, it is intended that /var/lib should be
populated at boot time by tmpfiles system mirroring it from
/usr/share/factory/var/lib.

However, this will only happen if /var/lib does not already exist at the
time systemd-tmpfiles runs.  If it does exist, then tmpfiles will
(silently) skip it and do nothing.

It turns out /var/lib will exist, because some part of systemd creates
/var/lib/systemd/catalog on boot before tmpfiles runs.

The fix used here is to also create tmpfiles entries for the contents of
/var/lib/* and /var/lib/systemd/*.  This way, when those directories
already exist, the entire tree is not skipped and instead the
not-yet-existing contents of /var/lib and /var/lib/systemd will be still
be mirrored from the factory dir.

And if /var/lib/systemd, or a prefix of that, stops getting created and
does not exist, it'll still mirror properly.

It does cause some warnings from systemd:
systemd[1]: Starting Create Volatile Files and Directories...
systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:7] Duplicate line for path "/var/lib/systemd", ignoring.
systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:8] Duplicate line for path "/var/lib/systemd/coredump", ignoring.

But they can be ignored.

IMHO, I think a better solution would be for systemd-tmpfiles to gain a
"merge tree" operation that is like "C" but doesn't abort if the
destination exists, but rather merges the source into it.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
[yann.morin.1998@free.fr: slight rework of commit title]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 20:34:10 +01:00
Fabio Estevam
59e8b056ab linux-headers: bump 4.{9, 14}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 18:36:11 +01:00
Yann E. MORIN
b1aa2148b0 core: drop no-longer used C.UTF-8 locale option
Its use has been globbed into the more generic
BR2_NEEDS_HOST_UTF8_LOCALE option now.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Julius Kriukas <julius@kriukas.lt>
Cc: Christian Stewart <kidovate@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:59:16 +01:00
Yann E. MORIN
20862443b8 package/systemd: needs any UTF-8 locale
Not all distributions have the language-agnostic C.UTF-8 locale (Gentoo,
I'm frowning at you!).

Instead, use any UTF-8 locale provided by the system.

Reported-by: Christian Stewart <kidovate@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Julius Kriukas <julius@kriukas.lt>
Cc: Christian Stewart <kidovate@gmail.com>
Cc: Trent Piepho <tpiepho@impinj.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:59:16 +01:00
Yann E. MORIN
c2a9358b6e core: find a host UTF-8 locale
Some packages really want to use an UTF-8 locale, or they break.

However, there is no guarantee that any given locale is available on a
system. For example,, while most mainstream distros (Debian and
derivatives, Fedora...) do have the generic, language-agnostic C.UTF-8
locale, Gentoo does not provide it.

So, find the first UTF-8 locale available on the system, and take any
that is available. We however do favour using the user-set current
locale, then using the language-agnostic C.UTF-8, and eventually any
random UTF-8 locale.

Note: we only need to enforce LC_ALL, because setting it implies
everything else:
    http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02

    """
    1. If the LC_ALL environment variable is defined and is not null,
    the value of LC_ALL shall be used.
    """

[Peter: use same regexp as in dependencies.sh]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:59:03 +01:00
Yann E. MORIN
9f8c7766e4 support/dependencies: unbreak check for UTF-8 locale
Although the UTF-8 locales in mainstream distributions all are suffixed
with just 'utf8', the nomenclature is a bit ambiguous with the way they
are to be specified with the various LC_* variables, suffixed there with
'UTF-8'.

Also, POSIX, ISO, and IEC do not enforce any specific suffix in LC_*
variables:
    http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02

    """
    If the locale value has the form:
        language[_territory][.codeset]

    it refers to an implementation-provided locale, where settings of
    language, territory, and codeset are implementation-defined.
    """

To avoid any confusion, use a regexp that is a bit more lax when
matching locales.

Also, quote the regexp, so that the '?' and '$' are not interpreted by
the shell.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:46:48 +01:00
Yann E. MORIN
f208cf296c package/systemd: create groups required for udevd
udevd needs extra groups for its bundled rules:

    Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'render' unknown
    Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'kvm' unknown

Add those missing groups.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Julius Kriukas <julius@kriukas.lt>
Cc: Trent Piepho <tpiepho@impinj.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:42:12 +01:00
Bernd Kuhls
63497e0260 package/tor: security bump to version 0.3.1.10
Fixes CVE-2018-0490: null-pointer crash in directory authority protocol list
code.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:01:45 +01:00
Peter Seiderer
dd95e2c331 libv4l: fix libdvbv5 musl compile
Add optional copy of TEMP_FAILURE_RETRY macro.

Fixes [1]:

  ../../lib/libdvbv5/.libs/libdvbv5.so: undefined reference to `TEMP_FAILURE_RETRY'

[1] http://autobuild.buildroot.net/results/7aea0cbb9e7fe7d9919c9be04ba4567ddcf4e15e

Patch submitted upstream:
https://www.mail-archive.com/linux-media@vger.kernel.org/msg127134.html

[Peter: add upstream submission link as suggested by Baruch]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 10:15:25 +01:00
Baruch Siach
047cec5993 dhcp: add upstream security fixes
CVE-2018-5732: The DHCP client incorrectly handled certain malformed
responses. A remote attacker could use this issue to cause the DHCP
client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated
by the dhclient AppArmor profile.

CVE-2018-5733: The DHCP server incorrectly handled reference counting. A
remote attacker could possibly use this issue to cause the DHCP server
to crash, resulting in a denial of service.

Both issues are fixed in version 4.4.1. But we are close to release, so
backport the fixes instead of bumping version.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 23:26:08 +01:00
Adam Duskett
00fc361b0a postgresql: security bump to 10.3
Helps mitigate CVE-2018-1058

see: https://www.postgresql.org/docs/current/static/release-10-3.html for more
bugfixes.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 20:15:59 +01:00
Thomas Petazzoni
11050d908d board/qemu/ppc64le-pseries: make Qemu command similar to ppc64-pseries
In particular:

 - Explicitly specify the CPU to be used, POWER8, which matches
   qemu_ppc64le_pseries_defconfig

 - Use hard disk emulation to access the root filesystem instead of an
   initrd.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 17:20:16 +01:00
Thomas Petazzoni
1b554aa849 board/qemu/ppc64le-pseries: put Qemu command on one line
This allows the toolchain building machinery used by
https://toolchains.bootlin.com to automatically re-use this Qemu
command line.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 17:19:25 +01:00
Thomas Petazzoni
62e8305358 board/qemu/ppc64le-pseries: use qemu-system-ppc64
qemu-system-ppc64le doesn't necessarily exist: it isn't installed by
Qemu, and only created as a symlink to qemu-system-ppc64 by some
distributions (Ubuntu). Other distributions (Fedora) just have
qemu-system-ppc64.

But qemu-system-ppc64 is capable of running little-endian PPC64
systems, so use this one instead.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 17:19:20 +01:00
Thomas Petazzoni
8cde7e6af9 support/dependencies/dependencies.sh: check for Python argparse module
The script support/scripts/check-uniq-files uses the argparse Python
module. In most recent Python versions (starting with 2.7), the
argparse module is part of the standard library, and we already check
for the availability of Python in
support/dependencies/dependencies.sh.

However, when running on an ancient distribution with Python 2.6, the
argparse module is not part of the Python standard library, but
available as an external module. Without this module, the build fails,
because check-uniq-files, which is used in target-finalize, fails to
run.

To avoid this failure, this commit adds a check in
support/dependencies/dependencies.sh to verify that the argparse
module is available.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 17:18:18 +01:00
Thomas Petazzoni
62fa5e17cb support/scripts/check-uniq-files: add indices in format string
Using {} in format strings is only supported in sufficiently recent
Python versions. Python 2.6 doesn't support this, and only format
strings with numbered arguments: {0}, {1}, etc.

Python 2.7:

$ python -c 'print("foo {}".format(12))'
foo 12
$ python -c 'print("foo {0}".format(12))'
foo 12

Python 2.6:

$ python -c 'print("foo {}".format(12))'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
ValueError: zero length field name in format
$ python -c 'print("foo {0}".format(12))'
foo 12

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 17:17:41 +01:00
Peter Korsgaard
63dfbca2c3 mosquitto: unbreak build with websockets and !libopenssl
Fixes:
http://autobuild.buildroot.net/results/d69/d693f3e3f1c73ccf54ac7076623e436355a9d901/b

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 17:16:42 +01:00
Ciro Santilli
8a6e30efde qemu_x86_64_defconfig: fix kernel header version after bump to 4.15
Closes #10831

Commit a952d24b9 (qemu_x86_64: use kernel 4.15) bumped the kernel version
but didn't update the kernel header series to match, causing build failures.

[Peter: reworded]
Signed-off-by: Ciro Santilli <ciro.santilli@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 08:48:14 +01:00
Romain Naour
7df3014d84 package/efl: add missing licenses
ecore_con added with efl 1.17 is under MIT license (COPYING.NGINX-MIT)
ector added with efl 1.15 is under FTL license (COPYING.FTL)

While at it, add license file hash.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-02 22:46:33 +01:00
Julius Kriukas
41569717c3 systemd: switch to C.UTF-8 locale when building
When BR2_REPRODUCIBLE is enabled or host uses non UTF-8 capable locale
building systemd fails with an error:

[1/1080] Generating systemd.bg.catalog with a meson_exe.py custom command.
FAILED: catalog/systemd.bg.catalog
/buildroot/output/host/bin/python3 /buildroot/output/host/bin/meson --internal exe /buildroot/output/build/systemd-236/build/meson-private/meson_exe_sed_232a0623cc7ce2cd67ec72ed784b76307102ed76.dat
Warning: You are using 'ANSI_X3.4-1968' which is not a Unicode-compatible locale.
You might see errors if you use UTF-8 strings as filenames, as strings, or as file contents.
Please switch to a UTF-8 locale for your platform.
...
UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 1079: ordinal not in range(128)
package/pkg-generic.mk:247: recipe for target '/buildroot/output/build/systemd-236/.stamp_built' failed
make: *** [/buildroot/output/build/systemd-236/.stamp_built] Error 1

This patch changes default host system locale from C to C.UTF-8 when
building systemd package to fix this issue. It also introduces
BR2_NEEDS_HOST_C_UTF8_LOCALE flag that checks if this locale is available on
the host system. If locale is not available error message is show and build
process is stopped.

Signed-off-by: Julius Kriukas <julius@kriukas.lt>
[Thomas: use C.UTF-8 instead of en_US.UTF-8.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-02 22:44:34 +01:00
Adrian Perez de Castro
be7be667de libepoxy: bump to version 1.5.0, add license hash
This release of Epoxy makes "0001-Forward-EGL-cflags-into-epoxy.pc.patch"
unnecessary. Other than bugfixes and a couple of functions added to the
API, this release is backwards-compatible with programs built against
the 1.4.x releases.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-02 22:22:32 +01:00
Bernd Kuhls
1fa7233fdf package/ffmpeg: fix build without pthreads
Fixes
http://autobuild.buildroot.org/results/4c7/4c77c15eaa2e44d0854cf24ab872e7b2ef83ebd6/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Acked-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-02 22:20:30 +01:00
Peter Korsgaard
6d67841bf5 mono: only available for x86/x86-64 host architectures
Fixes:

http://autobuild.buildroot.net/results/3cab7b54390feb5f952407f1e7fa49b9633a5f76/
http://autobuild.buildroot.net/results/ad9fc1f8a598d2c1ee7e6f8884f897f7b8bbb657/

And many others.

Mono needs host-mono, which fails to build on the ppc64le autobuilder.
There is unlikely to be any real use cases of people building mono on !x86,
so only make it available on x86/x86-64 hosts, similar to how it was
recently done for erlang.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-02 19:39:22 +01:00
Baruch Siach
936c0e10c1 autofs: disable for musl
autofs requires nsswitch which musl libc does not implement. Commit
873040371b (autofs: allow to use libtirpc) removed the
BR2_TOOLCHAIN_HAS_NATIVE_RPC dependency, making autofs available for
musl. Disable musl explicitly.

Fixes:
http://autobuild.buildroot.net/results/a54/a549b62fbf03474ffd8586869637d083de275091/
http://autobuild.buildroot.net/results/b32/b3276b2cbd1e1c260f8df4c3945f51ddc09d492f/
http://autobuild.buildroot.net/results/10b/10b5c5b13971214d0439b715f1a46c78a5249309/

Cc: Waldemar Brodkorb <wbx@openadk.org>
Cc: Jonathan Ben Avraham <yba@tkos.co.il>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-02 08:38:33 +01:00
Baruch Siach
9329935402 dash: fix build with musl
musl libc requires the getopt.h header for the definition of 'optreset'.

Fixes:
http://autobuild.buildroot.net/results/c23/c233ade479d6124ed7b382f2aa9859fe509d7bca/
http://autobuild.buildroot.net/results/081/0813c13c2a978316e6fa9a3cdbd5512612f5c374/
http://autobuild.buildroot.net/results/182/18230384d8225fbd7fddabfcbd685eaa38e31b31/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-02 08:36:45 +01:00
Baruch Siach
d3f24ac341 dash: fix static link with libedit
libedit is an optional dependency of dash since commit 651af57cf0
(dash: enable line editting if libedit is selected). Unfortunately, the
dash build system does not take into account the ncurses dependency of
libedit. Use pkgconf to get that right.

Fixes:
http://autobuild.buildroot.net/results/801/801e8bc06277978556a301ddf54f609169de37bb/
http://autobuild.buildroot.net/results/123/12367267735b9165afef77289460c247aaad494a/
http://autobuild.buildroot.net/results/aa7/aa7cc7315d778c15c5165ca6423257a84b957482/

Cc: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-02 07:59:27 +01:00
Bernd Kuhls
ee25f5c998 package/php: security bump to version 7.2.3
Fixes CVE 2018-7584: https://bugs.php.net/bug.php?id=75981

For details see release notes:
http://www.php.net/archive/2018.php#id2018-03-01-2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-02 07:58:29 +01:00
Bernd Kuhls
d02cbe22da package/clamav: security bump to version 0.99.4
Fixes CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-1000085 &
CVE-2018-0202.

For details see upstream announcement:
http://lists.clamav.net/pipermail/clamav-announce/2018/000029.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-02 07:58:18 +01:00
Peter Korsgaard
0bf80e4bcd uboot: ensure host includes are searched before system default includes
Commit baae5156ce (uboot: use local fdt headers) changed the uboot logic
to pass the host include directories with -idirafter instead of -I, so
include files local to u-boot would be preferred over host includes.

This unfortunately breaks configurations using
BR2_TARGET_UBOOT_NEEDS_OPENSSL on hosts with incompatible openssl headers
installed in the system default include directories as explained here:

http://lists.busybox.net/pipermail/buildroot/2018-March/214651.html

The problem is that -idirafter directories gets added to the very end of the
search order, AFTER the system default directories.

Instead use -isystem which causes the directories to be added after -I but
before the system default directories.  With this in place, the include
directories of u-boot will first be scanned, followed by the host includes
and finally the system default include directories.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-02 00:12:43 +01:00
Peter Korsgaard
3538b5fb10 qt: mark as obsolete
qt 4.x is no longer supported upstream since December 2015:

https://blog.qt.io/blog/2015/05/26/qt-4-8-7-released/

So it shouldn't be used for new projects.  Add an obsolete warning to the
package prompt to make this clear.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 23:29:18 +01:00
Bernd Kuhls
26a15ae6a6 package/busybox: bump version to 1.28.1
Added sha256 hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 23:25:40 +01:00
Baruch Siach
8304e920cb 18xx-ti-utils: new package
These are spacial RF calibration utilities for TI Wilink 18xx
modules.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 23:19:20 +01:00
Bernd Kuhls
ee8d397a25 package/nasm: bump version to 2.13.03
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 23:18:38 +01:00
Bernd Kuhls
ced7bcbb25 package/libdrm: bump version to 2.4.90
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 23:17:32 +01:00
Bernd Kuhls
0f2dbcd3c7 package/x265: bump version to 2.7
Upstream switched to nasm:
https://mailman.videolan.org/pipermail/x265-devel/2018-March/011615.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 23:16:34 +01:00
Bernd Kuhls
2682d77d1a package/libvpx: bump version to 1.7.0
Switched _SITE to github, current _SITE is broken.

The URL
https://chromium.googlesource.com/webm/libvpx/+archive/v1.7.0.tar.gz

proposed by upstream
https://storage.googleapis.com/downloads.webmproject.org/releases/webm/index.html

provides archives with different hashes for each download so we use
Github instead.

Added license hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 23:15:34 +01:00
Bernd Kuhls
3f07a64e8d package/libmicrohttpd: bump version to 0.9.59
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 23:11:23 +01:00
Peter Korsgaard
f4df4a18e5 mosquitto: security bump to version 1.4.15
Fixes CVE-2017-7651: Unauthenticated clients can send a crafted CONNECT
packet which causes large amounts of memory use in the broker.  If multiple
clients do this, an out of memory situation can occur and the system may
become unresponsive or the broker will be killed by the operating system.

The fix addresses the problem by limiting the permissible size for CONNECT
packet, and by adding a memory_limit configuration option that allows the
broker to self limit the amount of memory it uses.

The hash of new tarball is not (yet) available through download.php, so use
a locally calculated hash.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 23:03:56 +01:00
Bernd Kuhls
7c970b06ea package/dovecot: security bump to version 2.3.4
Fixes CVE-2017-15130, CVE-2017-14461 & CVE-2017-15132:
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html

Removed patch applied upstream:
a008617e81

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 21:37:38 +01:00
Peter Korsgaard
3fb7edaf98 systemd: correct README hash after bump to version 237
systemd-237 slightly changed the README, but the hash was not updated
leading to legal-info failing.  Fix it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 17:57:51 +01:00
Peter Korsgaard
7cf95a8a78 utils/scanpypi: fix 'downloas' typo in error message
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 17:14:01 +01:00
Baruch Siach
16956889f7 gnutls: bump to version 3.5.18
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 14:04:40 +01:00
Baruch Siach
e023ef540a lzip: bump to version 1.20
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 14:04:26 +01:00
Baruch Siach
b690d53467 iw: bump to version 4.14
Drop IW_MAKE_OPTS, passing the CC, LD, and LDFLAGS in the environment
via TARGET_CONFIGURE_OPTS is enough.

Add license file hash.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-28 20:45:08 +01:00
Baruch Siach
379c347390 gnupg2: bump to version 2.2.5
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-28 20:44:53 +01:00
Peter Seiderer
8778c90254 sdl2: rpi video support needs OpenGL ES
Fixes [1]:

  .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c: In function 'RPI_Create':
  .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:126:39: error: 'RPI_GLES_DefaultProfileConfig' undeclared (first use in this function); did you mean 'RPI_GLES_DeleteContext'?
       device->GL_DefaultProfileConfig = RPI_GLES_DefaultProfileConfig;
                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                                         RPI_GLES_DeleteContext
  .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:126:39: note: each undeclared identifier is reported only once for each function it appears in
  .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c: In function 'RPI_CreateWindow':
  .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:281:17: error: 'SDL_VideoDevice {aka struct SDL_VideoDevice}' has no member named 'egl_data'; did you mean 'gl_data'?
       if (!_this->egl_data) {
                   ^~~~~~~~
                   gl_data
  .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:286:10: error: 'SDL_WindowData {aka struct SDL_WindowData}' has no member named 'egl_surface'
       wdata->egl_surface = SDL_EGL_CreateSurface(_this, (NativeWindowType) &wdata->dispman_window);
            ^~
  .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:286:26: warning: implicit declaration of function 'SDL_EGL_CreateSurface'; did you mean 'SDL_Vulkan_CreateSurface'? [-Wimplicit-function-declaration]
       wdata->egl_surface = SDL_EGL_CreateSurface(_this, (NativeWindowType) &wdata->dispman_window);
                            ^~~~~~~~~~~~~~~~~~~~~
                            SDL_Vulkan_CreateSurface
  .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:288:14: error: 'SDL_WindowData {aka struct SDL_WindowData}' has no member named 'egl_surface'
       if (wdata->egl_surface == EGL_NO_SURFACE) {
                ^~

[1] http://autobuild.buildroot.net/results/9612d43b192bbb88214a11fe18f8b8da6ad10313

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-28 14:55:22 +01:00
Fabio Estevam
fcf28ee361 linux-headers: bump 4.{4, 9, 14, 15}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-28 14:54:53 +01:00
Fabio Estevam
d5b795534f linux: bump default to version 4.15.7
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-28 14:54:10 +01:00
Yann E. MORIN
e1a59357e4 package/tvheadend: disable for microblazeel
tvheadend does not build on microblazeel, because of some assertion
failure in binutils:

    [...]/microblazeel-buildroot-linux-uclibc/bin/ld: FDE encoding in [...]/lib/gcc/microblazeel-buildroot-linux-uclibc/6.4.0/libgcc.a(_divdi3.o)(.eh_frame) prevents .eh_frame_hdr table being created.
    [...]/microblazeel-buildroot-linux-uclibc/bin/ld: FDE encoding in [...]/lib/gcc/microblazeel-buildroot-linux-uclibc/6.4.0/libgcc.a(_udivdi3.o)(.eh_frame) prevents .eh_frame_hdr table being created.
    [...]/microblazeel-buildroot-linux-uclibc/bin/ld: FDE encoding in [...]/lib/gcc/microblazeel-buildroot-linux-uclibc/6.4.0/libgcc.a(_umoddi3.o)(.eh_frame) prevents .eh_frame_hdr table being created.
    [...]/microblazeel-buildroot-linux-uclibc/bin/ld: BFD (GNU Binutils) 2.29.1 assertion fail elf32-microblaze.c:1494
    [...]/microblazeel-buildroot-linux-uclibc/bin/ld: [...]/sysroot/usr/lib/Scrt1.o: probably compiled without -fPIC?
    [...]/microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: Bad value
    collect2: error: ld returned 1 exit status

Fixes:
    http://autobuild.buildroot.org/results/85475885a95f23f3dbc88e5b162108a458233bc4/
    [...]

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-28 09:15:47 +01:00
Peter Korsgaard
4de7e07e6e wavpack: add upstream security fixes
Fixes the following security issues:

CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig
function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to
cause a denial-of-service attack or possibly have unspecified other impact
via a maliciously crafted RF64 file.

CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file
of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service
(heap-based buffer over-read) or possibly overwrite the heap via a
maliciously crafted DSDIFF file.

CVE-2018-7254: The ParseCaffHeaderConfig function of the cli/caff.c file of
WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global
buffer over-read), or possibly trigger a buffer overflow or incorrect memory
allocation, via a maliciously crafted CAF file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-28 09:13:53 +01:00