Removed AUGEAS_PATCH, patch is included in version bump.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patch 0001 has been rebased.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently we have version 7.0, released July 2015. Latest upstream
release 7.1, which dates back to November 2015, causes build errors.
Therefore we bump to git HEAD, updated May 2017, which builds fine.
The package requires gcc-4.9 or later now:
2940c64283
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patch 0001 already included in this release:
438274f938
Patch 0002 already included in this release:
43bc256d8a
Patch 0003 already included in this release:
1044b43637
Patch 0004 already included in this release:
9a72a69e03
Patch 0005 already included in this release:
5c080298d5
Patch 0006 already included in this release:
48780b4fcc
Patch 0007 already included in this release:
d60332057b
Patch 0008 already included in this release:
2ea32f7372
Patch 0009 already included in this release:
8283e4d1b7
Patch 0010 already included in this release:
47f2fb61a3
Patch 0011 already included in this release:
3cfd62d77c
Patch 0012 already included in this release:
0a76a8c765
Patch 0013 already included in this release:
66e7bd5952
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Current git master version has Lua 5.3 compatibility added.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Removed self-computed sha1 hash, we already provide a sha256 hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2017-8798: Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221
through v2.0 allows remote attackers to cause a denial of service or
possibly have unspecified other impact.
For more details including a PoC, see:
https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2017-3302 - Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and
5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29,
10.1.x through 10.1.21, and 10.2.x through 10.2.3.
CVE-2017-3313 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: MyISAM). Supported versions that are affected are
5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to
exploit vulnerability allows low privileged attacker with logon to the
infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized access
to critical data or complete access to all MySQL Server accessible data.
CVE-2017-3308 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are 5.5.54
and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. While the vulnerability is
in MySQL Server, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server.
CVE-2017-3309 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily
"exploitable" vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server. While the
vulnerability is in MySQL Server, attacks may significantly impact
additional products. Successful attacks of this vulnerability can result
in unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2017-3453 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily
"exploitable" vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2017-3456 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are 5.5.54
and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2017-3464 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.5.54
and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Server accessible data.
And a number of important, but non-security related fixes:
MDEV-12602: Fixed some race conditions in InnoDB encryption
MariaDB Backup alpha introduced
Galera wsrep library updated to 25.3.20
For details, see the release notes:
https://mariadb.com/kb/en/mariadb/mariadb-10123-release-notes/
[Peter: drop COPYING.LESSER and add a reference to the bugtracker issue
explaining why]
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
- CVE-2017-9078: A double-free in the server could be triggered by an
authenticated user if dropbear is running with -a (Allow connections to
forwarded ports from any host) This could potentially allow arbitrary code
execution as root by an authenticated user. Affects versions 2013.56 to
2016.74. Thanks to Mark Shepard for reporting the crash.
- CVE-2017-9079: Dropbear parsed authorized_keys as root, even if it were a
symlink. The fix is to switch to user permissions when opening
authorized_keys.
A user could symlink their ~/.ssh/authorized_keys to a root-owned file
they couldn't normally read. If they managed to get that file to contain
valid authorized_keys with command= options it might be possible to read
other contents of that file. This information disclosure is to an already
authenticated user. Thanks to Jann Horn of Google Project Zero for
reporting this.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For details, see the release notes:
https://www.samba.org/samba/history/samba-4.5.9.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The libc-compat.h first appeared in kernel version 3.12. Trying to build a
musl toolchain using earlier headers leads to the following failure:
/bin/sed: can't read .../output/host/usr/arm-buildroot-linux-musleabi/sysroot/usr/include/linux/libc-compat.h: No such file or directory
package/pkg-generic.mk:266: recipe for target '.../output/build/toolchain/.stamp_staging_installed' failed
Don't apply the sed patch to older headers.
Reported-by: Florent Jacquet <florent.jacquet@free-electrons.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove 0001-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch as
it has been integrated upstream
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In configuration where target architecture == host architecture, and
libgpg-error is installed system-wide with development files, the build
of cppcms fails with:
/home/test/buildroot/output/host/usr/bin/x86_64-amd-linux-gnu-g++ --sysroot=/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -Wall -Wextra -DNDEBUG CMakeFiles/base64_test.dir/tests/base64_test.cpp.o -o base64_test -L/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib -Wl,-rpath,/home/test/buildroot/output/build/cppcms-1.0.5:/home/test/buildroot/output/build/cppcms-1.0.5/booster:/usr/lib -rdynamic libcppcms.so.1.0.5 booster/libbooster.so.0.0.3 -lpthread /home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libpcre.so /home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so /home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libdl.so /home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libz.so
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_err_set_errno@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpgrt_lock_init@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpgrt_lock_destroy@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_err_code_from_syserror@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_err_code_from_errno@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpgrt_lock_unlock@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_strerror@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_strsource@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpgrt_lock_lock@GPG_ERROR_1.0'
The problem comes from the
"-Wl,-rpath,/home/test/buildroot/output/build/cppcms-1.0.5:/home/test/buildroot/output/build/cppcms-1.0.5/booster:/usr/lib"
option, which tells the linker to search for libraries in /usr/lib.
This commit fixes that by asking CMake to not add any rpath when
building cppcms.
Fixes:
http://autobuild.buildroot.net/results/a7eb1ede552ae14f409cfd7bd877bcf25ca69a74/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We currently call infra.smart_open() to open log files each time we
need to write to them.
Opening the file once in the constructor of Builder and Emulator and
writing to it whenever needed is simpler and slightly more efficient.
Remove smart_open and instead create a new open_log_file() function
which just opens the logfile. Also let it compute the filename, in
order to simplify even further the Builder and Emulator code.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also fixes compile error with gcc7:
dvbdevice.c: In member function 'bool cDvbTuner::SetFrontend()':
dvbdevice.c:848:31: error: call of overloaded 'abs(unsigned int&)' is ambiguous
frequency = abs(frequency); // Allow for C-band, where the frequency is less than the LOF
^
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This is what the manpages usually do, and what Python does with the
automatically-added -h/--help parameter:
Before the change:
$ ./support/testing/run-tests
[...]
optional arguments:
-h, --help show this help message and exit
--list, -l list of available test cases
--all, -a execute all test cases
After the change:
$ ./support/testing/run-tests
[...]
optional arguments:
-h, --help show this help message and exit
-l, --list list of available test cases
-a, --all execute all test cases
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
has_broken_links makes it self-explanatory that this is a predicate
function, and that the return value tells whether there _are_ broken
links, not the opposite.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes#9871
gzip reads default command line options from the environment variable GZIP.
The fbgrab Makefile internally also uses a GZIP make variable to know what
command to use to compress the manpage. Unfortunaly make will export the
value of this make variable to the environment if GZIP is already present in
the enviroment, confusing gzip (as 'gzip' isn't a valid command line argument).
This can either be triggered by users having GZIP set in their environment
(E.G. for custom options), or by enabling BR2_REPRODUCIBLE, where we use
this feature to force the -n option (to not store name/timestamp) to gzip.
We don't really need to compress the manpage as it isn't installed anyway,
so work around the issue by only building the fbgrab application.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Previously was defined in qmi-util.h to fix musl
compatibility. It was missed that this is a shared
header which causes other dependent package builds
to fail, so the static definition was moved into the
implementation where it was used.
Upstream bug report has been updated and this resolves
the following autobuilder related failures.
http://autobuild.buildroot.net/results/fe9b6b1b1399a4e8aafc6a326c81ec97c2480025http://autobuild.buildroot.net/results/40eef797b4d8d53fc6e10f2048316d63549caf6d
test-pkg testing was performed against 10 random toolchains
++ Config snippet ++
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_PACKAGE_MODEM_MANAGER_LIBQMI=y
BR2_PACKAGE_MODEM_MANAGER=y
BR2_PACKAGE_LIBQMI=y
++ Tested Toolchains ++ (Verified I hit all libc variants)
br-arm-cortex-a9-musl
br-arm-full-static
br-m68k-68040-full (uclibc)
br-mips32r6-el-hf-glibc
br-mips64-n64-full
br-mips64r6-el-hf-glibc
br-mipsel-o32-full
br-sparc64-glibc
linaro-arm
sourcery-arm
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
rabbitmq-c currently fails to build in a number of static linking
situations, due to two issues:
- CMake FindOpenSSL module is buggy. Even though it uses pkg-config,
it doesn't use the information returned by pkg-config, and
therefore doesn't know about second order libraries that need be
part of the link for static linking to succeed. Due to this, -lz is
not passed, and therefore rabbitmq-c fails when linking against
libssl/libcrypto. This issue has been reported to upstream CMake at
https://gitlab.kitware.com/cmake/cmake/issues/16885.
- popt might use libintl, but CMake doesn't know about that. For
autotools based packages, we typically work around this by passing
LIBS=, but CMake apparently has no equivalent to LIBS=.
To workaround this, we only use the OpenSSL and Popt optional
dependencies in dynamic linking situations.
Fixes:
http://autobuild.buildroot.net/results/798dbe5e5fd0463bb2066cb115656795144c327f/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Switch to Linux kernel version 4.4.41 from the TI SDK 03.03.00.04
(TI SDK release date: 29.03.2017)
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>