powerpc-utils changed upstream git repositories again.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1b383e4bf4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Prevent out-of-bounds write in codebook decoding.
Codebooks that are not an exact divisor of the partition size are now
truncated to fit within the partition.
Upstream has migrated from subversion to git, so change to git and bump the
version to include the fix for CVE-2018-5146.
While we're at it, also add a hash file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 80266c9505)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ninja understands the `-j` option which defines how many jobs are
run in parallel.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f7479b538a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
Use after free when server is disconnected during netsplits. Incomplete fix
of CVE-2017-7191. Found by Joseph Bisch. (CWE-416, CWE-825) -
CVE-2018-7054 [2] was assigned to this issue.
Use after free when SASL messages are received in unexpected order. Found
by Joseph Bisch. (CWE-416, CWE-691) - CVE-2018-7053 [3] was assigned to
this issue.
Null pointer dereference when an “empty” nick has been observed by Irssi.
Found by Joseph Bisch. (CWE-476, CWE-475) - CVE-2018-7050 [4] was assigned
to this issue.
When the number of windows exceed the available space, Irssi would crash due
to Null pointer dereference. Found by Joseph Bisch. (CWE-690) -
CVE-2018-7052 [5] was assigned to this issue.
Certain nick names could result in out of bounds access when printing theme
strings. Found by Oss-Fuzz. (CWE-126) - CVE-2018-7051 [6] was assigned to
this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 181ef8a1d0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As part of the build, we run some instrumentation hooks to gather
statistics about the usage of the target/, staging/ and host/
directories, so that we can generate reports for the user, that
shows:
- for each file, what package installed it,
- for each package,the size that it installed.
In so doing, we run a double md5 pass on all files of the affected
directories (before/after installation). These passes were mostly invisible
when we were only scanning target/, but has greatly increased in time now
that we also scan staging/ and host/ (but only in the corresponding _CMDS,
of course).
This md5 was mostly aimed at catching packages that would "cheat" with
mtime/atime/ctime somehow. They can't really cheat on md5, though [0].
Timings however speak for themselves, with this defconfig (slightly
biggish-but-still-manageable build) [1].
host/ 20965 files 1.2GiB
staging/ 4715 files 333MiB
target/ 1801 files 44MiB
All instrumentation steps, using md5: 19min 27s
All instrumentation steps, using mtime: 14min 45s
No instrumentation step at all: 14min 31s
So, using mtime is an almost-5min improvement, i.e. about 25% faster,
while removing all instrumentation steps does not gain that much more...
So, we switch to using mtime, because in the end that's still good-enough
for our use-case: generating some graphs. It is not mission-critical, and
if a graph is slightly off, that's not a biggy. It can anyway be attributed
to a broken package's buildsystem, which should get fixed.
However, we lose the ability to track directories. Non-empty directories
can be tracked back by a bit of scripting, but empty directories are
simply not caught. If we were to also look for directories using mtime,
we would catch parents of installed files:
- /foo/bar/ exists
- a package installs /foo/bar/buz
- mtime of /foo/bar/ is changed to account for the new file in it.
So we do not track directories at all, and we lose empty directories.
The existing tracking was mostly happenstance, with the original
submission and comments not really accounting for a real use-case.
Now, we also change the way we handle symlinks. Previously, we would
hash the file pointed to by the symlink. Now, we only look at the mtime
of the symlink itself, which still detects modifications.
Eventually, this also means that we now no longer need to establish a
list before the install step; we can now simply run after the install
step, finding any files newer than the build stamp.
[0] Yeah, md5 is very weak, but we're not guarding against malicious
attacks, just about careless modifications.
[1] defconfig used for tests:
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_INIT_SYSTEMD=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_ETNAVIV=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_VC4=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_VIRGL=y
BR2_PACKAGE_MESA3D_DRI_DRIVER_SWRAST=y
BR2_PACKAGE_MESA3D_OSMESA=y
BR2_PACKAGE_MESA3D_OPENGL_ES=y
BR2_PACKAGE_SYSTEMD_JOURNAL_GATEWAY=y
BR2_PACKAGE_SYSTEMD_BACKLIGHT=y
BR2_PACKAGE_SYSTEMD_BINFMT=y
BR2_PACKAGE_SYSTEMD_COREDUMP=y
BR2_PACKAGE_SYSTEMD_FIRSTBOOT=y
BR2_PACKAGE_SYSTEMD_HIBERNATE=y
BR2_PACKAGE_SYSTEMD_IMPORTD=y
BR2_PACKAGE_SYSTEMD_LOCALED=y
BR2_PACKAGE_SYSTEMD_LOGIND=y
BR2_PACKAGE_SYSTEMD_MACHINED=y
BR2_PACKAGE_SYSTEMD_POLKIT=y
BR2_PACKAGE_SYSTEMD_QUOTACHECK=y
BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
BR2_PACKAGE_SYSTEMD_RFKILL=y
BR2_PACKAGE_SYSTEMD_SMACK_SUPPORT=y
BR2_PACKAGE_SYSTEMD_SYSUSERS=y
BR2_PACKAGE_SYSTEMD_VCONSOLE=y
[Peter: tweak commit message, use find -type l]
Reported-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Trent Piepho <tpiepho@impinj.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7fb6e78254)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-5146: Prevent out-of-bounds write in codebook decoding.
Drop 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch and
0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch as they are
now upstream, and add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eca03d6774)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--disable-rpath was added by m4/lib-link.m4 with autotools based
buildsystem. Now we use meson, we don't have such option anymore.
The autotools eet-eet and eldbus_codegen options are named respectively
eet and eldbus-codegen with meson.
Fixes:
WARNING: Unknown command line options: "eet-eet, eldbus_codegen, rpath"
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b582d137a1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2018-1000120: curl could be fooled into writing a zero byte out of
bounds when curl is told to work on an FTP URL with the setting to only
issue a single CWD command, if the directory part of the URL contains a
"%00" sequence.
https://curl.haxx.se/docs/adv_2018-9cd6.html
CVE-2018-1000121: curl might dereference a near-NULL address when
getting an LDAP URL.
https://curl.haxx.se/docs/adv_2018-97a2.html
CVE-2018-1000122: When asked to transfer an RTSP URL, curl could
calculate a wrong data length to copy from the read buffer.
https://curl.haxx.se/docs/adv_2018-b047.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf3476e5b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Recently a build failure was reported which was traced back to to the fact
that the user had a TOOLCHAIN_VERSION environment variable set which leads
to a strange looking error message:
toolchain/toolchain/toolchain.mk:40: *** TOOLCHAIN_SITE cannot be empty when
TOOLCHAIN_SOURCE is not. Stop.
Environment variables automatically gets converted to make variables by GNU
make - E.G. from the manual
(https://www.gnu.org/software/make/manual/html_node/Environment.html):
Variables in make can come from the environment in which make is run. Every
environment variable that make sees when it starts up is transformed into a
make variable with the same name and value
So we end up in make with TOOLCHAIN_VERSION set to the value of the
environment variable. As virtual packages do not have a version, there is
no explicit TOOLCHAIN_VERSION = .. line in toolchain.mk overriding this
value, and the logic in package/pkg-generic.mk sets a default value for
TOOLCHAIN_SOURCE when TOOLCHAIN_VERSION is set, and finally errors out as
TOOLCHAIN_SITE isn't set.
As a workaround, explicitly set <pkg>_VERSION and <pkg>_SOURCE to the empty
string in the virtual package infrastructure.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 32d2de2a6f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following vulnerabilities:
- CVE-2018-1000098: Crash when parsing SDP with an invalid media format
description
- CVE-2018-1000099: Crash when receiving SDP with invalid fmtp attribute
[Peter: add CVE info]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ed0d9d6f36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2018-1050: Vulnerability to a denial of service attack when the RPC
spoolss service is configured to be run as an external daemon.
https://www.samba.org/samba/security/CVE-2018-1050.html
CVE-2018-1057: Authenticated users might change any other users'
passwords, including administrative users and privileged service
accounts (eg Domain Controllers).
https://www.samba.org/samba/security/CVE-2018-1057.html
Add clnt_create() test result to cache to fix cross configure breakage.
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4027564343)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host shared libraries produced by CMake were missing a proper
DT_RPATH. That became a problem because the DT_RPATH handling is not
transitive by design.
Consider the following scenario:
- pkg-a provides a library (`liba`) which links to `libpcre`
- pkg-b provides a binary (`foo`) and a shared library (`libb`) which is
needed by that binary
- `libb` links to `liba`
- pkg-a and pkg-b are both built by CMake
In this scenario, `foo` is correctly marked with DT_RPATH pointing to
host/lib/, but that path is not used when (recursively) resolving PCRE's
symbols in `liba`. When attempting to run the `foo` binary, the linker
correctly finds both `liba` and `libb`, but it cannot find the
libpcre.so as built by Buildroot for host.
Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7d43534625)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4a646da628)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 103855a2e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2d2dbca68b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The change in commit bf73334232 only works
for newer uboot source trees. Add a check that scripts/dtc/libfdt
directory exists before making this change.
[Peter: add comment explaining why]
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f437bf547c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
docker-proxy is needed by docker-engine at runtime, and was
previously not included. This leads to the following error
when attempting to port-map ports to a container:
$ docker run -p 8080:8080 nginx
docker: Error response from daemon: driver failed programming external
connectivity on endpoint:
exec: "docker-proxy": executable file not found in $PATH.
Docker expects the docker-proxy binary to exist in the PATH.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8d125cd9f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add docker-proxy package to Buildroot. Needed by docker-engine at
runtime, and previously not included. This leads to the following error
when attempting to port-map ports to a container:
$ docker run -p 8080:8080 nginx
docker: Error response from daemon: driver failed programming external
connectivity on endpoint:
exec: "docker-proxy": executable file not found in $PATH.
Docker expects the docker-proxy binary to exist in the PATH.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8175041003)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a new entry for myself listing the TS-5500 board directory and
defconfig file.
Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 79586d2ed5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Rename the confusing and misleading ts5x00 directory to a real reference
platform name, ts5500. The readme.txt file already states the support
for both TS-5500 and TS-5400 platforms.
Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9f17540b17)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump the 3.17 kernel used for the Technologic Systems TS-5500 platform
to the latest LTS kernel 4.14.
This fixes the ts5x00_defconfig build with GCC 6.x.
The linux-3.17.config file has been renamed to linux-4.14.config to
match the new kernel version, and its changes are the result of make
linux-update-defconfig. However only comments are affected.
Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6461d76992)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
U-Boot host programs fail to build when libfdt-devel is installed
system-wide, with errors like this:
HOSTCC tools/aisimage.o
In file included from tools/../include/../lib/libfdt/libfdt.h:10:0,
from tools/../include/libfdt.h:1,
from tools/fdt_host.h:11,
from tools/imagetool.h:24,
from tools/aisimage.c:8:
/usr/include/libfdt_env.h:70:30: error: conflicting types for ‘fdt64_t’
typedef uint64_t FDT_BITWISE fdt64_t;
^~~~~~~
In file included from <command-line>:0:0:
././include/libfdt_env.h:19:16: note: previous declaration of ‘fdt64_t’ was here
typedef __be64 fdt64_t;
^~~~~~~
In file included from ././include/libfdt_env.h:12:0,
from <command-line>:0:
/usr/include/libfdt_env.h:90:24: error: expected ‘)’ before ‘x’
static inline uint32_t fdt32_to_cpu(fdt32_t x)
^
This commit backports an upstream patch that fixes this problem.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1cbfc94c5a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When libfdt-devel is installed system-wide, the build of U-Boot host
programs currently fails with lots of:
HOSTCC tools/aisimage.o
In file included from tools/../include/../lib/libfdt/libfdt.h:10:0,
from tools/../include/libfdt.h:1,
from tools/fdt_host.h:11,
from tools/imagetool.h:24,
from tools/aisimage.c:8:
/usr/include/libfdt_env.h:70:30: error: conflicting types for ‘fdt64_t’
typedef uint64_t FDT_BITWISE fdt64_t;
^~~~~~~
In file included from <command-line>:0:0:
././include/libfdt_env.h:19:16: note: previous declaration of ‘fdt64_t’ was here
typedef __be64 fdt64_t;
^~~~~~~
In file included from ././include/libfdt_env.h:12:0,
from <command-line>:0:
/usr/include/libfdt_env.h:90:24: error: expected ‘)’ before ‘x’
static inline uint32_t fdt32_to_cpu(fdt32_t x)
^
This commit adds a fixup in the U-Boot code to fix this problem. The
fixup is equivalent to applying upstream commit
http://git.denx.de/?p=u-boot.git;a=commitdiff;h=e0d20dc1521e74b82dbd69be53a048847798a90a,
but we can't use a patch for the uboot package, since people are using
arbitrary versions.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf73334232)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport of the functools module from Python 3.2.3 for use on 2.7 and PyPy.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 146b8d31ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See https://nodejs.org/en/blog/release/v8.10.0/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit df33aae5f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This defconfig fails to build with gcc 6.x, even though we switched to
using gcc 6.x as the default gcc version in May 2017.
This defconfig also hasn't seen any non-mechanical update since
November 2015.
So it's time to get rid of it, in order to remove the following build
failure:
https://gitlab.com/buildroot.org/buildroot/-/jobs/55306938
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f124c2f076)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patch description was missing Upstream-Status tag. It was given in the
commit which added this patch but not in the patch itself as should be.
Signed-off-by tag accidentally didn't follow the usual format.
Signed-off-by: Timo Ketola <timo.ketola@exertus.fi>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1a0b4b2be2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Daniel's address is bouncing and my touch on fbgrab is now the most
recent one.
Signed-off-by: Timo Ketola <timo.ketola@exertus.fi>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8ea3dd2d62)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When verbosive, fbgrab reports pixel format. Green and blue offset and
msb_right fields are accidentally swapped there. This commit adds a patch
which straightens them up.
Upstream-Status: Submitted [Gunnar Monell <gmo@linux.nu>]
Signed-off-by: Timo Ketola <timo.ketola@exertus.fi>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5be0b3440e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using a merged /usr, the kernel module path is really
/usr/lib/modules, as /lib is a symlink to usr/lib .
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1b9a57442d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some packages (mostly, out-of-tree) may want to install binary blobs for
another architecture, outside the locations we currently exclude, like
in /opt or whatever...
Add support in check-bin-arch to accept any arbitrary location, that
individual package can each request to excude from the check, when they
are installed.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 01d90f0d09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This defconfig fails to build with gcc 6.x, even though we switched to
using gcc 6.x as the default gcc version in May 2017.
It hasn't been updated since April 2017, and the original submitter,
Fabio Porcedda said:
Unfortunately a newer kernel doesn't boot and I don't have the time
to fix the issue. If having a defconfig that doesn't build on gcc
6.x is unacceptable feel free to remove it.
So, let's get rid of this defconfig, which will remove the following
build error:
https://gitlab.com/buildroot.org/buildroot/-/jobs/55306952
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 13fb1c4912)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
