Add upstream patch fixing CVE-2016-2447: psk configuration parameter update
allowing arbitrary data to be written.
See http://w1.fi/security/2016-1/psk-parameter-config-update.txt for details.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
x264 uses madvise() which is not available in the bfin external toolchain.
Fixes:
http://autobuild.buildroot.net/results/837/837fd5a63d59b5c65818ec005a565cb7741a1cdd/
[Peter: Issue is specific to bfin toolchain, so only disable for that one]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a few regressions from the previous security bump.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Packages installed for the host should have their prefix set to
$(HOST_DIR)/usr, and therefore not use DESTDIR at installation time.
Using PREFIX=/usr DESTDIR=$(HOST_DIR) is wrong, and leads for example to
luajit.pc containing prefix=/usr, which means pkg-config returns
incorrect results for host-luajit.
This patch fixes the luajit package to conform to this rule.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
[Thomas: rewrite commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
These header files are required by swupdate.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Building crda with GCC 6 fails because of all compiler warnings are treated as
errors. Disable the compiler option '-Werror':
keys-gcrypt.c:94:32: error: ‘keys’ defined but not used [-Werror=unused-const-variable=]
static const struct key_params keys[] = {
^~~~
cc1: all warnings being treated as errors
Add a patch to drop '-Werror' from CFLAGS.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
GCC 6 defaults to -std=gnu++14 instead of -std=gnu++98. The C++11 standard does
not allow "narrowing conversions" which is why building fdk-aac with GCC 6
fails:
libAACenc/src/aacEnc_rom.cpp:661:1: error: narrowing conversion of '2180108801u' from 'unsigned int' to 'FIXP_DBL {aka long int}' inside { } [-Wnarrowing]
Use '-std=gnu++98' as suggested by "Porting to GCC 6" [1].
[1] https://gcc.gnu.org/gcc-6/porting_to.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It already includes the fixes for CVE-2016-3994 and CVE-2011-5326 so
drop the patches, and additionally fixes:
CVE-2016-4024 - integer overflow in imlib2, which result in insufficient
heap allocation.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Syslinux uses the host version of gcc to build to bootloader. On systems
with gcc 5.3, this results in a bootloader that hangs. This issue has
been addressed in upstream syslinux, but an official release has not
been made yet. This commit adds the upstream patch to fix the issue.
Most likely fixes bug #8866.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop patches applied upstream:
- 0001: notify: Don't use constexpr on Haiku
- 0002: notify: use "constexpr" only with glibc
Renumber remaining patches.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add hash for the toolchain sources.
Runtime tested with Qemu with qemu_mips_malta_defconfig
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Includes numerous stablity and cleanup passes by ulli-kroll.
A hash file is also added, as it was missing before.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit 519d83bfa0 adds support for GCC
6. Add an GCC 6.x option for external toolchains, too.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adds support to build barebox with an auxiliary config.
This is useful for building an SPL (Secondary Program Loader) in
addition to the traditional TPL (Tertiary Program Loader). The
Beaglebone Black for example has two barebox configurations:
- am335x_defconfig builds the full barebox bootloader with device
tree
- am335x_mlo_defconfig builds the smaller MLO bootloader that loads
the full barebox bootloader from the eMMC or SD card.
Tested with the following defconfig:
# architecture
BR2_arm=y
BR2_cortex_a8=y
BR2_ARM_EABIHF=y
# system
BR2_TARGET_GENERIC_HOSTNAME="beaglebone"
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_DEVTMPFS=y
BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW=y
# filesystem
BR2_PACKAGE_AM33X_CM3=y
BR2_TARGET_ROOTFS_EXT2=y
BR2_TARGET_ROOTFS_EXT2_4=y
# bootloader
BR2_TARGET_BAREBOX=y
BR2_TARGET_BAREBOX_BOARD_DEFCONFIG="am335x"
BR2_TARGET_BAREBOX_IMAGE_FILE="images/barebox-am33xx-beaglebone.img"
BR2_TARGET_BAREBOX_CUSTOM_ENV=y
BR2_TARGET_BAREBOX_CUSTOM_ENV_PATH="board/beaglebone/barebox/barebox.env"
BR2_TARGET_BAREBOX_AUX=y
BR2_TARGET_BAREBOX_AUX_BOARD_DEFCONFIG="am335x_mlo"
BR2_TARGET_BAREBOX_AUX_IMAGE_FILE="images/barebox-am33xx-beaglebone-mlo.img"
# kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_USE_DEFCONFIG=y
BR2_LINUX_KERNEL_DEFCONFIG="omap2plus"
BR2_LINUX_KERNEL_ZIMAGE=y
# use the barebox built-in dtb
# BR2_LINUX_KERNEL_DTS_SUPPORT is not set
Signed-off-by: Pieter Smith <pieter@boesman.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
No functional changes. In preparation for the auxiliary barebox build,
boot/barebox is split into two parts:
1. boot/barebox:
- The source and patch specification which are to be shared between the
barebox and barebox-aux packages.
- The barebox-package function and build logic.
2. boot/barebox/barebox:
- The package configuration, fragments, barebox env, etc.
- The actual barebox package make instantiation.
Signed-off-by: Pieter Smith <pieter@boesman.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also drop BR2_PACKAGE_MIDORI_HTTPS option since it's now handled in the
webkitgtk package to satisfy MiniBrowser.
This version can't work with the older webkitgtk24 engine so it switches
to the new version.
Also make gcr support conditional on x11 support for libgtk3, it doesn't
work otherwise.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add the latest 2.12.x upstream stable branch.
Both 2.4.x and 2.12.x can live side-by-side, however only the latest
stable branch/releases are security-maintained, so add it unslotted.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package allows to build the fastboot and adb host utilities,
which can be used to interact with target devices implementing one of
these protocols.
The work behind the host utilities was funded by ECA Group
<http://www.ecagroup.com>. ECA Group is the copyright owner of the
contributed code.
The package also allows to build fastboot, adb and adbd daemon for the
target.
Regarding adbd, the target is required to have the FunctionFS USB Gadget
configuration. Then the following commands enable the use of adb:
# modprobe g_ffs idVendor=0x18d1 idProduct=0x4e42 \
iSerialNumber="buildroot"
# mkdir -p /dev/usb-ffs/adb
# mount -t functionfs adb /dev/usb-ffs/adb -o uid=2000,gid=2000
# adbd &
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Tested-by: Julien Corjon <corjon.j@ecagroup.com>
[Thomas:
- update on top of master.
- fix Config.in.host prompt, it should have been "host android-tools"
and not just "android-tools".]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add support for m68k/coldfire. A gcc patch is required
to avoid gcc ICE.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The extracted toolchain sources contains a single symlink in the
aarch64-linux-gnu/libc/lib directory wich is lost during Buildroot's
staging install.
aarch64-linux-gnu/libc/lib/ld-linux-aarch64.so.1 -> ../lib64/ld-2.18.so
Add a custom post install staging and target hooks to create it
manually.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: also make the same tweak in the target.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Config can be used by other noMMU targets as qemu-system-m68k
with coldfire emulation.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Switch the invocation command to use virtio-blk and virtio-net for
better performance.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It has better performance for block and net.
Enable virgl (DRM_VIRTIO_GPU) support for 3D acceleration.
And also DRM_BOCHS for better stdvga acceleration.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It's exactly the same as the x86_64 variant so just create a symlink.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
opkg requires libarchive. This was expressed in the Config.in file with a
select, but not in the .mk file.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
If a locale directory is empty, shell code like "for langdir in
$$dir/*;" will loop once with langdir set to "path/to/dir/*", rather
than not looping at all, which would obviously be the desired
behavior.
Then "grep -qx $${langdir##*/}" ungoes two shell expansions (how?)
that transform the expression from "${langdir##*/}" to "*" to "list of
all files in buildroot root dir". Which is most certainly not what
this command was supposed to do.
If one of those files happens to be an 8GB flash image, grep consumes
all available memory and crashes trying to search it.
Signed-off-by: Trent Piepho <tpiepho@kymetacorp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>