When building with old gcc versions (such as gcc 4.3), the current
version of kmod fails with:
shared/util.c:52: error: expected identifier or '(' before 'do'
shared/util.c:52: error: expected identifier or '(' before 'while'
This is due to a use of the internal assert_cc() macro outside of a
function, while this macro is defined for old gcc versions in a way that
cannot be used outside functions.
This wasn't noticed by the autobuilders because we don't have such old
target compilers. On the host side, we have some autobuilder instances
with such old gcc versions, but host-kmod is only used by the linux
package, which is never tested by the autobuilders.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 72c77544ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The daemon service script associated with imx-uuc failed to stop the daemon
since the PID of the process wasn't stored at start time.
Adding -m option allowed to create the uuc.pid file as expected.
Signed-off-by: Alexandre Esse <alexandre.esse.dev@gmail.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 41e86cd5ca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes
sdksyms.c:311:15: error: expected expression before »,« token
(void *) &, /* ../../include/os.h:96 */
by backporting an upstream patch, sdksyms.c is generated by
hw/xfree86/sdksyms.sh which is broken when used with gcc5+.
Problem was found while testing
http://patchwork.ozlabs.org/patch/762102/
using this defconfig
BR2_TOOLCHAIN_BUILDROOT_WCHAR=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PACKAGE_XORG7=y
BR2_PACKAGE_XSERVER_XORG_SERVER=y
BR2_PACKAGE_XSERVER_XORG_SERVER_V_1_14=y
BR2_PACKAGE_XDRIVER_XF86_INPUT_TSLIB=y
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 99058b2586)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Botan compiles all PowerPC code with AltiVec support and only determines
at runtime whether the CPU even supports it. If the target CPU uses the
older SPE extensions, though, this is too late; since SPE and AltiVec
are incompatible, gcc aborts the compilation. This patch explicitly
disables AltiVec support unless BR2_POWERPC_CPU_HAS_ALTIVEC is defined
Signed-off-by: Tobias Blass <tobias.blass@rohde-schwarz.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e654839f9e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building host-gcc-initial with GCC7 on the host fails due to the
comparison of a pointer to an integer in ubsan_use_new_style_p, which
is forbidden by ISO C++:
ubsan.c:1474:23: error: ISO C++ forbids comparison between pointer and
integer [-fpermissive]
|| xloc.file == '\0' || xloc.file[0] == '\xff'
Backported from:
https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=239971
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2d57ad29b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-9217: remote DoS (daemon crash) via a crafted DNS response with
an empty question section.
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dabd28a4be)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tmux uses 256 color version of 'screen' terminfo by default, so copy
corresponding file to support that usecase.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6bd29da2b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Definition of 'dumb' terminal is required to be able to call 'top -b'
from 'procps-ng'.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f6d80896a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bash's malloc relies on sbrk which is implemented as a fail-only stub in
musl. Presently, it is disabled when configured for static
libs. Instead, default to using libc malloc.
Fixes:
# bash
bash: xmalloc: locale.c:81: cannot allocate 18 bytes (0 bytes allocated)
Signed-off-by: Daniel Sabogal <dsabogalcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
CVE-2017-1000367 - Potential overwrite of arbitrary files on Linux
On Linux systems, sudo parses the /proc/[pid]/stat file to determine the
device number of the process's tty (field 7). The fields in the file are
space-delimited, but it is possible for the command name (field 2) to
include spaces, which sudo does not account for. A user with sudo
privileges can cause sudo to use a device number of the user's choosing by
creating a symbolic link from the sudo binary to a name that contains a
space, followed by a number.
If SELinux is enabled on the system and sudo was built with SELinux support,
a user with sudo privileges may be able to to overwrite an arbitrary file.
This can be escalated to full root access by rewriting a trusted file such
as /etc/shadow or even /etc/sudoers.
For more details, see: https://www.sudo.ws/alerts/linux_tty.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2017-9022 - RSA public keys passed to the gmp plugin aren't
validated sufficiently before attempting signature verification, so that
invalid input might lead to a floating point exception and crash of the
process. A certificate with an appropriately prepared public key sent by a
peer could be used for a denial-of-service attack.
https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html
CVE-2017-9023 - ASN.1 CHOICE types are not correctly handled by the ASN.1
parser when parsing X.509 certificates with extensions that use such types.
This could lead to infinite looping of the thread parsing a specifically
crafted certificate.
https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
maekdev() is available from sys/types.h but only due to a bug in glibc. This
is being fixed by printing an error when using makedev() from sys/types.h.
To fix the issue we should include sys/sysmacros.h for makedev(). As this
has already been fixed in upstream Xen we can backport the patch.
Fixes:
http://autobuild.buildroot.net/results/552/552e66d764885341b2fe208a0e4382b5fe05ea9d/
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
madplay use a libtool script in version 1.5.2 but the libtool patch
"buildroot-libtool-v1.5.patch.patch" doesn't apply.
From [1]:
"It's libtool dropping -static. That's because madplay has a
weird version of libtool, on which our libtool patch doesn't apply so
we have MADPLAY_LIBTOOL_PATCH = NO. Therefore, the hack we have that
makes libtool -static behave like -all-static isn't applied, causing
this build failure."
Fixes:
http://autobuild.buildroot.net/results/60def1b15ea61d3cb5f50e9de3f354dd2e17d270
[1] http://lists.busybox.net/pipermail/buildroot/2017-May/192959.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The external toolchain code has some logic to calculate the correct name
for the dynamic linker symbolic link that needs to be created when the
musl C library is being used. There was already some handling for the
mipsel+soft-float case, but not for the mips+soft-float case. Due to
this, the symbolic link was incorrectly named, and programs were
referencing an non-existing file.
Reported-by: Florent Jacquet <florent.jacquet@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The Docker engine can optionally log to systemd-journald. For this
driver to work correctly, Docker needs to build against
systemd-journald's client library.
This patch conditionally adds a build-time dependency on systemd and
enables compiling the journald driver in docker-engine if systemd is
used as the Buildroot init process.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-7650: Two errors in the "asn1_find_node()" function
(lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to
cause a stacked-based buffer overflow by tricking a user into processing a
specially crafted assignments file via the e.g. asn1Coding utility.
For more details, see:
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/
Or the 1.4.11 release mail (no mail about 1.4.12, but identical to 1.4.11 +
a soname fix):
https://lists.gnu.org/archive/html/help-libtasn1/2017-05/msg00003.html
Remove 0001-configure-don-t-add-Werror-to-build-flags.patch and autoreconf
as that patch is now upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Added notes to the mosh package help to clarify some runtime
issues related with it to ensure mosh will work properly after adding it.
This includes adding a proper LOCALE and an extra flag when using
mosh with dropbear.
Signed-off-by: Gonçalo Salazar <glbsalazar@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set
their username/client id to ‘#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT topics that they do have the rights to.
The same issue may be present in third party authentication/access control
plugins for Mosquitto.
For more details, see:
https://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
Remove 0001-Remove-lanl-when-WITH_ADNS-is-unset.patch as that patch is now
upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a number of security issues: CVE-2017-7607, CVE-2017-7608,
CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613.
Rebase patches, and convert to git format.
Remove --disable-werror; unrecognized configure option.
Use upstream provided hash.
Cc: Stefan Fröberg <stefan.froberg@petroprogram.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a dependency on the host ACPICA package as Xen tools
require iasl to build.
Fixes:
http://autobuild.buildroot.net/results/afa199864d6b546fe759bb582a9c10702ea7fa78/
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Acked-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas: tweak commit log, add autobuilder reference.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add support to build the ACPICA package for the host. This is useful
for the iasl command which is required to build some packages,
including Xen tools.
This is a necessary requirement before changing the Xen package to
address:
http://autobuild.buildroot.net/results/afa199864d6b546fe759bb582a9c10702ea7fa78/
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Acked-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas: use PREFIX= and not DESTDIR= for host installation, tweak
commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
m68k coldfire causes ffmpeg to think atomic intrinsics are available,
so ffmpeg doesn't use its fallback on pthreads based atomic
operations. However, m68k coldfire doesn't provide properly working
sync 4 atomics, causing a build failure.
Since fixing ffmpeg on m68k coldfire is not really important (who
wants to use ffmpeg on such platform?), we simply disallow the
selection of ffmpeg on this platform.
Alternate approaches have been proposed in the past:
- Bernd Kuhls proposed in http://patchwork.ozlabs.org/patch/766909/
to add a dependency on BR2_TOOLCHAIN_HAS_SYNC_4, but this is wrong
because other architectures that lack sync 4 atomics, such as
Sparc, can build ffmpeg perfectly fine thanks to the pthreads based
fallback code.
- Waldemar Brodkorb proposed in
https://patchwork.ozlabs.org/patch/756664/ to add an explicit
option in ffmpeg configure to force the use of pthreads based
atomics. However, we believe that running ffmpeg on m68k coldfire
is such an unlikely use case that it isn't worth carrying a patch
for this.
Fixes:
http://autobuild.buildroot.net/results/b3e/b3eaaf6d73cd49f5919143aeaa5cbb4d15a7ccc3/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The gnutils code uses __attribute__((constructor)) and
__attribute__((destructor)) to call constructor/desctructor when a
shared library is loaded.
Constructor/desctructor are not used when a static library is used
(except when if -Wl,--whole-archive -lgnutls -Wno-whole-archive is
used, not tested).
Even if gnutls initialization (_gnutls_global_init()) may be
called manually, the gnutls maintainer said it's not supported [1].
"Note that static linking applications with gnutls is not something
supported. gnutls relies on library constructors and destructors
which are not loaded when linking statically."
Now the gnutls script warns about static linking [2].
So disable gnutls statically by adding "depends on !BR2_STATIC_LIBS"
at Kconfig level and --disable-static in GNUTLS_CONF_OPTS.
Fixes:
[taskd] http://autobuild.buildroot.net/results/c2d/c2dd5c1c9dc87d2943c15e58ee56e67d7375368c
[ffmpeg] http://autobuild.buildroot.net/results/892/8926d319d6d1cd1ee72239ad7d9ca869d2355628
[sngrep] http://autobuild.buildroot.net/results/f7f/f7fb42d3742f6f01000a0d181e0c785640284405
[1] https://gitlab.com/gnutls/gnutls/issues/203
[2] 6b74888679
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Romain: merge our two patches together
add some option comment
disable static libgnutls.a
add sngrep autobuilder reference]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: do not disable libgnutls.a]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As reported by Bernd [1], using POST_EXTRACT to copy
linux_syscall_support.h break the legal-info target when
google-breakpad package is selected:
/usr/bin/install: cannot stat '/home/bernd/buildroot/buildroot/output/ost/usr/i586-buildroot-linux-uclibc/sysroot/usr/include/linux_syscall_support.h': No such file or directory
This is because linux_syscall_support.h is installed by a dependency
of google-breakpad, and dependencies are only guaranteed to be
available for the configure step of a package. To fix this, we use a
PRE_CONFIGURE hook instead of POST_EXTRACT hook.
[1] http://lists.busybox.net/pipermail/buildroot/2017-May/192844.html
Reported-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
firejail has been marked as broken since 3ad100fdcb
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Chris Frederick <chrisf@cdf123.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also use bz2 tarball and provide md5 & sha256 hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The project moved to github, the current download URL is broken:
$ wget -q http://www.msweet.org/files/project3/mxml-2.10.tar.gz
$ file mxml-2.10.tar.gz
mxml-2.10.tar.gz: HTML document, UTF-8 Unicode text, with very long lines
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
ola does not build with current protobuf. Upstream bug report is still open.
https://github.com/OpenLightingProject/ola/issues/1192
Cc: Dave Skok <blanco.ether@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The project moved to github: http://stella.sourceforge.net/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
His e-mail address is bouncing:
<andrew.ruder@elecsyscorp.com>: host mx1-us1.ppe-hosted.com[67.231.154.162]
said: 550 5.7.1 <andrew.ruder@elecsyscorp.com>: Recipient address rejected:
User email address is marked as invalid. (in reply to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
