It doesn't hurt, and is useful for removable boot media like a pendrive
that may depend on usb enumeration and isn't available immediately.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
https://travis-ci.org/buildroot/buildroot-defconfig-testing/jobs/114650744
git:// access to git.rocketboards.org has been failing for a while, and
git:// is sometimes not allowed through corporate firewalls, so change to
git-over-http instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
https://travis-ci.org/buildroot/buildroot-defconfig-testing/jobs/114650743
git:// access to git.rocketboards.org has been failing for a while, and
git:// is sometimes not allowed through corporate firewalls, so change to
git-over-http instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As recently reported on the mailing list:
http://lists.busybox.net/pipermail/buildroot/2016-February/154130.html
Our configuration options to use sha-256 / sha-512 password encoding do not
work very well with uClibc-ng as our defconfig doesn't enable support for
these encodings, breaking E.G. password login with dropbear.
Notice that it doesn't break login with the busybox login applet, as we
currently force the use of the internal busybox password handling routines
when sha-256/512 encoding is used. This workaround can afaik now be removed.
To fix this, enable support for these password encodings in our defconfig.
Do it unconditionally and not based on BR2_TARGET_GENERIC_PASSWD_* so it
also works when a Buildroot toolchain is reused as an external toolchain and
as the support code is quite small (~8KB):
-rwxr-xr-x 1 peko peko 13360 Mar 7 22:56 output/target/lib/libcrypt-1.0.12.so
-rwxr-xr-x 1 peko peko 21552 Mar 7 23:47 output-sha/target/lib/libcrypt-1.0.12.so
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-1285 - An error parsing input received by the rndc control
channel can cause an assertion failure in sexpr.c or alist.c
CVE-2016-1286 - A problem parsing resource record signatures for DNAME
resource records can lead to an assertion failure in resolver.c or db.c
CVE-2016-2088 - A response containing multiple DNS cookies causes
servers with cookie support enabled to exit with an assertion failure.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream was super reactive, and already committed a patch to fix the
build on SuperH, so we take this upstream patch in Buildroot and
re-enable fio on SuperH.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
fio doesn't build on SuperH due to arch_flags being undefined while
building the test programs. Since the fix isn't immediate, the bug was
reported upstream, and this commit disables fio on SuperH until it
gets fixed upstream.
Fixes:
http://autobuild.buildroot.net/results/578/578ae9da10d017ee9e2c15d37014f31a1114ef3a/build-end.logFixes#8751.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patch 0001-compile-fix-for-linux-header-changes.patch is removed
as it was a backport from an upstream patch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Despite the documentation and the comment in xtensa_move_literals, in
the presence of --text-section-literals and --auto-litpools literals are
moved from the separate literal sections into .init and .fini, because
the check in the xtensa_move_literals is incorrect.
This fixes build errors seen with projects that have .init/.fini and use
text-section-literals.
Backported from: 4111950f363221c4641dc2f33bea61cc94f34906
Reported-by: Waldemar Brodkorb <mail@waldemar-brodkorb.de>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016.72 - 9 March 2016
- Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
found by github.com/tintinweb. Thanks to Damien Miller for a patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A recently discussed on the mailing list:
http://lists.busybox.net/pipermail/buildroot/2016-February/154189.html
Our mdev configuration currently doesn't handle module loading. Fix that by:
- Telling mdev to run modprobe on hotplug events providing MODALIAS
- Adjust the init script to handle coldplug modalias events (E.G. modules
for which the devices were already present before mdev was added as the
hotplug handler). mdev -s should arguable handle this, but it doesn't.
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The default syslog parameters are to keep only 200-400 KiB of logs,
which is very few if there is a spammy daemon on the system, or a daemon
that fails and then spams errors that hides the original problem.
Make S01logging source a /etc/default/logging file where these
parameters can be overridden.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Jason Abele <jason@nextthing.co>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We're not trying to be minimal here, and qemu can bridge/emulate certain
usb devices, so enable the different controllers and at least usb
storage.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We're not trying to be minimal here, and qemu can bridge/emulate certain
usb devices, so enable the different controllers and at least usb
storage.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use $(SED) instead of sed.
Kill trailing whitespace in comment, and move it above the define as per
standard look.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-1950 - heap-based buffer overflow related to the parsing of
certain ASN.1 structures. An attacker could create a specially-crafted
certificate which, when parsed by NSS, would cause a crash or execution
of arbitrary code with the permissions of the user.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We have removed gcc 4.5 support since a long time, so this commit
removes dead code that was only used when building a toolchain based
on gcc 4.5.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libpjsip needs libsrtp to build, but it bundles a libsrtp version in
case one is not found during the configure step. The Buildroot policy
in such cases is to force using the external package, so forcibly
depend on libsrtp.
Adding --with-external-srtp also fixes libpjsip not correctly the
libsrtp installed in staging, which shows up with the symptom:
.../libpjmedia.so: undefined reference to `srtp_deinit'
collect2: error: ld returned 1 exit status
Fixes:
http://autobuild.buildroot.org/results/305/305fdc8442cd2e8f51b90485be0dca83ffa36603/http://autobuild.buildroot.org/results/a2f/a2f407c1361ac5c24af122445e84645e9aee309d/
...and many other similar autobuild failures.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2015-7560 - Authenticated client could cause Samba to overwrite ACLs
with incorrect owner/group.
CVE-2016-0771 - Malicious request can cause the Samba internal DNS
server to crash or unintentionally return uninitialized memory.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We do source the glibc and uClibc packages in the toolchain menu,
because they do provide user-visible options. However, we do not so
far source the musl Config.in file
However, in 822be87 (toolchain: include C libraries in legal-info),
a Config.in file for musl was explicitly created, so that:
- legal-info would work (needed at the time, probably no longer needed
nowadays),
- the appropriate packages are enabled, like netbsd-queue or kernel
headers.
Yet, we do not source musl/Config.in, which means we do not get
netbsd-queue or kernel-headers to be selected:
$ make distclean; make menuconfig
Toolchain --->
C library ---> musl
save-and-exit
$ grep BR2_PACKAGE_LINUX_HEADERS .config
[nothing]
$ grep BR2_PACKAGE_NETBSD_QUEUE .config
[nothing]
Fix that by sourcing musl/Config.in at the same place we source glibc
and uClibc.
Normally, we do have a check in place that verifies that a package
that is not enabled is not a dependency of another package that is
enabled. However, musl is only a dependency of host-gcc-final, which
is a host package and has no corresponding BR2_PACKAGE_HOST_GCC_FINAL.
Thus host-gcc-final is not in the PACKAGES variable, and thus does not
trigger our check.
Reported-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that we've got an mbedtls package in the tree we can enable the
optional support for it in libcurl.
We also remove the comment about polarssl support needing version
1.3.x. Indeed, polarssl was renamed to mbedtls when bought by ARM,
which was circa the 1.3.x polarssl release. Due to this referring to
polarssl 1.3.x doesn't make a lot of sense, and we'll probably never
package polarssl 1.3.x in Buildroot now that mbedtls replaces it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
[Thomas: slightly improve commit log as suggested by Luca, using
explanations from Gustavo.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Install package in staging directory, so that this package can be
linked together with other packages (for example collectd and its
onewire plugin).
Signed-off-by: Roland Franke <fli4l@franke-prem.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>