To fix:
CVE-2013-7041 - use case sensitive comparison in pam_userdb
CVE-2014-2583 - potential path traversal issue in pam_timestamp
Also add hash file (computed, the hash files upstream cover up to 1.1.7)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2014-8142 - Use after free vulnerability in unserialize()
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2014-1569 - The definite_length_decoder function in
lib/util/quickder.c in Mozilla Network Security Services (NSS) before
3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding
of an ASN.1 length is properly formed, which allows remote attackers to
conduct data-smuggling attacks by using a long byte sequence for an
encoding.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use proper status messages, make spacing standard instead of a mix of
spacing/tabbing, drop boringly obvious comment from the header.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The CF_LIB_SONAME macro doesn't work when cross compiling so we need to
specify the lib name for libgpm explicitly. While at it make gpm support
explicit in the form of --without-gpm when it's not selected and adding
it to dependencies when it is. Fixes:
http://autobuild.buildroot.net/results/32a/32a5ba3905772a3f2f2ec9d1b290a109fe22d9f9/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When running 'make printvars', the output stops at the time we dump the
Linux related variables, with:
linux/linux.mk:109: *** Recursive variable `LINUX_TARGET_NAME'
references itself (eventually). Stop.
And that's expected, since we have:
109 LINUX_TARGET_NAME = $(LINUX_IMAGE_NAME)
[...]
112 ifeq ($(LINUX_IMAGE_NAME),)
113 LINUX_IMAGE_NAME = $(LINUX_TARGET_NAME)
114 endif
Even though they are defined in a way that ensures they are in fact not
recursively defined (the if-block ensures that), 'printvars' does dump
all our variables by evaluating all of them, which in that specific case
implies they are recursively defined.
Fix that by explicitly setting LINUX_IMAGE_NAME in each if-block.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, ncurses creates symlinks from the non-'w' variants to the
equivalent 'w' variant, but forgets to do so for pkg-config files.
To be able to share the same list between the libraries and the
pkg-config files to symlink, just trim the 'lib' prefix of libraries in
the definition, and just add it back at the time we need it.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Move the definition of libraries to install before it is actually used.
Also, in a coming changeset, it will also be used to know which
pkg-config files to symlink.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For a shared-only build, do not create the symlinks to the static
libraries, since they do not exist.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
No need to duplicate the host-pkgconf dependency on the Qt case, we
already depend on it in the general case.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In case the libgcrypt development files are present on the host system,
collectd's ./configure will mistakenly try to use them and will call the
host system's libgcrypt-config, thus leading it to use path to the host
system includes and libraries.
Fix that in two ways:
- explicitly disable libgcrypt support when libgcrypt is not enabled;
- pass the complete path to libgcrypt-config when libgcrypt is enabled.
However, collectd's configure.ac is utterly broken. The code in
configure.ac has special code to check for libgcrypt-config, and use
whatever is provided via --with-libgcrypt=/path/to/libgcrypt-config. But
that is promptly forgotten because they then call the AM_PATH_LIBGCRYPT
macro, that just does it all again from scratch, and does not use the
value previously found.
Instead, we set LIBGCRYPT_CONFIG in the environment and point it to our
own libgcrypt-config.
Should fix numerous build issues:
http://autobuild.buildroot.net/results/ad4/ad408aef5fb92fe9e031c7dbaf6999776b40ace4/http://autobuild.buildroot.net/results/967/96735bfa91bcf2e3dff89f69c0a12ed406e9efb9/
...
http://autobuild.buildroot.net/results/3bd/3bdd9bdffb1d55414787d38fc2656d7a3391a957/
...
(the first two are with the paranoid wrapper, the third one was before
the paranoid wrapper.)
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@openwide.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable run test for pthread detection.
In case of build with only static library, CMake fails to detect the
pthread library (-lpthread), so it falls back trying to link using
-pthread and execute the test program.
<snip>
[...]
-- Looking for include file pthread.h
-- Looking for include file pthread.h - found
-- Looking for pthread_create in pthreads
-- Looking for pthread_create in pthreads - not found
-- Looking for pthread_create in pthread
-- Looking for pthread_create in pthread - not found
-- Check if compiler accepts -pthread
CMake Error: TRY_RUN() invoked in cross-compiling mode, please set the following cache variables appropriately:
THREADS_PTHREAD_ARG (advanced)
For details see /home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/TryRunResults.cmake
-- Check if compiler accepts -pthread - no
-- Found Threads: TRUE
-- Udev rules not being installed, install them with -DINSTALL_UDEV_RULES=ON
-- Building with kernel driver detaching disabled, use -DDETACH_KERNEL_DRIVER=ON to enable
-- Building for version: 0.5.3 / 0.5.3
-- Using install prefix: /usr
-- Configuring incomplete, errors occurred!
See also "/home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeOutput.log".
See also "/home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeError.log".
</snip>
Here it fails because, in the CMake FindThreads.cmake file, the
'try_run' function is unconditionally called [1].
Also, the CMakeError.log gives more details why linking with -lpthread
fails:
<snip>
[...]
Run Build Command:"/usr/bin/make" "cmTryCompileExec3012181287/fast"
make[1]: Entering directory '/home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeTmp'
/usr/bin/make -f CMakeFiles/cmTryCompileExec3012181287.dir/build.make CMakeFiles/cmTryCompileExec3012181287.dir/build
make[2]: Entering directory '/home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeTmp'
/home/buildroot/instance-1/output/host/usr/bin/cmake -E cmake_progress_report /home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeTmp/CMakeFiles 1
Building C object CMakeFiles/cmTryCompileExec3012181287.dir/CheckFunctionExists.c.o
/home/buildroot/instance-1/output/host/usr/bin/arm-linux-gcc -pipe -Os -static -DCHECK_FUNCTION_EXISTS=pthread_create -o CMakeFiles/cmTryCompileExec3012181287.dir/CheckFunctionExists.c.o -c /home/buildroot/instance-1/output/host/usr/share/cmake-3.0/Modules/CheckFunctionExists.c
Linking C executable cmTryCompileExec3012181287
/home/buildroot/instance-1/output/host/usr/bin/cmake -E cmake_link_script CMakeFiles/cmTryCompileExec3012181287.dir/link.txt --verbose=1
/home/buildroot/instance-1/output/host/usr/bin/arm-linux-gcc -pipe -Os -static -DCHECK_FUNCTION_EXISTS=pthread_create -static CMakeFiles/cmTryCompileExec3012181287.dir/CheckFunctionExists.c.o -o cmTryCompileExec3012181287 -rdynamic -lpthread -Wl,-Bstatic -lusb-1.0 -Wl,-Bdynamic
/home/buildroot/instance-1/output/host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libpthread.a(init.os): In function `__pthread_initialize_minimal':
init.c:(.text+0x270): undefined reference to `__libc_setup_tls'
collect2: error: ld returned 1 exit status
CMakeFiles/cmTryCompileExec3012181287.dir/build.make:89: recipe for target 'cmTryCompileExec3012181287' failed
make[2]: *** [cmTryCompileExec3012181287] Error 1
make[2]: Leaving directory '/home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeTmp'
Makefile:118: recipe for target 'cmTryCompileExec3012181287/fast' failed
make[1]: *** [cmTryCompileExec3012181287/fast] Error 2
make[1]: Leaving directory '/home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeTmp'
Determining if compiler accepts -pthread returned PLEASE_FILL_OUT-FAILED_TO_RUN instead of 2. The compiler had the following output:
Change Dir: /home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeTmp
Run Build Command:"/usr/bin/make" "cmTryCompileExec1361818630/fast"
make[1]: Entering directory '/home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeTmp'
/usr/bin/make -f CMakeFiles/cmTryCompileExec1361818630.dir/build.make CMakeFiles/cmTryCompileExec1361818630.dir/build
make[2]: Entering directory '/home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeTmp'
/home/buildroot/instance-1/output/host/usr/bin/cmake -E cmake_progress_report /home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeTmp/CMakeFiles 1
Building C object CMakeFiles/cmTryCompileExec1361818630.dir/CheckForPthreads.c.o
/home/buildroot/instance-1/output/host/usr/bin/arm-linux-gcc -pipe -Os -static -o CMakeFiles/cmTryCompileExec1361818630.dir/CheckForPthreads.c.o -c /home/buildroot/instance-1/output/host/usr/share/cmake-3.0/Modules/CheckForPthreads.c
Linking C executable cmTryCompileExec1361818630
/home/buildroot/instance-1/output/host/usr/bin/cmake -E cmake_link_script CMakeFiles/cmTryCompileExec1361818630.dir/link.txt --verbose=1
/home/buildroot/instance-1/output/host/usr/bin/arm-linux-gcc -pipe -Os -static -static CMakeFiles/cmTryCompileExec1361818630.dir/CheckForPthreads.c.o -o cmTryCompileExec1361818630 -rdynamic -pthread
make[2]: Leaving directory '/home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeTmp'
make[1]: Leaving directory '/home/buildroot/instance-1/output/build/librtlsdr-v0.5.3/CMakeFiles/CMakeTmp'
</snip>
While falling back on -pthread is correct when using only static
libraries to get some tls-related macros defined [2,3], it is wrong to
try to run the test program in case of cross-compilation.
So, this patch only disable run test when pthread support is done using
-pthread, i.e. in case of the type of libraries is "static only".
Fixes:
http://autobuild.buildroot.org/results/26c/26cb8c2e5f867d49451f61304bf0a1a6f7b825d9/
[1] http://www.cmake.org/gitweb?p=cmake.git;a=blob;f=Modules/FindThreads.cmake;h=a0bc4d133eb3f9d3ae096f0e03e419ef7be66ce8;hb=HEAD#l84
[2] http://lists.busybox.net/pipermail/buildroot/2014-June/100690.html
[3] http://stackoverflow.com/questions/23250863/difference-between-pthread-and-lpthread-while-compiling
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Makefile is hardcoded for /usr/include/ncurses, so override it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reported-by: Romain Naour <romain.naour@openwide.fr>
Changeset f1d3e09 (Build shared libraries only as the default) broke the
nmap package.
nmap builds an internal version of libdnet, and tries to statically link
against it. Of course, this breaks for shared-only builds, since in that
case there is no static lib ever built.
Using an external libdnet is not really an option:
- libdnet comes from dnprogs, from the linux-decnet project;
unfortunately, their build-system is not amenable to
cross-compilation, and is a real pain to deal with;
- nmap's bundled libdnet is anyway heavily modified, which precludes
using an external libdnet.
Fix that by considering libdnet to be a purely internal library, and by
configuring it with --enable-static, always.
nmap's ./configure uses AC_CONFIG_SUBDIRS() to configure the libdnet
sub-directory; AC_CONFIG_SUBDIRS() calls ./configure in all the
sub-directories it is passed as arguments. Unfortunately, it is not
possible to specify extra ./configure arguments whith AC_CONFIG_SUBDIRS.
We are using an autoconf trick, which is, when configuring
sub-directories with AC_CONFIG_SUBDIRS(), it will first try to execute
configure.gnu if it exists, before it fallbacks to running plain
configure. See:
https://www.gnu.org/software/autoconf/manual/autoconf.html#Subdirectories
So, we provide a configure.gnu that is just a wrapper around the real
configure, which sole purpose is to append --enable-static when calling
the real configure.
Note1: since this libdnet is considered a purely internal library, we
also always pass --disable-shared, since it is not needed at all.
Note2: since this libdnet is considered a purely internal library, it
should not be exposed to other packages, and thus nmap does not install
it, neither in target nor in staging, neither static nor shared, which
is what we want.
[Peter: explain why post-patch hook is used]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@openwide.fr>
Acked-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the refactoring of the type of libraries in the target filesystem,
these options belong to a choice, and the default is "shared only".
The former option BR2_PREFER_STATIC_LIB has been moved in the legacy
menu, and only selects the BR2_STATIC_LIBS ("static only") option.
However, because BR2_STATIC_LIBS belongs to a choice, when
BR2_PREFER_STATIC_LIB is selected, it does not affect the choice.
So, existing Buildroot configurations, which have BR2_PREFER_STATIC_LIB
set, will silently end with BR2_SHARED_LIBS ("shared only") enabled.
So, the backward compatibility is not kept.
Besides, the legacy BR2_PREFER_STATIC_LIB option does not select
BR2_LEGACY, so the user is not notified of this legacy option, and the
build silently continues with some undesired changes.
This patch removes the inefficient BR2_STATIC_LIBS selection, correctly
selects the BR2_LEGACY option and extend the help message so the user
can easily know how to update his/her Buildroot configuration.
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>