grub2 fails to configure when BR2_SSP_ALL is enabled, with the following
configure error:
checking whether -fno-asynchronous-unwind-tables works... yes
checking whether -fno-unwind-tables works... yes
checking for target linking format... unknown
configure: error: no suitable link format found
This can be worked around by enforcing -fno-stack-protector in the
package CFLAGS in a way that overrides the SSP flag, as is already done
for the valgrind package.
Fixes bug #10261.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Reported-by: Dr I J Ormshaw <ian_ormshaw@waters.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-0379: Mitigate a local side-channel attack on Curve25519
dubbed "May the Fourth be With You".
As we are close to release, don't update to the latest 1.8.1 version,
but to a maintenance release from the 1.7 branch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Mitigate a flush+reload side-channel attack on RSA secret keys
dubbed "Sliding right into disaster". For details see
<https://eprint.iacr.org/2017/627>. [CVE-2017-7526]
Switch to https site for better firewall compatibility and security.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
clock_gettime is defined locally, and calls pth_int_time, which
in turn calls clock_gettime.
The USB backend shouldn't overrule clock_gettime in the first place.
This patch fixes this endless recursion by removing the local defition.
Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit 1b974425 (MIPS: add support for M6201 cores) explained that the
new core was not supported by upstream gcc, and as of gcc-8-trunk
that's still the case.
Ditto for 3cfbeb83 (MIPS: add support for P6600 cores).
This means that we currently allow to build an internal tolchain for
those cores, yet we have no suitable gcc version.
Disable the internal backend in this case.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-12865: stack overflow in dns proxy feature.
Cc: Martin Bark <martin@barkynet.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
A lot of packages expect an egl.pc to decide that EGL is available. So,
provide one.
As suggested by Alexandre, use the one from nvidia-tegra23 as template.
Reported-by: Alexandre Maumené <alexandre@maumene.org>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Alexandre Maumené <alexandre@maumene.org>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Do not mark .service file executable, otherwise systemd
will give us a warning about it.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Do not mark .service file executable, otherwise systemd
will give us a warning about it.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Do not mark .service file executable, otherwise systemd
will give us a warning about it.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
host-vim is needed to provide the xxd tool, otherwise the build fails
with:
checking for xxd... no
configure: error: "xxd is required (provided by vim package)"
This isn't noticed by the autobuilders, presumably because all of them
have vim installed locally.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Vim contains a tool called xxd, which is needed by mediastreamer on
the host as part of its build process. Therefore, this commit
introduces a host variant for the vim package, that will be used by
mediastreamer.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In commit f837251785 ("package/libv4l:
allow build of v4l2 utilities on noMMU platforms"), Hugues Fruchet
added a bunch of patches to libv4l in order to allow the v4l utilities
to be built on noMMU platforms.
However, as part of those patches, he entirely disabled the build of
libv4l in static linking configurations, because libv4l uses
dlopen(). Unfortunately, this breaks the build of applications like
mediastreamer in static linking configurations, and generally makes
our libv4l packages a little bit awkward: you can enable it, but it
doesn't install anything (in static linking configurations).
A closer look shows that dlopen() is only used by libv4l for plugin
support, and libv4l only provides one single plugin, and its build is
already conditional. Therefore, this commit adds yet another patch to
libv4l, which re-enables the build of libv4l, but disables the
plugin-related logic when plugin support is disabled (and it was
already automatically disabled in static linking configurations).
While at it, we update the comment in libv4l.mk that lists the patches
that makes autoreconf necessary.
Fixes the build of mediastreamer:
http://autobuild.buildroot.net/results/af091cfd0508df9395778cdc796f77e95c168410/
Cc: Hugues Fruchet <hugues.fruchet@st.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Do not mark .service and .socket files executable, otherwise systemd
will give us a warning about it.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This bumps the package from 1.99.3 to 1.99.6 (stability fixes), plus a
few documentation changes and a fix for the build issue logged at [1].
[1] http://autobuild.buildroot.net/results/9ac/9acb15f955b8af31a3beeb0bd84c4b0db495e354/
Signed-off-by: Jérôme Oufella <jerome.oufella@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a patch to cc-tool that fixes the boost.m4 logic used
to detect the linker rpath option so that it works properly with
static linking and additional libraries passed in LIBS.
This is the second step to fix static linking of cc-tool on
architectures like SPARC that need to link against libatomic:
http://autobuild.buildroot.net/results/ed9f2524d0ccef318ff1bc99e5dea980111de989/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Just like -lpthread was passed in LIBS, -latomic should also be passed
in LIBS. In order for this to work, we however need to first fix
cc-tool's Makefile.am so that it does not overwrite LIBS.
This is the first part of fixing the build of cc-tool in a static
linking scenario on SPARC, i.e to fix:
http://autobuild.buildroot.net/results/ed9f2524d0ccef318ff1bc99e5dea980111de989/
The patch has been merged upstream, in
553f9c6016.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a patch to dbus-cpp to make it build with gcc 7.x.
Fixes:
http://autobuild.buildroot.net/results/07a7559c0efeeda16c239e0fa06259d4cd48c71b/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Release notes: https://mariadb.com/kb/en/mariadb-10126-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10126-changelog/
Fixes the following security vulnerabilities:
CVE-2017-3636 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client programs). Supported versions that are affected are
5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability
allows low privileged attacker with logon to the infrastructure where MySQL
Server executes to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Server accessible data as well as unauthorized read access to
a subset of MySQL Server accessible data and unauthorized ability to cause
a partial denial of service (partial DOS) of MySQL Server.
CVE-2017-3641 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily
exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause
a hang or frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2017-3653 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are
5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult
to exploit vulnerability allows low privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized update, insert or delete
access to some of MySQL Server accessible data.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
All patches continue to apply with no changes. 7.2.0 is a bugfix
release of the 7.x branch.
The only change that is not a simple bump is that the 7.2.0 tarball is
now available xz-compressed instead of bz2-compressed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libunwind configure script explicitly links libunwind against
libgcc_s. libgcc_s is only guaranteed to be available for toolchains
that supports dynamic linking: pure static linking toolchains only
have libgcc.a, not libgcc_s.so.
Therefore, let's make libunwind unavailable on toolchains that lack
dynamic linking support. We could potentially support linking with
libgcc, but switching to libgcc_s was done upstream because libgcc was
lacking some symbols on ARM
(https://lists.nongnu.org/archive/html/libunwind-devel/2014-06/msg00024.html). Even
though recent gcc versions seem to provide such symbols in libgcc.a,
having libunwind available on static linking configurations is not a
useful enough use-case to do the necessary research to find when this
issue was fixed in gcc.
Since libunwind is not used as a mandatory dependency in any package,
adding this !BR2_STATIC_LIBS dependency is trivial and nicely avoids
the problematic situation.
This fixes two different autobuilder failures:
- Gstreamer 1.x programs failing to link, because libunwind links
against libgcc_s that isn't available (static linking
configuration):
http://autobuild.buildroot.net/results/9d4fbf7167e9afce0eef5c9e0cfd42c966ecba36/
- Gmrender-resurrect, which fails to link, because GStreamer 1.x uses
some libunwind functionality, but does not take into account the
libunwind dependency in its .pc files (static linking
configuration):
http://autobuild.buildroot.net/results/0a3a2485c187a000482c178f1e9c64dd716a858f/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit is similar to 350941e31d
("python: remove target Python packages from PYTHONPATH") but for
python3.
We currently have
$(TARGET_DIR)/usr/lib/python$(PYTHON3_VERSION_MAJOR)/site-packages/
inside the PYTHON3_PATH variable, which gets used to define
PYTHONPATH, passed to the host Python interpreter when
building/installing target packages.
However, this is terribly wrong, as it causes the host interpreter to
potentially import target Python packages. This is wrong for several
reasons:
- Some Python packages might need some Python modules to be installed
on the host (described in setup_requires in setup.py), but their
installation currently works because by luck the corresponding
Python module is installed for the target. Some of those cases were
happening for real, and fixed by previous patches.
- Some Python packages include some native code, therefore built for
a specific CPU architecture. When you point the host Python
interpreter to native libraries built for the target, you get nice
build failures, such as the one affecting the python-cffi related
packages.
This change fixes the following build failures:
http://autobuild.buildroot.net/results/9005b89407e46b537a54cac6cc0c69dcac4dc5ea/
(python-cryptography)
http://autobuild.buildroot.net/results/395682d33d02fdcaa39d3c0326355bd9ea3d6feb/
(python-pynacl)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit backports three patches that are already upstream in
kvmtool fixing build warnings with musl. Those are not strictly needed
for the build to succeed, they just reduce the amount of warning
noise.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In Linux 4.12, the header <asm/msr-index.h> has been removed from the
set of headers exported to userspace. Therefore, it cannot be used by
kvmtool anymore. This commit takes the simple approach of duplicating
inside kvmtool the MSR_* definitions that were used from this
<asm/msr-index.h> header.
This fixes:
x86/kvm-cpu.c:7:27: fatal error: asm/msr-index.h: No such file or directory
#include <asm/msr-index.h>
Which is the second part of:
http://autobuild.buildroot.net/results/4459a909e735343d1cf768d30466bc3c57eca19e/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit backports an upstream patch that fixes the build of
kvmtool with musl:
In file included from builtin-balloon.c:9:0:
include/kvm/kvm.h:22:0: warning: "PAGE_SIZE" redefined
#define PAGE_SIZE (sysconf(_SC_PAGE_SIZE))
Fixes one part of:
http://autobuild.buildroot.net/results/4459a909e735343d1cf768d30466bc3c57eca19e/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
i.MX1/L boards require an old Linux kernel version to run, which is not
compatible with latest Buildroot needs.
Will fix:
https://gitlab.com/buildroot.org/buildroot/-/jobs/27873568
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
[Thomas: update .gitlab-ci.yml file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a patch to the norm package that fixes the build with
gcc 7.x. Many thanks to Romain Naour for pointing out the solution to
this C++ build problem.
Fixes:
http://autobuild.buildroot.net/results/c79dc84cdc34d62199099eb4438b1aed3e7459bb/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
[Thomas: add information that the patch has been submitted upstream
and accepted.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Our new WiFi 802.11ac BT4.1 module (BD-SDMAC [1]) driver allows to
override the wlan MAC address using a module parameter.
Since its driver is now included in our external repository [2], update
the bootscript so it sets the parameter for that driver too.
As a FYI, $wlmac is based on Ethernet MAC address located in fuses.
[1] https://boundarydevices.com/product/bd_sdmac_wifi/
[2] https://github.com/boundarydevices/buildroot-external-boundary
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since 392b0a26f5 (toolchain-external: default BR2_TOOLCHAIN_EXTERNAL_PATH
to empty), calling 'make clean' or similar can yield a spurious stderr
message:
dirname: missing operand
Try 'dirname --help' for more information.
Which is definitely baffling and unsettling...
It turns out that it is pretty trivial to reproduce, and this defconfig
is just enough:
$ cat my-defconfig
BR2_TOOLCHAIN_EXTERNAL=y
$ make BR2_DEFCONFIG=$(pwd)/my-defconfig defconfig
$ make clean
dirname: missing operand
Try 'dirname --help' for more information.
[--snip--]
This is because the cross-compiler is not found in the PATH (and for
good reasons, I don't have it in the PATH, not even at all).
So, when the cross-compiler is not found in the path, we simply
continue as if all was good, and postpone the check to much later,
when we try to copy the toolchain libs...
So, use a make construct rather than calling to the shell: $(dir ...)
does not whine if passed nothing.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
