Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The build fails when the host binutils isn't at least 2.23
(2.22.x introduced RDSEED).
The host toolchain is used for x86_64 target builds where
we need to do a 32bit build. Most other buildroot builds
are using a much newer binutils unless it's a external
older toolchain.
Fixes:
http://autobuild.buildroot.net/results/c39/c3987a3cbd2960b0ff50f872636bdfd8d1a9c820/
Upstream:
https://marc.info/?l=kvm&m=151580743523259&w=2
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When bash is selected, /bin/bash is not added to /etc/shells
(see man shells). So, login tools like dropbear reject the ssh
connexions for users using bash as shell in /etc/passwd.
buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
Reported-by: Jeremy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Partially fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/47806089
And add myself to the list of devloppers for it.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop patch 0004-uboot-tools-disable-pylibfdt.patch. The issue addressed by
this patch has been fixed in upstream commit
15b97f5c5e6d88e0560c6928f3acd01c999a494d.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop the metaparse module as it is header only library now. No need for
legacy handling as the module is available unconditionally in Boost.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
See: http://www.ti.com/tool/download/PRU-CGT-2-2
The ti-cgt-pru v2.1.x installer are affected by a bug with recent
distribution (Fedora 27 and Ubuntu 17.10) using kernel 4.13 or 4.14
with a glibc 2.26.
The installer is stuck in a futex(wait) system call.
While at it, add license hash.
Fixes:
http://autobuild.buildroot.net/results/68f/68f60ad38d9b6eae83b5d233966616a25d8c9391
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Ash Charles <ash.charles@savoirfairelinux.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Just like the previous commit did:
c9ecdd2b96 gpu-viv-bin-mx6q: fix compiling issues with EGL_API_FB
Difference is that in latest package, eglvivante.h is included after
a EGL_API_FB check in eglplatform.h, giving the following error:
/.../sysroot/usr/include/EGL/eglplatform.h:146:10:
fatal error: X11/Xlib.h: No such file or directory
#include <X11/Xlib.h>
Also, this patch introduce IMX_GPU_VIV_FIXUP_PKGCONFIG which fixes
the pkgconfig files (for some reason default egl.pc file isn't the
same as the one for fb target).
Finally, this patch removes references to libVIVANTE which is now
replaced by libVDK.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove upstream patch 0001-Fix-SHA256-hash-verification.patch.
Re-enable support for Lua 5.1 and LuaJIT, which was removed in version 2017.09
because of compatibility issues [1]. Meanwhile, the issues have been resolved
upstream [2].
Note, that `CONFIG_HANDLER_IN_LUA` is now supported by Lua 5.1/LuaJIT, too.
Add a fixup command `SWUPDATE_SET_LUA_VERSION` to set the correct base name for
the Lua/LuaJIT pkg-config file used by the swupdates config option `LUAPKG`.
Fix a small type in the help text:
'in my mind' -> 'in mind'.
Regenerated the .config script by doing:
```
make swupdate-menuconfig
make swupdate-update-config
```
.. and removing the paths for the build options manually.
[1] http://patchwork.ozlabs.org/patch/795958/
[2] 7b49b8dc59
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes#10216
Building mcookie generates a warning about possible wrong arguments to
memset:
mcookie.c:207:26: warning: argument to ‘sizeof’ in ‘memset’ call is the same expression
as the destination; did you mean to dereference it? [-Wsizeof-pointer-memaccess]
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
ctx is a pointer to a structure, so the code should use the size of the
structure and not the size of the pointer when it tries to clear the
structure, similar to how it got fixed upstream back in 2009:
https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/lib/md5.c?id=6596057175c6ed342dc20e85eae8a42eb29b629f
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Prior to commit 8ad38a4fc2
("package/lz4: bump version to r131"), the lz4 package was installing
both libraries and programs, but this commit changed the behavior to
only install libraries.
The contributor might have been confused by the fact that the build
command was "$(MAKE) ... -C $(@D) liblz4", suggesting that only the
library was built. But since the install command was "$(MAKE) ... -C
$(@D) install", the programs were effectively built as part of the
install step, and installed as well.
Since it makes sense for lz4 to also installs its programs, this
commit adjusts the package accordingly.
It is worth mentioning that using the "all" target during the build
step is important. Indeed, otherwise the programs/Makefile has a
"default" target that doesn't build everything (especially the lz4c
program) and it end up being built as part of the install step, due to
how the makefile dependencies are handled in the lz4 project. To make
sure that everything gets built during the build step, we explicitly
use the "all" target.
Fixes bug #9996
Reported-by: Jamin Collins <jamin.collins@gmail.com>
Initial-analysis-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As usual, https://github.com/kergoth/tslib/releases has the changelog
summary.
This release includes a new plugin "invert" that is being built by
default; so we add that to the list of statically compiled in plugins
for static builds.
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current busybox.mk explicitly removes S01logging if CONFIG_SYSLOGD
is disabled in the Busybox configuration. However:
- This causes the removal of the S01logging script potentially
installed by another package (currently syslog-ng, rsyslog and
sysklogd can all install a S01logging script).
- We generally don't try to clean-up stuff that we may have installed
in a previous make invocation and that is no longer needed
following a configuration change.
Fixes bug #10176
Reported-by: Karl Krach <mail@kkrach.de>
Fix-provided-by: Karl Krach <mail@kkrach.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The kmsxx build system can only build either shared libraries *or*
static libraries, not both. Therefore, the build currently fails when
BR2_SHARED_STATIC_LIBS=y because we try to install the static
libraries, that haven't been built.
We fix this by not installing the static libraries when
BR2_SHARED_STATIC_LIBS=y, making BR2_SHARED_STATIC_LIBS=y essentially
the same as BR2_SHARED_LIBS=y for this package.
Fixes bug #10331.
Reported-by: Frederic MATHIEU <frederic.mathieu@dualis.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The oss.sgi.com mailing list archives are no longer available, point
to spinics.net instead.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
There is an obvious typo in avahi_tmpfiles.conf: avahi-autoipd is
badly spelled.
Fixes bug #10641.
Reported-by: Michael Heinemann <posted@heine.so>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This is a maintenance release of the current stable WebKitGTK+ version,
which contains mitigations for CVE-2017-5753 and CVE-2017-5715, the
vulnerabilities known as the "Spectre" attack. It also contains a fix
which allows building the reference documentation with newer gtk-doc
versions.
Release notes can be found in the announcement:
https://webkitgtk.org/2018/01/10/webkitgtk2.18.5-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
<pkg>-<pkg-version>.tar.gz is the default value, so there's no need to
explicitly specify it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
<pkg>-<pkg-version>.tar.gz is the default value, so there's no need to
explicitly specify it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
[Thomas: change to automatically set the version in the generated .pc file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This feature is not used by anyone in the core developpers and makes a
drastic simplification of the pkg-download infrastructure harder.
The future patch will move much of what's in the current pkg-download.mk
file into the dl-wrapper which is a shell script.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add a patch to avoid failing on a configure error if UI example can't be
built if libgtk3 is available but not gst1-plugins-base (gstreamer-video
is only needed for UI example, not for rygel UI)
Fixes:
- http://autobuild.buildroot.net/results/6c659aadfc418c0a27a93284eb34d75e2b0dc169
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes the following security issues:
* AST-2017-014: Crash in PJSIP resource when missing a contact header A
select set of SIP messages create a dialog in Asterisk. Those SIP
messages must contain a contact header. For those messages, if the header
was not present and using the PJSIP channel driver, it would cause
Asterisk to crash. The severity of this vulnerability is somewhat
mitigated if authentication is enabled. If authentication is enabled a
user would have to first be authorized before reaching the crash point.
For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-13185-1475-1515-and-1318-cert2-now-available-security
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes#10556
The --with-crypto handling in ntp only works with libopenssl, not with
libressl, where it ends up with compilation issues like:
ntp_control.c:(.text+0x64): undefined reference to `EVP_MD_CTX_new'
ntp_control.c:(.text+0x10c): undefined reference to `EVP_MD_CTX_free'
libntpd.a(ntp_crypto.o): In function `bighash':
ntp_crypto.c:(.text+0x2e8): undefined reference to `EVP_MD_CTX_new'
ntp_crypto.c:(.text+0x328): undefined reference to `EVP_MD_CTX_free'
libntpd.a(ntp_crypto.o): In function `crypto_verify':
ntp_crypto.c:(.text+0x6cc): undefined reference to `EVP_MD_CTX_new'
ntp_crypto.c:(.text+0x710): undefined reference to `EVP_MD_CTX_free'
ntp_crypto.c:(.text+0x72c): undefined reference to `EVP_MD_CTX_free'
So ensure we only pass --with-crypto when libopenssl is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
There are three 256 color terminfo files that buildroot only installs
if ncurses is configured with wide character support, which also
enables ext-color. There is a fourth 256 color terminfo file that does
not depend on wchar suport and is always installed.
This changes that to always install all four 256 color terminfo files.
When ncurses has ext-colors enabled,it allows 256 fg and bg colors at
the same time. Without ext-colors, it is still possible to use the 256
color terminfo files and one can get a combination of fb and bg colors
that equals up to 256, e.g. 256 fg colors on one background or 16 fg
and 16 bg colors.
In short, the 256 color files work fine without wchar or ext-color
support and support more colors than the normal xterm, etc. terminfo
files. It's common today for the default terminal to use
xterm-256color and it's nice if thinks like vim and top work out of
the box.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes the following security issues:
14.6.1:
* AST-2017-005 (applied to all released versions): The "strictrtp" option in
rtp.conf enables a feature of the RTP stack that learns the source address
of media for a session and drops any packets that do not originate from
the expected address. This option is enabled by default in Asterisk 11
and above. The "nat" and "rtp_symmetric" options for chan_sip and
chan_pjsip respectively enable symmetric RTP support in the RTP stack.
This uses the source address of incoming media as the target address of
any sent media. This option is not enabled by default but is commonly
enabled to handle devices behind NAT.
A change was made to the strict RTP support in the RTP stack to better
tolerate late media when a reinvite occurs. When combined with the
symmetric RTP support this introduced an avenue where media could be
hijacked. Instead of only learning a new address when expected the new
code allowed a new source address to be learned at all times.
If a flood of RTP traffic was received the strict RTPsupport would allow
the new address to provide media and with symmetric RTP enabled outgoing
traffic would be sent to this new address, allowing the media to be
hijacked. Provided the attacker continued to send traffic they would
continue to receive traffic as well.
* AST-2017-006 (applied to all released versions): The app_minivm module has
an “externnotify” program configuration option that is executed by the
MinivmNotify dialplan application. The application uses the caller-id
name and number as part of a built string passed to the OS shell for
interpretation and execution. Since the caller-id name and number can
come from an untrusted source, a crafted caller-id name or number allows
an arbitrary shell command injection.
* AST-2017-007 (applied only to 13.17.1 and 14.6.1): A carefully crafted URI
in a From, To or Contact header could cause Asterisk to crash
For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-11252-13171-1461-116-cert17-1313-cert5-now-available-security
14.6.2:
* AST-2017-008: Insufficient RTCP packet validation could allow reading
stale buffer contents and when combined with the “nat” and “symmetric_rtp”
options allow redirecting where Asterisk sends the next RTCP report.
The RTP stream qualification to learn the source address of media always
accepted the first RTP packet as the new source and allowed what
AST-2017-005 was mitigating. The intent was to qualify a series of
packets before accepting the new source address.
For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-11253-13172-1462-116-cert18-1313-cert6-now-available-security
Drop 0004-configure-in-cross-complation-assimne-eventfd-are-av.patch as this
is now handled differently upstream (by disabling eventfd for cross
compilation, see commit 2e927990b3d2 (eventfd: Disable during cross
compilation)). If eventfd support is needed then this should be submitted
upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):
Multiple vulnerabilities have been located in Irssi.
(a) When the channel topic is set without specifying a sender, Irssi
may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)
CVE-2018-5206 was assigned to this issue.
(b) When using incomplete escape codes, Irssi may access data beyond
the end of the string. (CWE-126) Found by Joseph Bisch.
CVE-2018-5205 was assigned to this issue.
(c) A calculation error in the completion code could cause a heap
buffer overflow when completing certain strings. (CWE-126) Found
by Joseph Bisch.
CVE-2018-5208 was assigned to this issue.
(d) When using an incomplete variable argument, Irssi may access data
beyond the end of the string. (CWE-126) Found by Joseph Bisch.
CVE-2018-5207 was assigned to this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
