Commit Graph

44436 Commits

Author SHA1 Message Date
Yann E. MORIN
9c43f28de4 package/pkg-generic: ensure absolute paths in config-script fixups
In case a config script is called from a relative path, the $(dirname
$0) would return a relative path too.

Those paths are usually parts of includes or libraries search
directories, and the packagfes buildsystems may chdir() anywhere, and
thus the relative path will no longer be valid. For example:

  $ ./host/powerpc-buildroot-linux-uclibc/sysroot/usr/bin/net-snmp-config --cflags
  [...] -I./host/powerpc-buildroot-linux-uclibc/sysroot/usr/bin/../../.././bin/../powerpc-buildroot-linux-uclibc/sysroot/usr/include/libnl3 [...]

Canonicalise the path to be sure we use absolute paths.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 23:00:26 +01:00
Matt Weber
d68f3ba156 package/setools: drop path prefix from man install
For this man file install scenario, joining the sys.prefix makes the
path absolute (this was previously working by accident).  It was
found when e94280e5a5 "package/pkg-python: use proper --prefix
and --root values" was merged.

Fixes:
http://autobuild.buildroot.net/results/e214e1a539cdac07028fb58c3822f89886d86f1f

Upstream:
bc36cba139

Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 22:59:00 +01:00
Fabrice Fontaine
1008c507cd package/squid: needs atomic
Since 4b0f891211
squid tries to find if latomic is needed through:
AC_SEARCH_LIBS([__atomic_load_8],[atomic],[ATOMICLIB="-latomic"],[])

However, this can fails on:
configure:21147: /home/fabrice/buildroot/output/host/bin/arc-buildroot-linux-gnu-g++ -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -matomic -Os   -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -g conftest.cpp -latomic   >&5
conftest.cpp:55:6: error: new declaration 'char __atomic_load_8()' ambiguates built-in declaration 'long long unsigned int __atomic_load_8(const volatile void*, int)' [-fpermissive]
 char __atomic_load_8 ();
      ^~~~~~~~~~~~~~~
conftest.cpp: In function 'int main()':
conftest.cpp:59:25: error: too few arguments to function 'long long unsigned int __atomic_load_8(const volatile void*, int)'
 return __atomic_load_8 ();

So add -latomic to LIBS if BR2_TOOLCHAIN_HAS_LIBATOMIC is set

Fixes:
 - http://autobuild.buildroot.org/results/13082cea836a12ac8bf85cbdb53a56a5d30c70b1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 22:57:44 +01:00
Fabrice Fontaine
c9da6746e1 package/squid: remove gnu atomics handling
gnu atomics has been removed since version 3.5.27:
ddd4edb743
So remove squid_cv_gnu_atomics handling

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 22:57:34 +01:00
Joseph Kogut
f2fd9e87b7 package/dbus-python: bump to version 1.2.8
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 22:55:27 +01:00
Matt Weber
1705f775e9 package/libdrm: add optional cunit dependency
Previously the option to install tests would result in the test cases
that don't have a cunit dependency, to build and be installed.

This patch adds an optional dependency on cunit so that all test cases
can be built and installed to target.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: keep as an optional dependency, as cunit is only useful for
additional tests specific to the amdgpu backend]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 22:50:47 +01:00
Matt Weber
fb04a819ae package/cunit: new package
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: fix license, it's LGPL-2.0+.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 22:39:00 +01:00
Jörg Krause
d6bd004a0b package/libnfs: bump to version 3.0.0
Also add an patch from upstream to fix building libnfs with the musl C
library. This issue was introduced upstream between version 2.0.0 and
version 3.0.0.

Note, that upstreams commit message says it fixes a warning. However, as
musl is more strictly regarding missing headers it actually fixes the
build with musl.

Furthermore, the COPYING license file was changed in the way that it now
includes a clarification about the .x files being distributed under the
simplified BSD license. We already note in LIBNFS_LICENSE that the .x
files are BSD-2-Clause. So, updating the hash for this license file is
enough.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 22:34:25 +01:00
Sergio Prado
630a87907f package/wolfssl: enable ARMv8 hardware acceleration
Enable hardware acceleration for ARMv8 targets.

When ARMv8 hardware acceleration is enabled on AArch64 without any
additional flags, the build fails with the following messages:

/tmp/cciv7Oei.s: Assembler messages:
/tmp/cciv7Oei.s:580: Error: invalid addressing mode at operand 2 -- `ld1 {v0.2d},[x0,256]'
/tmp/cciv7Oei.s:616: Error: invalid addressing mode at operand 2 -- `st1 {v0.2d},[x0,256]'
/tmp/cciv7Oei.s:629: Error: invalid addressing mode at operand 2 -- `ld1 {v0.2d},[x0,256]'
/tmp/cciv7Oei.s:669: Error: invalid addressing mode at operand 2 -- `st1 {v0.2d},[x0,256]'
/tmp/cciv7Oei.s:1211: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]'
/tmp/cciv7Oei.s:1368: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]'
/tmp/cciv7Oei.s:1554: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]'
/tmp/cciv7Oei.s:1719: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]'
/tmp/cciv7Oei.s:1870: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]'
/tmp/cciv7Oei.s:2043: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]'
make[3]: *** [Makefile:3801: wolfcrypt/src/port/arm/src_libwolfssl_la-armv8-aes.lo] Error 1

This is because of some inline assembly in parts of the AES structure
using the "m" constraint.

So lets use the flag -mstrict-align to prevent this error.

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
[Thomas: restrict the -mstrict-align workaround to AArch64, as ARMv8-A
can also be used in an AArch32 build, and in this case, gcc doesn't
support the -mstrict-align flag]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 22:31:06 +01:00
Fabrice Fontaine
f108445a3d php: intl support needs dynamic library
getArgTypeList is defined both in ext/intl/msgformat/msgformat_helpers.cpp
and icu library so add a !BR2_STATIC_LIBS dependency to
BR2_PACKAGE_PHP_EXT_INTL

Fixes:
 - http://autobuild.buildroot.org/results/628b677d1ceb8b404265d89357225e0a1dce1407

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 22:19:50 +01:00
Sergio Prado
d9adaa15f9 package/wolfssl: bump to version 3.15.5
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 22:16:02 +01:00
Francois Perrad
ba5b8c467c package/perl-time-hires: remove package
This is a core Perl module (ie. included in the Perl distribution), so
there is no point in having a separate package for it.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 22:15:04 +01:00
Alexey Brodkin
3e53b51983 package/gcc: enable __cxa_atexit
This is what GCC manual says [1]:
-------------------------->8----------------------
--enable-__cxa_atexit

    Define if you want to use __cxa_atexit, rather than atexit,
    to register C++ destructors for local statics and global objects.

    This is essential for fully standards-compliant handling of destructors,
    but requires __cxa_atexit in libc.

    This option is currently only available on systems with GNU libc
    ...
-------------------------->8----------------------

Important disadvantages of a simple atexit() are that [2]:
-------------------------->8----------------------
1999 C Standard only requires that the implementation support 32
registered functions, although most implementations support many more.

More important it does not deal at all with the ability in most implementations
to remove DSOs from a running program image by calling dlclose
prior to program termination.
-------------------------->8----------------------

Also it seems like all libc's we support in Buildroot (Glibc, uClibc and musl)
support __cxa_at_exit() so enable it unconditionally.

FWIW if we look around we'll see:
 1. In OpenEmbedded it is enabled for everything except gcc-cross-initial: [3], [4]
 2. In Crosstool-NG it is enabled by default: [5]
 3. In OpenWrt it is disabled only for uClibc, otherwise enabled: [6]

So I think we should be good with it as well.

[1] https://gcc.gnu.org/install/configure.html
[2] https://itanium-cxx-abi.github.io/cxx-abi/abi.html#dso-dtor-motivation
[3] https://github.com/openembedded/openembedded-core/blob/master/meta/recipes-devtools/gcc/gcc-configure-common.inc#L59
[4] https://github.com/openembedded/openembedded-core/blob/master/meta/recipes-devtools/gcc/gcc-cross-initial.inc#L23
[5] https://github.com/crosstool-ng/crosstool-ng/blob/master/config/cc/gcc.in#L270
[6] https://github.com/openwrt/openwrt/blob/master/toolchain/gcc/common.mk#L170

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Nicolas Cavallari <Nicolas.Cavallari@green-communications.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Mark Corbin <mark.corbin@embecosm.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Claudiu Zissulescu <claziss@synopsys.com>
Cc: Cupertino Miranda <cmiranda@synopsys.com>
Cc: Vineet Gupta <vgupta@synopsys.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 22:12:38 +01:00
Mark Corbin
44a9babcc6 package/gdb: prevent gdbserver being selected for RISC-V builds
There is currently no version of gdbserver for RISC-V. Until this
is implemented we will prevent both the direct and indirect
selection of gdbserver for RISC-V builds. In practice this means
that 'cross gdb for the host' cannot be selected and that
'full debugger' must be automatically selected for the gdb target
package.

[Peter: simplify logic, add comment]
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 21:51:26 +01:00
Robert Rose
d21366e11a package/grpc: new package
Signed-off-by: Robert Rose <robertroyrose@gmail.com>
[Thomas:
 - add missing Config.in dependencies inherited from
   BR2_PACKAGE_PROTOBUF, as well as the corresponding Config.in
   comment
 - replace spaces by tabs in grpc.mk indentation
 - remove superfluous GRPC_SOURCE variable
 - improved patch description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 21:49:50 +01:00
Robert Rose
740a989381 package/c-ares: support host build
A host version of this package will be useful as a dependency of the
host-grpc package.

Signed-off-by: Robert Rose <robertroyrose@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 21:45:12 +01:00
Evgeniy Didin
375e6dd5d1 toolchain: bump ARC prebuild toolchain to arc-2018.09
Lets update prebuilt ARC toolchain to the most recent arc-2018.09.

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 21:39:44 +01:00
Fabrice Fontaine
e13855c48f libbsd: needs __register_atfork
The following error is raised by minizip:

[100%] Linking C executable minizip
/home/peko/autobuild/instance-0/output/host/m68k-buildroot-uclinux-uclibc/sysroot/usr/lib/libbsd.a(arc4random.o):
In function `_rs_init.part.1':
arc4random.c:(.text+0xaa): undefined reference to `__register_atfork'
collect2: error: ld returned 1 exit status

As specified in openssl/Config.in, uClibc on noMMU doesn't provide
__register_atfork() so add a dependency on
!(BR2_TOOLCHAIN_USES_UCLIBC && !BR2_USE_MMU) on libbsd and minizip

Don't add this dependency to netcat-opensd as it already depends on
glibc
Don't add this dependency to BR2_PACKAGE_BLUEZ_ALSA_HCITOP because
bluez-alsa already depends on BR2_USE_MMU
Concerning fwts, just update comment on BR2_USE_MMU

Fixes:
 - http://autobuild.buildroot.org/results/df2dcbdceaa01a2ae37bf09140e4dbef0a5b9489

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 21:35:38 +01:00
Evgeniy Didin
cd9d58f1fc toolchain: bumb ARC tools to arc-2018.09 release
This commit finally bumps ARC tools to the most recent arc-2018.09 release version.

ARC GNU tools of version arc-2018.09 bring some quite significant changes like:
 * Binutils v2.31.1 with additional ARC patches
 * GCC 8.2.1 with additional ARC patches
 * glibc 2.28 with additional ARC patches

More information on this release could be found here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2018.09-release

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-29 21:32:51 +01:00
Fabrice Fontaine
76815cd1e5 python-numpy: fix build with lapack
If BR2_PACKAGE_LAPACK is enabled (without BR2_PACKAGE_CLAPACK), build of
python-numpy will fail if lapack is built before python-numpy because
lapack does not provide blas library

So disable BLAS and LAPACK through PYTHON_NUMPTY_ENV if
BR2_PACKAGE_CLAPACK is not set

Fixes:
 - http://autobuild.buildroot.org/results/41671976c7be7883f31ee5f51ca0eb90b81262fd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 21:29:30 +01:00
Yann E. MORIN
bcb8ef0fdc package: hide golang packages for toolchains with binutils bug 20006
Fixes:
    http://autobuild.buildroot.org/results/020/02039969b16534d4020ecd4574bae71b91c1e6b8/ (flannel)
    http://autobuild.buildroot.org/results/e95/e9528b06b350ef84c1e2cb59fba87b4db77b4660/ (docker-engine)
    [...]

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 21:22:45 +01:00
Yann E. MORIN
b51420742c toolchain: CodeSourcery AMD64 affected by PR20006
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 21:22:18 +01:00
Yann E. MORIN
5af65f6557 infra/pkg-golang: enforce number of parallel jobs
By default, the go compiler will spawn as many jobs as there are CPUs
available, thus possibily over-shooting the limits set by the user.

Make it abide by the user's wish, and specify the number of jobs allowed
to run.

We can do so without fear of a package failing to build in parallel,
because they were already all building in parallel, as that is the
default for the go compiler.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 21:21:36 +01:00
Fabrice Fontaine
76cf905c7b systemd: fix build with gcc <= 4.7
Pass -Werror=shadow in args of cc.compiles in meson.build otherwise test
will always succeed, causing -Werror=shadow to be passed, even on older gcc versions.

GCC 4.8 changed the behaviour of -Werror=shadow to no longer complain about
local variable declariations shadowing functions, which systemd has.  From
the changelog:

  The option -Wshadow no longer warns if a declaration shadows a function
  declaration, unless the former declares a function or pointer to function,
  because this is a common and valid case in real-world code.

https://www.gnu.org/software/gcc/gcc-4.8/changes.html

Fixes:
 - http://autobuild.buildroot.org/results/ffd71c473d3b29618c18cd2e04705370266696f2

[Peter: extend commit message, add gcc 4.8 link]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 21:14:10 +01:00
Peter Korsgaard
e52b02677a ghostscript: security bump to version 9.26
Fixes the following security vulnerabilities:

 - CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to
   bypass a sandbox protection mechanism via vectors involving errorhandler
   setup.  NOTE: this issue exists because of an incomplete fix for
   CVE-2018-17183.

- CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to
  bypass a sandbox protection mechanism via vectors involving the 1Policy
  operator.

- CVE-2018-19409: An issue was discovered in Artifex Ghostscript before
  9.26.  LockSafetyParams is not checked correctly if another device is
  used.

- CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because available
  stack space is not checked when the device remains the same.

- CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because of a
  setcolorspace type confusion.

- CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because of a
  JBIG2Decode type confusion.

For more details, see the release notes:
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 19:57:09 +01:00
Francois Perrad
1514da371f perl-net-ssleay: fix dependency
this dependency was accidentally removed
by https://git.busybox.net/buildroot/commit/package/perl-net-ssleay?id=da9e06cabc578bf9138e100d1492a2d5f2038415

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 19:55:32 +01:00
Yann E. MORIN
48ea9fa4a4 package/netsnmp: drop our custom config script fixups
Those custom fixups were added in 2011 with commit d1b42b24b8
(net-snmp: fixup paths in net-snmp-config) before we add generic config
scripts fixups in 2013 with commit 834f9311aa (pkg-infra: add
<pkg>_CONFIG_FIXUP to fix *-config files)

These custom fixups enclose the includes and libraries paths in single
quotes (presumably to protect them from further expnasion by the shell,
in case there are spaces for example).

It turns out that this breaks now that we replace the staging dir with
$(dirname $0), as it is between single quotes.

It looks like these fixups are really no longer needed anymore, since
the generic fixups do the job just fine (and better).

Fixes:
    http://autobuild.buildroot.org/results/2c5/2c5e379a06825bf8588bf070d733d2e1f98dab66/
    http://autobuild.buildroot.org/results/eea/eea704463c3f14dbb9bd7f8aa23d4b61c25987f4/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 17:22:33 +01:00
Peter Seiderer
750d43ae14 freetype: bump version to 2.9.1
According to [1]:

- fixes CVE-2018-6942: A NULL pointer dereference in the Ins_GETVARIATION()
  function within ttinterp.c could lead to DoS via a crafted font file

- needs '--enable-freetype-config' for freetype-config installation

[1] https://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?id=86bc8a95056c97a810986434a3f268cbe67f2902

[Peter: also pass --enable-freetype-config for host variant]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 17:18:31 +01:00
Fabrice Fontaine
7367a8cd59 domoticz: fix build with python and cmake <= 3.7
domoticz will fail to build with python and older cmake
Indeed, find_package(PythonLibs 3.4) will not recognize python 3.7 until
cmake 3.7 and the following commit:
c31573b964

To fix this, add a call to find_package(PythonInterp). Indeed, if
FindPythonInterp has already found the major and minor version, that
version will be inserted between the user supplied versions and the
stock version list since cmake in version 3.1 and
3816cd2dc7

Fixes:
 - http://autobuild.buildroot.org/results/8e82501a7b49da628ec026132ffca44c0c813040

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 16:55:40 +01:00
Peter Korsgaard
3301b6e1b2 libopenssl: security bump to version 1.0.2q
Fixes the following security vulnerabilities:

  *) Microarchitecture timing vulnerability in ECC scalar multiplication

     OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
     shown to be vulnerable to a microarchitecture timing side channel attack.
     An attacker with sufficient access to mount local timing attacks during
     ECDSA signature generation could recover the private key.

     This issue was reported to OpenSSL on 26th October 2018 by Alejandro
     Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
     Nicola Tuveri.
     (CVE-2018-5407)
     [Billy Brumley]

  *) Timing vulnerability in DSA signature generation

     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
     timing side channel attack. An attacker could use variations in the signing
     algorithm to recover the private key.

     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
     (CVE-2018-0734)
     [Paul Dale]

For more information, see the changelog:
https://www.openssl.org/news/cl102.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 16:29:46 +01:00
Florian Fainelli
257a2118be xfsprogs: Define PLATFORM to linux
PLATFORM is an environment variable used by xfsprogs' configure script
to determine the platform for which the applications are being built. If
we set some incorrect/unsupported value through e.g: export, this will
be picked up by xfsprogs' configure script and used as-is and assigned
to PKG_PLATFORM, which will lead to build failures.

If PLATFORM was empty/unset, then uname on the host building xfsprogs
gets used to determine the build platform, which again could be
incorrect if we e.g: built xfsprogs on a Darwin system.

Since we are obviously building for Linux, let's just make sure we
define it that way which solves both issues.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 16:29:24 +01:00
Peter Korsgaard
0839e4a85e samba4: security bump to version 4.9.3
Fixes the following security vulnerabilities:

 - CVE-2018-14629:
   All versions of Samba from 4.0.0 onwards are vulnerable to infinite
   query recursion caused by CNAME loops. Any dns record can be added via
   ldap by an unprivileged user using the ldbadd tool, so this is a
   security issue.

 - CVE-2018-16841:
   When configured to accept smart-card authentication, Samba's KDC will call
   talloc_free() twice on the same memory if the principal in a validly signed
   certificate does not match the principal in the AS-REQ.

   This is only possible after authentication with a trusted certificate.

   talloc is robust against further corruption from a double-free with
   talloc_free() and directly calls abort(), terminating the KDC process.

   There is no further vulnerability associated with this issue, merely a
   denial of service.

 - CVE-2018-16851:
   During the processing of an LDAP search before Samba's AD DC returns
   the LDAP entries to the client, the entries are cached in a single
   memory object with a maximum size of 256MB.  When this size is
   reached, the Samba process providing the LDAP service will follow the
   NULL pointer, terminating the process.

   There is no further vulnerability associated with this issue, merely a
   denial of service.

 - CVE-2018-16852:
   During the processing of an DNS zone in the DNS management DCE/RPC server,
   the internal DNS server or the Samba DLZ plugin for BIND9, if the
   DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
   property is set, the server will follow a NULL pointer and terminate.

   There is no further vulnerability associated with this issue, merely a
   denial of service.

 - CVE-2018-16853:
   A user in a Samba AD domain can crash the KDC when Samba is built in the
   non-default MIT Kerberos configuration.

   With this advisory we clarify that the MIT Kerberos build of the Samba
   AD DC is considered experimental.  Therefore the Samba Team will not
   issue security patches for this configuration.

 - CVE-2018-16857:
   AD DC Configurations watching for bad passwords (to restrict brute forcing
   of passwords) in a window of more than 3 minutes may not watch for bad
   passwords at all.

For more details, see the release notes:

https://www.samba.org/samba/history/samba-4.9.3.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 15:48:30 +01:00
Angelo Compagnucci
a91db4044f linux: bump CIP to version v4.4.154-cip28
This patch bumps the Linux CIP kernel to version v4.4.154-cip28

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 15:48:17 +01:00
Johan Oudinet
e1a43490e9 package/ejabberd: bump to version 18.09
This version requires much less patches than the previous one packaged
in Buildroot. It is compatible with Erlang OTP 21.
There are two remainning patches to:
- change the Makefile rules so dependencies are not downloaded/compiled;
- fix ejabberd user and load a default file in ejabberdctl script.

The patch 0006-fix-install-permissions has been replaced by setting
permissions on /etc/ejabberd directory via EJABBERD_PERMISSIONS.

The patch 0009-disable-mod_avatar has been removed because eimp is
a mandatory dependency since 0f86559d.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:38:22 +01:00
Johan Oudinet
091c950fb0 package/erlang-p1-eimp: new package
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
[Thomas: add entry in DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:38:20 +01:00
Johan Oudinet
790805c9e2 package/erlang-p1-iconv: bump to version 1.0.10
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:38:17 +01:00
Johan Oudinet
2090c21eef package/erlang-p1-sip: bump to version 1.0.26
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:38:14 +01:00
Johan Oudinet
e1a1d94b03 package/erlang-p1-stun: bump to version 1.0.25
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:38:11 +01:00
Johan Oudinet
ef699216b9 package/erlang-p1-oauth2: bump to version 0.6.3
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:38:08 +01:00
Johan Oudinet
bdaf54e222 package/erlang-p1-yaml: bump to version 1.0.17
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:38:05 +01:00
Johan Oudinet
d8a1e424bf package/erlang-p1-xmpp: bump to version 1.2.5
This package now depends also on erlang-p1-tls and erlang-p1-zlib.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:38:02 +01:00
Johan Oudinet
f71d9dae00 package/erlang-p1-zlib: bump to version 1.0.4
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:37:59 +01:00
Johan Oudinet
746c81ae31 package/erlang-p1-xml: bump to version 1.1.34
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:37:55 +01:00
Johan Oudinet
cd9ed79061 package/erlang-p1-stringprep: bump to version 1.0.14
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:37:50 +01:00
Johan Oudinet
2c4290c386 package/erlang-p1-tls: bump to version 1.0.25
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:37:48 +01:00
Johan Oudinet
3b38e0b6dc package/erlang-p1-cache-tab: bump to version 1.0.16
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:37:45 +01:00
Johan Oudinet
27ee4f20b8 package/erlang-p1-utils: bump to version 1.0.13
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:37:41 +01:00
Johan Oudinet
1402956d4b package/pkg-rebar.mk: remove dependencies from rebar.config
Instead of having a patch in every rebar package to remove the
dependencies in the rebar.config file in order to avoid rebar
downloading such dependencies at build time, implement it directly
as a post-patch hook in the rebar infrastructure.
Add a way to explicitly deactivate this behavior if any package needs
such lines in the rebar.config file.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
[Thomas:
 - rename macro to remove-rebar-config-dependencies
 - move the macro outside the inner-rebar-package, so that it is
   declared with the other utility macros found in pkg-rebar.mk]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:27:04 +01:00
Joseph Kogut
164aa3d909 python-networkmanager: bump to version 2.1
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:08:55 +01:00
Asaf Kahlon
660cf556b9 package/python-multidict: bump to version 4.5.2
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-28 22:08:28 +01:00