Commit Graph

39699 Commits

Author SHA1 Message Date
Thomas Petazzoni
5dac3b9b8d configs/imx6-sabresd: needs host-openssl for the Linux kernel build
Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/55306836

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 15:28:32 +01:00
Thomas Petazzoni
da9678f426 configs/mx53loco: needs host-openssl for the Linux kernel build
Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/55306856

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 15:28:03 +01:00
Thomas Petazzoni
53f0ffe34a configs/snps_archs38_vdk: needs host-openssl for the Linux kernel build
Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/55306946

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 15:27:44 +01:00
Thomas Petazzoni
bc575cf9de configs/snps_archs38_axs103: needs host-openssl for the Linux kernel build
Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/55306944

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 15:27:26 +01:00
Thomas Petazzoni
661c81b2fe configs/orangepi_pc_plus: needs host-openssl for the Linux kernel build
Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/55306885

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 15:27:09 +01:00
Thomas Petazzoni
a645de1362 configs/orangepi_zero: needs host-openssl for the Linux kernel build
Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/55306889

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 15:26:37 +01:00
Thomas Petazzoni
5c5f1b0743 configs/qemu_x86_defconfig: remove kernel options that need openssl
Wireless support ends up enabling CONFIG_SYSTEM_TRUSTED_KEYRING, which
requires openssl to be available on the host, so disable wireless
support, which isn't needed in Qemu.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 15:25:35 +01:00
Thomas Petazzoni
248161d6fa configs/qemu_x86_64_defconfig: remove kernel options that need openssl/libelf
The ORC unwinder requires libelf to be available on the host, so use
the frame pointer unwinder instead. Using the frame pointer unwinder
is probably good enough in our default Qemu configurations.

Wireless support ends up enabling CONFIG_SYSTEM_TRUSTED_KEYRING, which
requires openssl to be available on the host, so disable wireless
support, which isn't needed in Qemu.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 15:25:15 +01:00
Thomas Petazzoni
f7cd72b3d4 linux: add BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF
Some Linux kernel configuration options (such as CONFIG_UNWINDER_ORC)
require building a host program that needs libelf.

Users who have libelf installed on their system won't see a problem,
but users who don't have libelf installed will get a build
failure. Therefore, this commit adds an option that allows a user to
indicate that his Linux kernel configuration requires libelf. When
this option is enabled, we add host-elfutils to the dependencies of
the linux package (host-elfutils provides the libelf library).

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 15:25:08 +01:00
Thomas Petazzoni
93a7edf4bc linux: add BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL
Some Linux kernel configuration options (such as
CONFIG_SYSTEM_TRUSTED_KEYRING) require building a host program called
extract-cert, which itself needs OpenSSL.

Users having OpenSSL installed on their system won't see a problem,
but users who don't have OpenSSL installed will get a build
failure. This commit adds a new option that allows users to indicate
that their Linux configuration requires building host-openssl.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 15:25:08 +01:00
Thomas Petazzoni
dde090c299 linux: fix passing of host CFLAGS and LDFLAGS
We were passing HOSTCFLAGS="$(HOSTCFLAGS)" to Linux. However:

 - HOSTCFLAGS in Buildroot doesn't exist, and is empty, so this
   assignment never did anything. The name of the variable in
   Buildroot in HOST_CFLAGS.

 - HOSTCFLAGS in Linux isn't used everywhere, and passing it overrides
   the default HOSTCFLAGS value defined in the main Linux kernel
   Makefile.

In addition, there is no way to pass additional host LDFLAGS in the
Linux kernel build system.

Therefore, we simply shoehorn our HOST_CFLAGS and HOST_LDFLAGS while
passing HOSTCC to the Linux kernel build system. This has been tested
to work fine with host OpenSSL and host libelf only available in
$(HOST_DIR).

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 15:25:08 +01:00
Matt Weber
9f13f8c237 freescale_p1010rdb_pa_defconfig: remove board
This defconfig currently doesn't build with GCC6 (Linux 4.1).
https://gitlab.com/buildroot.org/buildroot/-/jobs/55306827

A maintainer w/board isn't available to make updates, so removing
this config.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 12:01:01 +01:00
Thomas Petazzoni
b0fd706c2f configs/firefly_rk3288: remove defconfig
The original submitter of this defconfig:

"""
Sorry, unfortunately we no longer have the firefly board,
so we can't maintain it.
"""

And this defconfig fails to build with gcc 6.x, causing breakage in
the defconfig testing.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/55306815
  https://gitlab.com/buildroot.org/buildroot/-/jobs/55306814

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 11:59:23 +01:00
Thomas Petazzoni
49d2638276 configs/ci40: remove defconfig
>From the original submitter of this defconfig:

"""
I no longer have access to ci40 board. It would be difficult for me to
maintain it.
"""

And this defconfig currently fails to build with gcc 6.x. Therefore,
drop it.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/55306806

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 11:58:57 +01:00
Baruch Siach
120d492623 iptables: fix build with older kernel headers
iptables version 1.6.2 uses the BPF_OBJ_GET macro that is only available
since kernel version 4.4. Add a patch fixing the detection of the
feature availability.

Fixes:
http://autobuild.buildroot.net/results/e67/e670548c4b250e8a102a4929cafa85634fc79a3d/
http://autobuild.buildroot.net/results/1a7/1a7ab509440c9acacf606f238b8989d9b4287d52/
http://autobuild.buildroot.net/results/555/55583e20bcdf602132c074e08d1a49507d5a48ad/

Cc: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 11:07:03 +01:00
Baruch Siach
43500d5c85 nftables: bump to version 0.8.3
Disable man pages and pdf build to avoid dependency on docbook and
dblatex.

Drop upstream patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 11:05:25 +01:00
Baruch Siach
2af0f53b34 ser2net: bump to version 3.5
Remove also a redundant dot from description text.

Add upstream hashes, and a license file hash.

Cc: Francisco Gonzalez <gzmorell@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 11:03:51 +01:00
Baruch Siach
55459c67ad musl: drop upstream patch
Commit 1296d57918 (musl: bump to version 1.1.19) forgot to remove an
upstream patch. Do that now.

Fixes:
http://autobuild.buildroot.net/results/3ea/3ea23854c501d12aa69012df9d38d33cd10ac83c/

Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 11:03:12 +01:00
Alex Suykov
9a01e6d6cd DEVELOPERS: add myself for chromebook snow
Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-05 23:20:07 +01:00
Alex Suykov
842138aaa5 chromebook snow: bump kernel to 4.15
No other changes necessary, 4.15 builds and boots fine.

Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-05 23:19:33 +01:00
Jörg Krause
1296d57918 musl: bump to version 1.1.19
Also add hash for the licence file.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-05 23:18:31 +01:00
Fabio Estevam
e2046ecee9 mx25pdk: Bump U-Boot and kernel versions
Bump U-Boot to version 2018.01 and kernel to 4.15.7.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-05 21:32:40 +01:00
Thomas Petazzoni
f08dd9f4cb configs/freescale_mpc8315erdb: remove defconfig
This defconfig currently fails to build the Linux kernel:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/55306826

In addition, the U-Boot build had already been removed in commit
12c01e4a05
("configs/freescale_mpc8315erdb: remove U-Boot build"), back in
October 2016, and nobody bothered fixing it.

This defconfig was originally contributed and maintained by Gustavo
Zacarias, but he is no longer active in Buildroot, and nobody
expressed interest in this defconfig, so let's get rid of it.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-05 21:30:30 +01:00
Fabio Estevam
8cffa8163c DEVELOPERS: Add some i.MX boards to my name
I would like to help maintaining the following defconfigs:

imx23evk_defconfig
imx6-sabreauto_defconfig
imx7dpico_defconfig
mx25pdk_defconfig
mx51evk_defconfig
mx53loco_defconfig

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-05 21:22:31 +01:00
Fabrice Fontaine
390643f998 kvazaar: bump to version 1.2.0
Add license hash
Remove patch (applied upstream)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-05 21:22:00 +01:00
Fabrice Fontaine
a5750692fe cryptopp: bump to version 6.1.0
Remove patch (applied upstream)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-05 21:18:44 +01:00
Fabrice Fontaine
b405d31b48 cjson: bump to version 1.7.4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-05 21:13:34 +01:00
Peter Korsgaard
92b8bd0879 Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-05 21:04:14 +01:00
Peter Korsgaard
528f165476 Kickoff 2018.05 cycle
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-05 19:32:12 +01:00
Asaf Kahlon
fb4a33e586 czmq: bump to version v4.1.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[Arnout: correct comment about AUTORECONF]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-05 10:09:42 +01:00
Peter Korsgaard
2107518d92 docs/website/news.html: add 2018.02 announcement link
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 22:47:45 +01:00
Peter Korsgaard
8a94ff12d2 Update for 2018.02
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 22:28:34 +01:00
Yann E. MORIN
69781ebb50 support/tests: enhance the runtime systemd tests
Recent systemd bump has broken DBus dameon and DBus applications can no
longer find the daemon. So we want to catch those kind of failures
early.

We also want to check that the system as a whole is stable: no unit
should be failed.

Finally, ensure that we can read the jounrnal, even when we are doing our
tricks on read-only systems.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 21:10:23 +01:00
Yann E. MORIN
6e5df92853 package/skeleton-systemd: invert factory logic
Currently, we handle the factory by redirectoring /var with a symlink at
build time, and with some trickery during the filesystem generation,
depending on whether we need to remount the filesystem read-write or
not.

However, this is causing quite some pain with the latest systemd, now that
they have moved their dbus socket to /run instead of /var/run.

As such, trying to play tricks with /var/run as a symlink is difficult,
because at times it is in .usr/share/factory/var/run (during build) and
then it is in /var/run (at runtime). So a relative symlink is not
possible. But an absolute symlink is not possible either, because we are
installing out-of-tree.

Oh the joys of cross-compilation... :-)

We fix all this mess by making /var a real directory from the onset, so
that we can use the runtime-expected layout even during the build.

Then, during filesystem generation, we move /var away to the factory,
and populate it as we used to do. This still requires a post-fs hook to
restore /var after the filesystem generation.

This leaves a situation that, should the filesystem generation fails,
/var will be left in an inconsistent state. But that is not worse than
what we already had anyway.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Trent Piepho <tpiepho@impinj.com>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 20:35:30 +01:00
Trent Piepho
7e811708f3 package/skeleton-init-systemd: work around for /var/lib not populating
When using a RO root with systemd, it is intended that /var/lib should be
populated at boot time by tmpfiles system mirroring it from
/usr/share/factory/var/lib.

However, this will only happen if /var/lib does not already exist at the
time systemd-tmpfiles runs.  If it does exist, then tmpfiles will
(silently) skip it and do nothing.

It turns out /var/lib will exist, because some part of systemd creates
/var/lib/systemd/catalog on boot before tmpfiles runs.

The fix used here is to also create tmpfiles entries for the contents of
/var/lib/* and /var/lib/systemd/*.  This way, when those directories
already exist, the entire tree is not skipped and instead the
not-yet-existing contents of /var/lib and /var/lib/systemd will be still
be mirrored from the factory dir.

And if /var/lib/systemd, or a prefix of that, stops getting created and
does not exist, it'll still mirror properly.

It does cause some warnings from systemd:
systemd[1]: Starting Create Volatile Files and Directories...
systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:7] Duplicate line for path "/var/lib/systemd", ignoring.
systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:8] Duplicate line for path "/var/lib/systemd/coredump", ignoring.

But they can be ignored.

IMHO, I think a better solution would be for systemd-tmpfiles to gain a
"merge tree" operation that is like "C" but doesn't abort if the
destination exists, but rather merges the source into it.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
[yann.morin.1998@free.fr: slight rework of commit title]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 20:34:10 +01:00
Fabio Estevam
59e8b056ab linux-headers: bump 4.{9, 14}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 18:36:11 +01:00
Yann E. MORIN
b1aa2148b0 core: drop no-longer used C.UTF-8 locale option
Its use has been globbed into the more generic
BR2_NEEDS_HOST_UTF8_LOCALE option now.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Julius Kriukas <julius@kriukas.lt>
Cc: Christian Stewart <kidovate@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:59:16 +01:00
Yann E. MORIN
20862443b8 package/systemd: needs any UTF-8 locale
Not all distributions have the language-agnostic C.UTF-8 locale (Gentoo,
I'm frowning at you!).

Instead, use any UTF-8 locale provided by the system.

Reported-by: Christian Stewart <kidovate@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Julius Kriukas <julius@kriukas.lt>
Cc: Christian Stewart <kidovate@gmail.com>
Cc: Trent Piepho <tpiepho@impinj.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:59:16 +01:00
Yann E. MORIN
c2a9358b6e core: find a host UTF-8 locale
Some packages really want to use an UTF-8 locale, or they break.

However, there is no guarantee that any given locale is available on a
system. For example,, while most mainstream distros (Debian and
derivatives, Fedora...) do have the generic, language-agnostic C.UTF-8
locale, Gentoo does not provide it.

So, find the first UTF-8 locale available on the system, and take any
that is available. We however do favour using the user-set current
locale, then using the language-agnostic C.UTF-8, and eventually any
random UTF-8 locale.

Note: we only need to enforce LC_ALL, because setting it implies
everything else:
    http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02

    """
    1. If the LC_ALL environment variable is defined and is not null,
    the value of LC_ALL shall be used.
    """

[Peter: use same regexp as in dependencies.sh]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:59:03 +01:00
Yann E. MORIN
9f8c7766e4 support/dependencies: unbreak check for UTF-8 locale
Although the UTF-8 locales in mainstream distributions all are suffixed
with just 'utf8', the nomenclature is a bit ambiguous with the way they
are to be specified with the various LC_* variables, suffixed there with
'UTF-8'.

Also, POSIX, ISO, and IEC do not enforce any specific suffix in LC_*
variables:
    http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02

    """
    If the locale value has the form:
        language[_territory][.codeset]

    it refers to an implementation-provided locale, where settings of
    language, territory, and codeset are implementation-defined.
    """

To avoid any confusion, use a regexp that is a bit more lax when
matching locales.

Also, quote the regexp, so that the '?' and '$' are not interpreted by
the shell.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:46:48 +01:00
Yann E. MORIN
f208cf296c package/systemd: create groups required for udevd
udevd needs extra groups for its bundled rules:

    Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'render' unknown
    Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'kvm' unknown

Add those missing groups.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Julius Kriukas <julius@kriukas.lt>
Cc: Trent Piepho <tpiepho@impinj.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:42:12 +01:00
Bernd Kuhls
63497e0260 package/tor: security bump to version 0.3.1.10
Fixes CVE-2018-0490: null-pointer crash in directory authority protocol list
code.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:01:45 +01:00
Peter Seiderer
dd95e2c331 libv4l: fix libdvbv5 musl compile
Add optional copy of TEMP_FAILURE_RETRY macro.

Fixes [1]:

  ../../lib/libdvbv5/.libs/libdvbv5.so: undefined reference to `TEMP_FAILURE_RETRY'

[1] http://autobuild.buildroot.net/results/7aea0cbb9e7fe7d9919c9be04ba4567ddcf4e15e

Patch submitted upstream:
https://www.mail-archive.com/linux-media@vger.kernel.org/msg127134.html

[Peter: add upstream submission link as suggested by Baruch]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 10:15:25 +01:00
Baruch Siach
047cec5993 dhcp: add upstream security fixes
CVE-2018-5732: The DHCP client incorrectly handled certain malformed
responses. A remote attacker could use this issue to cause the DHCP
client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated
by the dhclient AppArmor profile.

CVE-2018-5733: The DHCP server incorrectly handled reference counting. A
remote attacker could possibly use this issue to cause the DHCP server
to crash, resulting in a denial of service.

Both issues are fixed in version 4.4.1. But we are close to release, so
backport the fixes instead of bumping version.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 23:26:08 +01:00
Adam Duskett
00fc361b0a postgresql: security bump to 10.3
Helps mitigate CVE-2018-1058

see: https://www.postgresql.org/docs/current/static/release-10-3.html for more
bugfixes.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 20:15:59 +01:00
Thomas Petazzoni
11050d908d board/qemu/ppc64le-pseries: make Qemu command similar to ppc64-pseries
In particular:

 - Explicitly specify the CPU to be used, POWER8, which matches
   qemu_ppc64le_pseries_defconfig

 - Use hard disk emulation to access the root filesystem instead of an
   initrd.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 17:20:16 +01:00
Thomas Petazzoni
1b554aa849 board/qemu/ppc64le-pseries: put Qemu command on one line
This allows the toolchain building machinery used by
https://toolchains.bootlin.com to automatically re-use this Qemu
command line.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 17:19:25 +01:00
Thomas Petazzoni
62e8305358 board/qemu/ppc64le-pseries: use qemu-system-ppc64
qemu-system-ppc64le doesn't necessarily exist: it isn't installed by
Qemu, and only created as a symlink to qemu-system-ppc64 by some
distributions (Ubuntu). Other distributions (Fedora) just have
qemu-system-ppc64.

But qemu-system-ppc64 is capable of running little-endian PPC64
systems, so use this one instead.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 17:19:20 +01:00
Thomas Petazzoni
8cde7e6af9 support/dependencies/dependencies.sh: check for Python argparse module
The script support/scripts/check-uniq-files uses the argparse Python
module. In most recent Python versions (starting with 2.7), the
argparse module is part of the standard library, and we already check
for the availability of Python in
support/dependencies/dependencies.sh.

However, when running on an ancient distribution with Python 2.6, the
argparse module is not part of the Python standard library, but
available as an external module. Without this module, the build fails,
because check-uniq-files, which is used in target-finalize, fails to
run.

To avoid this failure, this commit adds a check in
support/dependencies/dependencies.sh to verify that the argparse
module is available.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 17:18:18 +01:00
Thomas Petazzoni
62fa5e17cb support/scripts/check-uniq-files: add indices in format string
Using {} in format strings is only supported in sufficiently recent
Python versions. Python 2.6 doesn't support this, and only format
strings with numbered arguments: {0}, {1}, etc.

Python 2.7:

$ python -c 'print("foo {}".format(12))'
foo 12
$ python -c 'print("foo {0}".format(12))'
foo 12

Python 2.6:

$ python -c 'print("foo {}".format(12))'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
ValueError: zero length field name in format
$ python -c 'print("foo {0}".format(12))'
foo 12

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-03 17:17:41 +01:00