Fixes
CVE-2016-0754: remote file name path traversal in curl tool for Windows
CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adds descriptive help text to Config.in based on content from elinux.org and
Wikipedia. Notes that http://www.directfb.org/ has been broken for more than
five months and suggests using http://elinux.org/DirectFB instead.
Signed-off-by: Jonathan Ben-Avraham <yba@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When linking against libnspr with musl toolchains we get undefined
references to `getprotobyname_r' and `getprotobynumber_r', for example
when compiling libnss:
/home/test/autobuild/instance-1/output/host/usr/arm-buildroot-linux-musleabihf/sysroot/usr/lib/libnspr4.so:
undefined reference to `getprotobyname_r'
/home/test/autobuild/instance-1/output/host/usr/arm-buildroot-linux-musleabihf/sysroot/usr/lib/libnspr4.so:
undefined reference to `getprotobynumber_r'
That's because musl does not have an implementation of these functions,
so we need to enable their internal implementation from libnspr.
This patch was backported from Alpine Linux commit
a162da839db0d3f8be94a5c1ad2e2e54e691c38a.
Fixes:
http://autobuild.buildroot.net/results/6052538d10779a21ac242d61bb43a371497ec684/http://autobuild.buildroot.net/results/d62ea7dbe68188d073b4f176e6a354e95a8bab97/http://autobuild.buildroot.net/results/ae50521c485371cd59bc4ee7e8f323169c7d513d/
...
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
pixman fails to build with musl because <float.h> is included in
assembler files, which doesn't work with the <float.h> provided by
musl. This commit fixes that by patching pixman (patch submitted
upstream).
Reported-by: Eial Czerwacki <eial@scalemp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add two upstream patches to fix the build of minicom with the musl C
library.
Fixes:
http://autobuild.buildroot.net/results/ea7/ea72a5aee30a89251c06e6a916499e39128437c0/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: use upstream patches instead of OpenEmbedded patch.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Otherwise it will search in the usual places, and if the host has
it it will try to build against that one, resulting in failure. Fixes:
http://autobuild.buildroot.net/results/b39/b399ee830de587e3302f86ac0caadd2607c6c43c/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2016-0742 - invalid pointer dereference might occur during DNS
server response processing if the "resolver" directive was used,
allowing anattacker who is able to forge UDP packets from the DNS server
to cause segmentation fault in a worker process.
CVE-2016-0746 - use-after-free condition might occur during CNAME
response processing if the "resolver" directive was used, allowing an
attacker who is able to trigger name resolution to cause segmentation
fault in a worker process, or might have potential other impact.
CVE-2016-0747 - CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: download location changed to
https://linuxcontainers.org/downloads/lxc, as noticed by Santosh
Multhalli.]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
http://autobuild.buildroot.net/results/256/2561190b274d71666c4bdf3c569b02063cefdb30/http://autobuild.buildroot.net/results/14e/14e6addcd3ec35f882da7ec489caa9b60ecd4b63/http://autobuild.buildroot.net/results/cf0/cf011286be839674d358a8bccaf1c5c52de75e46/
madplay needs gettext when built with nls, and it support 3 variants:
- C library support gettext (E.G. glibc)
- Libintl (E.G. uClibc)
- An included libintl copy
The included libintl copy has unfortunately bitrotted and doesn't even build
any more. With that said, musl DOES have gettext support, so that should be
used instead.
The configure script unfortunately uses an old AM_GNU_GETTEXT test, which
explicitly checks for nonstandard glibc extensions, which musl doesn't
support:
http://www.openwall.com/lists/musl/2015/04/16/3
Which causes the detection to fail:
configure:24770: checking for GNU gettext in libc
configure:24794: /home/peko/source/buildroot/output/host/usr/bin/i486-linux-musl-gcc \
-o conftest -Wall -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 \
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
/tmp/ccboDFhK.o: In function `main':
conftest.c:(.text+0x39): undefined reference to `_nl_msg_cat_cntr'
conftest.c:(.text+0x40): undefined reference to `_nl_domain_bindings'
collect2: error: ld returned 1 exit status
Now, madplay itself doesn't actually use these glibc extensions, so just force the
detection of GNU gettext when musl is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2015-8704 - apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and
9.10.x before 9.10.3-P3 allows remote authenticated users to cause a
denial of service (INSIST assertion failure and daemon exit) via a
malformed Address Prefix List (APL) record.
CVE-2015-8705 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3,
when debug logging is enabled, allows remote attackers to cause a denial
of service (REQUIRE assertion failure and daemon exit, or daemon crash)
or possibly have unspecified other impact via (1) OPT data or (2) an ECS
option.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
uClibc in commit 70a04a28 #defined ptrsize globally in bits/setjmp.h for
mips. However this is a common variable name and causes build failure
for at least bind.
So rename ptrsize to ptr_size in bind to avoid this. Fixes:
http://autobuild.buildroot.net/results/a92/a92fa5dc5d9d6742d61d4d293f7eac97c5355dfe/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The autobuilders did not catch the error yet because they failed
earlier with other packages, but I am continuing the build using
the defconfig from:
http://autobuild.buildroot.net/results/6cc/6cc0f8c067e07deea688b9b97284601a596b898c/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The autobuilders did not catch the error yet because they failed
earlier with other packages, but I am continuing the build using the
defconfig from:
http://autobuild.buildroot.net/results/6cc/6cc0f8c067e07deea688b9b97284601a596b898c/
[Thomas: replace with upstream patch directly, fetched from Github.]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The autobuilders did not catch the error yet because they failed
earlier with other packages, but I am continuing the build using
the defconfig from:
http://autobuild.buildroot.net/results/6cc/6cc0f8c067e07deea688b9b97284601a596b898c/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
For some reason, since when openocd was introduced, it was using a
BR2_ARCH_HAS_ATOMICS dependency for all sub-options that selected
BR2_PACKAGE_LIBFTDI1, even if the libftdi1 package did not have any
atomics dependency. Maybe it was confused with the libftdi package,
which did have a BR2_ARCH_HAS_ATOMICS dependency ?
Regardless, openocd with all four sub-options that currently depend on
BR2_ARCH_HAS_ATOMICS builds perfectly fine with a toolchain that does
not implement any of the __sync atomic built-ins, so we can remove the
BR2_ARCH_HAS_ATOMICS dependency.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This fixes build failures like this one:
zbar/decoder/ean.c: In function 'ean_part_end4':
zbar/decoder/ean.c:297:13: error: logical not is only applied to the
left hand side of comparison [-Werror=logical-not-parentheses]
if(!par == fwd) {
This patch has been sent upstream as a pull request:
https://github.com/ZBar/ZBar/pull/9
Fixes:
http://autobuild.buildroot.net/results/299/299dc845af082167085d366b38daf1dfd95d7047/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since the introduction of _KCONFIG_DEFCONFIG in 8ef62b99, the package's
.config file no longer depends on anything (unless a fragment is
defined). Therefore, there is no dependency anymore between .config
and <pkg>-patch. Thus, it is possible that the .config file is
attempted to be built before the package is extracted and patched.
Usually this works out OK because <pkg>-patch will always be done
before <pkg>-configure, but it will fail when the user calls
<pkg>-menuconfig explicitly. It will also fail when we enable
top-level parallel build.
To solve this, just add an explicit order-only dependency on
<pkg>-patch. It really is only necessary when _KCONFIG_DEFCONFIG is
defined and _KCONFIG_FRAGMENT_FILES is not, but it doesn't hurt to
add it unconditionally.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reported-by: FrAnKenStEiN MC <chfakht@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The BR2_ARCH_HAS_ATOMICS was added because on ARC, atomic instructions
may not be provided by the architecture and therefore the compiler
does not provide the __sync_*() built-ins.
However, since then, icu was changed and is now able to use C++11
atomics, or even no atomic operations at all. In fact, icu will:
* If possible, it will use C++11 atomics, which internally rely on
the __atomic built-ins. These are available since gcc 4.7, and all
architectures provide it. On some architectures, you *must* link
with libatomic, on some other architectures, they are available
built-in, but in all cases, linking against libatomic does not
harm. Thanks to this, even ARC with no atomic support (which was
the original reason for adding the BR2_ARCH_HAS_ATOMICS) dependency
builds fine, provided -latomic is added to LIBS.
* If C++11 atomics are not available, then it falls back to
__sync_*() built-ins, which allows compilers older than 4.7 to be
supported.
* If really no atomic mechanism is available, then it falls back to a
basic implementation based on a mutex.
Conclusion:
- The BR2_ARCH_HAS_ATOMICS dependency is no longer needed.
- We need to link with -latomic when gcc >= 4.7 is used.
Note that reverse dependencies of icu are also changed accordingly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In commit 669ce8c75e ("libftdi: add
dependency on atomic operations"), a dependency on
BR2_ARCH_HAS_ATOMICS was added to the libftdi package to fix a build
failure occuring on the ARC architecture due to the missing
__sync_fetch_and_add_4 function:
../ftdipp/.libs/libftdipp.so: undefined reference to `__sync_fetch_and_add_4'
However, today, even on the SPARC architecture that does not implement
any of the __sync built-ins, libftdi and its C++ binding libftdipp
build fine. ARC was also tested and builds fine.
Therefore, we remove the BR2_ARCH_HAS_ATOMICS dependency from libftdi,
and also from flashrom, in which it was only present due to the
selection of libftdi. Note that anyway flashrom is available only for
i386 and x86_64, both of which implement all the __sync built-ins.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
According to libftdi configure.in:
"""
dnl libftdi C++ wrapper. Needs boost.
[...]
if test "x$HAVE_BOOST" != "xyes"; then
AC_MSG_ERROR(Sorry, we need the boost library for the C++ wrapper)
fi
"""
And indeed, if you enable BR2_PACKAGE_LIBTFDI_CPP but don't have Boost
enabled, the libfdipp library is not built. To fix this, this commit
changes BR2_PACKAGE_LIBTFDI_CPP to select Boost.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Compile error occured using an allyesconfig, it seems it has not been
caught by the autobuilders yet.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit d1d735a148 disables the tests
tirpc_auth_authdes_seccreate
but not those in
tirpc_auth_authdes_create
while these also fail on targets without native RPC support.
Update the added patch to exclude those tests too.
Fixes:
http://autobuild.buildroot.net/results/3a2/3a2b141d90b28a2954fa0ad3104cba81d648d2a3/
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>