Fixes CVE-2014-1684: The ASF_ReadObject_file_properties function in
modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media
Player before 2.1.3 allows remote attackers to cause a denial of service
(divide-by-zero error and crash) via a zero minimum and maximum data
packet size in an ASF file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also make the menu entry less melodramatic.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently we configure uClibc to use kernel headers from "staging" folder with
KERNEL_HEADERS="$(STAGING_DIR)/usr/include". This path is added to include
search path of uClibc build system in Rules.mak "CFLAGS += -I$(KERNEL_HEADERS)".
At the same time on uClibc installation to "staging" we point to the same
location "$(STAGING_DIR)/usr" (headers effectively go in "usr/include").
So after every installation to "staging" dependences get touched (even though we
copy the same headers every time) and so we may see lots of sources in uClibc
get rebuilt.
This has 2 consequences:
1. Longer build time - becase even on ordinary buildroot build uClibc is built
twice. On "uclibc building" and on "uclibc installation to target".
2. Symbols in libuClibc built initially (that is later installed in
"staging/sysroot") are situated with different offset compared to second build
(later copied in "target"). This happens because as described above only part
of sources get rebuilt and then on final linkage object files are linked in
different order.
And (2) leads to problems on remote rebugging: gdbserver reports offsets that
correspond to pointless assembly in libuClibc on host.
Here's how it looks like.
Before this patch:
$ cd ~/br2_output/i586/target/lib
$ i586-buildroot-linux-uclibc-readelf -s libuClibc-0.9.33.2.so | grep kill
423: 0000c42c 54 FUNC GLOBAL DEFAULT 7 kill
$ cd ~/br2_output/i586/staging/lib
$ i586-buildroot-linux-uclibc-readelf -s libuClibc-0.9.33.2.so | grep kill
423: 0000b518 54 FUNC GLOBAL DEFAULT 7 kill
After this patch:
$ cd ~/br2_output/i586/target/lib
$ i586-buildroot-linux-uclibc-readelf -s libuClibc-0.9.33.2.so | grep kill
423: 0000b518 54 FUNC GLOBAL DEFAULT 7 kill
$ cd ~/br2_output/i586/staging/lib
$ i586-buildroot-linux-uclibc-readelf -s libuClibc-0.9.33.2.so | grep kill
423: 0000b518 54 FUNC GLOBAL DEFAULT 7 kill
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Noam Camus <noamc@ezchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The fltk buildsystem no longer tries to strip binaries during installation,
so these can be dropped.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For example, if your project is known to require more space than the
default max cache size, then you might want to increase the cache size
to a suitable amount using the -M (--max-size) option.
The string you specify here is passed verbatim to ccache. Refer to
ccache documentation for more details.
These initial settings are applied after ccache has been compiled.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Tested-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit 433290761f changed the hard-coded
ccache directory location to use BR_CACHE_DIR (then BUILDROOT_CACHE_DIR),
which is exported by Makefile based on the BR2_CCACHE_DIR config option.
This allowed the cache location to be changed on-the-fly by setting a
"make" command line variable, but left the default location of ccache's
normal default at "$HOME/.ccache". Since this location does not match the
default for BR2_CCACHE_DIR, it is basically almost never correct, so
direct invocation of ccache outside of the buildroot Makefile, such as for
increasing the cache size, becomes cumbersome.
This patch changes the last-ditch cache location from "$HOME/.ccache" to
the BR_CCACHE_DIR value defined when host-ccache is configured. Note that
the ability to later override the cache location by using a BR_CACHE_DIR
command line variable is left intact.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Tested-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove the specific check that was done in dependencies.sh to use the
generic one that were introduced by the previous patch.
Also, introduce, BR2_NEEDS_HOST_JAVAC and BR2_NEEDS_HOST_JAR as it is
needed by classpath.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Avoid copy/pasting the same block of code to check if a program is
available on the host machine.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The sources of the mkpasswd package are shipped with Buildroot, rather than
downloaded from an external location. As a result, no explicit version is
defined, causing build messages and build directory to show 'undefined' as
version.
This patch sets the version for mkpasswd to 'buildroot-$(BR2_VERSION), which
would for example expand to 'buildroot-2014.05'.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The sources of the makedevs package are shipped with Buildroot, rather than
downloaded from an external location. As a result, no explicit version is
defined, causing build messages and build directory to show 'undefined' as
version.
This patch sets the version for makedevs to 'buildroot-$(BR2_VERSION), which
would for example expand to 'buildroot-2014.05'.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch migrates the toolchain and toolchain-buildroot packages to the
virtual package infrastructure, causing the log messages to change from:
>>> toolchain undefined Downloading
>>> toolchain undefined Extracting
...
to
>>> toolchain virtual Downloading
>>> toolchain virtual Extracting
...
and similar for 'toolchain-buildroot', simply because it looks nicer.
At the same time, the directory names also become toolchain-virtual,
toolchain-buildroot-virtual instead of the corresponding 'undefined'
variants.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As mentioned in the e-mail accompanying the introduction of the pkg-virtual
infrastructure [1], the definition of FOO_VERSION is 'strange'.
After the cleanup of single/double dollar signs in inner-generic-package,
the special construction in pkg-virtual is no longer needed and can be
simplified.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[1] http://lists.busybox.net/pipermail/buildroot/2014-April/093670.html
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As the rules with respect to variable and function references and the need
for single or double dollar signs are not trivial, add a comment in
pkg-generic.mk describing them.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The inner-xxx-targets in the buildroot package infrastructures are
evaluated using $(eval) which causes variable references to be a bit
different than in regular make code. As we want most references to be
expanded only at the time of the $(eval) we should not use standard
references $(VAR) but rather use double dollar signs $$(VAR). This includes
function references like $(call), $(subst), etc. The only exception is the
reference to pkgdir/pkgname and numbered variables, which are parameters to
the inner block: $(1), $(2), etc.
This patch introduces consistent usage of double-dollar signs throughout the
different inner-xxx-targets blocks.
In some cases, this would potentially cause circular references, in
particular when the value of HOST_FOO_VAR would be obtained from the
corresponding FOO_VAR if HOST_FOO_VAR is not defined. In these cases, a test
is added to check for a host package (the only case where such constructions
are relevant; these are not circular).
Benefits of these changes are:
- behavior of variables is now again as expected. For example, setting
$(2)_VERSION = virtual in pkg-virtual.mk will effectively work, while
originally it would cause very odd results.
- The output of 'make printvars' is now much more useful. This target shows
the value of all variables, and the expression that led to that value.
However, if the expression was coming from an inner-xxx-targets block, and
was using single dollar signs, it would show in printvars as
VAR = value (value)
while if double dollar signs are used, it would effectively look like
VAR = value (actual expression)
as is intended.
This improvement is for example effective for FOO_DL_VERSION, FOO_RAWNAME,
FOO_SITE_METHOD and FOO_MAKE.
The correctness of this patch has been verified using 'make printvars',
'make manual' and 'make legal-info' before and after applying this patch,
and comparing the output.
Insight-provided-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The libdrm has a bunch of useful test programs. Add an option to pass
the configure option to install them.
Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
However, this toolchain is only usable for e500v2 with the SPE ABI.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Add and enable a systemd unit file to bring up or down network with ifup /
ifdown, analogous to the skeleton/etc/init.d/S40network init script.
Signed-off-by: Ivan Sergeev <vsergeev@kumunetworks.com>
[eric.le.bihan.dev@free.fr:
- rebase
- install service only if systemd-networkd is not selected]
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-4020 (The frame metadissector could crash).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The old ncurses trick is no longer needed for this version, in fact it's
harmful. Switch to proper configure options.
Also disable rpath hackery since it's not required and could be
problematic. Fixes:
http://autobuild.buildroot.net/results/411/411f6171e972eab4486143dedbfd078136886ab0/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since the switch to 4.8.x as default, the qemu-sparc target is broken.
For a gcc bug report see here:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60624
Switch back to gcc 4.7.x as default for sparc.
Disable 4.8/4.9 as suggested by Thomas Petazzoni.
I even disabled gcc snapshot, it works right now, because
it is an old 4.8.0 snapshot by default, but as soon as this is updated
sparc build will break.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Kernel headers version 3.8.x has been deprecated since 2013.08 and thus can
be removed in 2014.08.
An automatic selection of 3.9.x headers is performed in the legacy menu.
Existing automatic selections of 3.8.x headers are modified to select
3.9.x.
As this patch removes the last occurrence of BR2_DEPRECATED_SINCE_2013_08,
the symbol is removed too.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a number of security issues and adds support for PUT/DELETE. From the
release mail:
<snip>
Stephen Röttger reported a number of security bugs, the most serious of
which is a potential heap overflow in sliding_buffer.c (file uploads).
There is a potential for remote code execution.
At the same time, I've made an *experimental* change to allow RESTful
API's possible:
* PUT and DELETE methods are handled by the POST and GET handlers.
* For mostly historical reasons, data on the URI is still called
GET.<var>, and data in the body is named POST.<var>
* If the Content-Type is not "application/x-www-form-urlencoded", Haserl
won't try to urldecode the POST contents - it will just put the body in
POST.body verbatim.
</snip>
The lua handling now uses pkg-config, so adjust the code to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even when compiled with --enable-static --disable-shared, util-linux
creates some incorrect libuuid.so, libblkid.so and libmount.so
symbolic links, which confuses the compiler which thinks that a shared
library is available. This causes some build issues such as:
http://autobuild.buildroot.org/results/990/9909d198ce14969d0e9d29a34fcc33f0ef79220d/
This commit fixes that by adding a patch to util-linux that fixes this
issue. The patch has been submitted upstream at
http://article.gmane.org/gmane.linux.utilities.util-linux-ng/9262.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
NM provides a newt based UI. One can create, modify and delete NM
connections via this interface.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patch fixes compilation error and is already upstreamed.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'graph-depends' logic uses the 'dot' program from Graphviz to draw
the dependency graph, but it doesn't check its existence before
starting the generation of the graph, which can lead to user confusion
as reported in:
http://lists.busybox.net/pipermail/buildroot/2014-June/099278.html
With this commit, we first test if the 'dot' program is available, and
if it's not, we error out with a clear error message:
$ make graph-depends
ERROR: The 'dot' program from Graphviz is needed for graph-depends
make: *** [graph-depends] Error 1
[Peter: send error message to stderr instead]
Reported-by: Dallas Clement <dallas.a.clement@gmail.com>
Cc: Dallas Clement <dallas.a.clement@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
And while we're at it, factorize the definition of the musl version,
since it's common to the definition of the tarball names for the
various supported architectures.
[Peter: Adjust Config.in info to match new version]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The transitive dependencies make the graphs barely readable for large
configs, with a large number of packages.
So, just switch to not drawing the transitive dependencies by default.
By popular demand... ;-)
[Peter: reword]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc; Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: use http url as wget complains about certificate]
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>