Fixes:
CVE-2016-6489 - RSA code is vulnerable to cache sharing related attacks.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
check and valgrind are optional depenencies of lldpd, so we must depend
on them when either is enabled.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This change enforces the CMAKE_SYSROOT value set in the toolchainfile.cmake.
This fix overrides the CMake heuristics used to guess it, and turns off some
non-desirable behavior adding "-isystem ..." flags to the compiler command
line, misleading the compiler and making the build failed due to some
unfound standard headers.
Fixes:
http://autobuild.buildroot.net/results/f7e/f7e92678e91a6cb15ccf32d4a7d75b39f49d6000/defconfig
(and others)
Cc: Ben Boeckel <mathstuf@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2016-6313: An attacker who obtains 580 bytes from the standard RNG
can trivially predict the next 20 bytes of output.
Add cryptographically secure sha256 hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2016-6316: Bug in the mixing functions of Libgcrypt's random number
generator. An attacker who obtains 4640 bits from the RNG can trivially
predict the next 160 bits of output.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In configure script there are some tests that are looking for
a suitable compiler. For this purpose script tries to compile
and link some C++ code that is hardcoded in the body of script.
The problem is that only linker flags ($LDFLAGS) are passed to the
compiler when the script is compiling test code. Therefore some
necessary command line options can be lost and this would lead to
errors.
This exactly happens to ARC:
1. -matomic option is lost as it compiler option,
2. test code compilation fails,
3. the script decides not to use arc-buildroot-linux-uclibc-g++,
4. scipt checks host compiler (x86_64-linux-gnu-g++ in your case),
5. package is being built for x86_64, not for ARC.
About last 2 steps - I don't know why configure script should try
to build stella for host machine. As for me an error should be
raised and a build should be stopped. But this is up to stella
developers.
Current patch adds compiler options ($CXXFLAGS) when compiling
test code in configure script.
Fixes stella build for ARC, e. g.:
http://autobuild.buildroot.net/results/c23/c23d655137b1c1825b1da69b18307c6a1d4b23b8//
[Peter: s/CPPFLAGS/CXXFLAGS/]
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Greg Ungerer fixed recently a bug in the Linux kernel, which
allows to use one memory region again.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With musl C library, we see following build failure.
src/scanner.c: In function 'find_enumeration':
src/scanner.c:811:2: error: unknown type name 'uint'
uint idx = 0, j;
^
uint is defined in <sys/types.h> header. It is usually included by <stdlib.h>
but in musl stdlib.h doesn't include it.
This patch adds upstream patch where uint32_t is used instead of uint.
Fixes:
http://autobuild.buildroot.net/results/fcf/fcf6dd3bd31f92eadbcae17338e5887a23e43ff9/
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With musl C library, we get following build error
integck.c:37:28: fatal error: bits/stdio_lim.h: No such file or directory
#include <bits/stdio_lim.h>
^
compilation terminated.
make[2]: *** [integck] Error 1
Header <bits/stdio_lim.h> is not available in musl C library. However
<stdio.h> has all definition that <bits/stdio_lim.h> supposed to be
providing. Moreover <bits/stdio_lim.h> shouldn't be included directly
instead we should be using <stdio.h>.
Since we already include <stdio.h> and in case of uClibc or glibc
<bits/stdio_lim.h> gets included internally, we can safely remove it.
Fixes:
http://autobuild.buildroot.net/results/175/1754861457af520480cc34d7d2d0edff2868ff66/
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
QtWebkit needs gstreamer-0.10 and the 'app' plugins, so we depend on
gstreamer and select the required plugins.
We can't select gstreamer as that would cause circular dependencies in
kconfig:
package/kodi/Config.in:37:error: recursive dependency detected!
package/kodi/Config.in:37: symbol BR2_PACKAGE_KODI depends on BR2_PACKAGE_KODI_EGL_GLES
package/kodi/Config.in:16: symbol BR2_PACKAGE_KODI_EGL_GLES depends on BR2_PACKAGE_HAS_LIBEGL
package/opengl/libegl/Config.in:1: symbol BR2_PACKAGE_HAS_LIBEGL is selected by BR2_PACKAGE_MESA3D_OPENGL_EGL
package/mesa3d/Config.in:150: symbol BR2_PACKAGE_MESA3D_OPENGL_EGL is selected by BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_VIRGL
package/mesa3d/Config.in:92: symbol BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_VIRGL depends on BR2_PACKAGE_MESA3D
package/mesa3d/Config.in:1: symbol BR2_PACKAGE_MESA3D is selected by BR2_PACKAGE_XDRIVER_XF86_VIDEO_IMX_VIV
package/x11r7/xdriver_xf86-video-imx-viv/Config.in:1: symbol BR2_PACKAGE_XDRIVER_XF86_VIDEO_IMX_VIV depends on BR2_PACKAGE_IMX_GPU_VIV_OUTPUT_X11
package/freescale-imx/imx-gpu-viv/Config.in:34: symbol BR2_PACKAGE_IMX_GPU_VIV_OUTPUT_X11 is part of choice <choice>
package/freescale-imx/imx-gpu-viv/Config.in:27: choice <choice> contains symbol <choice>
package/freescale-imx/imx-gpu-viv/Config.in:27: choice <choice> contains symbol BR2_PACKAGE_FREESCALE_IMX
package/freescale-imx/Config.in:1: symbol BR2_PACKAGE_FREESCALE_IMX is selected by BR2_PACKAGE_GST_FSL_PLUGINS
package/gstreamer/gst-fsl-plugins/Config.in:8: symbol BR2_PACKAGE_GST_FSL_PLUGINS depends on BR2_PACKAGE_GSTREAMER
package/gstreamer/gstreamer/Config.in:5: symbol BR2_PACKAGE_GSTREAMER is selected by BR2_PACKAGE_QT_WEBKIT
package/qt/Config.in:464: symbol BR2_PACKAGE_QT_WEBKIT depends on BR2_PACKAGE_QT
package/qt/Config.in:5: symbol BR2_PACKAGE_QT is selected by BR2_PACKAGE_PYTHON_PYQT
package/python-pyqt/Config.in:5: symbol BR2_PACKAGE_PYTHON_PYQT depends on BR2_PACKAGE_PYTHON
package/python/Config.in:5: symbol BR2_PACKAGE_PYTHON is selected by BR2_PACKAGE_KODI
This one is fairly complicated to fix properly, so it is easier to just
depend on gstreamer.
Also rework the comment when QtWebkit is not available.
Fixes:
http://autobuild.buildroot.org/results/84d/84d338b70c8ce3f21dd202de387326f18526aa63/http://autobuild.buildroot.org/results/379/379ad4eadf5af7e1d5b977bc229d3fcaba25b4fe/
[...]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current logic to pass the --{enable,disable}-mipsfpu option is:
ifeq ($(BR2_MIPS_SOFT_FLOAT),y)
FFMPEG_CONF_OPTS += --disable-mipsfpu
else
FFMPEG_CONF_OPTS += --enable-mipsfpu
endif
In practice, this means that on MIPS soft-float, --disable-mipsfpu is
passed, and that in *all* other cases, --enable-mipsfpu is passed,
including if we are *not* targetting the MIPS architecture.
Even though this doesn't seem to cause any problem, it is a bit weird to
see --enable-mipsfpu when you're building ffmpeg for a non-MIPS
architecture, so we better fix this by enclosing the MIPS-related
options in a MIPS condition.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_ARM_CPU_HAS_NEON=y, we pass --enable-neon. However, when
BR2_ARM_CPU_HAS_NEON is disabled, we don't pass anything. This generally
works fine, but turned out to integrate NEON code in ARMv7-M
builds (since it's ARMv7, ffmpeg assumed it should enable NEON code).
Even though ffmpeg is now disabled for ARMv7-M, it still makes sense to
be explicit, and disable NEON support when the CPU doesn't have it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed IPv6 and werror configure.ac patch(s) as
changes where incorporated upsteam.
Signed-off-by: Judd Meinders <judd.meinders@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
sg3_utils grep for '^linux' as the host OS to decide if we are
targetting Linux.
However, on noMMU targets, the host OS can be 'uclinux' instead of just
plain 'linux', which make sg3_util confused and thus it forgets to
include some source files in the build, resulting in link failures.
Fix that by ammending the regexp that recognises Linux. We now need to
run autoreconf.
Fixes:
http://autobuild.buildroot.org/results/79a/79a572f67bafa6a007256a5f22529c2daabd5733/http://autobuild.buildroot.org/results/4f7/4f7ea4bb4c4c12ceb9cd08bfb6720386f5bdea0b/
[Peter: fix typos as pointed out by Arnout]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Xen up to 4.7 which is the latest release.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump runc to cc29e3dded8e27ba8f65738f40d251c885030a28
This version is required by Docker Engine v1.12.0.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump docker-engine to the latest stable v1.12.0 from v1.12.0-rc3.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libintl may use thread-related functions, so -lpthread must come after
-lintl.
Fixes:
http://autobuild.buildroot.org/results/e9d/e9d89fd5b24a76a3c5ab9dc8f01f4643f7c13396/
[Peter: use -lpthread in comment as suggested by Arnout]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add security related bugfix to fix CVE-2016-4429 from
GNU libc project.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To avoid Xen build issues ensure that host Python 2 is used.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It uses spawn() and thus fork(), so it needs an MMU.
Fixes a build issue reported on IRC for a cortex-m4 build:
http://pastebin.com/dGCsy0sr
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It uses GRND_NONBLOCK, introduced in 3.17.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As described at:
4520524ba0
this commit continues a series of updates of ARC tools.
This time we're updating tools to arc-2016.09-eng008.
Main updates were made for gcc. It was switched to GCC 6 and to
OSABI v4.
Besides this patch fixes buildroot ARC failures connected to
"crtbeginT.o" object file missing. This issue lead to two main errors:
1) "crtbeginT.o: No such file or directory", e. g. bootutils-1.0.0.
No comments are required here I hope.
2) Errors like "compiler cannot create executables", e.g.:
a) host-gcc-final-arc-2016.09-eng007 static build,
b) aespipe-2.4c.
That was caused because the test to determine if compiler is able to
create executables was failing due to missing "crtbeginT.o" file.
We still keep GDB as it is of arc-2016.03 release because there're some
issues we'd like to resolve before releasing it to wider audience.
So again note this is next engineering builds of arc-2016.09 series
and it might have all kinds of breakages, please don't use it for
production builds.
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
BR2_PACKAGE_UBOOT_TOOLS_FIT_SUPPORT selects BR2_PACKAGE_DTC, but forgets
to depends on !BR2_STATIC_LIBS like BR2_PACKAGE_DTC does.
Fixes the following kconfig warning:
arning: (BR2_PACKAGE_UBOOT_TOOLS_FIT_SUPPORT && BR2_PACKAGE_KVMTOOL && BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE_FIT_SIGNATURE_SUPPORT) selects BR2_PACKAGE_DTC which has unmet direct dependencies (!BR2_STATIC_LIBS)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
