The two patches are no longer needed with the latest upstream version,
so bump to the latest one.
Tested on imx6.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Update the "basic set" description to include fincore, which is built
by default, and remove tailf, which was removed in this version.
- Add configuration options for the new utilities "chmem" and "lsmem".
- Add a patch to revert the assumption that ncursesw headers are under
/usr/include/ncursesw/ only. That's necessary to have both versions
for ABI/API compatibility but does not make sense on embedded systems.
- Drop autoreconf, since the patch on term-utils/Makemodule.am is gone.
The patch is a bit drastic but it solves the problem of using ncursews
while we discuss a better solution in the util-linux mailing list.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes the following security issues:
CVE-2016-9577
Frediano Ziglio of Red Hat discovered a buffer overflow
vulnerability in the main_channel_alloc_msg_rcv_buf function. An
authenticated attacker can take advantage of this flaw to cause a
denial of service (spice server crash), or possibly, execute
arbitrary code.
CVE-2016-9578
Frediano Ziglio of Red Hat discovered that spice does not properly
validate incoming messages. An attacker able to connect to the
spice server could send crafted messages which would cause the
process to crash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2016-0749: The smartcard interaction in SPICE allows remote attackers to
cause a denial of service (QEMU-KVM process crash) or possibly execute
arbitrary code via vectors related to connecting to a guest VM, which
triggers a heap-based buffer overflow.
CVE-2016-2150: SPICE allows local guest OS users to read from or write to
arbitrary host memory locations via crafted primary surface parameters, a
similar issue to CVE-2015-5261.
The pyparsing check has been dropped from configure, and the spice protocol
definition is again included, so the workarounds can be removed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2015-3247: Race condition in the worker_update_monitors_config function
in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial
of service (heap-based memory corruption and QEMU-KVM crash) or possibly
execute arbitrary code on the host via unspecified vectors.
CVE-2015-5260: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to cause a denial of service (heap-based memory corruption
and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL
commands related to the surface_id parameter.
CVE-2015-5261: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to read and write to arbitrary memory locations on the host
via guest QXL commands related to surface creation.
Client/gui support is gone upstream (moved to spice-gtk / virt-viewer), so
add Config.in.legacy handling for them.
Lz4 is a new optional dependency, so handle it.
The spice protocol definition is no longer included and instead used from
spice-protocol. The build system uses pkg-config --variable=codegendir to
find the build time path of this, which doesn't take our STAGING_DIR prefix
into consideration, so it needs some help. The installed protocol
definition will likewise be newer than the generated files, so we need to
workaround that to ensure they are not regenerated (which needs host python
/ pyparsing).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tunneling support is gone upstream, so drop the patch and add
Config.in.legacy handling for the option.
Celt051 is no longer a hard dependency, and opus is a new optional
dependency, so adjust the dependencies to match.
Python / pyparsing are not needed as the tarball contains the generated
files (this should presumably have been host-python in the first place as
these are used at build time), but we need a small workaround to convince
configure that they really aren't needed.
Alsa-lib is only needed for client support, and the configure script checks
for X11/Xext/Xrender, so adjust the dependencies to match.
A user manual is now generated by default if asciidoc is available, so
explicitly disable that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch forces BR2_PACKAGE_LINUXCONSOLETOOLS_INPUTATTACH
to be selected if none of the other sub-options are
selected. This fixes build failures when using
'make randpackageconfig', where selecting
BR2_PACKAGE_LINUXCONSOLETOOLS without selecting any sub-option
would break in the 'install to target' phase.
Fixes:
http://autobuild.buildroot.net/results/94b/94bc050f291cc42a4fdcf02157320576feb03654/http://autobuild.buildroot.net/results/f62/f62c5e8bd63d21211eb0e658c4e84135bd59b8cb/
And many more.
[Peter: add autobuilder references and wrap Config.in line]
Signed-off-by: Koen Martens <koen.martens@transport.alstom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Instead of a custom post-build script, use the boot script generation
logic of the U-Boot package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
More and more of our defconfigs need to generate a U-Boot boot
script. It's a simple call to mkimage, but we already have 12
instances of this logic in board/, and there are patch series waiting
in patchwork adding 3 more boards that need this.
So let's add an option in the U-Boot package to generate such a boot
script image easily.
Note that we assume a single script needs to be generated, and the
output file name is boot.scr. The only platform for which it seems to
not be the case are the Boundary Devices platforms: they generate two
boot scripts, 6x_bootscript and 6x_upgrade, but they are anyway
installed inside TARGET_DIR, not BINARIES_DIR.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch 0006 is no longer needed as the fix is already upstream.
Confirmed that the colors are displayed correctly when running the
Qt5CinematicDemo application on i.mx6.
Patch 0007 is already applied upstream.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for a13_olinuxino board
with below features
- U-Boot 2017.05
- Linux 4.11.5
- Default packages from buildroot
Signed-off-by: Chakra Divi <chakra@openedev.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
[Thomas:
- use full name in DEVELOPERS file
- remove parametrization of the post-build.sh script, just hardcode
the boot.cmd file used as input
- add missing dosfstools and mtools host packages in defconfig,
needed because a vfat partition is defined in the genimage.cfg
file
- minor tweaks to readme.txt file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch adds xradio wireless driver for SDIO WiFi chip XR819.
The out-of-tree driver is sourced from fifteenhex's work
on github https://github.com/fifteenhex/xradio
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Thomas: add entry in DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
[Thomas: "depends on" before "select" in Config.in]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch backports two patches that have been sent upstream as a pull
request in order to fix sshd for MIPS64 n32.
The first patch adds support for detecting the MIPS ABI during the
configure phase.
The second patch sets the right value to seccomp_audit_arch taking into
account the MIPS64 ABI.
Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
for MIPS64. However, that's only valid for n64 ABI. The right macros for
n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.
Because of that an sshd built for MIPS64 n32 rejects connection attempts
and the output of strace reveals that the problem is related to seccomp
audit:
[pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
filter=0x555d5da0}) = 0
[pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ?
[pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP},
{fd=6, revents=POLLHUP}])
[pid 194] +++ killed by SIGSYS +++
Pull request: https://github.com/openssh/openssh-portable/pull/71
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add support for specifying multiple image files in
BR2_TARGET_BAREBOX_IMAGE_FILE config option.
This is useful for boards with several RAM size variants.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
[Thomas: rename internal variable from $(1)_IMAGE_FILE to
$(1)_IMAGE_FILES.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Default bootargs have changed in U-Boot for this board. Build U-Boot
environment and add it to the SD card image to update bootargs.
Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
at91sam9x5ek_mmc board was missing in the previous patch adding 1M
offset for FAT partition to solve some boot issues with the ROM code.
Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Updating version to latest as on 26 June 2017 to include kmstest utility
Signed-off-by: Venkateswara Rao Mandela <venkat.mandela@ti.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Upstream uploaded a new tarball with the same version number 2016-09-08,
some time after the update to v2.0.9 in buildroot. Someone noticed, but
upstream set the ticket to wontfix, and promised to do better in the
future: https://sourceforge.net/p/iperf2/tickets/20/
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes the following security issues:
CVE-2017-1000381: The c-ares function `ares_parse_naptr_reply()`, which is
used for parsing NAPTR responses, could be triggered to read memory outside
of the given input buffer if the passed in DNS response packet was crafted
in a particular way.
https://c-ares.haxx.se/adv_20170620.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
remove input-tools, it has been obsoleted by linuxconsoletools
linuxconsoletools uses the same name as upstream and carries
the latest version of the tools installed by input-tools.
Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-3167: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being bypassed.
CVE-2017-3169: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
CVE-2017-7659: A maliciously constructed HTTP/2 request could cause
mod_http2 to dereference a NULL pointer and crash the server process.
CVE-2017-7668: The HTTP strict parsing changes added in Apache httpd 2.2.32
and 2.4.24 introduced a bug in token list parsing, which allows
ap_find_token() to search past the end of its input string. By maliciously
crafting a sequence of request headers, an attacker may be able to cause a
segmentation fault, or to force ap_find_token() to return an incorrect
value.
CVE-2017-7679: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_mime can read one byte past the end of a buffer when sending a malicious
Content-Type response header.
While we're at it, use the upstream sha256 checksum instead of sha1.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes the following security issues:
CVE-2017-3140 is a denial-of-service vulnerability affecting 9.9.10,
9.10.5, 9.11.0->9.11.1, 9.9.10-S1, and 9.10.5-S1 when configured with
Response Policy Zones (RPZ) utilizing NSIP or NSDNAME rules.
https://kb.isc.org/article/AA-01495/74/CVE-2017-3140
CVE-2017-3141 is a Windows privilege escalation vector affecting
9.2.6-P2+, 9.3.2-P1+, 9.4.x, 9.5.x, 9.6.x, 9.7.x, 9.8.x, 9.9.0->9.9.10,
9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, and 9.10.5-S1. The
BIND Windows installer failed to properly quote the service paths,
possibly allowing a local user to achieve privilege escalation, if
allowed by file system permissions.
https://kb.isc.org/article/AA-01496/74/CVE-2017-3141
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate paho-mqtt dependencies, use alphabetic ordering.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate rabbitmq-c dependency, use alphabetic ordering.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
janus-gateway supports many different transports, and currently there
is no implicit way to turn them off or on. Instead, if the dependency
happens to be built, then the transport is enabled.
Create a transports section in the config file and add
BR2_PACKAGE_JANUS_REST as the first transport.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate thread dependency.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Such a construct allows to bail out if the installation of one of the
program fails, which the current shell-based for loop doesn't do.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This revision includes:
- Moving from a handwritten makefile to autotools.
- Restructuring and cleaning up the source tree.
- Fixing the problems that the patches in the package/mtd directory fixed.
Changes:
- Move from generic-package to autotools-package in mtd.mk.
- Remove no longer necessary patches.
- Update binary locations in mtd.mk
- Update library/header locations in mtd.mk
- Remove MTD_ADD_MISSING_LINTL definition from mtd.mk, as it's no longer
needed.
Tested with toolchains compiled with musl, uclibc, and glibc.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: additional improvements
- introduce hidden options BR2_PACKAGE_MTD_JFFS_UTILS,
BR2_PACKAGE_MTD_UBIFS_UTILS and BR2_PACKAGE_MTD_TESTS that match the
./configure options of mtd. Those hidden options select the
appropriate dependencies checked by the configure script, and are
selected by the existing per-tool Config.in options.
- .mk file is changed to handle properly the new hidden options
BR2_PACKAGE_MTD_JFFS_UTILS, BR2_PACKAGE_MTD_UBIFS_UTILS and
BR2_PACKAGE_MTD_TESTS.
- .mk file is changed to properly handle BR2_PACKAGE_ACL, by passing
--with-xattr/--without-xattr.
- remove HOST_MTD_BUILD_CMDS and HOST_MTD_INSTALL_CMDS, those are no
longer needed since we have an autotools-package now.
- MTD_STAGING_y and MTD_INSTALL_STAGING_CMDS are removed, we use the
default staging installation commands, that install everything that
is needed.
- the MTD_TARGETS_UBI_y variable is merged into MTD_TARGETS_y, as we no
longer need to distinguish both.
- integck installation logic is moved into MTD_TARGETS_y.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In buildroot ffmpeg uses x264 as optional dependency if
BR2_PACKAGE_FFMPEG_GPL is enabled at the same time.
If BR2_PACKAGE_FFMPEG_GPL is disabled and ffmpeg is built without x264
support before x264 itself is build, x264 picks up certain ffmpeg libs
as optional dependency leading to build errors because x264 does not
correctly link statically against ffmpeg.
To avoid a circular dependency and to avoid teaching x264 how to
correctly link statically with ffmpeg we just disable all ffmpeg-
related options.
Fixes
http://autobuild.buildroot.net/results/36a/36abb5b8f3aab57fb7b63056b216b4a58143ee3e/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to check whether librt is required for clock_* system calls.
Cc: Rhys Williams <github@wilberforce.co.nz>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to check whether librt is required for clock_* system calls.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to check whether librt is required for clock_* system calls.
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to link with librt for clock_* system calls.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
