Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
svn+ssh URLs in svn:externals and svn:sync-from-url
For more details, see
http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
minnowboard_max-graphical_defconfig has the line "BR_TARGET_GRUB2=y",
but this currently has no effect because BR_TARGET_GRUB2 cannot be
selected without BR2_TOOLCHAIN_BUILDROOT_WCHAR=y, which is not set by
default.
The minnowboard max defconfig was updated to fix this problem, but the
graphical variant was not updated alongside it.
Signed-off-by: Nicholas Sielicki <sielicki@yandex.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The galileo_defconfig has the line "BR_TARGET_GRUB2=y", but this
currently has no effect because BR_TARGET_GRUB2 cannot be selected
without BR2_TOOLCHAIN_BUILDROOT_WCHAR=y, which is not set by default.
Signed-off-by: Nicholas Sielicki <sielicki@yandex.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The kernel used so far for the galileo boards would not successfully
build with GCC versions greater than 5.
See: https://github.com/mdr78/Linux-x1000/pull/2
Signed-off-by: Nicholas Sielicki <sielicki@yandex.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit 44b5637ab2 (e2fsprogs: add a patch to link against SEM_INIT libs)
introduced a patch that effectively adds -lpthread to the link command
with libcom_err. Today the only libc with separate libpthread is glibc
that does not support static build. The generated libcom_err.so.2.1
library links with libpthread with or without this patch. Drop this
patch.
Cc: Daniel Mack <daniel@zonque.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Init script use /var/lock/subsys/netplugd but directory
/var/lock/subsys can be missing.
Signed-off-by: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When we list the available tests, we use test_dir, which is set from
the path of the script. However, when we run the tests, we use the
hard-coded path.
Ditto to find the config file.
For consistency, always use test_dir.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit c96b8675ea
("support/scripts/check-bin-arch: ignore symbolic links") was bogus,
because it tested ${f}, which is the relative path of the file inside
${TARGET_DIR}, so we end up testing if ${f} on the system is a
symbolic link.
This commit fixes that by testing ${TARGET_DIR}/${f}.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since commit da32b49f00
("instrumentation: extend packages-file-list.txt with symlinks and
directories"), the packages-file-list.txt also contains symbolic
links. Therefore, check-bin-arch is now also checking symbolic links.
However, symbolic links in $(TARGET_DIR) can have absolute path as
targets, such as:
$ ls -l output/target/sbin/ifdown
lrwxrwxrwx 1 thomas thomas 10 Sep 3 15:55 output/target/sbin/ifdown -> /sbin/ifup
Therefore, we are now potentially checking a host binary, which
obviously makes check-bin-arch fail.
This commit changes check-bin-arch to ignore symbolic links. Indeed,
we have two cases:
- The symbolic link really points to something that will in the
rootfs (such as /sbin/ifup above). In this case, /sbin/ifup will be
checked separately by check-bin-arch.
- The symbolic link doesn't point to something that will be in the
rootfs, and that is not a problem from the perspective of
check-bin-arch, which checks the architecture of target binaries.
Fixes:
http://autobuild.buildroot.net/results/16d384a0183d477646ac7692feb65f00dde7d068/
(vim)
http://autobuild.buildroot.net/results/50429c0f63a8befff9e20899327b9a8d754d99be/
(ifupdown)
http://autobuild.buildroot.net/results/1db65973e782bfa61abcbccd3501bfd235f77288/
(gawk)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The new libcgi build system was forcing the build of a shared library,
breaking the build on static-only configurations. This commit adds a
libcgi patch (submitted upstream) that makes its build system use the
default CMake behavior (rely on BUILD_SHARED_LIBS).
Fixes:
http://autobuild.buildroot.net/results/c166aa1eda9d86083a1aeefd8631ed45dbcb05e7/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Switch to https download for firewall compatibility and security.
As upstream now defaults to 'gpg' for the main binary name, keep the
'gpg2' name as in previous releases, to avoid conflict with the gnupg
package.
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
gnupg2 removed gnulib in version 2.1.1. The workaround for non-wchar
toolchains introduced in commit 8a87887095 (gnupg2: fix build on
non-wchar toolchains), is no longer needed.
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Romain Naour <romain.naour@openwide.fr>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
gnupg2 migrated to libusb-1.0 in version 2.1.12.
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
curlbuild.h was removed in recent versinos of curl, backporting a
patch from mainline to fix it until a newer version of sysdig is
released.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
With linux-pam, the configure script bails out with:
configure: error: su selected, but required PAM header file not available
Fixes:
http://autobuild.buildroot.net/results/338/3381a49d17aa0d4b9711cbb36a5d7b563a8ae08f/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libcgi is written in C, there is no need for a C++ compiler, but CMake
by default assumes that both C and C++ are needed. To fix that, this
commit adds a patch, submitted upstream, to adjust the CMakeLists.txt.
Fixes:
http://autobuild.buildroot.net/results/d0b4740bdbd84ed6fcbba706caf42ebba4c07d15/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Following the merge of the "next" branch back into "master", the
libepoxy package fails to build, because its version was bumped in the
"next" branch and patches were backported in the "master" branch,
which are no longer needed since they are upstream as of version
1.4.3.
Fixes:
http://autobuild.buildroot.net/results/5b77479c101dc43f92f23d3fd893d2df80697db0/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Provide the path to HOST_DIR for libxml, libxslt and libiconv like for
the target variant to avoid a build issue on host where /bin is a
symlink to /usr/bin.
Indeed, the configure script use a custom m4 macro XSTAR_LIB_CHECK to
find xml2-config:
XSTAR_LIB_CHECK([LIBXML], [xml2-config])
This macro come from a local m4 file m4/xstar-check-libs.m4 where it
use:
AC_PATH_PROG(LIBXXX()_CONFIG, xxx_config(),
[], [$LIBXXX()_PREFIX/bin$PATH_SEPARATOR$PATH]
Since no prefix seems to be defined by $LIBXXX()_PREFIX, AC_PATH_PROG
look by itself at /bin/ for xml2-config. So the PATH variable set
by Buildroot containing HOST_DIR/bin is ignored.
The wrong xml2-config is used during the build and the build fail
when no xml2 headers are installed on the host.
Fixes:
src/xml_C14N.c:12:31: fatal error : libxml/xmlversion.h : No such file or directory
#include <libxml/xmlversion.h>
^
In file included from src/trans.c:4:0:
src/trans.h:32:30: fatal error : libxml/xmlmemory.h : No such file or directory
#include <libxml/xmlmemory.h>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: remove french messages from the commit log, drop
--with-libiconv-prefix option, since we don't have a libiconv
dependency for the host.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
ts4900 defconfig is upstream in Linux since v4.9:
a2f1145 ARM: dts: TS-4900: add basic device tree
Bump kernel version to v4.12 and use the upstreamed defconfig
imx_v6_v7.
Signed-off-by: Mathieu Audat <mathieu.audat@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This change extends to the login utilities the current policy of having
a selection item in the configuration menu for each utility that has an
--enable/--disable knob in the "configure" script:
- add selection items for login, runuser, su and sulogin (there was
already an item for "last")
- move "login utilities" to Config.in.legacy
- make "login utilities" select last, login, runuser, su and sulogin
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
xl2tp does not depend on OpenSSL since version 1.3.4.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>