Fixes CVE-2018-19518: University of Washington IMAP Toolkit 2007f on UNIX,
as used in imap_open() in PHP and other products, launches an rsh command
(by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen
function in osdep/unix/tcp_unix.c) without preventing argument injection,
which might allow remote attackers to execute arbitrary OS commands if the
IMAP server name is untrusted input (e.g., entered by a user of a web
application) and if rsh has been replaced by a program with different
argument semantics. For example, if rsh is a link to ssh (as seen on Debian
and Ubuntu systems), then the attack can use an IMAP server name containing
a "-oProxyCommand" argument.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Processor Counter Monitor (PCM) is an application programming interface
(API) and a set of tools based on the API to monitor performance and
energy metrics of Intel(R) Core(TM), Xeon(R), Atom(TM) and Xeon Phi(TM)
processors.
This package contains a patch on the pmu-query.py script to look for the
pcm-core program at the default path. It's not nice to have a Buildroot
specific patch but let's use one while we look for a solution that is
acceptable upstream.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
[Peter: Needs C++, force X86_MSR on in linux]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
liboping.c: In function 'ping_host_add':
liboping.c:207:9: error: '%s' directive output may be truncated writing
up to 255 bytes into a region of size 243 [-Werror=format-truncation=]
"%s: %s", function, message);
^~
liboping.c:1644:40:
ping_set_error (obj, "getaddrinfo", errmsg);
~~~~~~
liboping.c:206:2: note: 'snprintf' output between 14 and 269 bytes into
a destination of size 256
snprintf (obj->errmsg, sizeof (obj->errmsg),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"%s: %s", function, message);
Fixes:
- http://autobuild.buildroot.org/results/b12d86388b495a96194e0bcbb5c19a4e35cbc53d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The logic to ensure at least one compression backend is selected was not
updated when lz4, xz and zstd were introduced - Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[Peter: add comment as suggested by Peter Seiderer]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
prosody is not available for Lua 5.3, but only 5.1 & 5.2.
prosody needs the module BitOp which is included in LuaJIT
note: the actual config is working only LuaJIT
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As reported in bug #11426, the ppsfind shell script uses /bin/bash,
but the Buildroot pps-tools package doesn't depend on bash. In fact,
upstream has fixed the problem, and the script can now be used with a
POSIX shell, and the shebang is /bin/sh.
This commit therefore bumps pps-tools to the latest upstream commit,
which is precisely this fix.
Fixes bug #11426.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Lynx configure script uses pkg-config when available:
checking for nios2-buildroot-linux-gnu-pkg-config... /home/thomas/projets/buildroot/output/host/bin/pkg-config
checking pkg-config for openssl... yes
[...]
checking pkg-config for ncurses... yes
Using pkg-config avoids build failures such as:
checking for _nc_freeall... no
configure: error: Configuration does not support color-styles
make: *** [/home/test/autobuild/run/instance-1/output/build/lynx-2.8.9rel.1/.stamp_configured] Error 1
When building with "make lynx", so that pkg-config is not built
before. The issue is that in this case, lynx configure script picks up
the ncurses6-config script for the host ncurses instead of the one in
staging. Using pkg-config solves that nicely.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TOOLCHAIN_HAS_SYNC_4 is not set, define -DNO_ATOMICS=1 to
fallback on lock
Fixes:
- http://autobuild.buildroot.org/results/7b3bc71d64aedf617dde35798099e16d7ae46713
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: invert condition.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
semaphore.h is available only if HAVE_LIB_PTHREAD and
HAVE_SEM_POSIX are defined
Fixes:
- http://autobuild.buildroot.org/results/1c95898b2833683a22bbe2ff8471fa08d94210e1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: update upstream status of the patch.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libiscsi uses cunit for its test suite, and autodetects its presence.
Usually, we just try to disable tests altogether, but there is no way to
do so. So, ensure proper ordering.
Note: there is an ac_cv_have_cunit variable, but it is not a true
ac_cv* cache variable, and the value provided on the command line or
environment is properly ignored.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The pre-rendered, bundled ones are still installed, though, but they
get removed in target-finalize anyway.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stack protector has been added in version 3.0.3 by
2268c27754
However, some compilers could missed the needed library (-lssp or
-lssp_nonshared) at linking step so use ax_check_link_flag instead of
ax_check_compile_flag
Fixes:
- http://autobuild.buildroot.org/results/0b90e7dca2984652842832a41abad93ac49a9b86
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
KEY_ALS_TOGGLE has been added in kernel 4.8 with
9ee2748712
So add it to missing.h to fix build with kernel older than 4.8
Fixes:
- http://autobuild.buildroot.org/results/0c0aff02df91cdb869efa01e397f7ccc0d9f69af
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.con>
[Thomas: update upstream status.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Allow ejabberd user to run ejabberdctl.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit c2ea056a1b (package/qt5/qt5base: use ccache for building host
code) introduced a tweak to qt5's mkspec file, to define the compilers
(C and C++) to use to build qmake.
In doing so, it changed the variables in that file, from this layout:
VAR = value
to this:
VAR=value
During its configuration phase, qt5 will parse that file using the
system awk.
However, the system awk is not necessarily GNU awk; some systems,
especially Debian ones, use mawk as the default awk implementation.
mawk does not behave the same as GNU awk, and this causes qt5 to extract
empty values, and thus leads to build failures.
Fix that by replacing the variables with similar layout, keeping the
spaces around the equal signs.
Fixes:
http://autobuild.buildroot.org/results/cb5/cb555a124bb3bdb9c5a3465673c21022d94cf2ca/
Reported-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit cd9d58f1fc ("toolchain: bumb
ARC tools to arc-2018.09 release"), the ARC-specific binutils, gcc and
gdb versions were updated to use the 2018.09 release. However, they
are mistakenly pointing to a branch rather than a tag. This commit
fixes that by using the proper release tag.
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
[Thomas: rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This tool allows to verify if the OpenCL environment is set up correctly
and provides information related to the supported OpenCL platforms.
Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
Signed-off-by: Valentin Korenblit <valentinkorenblit@gmail.com>
[Thomas:
- use the libopencl virtual package
- add LICENSE to the license files]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We need to install the mesa3d-headers, because the CL headers are not
provided by nvidia-driver (just like it didn't provide the OpenGL
headers).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Within the BR2_PACKAGE_NVIDIA_DRIVER_XORG condition, some "="
assignements are used for various variables, which are also appended
in other conditions below in nvidia-driver.mk.
It works fine because those assignements appear earlier in the .mk,
but it is a bit error-prone, so let's use += when adding values to
those variables.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch provides Clover, the OpenCL 1.1 API implementation by Mesa
for AMD GPUs. It generates libOpenCL.so.
Add --disable-opencl-icd because in Mesa 18 it defaults to on. When
disabled, the shared library is named libOpenCL instead of
libMesaOpenCL and CL headers are installed.
Given that clc headers are being installed to a non-standard location,
it is necessary to specify this path in configure.ac. Otherwise,
pkg-config will output the absolute path to these headers located in
STAGING_DIR, which will cause a runtime error when calling
clBuildProgram.
Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
Signed-off-by: Valentin Korenblit <valentinkorenblit@gmail.com>
[Thomas:
- improve the description of the patch, based on input from Romain
- register as a libopencl provider]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Valentin Korenblit <a class="moz-txt-link-rfc2396E" href="mailto:valentin.korenblit@smile.fr"><valentin.korenblit@smile.fr></a>
Signed-off-by: Valentin Korenblit <a class="moz-txt-link-rfc2396E" href="mailto:valentinkorenblit@gmail.com"><valentinkorenblit@gmail.com></a>
Signed-off-by: Thomas Petazzoni <a class="moz-txt-link-rfc2396E" href="mailto:thomas.petazzoni@bootlin.com"><thomas.petazzoni@bootlin.com></a>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A flexible forms validation and rendering library for
Python web development.
https://wtforms.readthedocs.io/
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch allows to select the installation of additional commands
which are part of the sunxi-tools. It's now possible to e.g. install
sunxi-fel on the target device. The corresponding options have been
added to Config.in and sunxi-tools.mk has been modified respectively.
The default setting is to only build sunxi-nand-part.
On the host building of the misc-tools target is added, which provides
sunxi-nand-image-builder and phoenix_info.
Signed-off-by: Alex Kaplan <kaplan2539@gmail.com>
[Thomas:
- properly format Config.in
- do not select BR2_PACKAGE_HOST_LIBUSB in Config.in.host, since this
option doesn't exist
- properly indent code in sunxi-tools.mk]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit e13855c48f wrongly added
depends on BR2_TOOLCHAIN_USES_UCLIBC && !BR2_USE_MMU
to display the comment "libbsd needs a toolchain w/ threads, wchar"
The same error has also been made for minizip.
To fix this issue, move dependency
!(BR2_TOOLCHAIN_USES_UCLIBC && !BR2_USE_MMU) under
BR2_PACKAGE_LIBBSD_ARCH_SUPPORTS.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Both p1_oauth2 and jiffy are runtime dependencies. Mark the
corresponding select in the Config.in file with a # runtime
comment.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libcurl doesn't find any trust path for CA certs when it cross-compiles.
When using OpenSSL, it is explicitly configured to use the SSL cert
directory with OpenSSL style hash files in it. But with GnuTLS, it gets
nothing.
Rather than configure libcurl to use the OpenSSL directory or a bundle
file, configure it to use the GnuTLS default. This way the CA certs
path can be configured in one place (gnutls) and then libcurl and anyone
else who uses gnutls can default to that.
Also, when libcurl with gnutls is configured to use a directory, it ends
up loading each cert three times.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gnutls is building with no default location to look for CA certs. Since
there are buildroot packages to provide these, configure it to use them
by default.
Configure gnutls to find them using the bundle file which contains all
certs, rather than looking in the cert directory. When gnutls is told
to use the directory, it loads *every* file in it. This means it loads
the bundle with all certs, then loads each cert a second time using the
individual pem files, and then loads them all the third time via the
hash symlinks to the pem files.
When p11-kit is enabled, use its trust module instead of the bundle
file. p11-kit can be configured to use the bundle (the default), but it
can do other things too, such as integrate with the "trust" command for
adding and removing trust anchors.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following check-package warning:
package/docker-cli/docker-cli.mk:1: should be 80 hashes (http://nightly.buildroot.org/#writing-rules-mk)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Docker upstream has split the Docker daemon and CLI into separate
codebases:
- github.com/docker/engine: daemon, "dockerd" binary
- github.com/docker/cli: "docker" command line interface
This commit splits the docker-engine package into docker-engine and
docker-cli. Conveniently, the Docker project has begun maintaining
two separate release-tagged repositories for the CLI and daemon as of
v18.06-ce-rc1. Previous versions were tagged in a common "docker-ce"
repository which makes compilation awkward for Buildroot, especially
due to some limitations in the new Go package infrastructure.
Docker repositories "engine" and "cli" recently started tagging
releases. Select the latest stable release, v18.09.0.
The CLI is no longer automatically included with the engine. Users
will need to select BR2_PACKAGE_DOCKER_CLI to produce a both docker
and dockerd target binaries.
Docker CLI can be statically compiled. This enables usage of the
system docker client binary to access the parent daemon API from
within containers, where shared libraries are not available.
While at it, drop the useless host-go dependency from docker-engine,
since it's already added by the golang-package infrastructure.
Signed-off-by: Christian Stewart <christian@paral.in>
[Thomas: drop the host-go dependency from both docker-cli and
docker-engine]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit backports an upstream patch that fixes the build of
dt-utils with glibc 2.28+.
Fixes bug #11536.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
fstatfs/statfs on aarch64 seems broken, add a patch from uClibc-ng
upstream git to fix it.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This bump also includes the fix for CVE-2018-6556 released in 3.0.2 via
commit "CVE 2018-6556: verify netns fd in lxc-user-nic": lxc-user-nic
when asked to delete a network interface will unconditionally open a
user provided path:
c1cf54ebf2
This code path may be used by an unprivileged user to check for the
existence of a path which they wouldn't otherwise be able to reach. It
may also be used to trigger side effects by causing a (read-only) open
of special kernel files (ptmx, proc, sys).
Also add a dependency on gcc >= 4.7
(https://github.com/lxc/lxc/issues/2592)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
