Pass -Werror=shadow in args of cc.compiles in meson.build otherwise test
will always succeed, causing -Werror=shadow to be passed, even on older gcc versions.
GCC 4.8 changed the behaviour of -Werror=shadow to no longer complain about
local variable declariations shadowing functions, which systemd has. From
the changelog:
The option -Wshadow no longer warns if a declaration shadows a function
declaration, unless the former declares a function or pointer to function,
because this is a common and valid case in real-world code.
https://www.gnu.org/software/gcc/gcc-4.8/changes.html
Fixes:
- http://autobuild.buildroot.org/results/ffd71c473d3b29618c18cd2e04705370266696f2
[Peter: extend commit message, add gcc 4.8 link]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to
bypass a sandbox protection mechanism via vectors involving errorhandler
setup. NOTE: this issue exists because of an incomplete fix for
CVE-2018-17183.
- CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to
bypass a sandbox protection mechanism via vectors involving the 1Policy
operator.
- CVE-2018-19409: An issue was discovered in Artifex Ghostscript before
9.26. LockSafetyParams is not checked correctly if another device is
used.
- CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended access restrictions because available
stack space is not checked when the device remains the same.
- CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended access restrictions because of a
setcolorspace type confusion.
- CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended access restrictions because of a
JBIG2Decode type confusion.
For more details, see the release notes:
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Those custom fixups were added in 2011 with commit d1b42b24b8
(net-snmp: fixup paths in net-snmp-config) before we add generic config
scripts fixups in 2013 with commit 834f9311aa (pkg-infra: add
<pkg>_CONFIG_FIXUP to fix *-config files)
These custom fixups enclose the includes and libraries paths in single
quotes (presumably to protect them from further expnasion by the shell,
in case there are spaces for example).
It turns out that this breaks now that we replace the staging dir with
$(dirname $0), as it is between single quotes.
It looks like these fixups are really no longer needed anymore, since
the generic fixups do the job just fine (and better).
Fixes:
http://autobuild.buildroot.org/results/2c5/2c5e379a06825bf8588bf070d733d2e1f98dab66/http://autobuild.buildroot.org/results/eea/eea704463c3f14dbb9bd7f8aa23d4b61c25987f4/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to [1]:
- fixes CVE-2018-6942: A NULL pointer dereference in the Ins_GETVARIATION()
function within ttinterp.c could lead to DoS via a crafted font file
- needs '--enable-freetype-config' for freetype-config installation
[1] https://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?id=86bc8a95056c97a810986434a3f268cbe67f2902
[Peter: also pass --enable-freetype-config for host variant]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
domoticz will fail to build with python and older cmake
Indeed, find_package(PythonLibs 3.4) will not recognize python 3.7 until
cmake 3.7 and the following commit:
c31573b964
To fix this, add a call to find_package(PythonInterp). Indeed, if
FindPythonInterp has already found the major and minor version, that
version will be inserted between the user supplied versions and the
stock version list since cmake in version 3.1 and
3816cd2dc7
Fixes:
- http://autobuild.buildroot.org/results/8e82501a7b49da628ec026132ffca44c0c813040
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
*) Microarchitecture timing vulnerability in ECC scalar multiplication
OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
shown to be vulnerable to a microarchitecture timing side channel attack.
An attacker with sufficient access to mount local timing attacks during
ECDSA signature generation could recover the private key.
This issue was reported to OpenSSL on 26th October 2018 by Alejandro
Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
Nicola Tuveri.
(CVE-2018-5407)
[Billy Brumley]
*) Timing vulnerability in DSA signature generation
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]
For more information, see the changelog:
https://www.openssl.org/news/cl102.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
PLATFORM is an environment variable used by xfsprogs' configure script
to determine the platform for which the applications are being built. If
we set some incorrect/unsupported value through e.g: export, this will
be picked up by xfsprogs' configure script and used as-is and assigned
to PKG_PLATFORM, which will lead to build failures.
If PLATFORM was empty/unset, then uname on the host building xfsprogs
gets used to determine the build platform, which again could be
incorrect if we e.g: built xfsprogs on a Darwin system.
Since we are obviously building for Linux, let's just make sure we
define it that way which solves both issues.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
- CVE-2018-16841:
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16851:
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16852:
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
- CVE-2018-16857:
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.9.3.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps the Linux CIP kernel to version v4.4.154-cip28
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version requires much less patches than the previous one packaged
in Buildroot. It is compatible with Erlang OTP 21.
There are two remainning patches to:
- change the Makefile rules so dependencies are not downloaded/compiled;
- fix ejabberd user and load a default file in ejabberdctl script.
The patch 0006-fix-install-permissions has been replaced by setting
permissions on /etc/ejabberd directory via EJABBERD_PERMISSIONS.
The patch 0009-disable-mod_avatar has been removed because eimp is
a mandatory dependency since 0f86559d.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
[Thomas: add entry in DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package now depends also on erlang-p1-tls and erlang-p1-zlib.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Instead of having a patch in every rebar package to remove the
dependencies in the rebar.config file in order to avoid rebar
downloading such dependencies at build time, implement it directly
as a post-patch hook in the rebar infrastructure.
Add a way to explicitly deactivate this behavior if any package needs
such lines in the rebar.config file.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
[Thomas:
- rename macro to remove-rebar-config-dependencies
- move the macro outside the inner-rebar-package, so that it is
declared with the other utility macros found in pkg-rebar.mk]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
License file update: correct spelling, and state the exact
patent numbers.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For the curious, there's the changelog summary:
https://github.com/kergoth/tslib/releases
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
strace-graph is a perl script. This script is removed unconditionally
since commit 720c0ca5ba ("strace: convert to makefile.autotools.in
format") from 2008. Since then Buildroot added support for perl on
target. Don't remove strace-graph when perl is built for target.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[Thomas: move the hook definition inside the condition.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Disable gcc march mips64r2 detection (use compile flags already
set by buildroot only), avoids double setting like '-march=mips64
... -march=mips64r2 -mabi=64'.
Fixes [1]:
error: '-mips64r2' conflicts with the other architecture options, which specify a mips64 processor
[1] http://autobuild.buildroot.net/results/34f6e2352f1559f98c724fe5394db0035b42ddb1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add ${LTLIBICONV} to popt.pc.in so applications such as shairport-sync
will know that they must link with -liconv when building statically
Fixes:
- http://autobuild.buildroot.org/results/c5b0d1d2867e49c022a2ad971dd9f358ff0f3865
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
tests are enabled if gperf and zlib are found and they fail on:
/home/buildroot/autobuild/run/instance-0/output/build/msgpack-2.1.5/include/msgpack/v1/object.hpp:652:34:
error: 'void* memcpy(void*, const void*, size_t)' copying an object of non-trivial type 'struct msgpack::v2::object' from an array of 'const msgpack_object' {aka 'const struct msgpack_object'} [-Werror=class-memaccess]
std::memcpy(&o, &v, sizeof(v));
So disable them.
Fixes:
- http://autobuild.buildroot.org/results/7d7aa9723f02f9bc78dbf6248674be4d402199bf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The MPD project dropped autotools support in version 0.21.x in favor of
meson. While adapting the package to the meson build infrastructure, the
recognition of libid3tag failed, as only pkg-config is used to detect
the library. Note, that the version bump of the mpd package to 0.21.x is
not submitted, yet.
To help finding the build system to detect libid3tag with pkg-config
properly, add a .pc file and install it to staging.
This is exactly what Debian and Fedora do as well.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libid3tag uses a very old configure script.
When the toolchain lacks C++ and the build machine lacks /lib/cpp, this
old configure script fails because it can't find a C++ preprocessor that
is valid:
checking for arm-buildroot-linux-uclibcgnueabi-g++... no
checking whether we are using the GNU C++ compiler... no
checking whether no accepts -g... no
checking dependency style of no... none
checking how to run the C++ preprocessor... /lib/cpp
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
See `config.log' for more details.
This is yet another case that was tentatively fixed by bd39d11d2e
(core/infra: fix build on toolchain without C++), further amended by
4cd1ab1588 (core: alternate solution to disable C++).
However, this only works on libtool scripts that are recent enough, and
thus we need to autoreconf to get it.
We also need to patch configure.ac so that it does not fail on the
missing, GNU-specific files: NEWS, AUTHORS, and Changelog.
Fixes:
http://autobuild.buildroot.org/results/ac3/ac3870208aab6001db6b790b6c5dde64d08f7669/http://autobuild.buildroot.org/results/cc1/cc18397f38dfd4f1e6605f7a6f58edab49b396ac/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d047c4032b)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0b4ccaef6c)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
v1.11 now has library and header install targets for use by apps that
serve pages. The config changes allow enabling the civetweb webserver
app binary and/or libs and headers.
The C++ interface option is automatically enabled if C++ support is
available.
The civetweb Makefile sets -fPIC in CFLAGS when linking shared
objects, but not when compiling the objects used in the library
resulting in a link failure, so add -fPIC to COPT which is added
to CFLAGS in its Makefile.
The typo patch has already been incorporated upstream, so it was
removed.
Signed-off-by: John Faith <jfaith@impinj.com>
[Thomas:
- keep using "config", a "menuconfig" for just three sub-options is
not relevant
- move the BR2_PACKAGE_CIVETWEB_LIB option near the existing
BR2_PACKAGE_CIVETWEB_SERVER option, since both allow to select what
should be built/installed
- remove BR2_PACKAGE_CIVETWEB_SHARED_LIB, the .mk file will use
BR2_STATIC_LIBS/BR2_SHARED_LIBS/BR2_STATIC_SHARED_LIBS to know what
to do
- select BR2_PACKAGE_CIVETWEB_SERVER if BR2_PACKAGE_CIVETWEB_LIB is
not enabled to ensure at least the server *or* the library is
selected
- introduce CIVETWEB_BUILD_TARGETS in the .mk file to properly use
the appropriate make targets to build the server, static library
and/or shared library
- cleanup the use of CIVETWEB_INSTALL_TARGETS, and use it for both
target and staging installation
- factorize common installation options into a CIVETWEB_INSTALL_OPTS
variable that is used for both the target and staging installation]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add notes to test grub2 running on ARM using qemu. The arm section
describes how to run it using u-boot and aarch64 shows how to do it
using efi, which is similar to what has to be done for x86_64.
The source for OVMF builds is also changed to
https://www.kraxel.org/repos/jenkins/edk2/ which is the source for
nightly builds (as rpms but which can be extracted in any distribution),
as the sourceforge link provided only very old builds.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas:
- formatting fixes
- simplify the AArch64/EFI example by using the aarch64_efi_defconfig]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>