Catch the commonly used options of SSP, Relro, and fortify.
Using the package targets of busybox and lighttpd. This
can easily be expanded to a larger list.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A note is added to tie off the discussion on why moving _FORTIFY_SOURCE
related flags into the toolchain wrapper doesn't currently work.
- Currently -D_FORTIFY_SOURCE and optimizations are passed through
CFLAGS
- Packages like linux-tools ignore CFLAGS entirely and some
autotools toolchain testing cases dependent on not using
CFLAGS.
- If FORTIFY_SOURCE is passed through the wrapper, then linux-tools
will no longer be able to ignore it, because it's enforced at a
lower-level and since the optimization -Os/g/1/2/3 are via CFLAGS,
there is no optimization flag set. Therefore linux-tools will do
all its configuration tests with FORTIFY_SOURCE forcefully enabled
at the wrapper level, but no optimization enabled, and consequently
tests will fail.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Migrate the stack protection flag management into the wrapper.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The RELRO/PIE flags are currently passed via CFLAGS/LDFLAGS and this patch
proposes moving them to the toolchain wrapper.
(1) The flags should _always_ be passed, without leaving the possibility
for any package to ignore them. I.e, when BR2_RELRO_FULL=y is used
in a build, all executables should be built PIE. Passing those
options through the wrapper ensures they are used during the build
of all packages.
(2) Some options are incompatible with -fPIE. For example, when
building object files for a shared libraries, -fPIC is used, and
-fPIE shouldn't be used in combination with -fPIE. Similarly, -r
or -static are directly incompatible as they are different link
time behaviors then the intent of PIE. Passing those options
through the wrapper allows to add some "smart" logic to only pass
-fPIE/-pie when relevant.
(3) Some toolchain, kernel and bootloader packages may want to
explicitly disable PIE in a build where the rest of the userspace
has intentionally enabled it. The wrapper provides an option
to key on the -fno-pie/-no-pie and bypass the appending of RELRO
flags.
The current Kernel and U-boot source trees include this option.
8438ee76b06ace36e19a
If using PIE with a older Kernel and/or U-boot version, a backport of these
changes might be required. However this patchset also uses the
__KERNEL__ and __UBOOT__ defines as a way to disable PIE.
NOTE: The current implementation via CFLAGS/LDFLAGS has caused some
build time failures as the conditional logic doesn't yet exist in
Buildroot:
https://bugs.busybox.net/show_bug.cgi?id=11206https://bugs.busybox.net/show_bug.cgi?id=11321
Good summary of the most common build failures related to
enabling pie: https://wiki.ubuntu.com/SecurityTeam/PIE
[Peter: minor cleanups]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit:
https://git.buildroot.net/buildroot/commit/?id=13722d58f77d0e9fea9eefc50bf083d19f835433
Patch "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
was intended to fix AC_CHECK_FUNCS() failure on openssl functions. This
was due to missing -lz during static linking.
But the patch is wrong and results in explicitly linking against -lz in
both shared and static build.
This makes no sense, since shared linking has transitive dependency so
it doesn't need to list -lz after -lssl, -lssl is enough.
Differently static linking needs -lz to be listed after -lssl.
So the real cause of previous build failure:
http://autobuild.buildroot.net/results/881/881139fb049738b16609d39ad5a49bd77ff6b4aa/
is that when AC_CHECK_FUNCS(), $LIBS variable is overwritten with
$LIBCRYPTO without taking into accout previous $LIBS content(i.e. where
-lz is present). This results in AC_CHEC_FUNCS() to fail while trying to
statically link without listing -lz.
Then:
- Remove current "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
- Add patch "0003-configure-fix-AC_CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch"
where add $LIBS content to tail of new $LIBS variable like this:
LIBS="$LIBCRYPTO $LIBS"
NOTE: $LIBS is at the end to ensure static linking to work correctly.
- Add patch 0004-configure-fix-AC_CHECK_FUNCS-TLS_method-TLSv1_method.patch
where add $LIBS content to tail of new $LIBS variable like this:
LIBS="-lssl $LIBCRYPTO $LIBS"
NOTE: $LIBS is at the end to ensure static linking to work correctly.
This way AC_CHECK_FUNCS(), when static linking, try to link with -lz too
appending it at the end of linking library list.
And after every AC_CHECK_FUNCS(), previously saved $LIBS variable gets
back to its original value(i.e. containing -lz if present) resulting in
having or not -lz appended to library list according to static or
shared build.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 550c42509c "package/vlc: fix
linking with tremor" fixed build with BR2_PACKAGE_TREMOR and without
BR2_PACKAGE_LIBVORBIS. However, it breaks build if BR2_PACKAGE_TREMOR
and BR2_PACKAGE_LIBVORBIS are both enabled.
Indeed, by overiding VORBIS_LIBS by -lvorbisidec, link of
codec/.libs/libvorbis_plugin_la-vorbis.o with -lvorbis
failed because VORBIS_LIBS is normally used to save "-logg
-lvorbis -lvorbisenc":
PKG_ENABLE_MODULES_VLC([VORBIS], [], [ogg vorbis >= 1.1 vorbisenc >= 1.1], [Vorbis decoder and encoder], [auto])
So replace fourth patch by an upstreamable patch which uses pkg-config
to set TREMOR_LIBS if tremor is found instead of "hacking" VORBIS_LIBS
Fixes:
- http://autobuild.buildroot.org/results/85a7bb1996b78dee037d5900b124cbdf5b66a6ac
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream is now Python 3 only.
Quoting the maintainer [1]: "the last version of crossbar with python 2
support: pip install crossbar==18.4.1".
[1] https://github.com/crossbario/crossbar/issues/1332
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Mauro Condarelli <mc5686@mclink.it>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Location module for QtQuick depends on this library, which was not
being copied in the build rule.
Signed-off-by: Alexander 'z33ky' Hirsch <1zeeky@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Linux tarball checksum was recently updated, including the one for
version 4.9.133. The checksum for this particular version of Linux
misses one character which lead to a build issue as the checksum does
not match:
ERROR: linux-4.9.133.tar.xz has wrong sha256 hash:
ERROR: expected: 3730fc025ba330a6f4908a6a1e4cb86d821000c84167721680ccf1b37b26563
ERROR: got : 53730fc025ba330a6f4908a6a1e4cb86d821000c84167721680ccf1b37b26563
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
This patch fixes it.
Fixes: 0064c7b251 ("{linux, linux-headers}: bump 4.{4, 9, 14, 18}.x series")
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tk Open Systems has sponsored the Buildroot Association to organize
the Buildroot Developers Meeting.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When threads support is missing the ntp build system builds the
work_fork code. This code added call to set_user_group_ids() that is
under HAVE_DROPROOT, which is disabled when libcap is not built.
Add a patch fixing that.
Fixes:
http://autobuild.buildroot.net/results/ab9/ab9ceff1151b8b5e6b9fa77d39c0f9b0cac1a080/
Cc: Artyom Panfilov <apanfilov@spectracom.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-10933: authentication bypass vulnerability in the server
code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authenticate without any credentials.
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Drop an upstream patch.
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Config.in for glibc is a blind option and not part of the menu for
a user to select (the pkg is used for the Buildroot toolchain build),
however this patch adds the link for completeness of the pkg-stats
report and for future scripting which will generate xml updates of the
package's Common Product Enumeration (used for vunerability checking).
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When two Buildroot builds run in parallel, and they both happen to call
npm at roughly the same time, the two npm instances may conflict when
accessing the npm cache, which is by default ~/.npm
Although npm is supposed to lock access to the cache, it seems it does
sometimes fail to do so properly, bailling out in error, when it would
never ever crash at all when not running in parallel. We suspect that
the sequence leading to such failures are something like:
npm-1 npm-2
lock(retry=few, sleep=short) .
does-stuff() .
. lock(retry=few, sleep=short)
. # can't lock local cache
. download-module()
. # can't download
. exit(1)
unlock()
As per the docs [0], few = 10, short = 10. So if the first npm (npm-1)
takes more than 100s (which can happen behind slow links and/or big
modules that contain native code that is compiled), then the second npm
(npm-2) will bail out (the download would fail if there is no network
access, for example, and only local modules are used).
Point npm to use a per-build cache directory, so they no longer compete
across builds.
That would still need some care when we do top-level parallel builds,
though.
Note also that the conflicts are not totally eliminated: two or more npm
instances may still compete for some other resource that has not yet
been identified.
But, at least, the conflict window has been drastically shortened now,
to the point where it now seldom occurs.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adjusts the mdadm package to also install the mdmon
utility, which is used to "monitor MD external metadata arrays". It
adds ~250 KB to the installed size:
-rwxr-xr-x 1 thomas thomas 446064 Oct 14 21:55 mdadm
-rwxr-xr-x 1 thomas thomas 244672 Oct 14 21:55 mdmon
Fixes bug #11376.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The upstream Makefile by default installs to /sbin but we override
that to install it in /usr/sbin. Since mdadm is a pretty core utility
for the boot process, it makes sense to comply with upstream's default
behavior, so we change mdadm.mk to install mdadm in /sbin. This also
removes the somewhat non-standard DESTDIR value.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is absolutely no reason for mdadm.mk to use autotools-package:
this package does not have any configure script at all, and its
Makefile is not generated using automake.
Therefore, convert it to use the generic-package
infrastructure. Compared to the previous code, we are now using
$(TARGET_CONFIGURE_OPTS), which passes our CPPFLAGS. This overrides
the CPPFLAGS from mdadm's Makefile, so we repeat the only CPPFLAGS
flag passed in the Makefile, -DBINDIR.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
glibc 2.28 no longer includes <sys/sysmacros.h> from <sys/types.h>,
and therefore <sys/sysmacros.h> must be included explicitly when
major()/minor() are used.
Fixes:
- http://autobuild.buildroot.org/results/33cb370ee80d0603974b6376f0364f914d150463
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While Erlang includes a version of zlib, it's intended for Windows and
there's an expectation that non-Windows platforms provide it. It's also
not as regularly updated as the one in Buildroot. This change makes
Erlang always use a Buildroot-provided zlib.
Fixes this compile error:
CC /home/buildroot/autobuild/run/instance-0/output/build/erlang-21.0/erts/emulator/zlib/obj/x86_64-buildroot-linux-musl/opt/adler32.o
In file included from zlib/adler32.c:11:0:
zlib/zutil.h:172:39: error: "_LFS64_LARGEFILE" is not defined [-Werror=undef]
(!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0)
^~~~~~~~~~~~~~~~
See http://autobuild.buildroot.net/results/fc633f80c7c36a90e641487f5a888fbb767c2a54/.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported by Jeff Wittrock in bug #11396, the U-Boot environment
image checksum is invalid for big endian targets, because the test on
the BR2_ENDIAN Config.in option doesn't take into account that it is
double quoted.
The fix was provided by Jeff himself on bugzilla.
Fixes bug #11396.
Reported-by: Jeff Wittrock <jwittrock@faultrecorder.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.net/results/005/00588d7cd37ba9620f01e970bf328540527558fc/http://autobuild.buildroot.net/results/2fc/2fc2d0111e467671ee4cec427234a9b2aada1cc9/
Linux 4.4 moved the NVME ioctl definitions from nvme.h to nvme_ioctl.h in
commit 9d99a8dda154 (nvme: move hardware structures out of the uapi version
of nvme.h), but nvme_ioctl.h was only exported to user space in 4.4.4 in
commit 7712c014b16f64d3 (uapi: update install list after nvme.h rename).
sedutil contains the needed logic to look at either nvme.h or nvme_ioctl.h,
but as the ioctl definitions are not exported in 4.4..4.4.3, it fails to
build.
The MIPS Codesourcery toolchain uses 4.4.1 kernel headers, so disable the
sedutil package if this toolchain is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This test case uses a too old U-Boot version, which is affected by the
infamous libfdt header conflict issue. We update U-Boot and ATF to
what is used in the current version of
solidrun_macchiatobin_mainline_defconfig, for which the problem no
longer exists.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/107860312
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This test case uses a too old U-Boot version, which is affected by the
infamous libfdt header conflict issue. Let's update to U-Boot 2017.11,
which is used by our current bananapi_m64_defconfig that was the
inspiration for this test case.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/107860310
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When curl is statically built with openssl support, xerces needs to
link with openssl libraries so use pkg_check_modules to get any
needed dependencies
Fixes:
- http://autobuild.buildroot.org/results/29ca90fff2c8e38f2edf7240eca3aa3fe7397c45
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add intial support for Bananapi M2 Ultra board based on the Allwinner
R40 SoC.
- U-Boot 2018.07
- Linux 4.18.12
Board specifications: http://www.banana-pi.org/m2u.html
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
New Linux kernel version 4.18.12
New u-boot version 2018.07
Config options were reordered by savedefconfig
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
__sync_*_4 intrinsics is used by common/hathreads.h when gcc < 4.7 but
also by contrib/tcploop.c or include/proto/shctx.h so put back a
mandatory dependency on BR2_TOOLCHAIN_HAS_SYNC_4 which has been
wrongly removed by commit f22fca4bf2
("haproxy: tweak thread activation").
Fixes:
- http://autobuild.buildroot.net/results/52c88f2f27e1a3c42cf71554cf680da86d933ef6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>