https://www.openssl.org/news/secadv/20160922.txt
Fixes
SSL_peek() hang on empty record (CVE-2016-6305)
SWEET32 Mitigation (CVE-2016-2183)
OOB write in MDC2_Update() (CVE-2016-6303)
Malformed SHA512 ticket DoS (CVE-2016-6302)
OOB write in BN_bn2dec() (CVE-2016-2182)
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Constant time flag not preserved in DSA signing (CVE-2016-2178)
DTLS buffered message DoS (CVE-2016-2179)
DTLS replay protection DoS (CVE-2016-2181)
Certificate message OOB reads (CVE-2016-6306)
Excessive allocation of memory in tls_get_message_header()
(CVE-2016-6307)
Excessive allocation of memory in dtls1_preprocess_fragment()
(CVE-2016-6308)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/2d5/2d55b5d88a06c7b8e6baeb96973009a451e992d9/http://autobuild.buildroot.net/results/899/89922e61c583cf1d11bd0bafdd5586c35d8f6e15/http://autobuild.buildroot.net/results/d5b/d5b8fe66ff8d9ea91e87ef6fbe8274f5e24aa7b0/http://autobuild.buildroot.net/results/89b/89b136e6dced6ca9842a1f23141b0cb999f783da/
.. and many more.
Building OLA with a GCC 6 cross-toolchain fails:
```
/usr/bin/arm-linux-g++ -DHAVE_CONFIG_H -I. -D_LARGEFILE_SOURCE
-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I./include -I./include
-Wall -Wformat -W -isystem
/usr/arm-buildroot-linux-gnueabihf/sysroot/usr/include -pthread
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os
-pthread -c -o libs/acn/e131_transmit_test.o
libs/acn/e131_transmit_test.cpp
/usr/bin/arm-linux-g++ -DHAVE_CONFIG_H -I. -D_LARGEFILE_SOURCE
-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I./include -I./include
-Wall -Wformat -W -isystem
/usr/arm-buildroot-linux-gnueabihf/sysroot/usr/include -pthread
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os
-pthread -c -o libs/acn/E131TestFramework.o
libs/acn/E131TestFramework.cpp
In file included from
/opt/ext-toolchain/arm-buildroot-linux-gnueabihf/include/c++/6.1.0/ext/string_conversions.h:41:0,
from
/opt/ext-toolchain/arm-buildroot-linux-gnueabihf/include/c++/6.1.0/bits/basic_string.h:5402,
from
/opt/ext-toolchain/arm-buildroot-linux-gnueabihf/include/c++/6.1.0/string:52,
from ./tools/ola_trigger/config.ypp:2:
/opt/ext-toolchain/arm-buildroot-linux-gnueabihf/include/c++/6.1.0/cstdlib:75:25:
fatal error: stdlib.h: No such file or directory
#include_next <stdlib.h>
^
compilation terminated.
```
The C++ library in GCC 6 now provides its own `<stdlib.h>` header that
wraps the C library header of the same name, so in `<cstdlib>` the
header include
```
#include <stdlib.h>
```
has become
```
#include_next <stdlib.h>
```
`#include_next` is sensitive to the order of directories in the
preprocessor's search path, so if that order is changed with `-isystem`
then the compiler can't find the right header:
```
[1] /usr/arm-buildroot-linux-gnueabihf/sysroot/usr/include
[2] /opt/ext-toolchain/arm-buildroot-linux-gnueabihf/include/c++/6.1.0
[..]
End of search list.
```
`<cstdlib>` is located in [2] whereas `<stdlib.h>` (C library header) is
in [1]. In this case, the `#include_next <stdlib.h>` statement in
`<cstdlib>`, located in [2], is evaluated **after** the search path [1],
so the compiler does not find the right system header.
The problem here is that the OLA build system replaces the `-I` in the CFLAGS
from libprotobuf with `-isystem` to fix some warnings treated as errors
in the libprotobuf header files.
`-isystem` should be used to suppress warnings in system headers only
and the libprotobuf header files are not system files.
The correct fix is to compile with less restrictions and remove
`-Werror` for the build. This is already done by passing
`--disable-fatal-warnings` to OLA.
Fix the reordering of the GCC search paths by removing the replacement of
`-I` with `-isystem`.
Upstream status: https://github.com/OpenLightingProject/ola/pull/1126
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
By default the build system of OLA passes '-Werror' to GCC. The aborts
compilation with GCC 6:
'''
error: ‘template<class> class std::auto_ptr’ is deprecated
[-Werror=deprecated-declarations]
'''
The target variant already passes the option "-disable-fatal-warnings"
to the build system to disable '-Werror'. Do it for the host variant to
to fix build with host GCC 6.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove fetching upstream which was needed to fix musl build issue.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- configs/acmesystems_aria_g25_128mb_defconfig,
configs/acmesystems_aria_g25_256mb_defconfig :
update default configuration files for both 128MB and 256MB version
- board/acmesystems/aria-g25/genimage.cfg
board/acmesystems/aria-g25/post-image.sh :
add support for genimage in order to build sdcard.img
- board/acmesystems/aria-g25/readme.txt : update documentation
for Aria G25 and add notes about how to build sdcard.img
Signed-off-by: Biagio Montaruli <biagio.hkr@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Piotr Nakraszewicz no longer works at Imgtec, and Abhilash Tuse
volunteered to take care of this package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit updates the DEVELOPERS files with packages or defconfigs
recently added, plus additional entries for developers who have modified
packages they are usually taking care of.
Cc: Christian Stewart <christian@paral.in>
Cc: Cyril Bur <cyrilbur@gmail.com>
Cc: Danomi Manchego <danomimanchego123@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Manuel Vögele <develop@manuel-voegele.de>
Cc: Mathieu Audat <mathieu.audat@savoirfairelinux.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Piotr Nakraszewicz <piotr.nakraszewicz@imgtec.com>
Cc: Romain Perier <romain.perier@free-electrons.com>
Cc: Theo Debrouwere <t.debrouwere@televic.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Romain Naour <romain.naour@openwide.fr>
[Thomas:
- Adjust the Config.in example to show that we now need to "select
BR2_PACKAGE_LINUX_TOOLS"
- Adjust the .mk file example to use $(LINUX_DIR) instead of $(@D)]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The kernel source tree also contains the sources for various userland
tools, of which cpupower, perf or selftests.
Currently, we have support for building those tools as part of the
kernel build procedure. This looked the correct thing to do so far,
because, well, they *are* part of the kernel source tree and some
really have to be the same version as the kernel that will run.
However, this is causing quite a non-trivial-to-break circular
dependency in some configurations. For example, this defconfig fails to
build (similar to the one reported by Paul):
BR2_arm=y
BR2_cortex_a7=y
BR2_ARM_FPU_NEON_VFPV4=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_INIT_SYSTEMD=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_GIT=y
BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://github.com/raspberrypi/linux.git"
BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="26f3b72a9c049be10e6af196252283e1f6ab9d1f"
BR2_LINUX_KERNEL_DEFCONFIG="bcm2709"
BR2_PACKAGE_LINUX_TOOLS_CPUPOWER=y
BR2_PACKAGE_CRYPTODEV=y
BR2_PACKAGE_OPENSSL=y
BR2_PACKAGE_LIBCURL=y
This causes a circular dependency, as explained by Thomas:
- When libcurl is enabled, systemd depends on it
- When OpenSSL is enabled, obviously, will use it for SSL support
- When cryptodev-linux is enabled, OpenSSL will depend on it to use
crypto accelerators supported in the kernel via cryptodev-linux.
- cryptodev-linux being a kernel module, it depends on linux
- linux by itself (the kernel) does not depend on pciutils, but the
linux tool "cpupower" (managed in linux-tool-cpupower) depends on
pciutils
- pciutils depends on udev when available
- udev is provided by systemd.
And indeed, during the build, we can see that make warns (it's only
reported as a *warning*, not as an actual error):
[...]
make[1]: Circular /home/ymorin/dev/buildroot/O/build/openssl-1.0.2h/.stamp_configured
<- cryptodev-linux dependency dropped.
>>> openssl 1.0.2h Downloading
[...]
So the build fails later on, when openssl is actually built:
eng_cryptodev.c:57:31: fatal error: crypto/cryptodev.h: No such file or directory
compilation terminated.
<builtin>: recipe for target 'eng_cryptodev.o' failed
Furthermore, graph-depends also detects the circular dependency, but
treats it as a hard-error:
Recursion detected for : cryptodev-linux
which is a dependency of: openssl
which is a dependency of: libcurl
which is a dependency of: systemd
which is a dependency of: udev
which is a dependency of: pciutils
which is a dependency of: linux
which is a dependency of: cryptodev-linux
Makefile:738: recipe for target 'graph-depends' failed
Of course, there is no way to break the loop without losing
functionality in either one of the involved packages *and* keep
our infrastructure and packages as-is.
The only solution is to break the loop at the linux-tools level, by
moving them away into their own package, so that the linux package will
no longer have the opportunity to depend on another package via a
dependency of one the tools.
All three linux tools are thus moved away to their own package.
The package infrastructure only knows of three types of packages: those
in package/ , in boot/ , in toolchain/ and the one in linux/ . So we
create that new linux-tools package in package/ so that we don't have to
fiddle with yet another special case in the infra. Still, we want its
configure options to appear in the kernel's sub-menu.
So, we make it a prompt-less package, with only the tools visible as
options of that package, but without the usual dependency on their
master symbol; they only depend on the Linux kernel.
Furthermore, because the kernel is such a huge pile of code, we would
not be very happy to extract it a second time just for the sake of a few
tools. We can't extract only the tools/ sub-directory from the kernel
source either, because some tools have hard-coded path to includes from
the kernel (arch and stuff).
Instead, we just use the linux source tree as our own build tree, and
ensure the linux tree is extracted and patched before linux-tools is
configured and built.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Paul Ashford <paul.ashford@zurria.co.uk>
[Thomas:
- fix typo #(@D) -> $(@D)
- fix the inclusion of the per-tool .mk files.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
I own a A20 Micro, I contributed the defconfig for it and I test it
still works from time to time.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
elementary, libevas-generic-loaders and smtools3 no longer exist.
pygame doesn't exist, it's named python-pygame.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Host variant is needed for building python-daemon package.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Thomas: improve license description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
After commit ab930190d7 ("python-psutil: not available on musl")
we are getting following error when we set defconfig
package/python-psutil/Config.in:14: syntax error
package/python-psutil/Config.in:13: invalid option
package/circus/Config.in:21: syntax error
package/circus/Config.in:20: invalid option
Fixes: ab930190d7 ("python-psutil: not available on musl")
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
http://autobuild.buildroot.net/results/365/365c2f0b32ae3cb1d6d4d8f0145500dfadd05c59/http://autobuild.buildroot.org/results/140/140d0ec9d94f75453c4c82e18803c8d7bffcf6be/
And many more.
The sysinfo structure definition in linux/sysinfo.h (which gets indirectly
included from linux/kernel.h) conflicts with the definition in sys/sysinfo.h
when building against the musl C library, leading to build failures:
arm-linux-gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes \
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -fPIC -DPSUTIL_VERSION=430 \
-c psutil/_psutil_linux.c -o build/temp.linux-x86_64-3.5/psutil/_psutil_linux.o
In file included from /home/buildroot/build/instance-0/output/host/usr/arm-buildroot-linux-musleabihf/sysroot/usr/include/linux/kernel.h:4:0,
from /home/buildroot/build/instance-0/output/host/usr/arm-buildroot-linux-musleabihf/sysroot/usr/include/linux/ethtool.h:16,
from psutil/_psutil_linux.c:35:
/home/buildroot/build/instance-0/output/host/usr/arm-buildroot-linux-musleabihf/sysroot/usr/include/linux/sysinfo.h:7:8: error: redefinition of 'struct sysinfo'
struct sysinfo {
^
In file included from psutil/_psutil_linux.c:21:0:
/home/buildroot/build/instance-0/output/host/usr/arm-buildroot-linux-musleabihf/sysroot/usr/include/sys/sysinfo.h:10:8: note: originally defined here
The suggested solution by the musl developers is to duplicate the needed
structures and defines inline instead of including the kernel headers, which
is unlikely to be acceptable upstream - So instead mark python-psutil (and
its reverse dependencies) as unavailable on musl.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
efl and matchbox no longer have a subdirectory containing multiple
packages, so they are no longer good examples of that. Mention qt5 and
gstreamer instead.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
[Thomas:
- adjust the license: it's MIT or LGPLv2, add web/license.html to the
license files
- rewrap Config.in help text
- add entry to the DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Peter: tweak wording and add xref as suggested by Arnout]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit updates the contribute.txt part of the manual to tell
people to use get-developers to get the appropriate "git send-email"
command when sending patches.
[Peter: use --cc instead of --to as suggested by Yann/Arnout]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is an initial list of Buildroot developers. It has been created
semi-automatically by parsing the Git history, and finding the authors
of commits with a title like "<foo>: new package". Some additional
manual tweaking has been done (merging multiple entries corresponding to
the same person, adding some more entries, etc.).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This script, and its companion library, is more-or-less Buildroot's
equivalent to the kernel get_maintainer.pl script: it allows to get the
list of developers to whom a set of patches should be sent to.
To do so, it first relies on a text file, named DEVELOPERS, at the root
of the Buildroot source tree (added in a followup commit) to list the
developers and the files they are interested in. The DEVELOPERS file's
format is simple:
N: Firstname Lastname <email>
F: path/to/file
F: path/to/another/file
This allows to associate developers with the files they are looking
after, be they related to a package, a defconfig, a filesystem image, a
package infrastructure, the documentation, or anything else.
When a directory is given, the tool assumes that the developer handles
all files and subdirectories in this directory. For example
"package/qt5/" can be used for the developers looking after all the Qt5
packages.
Conventional shell patterns can be used, so "package/python-*" can be
used for the developers who want to look after all packages matching
"python-*".
A few files are recognized specially:
- .mk files are parsed, and if they contain $(eval
$(<something>-package)), the developer is assumed to be looking after
the corresponding package. This way, autobuilder failures for this
package can be reported directly to this developer.
- arch/Config.in.<arch> files are recognized as "the developer is
looking after the <arch> architecture". In this case, get-developer
parses the arch/Config.in.<arch> to get the list of possible BR2_ARCH
values. This way, autobuilder failures for this package can be
reported directly to this developer.
- pkg/pkg-<infra>.mk are recognized as "the developer is looking after
the <infra> package infrastructure. In this case, any patch that adds
or touches a .mk file that uses this infrastructure will be sent to
this developer.
Examples of usage:
$ ./support/scripts/get-developers 0001-ffmpeg-fix-bfin-build.patch
git send-email--to buildroot@buildroot.org --to "Luca Ceresoli <luca@lucaceresoli.net>" --to "Bernd Kuhls <bernd.kuhls@t-online.de>"
$ ./support/scripts/get-developers -p imx-lib
Arnout Vandecappelle <arnout@mind.be>
Gary Bisson <gary.bisson@boundarydevices.com>
$ ./support/scripts/get-developers -a bfin
Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gcc 4.9.4 was the last release of the 4.9.x branch, and the gcc
developes will now only be maintaining gcc 5.x and 6.x:
https://gcc.gnu.org/ml/gcc-announce/2016/msg00002.html
Therefore, it is time to use gcc 5.x as the default version in
Buildroot. We have been having toolchains in the autobuilders with gcc
5.x for a while, so the vast majority of the problems should have
already been solved.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Our previous patch to link against librt to access clock_gettime() was
merged upstreamed... but it lacked a crucial part which makes the whole
thing useless: $(CLOCK_GETTIME_LIB) is always empty from a make point of
view.
This commit adds a patch to e2fsprogs to fix the problem.
Fixes:
http://autobuild.buildroot.net/results/41ea60bebfc741604a5499df74363b498ad77a48/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It's a necessary dependency to build the new host-libglib2.
libblkd is an indirect dependency for libmount.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The ARC gcc version is now based on gcc 6.x and no longer gcc 4.8.x,
which makes the option BR2_GCC_VERSION_4_8_ARC a bit irrelevant, as is
the prompt of this option.
This commit therefore renames this option to BR2_GCC_VERSION_ARC, and
adjust its prompt as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This new version brings in support for egl-wayland, the EGL extensions
aimed at making it possible to implement Wayland servers and clients. As
such, nvidia-driver becomes the second EGL implementation in Buildroot
that can act as a libegl provider with egl-wayland extensions.
In this version, it becomes possible to use our kernel-module infra,
with just a little few minor tricks: we need just specify the Linux
source and build trees (they are the same for us) and the list of
modules to build. We still need a little patch against the Kbuild files.
We also get rid of the LIBS_NO_VERSION trick and always use complete
filenames, as more libs are now packaged with different version in their
filenames, and even some with no version at all.
When installing libs, we switch from a shell loop to a make foreach
loop, which is easier to handle. It has the side-effect (and advantage)
of displaying the install commands for each library, rather than a
single biggish one, so it is easier to see what goes wrong. This also
means that an error in each phase of the install (the copy of the files
then each symlink) can be caught more easily (it was not previously):
each sequence is now its own make command; we need not use "|| exit 1"
after each command, even in a if block, because the if blocks returns
with the exit code of the last command in it; e.g. if an ln fails, the
if-block in which it is enclosed will return the exit code of ln, and
make will catch it.
Similarly for the X driver modules and each of the programs installed:
we now can catch any failure in the isntall of those.
All of this somewhat simplifies the .mk. It is a little bit longer, but
the structure is saner and more explicit.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix two build issue when socat is build with musl:
- Set NETDB_INTERNAL locally since it's not provided by musl
- remove if_tun.h kernel header
Fixes:
http://autobuild.buildroot.net/results/029/02977d3844ef62b1e9cbfbab244593632757c5e2
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>