dropbear is affected by an user enumeration vulnerability similar to the
recent issue in openssh (CVE-2018-15473). Add an upstream patch fixing the
issue.
For more details, see the discussion on the mailing list:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002110.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a one-liner patch that fixes the build with musl of
the openpowerlink package, caused by a missing <sys/types.h>
include. The patch has been submitted upstream.
Fixes:
http://autobuild.buildroot.net/results/8aff5f6d7bcab616129368c1fb22026bb164e454/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
btrfs will happily use an existing destination file if it
already exists, increasing its size if needed. Hoever, it
will never decrease the size, even if the requested size
is smaller than the existing file.
So, remove any previously existing destination file before
generating the new filesystem.
Note: the original submission by Robert did that, but as
this case was not obvious, the removal was dropped by a
refactoring when the patch was initially applied.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Robert J. Heywood <robert.heywood@codethink.co.uk>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: use $@ instead of $(@), use $(RM) instead of rm.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update license info, and remove the patch since it's already on upstream.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
brltty has a very inventive buildsystem, where it internall runs
./configure for the build machine In doing so, it generates a list
of make variables to define what the build machine supports, like
it does for the target.
However, the build variables are generated with a convoluted sed
script that scans the target list, and appends _FOR_BUILD to each
target variables. Then, both lists are included from the Makefile,
on the assumption that the build variables will not clash with the
target variables.
Where it gets interesting, is that that sed script considers the
variables names to match '[A-Za-z][A-Za-z0-9_]*'
And there we see why ATSPI2_PACKAGE does not match: it contains a
digit.
So, some build variables will inevitably override target ones.
Fix that by simply expanding the matching regexp to allow digits
in variable names.
Fixes:
http://autobuild.buildroot.org/results/a37/a37782b3cfc1a96cc129db8fade20a36a7b2d470/http://autobuild.buildroot.org/results/97e/97edc6a47d2140968e84b409cdc960604e5896f2/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Mario Lang <mlang@blind.guru>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch makes it possible to format the rootfs using btrfs. It
introduces the option; BR2_TARGET_ROOTFS_BTRFS.
When selected, the user is able to specify the filesystem size, label,
options, and node and sector sizes. The new files are based on
fs/ext2/{Config.in,ext2.mk}
Signed-off-by: Robert J. Heywood <robert.heywood@codethink.co.uk>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Thomas:
- fix issues pointed by Yann (duplicated empty line, missing quotes
around default values for string options)
- use -f option so that we don't have to remove the image file before
creating it again
- use the --byte-count option to set the filesystem size, which
avoids the need for doing a "truncate -s"
- remove the possible explanation of a mkfs.btrfs error. Indeed,
mkfs.btrfs automatically extends the size of the image as needed,
so the size passed can never be "too small".
- fix check-package warnings in Config.in file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When the dynamic/static library of i2c-tools is enabled it is installed
to the target destination. However, in order for external packages to
link against it, it must also be installed to staging.
Here, the flag is set to install the package to staging. The
INSTALL_STAGING command is included to complete the operation.
Signed-off-by: Brad Love <brad@nextdimension.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Extend i2c-tools SPDX identifiers to include the library license.
Also include COPYING.LGPL and README to license files.
The ic2-tools readme states:
LICENSE
Check the documentation of individual tools for licensing information.
The library is released under the LGPL version 2.1 or later, while most
tools are released under the GPL version 2 or later, but there are a few
exceptions.
Signed-off-by: Brad Love <brad@nextdimension.cc>
[Thomas: add hashes for COPYING.LGPL and README.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Extend i2c-tools SPDX identifiers to include the library license.
Also include COPYING.LGPL and README to license files.
The ic2-tools readme states:
LICENSE
Check the documentation of individual tools for licensing information.
The library is released under the LGPL version 2.1 or later, while most
tools are released under the GPL version 2 or later, but there are a few
exceptions.
Signed-off-by: Brad Love <brad@nextdimension.cc>
[Thomas: add hashes for COPYING.LGPL and README.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop upstream patch.
Cc: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The configure script now detects toolchain support for the -std=gnu90
flag. This fixes build with gcc older than 4.5.
Should fix:
http://autobuild.buildroot.net/results/802/802dd4d7eec058c2eb23e033ed3a093b110f4eda/
Cc: Robert J. Heywood <robert.heywood@codethink.co.uk>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Robert J. Heywood" <robert.heywood@codethink.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit adds a patch to RAUC that makes the eMMC boot partition
support optional. This allows RAUC to build successfully on systems
using Linux < 3.0.
Fixes:
http://autobuild.buildroot.net/results/7e1cbeb458cb6536a36eae0d24cefb36edb22f55/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Add kconfig help text that explains how to manually specify an
official Linux version to use for the kernel headers.
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patch 0001, applied upstream.
Replaced patch 0002 with a more generic solution as patch 0001.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jack2 audio server is part of buildroot, but the jack gst plugins are
disabled completely in gst1-plugins-good, whether or not jack2 is
selected. This changes the logic so that if the build system
determines that the jack2 audio server is selected, then the jack
plugins are enabled. If the plugins are enabled, then jack2 is also
added as a dependency to gst1-plugins-good.
Signed-off-by: Brad Love <brad@nextdimension.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch bumps the sam-ba package to version 2.18 and
adds hashes for license files.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites
through a timing side-channel
- CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through
a cache based side-channel
For more info, see the advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.samba.org/samba/history/samba-4.8.4.html
Fixes
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
These versions received their last updated more than three months ago
and are no longer supported according to
https://www.kernel.org/category/releases.html, so drop them and add
legacy entries.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: select an older kernel headers (4.9) rather than a newer one
(4.14) in the legacy handling of 4.10, 4.11, 4.12 and 4.13.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2018-15473: user enumeration vulnerability due to not delaying
bailout for an invalid authenticating user until after the packet
containing the request has been fully parsed.
Some OpenSSH developers don't consider this a security issue:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2018-August/037138.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
tini uses fork(), so needs an MMU.
Fixes:
http://autobuild.buildroot.org/results/410/410ad9ea6a6652a7db691f537acb38db279b996a/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
https://metacpan.org/changes/distribution/Crypt-OpenSSL-RSA
Added new build dependency to host-perl-crypt-openssl-guess and force
it to search for openssl in STAGING_DIR. Added license hash. Updated
_SITE according to scancpan.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
https://metacpan.org/changes/distribution/Crypt-OpenSSL-Random
Added new build dependency to host-perl-crypt-openssl-guess and force
it to search for openssl in STAGING_DIR. Added license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Needed for upcoming version bumps of perl-crypt-openssl-random and
perl-crypt-openssl-rsa, only host-package is needed.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As reported by Yann E. Morin, it is more readable when all disable
options are grouped together, and all enable options are grouped
together. Fix this in e2fsprogs.mk.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
e2fsprogs is only needed to build the btrfs-convert program, that
allows to convert an existing ext2 filesystem into a btrfs
filesystem. Not everybody needs to do that and making this dependency
optional is nicer, so this is what this patch does.
Note that btrfs-progs also supports converting from reiserfs, which is
why the --with-convert option supports a list of filesystems. Since
Buildroot has no package for the reiserfs library, we for now only
support the ext2 case, with e2fsprogs as a dependency.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The btrfs-convert tool is used to convert an existing ext2 or reiserfs
filesystem into a btrfs filesystem. On the host, this is not really
useful, so let's disable building this tool, which allows to drop the
host-e2fsprogs dependency.
The host-util-linux dependency becomes necessary: it was previously
brought as a second-order dependency of host-e2fsprogs, but since we
no longer depend on host-e2fsprogs, we now need to explicitly depend
on host-util-linux.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, the e2fsprogs package builds and installs only static
libraries, unless --enable-elf-shlibs is passed. For the target
variant, we pass the appropriate
--enable-elf-shlibs/--disable-elf-shlibs options, but not for the host
package, and therefore static e2fsprogs libraries get installed.
However, on the host, our policy is to build shared libraries and not
static libraries, as visible in the default configure options passed
to host package in pkg-autotools.mk (--enable-shared
--disable-static). Let's do the same with e2fsprogs.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, the lzo package builds and installs only a static
library. For the target variant, we pass the appropriate
ENABLE_STATIC/ENABLE_SHARED options, but not for the host package, and
therefore a static lzo library gets installed.
However, on the host, our policy is to build shared libraries and not
static libraries, as visible in the default configure options passed
to host package in pkg-autotools.mk (--enable-shared
--disable-static). Let's do the same with lzo.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Blobs for arm64(aarch64) and r8p1 version are now available at Bootlin
Github.
So:
- Bump version to latest commit:
For arm64 architecture and r8p1 version.
git shortlog --no-merges cb3e8ece9b2c3a70cbeb3204cd6f30eceaa32023..
Giulio Benetti (1):
Reorder folders splitting includes and libraries.
Maxime Ripard (6):
Move binaries to an arch subfolder
Make x11 binaries path consistent
Add r6p2 arm wayland blobs
Add r6p2 arm64 blobs
Add r8p1 fbdev blobs
Add r8p1 arm64 fbdev blobs
- Add support for them also under arm64(aarch64) architecture copying the
right blobs according to architecture(arm or arm64) checking if BR2_arm
or BR2_aarch64 is enabled.
Only BR2_arm needs to provide BR2_ARM_EABIHF, so check must be done only
in that case.
- Mali-blobs repository folder layout has been reordered, so modify path
when copying headers and libraries.
- When copying libraries copy only *.so* files to avoid useless files to
end into target folder.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>