Commit Graph

35434 Commits

Author SHA1 Message Date
Peter Korsgaard
a0c4cf0f96 libminiupnpc: add upstream security fix for CVE-2017-8798
CVE-2017-8798: Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221
through v2.0 allows remote attackers to cause a denial of service or
possibly have unspecified other impact.

For more details including a PoC, see:
https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-22 00:00:13 +02:00
Ryan Coe
e6213e8ee6 mariadb: security bump to version 10.1.23
Fixes:

CVE-2017-3302 - Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and
5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29,
10.1.x through 10.1.21, and 10.2.x through 10.2.3.

CVE-2017-3313 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: MyISAM). Supported versions that are affected are
5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to
exploit vulnerability allows low privileged attacker with logon to the
infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized access
to critical data or complete access to all MySQL Server accessible data.

CVE-2017-3308 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are 5.5.54
and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. While the vulnerability is
in MySQL Server, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server.

CVE-2017-3309 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily
"exploitable" vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server. While the
vulnerability is in MySQL Server, attacks may significantly impact
additional products. Successful attacks of this vulnerability can result
in unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2017-3453 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily
"exploitable" vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2017-3456 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DML). Supported versions that are affected are 5.5.54
and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2017-3464 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.5.54
and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Server accessible data.

And a number of important, but non-security related fixes:

MDEV-12602: Fixed some race conditions in InnoDB encryption

MariaDB Backup alpha introduced

Galera wsrep library updated to 25.3.20

For details, see the release notes:
https://mariadb.com/kb/en/mariadb/mariadb-10123-release-notes/

[Peter: drop COPYING.LESSER and add a reference to the bugtracker issue
	explaining why]
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-21 23:55:38 +02:00
Peter Korsgaard
8644a83bd8 dropbear: security bump to version 2017.75
Fixes:

- CVE-2017-9078: A double-free in the server could be triggered by an
  authenticated user if dropbear is running with -a (Allow connections to
  forwarded ports from any host) This could potentially allow arbitrary code
  execution as root by an authenticated user.  Affects versions 2013.56 to
  2016.74.  Thanks to Mark Shepard for reporting the crash.

- CVE-2017-9079: Dropbear parsed authorized_keys as root, even if it were a
  symlink.  The fix is to switch to user permissions when opening
  authorized_keys.
  A user could symlink their ~/.ssh/authorized_keys to a root-owned file
  they couldn't normally read.  If they managed to get that file to contain
  valid authorized_keys with command= options it might be possible to read
  other contents of that file.  This information disclosure is to an already
  authenticated user.  Thanks to Jann Horn of Google Project Zero for
  reporting this.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-21 23:32:16 +02:00
Peter Korsgaard
8213190bfa linux: bump default version to 4.11.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-21 23:32:10 +02:00
Peter Korsgaard
daf1c35025 linux-headers: bump 4.{4, 9, 10, 11}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-21 23:32:02 +02:00
Bernd Kuhls
509eb19191 DEVELOPERS: add myself to alsa-{lib, utils}
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-21 20:35:05 +02:00
Baruch Siach
4d1c2c82e8 toolchain: limit musl workaround to kernel headers 3.12+
The libc-compat.h first appeared in kernel version 3.12. Trying to build a
musl toolchain using earlier headers leads to the following failure:

/bin/sed: can't read .../output/host/usr/arm-buildroot-linux-musleabi/sysroot/usr/include/linux/libc-compat.h: No such file or directory
package/pkg-generic.mk:266: recipe for target '.../output/build/toolchain/.stamp_staging_installed' failed

Don't apply the sed patch to older headers.

Reported-by: Florent Jacquet <florent.jacquet@free-electrons.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-19 15:29:21 +02:00
Thomas Petazzoni
15423bd46e cppcms: fix build on machines with libgpg-error installed
In configuration where target architecture == host architecture, and
libgpg-error is installed system-wide with development files, the build
of cppcms fails with:

/home/test/buildroot/output/host/usr/bin/x86_64-amd-linux-gnu-g++  --sysroot=/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -Wall -Wextra  -DNDEBUG   CMakeFiles/base64_test.dir/tests/base64_test.cpp.o  -o base64_test  -L/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib -Wl,-rpath,/home/test/buildroot/output/build/cppcms-1.0.5:/home/test/buildroot/output/build/cppcms-1.0.5/booster:/usr/lib -rdynamic libcppcms.so.1.0.5 booster/libbooster.so.0.0.3 -lpthread /home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libpcre.so /home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so /home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libdl.so /home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libz.so
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_err_set_errno@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpgrt_lock_init@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpgrt_lock_destroy@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_err_code_from_syserror@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_err_code_from_errno@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpgrt_lock_unlock@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_strerror@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpg_strsource@GPG_ERROR_1.0'
/home/test/buildroot/output/host/usr/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libgcrypt.so: undefined reference to `gpgrt_lock_lock@GPG_ERROR_1.0'

The problem comes from the
"-Wl,-rpath,/home/test/buildroot/output/build/cppcms-1.0.5:/home/test/buildroot/output/build/cppcms-1.0.5/booster:/usr/lib"
option, which tells the linker to search for libraries in /usr/lib.

This commit fixes that by asking CMake to not add any rpath when
building cppcms.

Fixes:

  http://autobuild.buildroot.net/results/a7eb1ede552ae14f409cfd7bd877bcf25ca69a74/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-19 15:11:35 +02:00
Thomas Petazzoni
19e78e509e oracle-mysql: add patch to fix gcc 6.x build issue
Fixes:

 http://autobuild.buildroot.net/results/61074b69b81cd5c17a7f74dc1f7b31f3fc35fd8a/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-17 22:24:14 +02:00
Luca Ceresoli
d332f2c521 support/testing: simplify logging by keeping the log file open
We currently call infra.smart_open() to open log files each time we
need to write to them.

Opening the file once in the constructor of Builder and Emulator and
writing to it whenever needed is simpler and slightly more efficient.

Remove smart_open and instead create a new open_log_file() function
which just opens the logfile. Also let it compute the filename, in
order to simplify even further the Builder and Emulator code.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-17 21:59:58 +02:00
Luca Ceresoli
fa3c5cad44 support/testing/run-tests: help: put the one-letter form before the long form
This is what the manpages usually do, and what Python does with the
automatically-added -h/--help parameter:

Before the change:
  $ ./support/testing/run-tests
    [...]
  optional arguments:
    -h, --help            show this help message and exit
    --list, -l            list of available test cases
    --all, -a             execute all test cases

After the change:
  $ ./support/testing/run-tests
    [...]
  optional arguments:
    -h, --help            show this help message and exit
    -l, --list            list of available test cases
    -a, --all             execute all test cases

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-17 21:56:49 +02:00
Luca Ceresoli
ee72dbe576 support/testing: document get_elf_prog_interpreter
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-17 21:56:38 +02:00
Luca Ceresoli
52258901ec support/testing: rename check_broken_links to has_broken_links
has_broken_links makes it self-explanatory that this is a predicate
function, and that the return value tells whether there _are_ broken
links, not the opposite.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-17 21:56:32 +02:00
Peter Korsgaard
f8e1fdbe97 gnutls: bump version to 3.5.12
For details, see the release notes:

https://lists.gnupg.org/pipermail/gnutls-devel/2017-May/008427.html
https://lists.gnupg.org/pipermail/gnutls-devel/2017-April/008393.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-17 21:55:04 +02:00
Peter Korsgaard
be8d1efd1e fbgrab: explicitly build fbgrab target to workaround gzip issue
Fixes #9871

gzip reads default command line options from the environment variable GZIP.
The fbgrab Makefile internally also uses a GZIP make variable to know what
command to use to compress the manpage. Unfortunaly make will export the
value of this make variable to the environment if GZIP is already present in
the enviroment, confusing gzip (as 'gzip' isn't a valid command line argument).

This can either be triggered by users having GZIP set in their environment
(E.G.  for custom options), or by enabling BR2_REPRODUCIBLE, where we use
this feature to force the -n option (to not store name/timestamp) to gzip.

We don't really need to compress the manpage as it isn't installed anyway,
so work around the issue by only building the fbgrab application.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-17 21:48:27 +02:00
Thomas Petazzoni
7fde83cdf0 ntp: add patch to fix -fPIC issue
This commit adds a patch that fixes the build on AArch64 and MIPS of the
ntp package, which was caused by some parts of ntp being built without
-fPIC.

Fixes:

  [aarch64] http://autobuild.buildroot.net/results/866b1d28595efd8b6becf83d0a64b596538d58b0
  [mips]    http://autobuild.buildroot.net/results/c2a945855172970736a8ffea9c564f029a023344

Thanks to Romain Naour for the initial analysis.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-17 21:46:14 +02:00
Matt Weber
2677210f54 libqmi: move canonicalize_file_name()
Previously was defined in qmi-util.h to fix musl
compatibility.  It was missed that this is a shared
header which causes other dependent package builds
to fail, so the static definition was moved into the
implementation where it was used.

Upstream bug report has been updated and this resolves
the following autobuilder related failures.

 http://autobuild.buildroot.net/results/fe9b6b1b1399a4e8aafc6a326c81ec97c2480025
 http://autobuild.buildroot.net/results/40eef797b4d8d53fc6e10f2048316d63549caf6d

test-pkg testing was performed against 10 random toolchains

++ Config snippet ++
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_PACKAGE_MODEM_MANAGER_LIBQMI=y
BR2_PACKAGE_MODEM_MANAGER=y
BR2_PACKAGE_LIBQMI=y

++ Tested Toolchains ++ (Verified I hit all libc variants)
br-arm-cortex-a9-musl
br-arm-full-static
br-m68k-68040-full    (uclibc)
br-mips32r6-el-hf-glibc
br-mips64-n64-full
br-mips64r6-el-hf-glibc
br-mipsel-o32-full
br-sparc64-glibc
linaro-arm
sourcery-arm

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-17 21:24:41 +02:00
Bartosz Golaszewski
f884abe4de package/pulseview: fix a build issue
Backport an upstream patch fixing the build issue related to boost
math definitions.

Fixes:
http://autobuild.buildroot.net/results/e9f/e9f3f175e203529c44ecf92a34b82a0b3a473e34/

Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-17 14:26:52 +02:00
Thomas Petazzoni
beb6524225 rabbitmq-c: openssl/popt sub-options don't work in static linking
rabbitmq-c currently fails to build in a number of static linking
situations, due to two issues:

 - CMake FindOpenSSL module is buggy. Even though it uses pkg-config,
   it doesn't use the information returned by pkg-config, and
   therefore doesn't know about second order libraries that need be
   part of the link for static linking to succeed. Due to this, -lz is
   not passed, and therefore rabbitmq-c fails when linking against
   libssl/libcrypto. This issue has been reported to upstream CMake at
   https://gitlab.kitware.com/cmake/cmake/issues/16885.

 - popt might use libintl, but CMake doesn't know about that. For
   autotools based packages, we typically work around this by passing
   LIBS=, but CMake apparently has no equivalent to LIBS=.

To workaround this, we only use the OpenSSL and Popt optional
dependencies in dynamic linking situations.

Fixes:

  http://autobuild.buildroot.net/results/798dbe5e5fd0463bb2066cb115656795144c327f/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-17 10:57:17 +02:00
Peter Korsgaard
8ab8f10afa Update for 2017.05-rc2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-17 10:27:16 +02:00
Peter Seiderer
4b4fc27e1a qt5declarative: fix examples compile without OpenGL support
Fixes [1]:

   main.cpp:(.text._ZN11QQmlPrivate10createIntoI6FbItemEEvPv[_ZN11QQmlPrivate10createIntoI6FbItemEEvPv]+0x18): undefined reference to `QQuickFramebufferObject::QQuickFramebufferObject(QQuickItem*)'
   .obj/main.o: In function `QQmlPrivate::QQmlElement<FbItem>::~QQmlElement()':
   main.cpp:(.text._ZN11QQmlPrivate11QQmlElementI6FbItemED2Ev[_ZN11QQmlPrivate11QQmlElementI6FbItemED5Ev]+0x5c): undefined reference to `vtable for QQuickFramebufferObject'
   .obj/main.o: In function `QQmlPrivate::QQmlElement<FbItem>::~QQmlElement()':
   main.cpp:(.text._ZN11QQmlPrivate11QQmlElementI6FbItemED0Ev[_ZN11QQmlPrivate11QQmlElementI6FbItemED0Ev]+0x64): undefined reference to `vtable for QQuickFramebufferObject'
   .obj/main.o:(.data.rel.ro._ZTVN11QQmlPrivate11QQmlElementI6FbItemEE[_ZTVN11QQmlPrivate11QQmlElementI6FbItemEE]+0x48): undefined reference to `QQuickFramebufferObject::isTextureProvider() const'
   .obj/main.o:(.data.rel.ro._ZTVN11QQmlPrivate11QQmlElementI6FbItemEE[_ZTVN11QQmlPrivate11QQmlElementI6FbItemEE]+0x4c): undefined reference to `QQuickFramebufferObject::textureProvider() const'
   .obj/main.o:(.data.rel.ro._ZTVN11QQmlPrivate11QQmlElementI6FbItemEE[_ZTVN11QQmlPrivate11QQmlElementI6FbItemEE]+0xb4): undefined reference to `QQuickFramebufferObject::geometryChanged(QRectF const&, QRectF const&)'
   .obj/main.o:(.data.rel.ro._ZTVN11QQmlPrivate11QQmlElementI6FbItemEE[_ZTVN11QQmlPrivate11QQmlElementI6FbItemEE]+0xb8): undefined reference to `QQuickFramebufferObject::updatePaintNode(QSGNode*, QQuickItem::UpdatePaintNodeData*)'
   .obj/main.o:(.data.rel.ro._ZTVN11QQmlPrivate11QQmlElementI6FbItemEE[_ZTVN11QQmlPrivate11QQmlElementI6FbItemEE]+0xbc): undefined reference to `QQuickFramebufferObject::releaseResources()'
   .obj/moc_fbitem.o: In function `FbItem::qt_metacast(char const*)':
   moc_fbitem.cpp:(.text+0x70): undefined reference to `QQuickFramebufferObject::qt_metacast(char const*)'
   .obj/moc_fbitem.o: In function `FbItem::qt_metacall(QMetaObject::Call, int, void**)':
   moc_fbitem.cpp:(.text+0x80): undefined reference to `QQuickFramebufferObject::qt_metacall(QMetaObject::Call, int, void**)'
   .obj/moc_fbitem.o: In function `FbItem::~FbItem()':
   moc_fbitem.cpp:(.text._ZN6FbItemD2Ev[_ZN6FbItemD5Ev]+0x38): undefined reference to `vtable for QQuickFramebufferObject'
   .obj/moc_fbitem.o: In function `FbItem::~FbItem()':
   moc_fbitem.cpp:(.text._ZN6FbItemD0Ev[_ZN6FbItemD0Ev]+0x40): undefined reference to `vtable for QQuickFramebufferObject'
   .obj/moc_fbitem.o:(.data.rel.ro+0x8): undefined reference to `typeinfo for QQuickFramebufferObject'
   .obj/moc_fbitem.o:(.data.rel.ro+0x58): undefined reference to `QQuickFramebufferObject::isTextureProvider() const'
   .obj/moc_fbitem.o:(.data.rel.ro+0x5c): undefined reference to `QQuickFramebufferObject::textureProvider() const'
   .obj/moc_fbitem.o:(.data.rel.ro+0xc4): undefined reference to `QQuickFramebufferObject::geometryChanged(QRectF const&, QRectF const&)'
   .obj/moc_fbitem.o:(.data.rel.ro+0xc8): undefined reference to `QQuickFramebufferObject::updatePaintNode(QSGNode*, QQuickItem::UpdatePaintNodeData*)'
   .obj/moc_fbitem.o:(.data.rel.ro+0xcc): undefined reference to `QQuickFramebufferObject::releaseResources()'
   .obj/moc_fbitem.o:(.data.rel.ro+0xf0): undefined reference to `QQuickFramebufferObject::staticMetaObject'

[1] http://autobuild.buildroot.net/results/64a/64a198397736db12b73c1f693dbe1c47d73b53da

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-16 23:47:10 +02:00
Thomas Petazzoni
ef9ffa3426 protobuf: link with libatomic when needed
The protobuf library uses atomic intrinsics, so we need to link
against libatomic.

Fixes the build of protobuf on Sparc:

  http://autobuild.buildroot.net/results/f3d76eaebd529a61bce849e355182c60f233ed06/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-16 23:00:26 +02:00
Peter Korsgaard
4e00f9daa0 gcc: drop unused legacy arc-2016.09 patch
This was forgotten when the arc toolchain version was bumped.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-16 21:24:02 +02:00
Romain Naour
5270553b90 package/boost: disable boost-locale for static only build with icu
Boost fails to build with the following error:

error: Tried to build the target twice, with property sets having
error: these incompatible properties:
error:
error:     -  <runtime-link>static <warnings>all
error:     -  <runtime-link>shared <warnings>on

when the following conditions are met:

 - BR2_STATIC_LIBS=y
 - BR2_PACKAGE_ICU=y
 - BR2_PACKAGE_BOOST_LOCALE=y
 - Another BR2_PACKAGE_BOOST_xyz option is enabled, which enables a
   feature not provided just by header files, but that requires
   building a library.

In such a situation, Boost absolutely wants to build the libboost
libraries as shared libraries. Not having boost-locale, or not having
icu is sufficient to avoid the issue.

So, as a simple work-around, we prevent from building boost-locale
when icu and static linking are used.

Fixes:

  http://autobuild.buildroot.net/results/c8f7aa85f5791d8ae8cf4b9085788adc5152286f/

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
 - only disable boost-locale when icu is enabled
 - improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-16 09:45:35 +02:00
Thomas Petazzoni
af486457df fxload: disable on Microblaze
gcc on Microblaze is affected by PR63261, which causes a build failure
when optimization *and* debugging symbols are enabled. Since anyway
fxload is unlikely to be useful on Microblaze, let's disable this
package on this architecture.

Fixes:

  http://autobuild.buildroot.net/results/24640a042d84f45339246c0a18e10905494b2199/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-16 09:38:38 +02:00
Peter Korsgaard
4ebd2fa277 rtmpdump: security bump to current HEAD
Fixes:

- CVE-2015-8271: The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows
  remote RTMP Media servers to execute arbitrary code
  https://www.talosintelligence.com/reports/TALOS-2016-0067/

- CVE-2015-8272: RTMPDump 2.4 allows remote attackers to trigger a denial of
  service (NULL pointer dereference and process crash).
  https://www.talosintelligence.com/reports/TALOS-2016-0068/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-16 09:25:32 +02:00
Peter Korsgaard
4a146b933e git: security bump to version 2.12.3
Fixes CVE-2017-8386 - Git Shell Bypass By Abusing Less

For more details, see:
https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
http://www.mail-archive.com/git@vger.kernel.org/msg120982.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-16 09:25:28 +02:00
Peter Korsgaard
954509fb84 rpcbind: add upstream security fix for CVE-2017-8779
CVE-2017-8779: rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc
through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC
data size during memory allocation for XDR strings, which allows remote
attackers to cause a denial of service (memory consumption with no
subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.

For more details, see:
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/

Backport upstream fix to version 0.2.3 and unconditionally include syslog.h
to fix a build issue when RPCBIND_DEBUG is disabled (which it is in
Buildroot).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-16 09:24:01 +02:00
Romain Naour
1dd696ffe2 package/x11vnc: fix build issue with --without-ssl
Fixes:
http://autobuild.buildroot.net/results/873/873ed8f2ade1d969abdff15b7b6d63e04819af9a

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-16 09:23:13 +02:00
Vicente Olivert Riera
f9aee682f9 php: bump version to 7.1.5
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-15 23:07:48 +02:00
Romain Naour
2a1401fa92 package/faketime: fix build with gcc >= 6
Upstream added -Wno-nonnull-compare to disable this error [1].

Fixes:
libfaketime.c:513:7: error : nonnull argument « buf » compared to NULL [-Werror=nonnull-compare]
    if (buf != NULL)
       ^
[1] 47e958b753

[Peter: add upstream git commit id to patch]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-15 20:23:49 +02:00
Vicente Olivert Riera
86d902035d ffmpeg: bump version to 3.3.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-15 20:14:46 +02:00
Alexey Brodkin
2b360bd547 gcc: arc-2017.03-rc2: Fix "unrecognized supposed constant" error
This fixes the following problem:
------------------------------------>8--------------------------------
arc-linux-gcc -c -Os -fPIC iso9660.i
iso9660.c: In function 'strip_trail':
iso9660.c:155:1: error: unrecognized supposed constant
 }
 ^
(unspec:SI [
        (symbol_ref:SI ("*.LANCHOR1") [flags 0x182])
    ] ARC_UNSPEC_GOTOFFPC)
iso9660.c:155:1: internal compiler error: in arc_legitimate_constant_p, at config/arc/arc.c:6028
------------------------------------>8--------------------------------

Found by Buildroot autobuilder [1].

The fix [2] is in arc-2017.03 development branch of ARC GCC and once it
becomes a part the next release of ARC tools this should be removed
from Buildroot.

[1] http://autobuild.buildroot.net/results/c90/c909e8c397ab972b6aa4d370572cad4fae284d00/build-end.log
[2] 139fed9d29

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-15 20:07:06 +02:00
Vicente Olivert Riera
1dc3864dab linux: bump default version to 4.11.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-15 17:59:27 +02:00
Vicente Olivert Riera
5879cc71dd linux-headers: bump 4.{4, 9, 10, 11}.x series
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-15 17:59:16 +02:00
Thomas Petazzoni
a8bd6c4072 libv4l: add patch to link qv4l2 tool with librt
The qv4l2 tool in libv4l uses clock_gettime(), so it should link
against librt to build properly with old versions of glibc. Therefore,
we add a patch to libv4l to fix this issue. Autoreconfiguring libv4l
is now necessary since the patch touches Makefile.am.

Fixes:

  http://autobuild.buildroot.net/results/5dff0ec19205e02f6ee373d34cb79f39ac25b609/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-14 22:18:55 +02:00
Romain Naour
00f6de5fc7 package/bluez_utils: select BR2_PACKAGE_CHECK
Commit [1] added check package to bluez_utils dependencies without
selecting it at Kconfig level.

Fixes:
Makefile:535: *** check is in the dependency chain of bluez_utils that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in.

[1] 8554be9f82

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-14 21:57:34 +02:00
Romain Naour
a4aaf6eae0 package/opencv3: disable explicitly lapack support
lapack support is enabled by default but the opencv3.mk doesn't handle
this dependency yet.

Fixes:
http://autobuild.buildroot.net/results/c8a/c8a25af38c405594722b44aef34e5e4c549639db

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-14 21:57:31 +02:00
Romain Naour
d09d3a7fa0 package/bluez_utils: fix test build issues with musl
Add one missing header and avoid encrypt redefinition.

Fixes:
http://autobuild.buildroot.net/results/06c/06c930d9c5299b79500d018ac3fb2861ce834c7c/

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-14 16:04:30 +02:00
Romain Naour
8554be9f82 package/bluez_utils: add missing check dependency for test program
Tests are enabled since this has been introduced [1], so keep
them for now.

bluez_utils needs check tool and check if it's available [2].

[1] 06c3e21596
[2] https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/configure.ac?h=4.101#n51

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-14 16:04:04 +02:00
Romain Naour
d5fec33bd5 package/bluez_utils: add missing host-pkgconf dependency
The configure script use pkg-config.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-14 15:57:37 +02:00
Romain Naour
f937bbb716 package/binutils: finalize the bump ARC tools to arc-2017.03-rc2
The commit bumping ARC tools to arc-2017.03-rc2 [1] forgot to
update the ARC tools version in binutils.mk

[1] 0437372820

Fixes:
http://autobuild.buildroot.net/results/f9c/f9c40610209fc22ac8c0db6bd57bd3b11bbe6d9c

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-14 14:39:06 +02:00
Thomas Petazzoni
be95978f3c .gitlab-ci.yml: regenerate after snps_archs38_zebu_defconfig rename
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-14 13:56:38 +02:00
Thomas Petazzoni
6714d79a22 openblas: SPARC support is for Sparc v9
Makefile.sparc in the openblas source code passes -mcpu=v9, i.e it
assumes a SPARCv9 CPU. Therefore, this commit adjusts openblas
Config.in file so that SPARC is only used for BR2_sparc_v9.

Fixes:

  http://autobuild.buildroot.net/results/805087e87b8bb7d11adb49d9eca3959a37aca3a2/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-13 16:09:53 +02:00
Thomas Petazzoni
459f7302df libcdio: disable on ARC, triggers a toolchain bug
libcdio doesn't build on ARC, with the following compiler error:

iso9660.c:155:1: error: unrecognized supposed constant
[...]
iso9660.c:155:1: internal compiler error: in arc_legitimate_constant_p, at config/arc/arc.c:6028
Please submit a full bug report,

Since this has been happening for a while and is quite noisy in the
autobuilders results, we disable this package on ARC.

Fixes:

  http://autobuild.buildroot.net/results/e837737abaea851bea428a35ea9d3395a6565c54/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-13 15:33:35 +02:00
Yann E. MORIN
48d5bebe76 package/mke2img: check nb_blocks is specified
Since we do not have autocalculation anymore, the user must specify the
exact number of blocks.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-13 15:16:59 +02:00
Thomas Petazzoni
205c528304 radvd: fix build with 4.11 kernel headers
Since the introduction of 4.11 kernel headers in Buildroot, radvd has
failed to build with all toolchains using this kernel header version.

The issue comes from the fact that radvd includes both <net/if_arp.h>
and <linux/if_arp.h> if they are available. Until 4.11,
<linux/if_arp.h> was in fact not included, because the
AC_CHECK_HEADERS() test concluded this header was unsuitable. This has
been fixed in the upstream kernel by commit
2618be7dccf8739b89e1906b64bd8d551af351e6 ("uapi: fix linux/if.h
userspace compilation errors"). So now, the radvd configure script
considers both <net/if_arp.h> and <linux/if_arp.h> as suitable
headers, and includes both of them, leading to the duplicate
definition of various types.

Since it's redundant to include both <net/if_arp.h> and
<linux/if_arp.h>, we simply force radvd to believe that
<linux/if_arp.h> is not available by passing the appropriate autoconf
cache variable. This gets us back to the previous situation, where
<linux/if_arp.h> was never used.

This has been tested with a uClibc toolchain using 4.11 kernel
headers, and verified to work on glibc and musl with older kernel
headers as well.

Fixes:

  http://autobuild.buildroot.net/results/949a75d96299394e4ac957746fa23a4b52f31b43/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-13 15:13:56 +02:00
Yann E. MORIN
4c0aacbc31 core/download: fix source check for git method
Running foo-source-check on packages retrieved from git fails.

This is because there is no associated stamp file, so we do not have a
rule-assignment that sets PKG for foo-source-check.

But it does not make sense to have a stamp file at all, because
source-check is not supposed to change anything: the status after is
exactly the same as before; nothing is downlaoded, so there is no
progress (whatsoever) to memorise.

Fix that by just defining PKG in the source-check rule definition.

Fixes #9796.

Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-13 15:08:41 +02:00
Yann E. MORIN
dff77face5 package/odroid-scripts: relax dependencies to include armeb
odroid-scripts are just scripts, so they should also work on a armeb
board.

Besides, odroid-mali selects it, but it only depends on arm-eabihf,
which means armeb is not ruled out.

Fixes unmet dependencies (with BR2_armeb=y):
    warning: (BR2_PACKAGE_ODROID_MALI) selects BR2_PACKAGE_ODROID_SCRIPTS
    which has unmet direct dependencies(BR2_aarch64 || BR2_arm)

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-13 15:07:01 +02:00
Alexey Brodkin
0437372820 toolchain: Bump ARC tools to arc-2017.03-rc2
This commit bumps ARC toolchain to arc-2017.03-rc2

Please note that it is a release candidate and it might contain some
breakages, please don't use it for production builds.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-13 15:05:18 +02:00