This patch bumps the sam-ba package to version 2.18 and
adds hashes for license files.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites
through a timing side-channel
- CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through
a cache based side-channel
For more info, see the advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.samba.org/samba/history/samba-4.8.4.html
Fixes
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
These versions received their last updated more than three months ago
and are no longer supported according to
https://www.kernel.org/category/releases.html, so drop them and add
legacy entries.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: select an older kernel headers (4.9) rather than a newer one
(4.14) in the legacy handling of 4.10, 4.11, 4.12 and 4.13.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2018-15473: user enumeration vulnerability due to not delaying
bailout for an invalid authenticating user until after the packet
containing the request has been fully parsed.
Some OpenSSH developers don't consider this a security issue:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2018-August/037138.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
tini uses fork(), so needs an MMU.
Fixes:
http://autobuild.buildroot.org/results/410/410ad9ea6a6652a7db691f537acb38db279b996a/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
https://metacpan.org/changes/distribution/Crypt-OpenSSL-RSA
Added new build dependency to host-perl-crypt-openssl-guess and force
it to search for openssl in STAGING_DIR. Added license hash. Updated
_SITE according to scancpan.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
https://metacpan.org/changes/distribution/Crypt-OpenSSL-Random
Added new build dependency to host-perl-crypt-openssl-guess and force
it to search for openssl in STAGING_DIR. Added license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Needed for upcoming version bumps of perl-crypt-openssl-random and
perl-crypt-openssl-rsa, only host-package is needed.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As reported by Yann E. Morin, it is more readable when all disable
options are grouped together, and all enable options are grouped
together. Fix this in e2fsprogs.mk.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
e2fsprogs is only needed to build the btrfs-convert program, that
allows to convert an existing ext2 filesystem into a btrfs
filesystem. Not everybody needs to do that and making this dependency
optional is nicer, so this is what this patch does.
Note that btrfs-progs also supports converting from reiserfs, which is
why the --with-convert option supports a list of filesystems. Since
Buildroot has no package for the reiserfs library, we for now only
support the ext2 case, with e2fsprogs as a dependency.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The btrfs-convert tool is used to convert an existing ext2 or reiserfs
filesystem into a btrfs filesystem. On the host, this is not really
useful, so let's disable building this tool, which allows to drop the
host-e2fsprogs dependency.
The host-util-linux dependency becomes necessary: it was previously
brought as a second-order dependency of host-e2fsprogs, but since we
no longer depend on host-e2fsprogs, we now need to explicitly depend
on host-util-linux.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, the e2fsprogs package builds and installs only static
libraries, unless --enable-elf-shlibs is passed. For the target
variant, we pass the appropriate
--enable-elf-shlibs/--disable-elf-shlibs options, but not for the host
package, and therefore static e2fsprogs libraries get installed.
However, on the host, our policy is to build shared libraries and not
static libraries, as visible in the default configure options passed
to host package in pkg-autotools.mk (--enable-shared
--disable-static). Let's do the same with e2fsprogs.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, the lzo package builds and installs only a static
library. For the target variant, we pass the appropriate
ENABLE_STATIC/ENABLE_SHARED options, but not for the host package, and
therefore a static lzo library gets installed.
However, on the host, our policy is to build shared libraries and not
static libraries, as visible in the default configure options passed
to host package in pkg-autotools.mk (--enable-shared
--disable-static). Let's do the same with lzo.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Blobs for arm64(aarch64) and r8p1 version are now available at Bootlin
Github.
So:
- Bump version to latest commit:
For arm64 architecture and r8p1 version.
git shortlog --no-merges cb3e8ece9b2c3a70cbeb3204cd6f30eceaa32023..
Giulio Benetti (1):
Reorder folders splitting includes and libraries.
Maxime Ripard (6):
Move binaries to an arch subfolder
Make x11 binaries path consistent
Add r6p2 arm wayland blobs
Add r6p2 arm64 blobs
Add r8p1 fbdev blobs
Add r8p1 arm64 fbdev blobs
- Add support for them also under arm64(aarch64) architecture copying the
right blobs according to architecture(arm or arm64) checking if BR2_arm
or BR2_aarch64 is enabled.
Only BR2_arm needs to provide BR2_ARM_EABIHF, so check must be done only
in that case.
- Mali-blobs repository folder layout has been reordered, so modify path
when copying headers and libraries.
- When copying libraries copy only *.so* files to avoid useless files to
end into target folder.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This adds a new option to build the btrfs toolset for the host, which
can be useful to prepare a btrfs filesystem image for the target.
Signed-off-by: Robert J. Heywood <robert.heywood@codethink.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to ATF v1.4 (tested on the actual hardware).
Signed-off-by: Gustavo Pimentel <gustavo.pimentel@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ATF in version 1.2 fails to build with:
./build/juno/release/bl1/context_mgmt.o: In function `cm_prepare_el3_exit':
context_mgmt.c:(.text.cm_prepare_el3_exit+0x54): undefined reference to `cm_set_next_context'
context_mgmt.c:(.text.cm_prepare_el3_exit+0x54): relocation truncated to fit: R_AARCH64_JUMP26 against undefined symbol `cm_set_next_context'
This has been fixed in ATF v1.3. Even though there are even newer
versions of ATF available, we take a conservative approach, and bump
to the first version that has the build issue fixed.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/88314771
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://mariadb.com/kb/en/mariadb-10217-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10217-changelog/
Note that HOST_MARIADB_CONF_OPTS += -DWITH_SSL=bundled has been changed to
HOST_MARIADB_CONF_OPTS += -DWITH_SSL=OFF in order to prevent the following
configure error:
CMake Error at /usr/share/cmake-3.11/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
Could NOT find GnuTLS (missing: GNUTLS_LIBRARY GNUTLS_INCLUDE_DIR)
(Required is at least version "3.3.24")
Call Stack (most recent call first):
/usr/share/cmake-3.11/Modules/FindPackageHandleStandardArgs.cmake:378 (_FPHSA_FAILURE_MESSAGE)
/usr/share/cmake-3.11/Modules/FindGnuTLS.cmake:54 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
libmariadb/CMakeLists.txt:303 (FIND_PACKAGE)
RocksDB is also disabled to prevent the following build error in some
configurations:
./buildroot/output/build/mariadb-10.2.17/storage/rocksdb/rocksdb/utilities/backupable/backupable_db.cc:327:38: error: field 'result' has incomplete type 'std::promise<rocksdb::BackupEngineImpl::CopyOrCreateResult>'
std::promise<CopyOrCreateResult> result;
./buildroot/output/build/mariadb-10.2.17/storage/rocksdb/rocksdb/utilities/backupable/backupable_db.cc:378:37: error: field 'result' has incomplete type 'std::future<rocksdb::BackupEngineImpl::CopyOrCreateResult>'
std::future<CopyOrCreateResult> result;
./buildroot/output/build/mariadb-10.2.17/storage/rocksdb/rocksdb/utilities/backupable/backupable_db.cc:425:37: error: field 'result' has incomplete type 'std::future<rocksdb::BackupEngineImpl::CopyOrCreateResult>'
std::future<CopyOrCreateResult> result;
./buildroot/output/build/mariadb-10.2.17/storage/rocksdb/rocksdb/utilities/backupable/backupable_db.cc: In member function 'rocksdb::Status rocksdb::BackupEngineImpl::AddBackupFileWorkItem(std::unordered_set<std::basic_string<char> >&, std::vector<rocksdb::BackupEngineImpl::BackupAfterCopyOrCreateWorkItem>&, rocksdb::BackupID, bool, const string&, const string&, rocksdb::RateLimiter*, uint64_t, uint64_t, bool, std::function<void()>, const string&)':
./buildroot/output/build/mariadb-10.2.17/storage/rocksdb/rocksdb/utilities/backupable/backupable_db.cc:1366:38: error: aggregate 'std::promise<rocksdb::BackupEngineImpl::CopyOrCreateResult> promise_result' has incomplete type and cannot be defined
std::promise<CopyOrCreateResult> promise_result;
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes
configure: error: The skins2 module depends on the Qt interface. Without
it you will not be able to open any dialog box from the interface, which
makes the skins2 interface rather useless. Install the Qt development
package or alternatively you can also configure with: --disable-qt
--disable-skins2.
http://autobuild.buildroot.net/results/ddb/ddb1ab48adb9705c44ed3d6d800b6d01ad52ac8c/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes [1]:
../3rdparty/double-conversion/include/double-conversion/utils.h:81:2: error: #error Target architecture was not detected as supported by Double-Conversion.
#error Target architecture was not detected as supported by Double-Conversion.
[1] http://autobuild.buildroot.net/results/489/4891d96f45c64c2e66fe819bd4175cc1d6243a93
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The check_musl function currently builds a program and verifies if the
program interpreter starts with /lib/ld-musl. While this works fine
for dynamically linked programs, this obviously doesn't work for a
purely static musl toolchain such as [1].
There is no easy way to identify a toolchain as using the musl C
library. For glibc, dynamic linking is always supported, so we look at
the dynamic linker name. For uClibc, there is a distinctive
uClibc_config.h header file. There is no such distinctive feature in
musl.
We end up resorting to looking for the string MUSL_LOCPATH, which is
used by musl locale_map.c source file. This string has been present in
musl since 2014. It certainly isn't a very stable or convincing
solution to identify the C library as being musl, but it's the best we
could find.
Note that we are sure there is a libc.a file, because the
check_unusable_toolchain function checks that there is a such a file.
[1] http://autobuild.buildroot.net/toolchains/tarballs/br-arm-musl-static-2018.05.tar.bz2
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We sometimes create dangling symlinks in the target directory. That is
because we need canonical targets, as relative targets don't work well
with BR2_ROOTFS_MERGED_USR. For example, the vim package installs the
/bin/vi symlink to /usr/bin/vim. This symlink might be dangling when the
build host has no vim installed there.
Patch the busybox install.sh script to avoid clobber of dangling
symlinks.
Fixes:
http://autobuild.buildroot.net/results/796/796107430db6545401d9926e84f19eaf2040b756/
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Carlos Santos <casantos@datacom.com.br>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Until now, libaio contained some architecture specific code to do the
syscalls. In fact, it contained a generic variant of the code called
syscall-generic.h, but it was showing a warning when it was used, as
if it was "not safe". Consequently, in Buildroot, we had chosen to
support libaio only on a the subset of architectures that were
explicitly handled by libaio.
However, between 0.3.110 and 0.3.111, libaio upstream entirely dropped
the architecture-specific code:
https://pagure.io/libaio/c/97fd3fc0195500e616e34047cba4846164c411d9?branch=master
Consequently, in this patch, we:
- Bump libaio to 0.3.111.
- Switch to the new upstream at https://pagure.io/libaio/.
- Drop the 0001-arches.patch patch, which was adding support for
MIPS, since we no longer need architecture-specific code.
- Update the remaining patches, and Git-format one of them which
wasn't Git-formatted.
- Drop the BR2_PACKAGE_LIBAIO_ARCH_SUPPORTS option and all its uses.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the bump of lvm2 to 2.02.180 in commit
8e666bf29e, lvm2 needs libaio. This was
properly taken into account for the target lvm2 variant, but not the
host lvm2 variant. This commit adds host-libaio as a dependency of
host-lvm2.
Fixes:
http://autobuild.buildroot.net/results/f95dd353c17bdfd00fde6762e58aa32e6830b52b/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the bump of lvm2 to 2.02.180 in commit
8e666bf29e, lvm2 needs libaio. This was
properly taken into account for the target lvm2 variant, but not the
host lvm2 variant. In order to build the host lvm2, we now need
host-libaio, so this patch adds support for building libaio for the
host.
Part of fixing:
http://autobuild.buildroot.net/results/f95dd353c17bdfd00fde6762e58aa32e6830b52b/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Depending on the configuration, the cpp output may contain the string 'yes'
in a comment if built under a path containing 'yes', confusing the _AIX
test:
${CROSS}-cpp conftest.h
\# 1 "conftest.h"
\# 1 "<built-in>"
\# 1 "<command-line>"
\# 31 "<command-line>"
\# 1 "/home/peko/source/buildroot/output-yes/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/stdc-predef.h"
\# 32 "<command-line>" 2
\# 1 "conftest.txt"
If misdetected, the configure script adds -lc128 to LIBS, causing the
AC_CHECKS_FUNCS check for stat64 to fail, which in turn causes compilation
errors about redefinition of symbols:
In file included from ./src/include/pv-internal.h:9:0,
from src/pv/file.c:5:
./src/include/config.h:76:18: error: redefinition of 'struct stat'
# define stat64 stat
^
Fix it by only matching on 'yes' on a line by itself.
As pv doesn't cleanly autoreconf (it doesn't use automake and configure.in
is located in subdir), instead directly patch configure.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>