It's missing the dependency on lua, hence when using the upcoming PPS
support its staging directory isn't populated with the required
dependencies resulting in build failure.
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit 9101ce5800 (runc: pass -extldflags '-static' on when
BR2_STATIC_LIBS=y) contained a small copy/paste error, FLANNEL_GLDFLAGS was
used instead of RUNC_GLDFLAGS.
[Peter: refer to exact commit]
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2016-7067.
Note that since version 5.20.0 monit optionally depends on zlib.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
And fix small CONF_OPTS assignment snafu.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a patch to <stdlib.h>, to fix a bug introduced in
uClibc-ng 1.0.20, and which was causing build failures for at least one
package in Buildroot: freeswitch.
Fixes:
http://autobuild.buildroot.net/results/12c246b058224f68494b84355a29dc4efb85df6d/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
"\r\n" sequences were not properly filtered when handling redirections.
This allowed an attacker to perform CRLF attacks such as HTTP header
injection:
https://github.com/bottlepy/bottle/issues/913
Python-bottle now uses setuptools instead of distutils.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2016-1254 - One byte past an allocated buffer read while parsing
hidden service descriptors:
https://blog.torproject.org/blog/tor-02812-released
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/dfe/dfec2c0626ab087325fd869bcbe0b9dc354d788c/
Busybox 1.26.0 gained separate config options for swapon / swapoff:
commit f417ffd88f194bbfd18605882ee242190c1bab34
Author: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon Nov 14 17:30:50 2016 +0100
Make swapon and swapoff individually selectable.
For example, without swapoff, code shrinks by 277 bytes.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
So adjust busybox.config and the logic to disable these applets for nommu
builds for the new names.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Added the pure-ftpwho config option. When selected, the --with-ftpwho
compiler option is passed which enabled the pure-ftpwho command.
Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
* Fix a NULL pointer dereference (#776026)
* Fix a memory leak (#776020)
* Avoid a buffer overrun in the qtif loader ($#775648)
* Fix a crash in the bmp loader (#775242)
* Fix crash opening pnm images with large dimensions (#775232)
* Prevent buffer overflow in the pixdata loader (#775693)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
These aren't supported upstream any more so remove the options and add
them to legacy.
Also switch the older deprecations that used 3.14.x to 3.12.x
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The option `BR2_LINUX_KERNEL_CUSTOM_LOCAL` no longer exists (see commit
e782cd5b1b [1]); removing the option. Note
that this legacy option has already been handled (Config.in.legacy) in
the mentioned commit.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The option `BR2_LINUX_KERNEL_CUSTOM_LOCAL` no longer exists (see commit
e782cd5b1b [1]); removing the option. Note
that this legacy option has already been handled (Config.in.legacy) in
the mentioned commit.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The rsyslog package provides input and output plugins for journald which
are disabled by default. The following adds the option to include
`imjournal` and `omjournal` modules when building for a systemd target.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configuration flags `--enable-systemd` and `--disable-systemd` do
not exist in rsyslog (and may have never existed; most likely copy-paste
from other packages which have said options); removing the options.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 3e3fef39e7 added new and improved
patch handling, with BR2_TARGET_UBOOT_PATCH. This was in addition to
the existing BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR option, that only
handled directories.
Later, commit 21b25d28fc moved the old
BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR to legacy options. But on the way,
bad things happened:
* The original option was a string, while the one added to Config.in.legacy
is a bool. This results in a warning from defconfigs that actually define
the old BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR (because a string is not a valid
value for a bool), but it does not result in the legacy option being
selected. Consequently, BR2_LEGACY is not selected either.
* The advice at the top of Config.in.legacy to add a hidden WRAP option
to select BR2_LEGACY was not heeded.
* The advice at the top of Config.in.legacy to use the old string
option as the default for the new string option was not heeded. In
this case, the variable was not just renamed, as the old option
supported directories only, while the new one supports files too.
But since the old option is a subset of the new option, it can still
be used to set a useful default.
So, this mod turns the legacy option back to a string, adds a hidden
bool WRAP option to set BR2_LEGACY when the string is non emoty, and
uses the legacy option to set the default for the new option.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The "command-line editing support was updated" does not indicate
the package name, unlike the other legacy options. This commit
adds "sqlite", to be nicer.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix out-of-bound access in create_url_list()
If there is an invalid URL in URLS->buf after a valid one, uri_parse is
called with out pointing after the allocated memory. As uri_parse writes
to *out before returning an error the loop in create_url_list must be
stopped early to prevent an out-of-bound access.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
If there's no registered handler for a POST request, the default behaviour
is to write it to the filesystem. Several million deployed devices appear
to have this behaviour, making it possible to (at least) store arbitrary
data on them. Add a configure option that enables this behaviour, and change
the default to just drop POSTs that aren't directly handled.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add two new dependencies:
python-contstantly: runtime only
python-incremental: both runtime and build-time dependency
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When google-breakpad has been updated to the latest version, the C++11
dependency has been added for the target variant only.
The C++11 dependency is also required for the host variant.
Fixes:
http://autobuild.buildroot.org/results/dce/dcecb17116c0cf400c98f0052c9bf71f15d0d398
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix build with ancient glibces.
Fixes:
http://autobuild.buildroot.net/results/bce/bcecdbbce4a99eb1e9bfbf519857bf94d8952037/
[Peter: patches configure.ac, so add WESTON_AUTORECONF = YES]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-10009 - ssh-agent(1): Will now refuse to load PKCS#11 modules
from paths outside a trusted whitelist
CVE-2016-10010 - sshd(8): When privilege separation is disabled,
forwarded Unix-domain sockets would be created by sshd(8) with the
privileges of 'root'
CVE-2016-10011 - sshd(8): Avoid theoretical leak of host private key
material to privilege-separated child processes via realloc()
CVE-2016-10012 - sshd(8): The shared memory manager used by
pre-authentication compression support had a bounds checks that could be
elided by some optimising compilers
http://seclists.org/oss-sec/2016/q4/708
Drop upstream patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As described at:
4520524ba0
this commit continues a series of updates of ARC tools.
This time we're updating tools to arc-2016.09 release version.
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This configuration provides a basic setup for using Buildroot
to create a sd-card image a BeagleBoard X15 board.
[Peter: use 512M ext4 partition, linux 4.9 and u-boot 2016.11]
Signed-off-by: Theo Debrouwere <Theo.Debrouwere@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
