Commit Graph

39749 Commits

Author SHA1 Message Date
Baruch Siach
88ec06ad48 procps-ng: security bump to version 3.3.15
Drop upstream patch.

This release fixes the issues listed below.

CVE-2018-1122: Local privilege escalation in top

CVE-2018-1123: Denial of service in ps

CVE-2018-1124: Local privilege escalation in libprocps

CVE-2018-1125: Stack buffer overflow in pgrep

CVE-2018-1126: Integer overflow in proc/alloc

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fe07577181)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:04:23 +02:00
Baruch Siach
52e42fd71a procps-ng: fix build for sparc
Add a patch taken from upstream bug report to fix wrong signal undefined
in sparc.

Fixes:
http://autobuild.buildroot.net/results/b02/b02bd2e4032287d3c5c58255d621ef785c5d1380/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a9a64b7207)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:04:16 +02:00
Baruch Siach
53e038321c procps-ng: fix build without wide character support
Define OFF_XTRAWIDE to disable use of wchar API when the toolchain does
not support that.

Fixes:
http://autobuild.buildroot.net/results/b96/b96d29d64f455726a53a7adcfd3edd546346201c/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a76fb61aae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:04:02 +02:00
Baruch Siach
b948d96fc1 procps-ng: bump to version 3.3.14
Drop upstream patches.

Add secure SHA256 hash.

Add license files hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 603a4922c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:03:55 +02:00
Peter Korsgaard
7eb3daddde wavpack: add upstream security fixes
Fixes the following security issues:

CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier.  The
WAV parser component contains a vulnerability that allows writing to memory
because ParseRiffHeaderConfig in riff.c does not reject multiple format
chunks.

CVE-2018-10537: An issue was discovered in WavPack 5.1.0 and earlier.  The
W64 parser component contains a vulnerability that allows writing to memory
because ParseWave64HeaderConfig in wave64.c does not reject multiple format
chunks.

CVE-2018-10538: An issue was discovered in WavPack 5.1.0 and earlier for WAV
input.  Out-of-bounds writes can occur because ParseRiffHeaderConfig in
riff.c does not validate the sizes of unknown chunks before attempting
memory allocation, related to a lack of integer-overflow protection within a
bytes_to_copy calculation and subsequent malloc call, leading to
insufficient memory allocation.

CVE-2018-10539: An issue was discovered in WavPack 5.1.0 and earlier for
DSDiff input.  Out-of-bounds writes can occur because
ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown
chunks before attempting memory allocation, related to a lack of
integer-overflow protection within a bytes_to_copy calculation and
subsequent malloc call, leading to insufficient memory allocation.

CVE-2018-10540: An issue was discovered in WavPack 5.1.0 and earlier for W64
input.  Out-of-bounds writes can occur because ParseWave64HeaderConfig in
wave64.c does not validate the sizes of unknown chunks before attempting
memory allocation, related to a lack of integer-overflow protection within a
bytes_to_copy calculation and subsequent malloc call, leading to
insufficient memory allocation.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bc73055757)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:02:07 +02:00
Fabio Estevam
5886f699b4 linux-headers: bump 4.{9, 14, 16}.x series
[Peter: drop 4.16.x change]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1d8afca9c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:01:26 +02:00
Thomas Petazzoni
add9745f5b ltrace: fix visibility of Config.in comment
The BR2_PACKAGE_LTRACE option has some architecture dependencies, but
those architecture dependencies are not taken into account for the
Config.in comment.

To fix this, this commit introduces a BR2_PACKAGE_LTRACE_ARCH_SUPPORTS
hidden boolean that gets used by both the BR2_PACKAGE_LTRACE option
and the Config.in comment.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit af72a42b0a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:00:02 +02:00
Thomas Petazzoni
5c1326c653 ltrace: remove bogus comment in Config.in file
In commit dfaa18af00 ("ltrace: disable
on mips/mipsel"), ltrace was disabled on mips/mipsel due to build
issues, and a comment was added in the Config.in file to explain that
even though ltrace has mips/mipsel support, it isn't enabled because
it doesn't build.

Then, in commit d23cce19c2 ("ltrace:
enable for mips/mipsel"), the build of ltrace on mips/mipsel was
re-enabled, because it has been fixed upstream.

However, the comment in the Config.in comment was not removed in this
commit. Due to this, we have a comment that says "we don't allow
enabling ltrace on mips/mipsel" and the line right below precisely
allows to enable ltrace on mips/mipsel.

Fix this inconsistency by removing the no longer valid comment.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0f711e71c2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:59:48 +02:00
Bernd Kuhls
079773ed15 package/transmission: remove BR2_PACKAGE_TRANSMISSION_REMOTE
Commit 6e223241e1 ("Add Transmission
package"), which added the transmission package, introduced a
BR2_PACKAGE_TRANSMISSION_REMOTE Config.in option, supposedly matching
the --enable-remote/--disable-remote transmission option.

However, transmission as of version 2.33 packaged by this initial
commit, did not have a --enable-remote/--disable-remote option, and it
was apparently never part of transmission.

Therefore, this commit removes this useless option. Since the
transmission-remote tool is automatically built when the daemon is
enabled, the Config.in.legacy handling selects
BR2_PACKAGE_TRANSMISSION_DAEMON.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 79a678d774)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:57:19 +02:00
Bernd Kuhls
e7c5ad5d1a package/transmission: fix inotify configure option
The configure option is really called --with-inotify:
https://github.com/transmission/transmission/blob/2.9x/configure.ac#L211

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit acadbe6393)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:55:29 +02:00
Bernd Kuhls
1e3e52d303 package/transmission: fix systemd support
Patch 0006-libsystemd.patch backports an upstream commit which renames
the systemd configure option.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b27bcedccb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:55:20 +02:00
Carlos Santos
d3814a9885 transmission: don't test if the binary exists in the init script
The test doesn't make sense. It just exits without any error if the
binary doesn't exist, which is silly.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 296f148c15)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:55:12 +02:00
Fabrice Fontaine
9902742bcc zmqpp: fix build with or1k and gcc < 6
Use CONFIG variable to disable optimizations when or1k and gcc < 6 are
detected otherwise set CONFIG to release or debug depending on
BR2_ENABLE_DEBUG

Fixes:
 - http://autobuild.buildroot.net/results/523e58eefba7ef23a09ef53160da22190ccbb098

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7ab59879c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:53:37 +02:00
Fabrice Fontaine
15cd727841 mbedtls: security bump to version 2.7.3
Extract from release announcement:

- (2.9, 2.7, 2.1) Fixed an issue in the X.509 module which could lead
to a buffer overread during certificate validation. Additionally, the
issue could also lead to unnecessary callback checks being made or to
some validation checks to be omitted. The overread could be triggered
remotely, while the other issues would require a non DER-compliant
certificate to be correctly signed by a trusted CA, or a trusted CA with
a non DER-compliant certificate. Found by luocm. Fixes #825.

- (2.9, 2.7, 2.1) Fixed the buffer length assertion in the
ssl_parse_certificate_request() function which could lead to an
arbitrary overread of the message buffer. The overreads could be caused
by receiving a malformed algorithms section which was too short. In
builds with debug output, this overread data was output with the debug
data.

- (2.9, 2.7, 2.1) Fixed a client-side bug in the validation of the
server's ciphersuite choice which could potentially lead to the client
accepting a ciphersuite it didn't offer or a ciphersuite that could not
be used with the TLS or DTLS version chosen by the server. This could
lead to corruption of internal data structures for some configurations.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a335d32a5f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:50:06 +02:00
Anssi Hannula
61b59be74e gdb: actually disable gdbserver if BR2_PACKAGE_GDB_SERVER is unset
The gdb configure script is given --enable-gdbserver when
BR2_PACKAGE_GDB_SERVER is set, but it is not given --disable-gdbserver
when BR2_PACKAGE_GDB_SERVER is unset.

gdb gdb/configure.ac defaults to enabling gdbserver in "native"
(host=target) cases, which is always the case when buildroot builds a
gdb which runs on the target hardware. The gdbserver will overwrite
BR2_TOOLCHAIN_EXTERNAL_GDB_SERVER_COPY gdbserver, if any.

Fix that by passing --disable-gdbserver when BR2_PACKAGE_GDB_SERVER is
unset.

Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9c7ce893a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:46:18 +02:00
Baruch Siach
8fd0f9c985 nfs-utils: update homepage link
The linux-nfs project switched to a new homepage. Update the help text
link.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0d7757110a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:45:46 +02:00
Thomas Petazzoni
fdf92bd616 faketime: add patch to disable -Werror
faketime currently doesn't build on host machines that use gcc 8.x due
to stricter checks done by gcc, and the fact that it is built with
-Werror.

As a simple stop-gap measure, this commit patches the faketime
Makefile to not use -Werror anymore.

The actual fixes for the gcc 8.x issues have been submitted upstream
at https://github.com/wolfcw/libfaketime/pull/161, but disabling
-Werror is a much smaller fix.

Also, it is worth mentioning that removing -Werror makes the existing
patch 0001-Disable-the-non-null-compare-warning-error.patch (which was
just disabling one specific warning). We nonetheless keep this patch
around as it is a backport from upstream.

Fixes:

  http://autobuild.buildroot.net/results/bd223dfa1c4baa68e427d4941bd2e9917e22da84/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 968f2fbd7d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:45:30 +02:00
Baruch Siach
33bd7b2e0e libcurl: security bump to version 7.60.0
Drop upstream patch.

This release fixes the security issues listed below.

CVE-2018-1000300: curl might overflow a heap based memory buffer when
closing down an FTP connection with very long server command replies.

  https://curl.haxx.se/docs/adv_2018-82c2.html

CVE-2018-1000301: curl can be tricked into reading data beyond the end
of a heap based buffer used to store downloaded content.

  https://curl.haxx.se/docs/adv_2018-b138.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 051e2f2d0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:44:05 +02:00
Thomas Petazzoni
48633704fc libnss: backport upstream patch to fix build with gcc 8.x
This commit backports upstream patch
f0ce709895
to our libnss package to fix the build with gcc 8.x.

Fixes:

  http://autobuild.buildroot.net/results/1ca35171200286fa032b24606aaa50de6a2d449e/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 45cf64ca0c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:40:29 +02:00
Thomas Petazzoni
f8d6236573 exim: do not link buildconfig with $(LIBS)
The existing patch 0001-Build-buildconfig-for-the-host.patch changes
the exim build system to use the host compiler to build the
"buildconfig" program instead of the cross-compiler.

However, it still uses $(LIBS) which lists the target libraries to
link with, which shouldn't be used. Since buildconfig doesn't use any
library beyond the C library, we can simply drop using $(LIBS).

This will fix build failures of exim on Fedora 28, where libnsl is no
longer provided by the C library, causing build failures such as:

/usr/bin/gcc buildconfig.c
/usr/bin/ld: cannot find -lnsl

Fixes:

  http://autobuild.buildroot.net/results/ac78fe18657558b3c12c03c08bf1081d7c06ca85/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b872d829d0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:37:15 +02:00
Arnout Vandecappelle (Essensium/Mind)
06ae66a6e3 linux: don't override HOSTCC for kconfig
Kconfig uses either pkg-config or hard-coded /usr/include paths to find
the ncurses or ncursesw library. If ncursesw is found, it will include
<ncursesw.h>. Since Buildroot's host-ncurses doesn't install a .pc file,
and linux.mk anyway doesn't pass the pkg-config options to find the host
pkg-config files, Kconfig will always find the system's ncursesw.h.

However, since commit dde090c299 (linux: fix passing of host CFLAGS and
LDFLAGS) HOST_LDFLAGS is passed to the linux build system. Thus, if
host-ncurses was already built before 'make linux-menuconfig' is called,
the build will pick up libncurses from the host directory, which is NOT
widechar. Thus, two different ncurses configurations are mixed into the
final mconf program. This will result in serious breakage in the
rendering of the menus (lots of @ and question mark characters).

As a workaround (suggested by Yann), don't pass HOST_CFLAGS and
HOST_LDFLAGS when running kconfig commands. For kconfig, we should never
need host packages anyway. This way, the kconfig calls will always use
the system's ncurses and never our host-ncurses.

Note that the same problem could pop up for other kconfig packages as
well if we ever pass HOST_CFLAGS/HOST_LDFLAGS to them. We could force
HOSTCC=$(HOSTCC) directly in kconfig-package. However, for now there
are no other packages that exhibit this problem, so this can be
revisited when they do.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: David De Grave <david.degrave@essensium.com>
Cc: Scott Fan <fancp2007@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6d3d09e232)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:36:07 +02:00
Bernd Kuhls
a02c6dd82d package/asterisk: Fix issues building without SSL
Fixes
http://autobuild.buildroot.net/results/7d0/7d069dd5629e406cecd17bacfa818e7c8e6b2064/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c27ed9f618)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:35:15 +02:00
Baruch Siach
8db468af4c glibc: security bump to latest 2.26 branch
Fixed issues are listed in the 2.26 branch NEWS file:

  CVE-2017-18269: An SSE2-based memmove implementation for the i386
  architecture could corrupt memory.  Reported by Max Horn.

  CVE-2018-11236: Very long pathname arguments to realpath function could
  result in an integer overflow and buffer overflow.  Reported by Alexey
  Izbyshev.

  CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
  architecture could write beyond the target buffer, resulting in a buffer
  overflow.  Reported by Andreas Schwab.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-29 17:48:46 +02:00
Thomas Petazzoni
474f86150f cifs-utils: unconditionally disable PIE
PIE support in Buildroot should be enabled via the global option
BR2_RELRO_FULL option, and not done on a per-package basis, therefore
PIE should unconditionally be disabled in the cifs-utils package.

This has the added side-effect that it works around a binutils bug on
SPARC causing the linker to segfault when PIE is enabled:

sparc-linux-gcc -Wall -Wextra -D_FORTIFY_SOURCE=2 -fpie -pie -Wl,-z,relro,-z,now -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -Os    -o mount.cifs mount.cifs.o mtab.o resolve_host.o util.o  -lcap-ng
collect2: fatal error: ld terminated with signal 6 [Aborted], core dumped

This issue will reappear when we start testing BR2_RELRO_FULL in the
autobuilders, but in the mean time it avoids the problem.

Fixes:

  http://autobuild.buildroot.net/results/a5342890f39bdccae1324e7d3dbe0eab1aad28e5/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 85f9d08934)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:20:10 +02:00
Thomas Petazzoni
9413d2ea2f lynx: add patch to fix static link issue
The lynx package incorrectly uses target LDFLAGS to build a host tool,
which causes a problem when we do a statically link build for the
target, on a host machine that doesn't support static linking.

A simple patch fixes the problematic makefile, and it has been
submitted upstream on the project mailing list.

Fixes:

  http://autobuild.buildroot.net/results/38ba2531eeeb4a7985eddd2df8bfaf0b56e6a687/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9113c0cbba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:19:49 +02:00
Baruch Siach
2cb41540ae wget: security bump to version 1.19.5
Fixes CVE-2018-0494: cookie injection vulnerability.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cc39457fb9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:14:55 +02:00
Baruch Siach
edb27f38a0 wget: bump to version 1.19.4
Update license hash; s/http/https/ of in-text URLs.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 56057835f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:14:43 +02:00
Yann E. MORIN
587d5b58bf package/acl: fix install
Do not overwrite destination file if it exists.

Simliar to bug #10986.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: mzweerspenko+bugzilla@gmail.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c3e62d3984)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:13:58 +02:00
Yann E. MORIN
7bc0033d5e package/attr: fix install
Do not overwrite destination file if it exists.

Fixes: #10986

Reported-by: mzweerspenko+bugzilla@gmail.com
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: mzweerspenko+bugzilla@gmail.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 28d8f8dfd5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:12:42 +02:00
Petr Vorel
91bc7e042f toolchain/buildroot: fix default of C library choice
The BR2_TOOLCHAIN_UCLIBC symbol doesn't exist, it was meant to be
BR2_TOOLCHAIN_BUILDROOT_UCLIBC.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d0527483fa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:12:14 +02:00
Fabrice Fontaine
d431200be3 cups-filters: fix avahi dependency
avahi support requires avahi-client, which needs avahi-daemon and dbus

Fixes:
 - http://autobuild.buildroot.net/results/5c326bb56199000eb0e53a4d0f3c6c13be71cda0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dad6f570af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:10:48 +02:00
Yann E. MORIN
3097ef7676 package/jamvm: restrict on what MIPS procs are allowed
jamvm uses deprecated opcodes to store/load words from the FPU
coprocessor registers, and in so doing, expects those registers
to be 32-bit.

Thus, restrict the conditions under which jamvm is available
under mips.

Fixes:
    http://autobuild.buildroot.org/results/f76/f76e10e4c1ce25b42fb2e5d2012adf2eaf1b2fe1/
    http://autobuild.buildroot.org/results/162/162d0e41dc9bc6d6f6594ccee0cb4217067fc71f/
    ...

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 67974fe6da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:08:15 +02:00
Yann E. MORIN
a641902340 package/jamvm: move arch dependency to a symbol
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 04d185bfc7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:08:09 +02:00
Yann E. MORIN
f24d5edea6 package/xen: force location of init scripts
The Xen configure scripts looks at the build host to decide where to
install the Sys-V startup scripts, and that location differs between
various distros.

Force the location.

Fixes:
    http://autobuild.buildroot.org/results/869/869829ab086e824d164c5c5ec7f087ed83993be6/
    http://autobuild.buildroot.org/results/336/3360e5a9e3d007b4ed77345b5fe93b2dacb6ad49/
    http://autobuild.buildroot.org/results/29e/29e308ce3cc9c83497ba1c1f98fcda3f48fd03c4/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 366e42c2cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:07:01 +02:00
Alistair Francis
b4ca0eb92a package/xen: fix qemu-xen memfd build failure
Fix the QEMU memfd compile error:
tools/qemu-xen/util/memfd.c:40:12: error: static declaration of 'memfd_create' follows non-static declaration
 static int memfd_create(const char *name, unsigned int flags)
            ^~~~~~~~~~~~

that has been introduced since the Glibc 2.27 upgrade.

This just involves porting the upstream QEMU patch to the Xen QEMU tree.

This fixes:
http://autobuild.buildroot.net/results/ec7cda00e07b0c98a9a366244b67611e042e0d4b/

Signed-off-by: Alistair Francis <alistair@alistair23.me>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6d1060d261)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:06:54 +02:00
Fabrice Fontaine
6bbd02265d libcap: only install shared version
If BR2_SHARED_LIBS is set, only install shared version of library
(continue to build both libraries through all target as there is no
libcap.so target but only a libcap.so.$(VERSION).$(MINOR))

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7984f2d97b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:05:45 +02:00
Fabrice Fontaine
2e883027c0 libcap: add license hash
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2a05731aa5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:05:35 +02:00
Bernd Kuhls
aca5fba3a5 package/apr-util: fix ldap detection
configure checks if ldap_set_rebind_proc takes 2 or 3 arguments
http://svn.apache.org/viewvc/apr/apr-util/tags/1.6.1/build/apu-conf.m4?revision=1812528&view=markup#l370

It uses the macro APR_TRY_COMPILE_NO_WARNING which adds -Werror to
treat all warnings as errors when gcc is used:
http://svn.apache.org/viewvc/apr/apr/tags/1.6.3/build/apr_common.m4?revision=1812527&view=markup#l504

In some buildroot configs a compiler warning occurs during this check:
http://autobuild.buildroot.net/results/241/241ed78b93ce86c859e175530fa485711ff61615//apr-util-1.6.1/config.log

/home/rclinux/rc-buildroot-test/scripts/instance-1/output/host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/features.h:218:5:
 error: #warning requested reentrant code, but thread support was disabled [-Werror=cpp]
cc1: all warnings being treated as errors

Due to this warning 'ac_cv_ldap_set_rebind_proc_style' is set to two
instead of three leading to a build error later on. This patch forces
ac_cv_ldap_set_rebind_proc_style=three to be inline with openldap which
fixes
http://autobuild.buildroot.net/results/241/241ed78b93ce86c859e175530fa485711ff61615/

This solution was inspired by a discussion on the fink mailinglist:
https://sourceforge.net/p/fink/mailman/message/31720482/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b4dfee63d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:04:47 +02:00
Bernd Kuhls
fbee8477ab package/apr-util: add optional support for openldap
apr-util contains optional support for openldap:

$ ls -1 output/target/usr/lib/apr-util-1/apr_ldap*
output/target/usr/lib/apr-util-1/apr_ldap-1.so
output/target/usr/lib/apr-util-1/apr_ldap.la
output/target/usr/lib/apr-util-1/apr_ldap.so

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 134968c6c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:04:22 +02:00
Bernd Kuhls
55c2c6ceaa package/apr-util: add optional support for postgresql
apr-util contains optional support for postgresql:

$ ls -1 output/target/usr/lib/apr-util-1/apr_dbd_pg*
output/target/usr/lib/apr-util-1/apr_dbd_pgsql-1.so
output/target/usr/lib/apr-util-1/apr_dbd_pgsql.la
output/target/usr/lib/apr-util-1/apr_dbd_pgsql.so

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1ec1479fbe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:04:10 +02:00
Fabio Estevam
72e02c9f28 linux-headers: bump 4.{9, 14, 16}.x series
[Peter: drop 4.16.x change]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit aeb55c2b36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:01:10 +02:00
Joseph Kogut
209aa82aa7 python-websockets: backport fix for upstream issue #350
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 439e2add6c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 15:58:45 +02:00
Yann E. MORIN
9e5c7cbde0 docs/manual: using a branch name as FOO_VERSION does not work
For various reasons, we've always suggested users to avoid using a
branch as version string for their packages, because it does not work
as a they would expect:

  - it is not reproducible, because the branch may change between two
    builds that are done at different times;

  - it does not even follow the branch, as Buildroot anyway generates
    a local tarball, which it will reuse on subsequent builds.
    Furthermore, since we fetch and not pull, any existing local branch
    is not updated.

Yet, until recently, using a branch name would just work (with the
above limitations): the git tree was cloned, the branch checked out,
and the tarball created.

But with the advent of the git caching, using a branch name does not
work anymore. Indeed, we now do a git-fetch, and that does not create
a local master branch. So we can't check out master, because it does
not exist locally. And for other branches, as noticed above, the local
branch does not get udpated to the remote one.

Furthermore, the local branches are only created by chance, again as a
side-effect of trying to fetch the "special refs".

So, we can't say that we reliably support the use of a branch name.

Update the manual to state that using a branch does not work. Remove
the 'stable' example, as it looked like the name of a stable branch;
instead, replace it with a version string that ressemble a tag.

Fix the layout of the manual by making the version examples an actual
bulleted list.

Note: the above is only entirely true for git. For Mercurial, CVS and
subversion, the status may be mixed, but nonetheless, using branches is
still a bad idea, if at least because it is not reproducible, and
because Buildroot does not even follow the branch. So, we do not
differentiate between the various SCMs, and just flatly state that using
a branch name is not supported.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 970cb26ec2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 15:49:25 +02:00
Yann E. MORIN
312d6d0cf5 support/dependencies: check that PATH does not contain CWD
A person on IRC reported a build failure with the util-linux package,
looking like this:

for I in uname26 linux32 linux64        ; do \
	cd /home/aep/consulting/chargery/tracker/output/target/usr/bin && ln -sf setarch $I ; \
done
[...]
/bin/sh: line 1: ./ln: cannot execute binary file: Exec format error
/bin/sh: line 1: ./ln: cannot execute binary file: Exec format error
/bin/sh: line 1: ./ln: cannot execute binary file: Exec format error

The issue was an empty path in the PATH variable, which means "current
working directory", causing a "ln" binary built by util-linux for the
target to be used instead of the system-provided "ln".

We already check a number of things in the PATH and LD_LIBRARY_PATH
variables in support/dependencies/dependencies.sh, but we were not
checking that PATH did not contain an empty path.

This commit fixes that and takes this opportunity to simplify the test
code for PATH and LD_LIBRARY_PATH.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: improve commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit 72703d02b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 15:48:08 +02:00
Peter Korsgaard
c4d86707cd util-linux: add two upstream patches to fix blocking on getrandom() with recent kernels
As part of the fix for CVE-2018-1108 (kernel drivers before version 4.17-rc1
are vulnerable to a weakness in the Linux kernel's implementation of random
seed data.  Programs, early in the boot sequence, could use the data
allocated for the seed before it was sufficiently generated), the kernel
random number generator initialization routine was changed.  See the
project-zero writeup for more details:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1559

These changes have now also been backported to 4.14.x (since 4.14.39) and
4.16.x (since 4.16.7).

This change unfortunately causes users of libuuid from util-linux to block
for a very long time waiting for sufficient entropy.  An example of this is
mke2fs, which uses libuuid to generate the filesystem UUID.

Fix this by backporting two post-2.31 fixes from upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 09:48:18 +02:00
Peter Korsgaard
a43f5f1939 busybox: S10mdev: fix module autoloading
Commit b4fc5a180c (package/busybox: support spaces in module aliases in
mdev) changed the mdev coldplugging to handle sysfs path elements and
modalias values containing spaces.  This unfortunately doesn't work as was
recently reported:

http://lists.busybox.net/pipermail/buildroot/2018-May/220903.html

The problem is that sort -z also expects the fields of the input files to be
zero terminated, which is not the case for modalias sysfs entries.

So drop the -z option to sort.  Spaces in modalias entries could be handled
with the xargs -d '\n' option, but that is unfortunately not supported by
the busybox applet.  Instead, use tr to convert newlines to zeros so we can
use xargs -0.

Reported-by: Daniel Palmer <daniel@0x0f.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 61717b7b3e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:59:29 +02:00
Thomas Petazzoni
32cd792bde binutils: replace hard-links with soft-links to fix rpath
binutils installs its binaries both as bin/<tuple>-<tool> and as
<tuple>/bin/<tool>, and hardlinks are used to reduce disk space
consumption. This causes a problem for host-binutils with our rpath
fixing logic done by "make sdk".

Indeed, the fix-rpath script starts by fixing up the rpath of
bin/<tuple>-<tool>, and sets the RPATH to $ORIGIN/../lib/. Then
fix-rpath moves on to <tuple>/bin/<tool>, and doesn't find the library
the tool depends on, and clears the RPATH. The result is that the
binutils tool are not usable.

Note that this is only visible currently on the ARC architecture,
because on this architecture, binutils is fetched from git, which
causes host-flex to be built, and some binutils tools to use the libfl
shared library. Therefore, the binutils tools don't use just the
standard C library (which is provided by the system) but also libfl
from $(HOST_DIR)/lib, and therefore if the RPATH isn't set correctly,
those tools don't work properly.

In order to address this, this comit adds a post-install hook to
host-binutils that replaces those hard links by symbolic links. It is
worth mentioning that library loading and RPATH usage occurs *after*
resolving the symbolic links, which makes this solution work.

Fixes:

  http://autobuild.buildroot.net/results/b2562b05d397d4e1ffe0f8d2f4ce4c84ab6feae1/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f9cffb6af4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:55:24 +02:00
Peter Korsgaard
787d8dbf3d .gitlab-ci.yml: update after removal of freescale defconfigs
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e607881f20)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:53:20 +02:00
Peter Korsgaard
7c4518d9f3 linux: ensure correct make targets are used for cuImage/simpleImage.<dtb>
Fixes https://gitlab.com/buildroot.org/buildroot/-/jobs/66561794

LINUX_DTS_NAME may end up with a leading space because of the += logic, and
may contain multiple dts files - Neither of which works when we construct
the {cu,simple}Image.$(LINUX_DTS_NAME) make target name.

Fix it by using the first word in the variable.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 978a997c81)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:52:51 +02:00
Yann E. MORIN
aee70cc1ab package/patch: fix xattr option
The name of the configure option is, and has always been,
 --enable-xattr, not --enable-attr. Otherwise, configure
whines:
    configure: WARNING: unrecognized options: --enable-attr

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 990fff065c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:45:53 +02:00