Fixes the following security issues:
CVE-2017-7018 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7030 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7034 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7037 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7039 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7046 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7048 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7055 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7056 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7061 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7064 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
The issue involves the "WebKit" component. It allows attackers to bypass
intended memory-read restrictions via a crafted app.
For more details, see the announcement:
https://webkitgtk.org/2017/07/24/webkitgtk2.16.6-released.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Adrian Perez de Castro" <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We've had this mkdir, in various forms, for aeons. It dates back to
the inception of Buildroot, at the dawn of ages, when the toolchain
support was still nascent. Evolution had it morph from /include, to
a tuple-prefixed directory and a symlink there-to, then back to the
/include directory, to the final /usr/include directory we've had
for the last 9 years.
Anything that wants to install headers is supposed to be creating
that directory beforehand; we don't need this legacy mkdir now.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since we now request that the user sets the exact size of the ext2/3/4
filesystem, we've had quite a few users wondering what was going on when
they enable too much and the default 60M are no longer enough.
When mkfs.ext2 fails, print a hint that the user should check the size
setting.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
[Arnout: Add *** and redirect to stderr]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When the ICU package is enabled (BR2_PACKAGE_ICU=y) but ICU support in
cppcms is disabled (BR2_PACKAGE_CPPCMS_ICU is disabled), cppcms still
detects ICU, but it fails to build since we don't get the proper ICU
CXXFLAGS.
In addition, this is not the intended behavior: when
BR2_PACKAGE_CPPCMS_ICU is disabled, we expect cppcms to be built
without ICU support.
To achieve this, we pass -DDISABLE_ICU_LOCALE=ON when
BR2_PACKAGE_CPPCMS_ICU is disabled (yes DISABLE_ICU_LOCALE means the
logic is inverted).
While at it, we pass DISABLE_ICU_LOCALE=OFF when ICU support is
enabled, and not DISABLE_ICONV=ON. The latter has been passed in this
condition since the cppcms package was introduced in Buildroot, but it
doesn't seem to make sense.
Fixes:
http://autobuild.buildroot.net/results/b6a8c7000c5742efc9d8e13507dab86e36b62840/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since we introduced the support for building Busybox as individual
binaries, Busybox started failing to build on SPARC/SPARC64 with this
feature enabled:
appletlib.c:(.text.find_applet_by_name+0x14): relocation truncated to fit: R_SPARC_GOT13 against symbol `applet_nameofs' defined in .rodata.applet_nameofs section in libbb/lib.a(appletlib.o)
appletlib.c:(.text.find_applet_by_name+0x18): relocation truncated to fit: R_SPARC_GOT13 against symbol `applet_names' defined in .rodata.applet_names section in libbb/lib.a(appletlib.o)
[...]
This commit adds two patches to Busybox to fix this issue, by adding
-fPIC to CFLAGS when building on SPARC/SPARC64. The patches have been
submitted upstream.
Fixes:
http://autobuild.buildroot.net/results/90144369ccea8c41ec7643a79a7ebfaa9b7db95c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It is supposedly more robust than just concatenating.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It is used by Kconfig's merge_config.sh.
No alldefpackageconfig is added, since it's rather pointless: it would
only enable busybox.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The rules for the *config targets are all very similar, so factor them
together using $@.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This column is not used by either genrandconfig or test-pkg, so remove
it.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now we have the toolchain config fragments in the buildroot directory
itself, it is no longer necessary to fetch it from the toolchain URL.
The --toolchains-url option is renamed to --toolchains-csv.
The paths in the toolchains_csv file should be either absolute, or
relative to buildrootdir.
After this change, the script should be called from autobuild-run as:
subprocess.call([os.path.join(srcdir, "utils/genrandconfig"),
"-o", outputdir, "-b", srcdir,
"--toolchains-csv", kwargs['toolchains_csv']],
stdout=devnull, stderr=log)
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now we have the toolchain config fragments in the buildroot directory
itself, it is no longer necessary to fetch it from the toolchain URL.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We currently have a list of toolchain configurations that are used by
the autobuilders at [1]. However, this makes it a little more difficult
for people to use these configurations, and also to have a different
list of configurations for different branches. For example if a new
architecture is introduced, the 2017.02.x branch doesn't have support
for this architecture yet so it shouldn't try to run those configs.
Therefore, include the autobuild config fragments directly in Buildroot,
so they can be branched together with the rest. We create a new
directory under support/ to store them.
Generated with
wget -nd --no-parent --recursive http://autobuild.buildroot.net/toolchains/configs/
The index.html file is removed.
The toolchain-configs.csv file is adapted so the URLs become relative
paths pointing to the config fragments.
[1] http://autobuild.buildroot.net/toolchains/configs/toolchain-configs.csv
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This has a number of side-effects which must be handled.
The lines in minimal.config may be overridden by the random lines added
by amending the configuration, so is_toolchain_usable() shouldn't take
those into account, or indeed the random lines added. Therefore, make
a copy of the config before appending minimal.config and the random
lines. While we're at it, rename the variable to the more appropriate
toolchainconfig.
minimal.config sets BR2_INIT_NONE=y, but we really also want to test
with BR2_INIT_BUSYBOX=y. Therefore, add a random line to use the
busybox init system. We set its probability rather high. The
probabilities of systemd and eudev are increased since they're now
in the else branch of BR2_INIT_BUSYBOX, which halves the probability
that we even get there.
We now also generate configurations without busybox. Previously,
busybox was almost always selected due to BR2_INIT_BUSYBOX=y. Only if
systemd is selected there was a chance to build without busybox.
We now set BR2_SYSTEM_BIN_SH_NONE=y, the other /bin/sh options are
never tested. However, this is not really something that is relevant
to test in the autobuilders.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When outputdir is 'output' (the default), genrandconfig didn't work
correctly because it expects the configfile in outputdir, while
Buildroot puts it in the buildroot directory.
Fix this by explicitly checking if outputdir == buildrootdir/output.
Because abspath is used for both paths, string comparison works
reliably.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The path to the .config file is calculated in several places - replace
it with a single calculation, and pass configfile as an argument
to is_toolchain_usable and fixup_config. These functions also don't
need outputdir any more.
This makes it easier to fix the case when configfile is not in
outputdir.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The --instance argument is just an artifact of genrandconfig's
history as part of autobuild-run. It is much more logical to pass
the output directory and the buildroot directory as arguments, with
sane defaults.
This also allows us to remove the hack of creating a symlink in the
instance directory if it doesn't exist yet.
Note that the default outputdir 'output' doesn't work yet, because in
that case Buildroot will put the config file in the buildroot directory
instead of the output directory. This will be fixed in a follow-up
patch.
After this change, the script should be called from autobuild-run as:
subprocess.call([os.path.join(srcdir, "utils/genrandconfig"),
"-o", outputdir, "-b", srcdir,
"--toolchains-url", kwargs['toolchains_url']],
stdout=devnull, stderr=log)
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This prepares for passing buildrootdir as an argument.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This prepares for passing outputdir as an argument.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The output of genrandconfig is currently very terse, which is annoying
for debugging the script or generally seeing what is going on. Also the
timing information added by log_write isn't very useful when the script
is used stand-alone.
In the new setup, (verbose) output goes to stdout and error output goes
to stderr. Also the "INFO: generate the configuration" message is
eliminated - it should go in the autobuild-run script.
We also add an explicit message when a toolchain can't be used after
the first defconfig, otherwise autobuild-run will just silently
restart.
Note that, since the output of make is no longer redirected to
/dev/null, we get one more message on stderr that will be recorded in
the autobuilder's log file: KCONFIG_SEED=0xXXXXXXXX.
This approach allows us to optimise the error handling to use
exceptions, where appropriate, which can be caught at the top level and
converted to an error message to stderr. This, in turn, allows us to use
subprocess.check_call, which eliminates a lot of conditions.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The SystemInfo class is instantiated globally and passed down to all
functions, but it is really only used in fixup_config. So instead,
instantiate it there.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
kwargs is a left-over from the use of docopt, it's better to use
argparse's Namespace object directly.
In addition, most functions use just one or two fields of args, so
these can just as well be passed directly as arguments to the function.
Particularly for outputdir it doesn't make sense to reconstruct it all
the time.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Warnings fixed:
E731 do not assign a lambda expression, use a def
-> urlopen_closing is defined with a def. urlopen is not used
elsewhere so inlined.
E302 expected 2 blank lines
E501 line too long
-> long lines due to a long string are NOT split
E701 multiple statements on one line (colon)
E722 do not use bare except'
-> use "except Exception", so KeyInterrupt and SystemExit are still
passed. We never intended to catch those.
E741 ambiguous variable name 'l'
-> variable name is replaced with the much more descriptive
toolchains_csv
E271 multiple spaces after keyword
E231 missing whitespace after ','
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Popen is more complicated and more difficult to understand.
check_output raises an exception if the exit code is non-zero, but
that's probably what we want if ldd can't be executed.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This script will be used by the autobuild-run script to generate the
configuration to test. It is put in the utils directory because it can
also be called directly to allow users to test things.
For now, it is a direct copy of the relevant functions from the
autobuild-run script. The only changes are:
- unneeded import statements are removed;
- code/decode wrappers are limited to decode_byte_list;
- __main__ handling is added.
For now, the only supported arguments are the ones needed for
autobuild-run. Follow-up patches will refactor things and also change
the way the script is called. In this version, it can be called from the
autobuild-run script as:
subprocess.call([os.path.join(srcdir, "utils/genrandconfig"),
"-i", str(kwargs['instance']),
"--toolchains-url", kwargs['toolchains_url']],
stdout=log, stderr=log)
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Removed patch 0001, not needed anymore after
4476d162cc
fixes the problem in a similar way.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
RUNDIR installs the test applications and shared libraries into a
different folder then /usr/lib. This is desired as there are a lot of
test apps which would get installed into /usr/lib without
organization. Instead, set RUNDIR=/usr/lib/paxtest to install the test
apps and libraries in a sub folder. The genpaxtest script accounts for
this path and handles a LD_LIBRARY_PATH update as part of the paxtest
script's exeuction.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
While at it, also move my professional entry near my personal one.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add package to provide Zstandard compression tools
(see https://facebook.github.io/zstd)
Minimal config snippet for utils/test-pkg is as follows:
BR2_PACKAGE_ZSTD=y
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
[Thomas:
- use "config" instead of "menuconfig" in Config.in
- add missing final newline in Config.in
- pass DESTDIR=$(TARGET_DIR) only at install time
- wrap too long lines in the .mk file
- remove useless empty newline at end of .hash file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Do not build the plugins before the dependency on module positioning for
the plugin subdir position is available (add Add upstream patch
0001-Fix-plugins-build-dependency.patch [1]).
Fixes [2]:
cp -dpfr .../output/host/aarch64-buildroot-linux-gnu/sysroot/usr/lib/qt/plugins/position .../output/target/usr/lib/qt/plugins/
cp: cannot stat '.../output/host/aarch64-buildroot-linux-gnu/sysroot/usr/lib/qt/plugins/position': No such file or directory
[1] https://code.qt.io/cgit/qt/qtlocation.git/patch/?id=3ac051c4549575634cecc706175b019f4ed4c3bf
[2] http://autobuild.buildroot.net/results/bc1/bc13abf3bb2fe1c991aec2334ee658c9641d1fd5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The original url http://code.entropywave.com/orc is dead (server not found).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bump U-Boot to 2017.07 and kernel to version 4.12.3.
As imx_v6_v7_defconfig in 4.12 selects CONFIG_CFG80211_WEXT=y,
remove the linux.fragment file.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>