Fixes CVE-2016-10324 - In libosip2 in GNU oSIP 4.1.0, a malformed SIP
message can lead to a heap buffer overflow in the osip_clrncpy() function
defined in osipparser2/osip_port.c.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
MIPS32 support different FP modes (32,xx,64), so give the user the
opportunity to choose between them. That will cause host-gcc to be built
using the --with-fp-32=[32|xx|64] configure option. Also the
-mfp[32|xx|64] gcc option will be added to TARGET_CFLAGS and to the
toolchain wrapper.
FP mode option shouldn't be used for soft-float, so we add logic in the
toolchain wrapper if -msoft-float is among the arguments in order to not
append the -fp[[32|xx|64] option, otherwise the compilation may fail.
Information about FP modes here:
- https://sourceware.org/binutils/docs/as/MIPS-Options.html
- https://dmz-portal.imgtec.com/wiki/MIPS_O32_ABI_-_FR0_and_FR1_Interlinking#5._Generating_modeless_code
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
MIPS supports two different NaN encodings, legacy and 2008. Information
about MIPS NaN encodings can be found here:
https://sourceware.org/binutils/docs/as/MIPS-NaN-Encodings.html
NaN legacy is the only option available for R2 cores and older.
NaN 2008 is the only option available for R6 cores.
R5 cores can have either NaN legacy or NaN 2008, depending on the
implementation. So, if the user selects a generic R5 target architecture
variant, we show a choice menu with both options available. For well
known R5 cores we directly select the NaN enconding they use.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add setuptools as a runtime dependency because zope-interface
uses pkg_resources during initialization.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As discussed in the mailing list, grub2 usage notes were growing too big
for a Config.in documentation, and so it was agreed that a readme.txt in
the package directory is a better place to put them.
This commit simply moves the documentation as-is to preserve the
original contents as they were in Config.in which can be worked on in
further commits.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
After many years since the last release and a long time with grub 2.02
in beta, there is finally a release and it brings many bug fixes and
interesting features such as support for ARM.
Patch boot/grub2/0001-remove-gets.patch doesn't seem to be required
anymore as grub-core/gnulib/stdio.in.h has changed significantly since
"053cfcd Import new gnulib." and has another treatment for gets.
Patch
boot/grub2/0002-grub-core-gettext-gettext.c-main_context-secondary_c.patch
was a backport which is present after the bump and therefore is also no
longer necessary.
Since we're adding a Config.in comment, we also introduce a
BR2_TARGET_GRUB2_ARCH_SUPPORTS hidden boolean, in order to avoid
repeating the architecture dependencies.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: add BR2_TARGET_GRUB2_ARCH_SUPPORTS, remove bogus dependencies
on ARM and AArch64, since enabling Grub2 on those architectures is
done in another commit.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
And drop the version number from the linux configuration.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that we have wordexp support in uClibc-ng and nodm is available, we can
use it for the graphical defconfig.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Using this defconfig produces a build error with kodi:
BR2_arm=y
BR2_cortex_a8=y
BR2_ARM_INSTRUCTIONS_THUMB2=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_KODI=y
BR2_PACKAGE_SUNXI_MALI=y
BR2_PACKAGE_PYTHON=y
BR2_PACKAGE_PYTHON_PY_ONLY=y
/home/buildroot/buildroot/output/build/kodi-17.3-Krypton/xbmc/filesystem/FTPParse.cpp:37:1:
error: ‘string’ does not name a type
string CFTPParse::getName()
^~~~~~
/home/buildroot/buildroot/output/build/kodi-17.3-Krypton/xbmc/filesystem/FTPParse.cpp:62:25:
error: variable or field ‘setTime’ declared void
void CFTPParse::setTime(string str)
^~~~~~
/home/buildroot/buildroot/output/build/kodi-17.3-Krypton/xbmc/filesystem/FTPParse.cpp:62:25:
error: ‘string’ was not declared in this scope
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
sngrep currently doesn't really use wchar support anyways, and when
checking for wchar support, it's checking the host systems ncurses
libraries.
Remove support for ncurses wchar until it's used in sngrep, and remove
the patches used to fix ncurses wchar detection.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bump Linux kernel version to 4.12.1 and U-Boot to 2017.05.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop the board specific patches which has been applied upstream.
[Peter: also drop now unused BR2_GLOBAL_PATCH_DIR]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since [1], NONLS is added to LSHW_CFLAGS even for glibc based toolchain.
Previously it was not the case since BR2_ENABLE_LOCALE is always
selected for glibc based toolchain.
With NONLS, config.h try to redefine two Intl function (textdomain and
bindtextdomain) that are used by glibc internally.
This break the build with the following error:
sysroot/usr/include/libintl.h:82:52: error: expected unqualified-id before 'throw'
extern char *textdomain (const char *__domainname) __THROW;
The NONLS mode is really for cases where the C library does not provide
*any* gettext implementation, as would be the case with uClibc without
intl stubs enabled.
But in the context of Buildroot, all C libraries provide a gettext
implementation. It might be full-featured or minimal, but it always
exists.
So, remove NONLS from CFLAGS to avoid the build issue with glibc
toolchains.
Build tested with a uClibc toolchain without locale enabled.
Fixes:
http://autobuild.buildroot.net/results/9bf/9bf5437b4348ea8077013b80a51ce05fa328247d
[1] 3acd9f845d
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The bugtracker is intended to be used for bug reports only, so clarify
it's not meant to be used for "any problem".
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The pulseaudio configure script autodetects the presence of
bluez 4.x and 5.x packages on the system and will exclude the
bluetooth-related modules in their absence.
This commit ensures that bluez5_utils, if selected, are installed
before pulseaudio. The same already happens for bluez_utils (4.x).
Signed-off-by: Calin Crisan <ccrisan at gmail dot com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libsanitizer in gcc fails to build on PowerPC with gcc versions 4.9
and 5.x used in conjunction with glibc 2.25, with the following error:
../../../../gcc-host/libsanitizer/asan/asan_linux.cc: In function 'bool __asan::AsanInterceptsSignal(int)':
../../../../gcc-host/libsanitizer/asan/asan_linux.cc:222:20: error: 'SIGSEGV' was not declared in this scope
return signum == SIGSEGV && common_flags()->handle_segv;
This commit adds a patch that has been submitted to upstream gcc
(https://patchwork.ozlabs.org/patch/725596/) but not merged. The patch
is no longer needed with gcc 6.x and later because the code has been
reworked.
Fixes Buildroot bug #10061
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: rework commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a Linux kernel patch to solve a build failure with
the arcturus_ucp1020_defconfig with gcc 6.x:
arch/powerpc/kernel/ptrace.c:407:24: warning: index 32 denotes an offset greater than size of 'u64[32][1] {aka long long unsigned int[32][1]}' [-Warray-bounds]
offsetof(struct thread_fp_state, fpr[32][0]));
^
The patch is upstream in Linux, and can be dropped when
arcturus_ucp1020_defconfig is updated to use a new Linux kernel
version.
Signed-off-by: Oleksandr Zhadan <oleks@arcturusnetworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Sometimes it can be interesting to call back into buildroot from a
post-build/image script (E.G. make printvars or similar). For this to work
correctly with out-of-tree builds we need to pass O= to make, but this is
currently not available in the environment of post-build/image scripts.
In concept, O could be derrived from BUILD_DIR (E.G. by stripping /build),
but directly exporting O is cleaner.
O= cannot be exported globally as it interferes with various build systems,
so instead add it to EXTRA_ENV.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The vcdbg utility is linked to a few libraries, which so far were all
provided by the rpi-userland package.
But a not-so-recent bump of rpi-firmware pulled in a vcdbg that is
linked to an additional library, which is not privided by rpi-userland,
so we must install it.
Reported-by: cluelessperson on #buildroot
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch bumps the strace package to 4.18 upstream version.
Patch 0001-nios2-arch_regs-fix-nios2_sp_ptr-definition.patch has been
removed because it is part of 4.18.
Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: arc-buildroot@synopsys.com
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The current test fails because of a legacy option, renamed during the
recent ext overhaul.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-10688 - n LibTIFF 4.0.8, there is a assertion abort in the
TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A
crafted input will lead to a remote denial of service attack.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-7506 - Possible buffer overflow via invalid monitor
configurations.
For more details, see:
https://marc.info/?l=oss-security&m=150001782924095
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove Python2 only dependency as the package is compatible
with Python3.
Add a dot at the end of the help text.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-7529 - Nginx versions since 0.5.6 up to and including 1.13.2
are vulnerable to integer overflow vulnerability in nginx range filter
module resulting into leak of potentially sensitive information triggered by
specially crafted request.
For more details, see:
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet was
crafted in a particular way. This patch checks that there is enough data
for the required elements of an NAPTR record (2 int16, 3 bytes for string
lengths) before processing a record.
See https://nodejs.org/en/blog/release/v8.1.4/
[Peter: add CVE info]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>