Fixes CVE-2014-9221 - denial-of-service vulnerability triggered by an
IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025.
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Make gzip install binaries to / rather than /usr to fix bug #7766, it's
the FHS mandated target.
This also avoids duplicating binaries with busybox when both are
installed.
Also make gzip install after busybox if both are enabled to make the
proper gzip package override any busybox version since it's usually more
lightweight in functionality and slower.
And add a hash file while at it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adding a patch to move AC_CONFIG_AUX_DIR up a few lines so the autotools
can find it.
This patch is based on the same solution adopted by Debian:
https://lists.debian.org/debian-release/2014/11/msg01231.html
This will prevent a build failure like this one caused by a version bump
of the automake package:
configure: error: cannot find install-sh, install.sh, or shtool in "."
"./.." "./../.."
Related:
http://lists.busybox.net/pipermail/buildroot/2015-January/116604.html
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-8148 - If a system service installs unsafe security
policy rules that allow arbitrary method calls then this prevents memory
consumption and possible privilege escalation via
UpdateActivationEnvironment.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2013-7296 - JBIG2Stream::readSegments()" Denial of Service
Vulnerability.
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes many of the reported security audit vulnerabilities:
http://www.openwall.com/lists/oss-security/2014/12/24/1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
http://autobuild.buildroot.org/results/3f0/3f07574e6e4edda9e31fcb0de520a4dbabe6b94a/
[Thomas:
- Improved configure.ac logic, as suggested by Yann E. Morin.
- Added a comment in the .mk file to indicate why we're using
AUTORECONF = YES. Suggested by Yann as well.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We expresely call printf in the git helper, calls which were not
addresed in the previous silent-build patchset.
Just redirect stdout to oblivion when being silent.
Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Tested-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The license is really a 3 clauses BSD license, so let's specify this
in python-django.mk.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- Bump to Django 1.7.2, the latest available version;
- Support Python 3 in addition to Python 2.
- Use a download location from pypi.python.org since the download
location from djangoproject.com didn't work as is and is
impractical to use with Buildroot: the full URL of the tarball is
https://www.djangoproject.com/download/1.7.2/tarball/. I.e, it does
not end with the tarball file name.]
Signed-off-by: oli vogt <oli.vogt.pub01@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Should hopefully fix:
http://autobuild.buildroot.net/results/2cc40ae3fc8b7a287c43528b3e4ffdbcd5033c09/
[Thomas:
- Rename patch to the new naming convention.
- Add SoB line from Alex inside the patch itself.
- Adjust the commit log to contain the reference to the autobuilder
failure.]
Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The comment was missing the dependency on BR2_USE_MMU, and was using
'depends on !BR2_TOOLCHAIN_HAS_THREADS && BR2_STATIC_LIBS' while it
should in fact be '!BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS',
since we want show the comment *either* when we don't have threads
*or* when we are building a purely static lib system.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
For some platforms, hardware-assisted compare-and-swap may not be
available, so libatomic_ops will not provide it.
However, libatomic_ops can provide a purely software CAS emulation, but
must be instructed to do so. erlang just forgot to tell libatomic_ops
that it does require CAS.
Fix that by defining AO_REQUIRE_CAS before including atmoic_ops.h, like
is done in libunwind, as pointed out by Thomas.
Also, erlang has a convoluted, mind-alterating set on aclocal.m4 macros,
that just forgets to link against -latomic_ops when checking CAS is
available, so that even if CAS is available, configure chokes.
Since I would like to keep the little sanity I still have, just force
linking with -latomic_ops. This is useless when the check is natrally
sucessful (i.e. on platforms where CAS is available in HW), but we
would eventually link with -latomic_ops there, too; it's just redundant.
Overall, just consider that erlang requires libatomic_ops, so forcibly
depend on it, it is easier than trying to disable it. We can revisit
that whenever someone wants to run erlang on a platform for which there
is no libatomic_ops support.
Fixes a slew of autobuild ARM failures:
http://autobuild.buildroot.org/results/e7b/e7bfc4893dea6b133f0794ef44d50ad89bcb6662/http://autobuild.buildroot.org/results/3e9/3e9c307f1ec6536482641019dcaa94677f7267a3/http://autobuild.buildroot.org/results/a85/a85ca414e5b67af46510abd7b610eb5ae8661de4/
[...]
[Thomas: fix minor typos in commit log, add dependency on
BR2_PACKAGE_LIBATOMIC_ARCH_SUPPORTS to the Erlang comment about thread
and shared library dependency.]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Do not hard-code QUIET in our download commands, since it is handled in
the backends.
Suggested by Fabio.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
If doing a silent build (make -s -> QUIET=-q), silence all downloads,
by passing the -q flag downward to backends as well as to check-hash.
Change a printf to use the trace functions.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add an option flag to all backends, as well as the check-hash script, so
as to silence download helpers when the user wants a silent build.
Additionaly, make the default be verbose.
Inspired by Fabio's patch on git/svn.
[Thomas: fix a typo "Environemnt" -> "Environment"
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In addition to bumping the version:
- drop license comment from help, we have PKG_LICENSE* for that.
- add optional dependency on libsecret
- remove --without-gnome-keyring option
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes build issues like, observed on a stripped-down build system:
compress.cpp:32:18: fatal error: zlib.h: No such file or directory
#include <zlib.h>
^
compilation terminated.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Change to usenix.org.uk mirror since nluug.nl doesn't seem to mirror
files as quickly and is down at the moment.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
aice sources use fork function, which is only available on architecture
with MMU.
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Some adapters are automatically enabled, but may not be built because of
missing (archecture) dependencies. So, just set the options symetrically.
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Even though technically libselinux could make its <dlfcn.h> include
optional, the build system isn't really suited to build and install
only the static variant of libselinux, so let's make libselinux and
its reverse dependency not available in pure-static environments.
Fixes:
http://autobuild.buildroot.org/results/90d/90dc73980a45b9b0441be3d493b22e3afea3cd6e/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Note that we don't use completely sequential numbers, because patches
below 100 are used to address cross-compilation issues in Python,
while patches above 100 are used to make more Python modules
configurable.
[Thomas: fixup commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
In addition to doing the bump, this commit also:
- Refreshes all the patches
- Removes python-003-properly-detect-if-python-build.patch, which has
been applied upstream.
- Passes the --without-ensurepip option, like is done in Python 3, to
avoid having Python use PIP to automatically download stuff when it
is being built.
- PYTHON_LIBTOOL_PATH = NO is added to prevent Buildroot from trying
to patch a version of libtool for which we don't have matching
patches, which isn't a problem since we're anyway not using the
part of the Python sources that uses libtool (it's the built-in
copy of libffi, and we use the external libffi).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Note that we don't use completely sequential numbers, because patches
below 100 are used to address cross-compilation issues in Python 3,
while patches above 100 are used to make more Python 3 modules
configurable.
[Thomas: fixup commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
This commit bumps python3 to Python 3.4.2. Two patches had to be
changed slightly to fix some minor conflicts.
PYTHON3_LIBTOOL_PATH = NO was added to prevent Buildroot from trying
to patch a version of libtool for which we don't have matching
patches, which isn't a problem since we're anyway not using the part
of the Python sources that uses libtool (it's the built-in copy of
libffi, and we use the external libffi).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
The (u)dhcpc hook installed by the busybox package configures the
network and exits. If we want to do anything further with a DHCP lease,
we'd have to replace the script entirely.
This change introduces a .d directory for hooks (based on the script
filename), which are executed after the interface configuration. This
allows packages to drop a script file in the .d directory to perform
actions on DHCP events.
We'll use this in a later change to notify petitboot of DHCP boot
information.
[Thomas: update to latest Buildroot, fix indentation.]
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
GNU lightning is a library that generates assembly language code at
run-time.
https://www.gnu.org/software/lightning/
[Thomas:
- Wrap list of architectures in Config.in
- Introduce an explicit Config.in option for the disassembler
support, since it needs both binutils and zlib, which may not be
easy to guess.
- Add hash file.
- Bump to version 2.0.5.
- Add patch to fix cross-compilation issues on ARM and x86 due to
AC_RUN_IFELSE() tests.
- Adjust license information: the library is actually under LGPLv3+,
not GPLv3. There is a COPYING file with the text of the GPLv3 in
the code base, but this license doesn't seem to be used in anything
that is actually installed.
- Add AUTORECONF = YES since we're now patching configure.ac.
- Add missing dependency on zlib for the disassembler support.
- Add a special LIBS=-lintl when enabling the disassembler support
because binutils libraries use gettext functions, but they are not
linked against libintl.]
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This library will be used later in the "lightning" package.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- Changed hash file to use SHA256
- Remove libiconv handling, since the iconv detection in mpc is
broken: if it's not available in the C library, it expects to find
iconv() in libintl (from gettext). But it's actually libiconv that
provides iconv() for non-locale capable uClibc toolchains. But
since anyway the package builds fine without iconv() support and
properly detects when it's available, don't bother with this.]
Signed-off-by: Thierry Bultel <tbultel@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libevent can optionally use OpenSSL, so add an optional dependency on
this package to explicit this possibility. This makes sure libevent
always gets built with OpenSSL support when the OpenSSL package is
enabled.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Because it's just checking the presence of the "s" character even a
make --warn-undefined-variables
is detected as a silent build.
Fix that by filtering out long options.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch adds the management of (almost) all the config options of
openocd 0.8.0. A BR config variable is added for (almost) every
adapter known to openocd and all the dependencies are automatically
calculated from the chosen adapters, so only the necessary libraries
are built.
Note that CMSIS_DAP adapter requires hidapi (not libhid) and hidapi is
not actually included in buildroot, so it has been removed. Also
zy1000 adapters are actually broken in openocd and have been removed.
The host version of the package enables all the possible adapters and
the related libraries.
[Thomas:
- Slightly fixup the commit log.
- Rename the patches to the new patch naming convention.
- Update hash file using a contribution from Vincent Stehlé.
- Move the thread dependency from the OpenOCD option down to each
sub-option that actually needs it (when it needs libusb,
libusb-compat or libftdi). We keep only one comment, as we would
otherwise have to add too many repeatitive comments.
- Remove commented options.
- Add missing dependency on BR2_ARCH_HAS_ATOMICS when selecting
BR2_PACKAGE_LIBFTDI.
- Remove trailing white spaces.
- Pass -std=gnu99, needed to build with a basic toolchain.
- Write the OPENOCD_DEPENDENCIES and OPENOCD_CONF_OPTS conditions in
a more compact way.
- Adjust indentation for HOST_OPENOCD_CONF_OPTS.
- Reword the comment above HOST_OPENOCD_CONF_OPTS.]
Signed-off-by: Claudio Laurita <claudio.laurita@integrazionetotale.it>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>