From the release notes (https://www.openssh.com/txt/release-7.5):
Security
--------
* ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
Note that the OpenSSH client disables CBC ciphers by default, sshd
offers them as lowest-preference options and will remove them by
default entriely in the next release. Reported by Jean Paul
Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of
Royal Holloway, University of London.
* sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
a recursive file transfer could be maniuplated by a hostile server to
perform a path-traversal attack. creating or modifying files outside
of the intended target directory. Reported by Jann Horn of Google
Project Zero.
[Peter: mention security fixes]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas:
- switch to version 9.21 now that it has been released
- add a hash file
- switch to Git formatted patches
- use $(HOSTCC) instead of hardcoding "gcc", and use $(HOST_CFLAGS) and
$(HOST_LDFLAGS) instead of hardcoding -L$(HOST_DIR)/usr/lib
-I$(HOST_DIR)/usr/include
- add entry to DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
.pyc files contain the modification time of the corresponding .py
source. In order to make the build reproducible, we fix the modification
time of all .py before compiling .pyc files.
In addition, since pycompile relies on the modification time to know if
a file needs to be recompiled, it is safer to force recompilation of all
source files.
This work was sponsored by `BA Robotic Systems'.
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
[Thomas: do not register PYTHON_FIX_TIME as a
PYTHON_TARGET_FINALIZE_HOOKS, instead call it inside
PYTHON_CREATE_PYC_FILES before doing the byte compilation.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
.pyc files contain the modification time of the corresponding .py
source. In order to make the build reproducible, we fix the modification
time of all .py before compiling .pyc files.
In addition, since pycompile relies on the modification time to know if
a file needs to be recompiled, it is safer to force recompilation of all
source files.
This work was sponsored by `BA Robotic Systems'.
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
[Thomas: do not register PYTHON_FIX_TIME as a
PYTHON_TARGET_FINALIZE_HOOKS, instead call it inside
PYTHON_CREATE_PYC_FILES before doing the byte compilation.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-elecrons.com>
By default, compile_dir() relies on the modification time to know if a
python file has to be built again. However in some circumstances (when
doing reproducible builds), modification times are not reliable. Thus,
this patch adds a way to force the rebuild of all python sources.
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
gx6605s is a nice SOC for dvbs2 DVB product, and C-SKY inside.
Signed-off-by: Guo Ren <ren_guo@c-sky.com>
[Thomas: drop post-image script copying the gdbinit file, and suggest
to use gdb -x option instead to point to the gdbinit file in board/.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
----
Changes v1 -> v2:
- use select instead of depends for BR2_PACKAGE_WAYLAND_PROTOCOLS
(suggested by Thomas Petazzoni)
- add select BR2_PACKAGE_WAYLAND_PROTOCOLS to missing second
place (BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WAYLAND)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Disable wayland support (only needed for the interactive-wayland
test program). This fixes a compile failure in case wayland
support is autodetected:
GEN xdg-shell-unstable-v5-protocol.c
/bin/sh: /usr/bin/wayland-scanner: No such file or directory
Makefile:2426: recipe for target 'xdg-shell-unstable-v5-protocol.c' failed
make[3]: *** [xdg-shell-unstable-v5-protocol.c] Error 127
make[3]: *** Waiting for unfinished jobs....
GEN xdg-shell-unstable-v5-client-protocol.h
/bin/sh: /usr/bin/wayland-scanner: No such file or directory
Makefile:2428: recipe for target 'xdg-shell-unstable-v5-client-protocol.h' failed
make[3]: *** [xdg-shell-unstable-v5-client-protocol.h] Error 127
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As shown recently by the firejail example, it is easy to miss that a
package builds and installs binaries without actually cross-compiling
them: they are built for the host architecture instead of the target
architecture.
This commit adds a small helper script, check-bin-arch, called as a
GLOBAL_INSTRUMENTATION_HOOKS at the end of the target installation of
each package, to verify that the files installed by this package have
been built for the correct architecture.
Being called as a GLOBAL_INSTRUMENTATION_HOOKS allows the build to error
out right after the installation of the faulty package, and therefore
get autobuilder error detection properly assigned to this specific
package.
Example output with the firejail package enabled, when building for an
ARM target:
ERROR: architecture for ./usr/lib/firejail/libconnect.so is Advanced Micro Devices X86-64, should be ARM
ERROR: architecture for ./usr/bin/firejail is Advanced Micro Devices X86-64, should be ARM
ERROR: architecture for ./usr/lib/firejail/libtrace.so is Advanced Micro Devices X86-64, should be ARM
ERROR: architecture for ./usr/lib/firejail/libtracelog.so is Advanced Micro Devices X86-64, should be ARM
ERROR: architecture for ./usr/lib/firejail/ftee is Advanced Micro Devices X86-64, should be ARM
ERROR: architecture for ./usr/lib/firejail/faudit is Advanced Micro Devices X86-64, should be ARM
ERROR: architecture for ./usr/bin/firemon is Advanced Micro Devices X86-64, should be ARM
ERROR: architecture for ./usr/bin/firecfg is Advanced Micro Devices X86-64, should be ARM
Many thanks to Yann E. Morin and Arnout Vandecappelle for their reviews
and suggestions.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This config option corresponds to the string returned by readelf for
the "Machine" field of the ELF header. It will be used to check if the
architecture of binaries built by Buildroot match the target
architecture.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This fixes the following nommu kernel build issue:
arch/xtensa/kernel/setup.c: In function 'cpu_reset':
arch/xtensa/kernel/setup.c:553:2: error: implicit declaration of function
'local_flush_tlb_all' [-Werror=implicit-function-declaration]
local_flush_tlb_all();
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When Gstreamer debugging is disabled (BR2_PACKAGE_GSTREAMER1_GST_DEBUG)
we get following build errors:
gstvaapisink.c: In function 'gst_vaapisink_init':
gstvaapisink.c:1902:39: error: 'gst_debug_vaapisink' undeclared (first use in this function)
gstvaapisink.c:1902:39: note: each undeclared identifier is reported only once for each function it appears in
gstvaapidecode.c: In function 'gst_vaapidecode_init':
gstvaapidecode.c:1365:63: error: 'gst_debug_vaapidecode' undeclared (first use in this function)
gstvaapidecode.c:1365:63: note: each undeclared identifier is reported only once for each function it appears in
gstvaapipostproc.c: In function 'gst_vaapipostproc_init':
gstvaapipostproc.c:1811:7: error: 'gst_debug_vaapipostproc' undeclared (first use in this function)
gstvaapipostproc.c:1811:7: note: each undeclared identifier is reported only once for each function it appears in
Add upstream patch to fix these build issues.
Fixes:
http://autobuild.buildroot.net/results/653/653d9b056b04e589b8f5c57111635b0b3d7c8949
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The configure script now supports --{enable,disable}-libnl, use them.
Cc: Ilias Apalodimas <apalos@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
List libnl as a dependency when it is enabled. Make sure that
libnfnetlink is actually enabled when listing it as a dependency.
Cc: Ilias Apalodimas <apalos@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This version bump removes (L)GPLv3 license text which were leftover
from previous implementation.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
All source files, except src/filemq_client.c and src/filemq_server.c,
has MPL Version 2.0 license text in file header.
As confirmed with upstream [1] (L)GPLv3 license texts COPYING and
COPYING.LESSER are leftover from previous implementation.
[1] - https://github.com/zeromq/filemq/issues/74
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
For sparc-buildroot-linux-uclibc/sysroot/usr/include/asm/termbits.h
containing:
/* These have totally bogus values and nobody uses them
so far. Later on we'd have to use say 0x10000x and
adjust CBAUD constant and drivers accordingly.
#define B2500000 0x00001010
#define B3000000 0x00001011
#define B3500000 0x00001012
#define B4000000 0x00001013 */
Fixes [1]:
wiringSerial.c: In function 'serialOpen':
wiringSerial.c:78:28: error: 'B2500000' undeclared (first use in this function)
case 2500000: myBaud = B2500000 ; break ;
^
wiringSerial.c:78:28: note: each undeclared identifier is reported only once for each function it appears in
wiringSerial.c:79:28: error: 'B3000000' undeclared (first use in this function)
case 3000000: myBaud = B3000000 ; break ;
^
wiringSerial.c:80:28: error: 'B3500000' undeclared (first use in this function)
case 3500000: myBaud = B3500000 ; break ;
^
wiringSerial.c:81:28: error: 'B4000000' undeclared (first use in this function)
case 4000000: myBaud = B4000000 ; break ;
^
[1] http://autobuild.buildroot.net/results/5be/5bea1e95d1c7b444a5f0a5770251f1af3efc9c18
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libv4l adds the -lrt flag since upstream commit 3dcb945bfcab
("v4l2-compliance: Explicitely link against rt library").
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Automake currently has a unescaped left brace in it's automake.in folder
that generates the warning:
"Unescaped left brace in regex is deprecated, passed through in regex;"
This patch, which is backported from upstream fixes this warning.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: format patch using "git format-patch".]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also add host-pkgconf to detect sqlite support, otherwise
checking pkg-config is at least version 0.9.0...
./configure: line 7981: /home/buildroot/br2/output/host/usr/bin/pkg-config: No such file or directory
no
[...]
checking for SQLITE3... no
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This is useful when bind-mounting the docker client binary into
containers for a docker-in-docker setup.
The Docker CLI communicates with the daemon over a socket. It is
sometimes useful to bind-mount the Docker CLI and socket into containers at
run-time, so that scripts within the containers can call the Docker API
in the host using a client compatible with the host daemon.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently when running Qt5_CinematicExperience demo from Qt5.8 the
covers of the movies appear with a black box instead of showing the
actual art cover.
Also, the fonts are incorrectly displayed in many cases.
Fix these issues by applying temporary patches to etnaviv.
According to Christian Gmeiner and Wladimir J. van der Laan
the correct solution to this problem is to use shader variants [1].
Use these temporary patches until the correct solution appears in
mesa mainline, so that etaniv users can run Qt successfully for
the time being.
[1] https://lists.freedesktop.org/archives/mesa-dev/2017-March/147948.html
Tested on imx6q-sabresd board.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
sysvinit is far from ultimate init implementation these days. Update the
help text to match reality.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As of the version 3.6.0 compile_dir() call will treat its 'quiet'
argument as a full blown integer rather than a boolean value and perform
integer comparison operations such as '<' or '>='.
To account for that convert ReportProblem type to be a true derivative
of built-in int() and override all of int's rich comparison operators in
order to be able to "sniff" for PyCompileError in all possible use-cases
The integer value ReportProblem pretends to be is teremined by class
variable VALUE which is set to 1.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
[Thomas:
- remove jpeg, tiff and libpng dependencies, they do not seem to be
used
- add host-pkgconf as a dependency, since the configure script uses
PKG_CHECK_MODULES()
- pass --disable-opencl to explicitly disable OpenCL support
- add comment to explain why we don't add support for cairo, pango and
icu as optional dependencies.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>