Release notes: https://www.samba.org/samba/history/samba-4.8.4.html
Fixes
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
These versions received their last updated more than three months ago
and are no longer supported according to
https://www.kernel.org/category/releases.html, so drop them and add
legacy entries.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: select an older kernel headers (4.9) rather than a newer one
(4.14) in the legacy handling of 4.10, 4.11, 4.12 and 4.13.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
tini uses fork(), so needs an MMU.
Fixes:
http://autobuild.buildroot.org/results/410/410ad9ea6a6652a7db691f537acb38db279b996a/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
https://metacpan.org/changes/distribution/Crypt-OpenSSL-RSA
Added new build dependency to host-perl-crypt-openssl-guess and force
it to search for openssl in STAGING_DIR. Added license hash. Updated
_SITE according to scancpan.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
https://metacpan.org/changes/distribution/Crypt-OpenSSL-Random
Added new build dependency to host-perl-crypt-openssl-guess and force
it to search for openssl in STAGING_DIR. Added license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Needed for upcoming version bumps of perl-crypt-openssl-random and
perl-crypt-openssl-rsa, only host-package is needed.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As reported by Yann E. Morin, it is more readable when all disable
options are grouped together, and all enable options are grouped
together. Fix this in e2fsprogs.mk.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
e2fsprogs is only needed to build the btrfs-convert program, that
allows to convert an existing ext2 filesystem into a btrfs
filesystem. Not everybody needs to do that and making this dependency
optional is nicer, so this is what this patch does.
Note that btrfs-progs also supports converting from reiserfs, which is
why the --with-convert option supports a list of filesystems. Since
Buildroot has no package for the reiserfs library, we for now only
support the ext2 case, with e2fsprogs as a dependency.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The btrfs-convert tool is used to convert an existing ext2 or reiserfs
filesystem into a btrfs filesystem. On the host, this is not really
useful, so let's disable building this tool, which allows to drop the
host-e2fsprogs dependency.
The host-util-linux dependency becomes necessary: it was previously
brought as a second-order dependency of host-e2fsprogs, but since we
no longer depend on host-e2fsprogs, we now need to explicitly depend
on host-util-linux.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, the e2fsprogs package builds and installs only static
libraries, unless --enable-elf-shlibs is passed. For the target
variant, we pass the appropriate
--enable-elf-shlibs/--disable-elf-shlibs options, but not for the host
package, and therefore static e2fsprogs libraries get installed.
However, on the host, our policy is to build shared libraries and not
static libraries, as visible in the default configure options passed
to host package in pkg-autotools.mk (--enable-shared
--disable-static). Let's do the same with e2fsprogs.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, the lzo package builds and installs only a static
library. For the target variant, we pass the appropriate
ENABLE_STATIC/ENABLE_SHARED options, but not for the host package, and
therefore a static lzo library gets installed.
However, on the host, our policy is to build shared libraries and not
static libraries, as visible in the default configure options passed
to host package in pkg-autotools.mk (--enable-shared
--disable-static). Let's do the same with lzo.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Blobs for arm64(aarch64) and r8p1 version are now available at Bootlin
Github.
So:
- Bump version to latest commit:
For arm64 architecture and r8p1 version.
git shortlog --no-merges cb3e8ece9b2c3a70cbeb3204cd6f30eceaa32023..
Giulio Benetti (1):
Reorder folders splitting includes and libraries.
Maxime Ripard (6):
Move binaries to an arch subfolder
Make x11 binaries path consistent
Add r6p2 arm wayland blobs
Add r6p2 arm64 blobs
Add r8p1 fbdev blobs
Add r8p1 arm64 fbdev blobs
- Add support for them also under arm64(aarch64) architecture copying the
right blobs according to architecture(arm or arm64) checking if BR2_arm
or BR2_aarch64 is enabled.
Only BR2_arm needs to provide BR2_ARM_EABIHF, so check must be done only
in that case.
- Mali-blobs repository folder layout has been reordered, so modify path
when copying headers and libraries.
- When copying libraries copy only *.so* files to avoid useless files to
end into target folder.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This adds a new option to build the btrfs toolset for the host, which
can be useful to prepare a btrfs filesystem image for the target.
Signed-off-by: Robert J. Heywood <robert.heywood@codethink.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to ATF v1.4 (tested on the actual hardware).
Signed-off-by: Gustavo Pimentel <gustavo.pimentel@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ATF in version 1.2 fails to build with:
./build/juno/release/bl1/context_mgmt.o: In function `cm_prepare_el3_exit':
context_mgmt.c:(.text.cm_prepare_el3_exit+0x54): undefined reference to `cm_set_next_context'
context_mgmt.c:(.text.cm_prepare_el3_exit+0x54): relocation truncated to fit: R_AARCH64_JUMP26 against undefined symbol `cm_set_next_context'
This has been fixed in ATF v1.3. Even though there are even newer
versions of ATF available, we take a conservative approach, and bump
to the first version that has the build issue fixed.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/88314771
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://mariadb.com/kb/en/mariadb-10217-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10217-changelog/
Note that HOST_MARIADB_CONF_OPTS += -DWITH_SSL=bundled has been changed to
HOST_MARIADB_CONF_OPTS += -DWITH_SSL=OFF in order to prevent the following
configure error:
CMake Error at /usr/share/cmake-3.11/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
Could NOT find GnuTLS (missing: GNUTLS_LIBRARY GNUTLS_INCLUDE_DIR)
(Required is at least version "3.3.24")
Call Stack (most recent call first):
/usr/share/cmake-3.11/Modules/FindPackageHandleStandardArgs.cmake:378 (_FPHSA_FAILURE_MESSAGE)
/usr/share/cmake-3.11/Modules/FindGnuTLS.cmake:54 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
libmariadb/CMakeLists.txt:303 (FIND_PACKAGE)
RocksDB is also disabled to prevent the following build error in some
configurations:
./buildroot/output/build/mariadb-10.2.17/storage/rocksdb/rocksdb/utilities/backupable/backupable_db.cc:327:38: error: field 'result' has incomplete type 'std::promise<rocksdb::BackupEngineImpl::CopyOrCreateResult>'
std::promise<CopyOrCreateResult> result;
./buildroot/output/build/mariadb-10.2.17/storage/rocksdb/rocksdb/utilities/backupable/backupable_db.cc:378:37: error: field 'result' has incomplete type 'std::future<rocksdb::BackupEngineImpl::CopyOrCreateResult>'
std::future<CopyOrCreateResult> result;
./buildroot/output/build/mariadb-10.2.17/storage/rocksdb/rocksdb/utilities/backupable/backupable_db.cc:425:37: error: field 'result' has incomplete type 'std::future<rocksdb::BackupEngineImpl::CopyOrCreateResult>'
std::future<CopyOrCreateResult> result;
./buildroot/output/build/mariadb-10.2.17/storage/rocksdb/rocksdb/utilities/backupable/backupable_db.cc: In member function 'rocksdb::Status rocksdb::BackupEngineImpl::AddBackupFileWorkItem(std::unordered_set<std::basic_string<char> >&, std::vector<rocksdb::BackupEngineImpl::BackupAfterCopyOrCreateWorkItem>&, rocksdb::BackupID, bool, const string&, const string&, rocksdb::RateLimiter*, uint64_t, uint64_t, bool, std::function<void()>, const string&)':
./buildroot/output/build/mariadb-10.2.17/storage/rocksdb/rocksdb/utilities/backupable/backupable_db.cc:1366:38: error: aggregate 'std::promise<rocksdb::BackupEngineImpl::CopyOrCreateResult> promise_result' has incomplete type and cannot be defined
std::promise<CopyOrCreateResult> promise_result;
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes
configure: error: The skins2 module depends on the Qt interface. Without
it you will not be able to open any dialog box from the interface, which
makes the skins2 interface rather useless. Install the Qt development
package or alternatively you can also configure with: --disable-qt
--disable-skins2.
http://autobuild.buildroot.net/results/ddb/ddb1ab48adb9705c44ed3d6d800b6d01ad52ac8c/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Until now, libaio contained some architecture specific code to do the
syscalls. In fact, it contained a generic variant of the code called
syscall-generic.h, but it was showing a warning when it was used, as
if it was "not safe". Consequently, in Buildroot, we had chosen to
support libaio only on a the subset of architectures that were
explicitly handled by libaio.
However, between 0.3.110 and 0.3.111, libaio upstream entirely dropped
the architecture-specific code:
https://pagure.io/libaio/c/97fd3fc0195500e616e34047cba4846164c411d9?branch=master
Consequently, in this patch, we:
- Bump libaio to 0.3.111.
- Switch to the new upstream at https://pagure.io/libaio/.
- Drop the 0001-arches.patch patch, which was adding support for
MIPS, since we no longer need architecture-specific code.
- Update the remaining patches, and Git-format one of them which
wasn't Git-formatted.
- Drop the BR2_PACKAGE_LIBAIO_ARCH_SUPPORTS option and all its uses.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the bump of lvm2 to 2.02.180 in commit
8e666bf29e, lvm2 needs libaio. This was
properly taken into account for the target lvm2 variant, but not the
host lvm2 variant. This commit adds host-libaio as a dependency of
host-lvm2.
Fixes:
http://autobuild.buildroot.net/results/f95dd353c17bdfd00fde6762e58aa32e6830b52b/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the bump of lvm2 to 2.02.180 in commit
8e666bf29e, lvm2 needs libaio. This was
properly taken into account for the target lvm2 variant, but not the
host lvm2 variant. In order to build the host lvm2, we now need
host-libaio, so this patch adds support for building libaio for the
host.
Part of fixing:
http://autobuild.buildroot.net/results/f95dd353c17bdfd00fde6762e58aa32e6830b52b/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also add a hash for the license file.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds host-checksec package support. This tool provides a
script to offline check the properties of a security hardened elf file.
REF: https://github.com/slimm609/checksec.sh
Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas: add entry to DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
host-nodejs is configured to build openssl by using its included openssl
source code which is based on openssl 1.0.2. If host-libopenssl was
already built its header files are being picked up during host-nodejs
build, this was verified by adding debug code to
$(HOST_DIR)/include/openssl/opensslv.h.
This situation was not a problem as long as host-libopenssl was the
same version than the openssl code included in nodejs.
Some code in host-nodejs-8.11.4/src/node_crypto.cc is guarded by
#if OPENSSL_VERSION_NUMBER < 0x10100000L
to be used only with openssl 1.0.x.
This leads to problems if host-libopenssl 1.1.x was built before. Due
to the usage of its header files some code in node_crypto.cc is not
built leading to many linking errors later on, for example:
node_crypto.cc:(.text+0x1a1): undefined reference to `DH_get0_pqg'
When the nodejs package originally was added to buildroot back in
March 2013:
https://git.buildroot.net/buildroot/commit/?id=b31bc7d4387095091a109eb879464d54d37a5eab
We did not have a host-libopenssl package back then, it was added one
month later:
https://git.buildroot.net/buildroot/commit/?id=7842789cb539b6b64d61b03f5c8dbe6813f01da7
To fix the problem we use host-libopenssl for host-nodejs.
By using host-libopenssl the build time of nodejs is reduced by ~15s.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current download location fails, and Buildroot falls back to
sources.b.o:
--2018-08-20 23:41:39-- https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz
Resolving red.libssh.org (red.libssh.org)... 78.46.80.163
Connecting to red.libssh.org (red.libssh.org)|78.46.80.163|:443... connected.
The certificate's owner does not match hostname ‘red.libssh.org’
--2018-08-20 23:41:39-- http://sources.buildroot.net/libssh/libssh-0.7.5.tar.xz
Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.211.19, 104.25.210.19, 2400:cb00:2048:1::6819:d313, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.211.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-xz]
This commit fixes the download location:
--2018-08-20 23:43:04-- https://www.libssh.org/files/0.7/libssh-0.7.5.tar.xz
Resolving www.libssh.org (www.libssh.org)... 87.98.168.187, 2001:41d0:2:f80c::4
Connecting to www.libssh.org (www.libssh.org)|87.98.168.187|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-tar]
This patch is extracted from a contribution from Bernd Kuhls who was
also bumping the package at the same time
(http://patchwork.ozlabs.org/patch/959192/).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Depends on gcc >= 4.8:
https://github.com/randombit/botan/blob/master/readme.rst
Rebased patch 0001, added license hash and updated license path.
Updated configure options for shared/static libraries after commit
299119f02c
Added configure for ssp support after commit
ebeae68aba
This fixes a build error with toolchains without ssp support.
Removed dependency to gmp:
https://github.com/randombit/botan/issues/719
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some live555 libraries were missing in LIVE555_LIBS.
Instead of maintaining the list of live555 library files we use pkgconf
instead.
Fixes
http://autobuild.buildroot.net/results/744/7445bdc2fdcb28aa7f58c0249653329414e447df/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>