2016.72 - 9 March 2016
- Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
found by github.com/tintinweb. Thanks to Damien Miller for a patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A recently discussed on the mailing list:
http://lists.busybox.net/pipermail/buildroot/2016-February/154189.html
Our mdev configuration currently doesn't handle module loading. Fix that by:
- Telling mdev to run modprobe on hotplug events providing MODALIAS
- Adjust the init script to handle coldplug modalias events (E.G. modules
for which the devices were already present before mdev was added as the
hotplug handler). mdev -s should arguable handle this, but it doesn't.
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The default syslog parameters are to keep only 200-400 KiB of logs,
which is very few if there is a spammy daemon on the system, or a daemon
that fails and then spams errors that hides the original problem.
Make S01logging source a /etc/default/logging file where these
parameters can be overridden.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Jason Abele <jason@nextthing.co>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We're not trying to be minimal here, and qemu can bridge/emulate certain
usb devices, so enable the different controllers and at least usb
storage.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We're not trying to be minimal here, and qemu can bridge/emulate certain
usb devices, so enable the different controllers and at least usb
storage.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use $(SED) instead of sed.
Kill trailing whitespace in comment, and move it above the define as per
standard look.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-1950 - heap-based buffer overflow related to the parsing of
certain ASN.1 structures. An attacker could create a specially-crafted
certificate which, when parsed by NSS, would cause a crash or execution
of arbitrary code with the permissions of the user.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We have removed gcc 4.5 support since a long time, so this commit
removes dead code that was only used when building a toolchain based
on gcc 4.5.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libpjsip needs libsrtp to build, but it bundles a libsrtp version in
case one is not found during the configure step. The Buildroot policy
in such cases is to force using the external package, so forcibly
depend on libsrtp.
Adding --with-external-srtp also fixes libpjsip not correctly the
libsrtp installed in staging, which shows up with the symptom:
.../libpjmedia.so: undefined reference to `srtp_deinit'
collect2: error: ld returned 1 exit status
Fixes:
http://autobuild.buildroot.org/results/305/305fdc8442cd2e8f51b90485be0dca83ffa36603/http://autobuild.buildroot.org/results/a2f/a2f407c1361ac5c24af122445e84645e9aee309d/
...and many other similar autobuild failures.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2015-7560 - Authenticated client could cause Samba to overwrite ACLs
with incorrect owner/group.
CVE-2016-0771 - Malicious request can cause the Samba internal DNS
server to crash or unintentionally return uninitialized memory.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We do source the glibc and uClibc packages in the toolchain menu,
because they do provide user-visible options. However, we do not so
far source the musl Config.in file
However, in 822be87 (toolchain: include C libraries in legal-info),
a Config.in file for musl was explicitly created, so that:
- legal-info would work (needed at the time, probably no longer needed
nowadays),
- the appropriate packages are enabled, like netbsd-queue or kernel
headers.
Yet, we do not source musl/Config.in, which means we do not get
netbsd-queue or kernel-headers to be selected:
$ make distclean; make menuconfig
Toolchain --->
C library ---> musl
save-and-exit
$ grep BR2_PACKAGE_LINUX_HEADERS .config
[nothing]
$ grep BR2_PACKAGE_NETBSD_QUEUE .config
[nothing]
Fix that by sourcing musl/Config.in at the same place we source glibc
and uClibc.
Normally, we do have a check in place that verifies that a package
that is not enabled is not a dependency of another package that is
enabled. However, musl is only a dependency of host-gcc-final, which
is a host package and has no corresponding BR2_PACKAGE_HOST_GCC_FINAL.
Thus host-gcc-final is not in the PACKAGES variable, and thus does not
trigger our check.
Reported-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that we've got an mbedtls package in the tree we can enable the
optional support for it in libcurl.
We also remove the comment about polarssl support needing version
1.3.x. Indeed, polarssl was renamed to mbedtls when bought by ARM,
which was circa the 1.3.x polarssl release. Due to this referring to
polarssl 1.3.x doesn't make a lot of sense, and we'll probably never
package polarssl 1.3.x in Buildroot now that mbedtls replaces it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
[Thomas: slightly improve commit log as suggested by Luca, using
explanations from Gustavo.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Install package in staging directory, so that this package can be
linked together with other packages (for example collectd and its
onewire plugin).
Signed-off-by: Roland Franke <fli4l@franke-prem.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fetch a patch fixing autoreconf call.
Patch already sent and merged upstream.
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In the bump to the 4.1.x series the bundled pgm library was dropped and
the --with-system-pgm option was made pointless since using unbundled
became the only option, so it was renamed to --with-pgm, which
previously meant "use bundled" (but not any longer).
However this wasn't accounted for and pgm support has been broken since
then.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This fixes an issue where an Erlang program compiles fine against files
in staging, but fails to run on the target due to the unwanted packages
being removed.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
gmrender-resurrect is UPnP (DLNA) renderer based on gstreamer.
Signed-off-by: Hiroshi Kawashima <kei-k@ca2.so-net.ne.jp>
[Thomas:
- Fix gstreamer related dependency comments to "gstreamer1 ->
libglib2", as suggested by Arnout.
- select BR2_PACKAGE_GST1_PLUGINS_BASE as a run-time dependency, as
suggested by Arnout.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
