All source files, except src/filemq_client.c and src/filemq_server.c,
has MPL Version 2.0 license text in file header.
As confirmed with upstream [1] (L)GPLv3 license texts COPYING and
COPYING.LESSER are leftover from previous implementation.
[1] - https://github.com/zeromq/filemq/issues/74
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 205a0289d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-6508: CRLF injection in the url_parse function in url.c
http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7132fc9c11)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without this patch, it is not possible to allocate PTYs when a generated
rootfs image with a recent glibc and systemd is launched as a container on
an RHEL7 system via machinectl/systemd-nspawn. The container boots, but
`machinectl login mycontainer` fails. The culprit is /dev/pts/ptmx with
0000 perms.
On a typical system, there are two `ptmx` devices. One is provided by the
devpts at /dev/pts/ptmx and it is typically not directly accessed from
userspace. The other one which actually *is* opened by processes is
/dev/ptmx. Kernel's documentation says these days that /dev/ptmx should be
either a symlink, or a bind mount of the /dev/pts/ptmx from devpts.
When a container is launched via machinectl/machined/systemd-nspawn, the
container manager prepares a root filesystem so that the container can live
in an appropriate namespace (this is similar to what initramfs is doing on
x86 desktops). During these preparations, systemd-nspawn mounts a devpts
instance using a correct ptmxmode=0666 within the container-to-be's
/dev/pts, and it adds a compatibility symlink at /dev/ptmx. However, once
systemd takes over as an init in the container,
/lib/systemd/systemd-remount-fs applies mount options from /etc/fstab to
all fileystems. Because the buildroot's template used to not include the
ptmxmode=... option, a default value of 0000 was taking an effect which in
turn led to not being able to allocate any pseudo-terminals.
The relevant kernel option was introduced upstream in commit 1f8f1e29 back
in 2009. The oldest linux-headers referenced from buildroot's config is
3.0, and that version definitely has that commit. Mount options that are
not understood by the system are anyway ignored, so backward
compatibility is preserved.
Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: fix commit title, adjust commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8196b299ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Recent versions of fakeroot have grown support for acl. We don't really
need this since we don't use acls in Buildroot. However, it turns out
that "cp -a" does something funky with acls, with the result that
fakeroot without acl support looses the ownership and permissions on
the copied file. "cp -a" may be (is even likely to be) used in a
BR2_ROOTFS_POST_FAKEROOT_SCRIPT, so we need to support this.
Note that host-acl itself depends on host-attr, so this pulls in two
extra packages in each build. The impact on build time is about 10s.
Cc: Andreas Naumann <dev@andin.de>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2a222446b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We need host-acl to fix issues with fakeroot.
Unfortunately, all the hacks (except the .la fixup) have to be repeated.
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Andreas Naumann <dev@andin.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c83446fcca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The acl build system doesn't use automake, therefore it is broken. It
doesn't use the CFLAGS passed by configure. Work around this by passing
CFLAGS in the environment. The makefiles append to CFLAGS, so this
works.
This issue hasn't led to build failures, but it is visible e.g. when
stack protector is enabled: the stack protector options are not applied
to acl. Also debug and optimisation options aren't applied.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 99c9b0affd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The license is actually closer to ISC than MIT, E.G.:
https://opensource.org/licenses/ISC
vs
https://opensource.org/licenses/MIT
>From COPYING:
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the names of Digital or MIT not be
used in advertising or publicity pertaining to distribution of the
software without specific, written prior permission.
E.G. this is very similar to the normal ISC text which has been extended
with a BSD-3c style advertisinc clause. Both are permissive licenses, but
it is more correct to call it ISC-like.
Notice: As pointed out by Rahul Bedarkar, this may actually be more closely
related to the OpenBSD template license:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.template?rev=HEAD
But that is also based on the ISC license, so calling it ISC-like is still
correct.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aad1591852)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As noticed by Rahul Bedarkar, the cairo library is LGPLv2.1 only
(not LGPLv2.1+) or MPLv1.1.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0768932a02)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream patch for CVE-2017-6429: Buffer overflow when reading crafted
pcap file with large packets.
https://github.com/appneta/tcpreplay/issues/278
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 62bf2bfd53)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2017-2784 - Freeing of memory allocated on stack when validating a
public key with a secp224k1 curve.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 465ce2ea73)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2017-3302 - C client library for MySQL (libmysqlclient.so) has
use-after-free defect which can cause crash of applications using that MySQL
client.
CVE-2017-3313 - Difficult to exploit vulnerability allows low privileged
attacker with logon to the infrastructure where MySQL Server executes to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized access to critical data or complete access to all
MySQL Server accessible data.
And a number of important, but non-security related fixes:
MDEV-11842: Fix a 10.1.21 regression with failed INSERT, BEFORE INSERT
triggers, and columns with no default value
MDEV-12075: Fix a 10.1.21 regression in the InnoDB data file extension code
For details, see the release notes:
https://mariadb.com/kb/en/mariadb/mariadb-10122-release-notes/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 467b38892a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a NULL Pointer Dereference jp2_encode:
https://github.com/mdadams/jasper/issues/120
No CVE assigned yet.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 76da579431)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security fixes:
- Fix several out of bounds reads in the OpenPGP parser
- Fix handling of OpenPGP reserved tag (should be rejected)
- Fix various crashes from malformed packages with invalid tags
Release notes:
http://rpm.org/wiki/Releases/4.13.0.1
This patch also switches from GitHub to rpm.org since the last one seems
to be more up-to-date.
[Peter: use RPM_VERSION_MAJOR as suggested by Jerzy Grzegorek]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7adbcd174a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If building on a machine with MATLAB installed, the MATLAB bindings will
default to ON, which is not the desired behavior for a cross build.
The bindings are designed to be called from within MATLAB, and we are
not currently running MATLAB on buildroot-generated targets.
This does not preclude the use of the bindings from a host connecting
over the network backend (assuming libiio on the host has the bindings
enabled).
Signed-off-by: Matthew Fornero <mfornero@mathworks.com>
Acked-By: Paul Cercueil <paul.cercueil@analog.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f358078b33)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since version 4.1.2, zmqpp is provided under MPLv2.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 87e9391e69)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current code contains some obvious typos.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d830807794)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the code expects both the client and server to be in
/usr/bin, while the client is in /usr/sbin
Fix that.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4aabbeb245)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to src/plugins/platforms/eglfs/deviceintegration/deviceintegration.pro
depends on eglfs_gbm which depends according to src/gui/configure.json
on features.eglfs and features.gbm and features.kms, so dependency
on BR2_PACKAGE_MESA3D_OPENGL_EGL which enables mesa3d gbm support
should be sufficient.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5efe07f9af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add egl config and QT_EGL_NO_X11 define (as all other eglfs project
files do) to src/plugins/platforms/eglfs/eglfs-plugin.pro.
Fixes ([1]):
In file included from .../host/usr/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/EGL/egl.h:39:0,
from ../../../../include/QtEglSupport/5.8.0/QtEglSupport/private/../../../../../src/platformsupport/eglconvenience/qt_egl_p.h:63,
from ../../../../include/QtEglSupport/5.8.0/QtEglSupport/private/qt_egl_p.h:1,
from api/qeglfsglobal_p.h:56,
from api/qeglfsintegration_p.h:54,
from qeglfsmain.cpp:41:
.../host/usr/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/EGL/eglplatform.h:119:22: fatal error: X11/Xlib.h: No such file or directory
compilation terminated.
Makefile.eglfs-plugin:1024: recipe for target '.obj/qeglfsmain.o' failed
make[2]: *** [.obj/qeglfsmain.o] Error 1
make[2]: Leaving directory '.../qt5base-5.8.0/src/plugins/platforms/eglfs'
Makefile:71: recipe for target 'sub-eglfs-plugin-pro-make_first-ordered' failed
make[1]: *** [sub-eglfs-plugin-pro-make_first-ordered] Error 2
[1] http://lists.busybox.net/pipermail/buildroot/2017-March/186158.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5840e8bd50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is an issue with powerpc64le and boost::uuids::random_generator on the
following line of code (from include/boost/uuid/seed_rng.hpp):
sha.process_bytes( (unsigned char const*)&std::rand, sizeof( void(*)() ) )
This line "inspects the first couple bytes (here eight) of the std::rand
function to seed some rng. Due to the implementation of process_bytes and
inlining happening, it seems that one of the loops therein uses &rand-1 as
some boundary, compiling with -O0 makes that reloc come out as 'rand + 0' and
the link will succeed."
See: https://bugzilla.suse.com/show_bug.cgi?id=955832#c7
Fixes:
- http://autobuild.buildroot.org/results/454c0ea393615bae2d1b44be9920f25b5c49fc33
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 00d2a3da72)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, rpi-userland installs files in $(@D)/../../bin/ which is
entirely stupid, especially in cross-compilation.
Get rid of the dubious, broken, custom install command.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ffa39b23f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit [1] doesn't fix this issue for all cases (it doesn't work
when BR2_PACKAGE_GDB_DEBUGGER=y).
So, leave the configure script alone and override
gl_cv_func_gettimeofday_clobber from GDB_MAKE_ENV.
[1] 560334bb2a
Fixes:
http://autobuild.buildroot.net/results/719/719a441421030b79c0aa1bbfb707130f3ac87338
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit faf38b78ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
fedorahosted.org has closed on March 1st, 2017, and we were anyway
already using github as a source for logrotate. This commit therefore
updates the Config.in help text to also use github as the upstream
site.
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit cdb1ab8ca0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
fedorahosted.org has been closed on March 1st, 2017, so use a
different upstream location for the elfutils project.
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 94fba6644e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The somewhat complicated sed expression has been removed in commit
06cd604ec6 ("toolchain/external: use
-dumpversion to check gcc version"), so let's remove the comment that
was explaining this sed expression.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d9fee6b286)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, `--version` option is used and later matched with a regex to get
the actual gcc version. There's a dedicated gcc option to do exactly that:
`-dumpversion`.
Also `--version` may return a string customised by a vendor that provides
the toolchain, which makes the current regex approach error prone. In
fact, this situation has been seen with a real customised toolchain.
Signed-off-by: Krzysztof Konopko <kris@youview.com>
Signed-off-by: Tomasz Szkutkowski <tomasz.szkutkowski@youview.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 06cd604ec6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building sngrep with OpenSSL support in static linking configurations
currently fails due to undefined symbols in the OpenSSL library. It's
the usual problem with using AC_CHECK_LIB() to discover libraries
instead of the pkg-config based PKG_CHECK_MODULES().
Therefore, this commit introduces a patch that switches to using
pkg-config to discover OpenSSL. A preliminary patch is needed, without
which appending to LIBS/CFLAGS doesn't work. Both patches have been
submitted upstream.
Fixes:
http://autobuild.buildroot.net/results/911143de823b2c749ac0a59dfa06adb6ddd3de50/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bfd273d83a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit cherry-picks an upstream patch that fixes a compile error
that was introduced in v2.1.1
Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f80fc852a3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mosquitto combined with version 2.1.0 of libwebsockets yields a failing
system. Version 2.1.1 restores the websocket interface again.
Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 71d54786a3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid
memory write in OpenPGP certificate parsing.
GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing,
related to private key parser. No longer allow OpenPGP certificates
(public keys) to contain private key sub-packets.
GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate
parsing, that could lead in out-of-memory condition.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6fdb2b109b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a buffer-overrun in Bengali.
Switch to https URL to avoid a small delay in protocol redirection.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7bbdd9afa4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The location at ftp.csx.cam.ac.uk only stores 2 latest versions of PCRE.
This results in old (2015.11 and older currently) buildroot versions
timing out on wget several times and having to retrieve the package
from sources.buildroot.org afterwards.
Signed-off-by: Oleg Kitain <okitain@ya.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6d7644df70)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit bf1c9828f2.
This commit was part of the Kodi 17 series and was committed too early,
current Kodi 16 is incompatible with this bump and needs to be
reverted, fixes https://bugs.busybox.net/show_bug.cgi?id=9711
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9642d9589c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 2ac3045453.
This commit was part of the Kodi 17 series and was committed too early,
current Kodi 16 is incompatible with this bump and needs to be
reverted, fixes https://bugs.busybox.net/show_bug.cgi?id=9711
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3e05aa6f53)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gdk-pixbuf-loader support is enabled by default but it silently fail to
generate gdk-pixbuf.loaders file when host != target.
For exemple on ARM target:
output/host/usr/bin/gdk-pixbuf-query-loaders ./libpixbufloader-svg.la
g_module_open() failed for output/build/librsvg-2.40.16/gdk-pixbuf-loader/./libpixbufloader-svg.la: output/build/librsvg-2.40.16/gdk-pixbuf-loader/./.libs/libpixbufloader-svg.so: wrong ELF class: ELFCLASS32
But it doesn't break the build.
When host = target using the Sourcery CodeBench AMD64 2016.11 toolchain
optimized for x86_68 AMD Puma/Jaguar or AMD Steamroller, it break the
build due to "Illegal instruction".
output/host/usr/bin/gdk-pixbuf-query-loaders libpixbufloader-svg.la
Illegal instruction (core dumped)
Since this option is broken for cross-compilation, disable it.
Fixes:
http://autobuild.buildroot.net/results/393/393145bc9bcb93d6df55ec8c63725c3d9a299957
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7372c80cc5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
