Fixes a buffer overflow which may allow an attacker to gain write
access to memory.
CVE requested but not yet assigned.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Raise an error if the host is using an older kernel than the target.
Since qemu-user passes emulated system calls to the host kernel,
this prevents usage of qemu-user in situations where those system
calls will fail.
This is based on an original patch from Frank Hunleth
<fhunleth@troodon-software.com>, but completely rewritten in a
different way:
* Instead of using shell based testing, we use pure make tests, which
allows to detect the problem not when host-qemu starts to build,
but at the very beginning of the entire Buildroot build.
* Instead of looking at $(STAGING_DIR)/usr/include/linux/version.h
(which requires having a dependency on the 'toolchain' package,
which is a bit unusual for a host package), we use the
BR2_TOOLCHAIN_HEADERS_AT_LEAST Config.in option which tells us the
version of the kernel headers used in the toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Frank Hunleth <fhunleth@troodon-software.com>
This allows qemu-user to be selected by the user. One use case
for this is to call qemu-user from post build scripts to
run regression tests against the build.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Use proper status messages, make spacing standard instead of a mix of
spacing/tabbing, drop boringly obvious comment from the header.
Also make reload = restart since ntpd doesn't handle reloading resulting
in the old reload being 'stop'.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop redundant IP version and double default restrict.
Tweak KoD and other defaults for properness.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2014-9293 - ntpd generated a weak key for its internal use, with
full administrative privileges. Attackers could use this key to
reconfigure ntpd (or to exploit other vulnerabilities).
CVE-2014-9294 - The ntp-keygen utility generated weak MD5 keys with
insufficient entropy.
CVE-2014-9295 - ntpd had several buffer overflows (both on the stack and
in the data section), allowing remote authenticated attackers to crash
ntpd or potentially execute arbitrary code.
CVE-2014-9296 - The general packet processing function in ntpd did not
handle an error case correctly.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adds support for displaying more than 127 lines.
Also, switch to a git tree that carries the latest version.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The latest version is only available from git.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
rebar is used to compile Erlang packages.
We need host variant so as to be able to provide it to Erlang packages
that do not bundle their own version, or bundle a broken version.
Since this is a host-only package, used only internally, we do not
provide a Kconfig option for it. Packages that need it will depend on
it.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
[yann.morin.1998@free.fr: extract host-rebar to its own patch]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit bumps opkg to 0.2.4, and adds a new patch to fix a build
failure apparently caused by the recent bump of the libtool version:
http://autobuild.buildroot.org/results/5fc/5fc9fa24563213d1ad77e55ab52c8e59bf21055f/
It also refreshes the existing patch, turns it into a Git formatted
patch, and fixes a typo in its title.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove the quotes from the BR2_TARGET_UBOOT_SPL_NAME variable.
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Point out that the SPL name is an image name.
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Building an SPL image depends on the board configuration. This option
does not enable the SPL build, but only copies the built SPL image to
the binary images folder. The current help text is misleading.
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The libnss_wins and libnss_winbind libraries were installed in this way:
/lib/libnss_<service>.so
/lib/libnss_<service>.so.<major> -> /lib/libnss_<service>.so
This had been done like this in order to get something similar to the
other NSS libraries, which are usually installed in this way:
/lib/libnss_<service>-<version>.so
/lib/libnss_<service>.so.<major> -> /lib/libnss_<service>-<version>.so
However, besides these files, these other NSS libraries usually come
installed with:
/usr/lib/libnss_<service>.so -> /lib/libnss_<service>.so.<major>
This means that the NSS libraries follow the usual library installation
practice, i.e. that the non-versioned .so is a symlink to the versioned
.so, so that switching versions is easy. In the case of the NSS
libraries, the versioned .so is just also a symlink to a .so with a more
accurate version.
Hence, follow the same rules for libnss_win*.so*, and install these
libraries the other way around:
/lib/libnss_<service>.so -> /lib/libnss_<service>.so.<major>
/lib/libnss_<service>.so.<major>
This is also how these libraries are installed by a major OS like Ubuntu
14.10:
/lib/x86_64-linux-gnu/libnss_winbind.so -> libnss_winbind.so.2
/lib/x86_64-linux-gnu/libnss_winbind.so.2
/lib/x86_64-linux-gnu/libnss_wins.so -> libnss_wins.so.2
/lib/x86_64-linux-gnu/libnss_wins.so.2
Signed-off-by: Benoît Thébaudeau <benoit.thebaudeau.dev@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This ccache support for host-cmake-package uses the same logic as the
one done for the target packages in the toolchainfile.cmake file.
[Thomas: fix lots of mistakes.]
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Backport a patch applied upstream to allow building without Qt
accessibility.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Libiio is a library to ease the development of software interfacing
Linux Industrial I/O (IIO) devices.
http://wiki.analog.com/resources/tools-software/linux-software/libiio
[Thomas:
- Remove changelog from the commit log.
- Rename init script to S99iiod instead of S99iiod.sh
- Remove "status" command from init script, and implement "restart"
instead.
- Add dependency on thread support in toolchain.
- Fixup indentation in the .mk file.
- Fixup wrapping in the Config.in help text.]
Signed-off-by: Paul Cercueil <paul.cercueil@analog.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-pipe is causing some build failures in Linux kernel >= 3.17.
Also, nowadays, using -pipe does not gain as much as it used to back in
the days:
Measurements made with a 3.16.7 Linux kernel:
make linux-depends
time sh -c 'make linux-build >/dev/null 2>&1'
Without -pipe:
716.32user 54.44system 3:42.12elapsed 346%CPU
721.22user 54.47system 3:41.81elapsed 349%CPU
722.44user 54.00system 3:42.13elapsed 349%CPU
721.03user 53.81system 3:41.92elapsed 349%CPU
713.21user 53.63system 3:40.51elapsed 347%CPU
706.67user 52.42system 3:38.40elapsed 347%CPU
714.40user 53.18system 3:40.16elapsed 348%CPU
706.01user 53.09system 3:37.87elapsed 348%CPU
705.98user 53.01system 3:38.03elapsed 348%CPU
714.17user 53.55system 3:39.98elapsed 348%CPU
Average: 3:40.29elapsed
With -pipe:
720.13user 53.90system 3:41.98elapsed 348%CPU
713.38user 53.69system 3:40.44elapsed 347%CPU
711.60user 52.81system 3:39.06elapsed 348%CPU
708.66user 53.09system 3:38.59elapsed 348%CPU
711.76user 53.00system 3:38.48elapsed 350%CPU
717.85user 53.97system 3:41.77elapsed 348%CPU
716.77user 53.77system 3:40.91elapsed 348%CPU
717.48user 53.65system 3:41.24elapsed 348%CPU
721.44user 55.67system 3:43.45elapsed 347%CPU
724.61user 55.63system 3:43.35elapsed 349%CPU
Average: 3:40.93elapsed
The delta is well in the measurement noise.
Just get rid of it.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@openwide.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When both shared and static libs are enabled, we have two shell
constructs to run, but they are not properly separated, leading to build
failures like:
ln -sf libncursesw.a /home/idnc_sk/IOLINUX/builds/micro-x86_64-corei7/
output/host/usr/x86_64-buildroot-linux-uclibc/sysroot/usr/lib/libcurse
s.a for lib in libncurses libmenu libpanel libform; do ln -sf ${lib}w.
so /home/idnc_sk/IOLINUX/builds/micro-x86_64-corei7/output/host/usr/x8
6_64-buildroot-linux-uclibc/sysroot/usr/lib/${lib}.so; done
/bin/bash: -c: line 0: syntax error near unexpected token `do'
/bin/bash: -c: line 0: `ln -sf libncursesw.a /home/idnc_sk/IOLINUX/bui
lds/micro-x86_64-corei7/output/host/usr/x86_64-buildroot-linux-uclibc/
sysroot/usr/lib/libcurses.a for lib in libncurses libmenu libpanel lib
form; do ln -sf ${lib}w.so /home/idnc_sk/IOLINUX/builds/micro-x86_64-c
orei7/output/host/usr/x86_64-buildroot-linux-uclibc/sysroot/usr/lib/${
lib}.so; done'
As can be seen, there is a missing semi-colon ';' between the symlink
command and the for loop:
ln -sf libncursesw.a [...]/libcurses.a for lib in [...]
Fix that by adding a semi-colon after each first shell constructs, to
properly separate the two. If the second one is not enabled (i.e. for a
static-only build), there is a trailing semi-colon, but that's perfectly
valid shell syntax.
Reported-by: idnc_sk on IRC
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- Remove dependency on host-python-markdown, apparently not needed
(it builds fine in a minimal chroot, which doesn't have
python-markdown installed)
- Remove runtime dependency on markdown, I can run Cheetah basic
examples without python-markdown installed.
- Add dependency on Python 2 only, since it doesn't build for Python
3.]
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- Remove host variant of python-markdown, as it is not needed.
- Add runtime dependency on Python XML module.]
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>