Fixes CVE-2015-1349 - Revoking a managed trust anchor and supplying an
untrusted replacement could cause namedto crash with an assertion
failure.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package needs to load plugins to do its job. Those plugins are
shared objects (.so) which are loaded using 'dlopen()', so it makes no
sense to enable this package when doing static builds where 'dlopen()'
is not available.
Fixes:
http://autobuild.buildroot.net/results/cd5/cd52b739370d57b5ecbc6472b8c7f1126700e85f/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some Erlang packages provide a bin directory for programs that are to be
invoked from the command line. An example of such a package is the Lisp
Flavored Erlang compiler. The Erlang OTP library includes several more
examples (it doesn't use rebar, though.) This change makes sure that the
bin directory gets installed too.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix HOSTCC typo that would cause host-rebar builds to fail.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable the 'load' operation for static builds since it needs dlopen and
friends. Otherwise it will fail with an error message like this one:
load.o: In function `load_file':
load.c:(.text+0x2a8): undefined reference to `dlopen'
load.c:(.text+0x2c4): undefined reference to `dlerror'
load.c:(.text+0x308): undefined reference to `dlsym'
load.c:(.text+0x33c): undefined reference to `dlopen'
load.c:(.text+0x35c): undefined reference to `dlsym'
load.c:(.text+0x380): undefined reference to `dlopen'
load.c:(.text+0x39c): undefined reference to `dlopen'
load.c:(.text+0x3a0): undefined reference to `dlerror'
load.c:(.text+0x42c): undefined reference to `dlsym'
load.c:(.text+0x470): undefined reference to `dlsym'
load.c:(.text+0x48c): undefined reference to `dlerror'
load.o: In function `unload_file':
load.c:(.text+0x63c): undefined reference to `dlclose'
collect2: error: ld returned 1 exit status
Fixes:
http://autobuild.buildroot.net/results/9e3/9e39039b6db79a46990cd9bdcb179289e38d9f31/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't use anymore the alternate download site beacause it does not
conatins anymore older versions, instead use the official download site
because now it contains even the older versions.
Signed-off-by: Fabio Porcedda <Fabio.Porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-9680 - A user with sudo access may be able to exploit
parsing bugs in the time zone parsing functions of the system's C
library functions. The user may also be able to read arbitrary files,
potentially causing changes in system behavior when reading certain
device special files or simply causing the program run via sudo to
block.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Just like we're passing --with-libpthread-prefix, we also need to pass
--with-librt-prefix in order to avoid having the gnutls build system
detect the librt in /usr/lib, and pass -L/usr/lib to the linker flags.
Fixes:
http://autobuild.buildroot.org/results/fa5/fa58602cb78ffe3ae4ee389ef5cf5a37b7657c4c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes http://autobuild.buildroot.net/results/92c/92c3fb4ddb934115b228652bb8c972bb7459bb40/
While the -fuse-ld=gold flag is related to linking, it is an argument to the
compiler driver to tell it what linker to execute, NOT an option to tell the
linker to behave differently.
So it shouldn't get prefixed with -Wl when passed though the compiler driver.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2015-0255 - Information leak in the XkbSetGeometry request of X servers
http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libsepol use the same build system than libselinux,
so it's affected by the same issue.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
mplayer fails to compile with the following error message:
libmpdemux/demux_gif.c: In function 'demux_open_gif':
libmpdemux/demux_gif.c:260:3: error: too few arguments to function
'DGifOpen'
gif = DGifOpen(demuxer->stream, my_read_gif);
Backport an upstream patch to support newer versions of libgif in
mplayer. Unfortunately this patch is incomplete and mplayer stills
failing to compile with a new error message:
libvo/vo_gif89a.c: In function 'uninit':
libvo/vo_gif89a.c:374:3: error: too few arguments to function
'EGifCloseFile'
EGifCloseFile(new_gif); // also frees gif storage space.
So I have written a new patch and submitted it upstream to finally fix
the problem.
Upstream commit:
a0ddaef545
New submitted patch:
https://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2015-February/072848.html
Fixes:
http://autobuild.buildroot.net/results/a51/a510a0ab2cb827bb91b4fdec43055f2bfda239b1/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Like for lingcrypt and openssl, help the configure script to find
zlib installed in STAGING_DIR.
Otherwise, It might find the one installed on the host:
checking how to link with libz... /usr/lib/libz.so -Wl,-rpath -Wl,/usr/lib
Fixes:
http://autobuild.buildroot.net/results/93b/93b43e114f21a22f0f8b7d7dd6774c089c426cd1
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that we have absolutely zero reference to the avr32 architecture, we
can now really decommission the symbol.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Slightly reword a comment to no longer mention avr32.
This part dealing with sysroot detection will have to be reworked, now
that we got rid of avr32: we can now require a fully sysroot-aware
toolchain, i.e. at least gcc-4.4.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
avr32 was slated for removal in 2015.02. Make it so!
This patch only definitively hides the symbol. When all references
to it are eradicated (to come in followup patches), we'll eventually
kill the symbol altogether.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When Buildroot is configured to append the root filesystem to the Linux
kernel as initramfs, Buildroot sets the path to the initramfs source
dynamically in the Linux configuration file.
As this path is specified as an absolute path, typically being different
for different users of the same project (e.g. containing a username),
saving the configuration to a version control system (for example using
'make linux-update-defconfig') would result in a difference for this
path at every invocation by a different user.
Although this is technically not an issue, it is confusing that this
generates a difference.
Address this issue by using a not-yet-expanded make variable to specify
the path to the initramfs source. That variable will be expanded by the
Linux build system, which uses it both as a Makefile variable and a
shell variable; thus, it needs to be specified in LINUX_MAKE_ENV (so
it is exported and available in sub-processes of make). Any saved
configuration file would simply contain the reference to the
not-yet-expanded variable.
As in the Linux build system, the config variables are both read from
make as from a shell script, we cannot use $() syntax as this would be
interpreted as a command invocation by the shell. Instead, use ${}
syntax which is interpreted as variable reference both by the shell as
by make.
[Thomas:
- Really make the patch work by using $(LINUX_MAKE_ENV) instead of
$(TARGET_MAKE_ENV). Otherwise, the new BR2_BINARIES_DIR variable is
not passed at all stages of the build process, which makes the
build fail when an initramfs is used.]
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: "Yann E. Morin" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- use $(BAREBOX_DIR) instead of $(@D) when defining
BAREBOX_SOURCE_CONFIG, because $(@D) has no value at this point
since we're outside of a make rule. This was causing Barebox to be
constantly rebuilt, since the defconfig path was not a full path,
it was looking like: '/arch/arm/configs/tegra_v7_defconfig'. The
solution of using $(BAREBOX_DIR) has been used to mimic was is done
in the linux package, which uses $(LINUX_DIR).]
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: "Yann E. Morin" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Even though this is not strictly necessary with the current version
of barebox.mk, it becomes necessary when migrating barebox.mk to the
kconfig infrastructure.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: "Yann E. Morin" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Migrate the linux package to the kconfig infrastructure.
A notable change compared to the original behavior:
- the targets linux-update-(def)config are now always saving the config
file, even for a defconfig bundled in the linux sources. This is done
to keep the kconfig infrastructure simple.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: "Yann E. Morin" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Even though this is not strictly necessary with the current version of
linux.mk, it becomes necessary when migrating linux.mk to the kconfig
infrastructure.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: "Yann E. Morin" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. Morin" <yann.morin.1998@free.fr>
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Some packages (like linux) may install things inside images/ as well, so
remove the associated stamp file after running the configuration editor.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: "Yann E. Morin" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
