The bundled tinysvcmdns library is affected by CVE-2017-12087 [1]:
> An exploitable heap overflow vulnerability exists in the tinysvcmdns library
> version 2016-07-18. A specially crafted packet can make the library overwrite
> an arbitrary amount of data on the heap with attacker controlled values. An
> attacker needs send a dns packet to trigger this vulnerability.
shairport-sync has incorparated upstreams fixes in [2].
[1] https://bugs.launchpad.net/bugs/cve/2017-12087
[2] 1dbdf94811
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add 0001-Fix-detect-dlmopen-and-disable-corresponding-tests-i.patch to
detect if dlmopen() exists and disable parts of the build accordingly if
not. This fixes a bug when building with musl or uClibc-ng.
Add 0002-Fix-src-common-pipe.h-include-sys-types.h-for-ssize_.patch to
fix an #include bug when building with musl.
Add 0003-Fix-warning-src-bin-lttng-utils.c-cast-incompatible-.patch to
remove compilation warnings.
All three new patches are in upstream's master branch as of this date
and will be part of an eventual release.
Fixes:
http://autobuild.buildroot.net/results/e37a5c69e2a9f9cd7c0705331e205c1ee20808e7/
(musl)
http://autobuild.buildroot.net/results/b2670e6d1928649aefa7fbc748858e6036585f01/
(uclibc)
Signed-off-by: Philippe Proulx <eeppeliteloop@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The fiber module uses the cpu_relax() macro, for which the MIPS
implementation uses the "pause" instruction, only available since
mips32r2 and mips64r2. In order to avoid build failures on
mips32/mips64, we disallow the selection of the fiber module for such
architecture variants.
This solution was suggested by Arnout Vandecappelle.
Fixes:
http://autobuild.buildroot.net/results/0439790b6f472e3d4b2d5431a05aa5b408f62e56/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 3861ce09d0.
As reported on IRC, runc v1.0.0-rc4 is not compatible with the docker-engine
version we are using, so lets revert for 2017.11:
20:27 < eschu> It looks like 25 days ago buildroot had runc updated to
1.0.0-rc4, which breaks compatibility with the docker-engine
version 17.05. Is there somewhere issues like this are
reported? Or is it just expected on non-release versions of
buildroot?
20:47 < Jacmet> eschu: ahh, so the new runc doesn't work with the old
docker-engine? what kind of errors do you get exactly?
20:49 < eschu> Jacmet: yes, runc made a change from -console to
--console-socket, which results in "Incorrect Usage" error
"flag provided but not defined: -console"
20:51 < eschu> Jacmet: basically docker-engine 17.05 uses -console, but
support for that was cut off in runc around the first 1.0.0
versions. I'll check the patches out, or might just
downgrade to buildroot 2017.08 release
20:51 < agb> Jacmet: unfortunately this issue has hit a number of distributions
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877146
20:53 < Jacmet> agb: thanks. I'll send a revert for 2017.11 and hopefully
we can make progress on the other docker packages for
2018.02
Cc: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add upstream patch to fix examples compile without OpenGL support, in
the Qt 5.9 version of qt5declarative.
Fixes [1]:
In file included from fbitem.h:49:0,
from mainwindow.cpp:42:
logo.h:52:11: error: 'GLfloat' does not name a type
const GLfloat *constData() const { return m_data.constData(); }
^
logo.h:57:15: error: 'GLfloat' has not been declared
void quad(GLfloat x1, GLfloat y1, GLfloat x2, GLfloat y2, GLfloat x3, GLfloat y3, GLfloat x4, GLfloat y4);
^
[...]
Makefile:610: recipe for target '.obj/mainwindow.o' failed
make[5]: *** [.obj/mainwindow.o] Error 1
make[5]: Leaving directory '.../build/qt5declarative-5.9.2/examples/quick/quickwidgets/qquickviewcomparison'
Makefile:70: recipe for target 'sub-qquickviewcomparison-make_first' failed
make[4]: *** [sub-qquickviewcomparison-make_first] Error 2
make[4]: *** Waiting for unfinished jobs....
[1] http://autobuild.buildroot.net/results/cef4abbe043f3aaad03c73e07cfab9d24c3d0fc9
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add upstream patch 'Don't include <xlocale.h>'.
Fixes Bug-10501 ([1]):
In file included from ./include/locale.h:1:0,
from /usr/include/libintl.h:103,
from ./include/libintl.h:2,
from glibc/locale/programs/charmap.c:25:
glibc/locale/locale.h:146:11: fatal error: xlocale.h: No such file or directory
# include <xlocale.h>
[1] https://bugs.busybox.net/show_bug.cgi?id=10501
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes the following security issues:
- CVE-2017-14746:
All versions of Samba from 4.0.0 onwards are vulnerable to a use after
free vulnerability, where a malicious SMB1 request can be used to
control the contents of heap memory via a deallocated heap pointer. It
is possible this may be used to compromise the SMB server.
- CVE-2017-15275:
All versions of Samba from 3.6.0 onwards are vulnerable to a heap
memory information leak, where server allocated heap memory may be
returned to the client without being cleared.
There is no known vulnerability associated with this error, but
uncleared heap memory may contain previously used data that may help
an attacker compromise the server via other methods. Uncleared heap
memory may potentially contain password hashes or other high-value
data.
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.6.11.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 56b611a972. This
patch was intended for the next branch, not the master branch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Latest bump to v0.13.0 didn't take care of the following upstream
commit:
7bfbf71 v4l2: Rename to v4l2video and add switches to enable/disable sink/source
To address that, this commit:
- Uses the new name of the v4l2 source configure script option
- Introduce a new Config.in option to control the build of the v4l2
sink support
Fixes:
http://autobuild.buildroot.net/results/5c404a2a28a4052056e5c9a7edda40641fe55f9e
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update the help text to reflect features added in recent versions.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since binutils commit 1a9ccd70f9a7 ("Fix the linker so that it will not
silently generate ELF binaries with invalid program headers. Fix readelf
to report such invalid binaries.") the behaviour has changed and
binutils tries to create a program header segment for which there is no
space. Thanks to Nicholas Piggin and his patch to Linux:
https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=ff45000fcb56b5b0f
Cedric fixed this in kvm-unit-tests commit 95062c20790d ("powerpc: add
-n to LDFLAGS") so bump to that version.
Since the patch 0001-remove-werror.patch needs to be adjusted, we take
this opportunity to reformat is as a Git patch.
Fixes:
http://autobuild.buildroot.net/results/80825b492abf61313637b109d6a0944b38d5f739
Signed-off-by: Cyril Bur <cyrilbur@gmail.com>
[Thomas: add necessary hash change, refresh patch that was not
applying anymore.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
boot.cmd using dts file instead of dtb which was
added in below commit, so fix the same.
"board: Add Bananapi M1 support"
(sha1: 5f50fb8d1d)
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a patch to Qt that adjusts its build system to
properly support building on non-x86 platforms. The problem was due to
the PLATFORM and XPLATFORM variables having the same value when
building on a ppc64le system targetting an uncommon architecture
(Xtensa or ARC for example). We fix this problem by making sure
PLATFORM and XPLATFORM will always be different.
Fixes the following build failures occuring on gcc112 (a ppc64le
autobuilder machine):
http://autobuild.buildroot.net/results/527747a2fbb31195bb6fdb37cfdaa624e69b7d68/
(qt on xtensa)
http://autobuild.buildroot.net/results/7db1265f6f34be3a498881564292517a8fc0e44e/
(qt on ARC)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit fixes the following build issue of libfastjson with old
enough compilers (4.8) and wchar disabled:
json_object.c: In function 'fjson_object_object_delete':
json_object.c:385:3: error: 'for' loop initial declarations are only allowed in C99 mode
for (int i = 0 ; i < FJSON_OBJECT_CHLD_PG_SIZE ; ++i) {
^
The code of libfastjson requires C99. If your compiler is recent
enough (gcc 5.x), then no problem, it is C99 by default, no additional
flags are needed.
If your compiler is older (for example gcc 4.8), then -std=c99 or
-std=gnu99 is explicitly needed to tell the compiler to accept C99
constructs. Testing the compiler for the availability of such flags is
done by libfastjson configure script. However, the test program used
by the configure script uses some wchar_t types, and therefore the
test checking for C99 availability fails on toolchains with wchar
disabled. From config.log:
configure:3928: checking for /home/test/buildroot/output/host/usr/bin/i586-buildroot-linux-uclibc-gcc option to accept ISO C99
[...]
configure:4077: /home/test/buildroot/output/host/usr/bin/i586-buildroot-linux-uclibc-gcc -std=gnu99 -c -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
conftest.c:54:3: error: unknown type name 'wchar_t'
const wchar_t *name;
^
So, just like we did in libv4l in commit
f01396a158 ("libv4l: fix uclibc-ng
configure/compile"), let's hint directly the configure script that it
should use -std=gnu99. This fixes the build of libfastjson with old
compilers and wchar disabled.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is needed to get the autobuilders to use a toolchain that
includes the fix merged in 9d544feb8a
("fwup: fix for ARC toolchain").
In addition, this new toolchain version also fixes for real the RPATH
issue that should have been fixed by
f90f28a6df, but wasn't done properly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit 06a4975d4b (qt5: bump LTS version to 5.6.3) added an empty hash
for the 5.6.3 variant of qt5webkit, causing failures.
It also forgot to adjust the download URL as the qt5webkit tarballs are no
longer available under official_releases/ like the other submodules, but only
under community_releases/.
Fix both issues.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, ssl support is implicitely disabled in the initial configure
options. This overrides the check for openssl below.
libpjsip is also currently only compatible with libopenssl. Change
the check to LIBOPENSSL instead of openssl, and depend on libopenssl.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Quoting release notes
https://www.samba.org/samba/history/samba-4.6.10.html
"This is an additional bugfix release to address a possible data
corruption issue. Please update immediately! For details, please see
https://bugzilla.samba.org/show_bug.cgi?id=13130
Samba 4.6.0 and newer is affected by this issue."
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Contains a number of important fixes. From the relase notes:
https://lists.zx2c4.com/pipermail/wireguard/2017-November/001935.html
* netlink: plug memory leak
* qemu: check for memory leaks
There was a small memory leak on the netlink configuration layer that's now
been fixed.
* netlink: make sure we reserve space for NLMSG_DONE
A rather important change - due to an upstream kernel bug, that's existed
since the advent of netlink itself, sometimes wg(8) failed to receive valid
data back from kernelspace, resulting in "ENOBUFS" when trying to dump all
peers. This patch works around it while we wait for upstream to commit the
fix.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, we do a full git clone of the repository, which takes quite
some time, especially on slow networks.
This was done like that because the initial patch was using the official
repository as the source of the download, and that repository did not
offer remotely-generated tarballs.
But now we've switched to using a mirror on github, which does provide
such a tarball, which provides faster downloads.
Use that.
However, the tarball from github differs from the one we were generating
locally, because the paths inside are different. WE used to create a
archive with paths starting with glibc-glibc-2.26-73-g4b692dfb95[...],
while github does away with the git-describe prefix, and generates paths
that start with just glibc-4b692dffb95[...]. The content are exactly
identicall (checked with a diff), though.
Update the hash accordingly.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 1e5a8916b2.
The idea was that the version string can be derived because we know the
package name.
However, this patch does not account for the fact that $(pkgname) always
points to the latest pacakge scanned, which in all other situation we're
using it, is the current package, because it is used inside one ot he
xxx-inner macros that are $(eval)ualed. So $(pkgname) is evaluated
"early" and gets the expected value.
However, the github value is not in one of those macros, so it gets
evaluated "late", when doing the actual download. So, by that time,
$(pkgname) will expand to the last package scanned, which is actuall the
manual (without a br2-external tree).
That would require that the _SITE variable be assigned with the :=
assignment operator. This is weird, because that would make it the only
variable to require that, but only when using the github helper, which
is even less obvious and would cause a lot of trouble...
The obvious fixup would seem to be to use $(PKG) instead, because that
already contains the upper-case package name that vcan be used as a
prefix to variables.
However, that does not work either, because we have a check that forbids
a trsailing slash in _SITE, check that is done in pacakge/pkg-generic,
inside the xxx-inner macro, during the $(eval) call.
And at that time, PKG is not yet defined, because it is only defined for
an actual recipe.
So we can't seem to have a workable solution. So, just revert the patch.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes
"mesa3d is in the dependency chain of xapp_xdriinfo that has added it
to its _DEPENDENCIES variable without selecting it or depending on it
from Config.in."
http://autobuild.buildroot.net/results/d8a/d8aeed2f64e21a277eb0bc5dc08d2339a14c682e/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, FreeRDP uses pkg-config to find whether wayland is available.
When it is, it gets the CFLAGS and LDFLAGS and so on from pkg-config,
which is OK.
But I also gets the path to the wayland scanner from pkg-config. And
this points to the target one, when we really need the host one.
So we force-feed the correct path as a configure option.
Furthermore, wayland support needs libxkbcommon, so add this missing
dependency as well.
Fixes:
http://autobuild.buildroot.org/results/bdfe233ade36a56d0f65ef3c3d1698fca548beed/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport a patch from upstream.
Partially fixes:
http://autobuild.buildroot.org/results/81aa66ddd88919295ccb5f34b527b737627263a7/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
FreeRDP now has support for writing to the journal, so we must ensure
proper dependency and correct options.
Partially fixes:
http://autobuild.buildroot.org/results/81aa66ddd88919295ccb5f34b527b737627263a7/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, we only depend on host-pkgconf for gstreamer-0.x
However, we also need it at least for gstreamer-1.x and waylabnd, too.
But since FreeRDP is a cmake package, host-pkgconf is always pulled in
as a dependency by the cmake-package infrastructure.
So, drop the gstreamer-conditional host-pkgconf dependency.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Samuel Martin <s.martin49@gmail.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
