Fixes CVE-2017-7467 - minicom and prl-vzvncserver vt100.c escparms[] buffer
overflow.
For more details about the issue, see the nice writeup on oss-security:
http://www.openwall.com/lists/oss-security/2017/04/18/5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removing clear and reset from the busybox config when the ncurses tools
are enabled is not really needed.
Since commit 802bff9c42, the busybox install will not overwrite
existing programs. Therefore, the tools will be installed correctly
regardless of the order of the build:
- if busybox is built first, the clear and reset apps are installed,
but they will be overwritten by ncurses;
- if ncurses is built first, it will install the clear and reset apps,
and busybox will no longer install them.
We prefer not to modify the busybox configuration when not strictly
necessary, because it is surprising for the user that his configuration
is not applied. Clearly, it's not ideal that busybox is configured with
redundant apps, but if the user wants to shrink it, it's possible to
provide a custom config.
This partially reverts commit 33c72344a8.
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Library is licensed under BSD-3-Clause. Some programs are licensed
under GPL-2.0+ while other are BSD-3-Clause. Annotate licenses with
components and improve readability of license strings when
conditionally specifying license for programs using := instead of +=.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
python-json-schema-validator supports Python 3, so there's no reason
to limit it to Python 2 only.
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Matthew Carruth <carruthm@gmail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
python-versiontools supports Python 3, so there's no reason to limit
it to Python 2 only.
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Matthew Carruth <carruthm@gmail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit fixes another brown-paper-bag issue that I've introduced by
my following patch:
toolchain: Bump ARC tools to arc-2017.03-rc1
(5f8ef7e25c)
arc-2017.03-rc1 differs a bit from 2.28. And so corresponding
of-the-tree patch should be updated appropriately.
Fixes target binutils build for arc:
http://autobuild.buildroot.net/results/f67/f67c905979870936d8050a505b61186be6dad85d//
[Peter: tweak commit message]
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove 0003-fix-build-with-have-gl.patch which is already included in
this release.
Remove --{enable|disable}-standard-gl configure option because it
doesn't exist.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The check-package script when ran gave warnings on only using
one space before backslashes on all of these makefiles.
This patch cleans up all warnings related to the one space before
backslashes rule in the make files in the package directory.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The header was non-standard according to check-package.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit bumps ARC toolchain to arc-2017.03-rc1
Please note that it is a release candidate and it might contain some
breakages, please don't use it for production builds.
Also I have updated patches for binutils as our source files in
binutils differ comparing to 2.28.
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Both packages are coupled, so both are bumped and build-tested.
The atomics' support patch is no longer needed, and neither is the
autoreconf option, and SPARC64 is no longer broken.
To make sure of this, one config of each of the following archs was
tested (base defconfig in parens):
- PowerPC (qemu_ppc_g3beige_defconfig)
- SPARC (qemu_sparc_ss10_defconfig)
- SPARC64 (qemu_sparc64_sun4u_defconfig)
Signed-off-by: Mario J. Rugiero <mrugiero@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We have a host-util-linux, so we can use it to provide libblkid and
libuuid. This makes it consistent with the target package.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In fact, uuidgen was never built because we pass --disable-libuuid. So
the option was a NOP.
Remove the license info for libuuid.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
[Arnout:
- do not remove --disable-uuidd - even though that is implied by
--disable-libuuid, it's better to be explicit about it;
- remove license info of libuuid]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We decided some time ago that config entries with 5 or more suboptions
should be turned into a menuconfig. e2fsprogs has many more than that.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
sf.net redirects to sourceforge.net, so directly use that as upstream
URL. Config.in.host already uses that URL.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
[Arnout: remove trailing /]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The curious ones will find the release notes here:
https://github.com/kergoth/tslib/releases
Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop upstream patch.
Add two more patches to deal with musl build issues.
Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Security fixes:
- CVE-2017-7468: switch off SSL session id when client cert is used
Full changelog: https://curl.haxx.se/changes.html
Removing 0001-CVE-2017-7407.patch. It's included in this release:
1890d59905
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Xenomai has many configure options that users may or may not want to set.
Providing individual Buildroot config options for every single one of them
is not maintainable.
Therefore, add a string option to allow the needed flexibility.
Important options, or those that have 'select/depends on' impact, can still
be turned into real Buildroot config options.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas: rewrap Config.in help text.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add a config option to enable the Xenomai registry, which allows accessing
internal Xenomai state.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas:
- add missing Config.in comment.
- rewrap Config.in help text.
- tweak the .mk file logic for the registry path to avoid the super
long line.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Xenomai 3 installs quite some utils and other programs to the target
filesystem, many of which will not be used by most users.
As it is currently unclear which utils are effectively useful, and as it is
undesirable to create config options for each individual util, remove all
remaining utils such that only the Xenomai libraries remain.
At the point it becomes clear that certain utils _are_ desired by some
users, we can identify how to group them in relevant config options.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since Xenomai 3, the list of installed binaries/scripts of the testsuite is
different than before.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since Xenomai 3, the list of files installed for Analogy is longer, causing
the extra files to remain on the target filesystem even if Analogy is not
selected.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Xenomai has a skin 'Smokey' that Buildroot is currently unaware of, which
means that the associated files are present on target even though most users
will not need them.
Add a config option and associated logic to remove the skin if not selected.
Additionally, fixup order of VxWorks skin removal entry.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Clarify the Xenomai config options by grouping the skin-related options in a
separate menu.
Additionally:
- update proper capitalization of skin names
- sort entries
- replace 'skin library' by 'skin' to match the terminology in Xenomai
sources
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since the introduction of Xenomai 3, the native skin is dubbed Alchemy.
Update the config menu (but leave the symbol name to avoid hurting existing
users needlessly) and fix the unselected-skin cleanup code.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Xenomai sources contain much more license files than we currently list, so
complete the current list.
Based on:
find | grep -Ei 'copying|license|copyright' | sort
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
0001-nodoc.patch is no longer necessary since a new --disable-doc
configure option has been added by this commit:
https://dev.mutt.org/hg/mutt/rev/b45bfce1bb0e
Use that option and remove the patch. Since we are not patching
Makefile.am we also don't need to autoreconf.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Ensure that GTest is compiled with -fPIC to allow linking the static
libraries with dynamically linked programs. This is not a requirement
for most architectures but is mandatory for ARM.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
CVE-2017-5461 - Out-of-bounds write in Base64 encoding in NSS. Might cause
remote arbitrary code execution
(https://access.redhat.com/errata/RHSA-2017:1100).
CVE-2017-5462 - DRBG flaw in NSS
Drop 0001-cross-compile.patch and TARGET* variables. Upstream Makefile now
allows override of CC, so use TARGET_CONFIGURE_OPTS instead.
Drop upstream 0003-it-uninitialized-fix.patch.
Renumber the remaining patch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The latest docker-engine release changes the vendor tree slightly. The
Go tool will recognize a ./vendor directory and use it as a vendor tree
automatically, but only when run inside a valid GOPATH. This patch
adjusts how the GOPATH is built - now docker/docker is linked into a
blank tree, and the Go tool recognizes the ./vendor directory correctly.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libunwind use sigreturn() while building for x86 [1] but this function
is not available with uClibc-ng.
This throw a warning during libunwind build:
In file included from x86/Los-linux.c:4:0:
x86/Gos-linux.c: In function ‘_ULx86_local_resume’:
x86/Gos-linux.c:298:7: warning: implicit declaration of function ‘sigreturn’ [-Wimplicit-function-declaration]
sigreturn (sc);
^
But any program trying to link against libunwind-generic.so fail to build:
[...]usr/lib/libunwind-generic.so: undefined reference to `sigreturn'
collect2: error: ld returned 1 exit status
Disable libunwind for x86 target when uClibc-ng is used.
Fixes:
http://autobuild.buildroot.net/results/54a/54afac8148cff5f3c17e83f80917fd9006948fe0//build-end.log
[1] http://git.savannah.gnu.org/gitweb/?p=libunwind.git;a=blob;f=src/x86/Gos-linux.c;h=17aebc2974af50eb0bf8292689b2ed22a4c97866;hb=HEAD#l299
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
There is no configure option to enable/disable libunwind support.
See efl/m4/efl_libunwind.m4
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Without pkg-config PKG_CHECK_MODULES won't be expanded
and ./configure script produces following error message:
./configure: line 13810: syntax error near unexpected token `FUSE,'
./configure: line 13810: ` PKG_CHECK_MODULES(FUSE, fuse)'
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We have started using SPDX short identifier for license string in
<PKG>_LICENSE variable. But license strings in comments are still
using old strings. For consistency, use SPDX short identifier in
comments as well.
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We add -Wno-error to not error out on warnings, which would otherwise
cause build failures.
Signed-off-by: Christian Stewart <christian@paral.in>
[Thomas: as suggested by Baruch, use -Wno-error instead of disabling
specific warnings.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit e87644cb2a.
The issue is now fixed in Xenomai, let use Xenomai obstack support
if it's not already available from the libc.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The configure script check whether the underlying libc provides for
native obstack support, only building Xenomai replacement code if not.
This as been tested against uClibc 1.0.22, and common glibc releases.
Backport the patch provided by uptream.
Add XENOMAI_AUTORECONF=YES since the patch modify configure.ac.
[1] http://xenomai.org/pipermail/xenomai/2017-April/037272.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The bug discovered while packaging supertux is now fixed by the previous
patch but the issue can still be present in other C++11 package if
-std=c++11 is used on PPC with Altivec vectorization.
This reverts commit d2903aaf13.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>From [1]:
Acording to a bug report in GCC [2]:
"You need to use -std=g++11 or undefine bool after the include of altivec.h
as context sensitive keywords is not part of the C++11 standard".
So use gnu++11 instead of c++11 only for altivec system.
This allow to revert [3] and keep Altivec vectorization.
[1] 0024465d8a
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58241#c3
[3] d2903aaf13
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Obstack support in Xenomai is broken when the libc doesn't support
obstack support itself. Make sure we disable obstack support for all
libc since it was removed in uClibc-ng since 1.0.21 release and it's
always disabled with Glibc.
Fixes:
http://autobuild.buildroot.net/results/555/555d9cb9cb59fad6353516bed206e1117974e8cd/build-end.log
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Pawel Sikora <sikor6@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Required due to eo api changes.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This new version of the EFL enables systemd support by default, so
we have to disable it explicitely for host-efl by adding an
additional --disable-systemd option to HOST_EFL_CONF_OPTS.
Also handle newly introduced options vnc-server and net-control
which brings additional dependencies. Disable them by default.
Select wayland-protocol package which is now required to build
the efl wayland support [1].
See the release announcement [2].
[1] https://git.enlightenment.org/core/efl.git/commit/?id=55750d41fad6055a549664ae92a34e636d7fb1f0
[2] https://sourceforge.net/p/enlightenment/mailman/message/35785467
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The RaspberryPi 3 is based on a AArch64 CPU and requires binaries from
this package.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Wayland support was re-added by [1] but the --disable-wayland option
was not removed from EFL_CONF_OPTS.
[1] f30eec41f9
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The previous patch [1] didn't take into acount the static build only
scenario. It tries to unconditionally install a shared library.
Handle the install step like for bzip2 package: install the shared
library only if BR2_SHARED_LIBS or BR2_SHARED_STATIC_LIBS is set and
install the static library only if BR2_STATIC_LIBS or
BR2_SHARED_STATIC_LIBS is set.
[1] 96daacb720
Fixes:
http://autobuild.buildroot.net/results/6be/6be8024dd664af83fcf49ede29c8ad59a37f73d1
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The ncurses package installs a full version of clear and reset(tset)
tools. Preserve these by disabling the options in the busybox config
file. This removes the need for ncurses to depend on busybox for solely
ordering of target install.
This commit resolves the following python circular dependency with python.
busybox -> libselinux -> python3 -> ncurses -> busybox
Fixes:
http://autobuild.buildroot.net/results/db1/db1e6f3054092fc5576ccab8e04a3b9d74ca9a8c/
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: minor tweaks.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The trinity configure script looks into a host header to check for libc/kernel
headers conflict resolution. This is not compatible with cross compilation.
Add a patch that does direct compilation test instead.
This issue was not caught by the autobuilder yet.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When debugging hidden dependencies, the build order is very important.
Most notably, it is interesting to identify potential culprits.
Add a new top-level rule, show-biuld-order, that dumps all the packages
in the order they would get built.
Note that there are a few differences with show-targets:
- more packages are reported, becasue show-targets does not report
host packages that have no prompt;
- the output is line-based, because we're using $(info $(1)); getting
a single output line like show-targets would require we use an
actual command, like printf '%s ' $(1); but that takes a lot of
time, while $(info $(1)) is almost instantaneous (the time to parse
the Makefiles);
- rootfs targets are not reported.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add support for atest application, which is useful for testing
alsa kernel drivers and detecting if playback/capture work correct
without artifacts, such as channel swap.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
[Thomas: add missing Config.in comment.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add support for libgphoto2 core library designed to allow access to
digital camera.
Signed-off-by: Kevin JOLY <kevin.joly@sensefly.com>
Cc: Romain Naour <romain.naour@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: Romain Naour <romain.naour@gmail.com>
[Thomas:
- Use downloads.sourceforge.net
- Remove final dot at end of <pkg>_LICENSE variable
- Minor tweaks in comments.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In order to work-around dependency issues, the Python bindings should be
built though a separate make invocation from the rest of the
library. This avoids build issues like this:
selinux_restorecon.lo: file not recognized: File truncated
[...]
collect2: error: ld returned 1 exit status
make[2]: *** [libselinux.so.1] Error 1
Fixes:
http://autobuild.buildroot.net/results/967b74d0ae5b4b83ea2729217b005a3e1e4514d0/
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: improve commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Security Fixes:
- rndc "" could trigger an assertion failure in named. This flaw is
disclosed in (CVE-2017-3138). [RT #44924]
- Some chaining (i.e., type CNAME or DNAME) responses to upstream
queries could trigger assertion failures. This flaw is disclosed in
CVE-2017-3137. [RT #44734]
- dns64 with break-dnssec yes; can result in an assertion failure. This
flaw is disclosed in CVE-2017-3136. [RT #44653]
- If a server is configured with a response policy zone (RPZ) that
rewrites an answer with local data, and is also configured for DNS64
address mapping, a NULL pointer can be read triggering a server
crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
- A coding error in the nxdomain-redirect feature could lead to an
assertion failure if the redirection namespace was served from a
local authoritative data source such as a local zone or a DLZ instead
of via recursive lookup. This flaw is disclosed in CVE-2016-9778.
[RT #43837]
- named could mishandle authority sections with missing RRSIGs,
triggering an assertion failure. This flaw is disclosed in
CVE-2016-9444. [RT #43632]
- named mishandled some responses where covering RRSIG records were
returned without the requested data, resulting in an assertion
failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
- named incorrectly tried to cache TKEY records which could trigger an
assertion failure when there was a class mismatch. This flaw is
disclosed in CVE-2016-9131. [RT #43522]
- It was possible to trigger assertions when processing responses
containing answers of type DNAME. This flaw is disclosed in
CVE-2016-8864. [RT #43465]
Full release notes:
ftp://ftp.isc.org/isc/bind9/9.11.0-P5/RELEASE-NOTES-bind-9.11.0-P5.html
Also, remove --enable-rrl configure option from bind.mk as it doesn't
exist anymore.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add a config option for enabling/disabling SMP
in Xenomai userspace in version 3.x
Enabled by default.
Signed-off-by: Pawel Sikora <sikor6@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
Reviewed-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas: implement minor tweaks suggested by Thomas DS.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add an option choice for Cobalt or Mercury core
depending on option BR2_LINUX_KERNEL_EXT_XENOMAI.
Signed-off-by: Pawel Sikora <sikor6@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes a follow-up error with this defconfig
http://autobuild.buildroot.net/results/642/6422adeef19ec547c7bc3f8ad3b0d51702015240/
which occurs after disabling inline mmx with the previous patch:
This is the error message:
fmpeg/libavcodec/libavcodec.a(apedec.o): In function `ape_decode_frame':
apedec.c:(.text+0x1df5): undefined reference to `avpriv_emms_yasm'
ffmpeg/libavcodec/libavcodec.a(asvdec.o): In function `decode_frame':
asvdec.c:(.text+0x77c): undefined reference to `avpriv_emms_yasm'
ffmpeg/libavcodec/libavcodec.a(bink.o): In function `decode_frame':
bink.c:(.text+0x2809): undefined reference to `avpriv_emms_yasm'
ffmpeg/libavcodec/libavcodec.a(dvdec.o): In function `dvvideo_decode_frame':
dvdec.c:(.text+0x575): undefined reference to `avpriv_emms_yasm'
ffmpeg/libavcodec/libavcodec.a(ffv1dec.o): In function `decode_slice':
ffv1dec.c:(.text+0x3110): undefined reference to `avpriv_emms_yasm'
ffmpeg/libavcodec/libavcodec.a(h264.o):h264.c:(.text+0xea8): more undefined references to `avpriv_emms_yasm' follow
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
MPlayer contains mmxext code for which a SSE-enabled CPU is required,
for details see https://bugs.funtoo.org/browse/FL-2202
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The mod_redis module enables ProFTPD support for caching data in Redis
servers, using the hiredis client library. This is available since
proftpd-1.3.6rc5 and later.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patch 0002-__mempcpy.patch is not necessary since this commit:
8dfaceb389
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
While testing minetest with libhiredis library, the game crached due to
missing libhiredis.so.0.13 library.
The hiredis.mk doesn't use "make install" because "make install" depends
on building both the shared and static libraries, which fails in
static-only scenarios.
However, the installation logic in hiredis.mk is bogus: it installs the
library as libhiredis.so, while its SONAME is libhiredis.so.0.13. We fix
this by using the same logic as the one done by the package "make
install" process: install the library as libhiredis.so.0.13, and create
libhiredis.so as a symbolic link to it.
While at it:
- Install the library 0755, this is more common.
- Do not create $(TARGET_DIR)/usr/lib, since $(INSTALL) -D will create
the necessary directories for the destination path.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: rework to use the same installation logic as the one from
hiredis "make install".]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
CVE-2017-7407: --write-out out of buffer read
https://curl.haxx.se/docs/adv_20170403.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Select the fsck required by systemd provided by util-linux. This
prevents ending up with fsck from busybox, which is incompatible
with systemd.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update Xen to version 4.8.1 and update the patches to allow Xen
hypervisor and Xen tools to build.
The patches applied were re-aranged a little bit. Patches 2, 3 and 4
have been accepted by upstream Xen and won't be required in future
releases.
Patch 1 (previously patch 2) is still required and was moved to patch 1
to better reflect it's status.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In 2010 commit 32d319e6f "gst-plugins-base: ensure <stdint.h> is used"
introduced a typo (missing backslash) that made the code ineffective.
It can be confirmed by looking at the output of:
$ make printvars | grep '^GST_PLUGINS_BASE_CONF_ENV\|^FT2_CONFIG'
FT2_CONFIG=/bin/false ac_cv_header_stdint_t="stdint.h"
GST_PLUGINS_BASE_CONF_ENV=
Add the missing backslash to fix the code.
While at it, fix the indentation to use one tab instead of two.
The (end of the) diff of config.log confirms the code is still needed
when the host has freetype-config installed:
@@ -1674,10 +1674,8 @@
configure:21882: checking for emmintrin.h
configure:21882: result: no
configure:21894: checking for stdint types
-configure:21917: /tmp/gst/output/host/usr/bin/i686-pc-linux-gnu-gcc -std=gnu99 -c conftest.c >&5
-configure:21917: $? = 0
configure:21961: result: stdint.h (shortcircuit)
-configure:22348: result: make use of stdint.h in _stdint.h (assuming C99 compatible system)
+configure:22348: result: make use of stdint.h in _stdint.h
configure:22359: checking for localtime_r
configure:22359: /tmp/gst/output/host/usr/bin/i686-pc-linux-gnu-gcc -std=gnu99 -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
configure:22359: $? = 0
@@ -2468,8 +2466,7 @@
Package 'freetype2', required by 'world', not found
configure:31257: result: no
configure:31298: checking for freetype-config
-configure:31316: found /usr/bin/freetype-config
-configure:31329: result: /usr/bin/freetype-config
+configure:31329: result: /bin/false
configure:31339: checking for FreeType - version >= 2.0.9
configure:31427: result: yes
configure:32250: creating ./config.status
@@ -2789,7 +2786,7 @@
ac_cv_objext='o'
ac_cv_path_EGREP='/bin/grep -E'
ac_cv_path_FGREP='/bin/grep -F'
-ac_cv_path_FT2_CONFIG='/usr/bin/freetype-config'
+ac_cv_path_FT2_CONFIG='/bin/false'
ac_cv_path_GMSGFMT='/tmp/gst/output/host/usr/bin/msgfmt'
ac_cv_path_GREP='/bin/grep'
ac_cv_path_MSGFMT='/tmp/gst/output/host/usr/bin/msgfmt'
@@ -2818,7 +2815,6 @@
ac_cv_prog_cxx_g='yes'
ac_cv_prog_make_make_set='yes'
ac_cv_stdint_message='using gnu compiler i686-pc-linux-gnu-gcc (Sourcery CodeBench Lite 2012.09-62) 4.7.2'
-ac_cv_stdint_result='(assuming C99 compatible system)'
ac_cv_sys_file_offset_bits='no'
ac_cv_sys_largefile_CC='no'
ac_cv_sys_largefile_source='no'
@@ -2965,9 +2961,9 @@
EXEEXT=''
FFLAGS=' -Os '
FGREP='/bin/grep -F'
-FT2_CFLAGS='-I/usr/include/freetype2'
-FT2_CONFIG='/usr/bin/freetype-config'
-FT2_LIBS='-lfreetype'
+FT2_CFLAGS=''
+FT2_CONFIG='/bin/false'
+FT2_LIBS=''
GCOV=''
GCOV_CFLAGS=''
GCOV_LIBS=''
Detected by check-package.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
According to the Buildroot convention, 'depends on' attributes shall
come before 'select' ones in Kconfig files.
Detected by check-package.
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Security fix:
passdb/userdb dict: Don't double-expand %variables in keys. If dict
was used as the authentication passdb, using specially crafted
%variables in the username could be used to cause DoS (CVE-2017-2669)
Full ChangeLog 2.2.29 (including CVE fix):
https://www.dovecot.org/list/dovecot-news/2017-April/000341.html
Full ChangeLog 2.2.29.1 (some fixes forgotten in the 2.2.29 release):
https://www.dovecot.org/list/dovecot-news/2017-April/000344.html
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Support was added by this commit:
8bf3932539
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The host package will be needed by tvheadend.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas:
- group the host commands together and the target commands together
- use --prefix=$(HOST_DIR)/usr for host configuration, and do not
override PREFIX= at host install time
- use DESTDIR=$(TARGET_DIR) instead of overriding PREFIX= at target
install time.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
[Thomas: use SPDX license codes.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
A similar fix was committed to ffmpeg in the past:
https://git.buildroot.net/buildroot/commit/package/ffmpeg?id=bfb8df2ad9b164b421d25294c6882c8b61dc59a5
which will be reverted with another patch.
Mplayer contains ffmpeg 3.0, with current ffmpeg 3.2.4 the bug is gone,
the difference between both revisions is too big in order to find a
real fix for the problem.
Special cflags, added by
https://git.buildroot.net/buildroot/commit/package/multimedia/mplayer?id=fd38100e1189d19cad87a64c52df2c773eb47e40
are no longer needed now so remove them as well.
Testing these defconfigs did not produce compile errors with current
ffmpeg but with mplayer:
BR2_i386=y
BR2_x86_i586=y
BR2_GCC_VERSION_4_8_X=y
BR2_i386=y
BR2_x86_i586=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_i586=y
BR2_GCC_VERSION_6_X=y
BR2_i386=y
BR2_x86_i486=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_i686=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_pentium_mmx=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_corei7=y
BR2_GCC_VERSION_5_X=y
Fixes
http://autobuild.buildroot.net/results/030/03066dd8937ef4c75d62f237fd195df92b247ee2//
and many others.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit bfb8df2ad9.
With current toolchains it was not possible to trigger the bug anymore.
Tested with these settings:
BR2_i386=y
BR2_x86_i586=y
BR2_GCC_VERSION_4_8_X=y
BR2_i386=y
BR2_x86_i586=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_i586=y
BR2_GCC_VERSION_6_X=y
Other x86 variants also work:
BR2_i386=y
BR2_x86_i486=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_i686=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_pentium_mmx=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_corei7=y
BR2_GCC_VERSION_5_X=y
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This python utility scans the logs for messages logged when the system
denied permission for operations, and generates a snippet of policy
rules which, if loaded into policy, might have allowed those operations
to succeed. However, this utility only generates Type Enforcement (TE)
allow rules.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas: adjust Config.in to propagate the dependencies of sepolgen,
checkpolicy and python3.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libselinux currently does not compile its python wrapper module for
the target. This is needed for audit2allow to function properly, and
therefore this patch adjusts libselinux.mk to install the python
wrapper module is python or python3 are enabled.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas:
- Remove useless empty lines, as noted by Matt Weber
- Move code related to python bindings before builds/install
commands, since those commands will use variables defined by the
python bindings logic.
- Instead of enabling the python bindings when
BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW is set, enable the python
bindings when python is available. We generally try to avoid
looking at options of other packages to decide what to install.
- Introduce LIBSELINUX_MAKE_TARGETS and
LIBSELINUX_MAKE_INSTALL_TARGETS variable, in order to avoid
duplicate the make/make install commands.
- As suggested by Matt Weber, remove LIBSELINUX_PYTHONLIBDIR
definitions, and don't pass PYLIBVER and PYTHONLIBDIR in MAKE_OPTS.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
checkpolicy is currently a host-only package, however it is a
dependency of audit2allow. This patch allows for checkpolicy to be
compiled for the target.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas:
- remove LIBSELINUX_INSTALL_STAGING = YES, doing it in
checkpolicy.mk is wrong, and libselinux is already installed to
staging
- add "select BR2_PACKAGE_LIBSELINUX" in Config.in, and propagate the
necessary dependencies
- add host-flex in dependencies, since it is also needed (in addition
to target flex).]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Sepolgen is currently a host-only package, however it is a dependency
of audit2allow. This patch allows for sepolgen to be compiled for the
target.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas:
- fix formatting of Config.in file
- add missing dependencies inherited from the fact that the package
selects python3.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
LICENSE file refers to Python license version 2. Use SPDX short
identifier for license string and add license file while at it.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
LICENSE file refers to Python license version 2. Use SPDX short
identifier for license string while at it.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
LICENSE file refers to Python license version 2. Use SPDX short
identifier for license string while at it.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
LICENSE file contains MIT license text and README file clearly mentions
pyyaml is released under MIT license.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When libnl is selected, libpcap links with it. Since libpcap doesn't
provide a .pc file and arp-scan doesn't use its libpcap-config script,
we must provide the additional options explicilty.
Fixes
http://autobuild.buildroot.net/results/c605c8cc36348f199a36e2652851b8d02ee222c0
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The patch 0001-include-linux-nfs.h-directly-in-rpc_sub.patch was Git
formatted, except that a Upstream status statement was added above the
patch, which makes it unapplicable by "git am". So fix this by putting
the Upstream status statement where it should be.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
According to PEP 370 Python will also search for the packages in the
user site-packages directory. This can affect build reproducibility.
The solution is to use PYTHONNOUSERSITE=1 for all Python packages,
i.e. both host and target variants.
Fixes bug #9791.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
WITH_ADNS option has been added in version 1.4.11
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- This version requires a patch (sent upstream) to remove -lanl from
all Linux builds as this library is only needed for adns support
- sha512 must be computed locally as eclipse.org does not give it for
this version
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add additional md5, sha1 & sha256 hashes according to buildroot docs:
http://buildroot.uclibc.org/downloads/manual/manual.html#adding-packages-hash
> If upstream provides more than one type of hash (e.g. sha1 and sha512),
> then it is best to add all those hashes in the .hash file.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
License.html now just contains the string:
The ICU license is now in plain text format, see <a href="./LICENSE">LICENSE</a>.
Update links and software appropriately.
So refer directly to that file instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
LICENSE.TXT gives an overview and explains in detail that freetype is dual
licensed under the FTL and GPLv2+, so also include it in the license files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
[Thomas: use release tarball, which avoids the need for autoreconf.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In 2010 commit 32d319e6f "gst-plugins-base: ensure <stdint.h> is used"
introduced a typo (missing backslash) that made the code ineffective.
In 2013 commit f8e7fdcd3 "gst1-plugins-base: add gstreamer1 base
plugins" copied the code.
It can be confirmed by looking at the output of:
$ make printvars | grep '^GST1_PLUGINS_BASE_CONF_ENV\|^FT2_CONFIG'
FT2_CONFIG=/bin/false ac_cv_header_stdint_t="stdint.h"
GST1_PLUGINS_BASE_CONF_ENV=
Direct use of freetype was dropped in version 1.7.2 by upstream [1], so
remove the code instead of fixing it.
Found using [2]:
check-package --include-only Indent $(find * -type f)
and manually removed.
[1] https://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=183610c035dd6955c9b3540b940aec50474af031
[2] http://patchwork.ozlabs.org/patch/729669/
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently the hash is not checked, returning this message:
WARNING: no hash file for pylibftdi-0.15.0.tar.gz
Rename the .hash file to use the package name.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
