Fixes CVE-2016-6313: An attacker who obtains 580 bytes from the standard RNG
can trivially predict the next 20 bytes of output.
Add cryptographically secure sha256 hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2016-6316: Bug in the mixing functions of Libgcrypt's random number
generator. An attacker who obtains 4640 bits from the RNG can trivially
predict the next 160 bits of output.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In configure script there are some tests that are looking for
a suitable compiler. For this purpose script tries to compile
and link some C++ code that is hardcoded in the body of script.
The problem is that only linker flags ($LDFLAGS) are passed to the
compiler when the script is compiling test code. Therefore some
necessary command line options can be lost and this would lead to
errors.
This exactly happens to ARC:
1. -matomic option is lost as it compiler option,
2. test code compilation fails,
3. the script decides not to use arc-buildroot-linux-uclibc-g++,
4. scipt checks host compiler (x86_64-linux-gnu-g++ in your case),
5. package is being built for x86_64, not for ARC.
About last 2 steps - I don't know why configure script should try
to build stella for host machine. As for me an error should be
raised and a build should be stopped. But this is up to stella
developers.
Current patch adds compiler options ($CXXFLAGS) when compiling
test code in configure script.
Fixes stella build for ARC, e. g.:
http://autobuild.buildroot.net/results/c23/c23d655137b1c1825b1da69b18307c6a1d4b23b8//
[Peter: s/CPPFLAGS/CXXFLAGS/]
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With musl C library, we see following build failure.
src/scanner.c: In function 'find_enumeration':
src/scanner.c:811:2: error: unknown type name 'uint'
uint idx = 0, j;
^
uint is defined in <sys/types.h> header. It is usually included by <stdlib.h>
but in musl stdlib.h doesn't include it.
This patch adds upstream patch where uint32_t is used instead of uint.
Fixes:
http://autobuild.buildroot.net/results/fcf/fcf6dd3bd31f92eadbcae17338e5887a23e43ff9/
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With musl C library, we get following build error
integck.c:37:28: fatal error: bits/stdio_lim.h: No such file or directory
#include <bits/stdio_lim.h>
^
compilation terminated.
make[2]: *** [integck] Error 1
Header <bits/stdio_lim.h> is not available in musl C library. However
<stdio.h> has all definition that <bits/stdio_lim.h> supposed to be
providing. Moreover <bits/stdio_lim.h> shouldn't be included directly
instead we should be using <stdio.h>.
Since we already include <stdio.h> and in case of uClibc or glibc
<bits/stdio_lim.h> gets included internally, we can safely remove it.
Fixes:
http://autobuild.buildroot.net/results/175/1754861457af520480cc34d7d2d0edff2868ff66/
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
QtWebkit needs gstreamer-0.10 and the 'app' plugins, so we depend on
gstreamer and select the required plugins.
We can't select gstreamer as that would cause circular dependencies in
kconfig:
package/kodi/Config.in:37:error: recursive dependency detected!
package/kodi/Config.in:37: symbol BR2_PACKAGE_KODI depends on BR2_PACKAGE_KODI_EGL_GLES
package/kodi/Config.in:16: symbol BR2_PACKAGE_KODI_EGL_GLES depends on BR2_PACKAGE_HAS_LIBEGL
package/opengl/libegl/Config.in:1: symbol BR2_PACKAGE_HAS_LIBEGL is selected by BR2_PACKAGE_MESA3D_OPENGL_EGL
package/mesa3d/Config.in:150: symbol BR2_PACKAGE_MESA3D_OPENGL_EGL is selected by BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_VIRGL
package/mesa3d/Config.in:92: symbol BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_VIRGL depends on BR2_PACKAGE_MESA3D
package/mesa3d/Config.in:1: symbol BR2_PACKAGE_MESA3D is selected by BR2_PACKAGE_XDRIVER_XF86_VIDEO_IMX_VIV
package/x11r7/xdriver_xf86-video-imx-viv/Config.in:1: symbol BR2_PACKAGE_XDRIVER_XF86_VIDEO_IMX_VIV depends on BR2_PACKAGE_IMX_GPU_VIV_OUTPUT_X11
package/freescale-imx/imx-gpu-viv/Config.in:34: symbol BR2_PACKAGE_IMX_GPU_VIV_OUTPUT_X11 is part of choice <choice>
package/freescale-imx/imx-gpu-viv/Config.in:27: choice <choice> contains symbol <choice>
package/freescale-imx/imx-gpu-viv/Config.in:27: choice <choice> contains symbol BR2_PACKAGE_FREESCALE_IMX
package/freescale-imx/Config.in:1: symbol BR2_PACKAGE_FREESCALE_IMX is selected by BR2_PACKAGE_GST_FSL_PLUGINS
package/gstreamer/gst-fsl-plugins/Config.in:8: symbol BR2_PACKAGE_GST_FSL_PLUGINS depends on BR2_PACKAGE_GSTREAMER
package/gstreamer/gstreamer/Config.in:5: symbol BR2_PACKAGE_GSTREAMER is selected by BR2_PACKAGE_QT_WEBKIT
package/qt/Config.in:464: symbol BR2_PACKAGE_QT_WEBKIT depends on BR2_PACKAGE_QT
package/qt/Config.in:5: symbol BR2_PACKAGE_QT is selected by BR2_PACKAGE_PYTHON_PYQT
package/python-pyqt/Config.in:5: symbol BR2_PACKAGE_PYTHON_PYQT depends on BR2_PACKAGE_PYTHON
package/python/Config.in:5: symbol BR2_PACKAGE_PYTHON is selected by BR2_PACKAGE_KODI
This one is fairly complicated to fix properly, so it is easier to just
depend on gstreamer.
Also rework the comment when QtWebkit is not available.
Fixes:
http://autobuild.buildroot.org/results/84d/84d338b70c8ce3f21dd202de387326f18526aa63/http://autobuild.buildroot.org/results/379/379ad4eadf5af7e1d5b977bc229d3fcaba25b4fe/
[...]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current logic to pass the --{enable,disable}-mipsfpu option is:
ifeq ($(BR2_MIPS_SOFT_FLOAT),y)
FFMPEG_CONF_OPTS += --disable-mipsfpu
else
FFMPEG_CONF_OPTS += --enable-mipsfpu
endif
In practice, this means that on MIPS soft-float, --disable-mipsfpu is
passed, and that in *all* other cases, --enable-mipsfpu is passed,
including if we are *not* targetting the MIPS architecture.
Even though this doesn't seem to cause any problem, it is a bit weird to
see --enable-mipsfpu when you're building ffmpeg for a non-MIPS
architecture, so we better fix this by enclosing the MIPS-related
options in a MIPS condition.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_ARM_CPU_HAS_NEON=y, we pass --enable-neon. However, when
BR2_ARM_CPU_HAS_NEON is disabled, we don't pass anything. This generally
works fine, but turned out to integrate NEON code in ARMv7-M
builds (since it's ARMv7, ffmpeg assumed it should enable NEON code).
Even though ffmpeg is now disabled for ARMv7-M, it still makes sense to
be explicit, and disable NEON support when the CPU doesn't have it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
sg3_utils grep for '^linux' as the host OS to decide if we are
targetting Linux.
However, on noMMU targets, the host OS can be 'uclinux' instead of just
plain 'linux', which make sg3_util confused and thus it forgets to
include some source files in the build, resulting in link failures.
Fix that by ammending the regexp that recognises Linux. We now need to
run autoreconf.
Fixes:
http://autobuild.buildroot.org/results/79a/79a572f67bafa6a007256a5f22529c2daabd5733/http://autobuild.buildroot.org/results/4f7/4f7ea4bb4c4c12ceb9cd08bfb6720386f5bdea0b/
[Peter: fix typos as pointed out by Arnout]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libintl may use thread-related functions, so -lpthread must come after
-lintl.
Fixes:
http://autobuild.buildroot.org/results/e9d/e9d89fd5b24a76a3c5ab9dc8f01f4643f7c13396/
[Peter: use -lpthread in comment as suggested by Arnout]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add security related bugfix to fix CVE-2016-4429 from
GNU libc project.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To avoid Xen build issues ensure that host Python 2 is used.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It uses spawn() and thus fork(), so it needs an MMU.
Fixes a build issue reported on IRC for a cortex-m4 build:
http://pastebin.com/dGCsy0sr
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It uses GRND_NONBLOCK, introduced in 3.17.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As described at:
4520524ba0
this commit continues a series of updates of ARC tools.
This time we're updating tools to arc-2016.09-eng008.
Main updates were made for gcc. It was switched to GCC 6 and to
OSABI v4.
Besides this patch fixes buildroot ARC failures connected to
"crtbeginT.o" object file missing. This issue lead to two main errors:
1) "crtbeginT.o: No such file or directory", e. g. bootutils-1.0.0.
No comments are required here I hope.
2) Errors like "compiler cannot create executables", e.g.:
a) host-gcc-final-arc-2016.09-eng007 static build,
b) aespipe-2.4c.
That was caused because the test to determine if compiler is able to
create executables was failing due to missing "crtbeginT.o" file.
We still keep GDB as it is of arc-2016.03 release because there're some
issues we'd like to resolve before releasing it to wider audience.
So again note this is next engineering builds of arc-2016.09 series
and it might have all kinds of breakages, please don't use it for
production builds.
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
BR2_PACKAGE_UBOOT_TOOLS_FIT_SUPPORT selects BR2_PACKAGE_DTC, but forgets
to depends on !BR2_STATIC_LIBS like BR2_PACKAGE_DTC does.
Fixes the following kconfig warning:
arning: (BR2_PACKAGE_UBOOT_TOOLS_FIT_SUPPORT && BR2_PACKAGE_KVMTOOL && BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE_FIT_SIGNATURE_SUPPORT) selects BR2_PACKAGE_DTC which has unmet direct dependencies (!BR2_STATIC_LIBS)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 0d8158fc61. Thanks to
a fix in libaio, blktrace now builds fine on PowerPC, so there's no
reason to disable it anymore.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Both the blktrace and gadgetfs-test packages were failing to build on
PowerPC due to the mysterious:
hidden symbol `_rest32gpr_30_x' in libgcc.a(e500crtresx32gpr.o) is referenced by DSO
Due to this error, we disabled blktrace on PowerPC in commit
0d8158fc61. However, gadgetfs-test
continued to fail with the same error. As Romain Naour pointed out, the
problem seems in fact to come from a common dependency of blktrace and
gadgetfs-test: libaio. As Romain investigated, the problem started
appearing after the last bump of libaio, from version 0.3.109 to
0.3.110.
A quick bisect through the libaio changes between 0.3.109 and 0.3.110
has revealed that the problematic change is one in the libaio build
system, which now obeys to the CFLAGS provided in the environment,
rather than overriding them. So the CFLAGS provided by Buildroot cause
this problem. It turns out that the problematic CFLAGS is -Os, which is
indeed known to cause issues on PowerPC in some corner cases.
Even though it would probably be a better long-term solution to switch
to -O2 by default, and mark -Os as not available on PowerPC, it is a too
radical change so close to 2016.08. So we simply adjust the libaio
package so that it uses -O2 instead of -Os.
Fixes:
http://autobuild.buildroot.net/results/5e6cc4c432ce6c964ac285026978ad14d9eae97c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In the ffmpeg code, libavutil/arm/asm.S makes some assumption about the
ARM architecture for which the code is built. Only ARMv4, ARMv5, ARMv6
and ARMv7-A is supported. Due to this, object files built out of
ARM-optimized assembly code have the wrong architecture information,
causing a failure at link time.
Adding ARMv7-M support would be possible, but it doesn't exist yet in
ffmpeg, and it's pretty unlikely that ffmpeg will ever be needed on an
ARMv7-M platform, so this commit takes the simple approach of disabling
ffmpeg for ARMv7-M.
Fixes:
http://autobuild.buildroot.net/results/ca4c67b093afd6f14349fcdc87b02e0480172e8c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
After fixing build issue related to MS_DIRSYNC and MS_RELATIME, we get
following build error with blackfin external toolchain.
fstest_monitor.c: In function 'main':
fstest_monitor.c:237: warning: implicit declaration of function 'fork'
/tmp/ccCzZIuW.o: In function 'main':
/home/rahul.bedarkar/buildroot/output/build/mtd-1.5.2/tests/fs-tests/utils/fstest_monitor.c:237: undefined reference to '_fork'
collect2: ld returned 1 exit status
make[2]: *** [fstest_monitor] Error 1
Since it uses fork(), add dependency on MMU support for integck.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libical requires time zone information in order to make use of time
zone functions (otherwise, segfaults occur when applications call
the time zone functions). This patch:
1. forces the system to build time zone info
2. ensures libical does not build its own time zone info (this is
the default behaviour, but the flag is added in case libical's
default changes in the future).
Signed-off-by: Marc Khouri <marc@khouri.ca>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bump the version to get two portability patches (as well as a small,
innocuously-looking minor feature).
Fixes:
http://autobuild.buildroot.net/results/682/68266cb5b26a62387dc99aef31fc9654c8fcd505/
[and quite a few others...]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As reported by Manuel in bug #9161, the commit
19b503b0d2 that bumped the X.org server
from 1.18.3 to 1.18.4 forgot to also rename the patch directory, making
the existing patch orphan, while it is still needed. This commit
therefore renames the 1.18.3 directory to 1.18.4.
Moreover, this patch is also needed for the 1.17.x X.org server series
which has been added recently, so this commit also adds the patch to a
new 1.17.4 directory.
Fixes bug #9161.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As discussed with Waldemar, the C++ support for Blackfin is currently
broken, and we don't have a fix in sight for the 2016.08
release. Therefore, this commit disables C++ support entirely on the
Blackfin architecture in the internal toolchain backend.
This will avoid a significant number of Blackfin build failures, that
occur when building C++ packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When readline is static library, we need to link against ncurses,
it is because, dependent library's symbols are not resolved when
static library is built. Those symbols are resolved when binary tries
to link with static library.
We can't pass linker flags for ncurses by setting LIBS environment
variable via <PKG>_CONF_ENV because it looks like build system is not
taking that into account and even though it would have been, order of
linking is important.
We can't also pass linker flags for ncurses via --with-readline-libs
conf options because it causes lftp_LIB_READLINE macro to take readline
headers from host machine if available. To use --with-readline-libs
we need to set --with-readline=yes and --with-readline-inc to include
dir. But when --with-readline=yes, readline_prefix is computed based
on if headers can be found in /usr/local or /usr. If readline is
installed on host machine, then configure fails since we are using
headers for host machine. If headers are not found in /usr/local or /usr
then only path specified --with-readline-inc is taken into account.
So specifying linker flags for ncurses via --with-readline-libs will
not work in all cases.
So it looks like, updating linker flags directly is only option to fix
static link issue against readline.
Fixes:
http://autobuild.buildroot.net/results/ae9/ae93bd1b4f6e1ed8f386830d4a51f00d9466f267/
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
[Thomas: update autoreconf comment in .mk file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When installation prefix is specified in "--with-readline" config
option, lftp's build systems figures out include dir and linker flags.
So don't specify --with-readline-{inc,libs} options which are anyways
get ignored by build system.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2016-5384 - possible double free due to insufficiently validated
cache files.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit fixes several build issues of OpenBLAS on ARM:
- The first one occured on ARMv5 platforms, when the ARMV5 OpenBLAS
architecture is used. In this case, OpenBLAS build system forces
-march=armv5, which may not be correct for certain toolchains. As an
example, the Sourcery CodeBench toolchain has an ARMv4 and an ARMv5
sysroot. The ARMv5 sysroot is actually an armv5te sysroot, so when
OpenBLAS forces -march=armv5, gcc thinks it should use the ARMv4
sysroot, causing build failures.
To address this, a patch to completely remove the -march ARM CFLAGS
is added to OpenBLAS.
Fixes:
http://autobuild.buildroot.net/results/991497b12b70f948169e5ad99eebd0fe7f6209a2/
- The second one occured on ARMv7 platforms, when the ARMV7 OpenBLAS
architecture is used. The OpenBLAS code expects an EABIhf build, so a
dependency is added for EABIhf for both ARMv6 and ARMv7.
Fixes:
http://autobuild.buildroot.net/results/0ba0bee48a83367fcefab827e8eaa72f0c8fe90b/
- Once the previous ARMv7 problem has been fixed, it turns out that the
ARMv7 specific code in OpenBLAS contains VFPv3 specific
code. Therefore, the user *must* have choosen either VFPv3 or VFPv4,
or the code will not build. VFPv3-D16/VFPv4-D16 are not sufficient,
as more than 16 registers are used by the OpenBLAS code.
To address this, the ARMV7 platform of OpenBLAS is restricted to the
proper VFPv3/VFPv4 selection, and the ARMV6 platform is restricted to
the proper VFPv2 selection.
This problem was not visible in the autobuilders, as it was hidden by
the previous one.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a new patch for mpv that fixes the stdatomic detection
logic so that it realizes linking against libatomic is needed on some
architectures. This fixes the build of mpv on SPARC. The patch has been
submitted upstream.
Fixes:
http://autobuild.buildroot.net/results/f607eed9a48c4ca00db43f9d2652e615b4bd7c93/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
While musl and glibc provide the ucontext structure definition on all
architectures they support, it is not the case of uClibc. We have been
excluding more and more architectures over time, but this isn't really
nice as we continuously need to add more. Latest example: the fact that
ucontext on ARM is only available on ARM platforms that support the ARM
instruction set (i.e not on the Thumb-2 only Cortex-M platforms).
Therefore, we introduce a BR2_PACKAGE_LIBSIGSEGV_ARCH_SUPPORTS variable,
which:
- is set to 'y' for musl and glibc
- is set to 'y' for uClibc for the only architectures that are known to
provide ucontext (those are the ones that select ARCH_HAS_UCONTEXT in
uClibc.
Note that we remove the comment, as it would become a way too
complicated comment, and we usually don't add comment for such
complicated situations (see libunwind for a similar example).
Fixes:
http://autobuild.buildroot.net/results/b1e40b3ec64cd98b535d83e89e5780c46680e095/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
