Fixes CVE-2018-15473: user enumeration vulnerability due to not delaying
bailout for an invalid authenticating user until after the packet
containing the request has been fully parsed.
Some OpenSSH developers don't consider this a security issue:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2018-August/037138.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes [1]:
../3rdparty/double-conversion/include/double-conversion/utils.h:81:2: error: #error Target architecture was not detected as supported by Double-Conversion.
#error Target architecture was not detected as supported by Double-Conversion.
[1] http://autobuild.buildroot.net/results/489/4891d96f45c64c2e66fe819bd4175cc1d6243a93
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The check_musl function currently builds a program and verifies if the
program interpreter starts with /lib/ld-musl. While this works fine
for dynamically linked programs, this obviously doesn't work for a
purely static musl toolchain such as [1].
There is no easy way to identify a toolchain as using the musl C
library. For glibc, dynamic linking is always supported, so we look at
the dynamic linker name. For uClibc, there is a distinctive
uClibc_config.h header file. There is no such distinctive feature in
musl.
We end up resorting to looking for the string MUSL_LOCPATH, which is
used by musl locale_map.c source file. This string has been present in
musl since 2014. It certainly isn't a very stable or convincing
solution to identify the C library as being musl, but it's the best we
could find.
Note that we are sure there is a libc.a file, because the
check_unusable_toolchain function checks that there is a such a file.
[1] http://autobuild.buildroot.net/toolchains/tarballs/br-arm-musl-static-2018.05.tar.bz2
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We sometimes create dangling symlinks in the target directory. That is
because we need canonical targets, as relative targets don't work well
with BR2_ROOTFS_MERGED_USR. For example, the vim package installs the
/bin/vi symlink to /usr/bin/vim. This symlink might be dangling when the
build host has no vim installed there.
Patch the busybox install.sh script to avoid clobber of dangling
symlinks.
Fixes:
http://autobuild.buildroot.net/results/796/796107430db6545401d9926e84f19eaf2040b756/
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Carlos Santos <casantos@datacom.com.br>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Depending on the configuration, the cpp output may contain the string 'yes'
in a comment if built under a path containing 'yes', confusing the _AIX
test:
${CROSS}-cpp conftest.h
\# 1 "conftest.h"
\# 1 "<built-in>"
\# 1 "<command-line>"
\# 31 "<command-line>"
\# 1 "/home/peko/source/buildroot/output-yes/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/stdc-predef.h"
\# 32 "<command-line>" 2
\# 1 "conftest.txt"
If misdetected, the configure script adds -lc128 to LIBS, causing the
AC_CHECKS_FUNCS check for stat64 to fail, which in turn causes compilation
errors about redefinition of symbols:
In file included from ./src/include/pv-internal.h:9:0,
from src/pv/file.c:5:
./src/include/config.h:76:18: error: redefinition of 'struct stat'
# define stat64 stat
^
Fix it by only matching on 'yes' on a line by itself.
As pv doesn't cleanly autoreconf (it doesn't use automake and configure.in
is located in subdir), instead directly patch configure.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
systemd can use elfutils when available, so this commit adds the
detection of this library.
Signed-off-by: Keith Mok <ek9852@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
wget is the only downloader currently usable with BR2_PRIMARY_SITE, and that
doesn't work at all for file:// URLs. The symptoms are these:
support/download/dl-wrapper -c '2.4.47' -d '/PATH/build/sw/source/attr' -D '/PATH/build/sw/source' -f 'attr-2.4.47.src.tar.gz' -H 'package/attr//attr.hash' -n 'attr-2.4.47' -N 'attr' -o '/PATH/build/sw/source/attr/attr-2.4.47.src.tar.gz' -u file\|urlencode+file:///NFS/buildroot_dl_cache/attr -u file\|urlencode+file:///NFS/buildroot_dl_cache -u http+http://download.savannah.gnu.org/releases/attr -u http\|urlencode+http://sources.buildroot.net/attr -u http\|urlencode+http://sources.buildroot.net --
file:///NFS/buildroot_dl_cache/attr/attr-2.4.47.src.tar.gz: Unsupported scheme `file'.
ERROR: attr-2.4.47.src.tar.gz has wrong sha256 hash:
ERROR: expected: 25772f653ac5b2e3ceeb89df50e4688891e21f723c460636548971652af0a859
ERROR: got : e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
In the case of custom Linux kernel versions, this is fatal, because there isn't
necessarily a hash file to indicate that wget's empty tarball is wrong.
This seems to have been broken by commit c8ef0c03b0, because:
1. BR2_PRIMARY_SITE always appends "urlencode" (package/pkg-download.mk)
2. Anything with the "|urlencode" suffix in $uri will end up using wget due to
the backend case wildcarding.
3. The wget backend rejects file:/// URLs ("unsupported scheme"), and we end up
with an empty .tar.gz file in the downloads directory.
Fix that by shell-extracting the backend name from the left of "|". I'm not
positive if all URLs will have a "|", so this code only looks for a "|" left of
the "+".
Signed-off-by: Hollis Blanchard <hollis_blanchard@mentor.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current download location fails, and Buildroot falls back to
sources.b.o:
--2018-08-20 23:41:39-- https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz
Resolving red.libssh.org (red.libssh.org)... 78.46.80.163
Connecting to red.libssh.org (red.libssh.org)|78.46.80.163|:443... connected.
The certificate's owner does not match hostname ‘red.libssh.org’
--2018-08-20 23:41:39-- http://sources.buildroot.net/libssh/libssh-0.7.5.tar.xz
Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.211.19, 104.25.210.19, 2400:cb00:2048:1::6819:d313, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.211.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-xz]
This commit fixes the download location:
--2018-08-20 23:43:04-- https://www.libssh.org/files/0.7/libssh-0.7.5.tar.xz
Resolving www.libssh.org (www.libssh.org)... 87.98.168.187, 2001:41d0:2:f80c::4
Connecting to www.libssh.org (www.libssh.org)|87.98.168.187|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-tar]
This patch is extracted from a contribution from Bernd Kuhls who was
also bumping the package at the same time
(http://patchwork.ozlabs.org/patch/959192/).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When libidn2 is statically build with libunistring support, mutt needs
to add -lunistring to LIBS.
To do that, add a call to PKG_CHECK_MODULES to retrieve this information
from libidn2.pc
Fixes:
- http://autobuild.buildroot.net/results/177da8f4798f69298db5385957184f1c53cca923
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The download wrapper call is currently always being displayed, even
without V=1, which is a bit annoying. It shows something like this:
thomas@windsurf:~/projets/buildroot (master)$ make tslib-source
>>> tslib 1.16 Downloading
PATH="/home/thomas/projets/buildroot/output/host/bin:/home/thomas/projets/buildroot/output/host/sbin:/usr/local/bin:/usr/bin:/bin:/home/thomas/.rvm/bin:/usr/local/sbin:/usr/sbin:/home/thomas/.rvm/bin:/home/thomas/sys/bin:/home/thomas/.gem/ruby/2.1.0/bin:/home/thomas/.rvm/bin" BR2_DL_DIR=/home/thomas/dl BUILD_DIR=/home/thomas/projets/buildroot/output/build O=/home/thomas/projets/buildroot/output flock /home/thomas/dl/tslib/ support/download/dl-wrapper -c '1.16' -d '/home/thomas/dl/tslib' -D '/home/thomas/dl' -f 'tslib-1.16.tar.xz' -H 'package/tslib//tslib.hash' -n 'tslib-1.16' -N 'tslib' -o '/home/thomas/dl/tslib/tslib-1.16.tar.xz' -u https+https://github.com/kergoth/tslib/releases/download/1.16 -u http\|urlencode+http://sources.buildroot.net/tslib -u http\|urlencode+http://sources.buildroot.net --
Let's silence this dl-wrapper call by prepending with $(Q).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
MySQL detects on the build machine where the hostname program is
located, and uses this value in a number of configuration files and
scripts that are generated and installed in the target:
output/target$ grep -r "bin/hostname" *
etc/inittab:::sysinit:/bin/hostname -F /etc/hostname
usr/share/mysql/mysql.server: pid_file=$datadir/mysqlmanager-`/usr/bin/hostname`.pid
usr/share/mysql/mysql.server: server_pid_file=$datadir/`/usr/bin/hostname`.pid
usr/bin/mysql_install_db:hostname=`/usr/bin/hostname`
usr/bin/mysqld_safe: err_log=$DATADIR/`/usr/bin/hostname`.err
usr/bin/mysqld_safe: pid_file="$DATADIR/`/usr/bin/hostname`.pid"
However, the hostname on the build machine may not necessarily be at
the same location as the hostname program on the target. Buildroot has
its hostname program (coming from Busybox) in /bin, but some Linux
distributions (such as Fedora) use /usr/bin/hostname, causing the
incorrect hostname paths above.
This commit fixes that by passing the appropriate autoconf cache
variable value.
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Thomas: add commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Version 0.8.6 is a bugfix release including a nasty bug that has
potential to crash applications when parsing certain URIs (like
"//:%aa@", excluding quotes).
For more details please check the change log at
https://github.com/uriparser/uriparser/blob/uriparser-0.8.6/ChangeLog
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is used when calling the mender client with the
-version option and it says "unknown" if not set in
linker.
Now it displays the following:
# mender -version
1.4.0
runtime: go1.10.2
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also added license checksums in mender.hash
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These files are part of Mender sources and no point in keeping duplicate
files locally.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tenant Token is a configuration option that has to do with Hosted Mender,
where you you need to set this for the devices to connect to the
correct organization in a multi-tenant system.
The removal of tenant.conf usage (and /var/lib/mender/authtentoken)
was in Mender client version 1.2.0, where it was switched to be an mender.conf
option instead as the example above demonstrates. As the first version that was
integrated in Buildroot was 1.4.0, the inclusion of tenant.conf and the
creation of the symlink is not necessary.
Now it is specified as such in mender.conf:
Example:
/etc/mender/mender.conf
{
TenantToken: "very long base64 encoded string"
}
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Mender client uses fw_printenv/fw_setenv to manipulate the U-boot
environment, e.g to change the boot candidate after a update has been
done.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mender state-scripts are essentially "hooks" that can be provided to
influence the update flow.
They should be placed inside /etc/mender/scripts and the directory must
contain a file containing the current state-script format version. It is
currently "2".
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current values that are in mender.conf will actually
cause the Mender client to fail to start because of invalid
values.
Provide sane default values that at least allow the Mender client
to parse the configuration options and start running.
The values provided will actually work in a "Demo Environment",
see https://docs.mender.io/getting-started/create-a-test-environment.
Though an entry is required in /etc/hosts to resolve the URL to the
local IP address of the running demo server.
Example:
echo "192.168.0.10 docker.mender.io s3.docker.mender.io" >> \
/etc/hosts
Above is required because the demo certificate
(/etc/mender/server.crt) is created for https://docker.mender.io.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These scripts are used to generate the device identity and to populate
the the device inventory. The Mender client will call these and at least
the mender-device-identity is required to be present at the correct
location. Inventory scripts are there as an example and not
actually required.
Example output from identity script:
$ ./mender-device-identity
mac=de:ad:ca:fe:00:01
cpuid=1112233
Example output from inventory script:
$ ./mender-inventory-network
mac_br-fbfdad18c33c=02:42:7e:74:96:85
network_interfaces=br-fbfdad18c33c
ipv4_br-fbfdad18c33c=172.21.0.1/16
mac_enp0s25=de:ad:be:ef:bb:05
network_interfaces=enp0s25
ipv4_enp0s25=123.22.0.197/16
ipv4_enp0s25=10.20.20.105/16
ipv6_enp0s25=fe80::2aad:beff:feef:bb05/64
Inventory and device identity data is presented on the Mender server
front-end.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Recent U-Boot no longer ship the flex/bison generated kconfig parser, as
of commit e91610da7c8a9fe42f3e5a75f06c3d1a0cb5f815 (kconfig: re-sync
with Linux 4.17-rc4).
So, add the conditional kconfig dependencies, as we just did for the
kernel.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Starting with linux-4.18, the kconfig from the kernel can call
to the compiler to test its capabilities; see:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/scripts/Kconfig.include
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Reviewed-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
host-{flex,bison} are only needed to generate the dtc parser, so we
don't need them if the kernel does not have support for device tree.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rely on the system provided ones if avalable, and only resort to use our
owns if the sytem does not provide them.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Similarly to c48f8a6462 (package/m4: fix build on host with glibc-2.28),
backport the two fixes fromn gnulib upstream, that allows building
host-bison on systems using glibc 2.28.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reported-by: c32 on IRC
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes [1]:
../3rdparty/double-conversion/include/double-conversion/utils.h:81:2: error: #error Target architecture was not detected as supported by Double-Conversion.
#error Target architecture was not detected as supported by Double-Conversion.
[1] http://autobuild.buildroot.net/results/a3535cdf5e91df011a59a4b9f60d69195f5efdcb
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
They were added back in 5432f26f0 (Adding Central config.cache options),
supposedly to be able to cache the result of configure tests, but they
were never, ever referenced anywhere in our code... Besides, we dropped
the idea of getting a configure cache long ago now (it does not work)...
They are causing spurious error messages on some distros (e.g. Fedora)
which use GNU's which (whatever package that comes from), while it is
silent on other distros (e.g. Ubuntu) which use debianutils' which.
Drop them.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a patch to python-pyqt5 to make it build properly
against Qt 5.11.
PyQt5 is using a dual-licensing model, and the commercial company
behind it (RiverBank) only provides release tarballs, and no public
Git repository, so we cannot see the individual changes they make. By
diffing the PyQt5 5.10 and 5.11 releases, we could see that they opted
for dropping entirely support for the waitForEvents() method, rather
than keeping it for Qt < 5.11. We take the same approach in the below
patch, since this is anyway what will happen when we will bump to
PyQt5 5.11.
The patch is not Git-formatted, because there is no upstream Git
repository for this project.
Fixes:
http://autobuild.buildroot.net/results/1f1e92374fe71a1d4343243db5f530c33db06698/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
Fixes CVE-2018-12115, also CVEs were fixed in included OpenSSL code
which do not use for the target build.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some users of kconfig need some packages to be built before their
kconfig infra be used.
For example, the linux kernel, starting with 4.16, needs flex and bison
to generate the parser code. Furthermore, starting with 4.18, it will
also need the cross-compiler before parsing the kconfig stuff, because
that calls the compiler to check its features.
Currently, this is broken, even the flex/bison ones, even though they
are listed, because there is no way to define dependencie that are
guaranteed before the (visual) configurators. For example:
$ make distclean
$ make menuconfig
--> enable the linux kernel, choose a defconfig, save, exit
$ make linux-menuconfig
[...]
HOSTCC scripts/basic/fixdep
HOSTCC scripts/kconfig/conf.o
YACC scripts/kconfig/zconf.tab.c
/bin/sh: bison: command not found
LEX scripts/kconfig/zconf.lex.c
scripts/Makefile.lib:196: recipe for target 'scripts/kconfig/zconf.tab.c' failed
make[3]: *** [scripts/kconfig/zconf.tab.c] Error 127
make[3]: *** Waiting for unfinished jobs....
/bin/sh: flex: command not found
scripts/Makefile.lib:188: recipe for target 'scripts/kconfig/zconf.lex.c' failed
make[3]: *** [scripts/kconfig/zconf.lex.c] Error 127
Makefile:528: recipe for target 'rpc_defconfig' failed
make[2]: *** [rpc_defconfig] Error 2
linux/linux.mk:511: recipe for target '/home/ymorin/dev/buildroot/buildroot/output/build/linux-4.17.11/.config' failed
make[1]: *** [/home/ymorin/dev/buildroot/buildroot/output/build/linux-4.17.11/.config] Error 2
Makefile:79: recipe for target '_all' failed
make: *** [_all] Error 2
So, we introduce a new type of dependencies for kconfig-based packages,
that are guaranteed to be built and installed before the (visual)
configurators are called.
Since those dependencies are phony targets and therefore always out of
date, a normal dependency would cause the .config target to be rebuilt
on each invocation of make. So we use an order-only pre-requisite, like
is done for the patch dependency.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The commit that added the dependency on host-{bison,flex} did
so because the pre-generated kconfig parser source files were
removed from the kernel tree, in linux-4.16.
But then, in linux-4.17, the pre-generated dtc parser source
files were in turn removed as well.
So, document the two reasons why they are needed, so we don't
accidentally remove them when we (soon) introduce the kconfig
dependencies.
(Also fix the first assignment to LINUX_DEPENDENCIES to be a
simple assignement, not an append-assignment.)
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
boost-log builds fine with powerpc on uclibc nowadays so enable it back.
By removing this dependency, build failure on azmq is also fixed as this
package is currently selecting boost-log without fulfilling this
dependency
Fixes:
- http://autobuild.buildroot.net/results/9c373d0b5a1a59e2271d71c480d55a90a67b84cb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
