aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* libnspr: bump version to 4.19Gravatar Peter Korsgaard2018-11-252-3/+3
| | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit fb521b5d45dc74463a5fb30657642d328e3d51cd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* {linux, linux-headers}: bump 4.{4, 9, 14, 18}.x seriesGravatar Peter Korsgaard2018-11-251-3/+3
| | | | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [Peter: drop 4.18.x, linux / hash changes] (cherry picked from commit cd0ca09e43be8bd87fa35c96fa099a338b85de36) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* supertuxkart: fix build on bdver3Gravatar Fabrice Fontaine2018-11-251-0/+59
| | | | | | | | | | | | | | | Retrieve upstream patch to fix build failure in lib/graphics_utils/mipmap/cpusimd.h due to direct inclusion of intrinsics headers: https://github.com/supertuxkart/stk-code/issues/3091 Fixes: - http://autobuild.buildroot.org/results/52bd5c45b0d04a863a2530d388899b3e46494ee9 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 236a7d5d786ba332154d770bc434c5f4e978d539) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* trace-cmd: fix siteGravatar Fabrice Fontaine2018-11-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Replace $(BR2_KERNEL_MIRROR) by https://git.kernel.org/pub, which fixes the download of this package: >>> trace-cmd trace-cmd-v2.6.1 Downloading Initialized empty Git repository in /home/thomas/dl/trace-cmd/git/.git/ Fetching all references fatal: repository 'https://cdn.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git/' not found Detected a corrupted git cache. Removing it and starting afresh. Initialized empty Git repository in /home/thomas/dl/trace-cmd/git/.git/ Fetching all references fatal: repository 'https://cdn.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git/' not found Detected a corrupted git cache. This is the second time in a row; bailing out --2018-11-11 21:08:00-- http://sources.buildroot.net/trace-cmd/trace-cmd-trace-cmd-v2.6.1.tar.gz Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.210.19, 104.25.211.19, 2606:4700:20::6819:d313, ... Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.210.19|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1859835 (1.8M) [application/x-gtar-compressed] Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit e311d8387dc829d3f0dfe5508cfabc3458e0fa93) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* qemu: disable openglGravatar Fabrice Fontaine2018-11-251-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since version 0.15.0, qemu has an optional dependency to opengl: https://github.com/qemu/qemu/commit/20ff075bb3340c5278a0da38ad1f4d602565aa06 Since version 2.4, libepoxy is also needed to enable opengl: https://github.com/qemu/qemu/commit/dcf30025c3e3d43140a687240433de1920adf8b0 As a result if libepoxy is built before qemu, opengl support will be detected (see config.log): OpenGL support yes OpenGL dmabufs yes This will raise the failures in milkymist-tmu2: hw/display/milkymist-tmu2.c:35:22: fatal error: X11/Xlib.h: No such file or directory or in sdl2: CC /home/peko/autobuild/instance-0/output/targetui/sdl2-2d.o In file included from /home/peko/autobuild/instance-0/output/build/qemu-2.12.1/include/ui/egl-context.h:5:0, from ui/egl-context.c:3: /home/peko/autobuild/instance-0/output/build/qemu-2.12.1/include/ui/egl-helpers.h:45:55: error: unknown type name 'Window'; did you mean 'minor'? or in translate-a64: /accts/mlweber1/scripts/instance-3/output/build/qemu-2.12.1/target/arm/translate-a64.c: In function 'handle_shri_with_rndacc': /accts/mlweber1/scripts/instance-3/output/build/qemu-2.12.1/target/arm/translate-a64.c:7000:28: warning: 'tcg_src_hi' may be used uninitialized in this function [-Wmaybe-uninitialized] tcg_gen_mov_i64(tcg_src, tcg_src_hi); ^ ../ui/gtk-egl.o: In function `gd_egl_init': /accts/mlweber1/scripts/instance-3/output/build/qemu-2.12.1/ui/gtk-egl.c:52: undefined reference to `gdk_x11_window_get_xid' So, for the time being, disable opengl as done in xen since commit 13c6754f3c1d2a14516f641490e9dd6f4c183d7c. Fixes: - http://autobuild.buildroot.org/results/656e45721c72197834462eb2bd8c762e520725a4 - http://autobuild.buildroot.org/results/d4736a930144fc5e25b377bc1c0baf44fbf8718d - http://autobuild.buildroot.org/results/50e0d7d1b4f5c2b827b50bb82d8fbc066bf31118 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit ce735b0c59c636b454056debacddcf77f9fb30fd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libiscsi: fix build failures due to warningsGravatar Fabrice Fontaine2018-11-252-0/+53
| | | | | | | | | | | | | Retrieve two upstream patches to fix build failures due to warnings Fixes: - http://autobuild.buildroot.org/results/7ec1e1cc060bbdaaf758c0d55a053247b731e792 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 6a5e9a7ac6e20f8cb2251b61b09b54d51bedfa82) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libiscsi: add hash for license filesGravatar Fabrice Fontaine2018-11-251-0/+3
| | | | | | | Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit e711623912d0db2866a60e9daf6dbe89959de574) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libnfs: add patch to fix musl build issueGravatar Jörg Krause2018-11-251-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add a patch to fix build issues with the musl C library. This patch fixes an autobuild issue when linking the mpd package against libnfs. The header file libnfs.h uses `struct timeval` which is defined in `<sys/time.h>` for POSIX systems. Unfortunately, upstream only includes it conditionally, based on the system. Therefore, we remove the check in the first patch. Reported upstream: https://github.com/sahlberg/libnfs/issues/272 Fixes: http://autobuild.buildroot.org/results/452/4522014698b9fe50720a71b663e47a75805bcf54 http://autobuild.buildroot.org/results/b0a/b0a0c20ad1705e9fa7ba4a12eb9c182e8077ab0c http://autobuild.buildroot.org/results/53c/53c87361923cc177de7889523b3d16ba6b1d3d0f .. and more. Previous patch: Changes requested http://patchwork.ozlabs.org/patch/973605/ Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 582fd7c094c697a3408c054b87406fcf249bcf72) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/gcc: fix xtensa uclinux code generationGravatar Max Filippov2018-11-252-0/+82
| | | | | | | | | | | | | | xtensa-uclinux uses bFLT executable file format that cannot relocate fields representing offsets from data to code. C++ objects built as PIC use offsets to encode FDE structures. As a result C++ exception handling doesn't work correctly on xtensa-uclinux. Don't use PIC by default on xtensa-uclinux. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> [Peter: drop gcc-8.x patch] (cherry picked from commit 4debb2fbb7d60ed7f81ddab82d8b48ac9c4c3055) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* attr: Add a patch to fix an unconditional infinite recursionGravatar Nicolas Cavallari2018-11-251-0/+126
| | | | | | | | | | | | | | | | | | | | | | | | | The bump to 2.4.48 introduced a bug that, according to the author, only happen in certain cases on glibc. But under uclibc-ng, it happens every time. The bug essentially cause any program calling any libattr.so function to enter an infinite recursion, because of a symbol conflict between uclibc-ng and libattr wrappers, that causes the libattr wrappers to call themselves. This infinite recursion does not consume the stack, so programs basically behave like they enter an infinite loop. It is easy to reproduce with qemu_arm_versatile_defconfig + BR2_PACKAGE_ATTR: "getfattr ." never returns and takes 100% CPU. Upstream fixed it, but the patch is not part of a release yet, so take the patch. Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 99989d3b91ef6cadc0c8d1a73203178da9ac6af7) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* nginx: security bump to 1.15.6Gravatar Peter Korsgaard2018-11-254-13/+17
| | | | | | | | | | | | | | | | Fixes the following security issues: CVE-2018-16843: Excessive memory usage in HTTP/2 CVE-2018-16844: Excessive CPU usage in HTTP/2 CVE-2018-16845: Memory disclosure in the ngx_http_mp4_module Refreshed patch 0004 + 0007 as they no longer applied cleanly. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit c2f5b3a3a866859528747edc191fb9c241343e88) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* nginx: bump to version 1.15.0Gravatar Ignacy Gawędzki2018-11-255-79/+265
| | | | | | | | | | | | | | | | | | | | | | | | | | The following patches have been updated to apply on 1.15.0: 0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch 0006-auto-lib-openssl-conf-use-pkg-config.patch The follow patch has been removed, because it was applied upstream: 0009-auto-lib-conf-fix-PCRE-condition-WRT-the-http-and-ht.patch The license file hash has changed because the copyright years were updated in the LICENSE file: - * Copyright (C) 2002-2017 Igor Sysoev - * Copyright (C) 2011-2017 Nginx, Inc. + * Copyright (C) 2002-2018 Igor Sysoev + * Copyright (C) 2011-2018 Nginx, Inc. Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr> [Thomas: drop unneeded patch updates, improve commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 2fe054a7ecf145be002ed2bf75c662fa397792d6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: security bump to version 1.5.4Gravatar Peter Korsgaard2018-11-253-48/+2
| | | | | | | | | | | | | | | | | | >From the announcement: When using a TLS enabled websockets listener with require_certificate enabled, the mosquitto broker does not correctly verify client certificates. This is now fixed. All other security measures operate as expected, and in particular non-websockets listeners are not affected by this. https://mosquitto.org/blog/2018/11/version-154-released/ Drop patch 0001, now applied upstream: https://github.com/eclipse/mosquitto/pull/933 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 3a4c111b1f359e2ba50e31ef1246e48456a391de) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: security bump to version 1.5.3Gravatar Fabrice Fontaine2018-11-252-2/+2
| | | | | | | | | | | Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 5e62304359d150b6befa4bab4030ead09bcfdfdf) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mosquitto: bump version to 1.5.1Gravatar Bernd Kuhls2018-11-255-187/+48
| | | | | | | | | | Removed patch 0001, applied upstream. Replaced patch 0002 with a more generic solution as patch 0001. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit f5336412d54397f35daa09c4f9eab952afadd3fe) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: fix build with some glibcGravatar Fabrice Fontaine2018-11-251-0/+34
| | | | | | | | | | | | Add patch to define _GNU_SOURCE before using S_IF{DIR,REG} Fixes: - http://autobuild.buildroot.net/results/7dcfb6ca9d14a5cd6872590065549356f1ab42a0 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit f66c171b4d046aca791f524ff198fb7df08d5ab0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mosquitto: bump to version 1.5Gravatar Fabrice Fontaine2018-11-254-51/+153
| | | | | | | | | | - Remove patch (already in version) - Add patch to fix crash (retrieved from upstream) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 375e11a186bd6ac9f934f9bb0b8102cab58efa53) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* twolame: fix static linking with libmagicGravatar Fabrice Fontaine2018-11-251-0/+228
| | | | | | | | | | | | | | | | libmagic (from file package) already provides the buffer_init function so to avoid a build failure for applications wanting to statically link with twolame and libmagic (for example sox), rename buffer_init into bitbuffer_init (also rename buffer_deinit into bitbuffer_deinit and buffer_sstell into bitbuffer_sstell for consistency) Fixes: - http://autobuild.buildroot.org/results/b3fc62e7f372fe595966e84091c11ccdb4cfa77c Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 393b205de132658d2a7e68d8c9d45de6298813c7) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* qt: disable static build for qt-zlibGravatar Fabrice Fontaine2018-11-251-0/+4
| | | | | | | | | | | | | | | | Static build of applications using qt-zlib and zlib (such as mpv) will fail because zlib and qt-zlib defines the same functions (inflateReset, inflatePrime ...) So add a dependency on !BR2_STATIC_LIBS on BR2_PACKAGE_QT_QTZLIB Fixes: - http://autobuild.buildroot.org/results/0be6e359d46a8a701006305c32b514687854b035 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 112667fd120d136bcacef7e4a78f16a4ac92178a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* bind: security bump to version 9.11.5Gravatar Peter Korsgaard2018-11-254-77/+3
| | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: - CVE-2018-5738: Some versions of BIND can improperly permit recursive query service to unauthorized clients - CVE-2018-5740: A flaw in the "deny-answer-aliases" feature can cause an INSIST assertion failure in named For more details, see the release notes: https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html Drop patch 0003-Rename-ptrsize-to-ptr_size.patch as the uClibc-ng issue was fixed upstream in commit 931fd627f6195 (mips: fix clashing symbols), which is included in uclibc-1.0.12 (January 2016). Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 955df7463b0747620b744e19a78cfc84e1c99965) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mmc-utils: add patch to fix build failureGravatar Sébastien Szymanski2018-11-251-0/+44
| | | | | | | | | | | | | | | Patch taken from: - https://patchwork.kernel.org/patch/10654531/ Fixes: - http://autobuild.buildroot.net/results/404bfbd095a7b80273391ea36ea81ba496164b80 - http://autobuild.buildroot.net/results/233ef5c00951b5be10a59408f4a8781ecc658d74 - http://autobuild.buildroot.net/results/eba3cf4ac21095bca5af2d5d1d69aca0c9098f9b Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit ee6217d52b7226596257ac86652403306912588f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* traceroute: fix 'no rule to make target -lm' errorGravatar Sergio Prado2018-11-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the following build error: make[3]: *** No rule to make target '-lm', needed by 'traceroute'. Fixes: http://autobuild.buildroot.org/results/dde63672e1de1d4ba036331ab127ccc8ff044444 http://autobuild.buildroot.org/results/4efb67e6a29c3dd784676d30a1051f9f0c2a6c80 http://autobuild.buildroot.org/results/7ac23a3959aec22297695899c0f76dbbc4e114d3 And many more... As explained by Arnout, this happens when host-make is built (E.G. when glibc is built on a machine with an old make version) because the traceroute Makefiles have a target with a dependency on -lm, and make automatically will look in make's $prefix/lib directory for libm.so / libm.a to satisfy this dependency. From the make info pages: When a prerequisite's name has the form '-lNAME', 'make' handles it specially by searching for the file 'libNAME.so', and, if it is not found, for the file 'libNAME.a' in the current directory, in directories specified by matching 'vpath' search paths and the 'VPATH' search path, and then in the directories '/lib', '/usr/lib', and 'PREFIX/lib' (normally '/usr/local/lib', but MS-DOS/MS-Windows versions of 'make' behave as if PREFIX is defined to be the root of the DJGPP installation tree). Our host-make is configured with prefix=$(HOST_DIR), and $(HOST_DIR)/lib does not contain libm.so / libm.a, causing make to error out. Work around it by pointing VPATH to $(STAGING_DIR)/usr/lib, so make will find the (target) libm.so / libm.a. [Peter: extend description based on Arnouts investigation] Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 49dd099650c21950c8bf957eee3d67b1b20fdcbe) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Config.in: security hardening: disable FORTIFY_SOURCE for gcc < 6Gravatar Romain Naour2018-11-251-0/+4
| | | | | | | | | | | | | | | | | | | | | | | As reported in the bug report [1], gcc < 6 doesn't build when FORTIFY_SOURCE is set to 1 or 2. The issue is related to the upstream bug report [2] but the patch fixing the issue for gcc 6 has not been backported to earlier gcc versions. Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1 and BR2_FORTIFY_SOURCE_2. [1] https://bugs.busybox.net/show_bug.cgi?id=11476 [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164 [3] https://github.com/gcc-mirror/gcc/commit/55f12fce4ccf77513644a247f9c401a5b1fa2402 Signed-off-by: Romain Naour <romain.naour@gmail.com> Cc: Matthew Weber <matthew.weber@rockwellcollins.com> Cc: Peter Korsgaard <peter@korsgaard.com> [Peter: only limit for internal toolchain as suggested by Matthew] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit a75ee0e8124023185f4a05e95b2fcd29fa9449d8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* toolchain: disable SSP support if CFI support in binutils is missingGravatar Romain Naour2018-11-254-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As reported by [1], SSP support is missing in the Buildroot toolchain for microblaze even if it's requested by selecting BR2_TOOLCHAIN_HAS_SSP config option. In Buildroot, we are using libssp provided by the C library (glibc, musl, uClibc-ng) when available. We are not using libssp from gcc. So for a microblaze glibc based toolchain, the SSP support is enabled unconditionally by a select BR2_TOOLCHAIN_HAS_SSP. BR2_microblazeel=y BR2_TOOLCHAIN_BUILDROOT_GLIBC=y BR2_KERNEL_HEADERS_4_14=y BR2_BINUTILS_VERSION_2_30_X=y BR2_GCC_VERSION_8_X=y BR2_TOOLCHAIN_BUILDROOT_CXX=y While building the toolchain, we are building host-binutils which provide "as" (assembler) and host-gcc-initial wich provide a minimal cross gcc (C only cross-compiler without any C library). When SSP support is requested, gcc_cv_libc_provides_ssp=yes is added to the make command line (see [2] for full details) With this setting, the SSP support is requested but it's not available in the end and the toochain build succeed. When the microblaze toolchain is imported to Biuldroot (2018.05) as external toolchain with BR2_TOOLCHAIN_EXTERNAL_HAS_SSP set, the build stop with : "SSP support not available in this toolchain, please disable BR2_TOOLCHAIN_EXTERNAL_HAS_SSP" The test is doing the following command line: echo 'void main(){}' | [...]/host/bin/microblazeel-linux-gcc.br_real -Werror -fstack-protector -x c - -o [...]/build/.br-toolchain-test.tmp cc1: error: -fstack-protector not supported for this target [-Werror] When we look at the gcc-final log file (config.log) we can see this error several time when using the minimal gcc (from host-gcc-initial). So Why the minimal gcc doesn't support SSP? When we look at the gcc-initial log file (config.log) we can see an error with 'as': configure:23194: checking assembler for cfi directives configure:23209: [...]microblazeel-buildroot-linux-gnu/bin/as -o conftest.o conftest.s >&5 conftest.s: Assembler messages: conftest.s:2: Error: CFI is not supported for this target conftest.s:3: Error: CFI is not supported for this target conftest.s:4: Error: CFI is not supported for this target conftest.s:5: Error: CFI is not supported for this target conftest.s:6: Error: CFI is not supported for this target conftest.s:7: Error: CFI is not supported for this target configure:23212: $? = 1 configure: failed program was .text .cfi_startproc .cfi_offset 0, 0 .cfi_same_value 1 .cfi_def_cfa 1, 2 .cfi_escape 1, 2, 3, 4, 5 .cfi_endproc This is the only relevant difference compared to a nios2 toolchain where libssp is enabled and available (nios2 is an example). "CFI" stand for "Control Flow Integrity" and it seems that SSP support requires CFI target support (see [3] for some explanation). The SSP support seems to depends on CFI support, but the toolchain infrastructure is not detailed enough to handle the CFI dependency. The NiosII toolchains built with binutils < 2.30 are also affected by this issue. This patch improve the toolchain infrastructure by adding a new BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI blind option Disable SSP support for microblaze entirely. Disable SSP support for nios2 only with Binutils < 2.30. Fixes: https://gitlab.com/free-electrons/toolchains-builder/-/jobs/72006389 [1] https://gitlab.com/free-electrons/toolchains-builder/issues/1 [2] https://git.buildroot.net/buildroot/tree/package/gcc/gcc.mk?h=2018.05#n275 [3] https://grsecurity.net/rap_faq.php Signed-off-by: Romain Naour <romain.naour@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [Thomas: adjust how the BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI option is expressed.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 435613ef298d49788d82f7bb2e06f944d69d890b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* linux: enable CONFIG_AUDIT if the audit package is selectedGravatar Carlos Santos2018-11-251-0/+3
| | | | | | | | | | | | | We already turn on kernel features for several packages, so let's do it for audit too, since the daemon is useless and fails to load otherwise. Notice that we also turn NET on, since AUDIT depends on NET, like we do for the wireguard package. Signed-off-by: Carlos Santos <casantos@datacom.com.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 2c828ed72fa51607714cbd7a53304d11db7145c3) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/audit: bump to version 2.8.4Gravatar Carlos Santos2018-11-252-2/+2
| | | | | | | | | | | | Fix a segfault in auditd when dns resolution isn't available. Additional changes since 2.8.2 can be seen at http://people.redhat.com/sgrubb/audit/ChangeLog Signed-off-by: Carlos Santos <casantos@datacom.com.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 0d03c33f22a845218681d19eadddebfda0ef39f6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/audit: ensure that it starts after the logging daemonGravatar Carlos Santos2018-11-252-1/+1
| | | | | | | | | | | | audit uses syslog(). Rename its init script to S02auditd to ensure that it will start after syslogd. Otherwise the initial log messages will be sent to the console (and probably lost, since almost nobody watches the system console on embedded systems). Signed-off-by: Carlos Santos <casantos@datacom.com.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 6fe5fe4c4d034bd471a9ed28e5fba81475ae09ec) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/audit: fix audispd path in auditd.confGravatar Carlos Santos2018-11-251-0/+32
| | | | | | | | | | | | | audispd is installed at /usr/sbin but the configuration file pointed to /sbin, causing auditd to fail on startup. This patch cannot be sent upstream because audispd does not exist anymore on the master branch (it was merged to auditd). Signed-off-by: Carlos Santos <casantos@datacom.com.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 4be494b8045b51ddc41cec370950a95bc72fba55) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mariadb: security bump to version 10.1.37Gravatar Peter Korsgaard2018-11-252-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security vulnerabilities: CVE-2018-3282: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. CVE-2018-3174: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-3143: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-3156: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-3251: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The README has gotten a few extra URLs added, so update the sha256 to match. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mariadb: drop my-small.cnf handlingGravatar Peter Korsgaard2018-11-251-2/+0
| | | | | | | | | | | | | Unbreaks builds without BR2_PACKAGE_MARIADB_SERVER as this only gets installed if the server is enabled. As pointed out in commit 2b82e014b40 (package/mariadb: bump version to 10.3.10), this file has been removed upstream in newer versions as it hasn't been updated in >8 years and the compiled in defaults are sensible, so completely remove the file handling instead of adding logic to only install it if the server is enabled. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* xproto_inputproto: also disable asciidoc documentation for host buildsGravatar Peter Korsgaard2018-11-201-0/+1
| | | | | | | Fixes: http://autobuild.buildroot.net/results/0ff/0ff9a3a27984ad91aa33079143bb87ed71bfe7c4/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/xproto_inputproto: disable documentationGravatar Matt Weber2018-11-191-0/+1
| | | | | | | | Resolves: http://autobuild.buildroot.net/results/e6b/e6badde04047e10023b97946bbff434abc07344d/ Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* lua-curl: fix build with libcurl 7.62.0Gravatar Baruch Siach2018-11-151-0/+58
| | | | | | | | | | | | | | | | The last libcurl bump changed error code definitions in a way that breaks lua-curl build. Add a patch to fix that. Fixes: http://autobuild.buildroot.net/results/fa6/fa6e289162124b3e079c4a2d9c3f00910c8cc063/ http://autobuild.buildroot.net/results/7b9/7b962a63630abaed21d99f719c1bd710ec4d4b28/ http://autobuild.buildroot.net/results/c5b/c5b2a7f21259bbf79861bd95a2d7ca055920bf09/ Cc: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 3988480bf02e138e945bc9ad083880697d5ab376) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/x11r7/xdriver_xf86-video-geode: add upstream commits to fix build errorsGravatar Bernd Kuhls2018-11-142-0/+88
| | | | | | | | | | Fixes http://autobuild.buildroot.net/results/a9b/a9baf6ecf147f336021edda20bb091b8aa071209/ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 34743203e1a003d3b713c62293b988f2778037a2) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* utils/scanpypi: use archive file name to specify the extraction folderGravatar Yegor Yefremov2018-11-141-9/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some packages have archive name that is different from package name. For example websocket-client's archive name is websocket_client-*.tar.gz. scanpypi expects the temporary extract folder to be: /tmp-folder/BR-package-name/PyPI-packagename-and-version In the case of websocket-client package the real extraction folder will be different from the expected one because of the '_' in the archive file name. Use archive file name instead of package name to specify the extraction folder. As the version is already part of this file, we don't need to specify it. Bonus: remove obsolete "return None, None" as the function doesn't return anything. OSError class doesn't provide "message" member, so replace it with "strerror". Fixes: https://bugs.busybox.net/show_bug.cgi?id=11251 Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com> Reviewed-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit fd29797f659c09cbc2aeba33f8d6f5b992e65cd4) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* docs/manual: add external.desc to list of files needed for BR2_EXTERNALGravatar Philipp Wagner2018-11-141-0/+1
| | | | | | | | | | | | | | external.desc must be present when using a br2-external tree. The documentation notes this later in the text, but the file is missing from the initial overview of files. Fixes bug #11481. Signed-off-by: Philipp Wagner <mail@philipp-wagner.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit a6479d6058b75533dd68081d90cec0dbfe652ca4) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* support/scripts/mkmakefile: make wrapper silent by defaultGravatar Serj Kalichev2018-11-141-1/+8
| | | | | | | | | | | | | | | | | Suppose we use Makefile wrapper and build some project out of buildroot tree (O=...). A command like "make busybox-all-external-deps" will output the string "uname 022 && make ..." to stdout before the usefull information. It pollutes stdout. At the same time if we use the same command in the buildroot source-tree then we don't get the additional output. This patch makes wrapper silent by default. People who prefer to see more verbose output can use V=1. Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit c77cd170826e6430315f56a5c4d44ee97cc83050) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* nfs-utils: add patch to fix build with glibc 2.28Gravatar Thomas Petazzoni2018-11-141-0/+50
| | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/feb2b42028f7035f791db9cb76d07ead55d7733a/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit f0cf62abae4e9c4e479b015327b38d837cba9512) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* postgresql: security bump to version 10.6Gravatar Peter Korsgaard2018-11-142-3/+3
| | | | | | | | | | | | | Fixes the following security issue: CVE-2018-16850: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING For more details, see the advisory: https://www.postgresql.org/about/news/1905/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* uclibc: fix mkostempGravatar Carlos Santos2018-11-141-0/+38
| | | | | | | | | | | | | | | | | Pull a patch already submitted upstream[1] that fixes mkostemp when _LARGEFILE64_SOURCE is defined. This is required to prevent failures on eudev[2]: # udevadm hwdb --update Failure writing database //etc/udev/hwdb.bin: Invalid argument 1. https://patchwork.ozlabs.org/patch/990045/ 2. https://patchwork.ozlabs.org/patch/984848/ Signed-off-by: Carlos Santos <casantos@datacom.com.br> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit c33fb6e9f190273abef5fd8186ab0d5a496ef06a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* webkitgtk: bump to version 2.22.3Gravatar Adrian Perez de Castro2018-11-143-46/+5
| | | | | | | | | | | | | | | | | | Release notes: https://webkitgtk.org/2018/10/29/webkitgtk2.22.3-released.html Patch "0001-ARM-Building-FELightingNEON.cpp-fails-due-to-missing.patch" is removed because it is included in the new release. This is a maintenance release which further improves playback of video when using media source extensions (MSE), specially for WebM content, and provides a few correctness fixes. Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 0def20865d75baf80b0dad5dcc81efd606cfb3af) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* webkitgtk: add an option to control USE_GSTREAMER_GLGravatar Adrian Perez de Castro2018-11-142-0/+22
| | | | | | | | | | | | | | | | | | | | This covers the case where GL/GLES is available (so -DENABLE_OPENGL=ON gets passed), which makes the webkitgtk build system assume GStreamer-GL is available, while actually it is not. Also, providing an option to manually disable usage of GStremer-GL can help with certain target configurations in which using OpenGL for video handling might result in incorrect rendering. This fixes some autobuilder failures like the following: http://autobuild.buildroot.net/results/187796535af53ece426641ff7d88aabada281674 http://autobuild.buildroot.net/results/00c1a8ea23a99728a4f3f4478705f2383414ae41 Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 4ac29a8196903f7e88674bb4b2f58c0f29fb122d) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libcurl: security bump to version 7.62.0Gravatar Peter Korsgaard2018-11-142-3/+3
| | | | | | | | | | | | | | | | | | Fixes the following security issues: CVE-2018-16839: SASL password overflow via integer overflow https://curl.haxx.se/docs/CVE-2018-16839.html CVE-2018-16840: use-after-free in handle close https://curl.haxx.se/docs/CVE-2018-16840.html CVE-2018-16842: warning message out-of-buffer read https://curl.haxx.se/docs/CVE-2018-16842.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit c1a01ac2f109d695d1bfe9945bc4df0434eaec51) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/network-manager: Add upstream patch to fix CVE-2018-15688Gravatar Bernd Kuhls2018-11-141-0/+38
| | | | | | | | | | | | | | | | | | | NetworkManager includes some parts of the systemd-networkd code in its codebase. That can be found at src/systemd/src/libsystemd-networkd. The DHCP implementation provided by systemd-networkd is used when NetworkManager is configured to use the internal implementation, however the default is to use dhclient. When NetworkManager is configured to use the internal dhcp and an interface is setup with ipv6.method=auto (which is the default value) or ipv6.method=dhcp, this flaw can be exploited. When using ipv6.method=auto, the DHCPv6 client can be automatically started with a Router Advertisement packet. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 0a51ba655c6eed7a2a8be116b855259adbaf7bd6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* configs/{at91, atmel}*_dev*: drop Dropbear as it duplicates OpenSSHGravatar Thomas Petazzoni2018-11-148-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | The "development" defconfigs for Atmel platforms enable both OpenSSH and Dropbear, which doesn't make a lot of sense, as only one SSH server can start on port 22. This commit therefore drops BR2_PACKAGE_DROPBEAR=y from those defconfigs, keeping OpenSSH as an SSH server/client, as was requested by Atmel/Microchip folks in the review of an earlier version of this patch [1]. Since those defconfigs are "development" defconfigs, they are not meant to be minimal, and already provide an arbitrary set of packages, so using openssh is just as good as using dropbear in this case. [1] https://patchwork.ozlabs.org/patch/989516/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Nicolas Ferre <nicolas.ferre@microchip.com> Cc: Joshua Henderson <joshua.henderson@microchip.com> Cc: Ludovic Desroches <ludovic.desroches@microchip.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit dab153961337e11675a224af0cf3c3e029561910) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/systemd: Add upstream patch to fix CVE-2018-15688Gravatar Bernd Kuhls2018-11-141-0/+30
| | | | | | | | | | | | | | | Systemd-networkd is vulnerable to an out out-of-bounds heap write in the DHCPv6 client when handling options sent by network adjacent DHCP servers. A attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines, resulting in a denial of service or potential code execution. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> [Peter: add description] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit bc6ecbbeefadb185e9d171562afb9f01e250e132) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* ruby: security bump to version 2.4.5Gravatar Peter Korsgaard2018-11-142-4/+4
| | | | | | | | | | | | | | | | | Fixes the following security issues: - CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/ - CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/ Update hash of LEGAL as it had a few (wayback machine) URLs added/changed. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 646ae5a0b1ec9e7c099de0088c333470283f7e33) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* lighttpd: security bump to version 1.14.51Gravatar Peter Korsgaard2018-11-142-3/+5
| | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: 1.4.50: [mod_alias] security: potential path traversal with specific configs [core] security: use-after-free invalid Range req [mod_alias] security: path traversal in mod_alias (in some use cases) (fixes #2898) [core] security: use-after-free after invalid Range request (fixes #2899) 1.4.51: [core,security] process headers after combining folded headers [mod_userdir] security: skip username “.” and “..” 1.4.51 brings optional pam and wolfssl support. Explicitly disable these options for now. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 15793bc19f196691f6b09636ebf2c3de53d369c0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* lighttpd: bump to version 1.4.49Gravatar Baruch Siach2018-11-142-3/+3
| | | | | | | | Cc: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit b94ddb8d5d1cc74eaf47d3272c2313860d96430d) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* qemu: sdl frontend needs x11Gravatar Fabrice Fontaine2018-11-141-0/+2
| | | | | | | | | | | | | | | | | Since qemu 2.12.0 and https://github.com/qemu/qemu/commit/2ec78706d188df7d3dab43d07b19b05ef7800a44, x_keymap.h has been converted from "SDL display driver" to "X11 keymaps" So add a select on BR2_PACKAGE_SDL_X11 Fixes: - http://autobuild.buildroot.org/results/1908d2d7de8d3aff11ed6fbb8fe4cf3eff54b5a5 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 8153ce21e7d1a11c6ac9a722d81a2e14f5428dbd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>