| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fb521b5d45dc74463a5fb30657642d328e3d51cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Peter: drop 4.18.x, linux / hash changes]
(cherry picked from commit cd0ca09e43be8bd87fa35c96fa099a338b85de36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Retrieve upstream patch to fix build failure in
lib/graphics_utils/mipmap/cpusimd.h due to direct inclusion of
intrinsics headers:
https://github.com/supertuxkart/stk-code/issues/3091
Fixes:
- http://autobuild.buildroot.org/results/52bd5c45b0d04a863a2530d388899b3e46494ee9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 236a7d5d786ba332154d770bc434c5f4e978d539)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace $(BR2_KERNEL_MIRROR) by https://git.kernel.org/pub, which
fixes the download of this package:
>>> trace-cmd trace-cmd-v2.6.1 Downloading
Initialized empty Git repository in /home/thomas/dl/trace-cmd/git/.git/
Fetching all references
fatal: repository 'https://cdn.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git/' not found
Detected a corrupted git cache.
Removing it and starting afresh.
Initialized empty Git repository in /home/thomas/dl/trace-cmd/git/.git/
Fetching all references
fatal: repository 'https://cdn.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git/' not found
Detected a corrupted git cache.
This is the second time in a row; bailing out
--2018-11-11 21:08:00-- http://sources.buildroot.net/trace-cmd/trace-cmd-trace-cmd-v2.6.1.tar.gz
Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.210.19, 104.25.211.19, 2606:4700:20::6819:d313, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.210.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1859835 (1.8M) [application/x-gtar-compressed]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e311d8387dc829d3f0dfe5508cfabc3458e0fa93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since version 0.15.0, qemu has an optional dependency to opengl:
https://github.com/qemu/qemu/commit/20ff075bb3340c5278a0da38ad1f4d602565aa06
Since version 2.4, libepoxy is also needed to enable opengl:
https://github.com/qemu/qemu/commit/dcf30025c3e3d43140a687240433de1920adf8b0
As a result if libepoxy is built before qemu, opengl support will be
detected (see config.log):
OpenGL support yes
OpenGL dmabufs yes
This will raise the failures in milkymist-tmu2:
hw/display/milkymist-tmu2.c:35:22: fatal error: X11/Xlib.h: No such file or directory
or in sdl2:
CC /home/peko/autobuild/instance-0/output/targetui/sdl2-2d.o
In file included from /home/peko/autobuild/instance-0/output/build/qemu-2.12.1/include/ui/egl-context.h:5:0,
from ui/egl-context.c:3:
/home/peko/autobuild/instance-0/output/build/qemu-2.12.1/include/ui/egl-helpers.h:45:55: error: unknown type name 'Window'; did you mean 'minor'?
or in translate-a64:
/accts/mlweber1/scripts/instance-3/output/build/qemu-2.12.1/target/arm/translate-a64.c: In function 'handle_shri_with_rndacc':
/accts/mlweber1/scripts/instance-3/output/build/qemu-2.12.1/target/arm/translate-a64.c:7000:28: warning: 'tcg_src_hi' may be used uninitialized in this function [-Wmaybe-uninitialized]
tcg_gen_mov_i64(tcg_src, tcg_src_hi);
^
../ui/gtk-egl.o: In function `gd_egl_init':
/accts/mlweber1/scripts/instance-3/output/build/qemu-2.12.1/ui/gtk-egl.c:52: undefined reference to `gdk_x11_window_get_xid'
So, for the time being, disable opengl as done in xen since commit
13c6754f3c1d2a14516f641490e9dd6f4c183d7c.
Fixes:
- http://autobuild.buildroot.org/results/656e45721c72197834462eb2bd8c762e520725a4
- http://autobuild.buildroot.org/results/d4736a930144fc5e25b377bc1c0baf44fbf8718d
- http://autobuild.buildroot.org/results/50e0d7d1b4f5c2b827b50bb82d8fbc066bf31118
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ce735b0c59c636b454056debacddcf77f9fb30fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Retrieve two upstream patches to fix build failures due to warnings
Fixes:
- http://autobuild.buildroot.org/results/7ec1e1cc060bbdaaf758c0d55a053247b731e792
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6a5e9a7ac6e20f8cb2251b61b09b54d51bedfa82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e711623912d0db2866a60e9daf6dbe89959de574)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a patch to fix build issues with the musl C library.
This patch fixes an autobuild issue when linking the mpd package
against libnfs. The header file libnfs.h uses `struct timeval` which is
defined in `<sys/time.h>` for POSIX systems. Unfortunately, upstream
only includes it conditionally, based on the system. Therefore, we
remove the check in the first patch.
Reported upstream:
https://github.com/sahlberg/libnfs/issues/272
Fixes:
http://autobuild.buildroot.org/results/452/4522014698b9fe50720a71b663e47a75805bcf54
http://autobuild.buildroot.org/results/b0a/b0a0c20ad1705e9fa7ba4a12eb9c182e8077ab0c
http://autobuild.buildroot.org/results/53c/53c87361923cc177de7889523b3d16ba6b1d3d0f
.. and more.
Previous patch: Changes requested
http://patchwork.ozlabs.org/patch/973605/
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 582fd7c094c697a3408c054b87406fcf249bcf72)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
xtensa-uclinux uses bFLT executable file format that cannot relocate
fields representing offsets from data to code. C++ objects built as PIC
use offsets to encode FDE structures. As a result C++ exception handling
doesn't work correctly on xtensa-uclinux. Don't use PIC by default on
xtensa-uclinux.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop gcc-8.x patch]
(cherry picked from commit 4debb2fbb7d60ed7f81ddab82d8b48ac9c4c3055)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bump to 2.4.48 introduced a bug that, according to the author,
only happen in certain cases on glibc. But under uclibc-ng, it happens
every time.
The bug essentially cause any program calling any libattr.so function
to enter an infinite recursion, because of a symbol conflict between
uclibc-ng and libattr wrappers, that causes the libattr wrappers to
call themselves.
This infinite recursion does not consume the stack, so programs
basically behave like they enter an infinite loop.
It is easy to reproduce with qemu_arm_versatile_defconfig +
BR2_PACKAGE_ATTR: "getfattr ." never returns and takes 100% CPU.
Upstream fixed it, but the patch is not part of a release yet,
so take the patch.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 99989d3b91ef6cadc0c8d1a73203178da9ac6af7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
CVE-2018-16843: Excessive memory usage in HTTP/2
CVE-2018-16844: Excessive CPU usage in HTTP/2
CVE-2018-16845: Memory disclosure in the ngx_http_mp4_module
Refreshed patch 0004 + 0007 as they no longer applied cleanly.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c2f5b3a3a866859528747edc191fb9c241343e88)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following patches have been updated to apply on 1.15.0:
0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch
0006-auto-lib-openssl-conf-use-pkg-config.patch
The follow patch has been removed, because it was applied upstream:
0009-auto-lib-conf-fix-PCRE-condition-WRT-the-http-and-ht.patch
The license file hash has changed because the copyright years were
updated in the LICENSE file:
- * Copyright (C) 2002-2017 Igor Sysoev
- * Copyright (C) 2011-2017 Nginx, Inc.
+ * Copyright (C) 2002-2018 Igor Sysoev
+ * Copyright (C) 2011-2018 Nginx, Inc.
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
[Thomas: drop unneeded patch updates, improve commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2fe054a7ecf145be002ed2bf75c662fa397792d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
>From the announcement:
When using a TLS enabled websockets listener with require_certificate
enabled, the mosquitto broker does not correctly verify client certificates.
This is now fixed. All other security measures operate as expected, and in
particular non-websockets listeners are not affected by this.
https://mosquitto.org/blog/2018/11/version-154-released/
Drop patch 0001, now applied upstream:
https://github.com/eclipse/mosquitto/pull/933
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3a4c111b1f359e2ba50e31ef1246e48456a391de)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that
begins with $, but is not $SYS, then an assert that should be unreachable is
triggered and Mosquitto will exit.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5e62304359d150b6befa4bab4030ead09bcfdfdf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
| |
Removed patch 0001, applied upstream.
Replaced patch 0002 with a more generic solution as patch 0001.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f5336412d54397f35daa09c4f9eab952afadd3fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add patch to define _GNU_SOURCE before using S_IF{DIR,REG}
Fixes:
- http://autobuild.buildroot.net/results/7dcfb6ca9d14a5cd6872590065549356f1ab42a0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f66c171b4d046aca791f524ff198fb7df08d5ab0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
| |
- Remove patch (already in version)
- Add patch to fix crash (retrieved from upstream)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 375e11a186bd6ac9f934f9bb0b8102cab58efa53)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libmagic (from file package) already provides the buffer_init function
so to avoid a build failure for applications wanting to statically link
with twolame and libmagic (for example sox), rename buffer_init into
bitbuffer_init (also rename buffer_deinit into bitbuffer_deinit and
buffer_sstell into bitbuffer_sstell for consistency)
Fixes:
- http://autobuild.buildroot.org/results/b3fc62e7f372fe595966e84091c11ccdb4cfa77c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 393b205de132658d2a7e68d8c9d45de6298813c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Static build of applications using qt-zlib and zlib (such as mpv) will
fail because zlib and qt-zlib defines the same functions (inflateReset,
inflatePrime ...)
So add a dependency on !BR2_STATIC_LIBS on BR2_PACKAGE_QT_QTZLIB
Fixes:
- http://autobuild.buildroot.org/results/0be6e359d46a8a701006305c32b514687854b035
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 112667fd120d136bcacef7e4a78f16a4ac92178a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
- CVE-2018-5738: Some versions of BIND can improperly permit recursive query
service to unauthorized clients
- CVE-2018-5740: A flaw in the "deny-answer-aliases" feature can cause an
INSIST assertion failure in named
For more details, see the release notes:
https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html
Drop patch 0003-Rename-ptrsize-to-ptr_size.patch as the uClibc-ng issue was
fixed upstream in commit 931fd627f6195 (mips: fix clashing symbols), which
is included in uclibc-1.0.12 (January 2016).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 955df7463b0747620b744e19a78cfc84e1c99965)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch taken from:
- https://patchwork.kernel.org/patch/10654531/
Fixes:
- http://autobuild.buildroot.net/results/404bfbd095a7b80273391ea36ea81ba496164b80
- http://autobuild.buildroot.net/results/233ef5c00951b5be10a59408f4a8781ecc658d74
- http://autobuild.buildroot.net/results/eba3cf4ac21095bca5af2d5d1d69aca0c9098f9b
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ee6217d52b7226596257ac86652403306912588f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following build error:
make[3]: *** No rule to make target '-lm', needed by 'traceroute'.
Fixes:
http://autobuild.buildroot.org/results/dde63672e1de1d4ba036331ab127ccc8ff044444
http://autobuild.buildroot.org/results/4efb67e6a29c3dd784676d30a1051f9f0c2a6c80
http://autobuild.buildroot.org/results/7ac23a3959aec22297695899c0f76dbbc4e114d3
And many more...
As explained by Arnout, this happens when host-make is built (E.G. when
glibc is built on a machine with an old make version) because the traceroute
Makefiles have a target with a dependency on -lm, and make automatically will
look in make's $prefix/lib directory for libm.so / libm.a to satisfy this
dependency. From the make info pages:
When a prerequisite's name has the form '-lNAME', 'make' handles it
specially by searching for the file 'libNAME.so', and, if it is not
found, for the file 'libNAME.a' in the current directory, in directories
specified by matching 'vpath' search paths and the 'VPATH' search path,
and then in the directories '/lib', '/usr/lib', and 'PREFIX/lib'
(normally '/usr/local/lib', but MS-DOS/MS-Windows versions of 'make'
behave as if PREFIX is defined to be the root of the DJGPP installation
tree).
Our host-make is configured with prefix=$(HOST_DIR), and $(HOST_DIR)/lib
does not contain libm.so / libm.a, causing make to error out.
Work around it by pointing VPATH to $(STAGING_DIR)/usr/lib, so make will
find the (target) libm.so / libm.a.
[Peter: extend description based on Arnouts investigation]
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 49dd099650c21950c8bf957eee3d67b1b20fdcbe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported in the bug report [1], gcc < 6 doesn't build when
FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
upstream bug report [2] but the patch fixing the issue for gcc 6
has not been backported to earlier gcc versions.
Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
and BR2_FORTIFY_SOURCE_2.
[1] https://bugs.busybox.net/show_bug.cgi?id=11476
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
[3] https://github.com/gcc-mirror/gcc/commit/55f12fce4ccf77513644a247f9c401a5b1fa2402
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
[Peter: only limit for internal toolchain as suggested by Matthew]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a75ee0e8124023185f4a05e95b2fcd29fa9449d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported by [1], SSP support is missing in the Buildroot toolchain
for microblaze even if it's requested by selecting
BR2_TOOLCHAIN_HAS_SSP config option.
In Buildroot, we are using libssp provided by the C library (glibc,
musl, uClibc-ng) when available. We are not using libssp from gcc.
So for a microblaze glibc based toolchain, the SSP support is enabled
unconditionally by a select BR2_TOOLCHAIN_HAS_SSP.
BR2_microblazeel=y
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_KERNEL_HEADERS_4_14=y
BR2_BINUTILS_VERSION_2_30_X=y
BR2_GCC_VERSION_8_X=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
While building the toolchain, we are building host-binutils which
provide "as" (assembler) and host-gcc-initial wich provide a
minimal cross gcc (C only cross-compiler without any C library).
When SSP support is requested, gcc_cv_libc_provides_ssp=yes is
added to the make command line (see [2] for full details)
With this setting, the SSP support is requested but it's not available
in the end and the toochain build succeed.
When the microblaze toolchain is imported to Biuldroot (2018.05) as
external toolchain with BR2_TOOLCHAIN_EXTERNAL_HAS_SSP set, the build
stop with :
"SSP support not available in this toolchain, please disable BR2_TOOLCHAIN_EXTERNAL_HAS_SSP"
The test is doing the following command line:
echo 'void main(){}' | [...]/host/bin/microblazeel-linux-gcc.br_real -Werror -fstack-protector -x c - -o [...]/build/.br-toolchain-test.tmp
cc1: error: -fstack-protector not supported for this target [-Werror]
When we look at the gcc-final log file (config.log) we can see this
error several time when using the minimal gcc (from host-gcc-initial).
So Why the minimal gcc doesn't support SSP?
When we look at the gcc-initial log file (config.log) we can see an
error with 'as':
configure:23194: checking assembler for cfi directives
configure:23209: [...]microblazeel-buildroot-linux-gnu/bin/as -o conftest.o conftest.s >&5
conftest.s: Assembler messages:
conftest.s:2: Error: CFI is not supported for this target
conftest.s:3: Error: CFI is not supported for this target
conftest.s:4: Error: CFI is not supported for this target
conftest.s:5: Error: CFI is not supported for this target
conftest.s:6: Error: CFI is not supported for this target
conftest.s:7: Error: CFI is not supported for this target
configure:23212: $? = 1
configure: failed program was
.text
.cfi_startproc
.cfi_offset 0, 0
.cfi_same_value 1
.cfi_def_cfa 1, 2
.cfi_escape 1, 2, 3, 4, 5
.cfi_endproc
This is the only relevant difference compared to a nios2 toolchain where
libssp is enabled and available (nios2 is an example).
"CFI" stand for "Control Flow Integrity" and it seems that SSP support
requires CFI target support (see [3] for some explanation).
The SSP support seems to depends on CFI support, but the toolchain
infrastructure is not detailed enough to handle the CFI dependency.
The NiosII toolchains built with binutils < 2.30 are also affected by
this issue.
This patch improve the toolchain infrastructure by adding a new
BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI blind option
Disable SSP support for microblaze entirely.
Disable SSP support for nios2 only with Binutils < 2.30.
Fixes:
https://gitlab.com/free-electrons/toolchains-builder/-/jobs/72006389
[1] https://gitlab.com/free-electrons/toolchains-builder/issues/1
[2] https://git.buildroot.net/buildroot/tree/package/gcc/gcc.mk?h=2018.05#n275
[3] https://grsecurity.net/rap_faq.php
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: adjust how the BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI option
is expressed.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 435613ef298d49788d82f7bb2e06f944d69d890b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We already turn on kernel features for several packages, so let's do it
for audit too, since the daemon is useless and fails to load otherwise.
Notice that we also turn NET on, since AUDIT depends on NET, like we do
for the wireguard package.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2c828ed72fa51607714cbd7a53304d11db7145c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix a segfault in auditd when dns resolution isn't available. Additional
changes since 2.8.2 can be seen at
http://people.redhat.com/sgrubb/audit/ChangeLog
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0d03c33f22a845218681d19eadddebfda0ef39f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
audit uses syslog(). Rename its init script to S02auditd to ensure that
it will start after syslogd. Otherwise the initial log messages will be
sent to the console (and probably lost, since almost nobody watches the
system console on embedded systems).
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6fe5fe4c4d034bd471a9ed28e5fba81475ae09ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
audispd is installed at /usr/sbin but the configuration file pointed
to /sbin, causing auditd to fail on startup.
This patch cannot be sent upstream because audispd does not exist
anymore on the master branch (it was merged to auditd).
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4be494b8045b51ddc41cec370950a95bc72fba55)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security vulnerabilities:
CVE-2018-3282: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Storage Engines). Supported versions that are
affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability
to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server.
CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow
context-dependent attackers to have unspecified impact via vectors involving
big-endian CRC calculation.
CVE-2018-3174: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client programs). Supported versions that are affected are
5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior.
Difficult to exploit vulnerability allows high privileged attacker with
logon to the infrastructure where MySQL Server executes to compromise MySQL
Server. While the vulnerability is in MySQL Server, attacks may
significantly impact additional products. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2018-3143: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2018-3156: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2018-3251: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
The README has gotten a few extra URLs added, so update the sha256 to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Unbreaks builds without BR2_PACKAGE_MARIADB_SERVER as this only gets
installed if the server is enabled.
As pointed out in commit 2b82e014b40 (package/mariadb: bump version to
10.3.10), this file has been removed upstream in newer versions as it hasn't
been updated in >8 years and the compiled in defaults are sensible, so
completely remove the file handling instead of adding logic to only install
it if the server is enabled.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
| |
Fixes:
http://autobuild.buildroot.net/results/0ff/0ff9a3a27984ad91aa33079143bb87ed71bfe7c4/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
| |
Resolves:
http://autobuild.buildroot.net/results/e6b/e6badde04047e10023b97946bbff434abc07344d/
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The last libcurl bump changed error code definitions in a way that
breaks lua-curl build. Add a patch to fix that.
Fixes:
http://autobuild.buildroot.net/results/fa6/fa6e289162124b3e079c4a2d9c3f00910c8cc063/
http://autobuild.buildroot.net/results/7b9/7b962a63630abaed21d99f719c1bd710ec4d4b28/
http://autobuild.buildroot.net/results/c5b/c5b2a7f21259bbf79861bd95a2d7ca055920bf09/
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3988480bf02e138e945bc9ad083880697d5ab376)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes
http://autobuild.buildroot.net/results/a9b/a9baf6ecf147f336021edda20bb091b8aa071209/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 34743203e1a003d3b713c62293b988f2778037a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some packages have archive name that is different from package name.
For example websocket-client's archive name is websocket_client-*.tar.gz.
scanpypi expects the temporary extract folder to be:
/tmp-folder/BR-package-name/PyPI-packagename-and-version
In the case of websocket-client package the real extraction folder
will be different from the expected one because of the '_' in the
archive file name.
Use archive file name instead of package name to specify the extraction
folder. As the version is already part of this file, we don't need to
specify it.
Bonus: remove obsolete "return None, None" as the function doesn't return
anything. OSError class doesn't provide "message" member, so replace it
with "strerror".
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=11251
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd29797f659c09cbc2aeba33f8d6f5b992e65cd4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
external.desc must be present when using a br2-external tree. The
documentation notes this later in the text, but the file is missing
from the initial overview of files.
Fixes bug #11481.
Signed-off-by: Philipp Wagner <mail@philipp-wagner.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a6479d6058b75533dd68081d90cec0dbfe652ca4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Suppose we use Makefile wrapper and build some project out of
buildroot tree (O=...). A command like "make
busybox-all-external-deps" will output the string "uname 022 && make
..." to stdout before the usefull information. It pollutes stdout. At
the same time if we use the same command in the buildroot source-tree
then we don't get the additional output. This patch makes wrapper
silent by default. People who prefer to see more verbose output can
use V=1.
Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c77cd170826e6430315f56a5c4d44ee97cc83050)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes:
http://autobuild.buildroot.net/results/feb2b42028f7035f791db9cb76d07ead55d7733a/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f0cf62abae4e9c4e479b015327b38d837cba9512)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issue:
CVE-2018-16850: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER
... REFERENCING
For more details, see the advisory:
https://www.postgresql.org/about/news/1905/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pull a patch already submitted upstream[1] that fixes mkostemp when
_LARGEFILE64_SOURCE is defined. This is required to prevent failures
on eudev[2]:
# udevadm hwdb --update
Failure writing database //etc/udev/hwdb.bin: Invalid argument
1. https://patchwork.ozlabs.org/patch/990045/
2. https://patchwork.ozlabs.org/patch/984848/
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c33fb6e9f190273abef5fd8186ab0d5a496ef06a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release notes:
https://webkitgtk.org/2018/10/29/webkitgtk2.22.3-released.html
Patch "0001-ARM-Building-FELightingNEON.cpp-fails-due-to-missing.patch"
is removed because it is included in the new release.
This is a maintenance release which further improves playback of video
when using media source extensions (MSE), specially for WebM content,
and provides a few correctness fixes.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0def20865d75baf80b0dad5dcc81efd606cfb3af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This covers the case where GL/GLES is available (so -DENABLE_OPENGL=ON
gets passed), which makes the webkitgtk build system assume GStreamer-GL
is available, while actually it is not.
Also, providing an option to manually disable usage of GStremer-GL can
help with certain target configurations in which using OpenGL for video
handling might result in incorrect rendering.
This fixes some autobuilder failures like the following:
http://autobuild.buildroot.net/results/187796535af53ece426641ff7d88aabada281674
http://autobuild.buildroot.net/results/00c1a8ea23a99728a4f3f4478705f2383414ae41
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4ac29a8196903f7e88674bb4b2f58c0f29fb122d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
CVE-2018-16839: SASL password overflow via integer overflow
https://curl.haxx.se/docs/CVE-2018-16839.html
CVE-2018-16840: use-after-free in handle close
https://curl.haxx.se/docs/CVE-2018-16840.html
CVE-2018-16842: warning message out-of-buffer read
https://curl.haxx.se/docs/CVE-2018-16842.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c1a01ac2f109d695d1bfe9945bc4df0434eaec51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NetworkManager includes some parts of the systemd-networkd code in its
codebase. That can be found at src/systemd/src/libsystemd-networkd.
The DHCP implementation provided by systemd-networkd is used when
NetworkManager is configured to use the internal implementation,
however the default is to use dhclient.
When NetworkManager is configured to use the internal dhcp and an
interface is setup with ipv6.method=auto (which is the default value)
or ipv6.method=dhcp, this flaw can be exploited. When using
ipv6.method=auto, the DHCPv6 client can be automatically started with a
Router Advertisement packet.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0a51ba655c6eed7a2a8be116b855259adbaf7bd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "development" defconfigs for Atmel platforms enable both OpenSSH
and Dropbear, which doesn't make a lot of sense, as only one SSH
server can start on port 22.
This commit therefore drops BR2_PACKAGE_DROPBEAR=y from those
defconfigs, keeping OpenSSH as an SSH server/client, as was requested
by Atmel/Microchip folks in the review of an earlier version of this
patch [1]. Since those defconfigs are "development" defconfigs, they
are not meant to be minimal, and already provide an arbitrary set of
packages, so using openssh is just as good as using dropbear in this
case.
[1] https://patchwork.ozlabs.org/patch/989516/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Ferre <nicolas.ferre@microchip.com>
Cc: Joshua Henderson <joshua.henderson@microchip.com>
Cc: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dab153961337e11675a224af0cf3c3e029561910)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Systemd-networkd is vulnerable to an out out-of-bounds heap write in the
DHCPv6 client when handling options sent by network adjacent DHCP servers.
A attacker could exploit this via malicious DHCP server to corrupt heap
memory on client machines, resulting in a denial of service or potential
code execution.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: add description]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bc6ecbbeefadb185e9d171562afb9f01e250e132)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
- CVE-2018-16396: Tainted flags are not propagated in Array#pack and
String#unpack with some directives
https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
- CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
Update hash of LEGAL as it had a few (wayback machine) URLs added/changed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 646ae5a0b1ec9e7c099de0088c333470283f7e33)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
1.4.50:
[mod_alias] security: potential path traversal with specific configs
[core] security: use-after-free invalid Range req
[mod_alias] security: path traversal in mod_alias (in some use cases) (fixes #2898)
[core] security: use-after-free after invalid Range request (fixes #2899)
1.4.51:
[core,security] process headers after combining folded headers
[mod_userdir] security: skip username “.” and “..”
1.4.51 brings optional pam and wolfssl support. Explicitly disable these
options for now.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 15793bc19f196691f6b09636ebf2c3de53d369c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
| |
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b94ddb8d5d1cc74eaf47d3272c2313860d96430d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since qemu 2.12.0 and
https://github.com/qemu/qemu/commit/2ec78706d188df7d3dab43d07b19b05ef7800a44,
x_keymap.h has been converted from "SDL display driver" to "X11 keymaps"
So add a select on BR2_PACKAGE_SDL_X11
Fixes:
- http://autobuild.buildroot.org/results/1908d2d7de8d3aff11ed6fbb8fe4cf3eff54b5a5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8153ce21e7d1a11c6ac9a722d81a2e14f5428dbd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
Peter Korsgaard
Fabrice Fontaine
Jörg Krause
Max Filippov
Nicolas Cavallari
Ignacy Gawędzki
Bernd Kuhls
Sébastien Szymanski
Sergio Prado
Romain Naour
Carlos Santos
Matt Weber
Baruch Siach
Yegor Yefremov
Philipp Wagner
Serj Kalichev
Thomas Petazzoni
Adrian Perez de Castro