aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* patchelf: add patch to fix relative rpath issue on big-endian systemsGravatar Bryce Ferguson2018-07-181-0/+40
| | | | | | | | | | | | | | | | This commit adds a patch to the host package patchelf to fix an issue with endianness when the --make-rpath-relative option is specified. Currently, patchelf does not take into account the architecture of the target ELF when it performs the fixup on the RPATH. Thus, if it differs from the host in endianness, the RUNPATH field will be invalid. The patch fixes the bug reported here: https://bugs.busybox.net/show_bug.cgi?id=11101 Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 17c9810fe76377fb928579e2b99f03f8ae31addb) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* gdb: ARC version is based on GDB 8.0, needs C++11 supportGravatar Thomas Petazzoni2018-07-181-0/+1
| | | | | | | | | The special gdb version used for ARC is based on GDB 8.0, so it needs C++11 support. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit cec133e873e991e26b7fa8bbeb7162c4433cadcf) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* toolchain: bump ARC tools to arc-2018.03 releaseGravatar Evgeniy Didin2018-07-1816-10/+10
| | | | | | | | | | | | | | | | | | | | | This commit finally bumps ARC tools to the most recent arc-2018.03 release version. ARC GNU tools of version arc-2018.03 bring some quite significant changes like: * Binutils v2.29.51 with additional ARC patches * GCC 7.3.1 with additional ARC patches * GDB 8.0.50 with ARC patches More information on this release could be found here: https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2018.03-release Signed-off-by: Evgeniy Didin <didin@synopsys.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: arc-buildroot@synopsys.com Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 68503bac9c671e74862c90e82d84f7074e14ab02) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/gdb: rework dependency for C++11Gravatar Thomas Petazzoni2018-07-182-3/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As we are about to switch to 8.0 as the default gdb version, we need to adjust how the gdb dependencies are handled. Indeed, from 8.0 onwards, gdb needs a C++11 capable compiler, i.e at least gcc 4.8. Until now, Config.in.host was making sure that gdb 8.0 was not selectable if the cross-compilation toolchain did not have C++ support with gcc >= 4.8. This worked fine because the default version of gdb, used as the target gdb version when no host gdb is built, was 7.11, and did not require C++11. With the switch to 8.0 as the default version, when target gdb is enabled but not host gdb, 8.0 is used, which means we need a C++11 capable compiler. The dependencies in Config.in.host are no longer sufficient. So instead, we remove the target-related dependencies from Config.in.host and move them properly to Config.in. The overall logic is the following: - In Config.in.host, BR2_PACKAGE_HOST_GDB_ARCH_SUPPORTS ensures that we have at least host gcc 4.8 if we're on ARC, because the ARC gdb needs C++11. We remove the target toolchain related dependencies from here. - In Config.in.host, the version selection ensures that 8.0 cannot be selected if the host toolchain does not have at least gcc 4.8. We remove the target toolchain related dependencies from here. - In Config.in.host, we introduce a BR2_PACKAGE_GDB_NEEDS_CXX11 option, that indicates whether the currently selected version of gdb requires C++11 support in the toolchain to build the target variant. Even though this option is more related to the target variant of gdb, we keep it in Config.in.host so that it appears next to the definition of BR2_GDB_VERSION, to make sure they are kept in sync. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 1e3738db42919cb4487f7a64381ac7d3090d0e1f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* uboot: don't override HOSTCC/HOSTLDFLAGS for kconfigGravatar Peter Korsgaard2018-07-181-1/+9
| | | | | | | | | | | | | So the host ncurses includes and library are used instead of a mix of both, causing corrupted characters. Similar to the linux fix in commit 6d3d09e23213e8 (linux: don't override HOSTCC for kconfig), except that we pass the linker flags in HOSTLDFLAGS. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Acked-by: Jagan Teki <jagan@amarulasolutions.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 9255fd9fc7bb302fcb69282becea7273827c64e1) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* dos2unix: fix static buildGravatar Baruch Siach2018-07-181-0/+4
| | | | | | | | | | | | | | | | Pass the -static flag to the final link command. Otherwise, the generated executables are not static when the external toolchain provides both shared and static libraries. Should also fix: http://autobuild.buildroot.net/results/a5a/a5a64bc3ff5a91a8680ac52f3505362491923b26/ http://autobuild.buildroot.net/results/ebf/ebfe81e65751d7a5ca3aa4e20cc708a24ba65204/ Cc: David Bachelart <david.bachelart@bbright.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit fe5fcdfdbd209177cf8f4a5368ae2324540d4d67) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* collectd: fix licenseGravatar Fabrice Fontaine2018-07-182-2/+6
| | | | | | | | | | | | | | - Since version 5.5, daemon is licensed under MIT: https://github.com/collectd/collectd/commit/889e5e6bd51d38d490289332053a238a4f1c70b3 - Plugins are licensed under MIT, GPL-2.0 or LGPL-2.1 - Add libltdl/COPYING.LIB to license files to have a copy of LGPL-2.1 as it is not in COPYING - Add hash for both license files Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit d5fa317f2dc2317d5d2526c61a6f88af92cdfc73) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/gdb: fix gdbserver build for m68kGravatar Romain Naour2018-07-182-0/+124
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As for strace [1], when <sys/reg.h> is included after <linux/ptrace.h>, the build fails on m68k with the following diagnostics: In file included from ./../nat/linux-ptrace.h:28:0, from linux-low.h:27, from linux-m68k-low.c:20: [...]/usr/include/sys/reg.h:26:3: error: expected identifier before numeric constant PT_D1 = 0, ^ [...]usr/include/sys/reg.h:26:3: error: expected « } » before numeric constant [...]usr/include/sys/reg.h:26:3: error: expected unqualified-id before numeric constant In file included from linux-m68k-low.c:27:0: [...]usr/include/sys/reg.h:99:1: error: expected declaration before « } » token }; ^ Fix this by moving <sys/reg.h> on top of "linux-low.h". Fixes: https://gitlab.com/free-electrons/toolchains-builder/-/jobs/72006385 [1] https://github.com/strace/strace/commit/6ebf6c4f9e5ebca123a5b5f24afe67cf0473cf92 Signed-off-by: Romain Naour <romain.naour@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 8646a7fae998132cf468454be8b762211713d5ca) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* edid-decode: update upstream locationsGravatar Baruch Siach2018-07-182-2/+2
| | | | | | | | | | | | | edid-decode moved to linuxtv.org. Update homepage link and download site. https://www.spinics.net/lists/linux-media/msg136517.html Cc: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 7817f9f0369003e078a7dae1fc5b9876075295cf) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* wireguard: bump version to 0.0.20180613Gravatar Peter Korsgaard2018-07-183-3/+29
| | | | | | | | | | | | Contains a fix for a crash when forwarding packets from devices that use flow offloading and a x86 FPU issue on -rt kernels. Also add a post-release upstream patch fixing a compilation issue related to memcpy(). Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 630fd8785bd6b9cef3ada692989543ed1de6a39e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* wireguard: bump version to 0.0.20180524Gravatar Peter Korsgaard2018-07-182-3/+3
| | | | | | | | Contains a number of fixes, including fixes for building with GCC 8. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit f6b9d59f61b9084b1ae09e26e4bac5d6a1729cf6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* gcc: fix uclibc runtime issue with gcc-8 for xtensaGravatar Max Filippov2018-07-182-0/+202
| | | | | | | | | | | | | | | | | | | | | | | | | | | gcc-8.1 for xtensa miscompiles uClibc dynamic linker due to gcc PR target/65416. The build completes successfully, but the binary is non-functional because the following fragment in the _dl_get_ready_to_run in ld-uClibc.so overwrites register spill area on stack causing register corruption in the previous call frame and a subsequent crash: 419f: f0c1b2 addi a11, a1, -16 41a2: 1ba9 s32i.n a10, a11, 4 41a4: 0bc9 s32i.n a12, a11, 0 41a6: 5127f2 l32i a15, a7, 0x144 41a9: 1765b2 s32i a11, a5, 92 41ac: 4e2782 l32i a8, a7, 0x138 41af: 146af2 s32i a15, a10, 80 41b2: 001b10 movsp a1, a11 The crash terminates the init process and causes kernel panic. The fix prevents reordering of movsp opcode and any access to the stack frame memory and is applicable to all existing gcc versions. [Peter: drop gcc-8.x patch] Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 91e0fc0bf46fba21af72ccf753db7f012ebdc169) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* pinentry: link with libatomic when neededGravatar Fabrice Fontaine2018-07-181-0/+4
| | | | | | | | | | | | | | | | | | | | | On some architectures, atomic binutils are provided by the libatomic library from gcc. Linking with libatomic is therefore necessary, otherwise the build fails with: sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line This is often for example the case on sparcv8 32 bit. Fixes: http://autobuild.buildroot.net/results/fd6bee70ff20bee9607a9f6f557a3a793d00cd9f Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> [Thomas: use LIBS instead of LDFLAGS.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 265e25834f29f0852cea0004c307a8d9ea1f72ee) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* qt53d: fix install issue with qt5.6Gravatar Gaël PORTAY2018-07-181-2/+8
| | | | | | | | | | | | | | | | | | | | | | Both plugins `geometryloaders' and `renderplugins' are available since Qt 5.9. Fixes: >>> qt53d 5.6.3 Installing to target cp -dpf /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt53D*.so.* /home/gportay/src/buildroot/output/target/usr/lib cp -dpfr /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/qt/plugins/geometryloaders /home/gportay/src/buildroot/output/target/usr/lib/qt/plugins cp: cannot stat '/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/qt/plugins/geometryloaders': No such file or directory package/pkg-generic.mk:310: recipe for target '/home/gportay/src/buildroot/output/build/qt53d-5.6.3/.stamp_target_installed' failed make[2]: *** [/home/gportay/src/buildroot/output/build/qt53d-5.6.3/.stamp_target_installed] Error 1 Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com> Signed-off-by: Gaël PORTAY &lt;<a href="mailto:gael.portay@savoirfairelinux.com" target="_blank" rel="noreferrer">gael.portay@savoirfairelinux.com</a>&gt;<br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit e922bbc7aef31267bea730a1d4a98ec2eabdf761) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* qt5script: fix build issue with 32-bits armv8-aGravatar Gaël PORTAY2018-07-181-0/+49
| | | | | | | | | | | | | | | | | | | | | | | | Adds WTF platform support for the 32-bits armv8-a architectures. Fixes: In file included from ../3rdparty/javascriptcore/JavaScriptCore/config.h:26, from ../3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_compile.cpp:44: ../3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h:370:6: error: #error "Not supported ARM architecture" # error "Not supported ARM architecture" ^~~~~ The patch is based on two upstream fixes in WebKit[1][2]. See also commit cea7aa873a. [1]: https://github.com/WebKit/webkit/commit/313d9fc4bdd2f020a5d0cf834c3c61982f161ebb [2]: https://github.com/WebKit/webkit/commit/98f0de0709786f5d9b09dfd5908266990eb909d6 Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 15706f86baf4e4f3ad7d0b9b5dadfb5710a9296b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libressl: security bump to version 2.7.4Gravatar Baruch Siach2018-07-172-2/+2
| | | | | | | | | | Fixes CVE-2018-0495: ECDSA signing side-channel attack. Cc: Adam Duskett <aduskett@gmail.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit b609ee33e1d2d37711722933bad279df3bed2786) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/nodejs: security bump to version 8.11.3Gravatar Martin Bark2018-07-172-3/+3
| | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: - (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang - (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup - (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0 See https://nodejs.org/en/blog/release/v8.11.3/ for more details Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 64baf3def763fe962f19d7ca083cf019a73f6281) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* redis: security bump to version 3.2.12Gravatar Peter Korsgaard2018-07-172-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | >From the release notes: ================================================================================ Redis 3.2.12 Released Wed Jun 13 12:43:01 CEST 2018 ================================================================================ Upgrade urgency CRITICAL: * Multilple security issues fixed. * Backport of an older AOF fsync=always fix. Check 4.x release notes. * Backport of a *SCAN bug. Sometimes elements could be missing from the scan. * Other minor things. https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES For more details about the lua related security issues, see the blog: http://antirez.com/news/119 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 3bf2745a0f310f2d0b173cc30645bb8ecadaa0a2) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libgcrypt: security bump to version 1.8.3Gravatar Baruch Siach2018-07-172-5/+5
| | | | | | | | | Fixes CVE-2018-0495: ECDSA signing side-channel attack. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit b6543b5fdfb17adc81af33cad8133bb86e31748f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* docs/manual: fix scancpan pathGravatar Fabrice Fontaine2018-07-171-1/+1
| | | | | | | | | scancpan is now in utils not in supports/scripts Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit f4b4f77e84b932162a0050111019343bfd174979) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* file: add upstream security fixGravatar Baruch Siach2018-07-171-0/+30
| | | | | | | | | | | | Fixes CVE-2018-10360: The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 89be4c7b0ea4cb650aeaff78b9cf7265a89ba43f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/file: bump version to 5.33Gravatar Bernd Kuhls2018-07-172-2/+12
| | | | | | | | | | Added license hashes, added optional dependency to libseccomp provided by upstream in this version bump. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit eacca09a8a219fdcd94f39ccab329a4d6a63092b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* perl: add upstream security fix for CVE-2018-12015Gravatar Peter Korsgaard2018-07-171-0/+46
| | | | | | | | | | | | | | | | Fixes CVE-2018-12015 - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. Patch from https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5 with path rewritten to match perl tarball. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 66760f27342fccacdba64269525a3a32d0518905) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* triggerhappy: use target pkg-configGravatar Baruch Siach2018-07-171-1/+3
| | | | | | | | | | | | | | | | triggerhappy uses pkg-config to detect the systemd library. Make sure it uses the target pkg-config, not the host one. Fixes build failure when the host has systemd pkg-config files: .../host/bin/arm-linux-gcc -static th-cmd.o cmdsocket.o -lsystemd -o th-cmd .../host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/6.4.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: cannot find -lsystemd Cc: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit b4a7145b0b98fb37ee649e293a6a81785df67837) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* gnupg: security bump to version 1.4.23Gravatar Baruch Siach2018-07-172-3/+3
| | | | | | | | | | Fixes CVE-2018-12020: Unsanitized file names might cause injection of terminal control characters into the status output of gnupg. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 0647268416ecf5c50741838fae4fc48b1c0750be) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* gnupg2: security bump to version 2.2.8Gravatar Baruch Siach2018-07-172-5/+5
| | | | | | | | | | | Fixes CVE-2018-12020: Unsanitized file names might cause injection of terminal control characters into the status output of gnupg. Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit b78a365b56eeb57030b8e3ca98c23dddfc416820) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libvncserver: add upstream security fix for CVE-2018-7225Gravatar Peter Korsgaard2018-07-171-0/+65
| | | | | | | | | | | | | Fixes CVE-2018-7225 - An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit a4f7700f0b40022f91c2d43f7d21c5a01487587e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mpg123: security bump to version 1.25.10Gravatar Bernd Kuhls2018-07-172-4/+6
| | | | | | | | | | | | Version 1.25.4 fixes CVE-2017-9545, for details see release notes: http://www.mpg123.org/cgi-bin/news.cgi Added upstream hashes. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit cb67c1d55b7b58d542ec1c4d0311543f40d5d0a2) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/imagemagick: security bump to version 7.0.7-38Gravatar Bernd Kuhls2018-07-172-2/+2
| | | | | | | | | Fixes CVE-2018-11625, CVE-2018-11624 & CVE-2018-10177. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit c3387c59bb6b5ccb89bb7acd7db05a8655eb71c5) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* mariadb: security bump version to 10.1.33Gravatar Peter Korsgaard2018-07-172-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Release notes: https://mariadb.com/kb/en/mariadb-10133-release-notes/ Changelog: https://mariadb.com/kb/en/mariadb-10133-changelog/ Fixes the following security vulnerabilities: CVE-2018-2782 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2784 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2787 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVE-2018-2766 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2755 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVE-2018-2819 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2817 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2761 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2781 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2771 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2813 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Acked-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 5fbacdd59fd43c47f7031922e9fbae4d316a296f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libvorbis: add upstream security patch to fix CVE-2017-14160Gravatar Bernd Kuhls2018-07-171-0/+28
| | | | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit dc7f8715746d50d3a7db36211d5da6c68020eb18) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libxslt: security bump to version 1.3.2Gravatar Fabrice Fontaine2018-07-173-42/+8
| | | | | | | | | | | | | - Fix CVE-2017-5029 - Remove first patch (already in version) - Add a dependency to host-pkgconf and remove libxml2 options: see https://github.com/GNOME/libxslt/commit/abf537ebb2296cd3ae89989a17b0e1b5c79db107 - Add hash for license file Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit eca8704dcf4d026f7aea6f1819772d0c19517346) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* docker-containerd: add missing docker-containerd symlinkGravatar Sam Lancia2018-07-171-0/+1
| | | | | | | | | | | | | | | | | | Prior to commit 2dccb4f2fefd8a0dbda65dd0f7537f811e920b13 ("package/docker-containerd: convert to golang infrastructure"), the containerd binary was installed as docker-containerd. Following the conversion to the golang package infrastructure, the binary is now installed as "containerd", which breaks some use cases. Let's add a symlink link docker-containerd -> containerd to fix such use cases. Fixes: https://bugs.busybox.net/show_bug.cgi?id=11076 Signed-off-by: Sam Lancia <sam@gpsm.co.uk> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit ded50f69c691e4b4a391ee23ec466abaad4bed99) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* audit: do not remove file installed by netplugGravatar Carlos Santos2018-07-171-2/+2
| | | | | | | | | | | | | | | | | | The package recipe uses a post-install hook to remove useless files from $(TARGET_DIR)/etc/rc.d/init.d and $(TARGET_DIR)/etc/sysconfig. This may damage packages that install useful files on those directories (such as netplug, which installs $(TARGET_DIR)/etc/rc.d/init.d/netplugd). In the future[1] we will reorganize the init scripts and possibly get rid of /etc/rc.d and /etc/sysconfig but for the moment let's restrict the file removal to those installed by audit. 1. http://lists.busybox.net/pipermail/buildroot/2018-May/221549.html Signed-off-by: Carlos Santos <casantos@datacom.com.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 49844baf2f4c0d89954ccd0c138aea39f23c51f1) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* dl-wrapper: Fix support for URIs containing '+'Gravatar Robert Beckett2018-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | '+' is a valid character in a url. The current dl-wrapper gets the URI scheme by dropping everything after the last '+' character, with the intension of finding 'git' from e.g. 'git+https://uri'. If a uri has a '+' anywhere in it, it ends up using too much of the string as a scheme, and fails to match the handler properly. An example of where this form of URI is used is when using deploy tokens in gitlab. It uses a form like https://<username>:<password>@gitlab.com/<group>/<repo.git> where username for deploy token is of the form 'gitlab+deploy-token-<number>'. Use the %% operator to search backwards until the last '+' character when dropping the rest of the string as we know that the first '+' in the string should be the scheme. Signed-off-by: Robert Beckett <bbeckett@netvu.org.uk> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit a5ba72946ebf597a163bae9b12453dfa68993d54) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* wireshark: security bump to version 2.2.15Gravatar Peter Korsgaard2018-07-172-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: CVE-2018-11362: LDSS dissector crash https://www.wireshark.org/security/wnpa-sec-2018-25.html CVE-2018-11357: Multiple dissectors could consume excessive memory https://www.wireshark.org/security/wnpa-sec-2018-28.html CVE-2018-11356: DNS dissector crash https://www.wireshark.org/security/wnpa-sec-2018-29.html CVE-2018-11360: GSM A DTAP dissector crash https://www.wireshark.org/security/wnpa-sec-2018-30.html CVE-2018-11358: Q.931 dissector crash https://www.wireshark.org/security/wnpa-sec-2018-31.html CVE-2018-11359: Multiple dissectors could crash https://www.wireshark.org/security/wnpa-sec-2018-33.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 1f47aa89f9fc3d4a8f59c4890a1174c6db1e222b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* php-amqp: needs openssl support in rabbitmq-cGravatar Fabrice Fontaine2018-07-171-0/+1
| | | | | | | | | | | | | | | | | | Since version 1.8.0, php-amqp needs a rabbitmq-c with openssl support: https://github.com/pdezwart/php-amqp/issues/310 SSL support is disabled in rabbitmq-c if BR2_STATIC_LIBS is set however don't add an unneeded !BR2_STATIC_LIBS dependency in Config.in as all PHP External Extensions depends on !BR2_STATIC_LIBS (see package/Config.in) Fixes: - http://autobuild.buildroot.net/results/b7c89bbbd0ca1df08dd7cbfc90c7b45dcf1fad05 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit d93305744b1dc758a3d86088473d571194762e19) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* cifs-utils: disable man page generationGravatar Baruch Siach2018-07-171-1/+1
| | | | | | | | | | | | | | | | | | Buildroot does not generate documentation for target. This fixes the build on hosts where the rst2man command does not support the --syntax-highlight parameter. Fixes: http://autobuild.buildroot.net/results/265/2655c0e1fa3ad0a10b4aed39a17feead94e47bfb/ http://autobuild.buildroot.net/results/92d/92d7c608f717bbfe01ecfb9bc9604cb303d8594c/ http://autobuild.buildroot.net/results/4b9/4b95404a89a595ca9c1e3df912169e9d36ff2bd7/ Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 57d16fd480d3eb57822e634e409fb0bbc4dd475b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* skeleton: create include/ directoryGravatar Baruch Siach2018-07-171-0/+1
| | | | | | | | | | | | | | | Don't rely on a random host package to create the include/ directory for us. Some packages do the wrong thing since they implicitly assume that this directory exists already. Commit a557aedad2 (zstd: fix host headers installation) shows an example of that. Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 967d302e8bbb409c5b5106b0c87091d47f01a890) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* support/scripts/pkg-stats: use parenthesis for printGravatar Matt Weber2018-07-171-6/+6
| | | | | | | | | | | Use Python 3 style print calls, in order to make pkg-stats Python 3 compliant. Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Reviewed-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit eb04235783abe58a6a7f8ecc8f9ab46a6d03b543) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/nodejs: bump version to 8.11.2Gravatar Martin Bark2018-07-172-3/+3
| | | | | | | | | See https://nodejs.org/en/blog/release/v8.11.2/ Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 1d4eb844e3f25c96e6e84f69e0c9ee6bd4b5a501) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* configs/snps_archs38_hsdk: bump linux version to 4.14.47Gravatar Evgeniy Didin2018-06-021-1/+1
| | | | | | | | | | | | | This patch updates Linux kernel version to 4.14.47 for HSDK board. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/71727022 Signed-off-by: Evgeniy Didin <didin@synopsys.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: arc-buildroot@synopsys.com Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Update for 2018.052018.05Gravatar Peter Korsgaard2018-06-015-17/+48
| | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* linux: reword binutils 2.29+ commentGravatar Peter Korsgaard2018-06-011-1/+1
| | | | | | | This issue only applies to kernels built with CONFIG_THUMB2=y, so reword the comment to make that more clear. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* linux: may fail to boot for binutils 2.29+ even without armv7mGravatar Yann E. MORIN2018-06-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Commit f13477b (linux: config.in: add comment for Arm Cortex-M) added a comment so that the user that the linux kernel may miscompile with binutils 2.29+, when the target is an armv7m CPU. However, the real trigger is a compilation in thumb2 mode, which happens to be the only option for armv7m CPUs. We can't know whether the kernel will be built in arm or thumb2 mode, though, because we do not have that information: it is only available in the Linux' .config file, which we don;t have access to at the time we run our menuconfig. So, relax the conditions under which the comment is made, so that it appears as soon as binutils are >= 2.29 (i.e. not 2.28, which is the oldest we support) for ARM CPUs. [Peter: reword comment] Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Christophe Priouzeau <christophe.priouzeau@st.com> Cc: Laurent GONZALEZ <br22@gezedo.com> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/binutils: extend the 2.28 default to thumb modeGravatar Yann E. MORIN2018-06-011-1/+2
| | | | | | | | | | | | | | | | | | | | | | Commit 17f352ac (package/binutils: default to 2.29 for Cortex-M targets) made the default version 2.28 (and not 2.29!) when the target is an arm-v7m CPU. However, the real trigger is compilation in Thumb mode, not the fact that the target is v7m. The fact that it was noticed on a v7m target is because Thumb is the only mode valid on those CPUs. Tighten the defaults to 2.28 for Thumb and Thumb2 modes. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Laurent GONZALEZ <br22@gezedo.com> Cc: Christophe Priouzeau <christophe.priouzeau@st.com> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/clang: fix host-clang binariesGravatar Valentin Korenblit2018-06-011-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes the following error when trying to execute clang compiler (host-variant): CommandLine Error: Option 'x86-use-base-pointer' registered more than once! LLVM ERROR: inconsistency in registered CommandLine options The same happens for the other binaries, such as clang-format: ./clang-format : CommandLine Error: Option 'help-list' registered more than once! LLVM ERROR: inconsistency in registered CommandLine options Clang binaries are tools, and given that DLLVM_LINK_LLVM_DYLIB is set, they are linked against libLLVM.so. The problem is that binaries are also linking against some LLVM static libraries, resulting in the error shown above. However, it is not the same case for libclang, which is also a tool but links only against libLLVM.so. To fix this problem, add LLVM_DYLIB_COMPONENTS=all. Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr> Tested-by: Joseph Kogut <joseph.kogut@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* configs/socrates_cyclone5: change over to current upstream releasesGravatar Florian La Roche2018-06-011-6/+5
| | | | | | | | | | Since all cyclone5 development changes are upstream, change over to an upstream release of the Linux kernel and u-boot for buildroot. Signed-off-by: Florian La Roche <Florian.LaRoche@googlemail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit ef94c736ec460e56b82a5a45819f7adce787d488) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Revert "configs/stm32f469: force usage of binutils 2.28.x"Gravatar Christophe PRIOUZEAU2018-06-011-1/+0
| | | | | | | | | | This reverts commit 12049cc8b8972a9d0f1e27f1382cc5752d45312f. Now that the binutils default has been changed for ARMv7M, this is no longer needed. Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Revert "configs/stm32f429: force usage of binutils 2.28.x"Gravatar Christophe PRIOUZEAU2018-06-012-2/+1
| | | | | | | | | | This reverts commit cbe43fd417d77f846f1ca47cdacd51a73be1aaec. Now that the binutils default has been changed for ARMv7M, this is no longer needed. Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>