- Nov 30, 2018
-
-
Peter Korsgaard authored
Signed-off-by:Peter Korsgaard <peter@korsgaard.com>
-
Peter Korsgaard authored
Fixes the following security vulnerability: CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a denial of service due to resource exhaustion when processing getaddrinfo calls with crafted host names. Reported by Guido Vranken. Adhemerval Zanella (2): Fix misreported errno on preadv2/pwritev2 (BZ#23579) x86: Fix Haswell CPU string flags (BZ#23709) Alexandra Hájková (1): Add an additional test to resolv/tst-resolv-network.c Andreas Schwab (2): Fix stack overflow in tst-setcontext9 (bug 23717) libanl: properly cleanup if first helper thread creation failed (bug 22927) DJ Delorie (2): malloc: tcache double free check malloc: tcache double free check Florian Weimer (9): conform: XFAIL siginfo_t si_band test on sparc64 stdlib/test-bz22786: Avoid spurious test failures using alias mappings stdlib/test-bz22786: Avoid memory leaks in the test itself support_blob_repeat: Call mkstemp directory for the backing file stdlib/tst-strtod-overflow: Switch to support_blob_repeat nscd: Fix use-after-free in addgetnetgrentX [BZ #23520] support: Print timestamps in timeout handler Revert "malloc: tcache double free check" [BZ #23907] CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927] H.J. Lu (2): i386: Use _dl_runtime_[resolve|profile]_shstk for SHSTK [BZ #23716] Check multiple NT_GNU_PROPERTY_TYPE_0 notes [BZ #23509] Ilya Yu. Malakhov (1): signal: Use correct type for si_band in siginfo_t [BZ #23562] Istvan Kurucsai (1): malloc: Additional checks for unsorted bin integrity I. Joseph Myers (2): Update syscall-names.list for Linux 4.18. Update kernel version in syscall-names.list to 4.19. Moritz Eckert (1): malloc: Mitigate null-byte overflow attacks Paul Eggert (1): Fix tzfile low-memory assertion failure Paul Pluzhnikov (2): Fix BZ#23400 (creating temporary files in source tree), and undefined behavior in test. [BZ #20271] Add newlines in __libc_fatal calls. Pochang Chen (1): malloc: Verify size of top chunk. Rafal Luzynski (1): kl_GL: Fix spelling of Sunday, should be "sapaat" (bug 20209). Stefan Liebler (2): Fix race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP [BZ #23275] Test stdlib/test-bz22786 exits now with unsupported if malloc fails. Szabolcs Nagy (2): i64: fix missing exp2f, log2f and powf symbols in libm.a [BZ #23822] Increase timeout of libio/tst-readline Signed-off-by: -
Peter Seiderer authored
Fixes [1]: /tmp/ccD2Tule.s: Assembler messages: /tmp/ccD2Tule.s:682: Error: opcode not supported on this processor: mips32r6 (mips32r6) `movn $2,$4,$7' /tmp/ccD2Tule.s:2767: Error: opcode not supported on this processor: mips32r6 (mips32r6) `movn $2,$4,$7' [1] http://autobuild.buildroot.net/results/f0253d1ed11021d3e5914a5161360de3ef3d1641 Signed-off-by:
Peter Seiderer <ps.report@gmx.net> Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-
Fabrice Fontaine authored
Debug build of qsgtexture fails on uclibc since version 5.11 and https://github.com/qt/qtdeclarative/commit/7c507eaac3f848f92f2ebdafe8ded4a064d68351: scenegraph/util/qsgtexture.cpp:69:22: fatal error: execinfo.h: No such file or directory #include <execinfo.h> Indeed, !defined(__UCLIBC__) has been replaced by defined(__GBLIBC__) to fix build on musl but as a result, build fails on uclibc because uclibc also defines __GLIBC__ (and it does not have execinfo like musl) This error is raised only when building in debug mode because CAN_BACKTRACE_EXECINFO is undefined if QT_NO_DEBUG is set So keep defined(__GLIBC__), but put back !defined(__UCLIBC__) Fixes: - http://autobuild.buildroot.org/results/6fce0ce5aea943e097532efbbc8d1e28f41e5866 Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
- Nov 29, 2018
-
-
Fabrice Fontaine authored
getArgTypeList is defined both in ext/intl/msgformat/msgformat_helpers.cpp and icu library so add a !BR2_STATIC_LIBS dependency to BR2_PACKAGE_PHP_EXT_INTL Fixes: - http://autobuild.buildroot.org/results/628b677d1ceb8b404265d89357225e0a1dce1407 Signed-off-by:
-
Mark Corbin authored
There is currently no version of gdbserver for RISC-V. Until this is implemented we will prevent both the direct and indirect selection of gdbserver for RISC-V builds. In practice this means that 'cross gdb for the host' cannot be selected and that 'full debugger' must be automatically selected for the gdb target package. [Peter: simplify logic, add comment] Signed-off-by:
Mark Corbin <mark.corbin@embecosm.com> Reviewed-by:
Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by:
-
Fabrice Fontaine authored
The following error is raised by minizip: [100%] Linking C executable minizip /home/peko/autobuild/instance-0/output/host/m68k-buildroot-uclinux-uclibc/sysroot/usr/lib/libbsd.a(arc4random.o): In function `_rs_init.part.1': arc4random.c:(.text+0xaa): undefined reference to `__register_atfork' collect2: error: ld returned 1 exit status As specified in openssl/Config.in, uClibc on noMMU doesn't provide __register_atfork() so add a dependency on !(BR2_TOOLCHAIN_USES_UCLIBC && !BR2_USE_MMU) on libbsd and minizip Don't add this dependency to netcat-opensd as it already depends on glibc Don't add this dependency to BR2_PACKAGE_BLUEZ_ALSA_HCITOP because bluez-alsa already depends on BR2_USE_MMU Concerning fwts, just update comment on BR2_USE_MMU Fixes: - http://autobuild.buildroot.org/results/df2dcbdceaa01a2ae37bf09140e4dbef0a5b9489 Signed-off-by:
-
Fabrice Fontaine authored
If BR2_PACKAGE_LAPACK is enabled (without BR2_PACKAGE_CLAPACK), build of python-numpy will fail if lapack is built before python-numpy because lapack does not provide blas library So disable BLAS and LAPACK through PYTHON_NUMPTY_ENV if BR2_PACKAGE_CLAPACK is not set Fixes: - http://autobuild.buildroot.org/results/41671976c7be7883f31ee5f51ca0eb90b81262fd Signed-off-by:
-
Yann E. MORIN authored
Fixes: http://autobuild.buildroot.org/results/020/02039969b16534d4020ecd4574bae71b91c1e6b8/ (flannel) http://autobuild.buildroot.org/results/e95/e9528b06b350ef84c1e2cb59fba87b4db77b4660/ (docker-engine) [...] Signed-off-by:"Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Romain Naour <romain.naour@gmail.com> Signed-off-by:
-
Yann E. MORIN authored
Signed-off-by:
-
Yann E. MORIN authored
By default, the go compiler will spawn as many jobs as there are CPUs available, thus possibily over-shooting the limits set by the user. Make it abide by the user's wish, and specify the number of jobs allowed to run. We can do so without fear of a package failing to build in parallel, because they were already all building in parallel, as that is the default for the go compiler. Signed-off-by:
-
Fabrice Fontaine authored
Pass -Werror=shadow in args of cc.compiles in meson.build otherwise test will always succeed, causing -Werror=shadow to be passed, even on older gcc versions. GCC 4.8 changed the behaviour of -Werror=shadow to no longer complain about local variable declariations shadowing functions, which systemd has. From the changelog: The option -Wshadow no longer warns if a declaration shadows a function declaration, unless the former declares a function or pointer to function, because this is a common and valid case in real-world code. https://www.gnu.org/software/gcc/gcc-4.8/changes.html Fixes: - http://autobuild.buildroot.org/results/ffd71c473d3b29618c18cd2e04705370266696f2 [Peter: extend commit message, add gcc 4.8 link] Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security vulnerabilities: - CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. - CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. - CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. - CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. - CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. - CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. For more details, see the release notes: https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26 Signed-off-by:
-
Francois Perrad authored
this dependency was accidentally removed by https://git.busybox.net/buildroot/commit/package/perl-net-ssleay?id=da9e06cabc578bf9138e100d1492a2d5f2038415 Signed-off-by:
Francois Perrad <francois.perrad@gadz.org> Signed-off-by:
-
Peter Seiderer authored
According to [1]: - fixes CVE-2018-6942: A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file - needs '--enable-freetype-config' for freetype-config installation [1] https://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?id=86bc8a95056c97a810986434a3f268cbe67f2902 [Peter: also pass --enable-freetype-config for host variant] Signed-off-by:
-
Fabrice Fontaine authored
domoticz will fail to build with python and older cmake Indeed, find_package(PythonLibs 3.4) will not recognize python 3.7 until cmake 3.7 and the following commit: https://github.com/Kitware/CMake/commit/c31573b9641e0f1bc7a34149506db51f3494323b To fix this, add a call to find_package(PythonInterp). Indeed, if FindPythonInterp has already found the major and minor version, that version will be inserted between the user supplied versions and the stock version list since cmake in version 3.1 and https://github.com/Kitware/CMake/commit/3816cd2dc7a7cc220e4f1b1e87fee986545b9cb3 Fixes: - http://autobuild.buildroot.org/results/8e82501a7b49da628ec026132ffca44c0c813040 Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security vulnerabilities: *) Microarchitecture timing vulnerability in ECC scalar multiplication OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key. This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri. (CVE-2018-5407) [Billy Brumley] *) Timing vulnerability in DSA signature generation The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. (CVE-2018-0734) [Paul Dale] For more information, see the changelog: https://www.openssl.org/news/cl102.txt Signed-off-by: -
Florian Fainelli authored
PLATFORM is an environment variable used by xfsprogs' configure script to determine the platform for which the applications are being built. If we set some incorrect/unsupported value through e.g: export, this will be picked up by xfsprogs' configure script and used as-is and assigned to PKG_PLATFORM, which will lead to build failures. If PLATFORM was empty/unset, then uname on the host building xfsprogs gets used to determine the build platform, which again could be incorrect if we e.g: built xfsprogs on a Darwin system. Since we are obviously building for Linux, let's just make sure we define it that way which solves both issues. Signed-off-by:
Florian Fainelli <f.fainelli@gmail.com> Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security vulnerabilities: - CVE-2018-14629: All versions of Samba from 4.0.0 onwards are vulnerable to infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue. - CVE-2018-16841: When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. There is no further vulnerability associated with this issue, merely a denial of service. - CVE-2018-16851: During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. - CVE-2018-16852: During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service. - CVE-2018-16853: A user in a Samba AD domain can crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory we clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. - CVE-2018-16857: AD DC Configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. For more details, see the release notes: https://www.samba.org/samba/history/samba-4.9.3.html Signed-off-by:
-
Angelo Compagnucci authored
This patch bumps the Linux CIP kernel to version v4.4.154-cip28 Signed-off-by:
Angelo Compagnucci <angelo@amarulasolutions.com> Signed-off-by:
-
- Nov 28, 2018
-
-
Peter Seiderer authored
Disable gcc march mips64r2 detection (use compile flags already set by buildroot only), avoids double setting like '-march=mips64 ... -march=mips64r2 -mabi=64'. Fixes [1]: error: '-mips64r2' conflicts with the other architecture options, which specify a mips64 processor [1] http://autobuild.buildroot.net/results/34f6e2352f1559f98c724fe5394db0035b42ddb1 Signed-off-by:
-
- Nov 27, 2018
-
-
Fabrice Fontaine authored
Add ${LTLIBICONV} to popt.pc.in so applications such as shairport-sync will know that they must link with -liconv when building statically Fixes: - http://autobuild.buildroot.org/results/c5b0d1d2867e49c022a2ad971dd9f358ff0f3865 Signed-off-by:Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
-
Fabrice Fontaine authored
tests are enabled if gperf and zlib are found and they fail on: /home/buildroot/autobuild/run/instance-0/output/build/msgpack-2.1.5/include/msgpack/v1/object.hpp:652:34: error: 'void* memcpy(void*, const void*, size_t)' copying an object of non-trivial type 'struct msgpack::v2::object' from an array of 'const msgpack_object' {aka 'const struct msgpack_object'} [-Werror=class-memaccess] std::memcpy(&o, &v, sizeof(v)); So disable them. Fixes: - http://autobuild.buildroot.org/results/7d7aa9723f02f9bc78dbf6248674be4d402199bf Signed-off-by: -
Yann E. MORIN authored
libid3tag uses a very old configure script. When the toolchain lacks C++ and the build machine lacks /lib/cpp, this old configure script fails because it can't find a C++ preprocessor that is valid: checking for arm-buildroot-linux-uclibcgnueabi-g++... no checking whether we are using the GNU C++ compiler... no checking whether no accepts -g... no checking dependency style of no... none checking how to run the C++ preprocessor... /lib/cpp configure: error: C++ preprocessor "/lib/cpp" fails sanity check See `config.log' for more details. This is yet another case that was tentatively fixed by bd39d11d (core/infra: fix build on toolchain without C++), further amended by 4cd1ab15 (core: alternate solution to disable C++). However, this only works on libtool scripts that are recent enough, and thus we need to autoreconf to get it. We also need to patch configure.ac so that it does not fail on the missing, GNU-specific files: NEWS, AUTHORS, and Changelog. Fixes: http://autobuild.buildroot.org/results/ac3/ac3870208aab6001db6b790b6c5dde64d08f7669/ http://autobuild.buildroot.org/results/cc1/cc18397f38dfd4f1e6605f7a6f58edab49b396ac/ Signed-off-by: -
Yann E. MORIN authored
We have a patch that touches a .m4 file, so we need to regenerate the configure script. Otherwise, this is done during the build step, and some environment variables are thus missing and the build may fail when the host machine does not have the expected autostuff tools. Fixes: http://autobuild.buildroot.org/results/e37/e37e61bae1d81a7956e2843be70fea84b0bbb64b/ http://autobuild.buildroot.org/results/f96/f969718402cae71446d6280ec1f66d357a155293/ ... Signed-off-by: -
Thomas Petazzoni authored
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/125631911 Signed-off-by:
-
Thomas Petazzoni authored
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/125631916 Signed-off-by:
-
Thomas Petazzoni authored
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/125631915 Signed-off-by:
-
- Nov 26, 2018
-
-
Peter Korsgaard authored
Signed-off-by: -
Peter Korsgaard authored
Signed-off-by:
-
Peter Korsgaard authored
Signed-off-by: -
Peter Korsgaard authored
Signed-off-by:
-
Thomas Petazzoni authored
The build of U-Boot on Microchip (formerly Atmel) platforms currently fails to build with an Assertion Error in dtc. This happens since we bumped dtc from 1.4.4 to 1.4.7, as a regression was introduced in dtc 1.4.6, and fixed post-1.4.7. This commit backports the upstream commit to resolve this Assertion Error. The build error was: dtc: livetree.c:438: propval_cell: Assertion `prop->val.len == sizeof(cell_t)' failed. dtc: livetree.c:438: propval_cell: Assertion `prop->val.len == sizeof(cell_t)' failed. Aborted (core dumped) Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/124434438 (and numerous other similar build failures) Signed-off-by:
-
Thomas Petazzoni authored
When c7ffd8a7 ("package/dtc: fix include guards for older kernel/u-boot") introduced a new patch to the dtc package, it used the 0001 number, which was already used by another patch. Let's fix that. Signed-off-by:
-
- Nov 25, 2018
-
-
Adrian Perez de Castro authored
This is a maintenance release of the current stable WebKitGTK+ version, which contains security fixes for CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386, CVE-2018-4392, and CVE-2018-4416. Additionally, it fixes a few build failures, and a crash when using certain version of Cairo. Release notes can be found in the announcement: https://webkitgtk.org/2018/11/21/webkitgtk2.22.4-released.html More details on the issues covered by security fixes can be found in the corresponding security advisory: https://webkitgtk.org/security/WSA-2018-0008.html Signed-off-by:
Adrian Perez de Castro <aperez@igalia.com> Signed-off-by:
-
Fabrice Fontaine authored
Since version 4.8.0 and https://github.com/samba-team/samba/commit/080d590de1ff9f8ebc55aeffaea8d41991466549, the systemd files (nmd.service, ...) are not available in packaging/systemd Indeed, they are built in bin/default/packaging/systemd So use the new --systemd-install-services configure option to install these files Fixes: - http://autobuild.buildroot.org/results/a09a065c523931c1892e81a99c57521fbe095d8b Signed-off-by:
-
Carlos Santos authored
Should have been removed in commit 27bce5fc (package/stress-ng: bump to version 0.09.39) but was left as an empty file. Signed-off-by:
Carlos Santos <casantos@datacom.com.br> Signed-off-by:
-
- Nov 24, 2018
-
-
Fabrice Fontaine authored
Add ${AVUTIL_LIBRARIES} to soxr.pc.in so applications such as shairport-sync will know that they must link with -lavutil when building statically Fixes: - http://autobuild.buildroot.org/results/839c0ce6475accc1de7e8a180d4358edb6750c64 Signed-off-by: -
Fabrice Fontaine authored
avutil is used if (WITH_AVFFT OR (CMAKE_SYSTEM_PROCESSOR MATCHES "^arm" AND SIMD32_FOUND AND WITH_CR32)) Signed-off-by:
-
Fabrice Fontaine authored
Build of package will sometime fails because of the following issue: install-static target has two dependencies: dispatcher-static and install-common Because dispatcher-static is not a file but only a target, it will always be called to build usb_modeswitch_dispatcher. So, even if install-common depends on usb_modeswitch_dispatcher, in some rare cases, install-static won't be able to install usb_modeswitch_dispatcher because it is being rebuild by dispatcher-static To fix this issue, disable parallel build Fixes: - http://autobuild.buildroot.org/results/8297be35725b816ff5afaf909605ceb41223efb6 Signed-off-by:
-
