- Mar 04, 2018
-
-
Yann E. MORIN authored
Recent systemd bump has broken DBus dameon and DBus applications can no longer find the daemon. So we want to catch those kind of failures early. We also want to check that the system as a whole is stable: no unit should be failed. Finally, ensure that we can read the jounrnal, even when we are doing our tricks on read-only systems. Signed-off-by:
"Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by:
Peter Korsgaard <peter@korsgaard.com>
-
Yann E. MORIN authored
Currently, we handle the factory by redirectoring /var with a symlink at build time, and with some trickery during the filesystem generation, depending on whether we need to remount the filesystem read-write or not. However, this is causing quite some pain with the latest systemd, now that they have moved their dbus socket to /run instead of /var/run. As such, trying to play tricks with /var/run as a symlink is difficult, because at times it is in .usr/share/factory/var/run (during build) and then it is in /var/run (at runtime). So a relative symlink is not possible. But an absolute symlink is not possible either, because we are installing out-of-tree. Oh the joys of cross-compilation... :-) We fix all this mess by making /var a real directory from the onset, so that we can use the runtime-expected layout even during the build. Then, during filesystem generation, we move /var away to the factory, and populate it as we used to do. This still requires a post-fs hook to restore /var after the filesystem generation. This leaves a situation that, should the filesystem generation fails, /var will be left in an inconsistent state. But that is not worse than what we already had anyway. Signed-off-by:
-
Trent Piepho authored
When using a RO root with systemd, it is intended that /var/lib should be populated at boot time by tmpfiles system mirroring it from /usr/share/factory/var/lib. However, this will only happen if /var/lib does not already exist at the time systemd-tmpfiles runs. If it does exist, then tmpfiles will (silently) skip it and do nothing. It turns out /var/lib will exist, because some part of systemd creates /var/lib/systemd/catalog on boot before tmpfiles runs. The fix used here is to also create tmpfiles entries for the contents of /var/lib/* and /var/lib/systemd/*. This way, when those directories already exist, the entire tree is not skipped and instead the not-yet-existing contents of /var/lib and /var/lib/systemd will be still be mirrored from the factory dir. And if /var/lib/systemd, or a prefix of that, stops getting created and does not exist, it'll still mirror properly. It does cause some warnings from systemd: systemd[1]: Starting Create Volatile Files and Directories... systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:7] Duplicate line for path "/var/lib/systemd", ignoring. systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:8] Duplicate line for path "/var/lib/systemd/coredump", ignoring. But they can be ignored. IMHO, I think a better solution would be for systemd-tmpfiles to gain a "merge tree" operation that is like "C" but doesn't abort if the destination exists, but rather merges the source into it. Signed-off-by:
Trent Piepho <tpiepho@impinj.com> [yann.morin.1998@free.fr: slight rework of commit title] Signed-off-by:
Adam Duskett <aduskett@gmail.com> Signed-off-by:
-
Fabio Estevam authored
Signed-off-by:
Fabio Estevam <festevam@gmail.com> Signed-off-by:
-
Yann E. MORIN authored
Its use has been globbed into the more generic BR2_NEEDS_HOST_UTF8_LOCALE option now. Signed-off-by:
-
Yann E. MORIN authored
Not all distributions have the language-agnostic C.UTF-8 locale (Gentoo, I'm frowning at you!). Instead, use any UTF-8 locale provided by the system. Reported-by:
Christian Stewart <kidovate@gmail.com> Signed-off-by:
-
Yann E. MORIN authored
Some packages really want to use an UTF-8 locale, or they break. However, there is no guarantee that any given locale is available on a system. For example,, while most mainstream distros (Debian and derivatives, Fedora...) do have the generic, language-agnostic C.UTF-8 locale, Gentoo does not provide it. So, find the first UTF-8 locale available on the system, and take any that is available. We however do favour using the user-set current locale, then using the language-agnostic C.UTF-8, and eventually any random UTF-8 locale. Note: we only need to enforce LC_ALL, because setting it implies everything else: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02 """ 1. If the LC_ALL environment variable is defined and is not null, the value of LC_ALL shall be used. """ [Peter: use same regexp as in dependencies.sh] Signed-off-by: -
Yann E. MORIN authored
Although the UTF-8 locales in mainstream distributions all are suffixed with just 'utf8', the nomenclature is a bit ambiguous with the way they are to be specified with the various LC_* variables, suffixed there with 'UTF-8'. Also, POSIX, ISO, and IEC do not enforce any specific suffix in LC_* variables: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02 """ If the locale value has the form: language[_territory][.codeset] it refers to an implementation-provided locale, where settings of language, territory, and codeset are implementation-defined. """ To avoid any confusion, use a regexp that is a bit more lax when matching locales. Also, quote the regexp, so that the '?' and '$' are not interpreted by the shell. Signed-off-by: -
Yann E. MORIN authored
udevd needs extra groups for its bundled rules: Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'render' unknown Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'kvm' unknown Add those missing groups. Signed-off-by: -
Bernd Kuhls authored
Fixes CVE-2018-0490: null-pointer crash in directory authority protocol list code. Signed-off-by:
Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by:
-
Peter Seiderer authored
Add optional copy of TEMP_FAILURE_RETRY macro. Fixes [1]: ../../lib/libdvbv5/.libs/libdvbv5.so: undefined reference to `TEMP_FAILURE_RETRY' [1] http://autobuild.buildroot.net/results/7aea0cbb9e7fe7d9919c9be04ba4567ddcf4e15e Patch submitted upstream: https://www.mail-archive.com/linux-media@vger.kernel.org/msg127134.html [Peter: add upstream submission link as suggested by Baruch] Signed-off-by:
Peter Seiderer <ps.report@gmx.net> Signed-off-by:
-
- Mar 03, 2018
-
-
Baruch Siach authored
CVE-2018-5732: The DHCP client incorrectly handled certain malformed responses. A remote attacker could use this issue to cause the DHCP client to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the dhclient AppArmor profile. CVE-2018-5733: The DHCP server incorrectly handled reference counting. A remote attacker could possibly use this issue to cause the DHCP server to crash, resulting in a denial of service. Both issues are fixed in version 4.4.1. But we are close to release, so backport the fixes instead of bumping version. Signed-off-by:
Baruch Siach <baruch@tkos.co.il> Signed-off-by:
-
Adam Duskett authored
Helps mitigate CVE-2018-1058 see: https://www.postgresql.org/docs/current/static/release-10-3.html for more bugfixes. Signed-off-by:
-
Thomas Petazzoni authored
In particular: - Explicitly specify the CPU to be used, POWER8, which matches qemu_ppc64le_pseries_defconfig - Use hard disk emulation to access the root filesystem instead of an initrd. Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by:
-
Thomas Petazzoni authored
This allows the toolchain building machinery used by https://toolchains.bootlin.com to automatically re-use this Qemu command line. Signed-off-by:
-
Thomas Petazzoni authored
qemu-system-ppc64le doesn't necessarily exist: it isn't installed by Qemu, and only created as a symlink to qemu-system-ppc64 by some distributions (Ubuntu). Other distributions (Fedora) just have qemu-system-ppc64. But qemu-system-ppc64 is capable of running little-endian PPC64 systems, so use this one instead. Signed-off-by:
-
Thomas Petazzoni authored
The script support/scripts/check-uniq-files uses the argparse Python module. In most recent Python versions (starting with 2.7), the argparse module is part of the standard library, and we already check for the availability of Python in support/dependencies/dependencies.sh. However, when running on an ancient distribution with Python 2.6, the argparse module is not part of the Python standard library, but available as an external module. Without this module, the build fails, because check-uniq-files, which is used in target-finalize, fails to run. To avoid this failure, this commit adds a check in support/dependencies/dependencies.sh to verify that the argparse module is available. Signed-off-by:
-
Thomas Petazzoni authored
Using {} in format strings is only supported in sufficiently recent Python versions. Python 2.6 doesn't support this, and only format strings with numbered arguments: {0}, {1}, etc. Python 2.7: $ python -c 'print("foo {}".format(12))' foo 12 $ python -c 'print("foo {0}".format(12))' foo 12 Python 2.6: $ python -c 'print("foo {}".format(12))' Traceback (most recent call last): File "<string>", line 1, in <module> ValueError: zero length field name in format $ python -c 'print("foo {0}".format(12))' foo 12 Signed-off-by: -
Peter Korsgaard authored
Fixes: http://autobuild.buildroot.net/results/d69/d693f3e3f1c73ccf54ac7076623e436355a9d901/b Signed-off-by:
-
Ciro Santilli authored
Closes #10831 Commit a952d24b (qemu_x86_64: use kernel 4.15) bumped the kernel version but didn't update the kernel header series to match, causing build failures. [Peter: reworded] Signed-off-by:
Ciro Santilli <ciro.santilli@gmail.com> Signed-off-by:
-
- Mar 02, 2018
-
-
Romain Naour authored
ecore_con added with efl 1.17 is under MIT license (COPYING.NGINX-MIT) ector added with efl 1.15 is under FTL license (COPYING.FTL) While at it, add license file hash. Signed-off-by:
Romain Naour <romain.naour@gmail.com> Signed-off-by:
-
Julius Kriukas authored
When BR2_REPRODUCIBLE is enabled or host uses non UTF-8 capable locale building systemd fails with an error: [1/1080] Generating systemd.bg.catalog with a meson_exe.py custom command. FAILED: catalog/systemd.bg.catalog /buildroot/output/host/bin/python3 /buildroot/output/host/bin/meson --internal exe /buildroot/output/build/systemd-236/build/meson-private/meson_exe_sed_232a0623cc7ce2cd67ec72ed784b76307102ed76.dat Warning: You are using 'ANSI_X3.4-1968' which is not a Unicode-compatible locale. You might see errors if you use UTF-8 strings as filenames, as strings, or as file contents. Please switch to a UTF-8 locale for your platform. ... UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 1079: ordinal not in range(128) package/pkg-generic.mk:247: recipe for target '/buildroot/output/build/systemd-236/.stamp_built' failed make: *** [/buildroot/output/build/systemd-236/.stamp_built] Error 1 This patch changes default host system locale from C to C.UTF-8 when building systemd package to fix this issue. It also introduces BR2_NEEDS_HOST_C_UTF8_LOCALE flag that checks if this locale is available on the host system. If locale is not available error message is show and build process is stopped. Signed-off-by:
Julius Kriukas <julius@kriukas.lt> [Thomas: use C.UTF-8 instead of en_US.UTF-8.] Signed-off-by:
-
Bernd Kuhls authored
Fixes http://autobuild.buildroot.org/results/4c7/4c77c15eaa2e44d0854cf24ab872e7b2ef83ebd6/ Signed-off-by:
-
Peter Korsgaard authored
Fixes: http://autobuild.buildroot.net/results/3cab7b54390feb5f952407f1e7fa49b9633a5f76/ http://autobuild.buildroot.net/results/ad9fc1f8a598d2c1ee7e6f8884f897f7b8bbb657/ And many others. Mono needs host-mono, which fails to build on the ppc64le autobuilder. There is unlikely to be any real use cases of people building mono on !x86, so only make it available on x86/x86-64 hosts, similar to how it was recently done for erlang. Signed-off-by:
Angelo Compagnucci <angelo.compagnucci@gmail.com> Signed-off-by:
-
Baruch Siach authored
musl libc requires the getopt.h header for the definition of 'optreset'. Fixes: http://autobuild.buildroot.net/results/c23/c233ade479d6124ed7b382f2aa9859fe509d7bca/ http://autobuild.buildroot.net/results/081/0813c13c2a978316e6fa9a3cdbd5512612f5c374/ http://autobuild.buildroot.net/results/182/18230384d8225fbd7fddabfcbd685eaa38e31b31/ Signed-off-by:
-
Baruch Siach authored
libedit is an optional dependency of dash since commit 651af57c (dash: enable line editting if libedit is selected). Unfortunately, the dash build system does not take into account the ncurses dependency of libedit. Use pkgconf to get that right. Fixes: http://autobuild.buildroot.net/results/801/801e8bc06277978556a301ddf54f609169de37bb/ http://autobuild.buildroot.net/results/123/12367267735b9165afef77289460c247aaad494a/ http://autobuild.buildroot.net/results/aa7/aa7cc7315d778c15c5165ca6423257a84b957482/ Cc: Carlos Santos <casantos@datacom.ind.br> Signed-off-by:
-
Bernd Kuhls authored
Fixes CVE 2018-7584: https://bugs.php.net/bug.php?id=75981 For details see release notes: http://www.php.net/archive/2018.php#id2018-03-01-2 Signed-off-by:
-
Bernd Kuhls authored
Fixes CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-1000085 & CVE-2018-0202. For details see upstream announcement: http://lists.clamav.net/pipermail/clamav-announce/2018/000029.html Signed-off-by:
-
- Mar 01, 2018
-
-
Peter Korsgaard authored
Commit baae5156 (uboot: use local fdt headers) changed the uboot logic to pass the host include directories with -idirafter instead of -I, so include files local to u-boot would be preferred over host includes. This unfortunately breaks configurations using BR2_TARGET_UBOOT_NEEDS_OPENSSL on hosts with incompatible openssl headers installed in the system default include directories as explained here: http://lists.busybox.net/pipermail/buildroot/2018-March/214651.html The problem is that -idirafter directories gets added to the very end of the search order, AFTER the system default directories. Instead use -isystem which causes the directories to be added after -I but before the system default directories. With this in place, the include directories of u-boot will first be scanned, followed by the host includes and finally the system default include directories. Signed-off-by:
-
Peter Korsgaard authored
qt 4.x is no longer supported upstream since December 2015: https://blog.qt.io/blog/2015/05/26/qt-4-8-7-released/ So it shouldn't be used for new projects. Add an obsolete warning to the package prompt to make this clear. Signed-off-by:
-
Peter Korsgaard authored
Fixes CVE-2017-7651: Unauthenticated clients can send a crafted CONNECT packet which causes large amounts of memory use in the broker. If multiple clients do this, an out of memory situation can occur and the system may become unresponsive or the broker will be killed by the operating system. The fix addresses the problem by limiting the permissible size for CONNECT packet, and by adding a memory_limit configuration option that allows the broker to self limit the amount of memory it uses. The hash of new tarball is not (yet) available through download.php, so use a locally calculated hash. Signed-off-by: -
Bernd Kuhls authored
Fixes CVE-2017-15130, CVE-2017-14461 & CVE-2017-15132: https://www.dovecot.org/list/dovecot-news/2018-February/000370.html Removed patch applied upstream: https://github.com/dovecot/core/commit/a008617e811673064fd657acf517dc4a12493d29 Signed-off-by:
-
Peter Korsgaard authored
systemd-237 slightly changed the README, but the hash was not updated leading to legal-info failing. Fix it. Signed-off-by: -
Peter Korsgaard authored
Signed-off-by:
-
- Feb 28, 2018
-
-
Peter Seiderer authored
Fixes [1]: .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c: In function 'RPI_Create': .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:126:39: error: 'RPI_GLES_DefaultProfileConfig' undeclared (first use in this function); did you mean 'RPI_GLES_DeleteContext'? device->GL_DefaultProfileConfig = RPI_GLES_DefaultProfileConfig; ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RPI_GLES_DeleteContext .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:126:39: note: each undeclared identifier is reported only once for each function it appears in .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c: In function 'RPI_CreateWindow': .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:281:17: error: 'SDL_VideoDevice {aka struct SDL_VideoDevice}' has no member named 'egl_data'; did you mean 'gl_data'? if (!_this->egl_data) { ^~~~~~~~ gl_data .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:286:10: error: 'SDL_WindowData {aka struct SDL_WindowData}' has no member named 'egl_surface' wdata->egl_surface = SDL_EGL_CreateSurface(_this, (NativeWindowType) &wdata->dispman_window); ^~ .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:286:26: warning: implicit declaration of function 'SDL_EGL_CreateSurface'; did you mean 'SDL_Vulkan_CreateSurface'? [-Wimplicit-function-declaration] wdata->egl_surface = SDL_EGL_CreateSurface(_this, (NativeWindowType) &wdata->dispman_window); ^~~~~~~~~~~~~~~~~~~~~ SDL_Vulkan_CreateSurface .../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:288:14: error: 'SDL_WindowData {aka struct SDL_WindowData}' has no member named 'egl_surface' if (wdata->egl_surface == EGL_NO_SURFACE) { ^~ [1] http://autobuild.buildroot.net/results/9612d43b192bbb88214a11fe18f8b8da6ad10313 Signed-off-by: -
Fabio Estevam authored
Signed-off-by:
-
Fabio Estevam authored
Signed-off-by:
-
Yann E. MORIN authored
tvheadend does not build on microblazeel, because of some assertion failure in binutils: [...]/microblazeel-buildroot-linux-uclibc/bin/ld: FDE encoding in [...]/lib/gcc/microblazeel-buildroot-linux-uclibc/6.4.0/libgcc.a(_divdi3.o)(.eh_frame) prevents .eh_frame_hdr table being created. [...]/microblazeel-buildroot-linux-uclibc/bin/ld: FDE encoding in [...]/lib/gcc/microblazeel-buildroot-linux-uclibc/6.4.0/libgcc.a(_udivdi3.o)(.eh_frame) prevents .eh_frame_hdr table being created. [...]/microblazeel-buildroot-linux-uclibc/bin/ld: FDE encoding in [...]/lib/gcc/microblazeel-buildroot-linux-uclibc/6.4.0/libgcc.a(_umoddi3.o)(.eh_frame) prevents .eh_frame_hdr table being created. [...]/microblazeel-buildroot-linux-uclibc/bin/ld: BFD (GNU Binutils) 2.29.1 assertion fail elf32-microblaze.c:1494 [...]/microblazeel-buildroot-linux-uclibc/bin/ld: [...]/sysroot/usr/lib/Scrt1.o: probably compiled without -fPIC? [...]/microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: Bad value collect2: error: ld returned 1 exit status Fixes: http://autobuild.buildroot.org/results/85475885a95f23f3dbc88e5b162108a458233bc4/ [...] Signed-off-by: -
Peter Korsgaard authored
Fixes the following security issues: CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file. CVE-2018-7254: The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file. Signed-off-by:
-
- Feb 27, 2018
-
-
Peter Korsgaard authored
Signed-off-by:
-
