- Jul 11, 2017
-
-
Yann E. MORIN authored
And add myself to the DEVELOPPERS for squashfs. Signed-off-by:
"Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by:
Peter Korsgaard <peter@korsgaard.com>
-
Jörg Krause authored
Drop the following patches: * the Xtensa patches 870 and 871 are upstream now * patch 942 was backported to GCC 6 branch Note, that a bz2 release tarball is not provided anymore and is replaced by a xz tarball file. Signed-off-by:
Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by:
-
Peter Seiderer authored
Use '--disable-pcre2grep-callout' for !BR2_USE_MMU, disables fork usage. Fixes [1]: CCLD pcre2grep src/pcre2grep-pcre2grep.o: In function `pcre2grep_callout': pcre2grep.c:(.text+0x402): undefined reference to `fork' collect2: error: ld returned 1 exit status [1] http://autobuild.buildroot.net/results/2c2/2c2665844748a3bdb010315200eea70aa3504b95 Signed-off-by:Peter Seiderer <ps.report@gmx.net> Signed-off-by:
-
Francois Perrad authored
Signed-off-by:
Francois Perrad <francois.perrad@gadz.org> Signed-off-by:
-
Baruch Siach authored
libssh2 support mbedtls as crypto back-end library since version 1.8.0. Default to mbedtls since it's smaller than either libgcrypt or openssl. Signed-off-by:
Baruch Siach <baruch@tkos.co.il> Signed-off-by:
-
Bernd Kuhls authored
Announcement: http://www.apache.org/dist/httpd/Announcement2.4.html Release notes: http://www.apache.org/dist/httpd/CHANGES_2.4.27 Signed-off-by:
Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by:
-
Peter Korsgaard authored
>From the release notes: - Extend pow tables for layer III to properly handle files with i-stereo and 5-bit scalefactors. Never observed them for real, just as fuzzed input to trigger the read overflow. Note: This one goes on record as CVE-2017-11126, calling remote denial of service. While the accesses are out of bounds for the pow tables, they still are safely within libmpg123's memory (other static tables). Just wrong values are used for computation, no actual crash unless you use something like GCC's AddressSanitizer, nor any information disclosure. - Avoid left-shifts of negative integers in layer I decoding. While we're at it, add a hash for the license file. Signed-off-by: -
Peter Korsgaard authored
Drop CVE 2017-9868 patch as that is now upstream. 1.4.14 is a bugfix release, fixing significant websocket performance / correctness issues. Use HTTPS for the download as the server uses HSTS, thus saving a redirect. While we're at it, add hashes for the license files. Signed-off-by: -
Peter Korsgaard authored
Fixes the following security issues: CVE-2017-7890 - Buffer over-read into uninitialized memory. The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be reached with a call to the imagecreatefromstring() function) uses constant-sized color tables of size 3 * 256, but does not zero-out these arrays before use. CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229 - Out-of-bonds access in oniguruma regexp library. CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function. CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7, lack of bounds checks in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11145. While we're at it, add a hash for the license file. Signed-off-by: -
Peter Korsgaard authored
Add upstream patches fixing the following security issues: CVE-2017-10971: The endianess handling for X Events assumed a fixed size of X Event structures and had a specific 32 byte stack buffer for that. However "GenericEvents" can have any size, so if the events were sent in the wrong endianess, this stack buffer could be overflowed easily. So authenticated X users could overflow the stack in the X Server and with the X server usually running as root gaining root prileveges. CVE-2017-10972: An information leak out of the X server due to an uninitialized stack area when swapping event endianess. For more details, see the advisory: http://www.openwall.com/lists/oss-security/2017/07/06/6 Signed-off-by:
-
Baruch Siach authored
Add upstream patch fixing a warning that breaks the build because of -Werror. Fixes: http://autobuild.buildroot.net/results/33a/33adc3ef139d6814aef4c92ae0bcc4c810ab0b86/ http://autobuild.buildroot.net/results/e7d/e7d80e823e13edc6698148244553bd90367bcd03/ http://autobuild.buildroot.net/results/3b6/3b61246f8b04a332d1c61732f0eb6e50ea8ca366/ Cc: Erico Nunes <nunes.erico@gmail.com> Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-
- Jul 10, 2017
-
-
Arnout Vandecappelle authored
In commit b78b5046, the initialisation of BRTest.builddir was moved to the __init__ function. However, it is set based on BRTest.outputdir and that is only set when the -o argument is given to run-tests. When called as "run-tests -l", there is no -o argument so BRTest.outputdir remains unset. To fix, keep BRTest.builddir at None when BRTest.outputdir is None. While we're at it, drop the direct access to the class member. If a subclass wishes to set outputdir to something else before calling BRTest.__init__, they are free to do so. Signed-off-by:
Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Reported-by:
-
Yann E. MORIN authored
We have to specify the -mcpu value, even in 64-bit mode. For AArch64, +fp and +simd are the default, so they are totally useless. Signed-off-by:
-
Arnout Vandecappelle authored
It makes no sense to default to an arbitrary path. In addition, it in fact works correctly when it is empty. In that case, the toolchain will be searched in PATH. Update the help text to explain the above, and also that the compiler is supposed to be in the bin subdirectory. Signed-off-by:
-
Arnout Vandecappelle authored
BRTest's setUp() method contains a few assignments that initialize its member variables. Since we will want to use these in test case overrides, move them to the __init__ function. Also allow the config member to be overridden, rather than always taking the class member. Signed-off-by:
-
Arnout Vandecappelle authored
Signed-off-by:
-
Arnout Vandecappelle authored
Commit 14151d77 that eliminated $(HOST_DIR)/usr seriously missed the toolchain-wrapper - only a single reference was updated, the other three were missed. Commit 015d68c8 removed one more. This commit finally removes the two remaining ones. Signed-off-by:
-
Arnout Vandecappelle authored
Up to now we created the $(HOST_DIR)/usr compatibility symlink as part of the creation of $(HOST_DIR) itself. However, when the user specifies a custom BR2_HOST_DIR, it is possible that the directory already exists so this rule will never trigger. Therefore, add an explicit rule for creating $(HOST_DIR)/usr and add this rule to the dependencies of the dirs target. HOST_DIR itself goes back to the standard rule for directories. The order-only dependency of STAGING_DIR isn't needed any more either: HOST_DIR is implicitly created if needed by mkdir -p, and we don't need to trigger the HOST_DIR rule any more if the directory already exists. Signed-off-by:
-
Peter Korsgaard authored
Tarballs of the releases are now again available: https://www.spinics.net/lists/linux-i2c/msg30349.html So change back to that instead of getting the source code from git. While we're at it, add a hash for the license file. [Peter: Also update Config.in homepage URL as pointed out by Baruch] Signed-off-by:
-
- Jul 09, 2017
-
-
Baruch Siach authored
libssh2 uses the implicit 'yes' argument of the --with-libgcrypt parameter as a library path prefix, which breaks the build. Pass the library path as --with-libgcrypt argument to fix that. Drop the unneeded --with-libgcrypt-prefix. Fixes: http://autobuild.buildroot.net/results/ac3/ac3a3f5871a6c20f5407a468809682ce491b9cb3/ http://autobuild.buildroot.net/results/ba3/ba31fa11b2ce2875649414dd9093e039dfc129e8/ http://autobuild.buildroot.net/results/b07/b07bbbf7fe164ba6dc435de6d8b41fadff7a3b08/ Signed-off-by:
-
Naoki Matsumoto authored
Signed-off-by:
Naoki Matsumoto <n-matsumoto@melcoinc.co.jp> Signed-off-by:
Brent Sink <brents_3@hotmail.com> Acked-by:
-
Waldemar Brodkorb authored
Fixes: http://autobuild.buildroot.net/results/3e4/3e468c7b1be376024422e2f06750571f64f433a2/ http://autobuild.buildroot.net/results/8c6/8c629a1c5c4a1d78c8bf09a091a332a424a0f757/ Reported-by:
Romain Naour <romain.naour@gmail.com> Signed-off-by:
Waldemar Brodkorb <wbx@openadk.org> Signed-off-by:
-
Andre Renaud authored
Signed-off-by:
Andre Renaud <andre@ignavus.net> Signed-off-by:
-
Arnout Vandecappelle authored
We had several remarks on the mailing list of users that were surprised that patches were not applied for packages whose SITE_METHOD is local. So document this. Note that for OVERRIDE_SRCDIR itself it is already documented: When Buildroot finds that for a given package, an <pkg>_OVERRIDE_SRCDIR has been defined, it will no longer attempt to download, extract and patch the package. Instead, it will directly use the source code available in in the specified directory. Signed-off-by:
-
Max Filippov authored
Xtensa core configuration must be added to U-Boot before it can be built for that xtensa CPU variant. Extract configuration files from the xtensa overlay as is done for other packages that need to be configured for a specific xtensa core. Signed-off-by:
Max Filippov <jcmvbkbc@gmail.com> Signed-off-by:
-
Max Filippov authored
Xtensa core configuration must be added to linux before it can be built for that xtensa CPU variant. Extract configuration files from the xtensa overlay as is done for other packages that need to be configured for a specific xtensa core. Signed-off-by:
-
Yann E. MORIN authored
Rather than bundle the overlay with us, directly fetch it from its upstream location. Signed-off-by:
-
Yann E. MORIN authored
It can be interesting to get the overlay from a remote server, rather than expect it to be present locally. Since that file can be any URL, we can't know its hash, so we just exclude it. Signed-off-by:
-
Yann E. MORIN authored
Signed-off-by:
-
Yann E. MORIN authored
currently, specifying a custom Xtrensa core is done with two variables: - the core name - the directory containing the overlay tarball However, the core name only serves to construct the tarball name, and is not used whatsoever to configure any of the toolchain components (binutils, gcc or gdb), except through the files that are overlayed in their respective source trees. This has two main drawbacks: - the overlay file must be named after the core, - the tarball can not be compressed. Furthermore, it also makes it extremely complex to implement a download of that tarball. So, those two variables can be squeezed into a single variable, that is the complete path of the overlay tarball. Update the qemu-xtensa defconfig accordingly. Note: we do not add a legacy entry for BR2_XTENSA_CORE_NAME, since it was previously a blind option in the last release, and there's been no release since we removed BR2_XTENSA_CUSTOM_NAME. So, we just update the legacy comments for BR2_XTENSA_CUSTOM_NAME, since that's all the user could have seen in any of our releases so far. Signed-off-by:
-
Yann E. MORIN authored
It is not needed to have an intermediate blind option, we can just hide the prompt behind the same dependency as the non-blind symbol. Update our qemu-xtensa defconfig acordingly (note: it was using different values for both options, which is not possible; the blind option was just set to the non-blind one in the .config). Also remove an unneeded empty default for the BR2_XTENSA_OVERLAY_DIR string option (strings are empty by default). Signed-off-by:
-
Sébastien Szymanski authored
This option lets the user specify mke2fs options and/or ext2/3/4 features. Signed-off-by:
Sébastien Szymanski <sebastien.szymanski@armadeus.com> Signed-off-by:
Samuel Martin <s.martin49@gmail.com> Cc: "Yann E. MORIN" <yann.morin.1998@free.fr> Reviewed-by:
-
Samuel Martin authored
This change deprecates the ext2/3/4 rootfs size in blocks symbol in favor of one that mimic the fs-size argument behavior of mkfs (i.e. size in a human readable format accepting k, m, g or t suffix or their upper-case variants). This change also updates the defconfigs that used to set BR2_TARGET_ROOTFS_EXT2_BLOCKS symbol. Signed-off-by:
-
Baruch Siach authored
Signed-off-by:
-
Baruch Siach authored
Signed-off-by:
-
- Jul 08, 2017
-
-
Adam Duskett authored
Libressl is a fork of openssl from OpenSSL in 2014. Its goal is to modernize the OpenSSL codebase, improve security, and apply best practice development processes. Right now, libressl is API compatible with OpenSSL 1.0.1, but does not yet include all new APIs from OpenSSL 1.0.2 and later. Signed-off-by:
Adam Duskett <aduskett@codeblue.com> Signed-off-by:
-
Peter Korsgaard authored
>From the advisory: https://irssi.org/security/irssi_sa_2017_07.txt Two vulnerabilities have been located in Irssi. (a) When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter of Geeknik Labs. (CWE-690) CVE-2017-10965 [2] was assigned to this bug (b) While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table. Found by Brian 'geeknik' Carpenter of Geeknik Labs. (CWE-416 caused by CWE-227) CVE-2017-10966 [3] was assigned to this bug Impact ------ (a) May result in denial of service (remote crash). (b) Undefined behaviour. Signed-off-by:
-
Peter Korsgaard authored
While building I noticed: >>> host-ccache 3.3.4 Building conf.c: In function 'conf_create': conf.c:314:2: warning: too many arguments for format [-Wformat-extra-args] conf->cache_dir = format("/home/peko/.buildroot-ccache", get_home_directory()); ^ As host-ccache gets installed into $(HOST_DIR) and is part of the SDK, hardcoding the build user homedir isn't really nice for the relocatable SDK feature (or simply for a SDK used by multiple users). As the warning shows, CCache replaces "%s" with the current user home directory, so rewrite BR_CACHE_DIR to use this feature if it begins with $HOME. Signed-off-by: -
Joel Stanley authored
Signed-off-by:
Joel Stanley <joel@jms.id.au> Signed-off-by:
-
Joel Stanley authored
Signed-off-by:
-
