- Aug 28, 2018
-
-
Baruch Siach authored
Fixes CVE-2018-12910: The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
Baruch Siach <baruch@tkos.co.il> Signed-off-by:
Peter Korsgaard <peter@korsgaard.com>
-
Peter Korsgaard authored
Fixes: http://autobuild.buildroot.net/results/d6d/d6dc9a640aa1f6650a3e7b9397f2fe2ae3433f4d/ http://autobuild.buildroot.net/results/ab5/ab5a58ea7845f9f378454ee1aa7e872448618ba9/ ebx was recently added to the x86 inline asm MULADDC_STOP clobber list to fix #1550, but this causes the build to fail with GCC < 5 when building in PIC mode with errors like: include/mbedtls/bn_mul.h:46:13: error: PIC register clobbered by ‘ebx’ in ‘asm’ This is because older GCC versions treated the x86 ebx register (which is used for the GOT) as a fixed reserved register when building as PIC. This is fixed by an improved register allocator in GCC 5+. From the release notes: Register allocation improvements: Reuse of the PIC hard register, instead of using a fixed register, was implemented on x86/x86-64 targets. This improves generated PIC code performance as more hard registers can be used. https://www.gnu.org/software/gcc/gcc-5/changes.html As a workaround, add a patch to detect this situation and disable the inline assembly, similar to the MULADDC_CANNOT_USE_R7 logic. Patch submitted upstream: https://github.com/ARMmbed/mbedtls/pull/1986 Signed-off-by:
-
- Aug 27, 2018
-
-
Fabrice Fontaine authored
thread-local storage is a C++11 feature available since gcc 4.8: https://gcc.gnu.org/projects/cxx-status.html#cxx11 Fixes: - http://autobuild.buildroot.net/results/2963bd55cd7c33ded3e5a75fc86079acfae844c1 Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
Commit 39387fc80f90f3a9ac9ef9f3aa32da5776a0721e removed mmx support however aircrack-ng fails to build on platforms with mmx because an error is raised if __MMX__ is defined. Fixes: - http://autobuild.buildroot.net/results/b7362b69435e9ef6fb2aedc50743e88dbd7a5c72 [Upstream status: merged (https://github.com/aircrack-ng/aircrack-ng/pull/1943) ] Signed-off-by:
-
Christopher McCrory authored
This fixes autobuild failures like http://autobuild.buildroot.net/results/3288b742cee650ee47a41c5b4d6aaef1fe67bff1 php compile breaks with: ext/mysqlnd/mysqlnd_auth.o: In function `php_mysqlnd_scramble_sha2': mysqlnd_auth.c:(.text+0x1054): undefined reference to `PHP_SHA256Init' mysqlnd_auth.c:(.text+0x1064): undefined reference to `PHP_SHA256Update' mysqlnd_auth.c:(.text+0x1070): undefined reference to `PHP_SHA256Final' mysqlnd_auth.c:(.text+0x1078): undefined reference to `PHP_SHA256Init' mysqlnd_auth.c:(.text+0x1088): undefined reference to `PHP_SHA256Update' mysqlnd_auth.c:(.text+0x1094): undefined reference to `PHP_SHA256Final' mysqlnd_auth.c:(.text+0x109c): undefined reference to `PHP_SHA256Init' mysqlnd_auth.c:(.text+0x10ac): undefined reference to `PHP_SHA256Update' mysqlnd_auth.c:(.text+0x10bc): undefined reference to `PHP_SHA256Update' mysqlnd_auth.c:(.text+0x10c8): undefined reference to `PHP_SHA256Final' It looks like the php mysqli extension needs the hash extension to work. This seems to be a php Make dependany bug. This patch works around it until the upstream maintainers can fix it. Signed-off-by:
Christopher McCrory <chrismcc@gmail.com> Signed-off-by:
-
Peter Korsgaard authored
dropbear is affected by an user enumeration vulnerability similar to the recent issue in openssh (CVE-2018-15473). Add an upstream patch fixing the issue. For more details, see the discussion on the mailing list: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002110.html Signed-off-by:
-
- Aug 26, 2018
-
-
Thomas Petazzoni authored
This commit adds a one-liner patch that fixes the build with musl of the openpowerlink package, caused by a missing <sys/types.h> include. The patch has been submitted upstream. Fixes: http://autobuild.buildroot.net/results/8aff5f6d7bcab616129368c1fb22026bb164e454/ Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by:
-
- Aug 25, 2018
-
-
Yann E. MORIN authored
brltty has a very inventive buildsystem, where it internall runs ./configure for the build machine In doing so, it generates a list of make variables to define what the build machine supports, like it does for the target. However, the build variables are generated with a convoluted sed script that scans the target list, and appends _FOR_BUILD to each target variables. Then, both lists are included from the Makefile, on the assumption that the build variables will not clash with the target variables. Where it gets interesting, is that that sed script considers the variables names to match '[A-Za-z][A-Za-z0-9_]*' And there we see why ATSPI2_PACKAGE does not match: it contains a digit. So, some build variables will inevitably override target ones. Fix that by simply expanding the matching regexp to allow digits in variable names. Fixes: http://autobuild.buildroot.org/results/a37/a37782b3cfc1a96cc129db8fade20a36a7b2d470/ http://autobuild.buildroot.org/results/97e/97edc6a47d2140968e84b409cdc960604e5896f2/ Signed-off-by:"Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Mario Lang <mlang@blind.guru> Cc: Baruch Siach <baruch@tkos.co.il> Signed-off-by:
-
- Aug 24, 2018
-
-
Yann E. MORIN authored
Signed-off-by:
-
Brad Love authored
Extend i2c-tools SPDX identifiers to include the library license. Also include COPYING.LGPL and README to license files. The ic2-tools readme states: LICENSE Check the documentation of individual tools for licensing information. The library is released under the LGPL version 2.1 or later, while most tools are released under the GPL version 2 or later, but there are a few exceptions. Signed-off-by:
Brad Love <brad@nextdimension.cc> [Thomas: add hashes for COPYING.LGPL and README.] Signed-off-by:
-
Yann E. MORIN authored
Vulcan with X11 needs DRI3, which in turn requires xlib-libxshmfence. Fixes: http://autobuild.buildroot.org/results/356/35653fc6f57dc169a8aae6baedb1acd1049b50ec/ Signed-off-by: -
Thomas Petazzoni authored
This commit adds a patch to RAUC that makes the eMMC boot partition support optional. This allows RAUC to build successfully on systems using Linux < 3.0. Fixes: http://autobuild.buildroot.net/results/7e1cbeb458cb6536a36eae0d24cefb36edb22f55/ Signed-off-by:
-
Mark Corbin authored
Add kconfig help text that explains how to manually specify an official Linux version to use for the kernel headers. Signed-off-by:
Mark Corbin <mark.corbin@embecosm.com> Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel - CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel For more info, see the advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 Signed-off-by:
-
Bernd Kuhls authored
Signed-off-by:
Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by:
-
Bernd Kuhls authored
Signed-off-by:
-
Baruch Siach authored
Fixes CVE-2018-15473: user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed. Some OpenSSH developers don't consider this a security issue: https://lists.mindrot.org/pipermail/openssh-unix-dev/2018-August/037138.html Signed-off-by:
-
- Aug 23, 2018
-
-
Fabio Estevam authored
Signed-off-by:
Fabio Estevam <festevam@gmail.com> Signed-off-by:
-
Fabio Estevam authored
Signed-off-by:
-
Fabrice Fontaine authored
mpjegtools fails to build on powerpc without altivec: build_sub44_mests.c: In function 'build_sub44_mests_altivec': build_sub44_mests.c:268:9: internal compiler error: Segmentation fault vr1 = vec_ld(rowstride, (unsigned char*)s44blk); It seems mpjegtools is wrongly detecting altivec support: configure: - PowerPC Optimizations: configure: - AltiVec enabled : true Fix this by adding BR2_PACKAGE_MJPEGTOOLS_SIMD_SUPPORT and setting --enable-simd-accel / --disable-simd-accel Fixes: - http://autobuild.buildroot.net/results/c9464712f43efb8954fd2e5460126ad193660353 Signed-off-by:
-
- Aug 22, 2018
-
-
Mirza Krak authored
Signed-off-by:
Mirza Krak <mirza.krak@northern.tech> Signed-off-by:
-
- Aug 21, 2018
-
-
Bernd Kuhls authored
Fixes CVE-2018-14599, CVE-2018-14600 & CVE-2018-14598: https://lists.x.org/archives/xorg-announce/2018-August/002915.html Signed-off-by:
-
Peter Seiderer authored
Fixes [1]: ../3rdparty/double-conversion/include/double-conversion/utils.h:81:2: error: #error Target architecture was not detected as supported by Double-Conversion. #error Target architecture was not detected as supported by Double-Conversion. [1] http://autobuild.buildroot.net/results/489/4891d96f45c64c2e66fe819bd4175cc1d6243a93 Signed-off-by:
Peter Seiderer <ps.report@gmx.net> Signed-off-by:
-
Thomas Petazzoni authored
The check_musl function currently builds a program and verifies if the program interpreter starts with /lib/ld-musl. While this works fine for dynamically linked programs, this obviously doesn't work for a purely static musl toolchain such as [1]. There is no easy way to identify a toolchain as using the musl C library. For glibc, dynamic linking is always supported, so we look at the dynamic linker name. For uClibc, there is a distinctive uClibc_config.h header file. There is no such distinctive feature in musl. We end up resorting to looking for the string MUSL_LOCPATH, which is used by musl locale_map.c source file. This string has been present in musl since 2014. It certainly isn't a very stable or convincing solution to identify the C library as being musl, but it's the best we could find. Note that we are sure there is a libc.a file, because the check_unusable_toolchain function checks that there is a such a file. [1] http://autobuild.buildroot.net/toolchains/tarballs/br-arm-musl-static-2018.05.tar.bz2 Signed-off-by:
Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by:
-
Baruch Siach authored
We sometimes create dangling symlinks in the target directory. That is because we need canonical targets, as relative targets don't work well with BR2_ROOTFS_MERGED_USR. For example, the vim package installs the /bin/vi symlink to /usr/bin/vim. This symlink might be dangling when the build host has no vim installed there. Patch the busybox install.sh script to avoid clobber of dangling symlinks. Fixes: http://autobuild.buildroot.net/results/796/796107430db6545401d9926e84f19eaf2040b756/ Cc: Adam Duskett <aduskett@gmail.com> Cc: Carlos Santos <casantos@datacom.com.br> Cc: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by:
-
Peter Korsgaard authored
Depending on the configuration, the cpp output may contain the string 'yes' in a comment if built under a path containing 'yes', confusing the _AIX test: ${CROSS}-cpp conftest.h \# 1 "conftest.h" \# 1 "<built-in>" \# 1 "<command-line>" \# 31 "<command-line>" \# 1 "/home/peko/source/buildroot/output-yes/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/stdc-predef.h" \# 32 "<command-line>" 2 \# 1 "conftest.txt" If misdetected, the configure script adds -lc128 to LIBS, causing the AC_CHECKS_FUNCS check for stat64 to fail, which in turn causes compilation errors about redefinition of symbols: In file included from ./src/include/pv-internal.h:9:0, from src/pv/file.c:5: ./src/include/config.h:76:18: error: redefinition of 'struct stat' # define stat64 stat ^ Fix it by only matching on 'yes' on a line by itself. As pv doesn't cleanly autoreconf (it doesn't use automake and configure.in is located in subdir), instead directly patch configure. Signed-off-by: -
Keith Mok authored
systemd can use elfutils when available, so this commit adds the detection of this library. Signed-off-by:
Keith Mok <ek9852@gmail.com> Signed-off-by:
-
- Aug 20, 2018
-
-
Hollis Blanchard authored
wget is the only downloader currently usable with BR2_PRIMARY_SITE, and that doesn't work at all for file:// URLs. The symptoms are these: support/download/dl-wrapper -c '2.4.47' -d '/PATH/build/sw/source/attr' -D '/PATH/build/sw/source' -f 'attr-2.4.47.src.tar.gz' -H 'package/attr//attr.hash' -n 'attr-2.4.47' -N 'attr' -o '/PATH/build/sw/source/attr/attr-2.4.47.src.tar.gz' -u file\|urlencode+file:///NFS/buildroot_dl_cache/attr -u file\|urlencode+file:///NFS/buildroot_dl_cache -u http+http://download.savannah.gnu.org/releases/attr -u http\|urlencode+http://sources.buildroot.net/attr -u http\|urlencode+http://sources.buildroot.net -- file:///NFS/buildroot_dl_cache/attr/attr-2.4.47.src.tar.gz: Unsupported scheme `file'. ERROR: attr-2.4.47.src.tar.gz has wrong sha256 hash: ERROR: expected: 25772f653ac5b2e3ceeb89df50e4688891e21f723c460636548971652af0a859 ERROR: got : e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ERROR: Incomplete download, or man-in-the-middle (MITM) attack In the case of custom Linux kernel versions, this is fatal, because there isn't necessarily a hash file to indicate that wget's empty tarball is wrong. This seems to have been broken by commit c8ef0c03, because: 1. BR2_PRIMARY_SITE always appends "urlencode" (package/pkg-download.mk) 2. Anything with the "|urlencode" suffix in $uri will end up using wget due to the backend case wildcarding. 3. The wget backend rejects file:/// URLs ("unsupported scheme"), and we end up with an empty .tar.gz file in the downloads directory. Fix that by shell-extracting the backend name from the left of "|". I'm not positive if all URLs will have a "|", so this code only looks for a "|" left of the "+". Signed-off-by:
Hollis Blanchard <hollis_blanchard@mentor.com> Reviewed-by:
-
Thomas Petazzoni authored
The current download location fails, and Buildroot falls back to sources.b.o: --2018-08-20 23:41:39-- https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz Resolving red.libssh.org (red.libssh.org)... 78.46.80.163 Connecting to red.libssh.org (red.libssh.org)|78.46.80.163|:443... connected. The certificate's owner does not match hostname ‘red.libssh.org’ --2018-08-20 23:41:39-- http://sources.buildroot.net/libssh/libssh-0.7.5.tar.xz Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.211.19, 104.25.210.19, 2400:cb00:2048:1::6819:d313, ... Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.211.19|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 351632 (343K) [application/x-xz] This commit fixes the download location: --2018-08-20 23:43:04-- https://www.libssh.org/files/0.7/libssh-0.7.5.tar.xz Resolving www.libssh.org (www.libssh.org)... 87.98.168.187, 2001:41d0:2:f80c::4 Connecting to www.libssh.org (www.libssh.org)|87.98.168.187|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 351632 (343K) [application/x-tar] This patch is extracted from a contribution from Bernd Kuhls who was also bumping the package at the same time (http://patchwork.ozlabs.org/patch/959192/ ). Signed-off-by:
-
Fabrice Fontaine authored
When libidn2 is statically build with libunistring support, mutt needs to add -lunistring to LIBS. To do that, add a call to PKG_CHECK_MODULES to retrieve this information from libidn2.pc Fixes: - http://autobuild.buildroot.net/results/177da8f4798f69298db5385957184f1c53cca923 Signed-off-by:
-
Fabrice Fontaine authored
An internal compiler error is raised on m68k_cf at dwarf2cfi.c:2752 in connect_traces. Error can be fixed by adding -fno-defer-pop, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58864 Fixes: - http://autobuild.buildroot.net/results/dad241acbe59b1c5a24a0a2f3da6b12a553aec84 Signed-off-by:
-
Thomas Petazzoni authored
The download wrapper call is currently always being displayed, even without V=1, which is a bit annoying. It shows something like this: thomas@windsurf:~/projets/buildroot (master)$ make tslib-source >>> tslib 1.16 Downloading PATH="/home/thomas/projets/buildroot/output/host/bin:/home/thomas/projets/buildroot/output/host/sbin:/usr/local/bin:/usr/bin:/bin:/home/thomas/.rvm/bin:/usr/local/sbin:/usr/sbin:/home/thomas/.rvm/bin:/home/thomas/sys/bin:/home/thomas/.gem/ruby/2.1.0/bin:/home/thomas/.rvm/bin" BR2_DL_DIR=/home/thomas/dl BUILD_DIR=/home/thomas/projets/buildroot/output/build O=/home/thomas/projets/buildroot/output flock /home/thomas/dl/tslib/ support/download/dl-wrapper -c '1.16' -d '/home/thomas/dl/tslib' -D '/home/thomas/dl' -f 'tslib-1.16.tar.xz' -H 'package/tslib//tslib.hash' -n 'tslib-1.16' -N 'tslib' -o '/home/thomas/dl/tslib/tslib-1.16.tar.xz' -u https+https://github.com/kergoth/tslib/releases/download/1.16 -u http\|urlencode+http://sources.buildroot.net/tslib -u http\|urlencode+http://sources.buildroot.net -- Let's silence this dl-wrapper call by prepending with $(Q). Signed-off-by:
-
Christopher McCrory authored
MySQL detects on the build machine where the hostname program is located, and uses this value in a number of configuration files and scripts that are generated and installed in the target: output/target$ grep -r "bin/hostname" * etc/inittab:::sysinit:/bin/hostname -F /etc/hostname usr/share/mysql/mysql.server: pid_file=$datadir/mysqlmanager-`/usr/bin/hostname`.pid usr/share/mysql/mysql.server: server_pid_file=$datadir/`/usr/bin/hostname`.pid usr/bin/mysql_install_db:hostname=`/usr/bin/hostname` usr/bin/mysqld_safe: err_log=$DATADIR/`/usr/bin/hostname`.err usr/bin/mysqld_safe: pid_file="$DATADIR/`/usr/bin/hostname`.pid" However, the hostname on the build machine may not necessarily be at the same location as the hostname program on the target. Buildroot has its hostname program (coming from Busybox) in /bin, but some Linux distributions (such as Fedora) use /usr/bin/hostname, causing the incorrect hostname paths above. This commit fixes that by passing the appropriate autoconf cache variable value. Signed-off-by:
-
Carlos Santos authored
Version 0.8.6 is a bugfix release including a nasty bug that has potential to crash applications when parsing certain URIs (like "//:%aa@", excluding quotes). For more details please check the change log at https://github.com/uriparser/uriparser/blob/uriparser-0.8.6/ChangeLog Signed-off-by:Carlos Santos <casantos@datacom.com.br> Signed-off-by:
-
Frank Hunleth authored
Fixes CVE-2018-14447: https://github.com/martinh/libconfuse/issues/109 Signed-off-by:
Frank Hunleth <fhunleth@troodon-software.com> Signed-off-by:
-
Gwenhael Goavec-Merou authored
Since b7f1b030 host-python-cheetah is no more a dependency for gnuradio. So this package must be explicitly added for gr-osmosdr. Fix : http://autobuild.buildroot.net/results/aa208a69996548c15d937fc7c97d267162a56c48/ Signed-off-by:
Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com> Signed-off-by:
-
Mirza Krak authored
This is used when calling the mender client with the -version option and it says "unknown" if not set in linker. Now it displays the following: # mender -version 1.4.0 runtime: go1.10.2 Signed-off-by: -
Mirza Krak authored
Also added license checksums in mender.hash Signed-off-by:
-
Mirza Krak authored
These files are part of Mender sources and no point in keeping duplicate files locally. Signed-off-by:
-
Mirza Krak authored
Tenant Token is a configuration option that has to do with Hosted Mender, where you you need to set this for the devices to connect to the correct organization in a multi-tenant system. The removal of tenant.conf usage (and /var/lib/mender/authtentoken) was in Mender client version 1.2.0, where it was switched to be an mender.conf option instead as the example above demonstrates. As the first version that was integrated in Buildroot was 1.4.0, the inclusion of tenant.conf and the creation of the symlink is not necessary. Now it is specified as such in mender.conf: Example: /etc/mender/mender.conf { TenantToken: "very long base64 encoded string" } Signed-off-by:
-
