Compare commits

..

144 Commits

Author SHA1 Message Date
Peter Korsgaard f44524f61a Update for 2018.02.3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-18 19:43:04 +02:00
Yann E. MORIN 31bdd82f84 package/elf2flt: replace hard-links with copies to fix rpath
Do for elf2flt what we did for binutils: replace the hardlinks (which
break rpath handling) with copies of the individaul tools.

See previous commit (package/binutils: switch from symlinks to copies
and commit f9cffb6af4 (binutils: replace hard-links with soft-links to
fix rpath) for the complete story.

Fixes: #11031.

Reported-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b370693400)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-18 10:07:39 +02:00
Yann E. MORIN a85d9fd851 package/binutils: switch from symlinks to copies to fix rpath
Commit f9cffb6af4 (binutils: replace hard-links with soft-links to fix
rpath) has a side effect that when we build for a noMMU target, elf2flt
will in turn replace some of the programs installed by binutils, with
its own wrappers.

For example, it will rename host/TUPLE/bin/ld to ld.real, and add its
own wrapper in place of the original. It does the same for
host/bin/TUPLE-ld and host/bin/TUPLE-ld.real.

However, we had already made ld a symlink to ../../bin/TUPLE-ld, so
host/TUPLE/bin/ld.real will still point to host/bin/TUPLE-ld when we
want it to point to ld.real instead...

This ultimately confuses gcc later on.

Of course, the culprit is also elf2flt, which also installs similar
hardlinks that would ultimately exhibit the same rpath issue as the
one fixed by f9cffb6af4. Note: we haven't had an issue so far with
that, because those tools installed by elf2flt only link with libz,
which is most often present on the host system. So, all seem well,
but is nonetheless broken; this will be fixed in a subsequent commit.

But back on topic. If we were to fix elf2flt with similar symlinks,
gcc still gets confused. The underlying reason for this confusion is
not entirely clear, though... It looks like something is trying to
dereference symlinks and gets confused by the result somehow...

So, in an attempt to restore some sanity in all this mess, we try to
restore the previous behaviour, we no longer use symlinks but just copy
the individual tools.

Fixes: #11031.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bb0164a8b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-18 10:04:59 +02:00
Fabrice Fontaine 9011938a27 cups-filters: bump to version 1.20.3
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2b4b01d7fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-18 06:53:57 +02:00
Olivier Schonken ea0b759059 cups-filters: Add patch to remove relative symbolic link from install
On older build systems with old coreutils, using relative symbolic link
(ln -r) does not work, and causes failed builds. Workaround is to use
normal symbolic link with a relative path. e.g. ../../$(BINDIR)

This fix is dependent on bumping cups-filters version to 1.20.1 because
of autotools issue with Makefile.am changes.

Fixes:
http://autobuild.buildroot.net/results/77a6369f3530a2a6a055f7fd664f1ad424274d77

Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ef60ef83c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-18 06:53:50 +02:00
Olivier Schonken 5eaf3e000a cups-filters: bump to 1.20.1
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit db1d9da6d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-18 06:53:38 +02:00
Peter Korsgaard 023442a669 libressl: security bump to version 2.6.5
Fixes CVE-2018-0495: ECDSA signing side-channel attack.

For more details, see the release notes:

http://bsdsec.net/articles/libressl-2-7-4-2-6-5-released

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 20:29:38 +02:00
Petr Vorel 0b7282600f network-manager: fix package prompt name
Rename the prompt string for consistency with the package directory
name.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b5da9637ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:45:03 +02:00
Martin Bark 2a42e5af7b package/nodejs: security bump to version 8.11.3
Fixes the following security issues:

- (CVE-2018-7167): Fixes Denial of Service vulnerability where calling
  Buffer.fill() could hang

- (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the
  http2 implementation to not crash under certain circumstances during
  cleanup

- (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading
  nghttp2 to 1.32.0

See https://nodejs.org/en/blog/release/v8.11.3/ for more details

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 64baf3def7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:44:54 +02:00
Bernd Kuhls e06917c072 linux-headers: bump 4.{4, 9, 14, 16, 17}.x series
[Peter: drop 4.16.x/17.x change]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a5a9beb7d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:44:36 +02:00
Bernd Kuhls 3a3f31ca46 package/python: bump version to 2.7.15
Rebased patch 0009, removed patch 0035 after upstream commit
https://github.com/python/cpython/commit/0b91f8a668201fc58fa732b8acc496caedfdbae0

Updated license hash after 2018 bump.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5f6f32968e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:43:45 +02:00
Peter Korsgaard e9102f069d redis: security bump to version 3.2.12
>From the release notes:

================================================================================
Redis 3.2.12     Released Wed Jun 13 12:43:01 CEST 2018
================================================================================

Upgrade urgency CRITICAL:

* Multilple security issues fixed.
* Backport of an older AOF fsync=always fix. Check 4.x release notes.
* Backport of a *SCAN bug. Sometimes elements could be missing from the scan.
* Other minor things.

https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES

For more details about the lua related security issues, see the blog:

http://antirez.com/news/119

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3bf2745a0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:41:32 +02:00
Baruch Siach cde3ec2378 libgcrypt: security bump to version 1.8.3
Fixes CVE-2018-0495: ECDSA signing side-channel attack.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b6543b5fdf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:40:59 +02:00
Fabrice Fontaine 285fdcca71 docs/manual: fix scancpan path
scancpan is now in utils not in supports/scripts

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f4b4f77e84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:40:12 +02:00
Baruch Siach c716a6bd9d file: add upstream security fix
Fixes CVE-2018-10360: The do_core_note function in readelf.c in
libmagic.a in file 5.33 allows remote attackers to cause a denial of
service (out-of-bounds read and application crash) via a crafted ELF
file.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 89be4c7b0e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:39:55 +02:00
Bernd Kuhls 21e768411c package/file: bump version to 5.33
Added license hashes, added optional dependency to libseccomp provided
by upstream in this version bump.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit eacca09a8a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:39:49 +02:00
Peter Korsgaard 24fa6b9970 perl: add upstream security fix for CVE-2018-12015
Fixes CVE-2018-12015 - In Perl through 5.26.2, the Archive::Tar module
allows remote attackers to bypass a directory-traversal protection
mechanism, and overwrite arbitrary files, via an archive file containing a
symlink and a regular file with the same name.

Patch from
https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
with path rewritten to match perl tarball.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 66760f2734)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:39:35 +02:00
Francois Perrad f35d38bc4a perl: bump to version 5.26.2
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b661a5477e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:39:29 +02:00
Fabio Estevam 5522812dc6 linux-headers: bump 4.{4, 9}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 78117a553b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:37:15 +02:00
Baruch Siach 9b1232002c f2fs-tools: update homepage link
As noted in the sourceforge page, the project is not using sourceforge
anymore. Use the gitweb summary page instead.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a74a41d834)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:37:04 +02:00
Fabio Estevam 85b150081d linux-headers: bump 4.{14, 16, 17}.x series
[Peter: drop 4.16.x/17.x change]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0fee303fff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:36:44 +02:00
Carlos Santos 5e40e129d3 board/synopsys: synchronize custom inittab with BusyBox' one
Apply modifications made in recent commits:

- 456ea9871e busybox: add /dev/std{in, out, err} symlinks to inittab
- 13dbe73782 busybox: reduce number of mkdir calls in inittab
- 8a89d290d4 busybox: add an inittab entry to activate swap

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a3df894e83)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:35:28 +02:00
Carlos Santos 27e91a6cd6 busybox: add an inittab entry to activate swap
There is a call to swapoff in the shutdown sequence, so call "swapon -a"
on startup. As stated in the swapon man page,

   All devices marked as "swap" in /etc/fstab are made available, except
   for those with the "noauto" option. Devices that are already being
   used as swap are silently skipped.

So even if the system has some init script to start/stop swap (e.g. from
a rootfs ovelay) calling swapon/swapoff would be harmless.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d524cc7d9d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:34:57 +02:00
Carlos Santos 5456704d4f sysvinit: add an inittab entry to activate swap
There is a call to swapoff in the shutdown sequence, so call "swapon -a"
on startup. As stated in the swapon man page,

   All devices marked as "swap" in /etc/fstab are made available, except
   for those with the "noauto" option. Devices that are already being
   used as swap are silently skipped.

So even if the system has some init script to start/stop swap (e.g. from
a rootfs ovelay) calling swapon/swapoff would be harmless.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d2a091c96b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:34:49 +02:00
Jörg Krause 0e4940d5f2 sysvinit: add /dev/std{in, out, err} symlinks to inittab
Some applications, e.g. bashs process subsitution feature, rely on the
convention of `/dev/fd` being a symbolic link to `/proc/self/fd`.

This symbolic link and his companions `/dev/std*` are created by (e)udev [1],
but not by mdev, resulting in the following error when using the following
expression:

```
bash: /dev/fd/62: No such file or directory
```

For the sake of simplicity, lets fix this by creating the symlinks in inittab.
It is only really needed if eudev isn't used, but it doesn't really hurt to
create them even if eudev will recreate them afterwards.

Note, that we do not create the symlink `/dev/core` as `/proc/kcore` is
not available on all platforms, e.g. ARM, and the feature is not much
appreciated [2].

[1] https://github.com/gentoo/eudev/blob/8943501993322c59a6eb5be456b0d716aafff21e/src/shared/dev-setup.c#L35-L40
[2] https://lwn.net/Articles/45315/

[Peter: redirect errors to /dev/null for ro rootfs]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 6919fc5566)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:34:32 +02:00
Jörg Krause 66e9e291a8 busybox: add /dev/std{in, out, err} symlinks to inittab
Some applications, e.g. bashs process subsitution feature, rely on the
convention of `/dev/fd` being a symbolic link to `/proc/self/fd`.

This symbolic link and his companions `/dev/std*` are created by (e)udev [1],
but not by mdev, resulting in the following error when using the following
expression:

```
bash: /dev/fd/62: No such file or directory
```

For the sake of simplicity, lets fix this by creating the symlinks in inittab.
It is only really needed if eudev isn't used, but it doesn't really hurt to
create them even if eudev will recreate them afterwards.

Note, that we do not create the symlink `/dev/core` as `/proc/kcore` is
not available on all platforms, e.g. ARM, and the feature is not much
appreciated [2].

[1] https://github.com/gentoo/eudev/blob/8943501993322c59a6eb5be456b0d716aafff21e/src/shared/dev-setup.c#L35-L40
[2] https://lwn.net/Articles/45315/

[Peter: redirect output (errors) to /dev/null for ro rootfs]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 456ea9871e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:34:14 +02:00
Carlos Santos e51711a79b sysvinit: reduce number of mkdir calls in inittab
The default sysvinit inittab does two separate mkdir calls to create
/dev/pts and /dev/shm. Reduce this to call mkdir only once for both
directories.

This removes id "si3" but keeps ids "si4".."si9" intact rather than
renumbering them. This would just increase the turmoil without any
practical effect.

Based on commit e9db8122fb, by Florian La Roche <F.LaRoche@pilz.de>.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dc267db6ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:32:05 +02:00
Baruch Siach 56be42df17 triggerhappy: use target pkg-config
triggerhappy uses pkg-config to detect the systemd library. Make sure it
uses the target pkg-config, not the host one.

Fixes build failure when the host has systemd pkg-config files:

.../host/bin/arm-linux-gcc -static  th-cmd.o cmdsocket.o  -lsystemd -o th-cmd
.../host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/6.4.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: cannot find -lsystemd

Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b4a7145b0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:30:55 +02:00
Baruch Siach e15f712c32 gnupg: security bump to version 1.4.23
Fixes CVE-2018-12020: Unsanitized file names might cause injection of
terminal control characters into the status output of gnupg.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0647268416)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:30:19 +02:00
Baruch Siach 80bfea32d4 gnupg2: security bump to version 2.2.8
Fixes CVE-2018-12020: Unsanitized file names might cause injection of
terminal control characters into the status output of gnupg.

Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b78a365b56)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:29:50 +02:00
Baruch Siach ed6a8900dd gnupg2: bump to version 2.2.7
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 429c6f21b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:29:45 +02:00
Yann E. MORIN 5f186a3a22 docs/manual: always point to the correct license file
The manual is GPL-2, and points to the COPYING file in the repository.
When we do a rendering of the manual for a specific version, that URL
is currently always poitning to the latest version of the COPYING file.

If we ever have to change the content of that file (e.g. to add a new
exception, more clarifications, a license change, or whatever), then
an old manual would point to that newer version, which would then be
incorrect.

Include the sha1 of the commit in the URL, so that the manual always
point to the tree at the time the manual was rendered, not the time
it is consulted. Contrary to the informative text above, use the full
sha1, not the shortened one.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 529219ba96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:29:02 +02:00
Peter Korsgaard 6de0560cb6 libvncserver: add upstream security fix for CVE-2018-7225
Fixes CVE-2018-7225 - An issue was discovered in LibVNCServer through
0.9.11.  rfbProcessClientNormalMessage() in rfbserver.c does not sanitize
msg.cct.length, leading to access to uninitialized and potentially sensitive
data or possibly unspecified other impact (e.g., an integer overflow) via
specially crafted VNC packets.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a4f7700f0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:28:28 +02:00
Bernd Kuhls ee27092a56 package/mpg123: security bump to version 1.25.10
Version 1.25.4 fixes CVE-2017-9545, for details see release notes:
http://www.mpg123.org/cgi-bin/news.cgi

Added upstream hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cb67c1d55b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:28:12 +02:00
Bernd Kuhls c602b73cf9 package/imagemagick: security bump to version 7.0.7-38
Fixes CVE-2018-11625, CVE-2018-11624 & CVE-2018-10177.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c3387c59bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:27:53 +02:00
Peter Korsgaard a1c134e327 mariadb: security bump version to 10.1.33
Release notes: https://mariadb.com/kb/en/mariadb-10133-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10133-changelog/

Fixes the following security vulnerabilities:

CVE-2018-2782 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.39 and
prior and 5.7.21 and prior.  Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Server.  Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2018-2784 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.39 and
prior and 5.7.21 and prior.  Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Server.  Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2018-2787 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.39 and
prior and 5.7.21 and prior.  Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server.  Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server as well as unauthorized update, insert or
delete access to some of MySQL Server accessible data.

CVE-2018-2766 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.39 and
prior and 5.7.21 and prior.  Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server.  Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2018-2755 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication).  Supported versions that are affected
are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Difficult to
exploit vulnerability allows unauthenticated attacker with logon to the
infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks require human interaction from a person other than the
attacker and while the vulnerability is in MySQL Server, attacks may
significantly impact additional products.  Successful attacks of this
vulnerability can result in takeover of MySQL Server.

CVE-2018-2819 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.5.59 and
prior, 5.6.39 and prior and 5.7.21 and prior.  Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2817 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2761 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client programs).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Difficult to
exploit vulnerability allows unauthenticated attacker with network access
via multiple protocols to compromise MySQL Server.  Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2781 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Easily exploitable
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2771 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Locking).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Difficult to
exploit vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server.  Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2813 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized read access to a subset of MySQL
Server accessible data.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5fbacdd59f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:27:05 +02:00
Ryan Coe a2b8f69cfc mariadb: bump version to 10.1.32
Release notes: https://mariadb.com/kb/en/mariadb-10132-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10132-changelog/

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3f37dd7c3b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:26:59 +02:00
Bernd Kuhls c5d023f659 package/libvorbis: add upstream security patch to fix CVE-2017-14160
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dc7f871574)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:26:14 +02:00
Fabio Estevam 3ca7c547b2 linux-headers: bump 4.{4, 9}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 690c08b696)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:25:38 +02:00
Fabrice Fontaine fc64852293 libxslt: security bump to version 1.3.2
- Fix CVE-2017-5029
- Remove first patch (already in version)
- Add a dependency to host-pkgconf and remove libxml2 options: see
  https://github.com/GNOME/libxslt/commit/abf537ebb2296cd3ae89989a17b0e1b5c79db107
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eca8704dcf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:25:15 +02:00
Carlos Santos 7774ca1cb2 netplug: prevent starting multiple instances of netplugd
Executing "/etc/init.d/S29netplug start" multiple times resulted in
multiple instances of netplugd.

Pass "-p /var/run/netplug.pid" to netplugd, so it creates the PID file
that start-stop-daemon needs to know that netplugd is already running.
Also use the pid file to stop netplugd, instead of the daemon name.

Fixes https://bugs.busybox.net/show_bug.cgi?id=10661

Reported-by: Joachim Krueger <mail2k@web.de>
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3c6a5bdd3e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:24:51 +02:00
Carlos Santos f727f28cb5 netplug: look for init script configurations in /etc/default/
We are working to make all sysvinit scripts conformant to a pattern and
/etc/default/ seems to be a good choice, since 34 packages already get
optional configurations from files at that directory.

netplug still installs an init script at /etc/rc.d/init.d/.  This will
be fixed in a future patch that will refactor the init scripts.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4adaa581b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:24:45 +02:00
Carlos Santos e357711fa7 netplug: don't test if the binary exists in the init script
The test doesn't make sense. It just exits without any error if the
binary doesn't exist, which is silly.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b77c9d265e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:24:40 +02:00
Fabio Estevam d025607cc0 linux-headers: bump 3.2.x and 4.{4, 9, 14, 16}.x series
[Peter: drop 4.16.x change]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0326a06bea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:22:06 +02:00
Florian La Roche 8c751db361 skeleton: PAGER without blank and unset at end of for loop
The PAGER environment variable is including a blank character at the
end. Remove this.
A for loop has been unsetting the variable inside the loop, this is only
needed once at the end of the loop.

Signed-off-by: Florian La Roche <F.LaRoche@pilz.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 903b8446a8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:19:52 +02:00
Florian La Roche a765cfb34d busybox: reduce number of mkdir calls in inittab
The default busybox inittab does two separate mkdir calls
to create /dev/pts and /dev/shm. Reduce this to call mkdir
only once for both directories.

Signed-off-by: Florian La Roche <F.LaRoche@pilz.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 13dbe73782)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:19:42 +02:00
Florian La Roche 42249d0941 busybox: fix usage string in S01logging
In busybox fix the S01logging usage text to
document the "reload" target.

Signed-off-by: Florian La Roche <F.LaRoche@pilz.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c7963858ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:19:09 +02:00
Carlos Santos e8bb8519ad audit: do not remove file installed by netplug
The package recipe uses a post-install hook to remove useless files from
$(TARGET_DIR)/etc/rc.d/init.d and $(TARGET_DIR)/etc/sysconfig. This may
damage packages that install useful files on those directories (such as
netplug, which installs $(TARGET_DIR)/etc/rc.d/init.d/netplugd).

In the future[1] we will reorganize the init scripts and possibly get
rid of /etc/rc.d and /etc/sysconfig but for the moment let's restrict
the file removal to those installed by audit.

1. http://lists.busybox.net/pipermail/buildroot/2018-May/221549.html

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 49844baf2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:17:23 +02:00
Peter Korsgaard a28cf4af32 wireshark: security bump to version 2.2.15
Fixes the following security issues:

CVE-2018-11362: LDSS dissector crash
https://www.wireshark.org/security/wnpa-sec-2018-25.html

CVE-2018-11357: Multiple dissectors could consume excessive memory
https://www.wireshark.org/security/wnpa-sec-2018-28.html

CVE-2018-11356: DNS dissector crash
https://www.wireshark.org/security/wnpa-sec-2018-29.html

CVE-2018-11360: GSM A DTAP dissector crash
https://www.wireshark.org/security/wnpa-sec-2018-30.html

CVE-2018-11358: Q.931 dissector crash
https://www.wireshark.org/security/wnpa-sec-2018-31.html

CVE-2018-11359: Multiple dissectors could crash
https://www.wireshark.org/security/wnpa-sec-2018-33.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1f47aa89f9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:16:38 +02:00
Fabrice Fontaine 64ba5b40a4 php-amqp: needs openssl support in rabbitmq-c
Since version 1.8.0, php-amqp needs a rabbitmq-c with openssl support:
https://github.com/pdezwart/php-amqp/issues/310

SSL support is disabled in rabbitmq-c if BR2_STATIC_LIBS is set however
don't add an unneeded !BR2_STATIC_LIBS dependency in Config.in as all
PHP External Extensions depends on !BR2_STATIC_LIBS
(see package/Config.in)

Fixes:
 - http://autobuild.buildroot.net/results/b7c89bbbd0ca1df08dd7cbfc90c7b45dcf1fad05

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d93305744b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:14:36 +02:00
Zoltan Gyarmati abb169750f DEVELOPERS: update my e-mail address
Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0a0812db05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:13:08 +02:00
Baruch Siach 94a4b18e7a cifs-utils: disable man page generation
Buildroot does not generate documentation for target.

This fixes the build on hosts where the rst2man command does not support
the --syntax-highlight parameter.

Fixes:
http://autobuild.buildroot.net/results/265/2655c0e1fa3ad0a10b4aed39a17feead94e47bfb/
http://autobuild.buildroot.net/results/92d/92d7c608f717bbfe01ecfb9bc9604cb303d8594c/
http://autobuild.buildroot.net/results/4b9/4b95404a89a595ca9c1e3df912169e9d36ff2bd7/

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 57d16fd480)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:12:50 +02:00
Martin Bark afbdb20150 package/nodejs: bump version to 8.11.2
See https://nodejs.org/en/blog/release/v8.11.2/

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1d4eb844e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 17:05:32 +02:00
Peter Korsgaard cbdad97e18 linux: reword binutils 2.29+ comment
This issue only applies to kernels built with CONFIG_THUMB2=y, so reword the
comment to make that more clear.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d937f908f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:53:26 +02:00
Yann E. MORIN 0bc221581c linux: may fail to boot for binutils 2.29+ even without armv7m
Commit f13477b (linux: config.in: add comment for Arm Cortex-M) added a
comment so that the user that the linux kernel may miscompile with
binutils 2.29+, when the target is an armv7m CPU.

However, the real trigger is a compilation in thumb2 mode, which happens
to be the only option for armv7m CPUs.

We can't know whether the kernel will be built in arm or thumb2 mode,
though, because we do not have that information: it is only available in
the Linux' .config file, which we don;t have access to at the time we
run our menuconfig.

So, relax the conditions under which the comment is made, so that it
appears as soon as binutils are >= 2.29 (i.e. not 2.28, which is the
oldest we support) for ARM CPUs.

[Peter: reword comment]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
Cc: Laurent GONZALEZ <br22@gezedo.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit c2c0623bff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:53:05 +02:00
Yann E. MORIN 2e49c98230 package/binutils: extend the 2.28 default to thumb mode
Commit 17f352ac (package/binutils: default to 2.29 for Cortex-M targets)
made the default version 2.28 (and not 2.29!) when the target is an
arm-v7m CPU.

However, the real trigger is compilation in Thumb mode, not the fact
that the target is v7m.

The fact that it was noticed on a v7m target is because Thumb is the
only mode valid on those CPUs.

Tighten the defaults to 2.28 for Thumb and Thumb2 modes.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Laurent GONZALEZ <br22@gezedo.com>
Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3dbc5a6279)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:50:33 +02:00
Christophe PRIOUZEAU e58263e48d linux: config.in: add comment for Arm Cortex-M
When binutils > 2.28 are selected on Arm Cortex-M cpu,
linux kernel does not boot due to a new implementation
of 'adr pseudo instruction' on binutils.

Bugzilla thread: https://bugs.busybox.net/show_bug.cgi?id=11051

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f13477b68f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:50:11 +02:00
Laurent GONZALEZ b3dddb0a78 package/binutils: default to 2.28 for Cortex-M targets
binutils 2.29 changed the implementation of adr pseudo instruction
it breaks linux kernel and impacts Cortex-M targets (eg. stm32)

[Peter: simplify Config.in logic, adjust message to make it clear this is
	just a default]
Signed-off-by: Laurent GONZALEZ <br22@gezedo.com>
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 17f352acde)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:49:49 +02:00
Fabrice Fontaine 7e4e64a171 jpeg-turbo: add license details
- jpeg-turbo is covered by 3 licenses: IJG (libjpeg),
  BSD-3-Clause (TurboJPEG) and Zlib (SIMD)
- Add README.ijg
- Add hash for license files

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca668476b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:49:21 +02:00
Fabrice Fontaine 0497d7834f libjpeg: use SPDX short identifier
Use IJG instead of jpeg-license

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1350678212)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:49:14 +02:00
Arnout Vandecappelle (Essensium/Mind) 05ea70bf27 package/expect: download tarball instead of cvs
More than 3 years after the 5.45.3 release, a tarball for that release
was uploaded to sourceforge.net. The differences between this tarball
and the CVS checkout are minimal:

- There are no CVS directories, of course, but we don't need them.
- File timestamps are different.
- expect.tests is missing, but we don't execute tests anyway.
- configure script is different, but we AUTORECONF anyway.
- 'fixcat' script is missing, but it is not called anywhere.

Since sourceforge.net has broken CVS downloads, now is a good time to
switch away from it.

While we're at it, add a hash file including license.

Fixes:
http://autobuild.buildroot.net/results/db3/db33d4fa507fb3b4132423cd0a7e25a1fe6e4105
http://autobuild.buildroot.net/results/b6d/b6d927dcc73ac8d754422577dacefff4ff918a5c
http://autobuild.buildroot.net/results/23d/23d1034b33d0354de15de2ec4a8ccd0603e8db78
http://autobuild.buildroot.net/results/127/1272a3aa3077e434c9805ec3034f35e6fcc330d4

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 23ab6cb162)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:49:04 +02:00
Fabio Estevam 01ac9a17f3 linux-headers: bump 4.{1, 4, 9, 14, 16}.x series
[Peter: drop 4.16.x change]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8f038e6b30)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:48:09 +02:00
Peter Korsgaard 3a26f5fbd0 xen: security bump to version 4.10.1
The 4.10.1 version brings a large number of fixes:

https://www.xenproject.org/downloads/xen-archives/xen-project-410-series/xen-4101.html

Including a number of security fixes:

XSA-252: DoS via non-preemptable L3/L4 pagetable freeing (CVE-2018-7540)
XSA-253: x86: memory leak with MSR emulation (CVE-2018-5244)
XSA-254: Information leak via side effects of speculative execution
	 (CVE-2017-5753 CVE-2017-5715 CVE-2017-5754)
XSA-255: grant table v2 -> v1 transition may crash Xen (CVE-2018-7541)
XSA-256: x86 PVH guest without LAPIC may DoS the host (CVE-2018-7542)
XSA-258: Information leak via crafted user-supplied CDROM (CVE-2018-10472)
XSA-259: x86: PV guest may crash Xen with XPTI (CVE-2018-10471)

Also add a hash for the license file while we are at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 002348de68)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:47:22 +02:00
Romain Naour 42b061f2ec package/openvmtools: depend on host-nfs-utils
host-nfs-utils provides the host rpcgen utility. This fixes the build on
recent Fedora systems that removed rpcgen from the glibc package.

Fixes:
http://autobuild.buildroot.net/results/e21/e219b8bacb52bb661eb6663b82f549ed941f26fe

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6b02b8210a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:46:45 +02:00
Baruch Siach 0732985141 git: security bump to version 2.16.4
Forward port of security fixes from the 2.13.7 release. The 2.13.7
release notes say this:

 * Submodule "names" come from the untrusted .gitmodules file, but we
   blindly append them to $GIT_DIR/modules to create our on-disk repo
   paths. This means you can do bad things by putting "../" into the
   name. We now enforce some rules for submodule names which will cause
   Git to ignore these malicious names (CVE-2018-11235).

   Credit for finding this vulnerability and the proof of concept from
   which the test script was adapted goes to Etienne Stalmans.

 * It was possible to trick the code that sanity-checks paths on NTFS
   into reading random piece of memory (CVE-2018-11233).

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ae1f047295)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:46:11 +02:00
Bernd Kuhls 22b1015fcc package/git: bump version to 2.16.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9447e86618)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:46:04 +02:00
Yann E. MORIN 2f2097f111 package/dash: don't build in paralle
dash has races in its Makefile, but upstream is not too keen in fixing
those, and just suggests that dash not be built in parallel:

    https://www.mail-archive.com/dash@vger.kernel.org/msg01675.html

Fixes:
    http://autobuild.buildroot.org/results/793/7934c815a3009af688c2f1183e67dfe542c9a009/
    http://autobuild.buildroot.org/results/fc4/fc4e4ab47455ac47dd4a3a60083cec2848e74dbb/
    http://autobuild.buildroot.org/results/6bf/6bfdd44ea5d55a6ca3ef92254eab18c7c0416b7b/
    [...]

Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 50d443cbf7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:45:45 +02:00
Waldemar Brodkorb 01b411626e poppler: link with libatomic when needed
Following errors might occur on architectures required to use gcc libatomics:
sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line

This is often the case for sparcv8 32 bit toolchains.

See 55a9d6d558 and 03f6e005e6.

Fixes:
  http://autobuild.buildroot.net/results/64a96663a48ab644bc03c9a3ec2d6a644119dee6
  http://autobuild.buildroot.net/results/82e85e12478fc1972b70ad728ed7c1554920c9e3

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d28591a2ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:44:07 +02:00
Angelo Compagnucci 1f02de6ebc linux: bump Linux CIP to v4.4.130-cip23
This patch bump the Linux CIP kernel to version v4.4.130-cip23

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 299bdf6df8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:43:40 +02:00
Fabrice Fontaine aa5cd1acfb libcurl: fix build with ssh2 and static mbedtls
The ssh2 pkg-config file could contain the following lines when build
with a static version of mbedtls:
   Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a
   Libs.private: /xxx/libmbedcrypto.a

This static mbedtls library must be used to correctly detect ssh2
support and this library must be copied in libcurl.pc otherwise
compilation of any application (such as upmpdcli) with libcurl will fail
when trying to find mbedtls functions included in libssh2.

So, replace pkg-config --libs-only-l by pkg-config --libs.

Fixes:
 - http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 624603328a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:42:49 +02:00
Baruch Siach 810392718c libtirpc: use rpcgen from host-nfs-utils
Drop the patch adding local rpcgen. Instead use the host-nfs-utils
provided rpcgen. Update the patch "Automatically generate XDR header
files from .x sources using" to use external rpcgen.

Renumber the other patches.

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0965080fbc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:42:49 +02:00
Baruch Siach 55dbb1d627 autofs: depend on host-nfs-utils
host-nfs-utils provides the host rpcgen utility. This fixes the build on
recent Fedora systems that removed rpcgen from the glibc package.

Fixes:
http://autobuild.buildroot.net/results/383/383bc8462f32a226645c9b792b8d65a25d74529d/
http://autobuild.buildroot.net/results/0c0/0c00f72512754b721813e13f0828d3a942f7b955/
http://autobuild.buildroot.net/results/50b/50b66d2a3c8264f618d7aa813b10050ed147209f/

Cc: Jonathan Ben Avraham <yba@tkos.co.il>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dec494f9f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:42:49 +02:00
Baruch Siach f283b5acf6 samba4: depend on host-nfs-utils
host-nfs-utils provides the host rpcgen utility. This fixes the build on
recent Fedora systems that removed rpcgen from the glibc package.

Fixes:
http://autobuild.buildroot.net/results/6f8/6f869b8c7c182dfe7f1a291b5952320504540ebf/
http://autobuild.buildroot.net/results/4c2/4c228dd6369e4fc11b798af6ab2abe06d7473b78/
http://autobuild.buildroot.net/results/489/489be441abd19fba2b0c39357e64a6adcf773b60/

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 60fc73adc7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:42:49 +02:00
Baruch Siach 507f5004fd quota: depend on host-nfs-utils
host-nfs-utils provides the host rpcgen utility. This fixes the build on
recent Fedora systems that removed rpcgen from the glibc package.

Fixes:
http://autobuild.buildroot.net/results/730/730acb23663ebbbaba847073979654670a8bc64c/
http://autobuild.buildroot.net/results/e49/e49932e9d958203d585cdddd795df06aad6ff3a9/
http://autobuild.buildroot.net/results/1b7/1b7dccf7b9742d1b9cb57bffe55eac5cfc66b15c/

Cc: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d200fabc5a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:42:49 +02:00
Baruch Siach 536613bf7f nfs-utils: add host package
We only need the host package for the rpcgen utility. glibc deprecated
this utility in version 2.26. Fedora has recently removed rpcgen from
its glibc package. So we need to build the rpcgen from the nfs-utils
package.

The removal of Sun RPC from glibc also removed RPC headers from glibc.
rpcgen needs two of these headers. Add host-libtirpc to provide the RPC
headers.

Tested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a0b92460c1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:42:49 +02:00
Baruch Siach 6da05a0dc3 libtirpc: add host package
The libtirpc host package is only for two headers that the host rpcgen
utility from the nfs-utils package needs to build. glibc used to provide
these headers. In version 2.26 glibc deprecated them with its bundled
Sun RPC. Recently Fedora stopped enabling Sun RPC in glibc. So we can no
longer rely on these headers being present on the host.

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4f50274e38)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-17 16:42:49 +02:00
Arnout Vandecappelle (Essensium/Mind) 619a722394 pkg-generic: error out with 'local' site method and no _SITE
The 'local' site method is easily confused with the 'file' site method,
making people create packages like this:

    FOO_SITE_METHOD = local
    FOO_SOURCE = foo.tar.gz

    $(eval $(generic-package))

Due to the intricacies of the generic package infra, this does not
cause an error; instead, the foo.tar.gz tarball that happens to be
present in the download directory will be used. This behaviour differs
greatly from what is specified in the manual.

Instead, error out immediately if a package specifies the 'local' site
method but does not specify a _SITE.

We check for _OVERRIDE_SRCDIR rather than checking for _SITE, just
after _OVERRIDE_SRCDIR has been set to _SITE. Indeed, a package that
sets _OVERRIDE_SRCDIR but not _SITE currently works correctly. There is
no reason to make it fail.

See also
https://stackoverflow.com/questions/50364655/including-patches-to-build-root

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 775929c988)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:08:58 +02:00
Fabio Estevam efc613d6b1 linux-headers: bump 4.4.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9ee9adc747)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:08:33 +02:00
Fabio Estevam 339c16b917 linux-headers: bump 4.{9, 14, 16}.x series
[Peter: drop 4.16.x change]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eba30b1db8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:08:18 +02:00
Baruch Siach 3782766df2 libcoap: needs host-pkgconf
The libcoap configure script uses pkg-config.

Fixes:
http://autobuild.buildroot.net/results/746/746c6dcbf3f941c7baa5b382bd264d830d839be1/
http://autobuild.buildroot.net/results/d98/d9840a22ae5eb6572b6641b93f8beadc27d2abb5/
http://autobuild.buildroot.net/results/905/905f122213ad9623ea5dd9d32c352efd151319f3/

Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 861103a1ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:07:23 +02:00
Fabio Estevam e8e53ec7c4 linux-headers: bump 4.{9, 14, 16}.x series
[Peter: drop 4.16.x change]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9e40a2d405)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:05:41 +02:00
Baruch Siach 48548d2c68 lrzsz: install symlinks for XMODEM and YMODEM
This sets the protocol choice according to the program invocation name.
That is the common lrzsz installation practice.

Cc: Matthew Starr <mstarr@hedonline.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6697e59403)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:05:09 +02:00
Baruch Siach 88ec06ad48 procps-ng: security bump to version 3.3.15
Drop upstream patch.

This release fixes the issues listed below.

CVE-2018-1122: Local privilege escalation in top

CVE-2018-1123: Denial of service in ps

CVE-2018-1124: Local privilege escalation in libprocps

CVE-2018-1125: Stack buffer overflow in pgrep

CVE-2018-1126: Integer overflow in proc/alloc

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fe07577181)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:04:23 +02:00
Baruch Siach 52e42fd71a procps-ng: fix build for sparc
Add a patch taken from upstream bug report to fix wrong signal undefined
in sparc.

Fixes:
http://autobuild.buildroot.net/results/b02/b02bd2e4032287d3c5c58255d621ef785c5d1380/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a9a64b7207)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:04:16 +02:00
Baruch Siach 53e038321c procps-ng: fix build without wide character support
Define OFF_XTRAWIDE to disable use of wchar API when the toolchain does
not support that.

Fixes:
http://autobuild.buildroot.net/results/b96/b96d29d64f455726a53a7adcfd3edd546346201c/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a76fb61aae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:04:02 +02:00
Baruch Siach b948d96fc1 procps-ng: bump to version 3.3.14
Drop upstream patches.

Add secure SHA256 hash.

Add license files hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 603a4922c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:03:55 +02:00
Peter Korsgaard 7eb3daddde wavpack: add upstream security fixes
Fixes the following security issues:

CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier.  The
WAV parser component contains a vulnerability that allows writing to memory
because ParseRiffHeaderConfig in riff.c does not reject multiple format
chunks.

CVE-2018-10537: An issue was discovered in WavPack 5.1.0 and earlier.  The
W64 parser component contains a vulnerability that allows writing to memory
because ParseWave64HeaderConfig in wave64.c does not reject multiple format
chunks.

CVE-2018-10538: An issue was discovered in WavPack 5.1.0 and earlier for WAV
input.  Out-of-bounds writes can occur because ParseRiffHeaderConfig in
riff.c does not validate the sizes of unknown chunks before attempting
memory allocation, related to a lack of integer-overflow protection within a
bytes_to_copy calculation and subsequent malloc call, leading to
insufficient memory allocation.

CVE-2018-10539: An issue was discovered in WavPack 5.1.0 and earlier for
DSDiff input.  Out-of-bounds writes can occur because
ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown
chunks before attempting memory allocation, related to a lack of
integer-overflow protection within a bytes_to_copy calculation and
subsequent malloc call, leading to insufficient memory allocation.

CVE-2018-10540: An issue was discovered in WavPack 5.1.0 and earlier for W64
input.  Out-of-bounds writes can occur because ParseWave64HeaderConfig in
wave64.c does not validate the sizes of unknown chunks before attempting
memory allocation, related to a lack of integer-overflow protection within a
bytes_to_copy calculation and subsequent malloc call, leading to
insufficient memory allocation.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bc73055757)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:02:07 +02:00
Fabio Estevam 5886f699b4 linux-headers: bump 4.{9, 14, 16}.x series
[Peter: drop 4.16.x change]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1d8afca9c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:01:26 +02:00
Thomas Petazzoni add9745f5b ltrace: fix visibility of Config.in comment
The BR2_PACKAGE_LTRACE option has some architecture dependencies, but
those architecture dependencies are not taken into account for the
Config.in comment.

To fix this, this commit introduces a BR2_PACKAGE_LTRACE_ARCH_SUPPORTS
hidden boolean that gets used by both the BR2_PACKAGE_LTRACE option
and the Config.in comment.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit af72a42b0a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 23:00:02 +02:00
Thomas Petazzoni 5c1326c653 ltrace: remove bogus comment in Config.in file
In commit dfaa18af00 ("ltrace: disable
on mips/mipsel"), ltrace was disabled on mips/mipsel due to build
issues, and a comment was added in the Config.in file to explain that
even though ltrace has mips/mipsel support, it isn't enabled because
it doesn't build.

Then, in commit d23cce19c2 ("ltrace:
enable for mips/mipsel"), the build of ltrace on mips/mipsel was
re-enabled, because it has been fixed upstream.

However, the comment in the Config.in comment was not removed in this
commit. Due to this, we have a comment that says "we don't allow
enabling ltrace on mips/mipsel" and the line right below precisely
allows to enable ltrace on mips/mipsel.

Fix this inconsistency by removing the no longer valid comment.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0f711e71c2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:59:48 +02:00
Bernd Kuhls 079773ed15 package/transmission: remove BR2_PACKAGE_TRANSMISSION_REMOTE
Commit 6e223241e1 ("Add Transmission
package"), which added the transmission package, introduced a
BR2_PACKAGE_TRANSMISSION_REMOTE Config.in option, supposedly matching
the --enable-remote/--disable-remote transmission option.

However, transmission as of version 2.33 packaged by this initial
commit, did not have a --enable-remote/--disable-remote option, and it
was apparently never part of transmission.

Therefore, this commit removes this useless option. Since the
transmission-remote tool is automatically built when the daemon is
enabled, the Config.in.legacy handling selects
BR2_PACKAGE_TRANSMISSION_DAEMON.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 79a678d774)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:57:19 +02:00
Bernd Kuhls e7c5ad5d1a package/transmission: fix inotify configure option
The configure option is really called --with-inotify:
https://github.com/transmission/transmission/blob/2.9x/configure.ac#L211

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit acadbe6393)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:55:29 +02:00
Bernd Kuhls 1e3e52d303 package/transmission: fix systemd support
Patch 0006-libsystemd.patch backports an upstream commit which renames
the systemd configure option.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b27bcedccb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:55:20 +02:00
Carlos Santos d3814a9885 transmission: don't test if the binary exists in the init script
The test doesn't make sense. It just exits without any error if the
binary doesn't exist, which is silly.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 296f148c15)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:55:12 +02:00
Fabrice Fontaine 9902742bcc zmqpp: fix build with or1k and gcc < 6
Use CONFIG variable to disable optimizations when or1k and gcc < 6 are
detected otherwise set CONFIG to release or debug depending on
BR2_ENABLE_DEBUG

Fixes:
 - http://autobuild.buildroot.net/results/523e58eefba7ef23a09ef53160da22190ccbb098

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7ab59879c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:53:37 +02:00
Fabrice Fontaine 15cd727841 mbedtls: security bump to version 2.7.3
Extract from release announcement:

- (2.9, 2.7, 2.1) Fixed an issue in the X.509 module which could lead
to a buffer overread during certificate validation. Additionally, the
issue could also lead to unnecessary callback checks being made or to
some validation checks to be omitted. The overread could be triggered
remotely, while the other issues would require a non DER-compliant
certificate to be correctly signed by a trusted CA, or a trusted CA with
a non DER-compliant certificate. Found by luocm. Fixes #825.

- (2.9, 2.7, 2.1) Fixed the buffer length assertion in the
ssl_parse_certificate_request() function which could lead to an
arbitrary overread of the message buffer. The overreads could be caused
by receiving a malformed algorithms section which was too short. In
builds with debug output, this overread data was output with the debug
data.

- (2.9, 2.7, 2.1) Fixed a client-side bug in the validation of the
server's ciphersuite choice which could potentially lead to the client
accepting a ciphersuite it didn't offer or a ciphersuite that could not
be used with the TLS or DTLS version chosen by the server. This could
lead to corruption of internal data structures for some configurations.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a335d32a5f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:50:06 +02:00
Anssi Hannula 61b59be74e gdb: actually disable gdbserver if BR2_PACKAGE_GDB_SERVER is unset
The gdb configure script is given --enable-gdbserver when
BR2_PACKAGE_GDB_SERVER is set, but it is not given --disable-gdbserver
when BR2_PACKAGE_GDB_SERVER is unset.

gdb gdb/configure.ac defaults to enabling gdbserver in "native"
(host=target) cases, which is always the case when buildroot builds a
gdb which runs on the target hardware. The gdbserver will overwrite
BR2_TOOLCHAIN_EXTERNAL_GDB_SERVER_COPY gdbserver, if any.

Fix that by passing --disable-gdbserver when BR2_PACKAGE_GDB_SERVER is
unset.

Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9c7ce893a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:46:18 +02:00
Baruch Siach 8fd0f9c985 nfs-utils: update homepage link
The linux-nfs project switched to a new homepage. Update the help text
link.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0d7757110a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:45:46 +02:00
Thomas Petazzoni fdf92bd616 faketime: add patch to disable -Werror
faketime currently doesn't build on host machines that use gcc 8.x due
to stricter checks done by gcc, and the fact that it is built with
-Werror.

As a simple stop-gap measure, this commit patches the faketime
Makefile to not use -Werror anymore.

The actual fixes for the gcc 8.x issues have been submitted upstream
at https://github.com/wolfcw/libfaketime/pull/161, but disabling
-Werror is a much smaller fix.

Also, it is worth mentioning that removing -Werror makes the existing
patch 0001-Disable-the-non-null-compare-warning-error.patch (which was
just disabling one specific warning). We nonetheless keep this patch
around as it is a backport from upstream.

Fixes:

  http://autobuild.buildroot.net/results/bd223dfa1c4baa68e427d4941bd2e9917e22da84/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 968f2fbd7d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:45:30 +02:00
Baruch Siach 33bd7b2e0e libcurl: security bump to version 7.60.0
Drop upstream patch.

This release fixes the security issues listed below.

CVE-2018-1000300: curl might overflow a heap based memory buffer when
closing down an FTP connection with very long server command replies.

  https://curl.haxx.se/docs/adv_2018-82c2.html

CVE-2018-1000301: curl can be tricked into reading data beyond the end
of a heap based buffer used to store downloaded content.

  https://curl.haxx.se/docs/adv_2018-b138.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 051e2f2d0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:44:05 +02:00
Thomas Petazzoni 48633704fc libnss: backport upstream patch to fix build with gcc 8.x
This commit backports upstream patch
https://github.com/nss-dev/nss/commit/f0ce70989526fc9a0223398c99ea0d09777ea5df
to our libnss package to fix the build with gcc 8.x.

Fixes:

  http://autobuild.buildroot.net/results/1ca35171200286fa032b24606aaa50de6a2d449e/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 45cf64ca0c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:40:29 +02:00
Thomas Petazzoni f8d6236573 exim: do not link buildconfig with $(LIBS)
The existing patch 0001-Build-buildconfig-for-the-host.patch changes
the exim build system to use the host compiler to build the
"buildconfig" program instead of the cross-compiler.

However, it still uses $(LIBS) which lists the target libraries to
link with, which shouldn't be used. Since buildconfig doesn't use any
library beyond the C library, we can simply drop using $(LIBS).

This will fix build failures of exim on Fedora 28, where libnsl is no
longer provided by the C library, causing build failures such as:

/usr/bin/gcc buildconfig.c
/usr/bin/ld: cannot find -lnsl

Fixes:

  http://autobuild.buildroot.net/results/ac78fe18657558b3c12c03c08bf1081d7c06ca85/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b872d829d0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:37:15 +02:00
Arnout Vandecappelle (Essensium/Mind) 06ae66a6e3 linux: don't override HOSTCC for kconfig
Kconfig uses either pkg-config or hard-coded /usr/include paths to find
the ncurses or ncursesw library. If ncursesw is found, it will include
<ncursesw.h>. Since Buildroot's host-ncurses doesn't install a .pc file,
and linux.mk anyway doesn't pass the pkg-config options to find the host
pkg-config files, Kconfig will always find the system's ncursesw.h.

However, since commit dde090c299 (linux: fix passing of host CFLAGS and
LDFLAGS) HOST_LDFLAGS is passed to the linux build system. Thus, if
host-ncurses was already built before 'make linux-menuconfig' is called,
the build will pick up libncurses from the host directory, which is NOT
widechar. Thus, two different ncurses configurations are mixed into the
final mconf program. This will result in serious breakage in the
rendering of the menus (lots of @ and question mark characters).

As a workaround (suggested by Yann), don't pass HOST_CFLAGS and
HOST_LDFLAGS when running kconfig commands. For kconfig, we should never
need host packages anyway. This way, the kconfig calls will always use
the system's ncurses and never our host-ncurses.

Note that the same problem could pop up for other kconfig packages as
well if we ever pass HOST_CFLAGS/HOST_LDFLAGS to them. We could force
HOSTCC=$(HOSTCC) directly in kconfig-package. However, for now there
are no other packages that exhibit this problem, so this can be
revisited when they do.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: David De Grave <david.degrave@essensium.com>
Cc: Scott Fan <fancp2007@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6d3d09e232)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:36:07 +02:00
Bernd Kuhls a02c6dd82d package/asterisk: Fix issues building without SSL
Fixes
http://autobuild.buildroot.net/results/7d0/7d069dd5629e406cecd17bacfa818e7c8e6b2064/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c27ed9f618)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:35:15 +02:00
Baruch Siach 8db468af4c glibc: security bump to latest 2.26 branch
Fixed issues are listed in the 2.26 branch NEWS file:

  CVE-2017-18269: An SSE2-based memmove implementation for the i386
  architecture could corrupt memory.  Reported by Max Horn.

  CVE-2018-11236: Very long pathname arguments to realpath function could
  result in an integer overflow and buffer overflow.  Reported by Alexey
  Izbyshev.

  CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
  architecture could write beyond the target buffer, resulting in a buffer
  overflow.  Reported by Andreas Schwab.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-29 17:48:46 +02:00
Thomas Petazzoni 474f86150f cifs-utils: unconditionally disable PIE
PIE support in Buildroot should be enabled via the global option
BR2_RELRO_FULL option, and not done on a per-package basis, therefore
PIE should unconditionally be disabled in the cifs-utils package.

This has the added side-effect that it works around a binutils bug on
SPARC causing the linker to segfault when PIE is enabled:

sparc-linux-gcc -Wall -Wextra -D_FORTIFY_SOURCE=2 -fpie -pie -Wl,-z,relro,-z,now -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -Os    -o mount.cifs mount.cifs.o mtab.o resolve_host.o util.o  -lcap-ng
collect2: fatal error: ld terminated with signal 6 [Aborted], core dumped

This issue will reappear when we start testing BR2_RELRO_FULL in the
autobuilders, but in the mean time it avoids the problem.

Fixes:

  http://autobuild.buildroot.net/results/a5342890f39bdccae1324e7d3dbe0eab1aad28e5/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 85f9d08934)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:20:10 +02:00
Thomas Petazzoni 9413d2ea2f lynx: add patch to fix static link issue
The lynx package incorrectly uses target LDFLAGS to build a host tool,
which causes a problem when we do a statically link build for the
target, on a host machine that doesn't support static linking.

A simple patch fixes the problematic makefile, and it has been
submitted upstream on the project mailing list.

Fixes:

  http://autobuild.buildroot.net/results/38ba2531eeeb4a7985eddd2df8bfaf0b56e6a687/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9113c0cbba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:19:49 +02:00
Baruch Siach 2cb41540ae wget: security bump to version 1.19.5
Fixes CVE-2018-0494: cookie injection vulnerability.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cc39457fb9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:14:55 +02:00
Baruch Siach edb27f38a0 wget: bump to version 1.19.4
Update license hash; s/http/https/ of in-text URLs.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 56057835f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:14:43 +02:00
Yann E. MORIN 587d5b58bf package/acl: fix install
Do not overwrite destination file if it exists.

Simliar to bug #10986.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: mzweerspenko+bugzilla@gmail.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c3e62d3984)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:13:58 +02:00
Yann E. MORIN 7bc0033d5e package/attr: fix install
Do not overwrite destination file if it exists.

Fixes: #10986

Reported-by: mzweerspenko+bugzilla@gmail.com
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: mzweerspenko+bugzilla@gmail.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 28d8f8dfd5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:12:42 +02:00
Petr Vorel 91bc7e042f toolchain/buildroot: fix default of C library choice
The BR2_TOOLCHAIN_UCLIBC symbol doesn't exist, it was meant to be
BR2_TOOLCHAIN_BUILDROOT_UCLIBC.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d0527483fa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:12:14 +02:00
Fabrice Fontaine d431200be3 cups-filters: fix avahi dependency
avahi support requires avahi-client, which needs avahi-daemon and dbus

Fixes:
 - http://autobuild.buildroot.net/results/5c326bb56199000eb0e53a4d0f3c6c13be71cda0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dad6f570af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:10:48 +02:00
Yann E. MORIN 3097ef7676 package/jamvm: restrict on what MIPS procs are allowed
jamvm uses deprecated opcodes to store/load words from the FPU
coprocessor registers, and in so doing, expects those registers
to be 32-bit.

Thus, restrict the conditions under which jamvm is available
under mips.

Fixes:
    http://autobuild.buildroot.org/results/f76/f76e10e4c1ce25b42fb2e5d2012adf2eaf1b2fe1/
    http://autobuild.buildroot.org/results/162/162d0e41dc9bc6d6f6594ccee0cb4217067fc71f/
    ...

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 67974fe6da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:08:15 +02:00
Yann E. MORIN a641902340 package/jamvm: move arch dependency to a symbol
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 04d185bfc7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:08:09 +02:00
Yann E. MORIN f24d5edea6 package/xen: force location of init scripts
The Xen configure scripts looks at the build host to decide where to
install the Sys-V startup scripts, and that location differs between
various distros.

Force the location.

Fixes:
    http://autobuild.buildroot.org/results/869/869829ab086e824d164c5c5ec7f087ed83993be6/
    http://autobuild.buildroot.org/results/336/3360e5a9e3d007b4ed77345b5fe93b2dacb6ad49/
    http://autobuild.buildroot.org/results/29e/29e308ce3cc9c83497ba1c1f98fcda3f48fd03c4/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 366e42c2cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:07:01 +02:00
Alistair Francis b4ca0eb92a package/xen: fix qemu-xen memfd build failure
Fix the QEMU memfd compile error:
tools/qemu-xen/util/memfd.c:40:12: error: static declaration of 'memfd_create' follows non-static declaration
 static int memfd_create(const char *name, unsigned int flags)
            ^~~~~~~~~~~~

that has been introduced since the Glibc 2.27 upgrade.

This just involves porting the upstream QEMU patch to the Xen QEMU tree.

This fixes:
http://autobuild.buildroot.net/results/ec7cda00e07b0c98a9a366244b67611e042e0d4b/

Signed-off-by: Alistair Francis <alistair@alistair23.me>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6d1060d261)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:06:54 +02:00
Fabrice Fontaine 6bbd02265d libcap: only install shared version
If BR2_SHARED_LIBS is set, only install shared version of library
(continue to build both libraries through all target as there is no
libcap.so target but only a libcap.so.$(VERSION).$(MINOR))

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7984f2d97b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:05:45 +02:00
Fabrice Fontaine 2e883027c0 libcap: add license hash
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2a05731aa5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:05:35 +02:00
Bernd Kuhls aca5fba3a5 package/apr-util: fix ldap detection
configure checks if ldap_set_rebind_proc takes 2 or 3 arguments
http://svn.apache.org/viewvc/apr/apr-util/tags/1.6.1/build/apu-conf.m4?revision=1812528&view=markup#l370

It uses the macro APR_TRY_COMPILE_NO_WARNING which adds -Werror to
treat all warnings as errors when gcc is used:
http://svn.apache.org/viewvc/apr/apr/tags/1.6.3/build/apr_common.m4?revision=1812527&view=markup#l504

In some buildroot configs a compiler warning occurs during this check:
http://autobuild.buildroot.net/results/241/241ed78b93ce86c859e175530fa485711ff61615//apr-util-1.6.1/config.log

/home/rclinux/rc-buildroot-test/scripts/instance-1/output/host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/features.h:218:5:
 error: #warning requested reentrant code, but thread support was disabled [-Werror=cpp]
cc1: all warnings being treated as errors

Due to this warning 'ac_cv_ldap_set_rebind_proc_style' is set to two
instead of three leading to a build error later on. This patch forces
ac_cv_ldap_set_rebind_proc_style=three to be inline with openldap which
fixes
http://autobuild.buildroot.net/results/241/241ed78b93ce86c859e175530fa485711ff61615/

This solution was inspired by a discussion on the fink mailinglist:
https://sourceforge.net/p/fink/mailman/message/31720482/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b4dfee63d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:04:47 +02:00
Bernd Kuhls fbee8477ab package/apr-util: add optional support for openldap
apr-util contains optional support for openldap:

$ ls -1 output/target/usr/lib/apr-util-1/apr_ldap*
output/target/usr/lib/apr-util-1/apr_ldap-1.so
output/target/usr/lib/apr-util-1/apr_ldap.la
output/target/usr/lib/apr-util-1/apr_ldap.so

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 134968c6c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:04:22 +02:00
Bernd Kuhls 55c2c6ceaa package/apr-util: add optional support for postgresql
apr-util contains optional support for postgresql:

$ ls -1 output/target/usr/lib/apr-util-1/apr_dbd_pg*
output/target/usr/lib/apr-util-1/apr_dbd_pgsql-1.so
output/target/usr/lib/apr-util-1/apr_dbd_pgsql.la
output/target/usr/lib/apr-util-1/apr_dbd_pgsql.so

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1ec1479fbe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:04:10 +02:00
Fabio Estevam 72e02c9f28 linux-headers: bump 4.{9, 14, 16}.x series
[Peter: drop 4.16.x change]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit aeb55c2b36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 16:01:10 +02:00
Joseph Kogut 209aa82aa7 python-websockets: backport fix for upstream issue #350
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 439e2add6c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 15:58:45 +02:00
Yann E. MORIN 9e5c7cbde0 docs/manual: using a branch name as FOO_VERSION does not work
For various reasons, we've always suggested users to avoid using a
branch as version string for their packages, because it does not work
as a they would expect:

  - it is not reproducible, because the branch may change between two
    builds that are done at different times;

  - it does not even follow the branch, as Buildroot anyway generates
    a local tarball, which it will reuse on subsequent builds.
    Furthermore, since we fetch and not pull, any existing local branch
    is not updated.

Yet, until recently, using a branch name would just work (with the
above limitations): the git tree was cloned, the branch checked out,
and the tarball created.

But with the advent of the git caching, using a branch name does not
work anymore. Indeed, we now do a git-fetch, and that does not create
a local master branch. So we can't check out master, because it does
not exist locally. And for other branches, as noticed above, the local
branch does not get udpated to the remote one.

Furthermore, the local branches are only created by chance, again as a
side-effect of trying to fetch the "special refs".

So, we can't say that we reliably support the use of a branch name.

Update the manual to state that using a branch does not work. Remove
the 'stable' example, as it looked like the name of a stable branch;
instead, replace it with a version string that ressemble a tag.

Fix the layout of the manual by making the version examples an actual
bulleted list.

Note: the above is only entirely true for git. For Mercurial, CVS and
subversion, the status may be mixed, but nonetheless, using branches is
still a bad idea, if at least because it is not reproducible, and
because Buildroot does not even follow the branch. So, we do not
differentiate between the various SCMs, and just flatly state that using
a branch name is not supported.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 970cb26ec2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 15:49:25 +02:00
Yann E. MORIN 312d6d0cf5 support/dependencies: check that PATH does not contain CWD
A person on IRC reported a build failure with the util-linux package,
looking like this:

for I in uname26 linux32 linux64        ; do \
	cd /home/aep/consulting/chargery/tracker/output/target/usr/bin && ln -sf setarch $I ; \
done
[...]
/bin/sh: line 1: ./ln: cannot execute binary file: Exec format error
/bin/sh: line 1: ./ln: cannot execute binary file: Exec format error
/bin/sh: line 1: ./ln: cannot execute binary file: Exec format error

The issue was an empty path in the PATH variable, which means "current
working directory", causing a "ln" binary built by util-linux for the
target to be used instead of the system-provided "ln".

We already check a number of things in the PATH and LD_LIBRARY_PATH
variables in support/dependencies/dependencies.sh, but we were not
checking that PATH did not contain an empty path.

This commit fixes that and takes this opportunity to simplify the test
code for PATH and LD_LIBRARY_PATH.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: improve commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit 72703d02b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 15:48:08 +02:00
Peter Korsgaard c4d86707cd util-linux: add two upstream patches to fix blocking on getrandom() with recent kernels
As part of the fix for CVE-2018-1108 (kernel drivers before version 4.17-rc1
are vulnerable to a weakness in the Linux kernel's implementation of random
seed data.  Programs, early in the boot sequence, could use the data
allocated for the seed before it was sufficiently generated), the kernel
random number generator initialization routine was changed.  See the
project-zero writeup for more details:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1559

These changes have now also been backported to 4.14.x (since 4.14.39) and
4.16.x (since 4.16.7).

This change unfortunately causes users of libuuid from util-linux to block
for a very long time waiting for sufficient entropy.  An example of this is
mke2fs, which uses libuuid to generate the filesystem UUID.

Fix this by backporting two post-2.31 fixes from upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 09:48:18 +02:00
Peter Korsgaard a43f5f1939 busybox: S10mdev: fix module autoloading
Commit b4fc5a180c (package/busybox: support spaces in module aliases in
mdev) changed the mdev coldplugging to handle sysfs path elements and
modalias values containing spaces.  This unfortunately doesn't work as was
recently reported:

http://lists.busybox.net/pipermail/buildroot/2018-May/220903.html

The problem is that sort -z also expects the fields of the input files to be
zero terminated, which is not the case for modalias sysfs entries.

So drop the -z option to sort.  Spaces in modalias entries could be handled
with the xargs -d '\n' option, but that is unfortunately not supported by
the busybox applet.  Instead, use tr to convert newlines to zeros so we can
use xargs -0.

Reported-by: Daniel Palmer <daniel@0x0f.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 61717b7b3e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:59:29 +02:00
Thomas Petazzoni 32cd792bde binutils: replace hard-links with soft-links to fix rpath
binutils installs its binaries both as bin/<tuple>-<tool> and as
<tuple>/bin/<tool>, and hardlinks are used to reduce disk space
consumption. This causes a problem for host-binutils with our rpath
fixing logic done by "make sdk".

Indeed, the fix-rpath script starts by fixing up the rpath of
bin/<tuple>-<tool>, and sets the RPATH to $ORIGIN/../lib/. Then
fix-rpath moves on to <tuple>/bin/<tool>, and doesn't find the library
the tool depends on, and clears the RPATH. The result is that the
binutils tool are not usable.

Note that this is only visible currently on the ARC architecture,
because on this architecture, binutils is fetched from git, which
causes host-flex to be built, and some binutils tools to use the libfl
shared library. Therefore, the binutils tools don't use just the
standard C library (which is provided by the system) but also libfl
from $(HOST_DIR)/lib, and therefore if the RPATH isn't set correctly,
those tools don't work properly.

In order to address this, this comit adds a post-install hook to
host-binutils that replaces those hard links by symbolic links. It is
worth mentioning that library loading and RPATH usage occurs *after*
resolving the symbolic links, which makes this solution work.

Fixes:

  http://autobuild.buildroot.net/results/b2562b05d397d4e1ffe0f8d2f4ce4c84ab6feae1/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f9cffb6af4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:55:24 +02:00
Peter Korsgaard 787d8dbf3d .gitlab-ci.yml: update after removal of freescale defconfigs
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e607881f20)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:53:20 +02:00
Peter Korsgaard 7c4518d9f3 linux: ensure correct make targets are used for cuImage/simpleImage.<dtb>
Fixes https://gitlab.com/buildroot.org/buildroot/-/jobs/66561794

LINUX_DTS_NAME may end up with a leading space because of the += logic, and
may contain multiple dts files - Neither of which works when we construct
the {cu,simple}Image.$(LINUX_DTS_NAME) make target name.

Fix it by using the first word in the variable.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 978a997c81)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:52:51 +02:00
Yann E. MORIN aee70cc1ab package/patch: fix xattr option
The name of the configure option is, and has always been,
 --enable-xattr, not --enable-attr. Otherwise, configure
whines:
    configure: WARNING: unrecognized options: --enable-attr

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 990fff065c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:45:53 +02:00
Fabrice Fontaine 3390368717 log4cplus: fix license
Some files of log4cplus are licensed under BSD-2-Clause as stated in
LICENSE file: "Each file of log4cplus source is licensed using either
two clause BSD license or Apache license 2.0."

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6f5a29e502)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:44:28 +02:00
Baruch Siach a4d489e362 ebtables: drop obsolete comment
Commit 30c4b5843f (ebtables: enable for musl) enabled musl build, but
forgot to remove the comment text. Fix that.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca2a6f04ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:43:42 +02:00
Fabio Estevam bd88f5e9bd configs/freescale_imx6ulevk: Remove target
Currently this target fails to build:

./scripts/dtc-version.sh: line 17: dtc: command not found
./scripts/dtc-version.sh: line 18: dtc: command not found
*** Your dtc is too old, please upgrade to dtc 1.4 or newer

Even though the fix for this build failure is easy, I prefer to
maintain only imx6ulevk_defconfig, which is a target for the
same board, but uses mainline kernel and U-Boot versions instead.

Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/66561695
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f24f0ca777)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:42:29 +02:00
Fabio Estevam 285f310bad configs/freescale_imx31_3stack: Remove target
Currently this target fails to build:

arch/arm/mach-imx/built-in.o: In function `init_mmdc_lpddr2_settings':
platform-spi_imx.c:(.text+0x8f18): undefined reference to `imx6sll_lpddr2_freq_change'
arch/arm/mach-imx/built-in.o: In function `imx6ul_cpuidle_init':
platform-spi_imx.c:(.init.text+0x195c): undefined reference to `mx6ull_lpm_wfi_end'
platform-spi_imx.c:(.init.text+0x1960): undefined reference to `mx6ull_lpm_wfi_start'
platform-spi_imx.c:(.init.text+0x1964): undefined reference to `imx6ull_low_power_idle'
arch/arm/mach-imx/built-in.o: In function `imx6sl_init_late':
platform-spi_imx.c:(.init.text+0x56f0): undefined reference to `imx6sll_cpuidle_init'
Makefile:969: recipe for target 'vmlinux' failed

NXP 4.9 kernel does not properly support mx31, so better remove this target.

mx31_3stack board is currently supported in U-Boot and kernel mainline,
so if someone is interested on this board, then a target can be introduced
later which uses these mainline components.

Currently I do not have access to this board, so remove it its defconfig
for now.

Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/66561688
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ed947dce16)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:41:52 +02:00
Fabio Estevam 6826097bc2 configs/freescale_imx6sololiteevk: Remove target
Currently this target fails to build:

Error: No BOOT_FROM tag in board/freescale/mx6slevk/imximage.cfg.cfgtmp
arch/arm/imx-common/Makefile:91: recipe for target 'u-boot-dtb.imx' failed

This problem has been already solved in upstream U-Boot, but not
on NXP version of U-Boot.

To avoid the maintainance burden of keeping two defconfigs for the
same board, remove freescale_imx6sololiteevk_defconfig in favor
of imx6slevk_defconfig, which uses U-Boot and kernel mainline.

Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/66561693
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c41576cad1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:41:13 +02:00
Carlos Santos a54f8136dc nasm: Fix compilation with GCC 8
host-nasm fails to compile with GCC 8:

In file included from ./include/nasm.h:46,
                 from asm/nasm.c:47:
./include/nasmlib.h:194:1: error: ‘pure’ attribute on function returning ‘void’ [-Werror=attributes]
 void pure_func seg_init(void);
 ^~~~

Pull a patch from upstream that removes the stale declaration of
seg_init, which was eliminated a long time ago.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3aa64a0e82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:39:49 +02:00
Bernd Kuhls 13d94d0143 package/nasm: bump version to 2.13.03
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ee8d397a25)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:39:43 +02:00
Danomi Manchego 89e6fac809 gst1-plugins-bad: fix typo preventing use of the netsim plugin
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 384c1559c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:23:24 +02:00
Danomi Manchego fb77c5bb75 gst1-plugins-bad: update plugin licenses
Update several of the licenses annotated in the gst1-plugins-bad.mk file.

1. Specify GPL-2.0 in license info.
* All of the *.[ch] that specify GPL also specify version 2 or later.

2. Remove GPL from audiovisualizers.
* Changlog notes move from GPL to LGPL. (2015-04-25)
* docs/plugins/inspect/plugin-audiovisualizers.xml claims "LGPL".
* All *.[ch] files under ./gst/audiovisualizers say "GNU Library General Public License".

3. Add GPL to yadif.
* Changelog notes that yadif is "GPL". (2013-02-07)
* docs/plugins/inspect/plugin-yadif.xml claims "GPL".
* All *.[ch] files under ./gst/yadif say "GNU General Public License" except for one "GNU Library General Public License".

4. Remove UNKNOWN from fdk_aac.
* docs/plugins/inspect/plugin-fdkaac.xml claims "LGPL".
* All *.[ch] files under ./ext/fdkaac say "GNU Lesser" or "GNU Library General Public License".

5. Add BSD-2c to dtls.
* docs/plugins/inspect/plugin-dtls.xml claims "BSD".
* All *.[ch] files under ./gst/dtls have BSD-2c text.

6. Add BSD-2c to openh264.
* Changelog notes that openh264 is "BSD-2". (2014-10-03)
* docs/plugins/inspect/plugin-openh264.xml claims "BSD".
* All *.[ch] files under ./ext/openh264 have BSD-2c text.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 34f256a9da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:22:22 +02:00
Danomi Manchego 9034521cf7 gst1-plugins-bad: rework license type construction
Use "GST1_PLUGINS_BAD_LICENSE := $(GST1_PLUGINS_BAD_LICENSE), xxxx" construct
so that the list of licenses is presented as a comma-separated list.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 782deb7a4d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:22:13 +02:00
Danomi Manchego a7cecb9247 gst1-plugins-bad: conditionally add gpl license
Currently, GST1_PLUGINS_BAD_LICENSE_FILES starts out set to
both the GPL COPYING file and the LGPL COPYING.LIB file, but
the GST1_PLUGINS_BAD_LICENSE handling only claims LGPL, and
then intelligently adds GPL if needed.  This change moves the
GPL file addition to the same conditional clause so that the
GPL file is included in the legal-info location only if GPL
code is actually used.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2bbb6b8001)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-24 22:21:50 +02:00
Ricardo Martincoski 2502d4f393 .gitlab-ci.yml: use image with flake8
Bump the docker image to the latest tag to have flake8 pre-installed.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 12b08c2be6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-06 21:21:23 +02:00
143 changed files with 1646 additions and 7157 deletions
+1 -4
View File
@@ -4,7 +4,7 @@
# It needs to be regenerated every time a defconfig is added, using
# "make .gitlab-ci.yml".
image: buildroot/base:20180205.0730
image: buildroot/base:20180318.1724
.defconfig_script: &defconfig_script
- echo 'Configure Buildroot'
@@ -110,14 +110,11 @@ engicam_imx6qdl_icore_rqs_defconfig: *defconfig
engicam_imx6ul_geam_defconfig: *defconfig
engicam_imx6ul_isiot_defconfig: *defconfig
freescale_imx28evk_defconfig: *defconfig
freescale_imx31_3stack_defconfig: *defconfig
freescale_imx6dlsabreauto_defconfig: *defconfig
freescale_imx6dlsabresd_defconfig: *defconfig
freescale_imx6qsabreauto_defconfig: *defconfig
freescale_imx6qsabresd_defconfig: *defconfig
freescale_imx6sololiteevk_defconfig: *defconfig
freescale_imx6sxsabresd_defconfig: *defconfig
freescale_imx6ulevk_defconfig: *defconfig
freescale_imx7dsabresd_defconfig: *defconfig
friendlyarm_nanopi_a64_defconfig: *defconfig
friendlyarm_nanopi_neo2_defconfig: *defconfig
+1 -1
View File
@@ -4,7 +4,7 @@
# It needs to be regenerated every time a defconfig is added, using
# "make .gitlab-ci.yml".
image: buildroot/base:20180205.0730
image: buildroot/base:20180318.1724
.defconfig_script: &defconfig_script
- echo 'Configure Buildroot'
+54
View File
@@ -1,3 +1,57 @@
2018.02.3, Released June 18th, 2018
Important / security related fixes.
Various fixes for building on modern distributions (GCC 8.x,
no rpcgen utility).
ARM: Default to binutils 2.28 and warn about newer binutils
versions, which are known to cause boot failures for Linux
kernels built in thumb mode.
Busybox/mdev: Fix module autoloading.
Busybox/sysvinit: inittab: Add /dev/{stdin,stdout,stderr}
symlinks, call swapon -a to activate any configured swap
devices.
Dependencies: Check that PATH does not contain current working
directory, which triggers a number of build failures.
Infrastructure: Error out for packages erroneously using the
'local' site method but not defining a _SITE.
Linux: Fix cuImage.<dtb> / simpleImage.<dtb> handling. Ensure
kconfig uses ncurses from the host to fix a ncurses/ncursesw
mixup, causing menuconfig display corruption.
Toolchain: Workarounds for fix-rpath issues with binutils and
elf2flt.
Util-linux: Fix blocking on getrandom() issue with recent
kernels.
Remove broken freescale_imx31_3stack,
freescale_imx6sololiteevk and freescale_imx6ulevk defconfigs.
Updated/fixed packages: apr-util, asterisk, attr, audit,
autofs, binutils, busybox, cifs-utils, cups-filters, dash,
ebtables, exim, expect, f2fs-tools, faketime, file, gdb, git,
glibc, gnupg, gnupg2, gst1-plugins-bad, imagemagick, jamvm,
jpeg-turbo, libcap, libcoap, libcurl, libgcrypt, libjpeg,
libnss, libressl, libtirpc, libvncserver, libvorbis, libxslt,
log4cplus, lrzsz, ltrace, lynx, mariadb, mbedtls, mpg123,
nasm, netplug, network-manager, nfs-utils, nodejs,
openvmtools, patch, perl, php-amqp, poppler, procps-ng,
python, python-websockets, quota, redis, samba4, sysvinit,
transmission, triggerhappy, util-linux, wavpack, wget,
wireshark, xen, zmqpp
Issues resolved (http://bugs.uclibc.org):
#10986: Installing package attr when already supplied by busybox..
#11031: ld-elf2flt: host/bin/ld.real': execvp: No such file or..
2018.02.2, Released May 4th, 2018
Important / security related fixes.
+11
View File
@@ -145,6 +145,17 @@ endif
###############################################################################
comment "Legacy options removed in 2018.02"
config BR2_PACKAGE_TRANSMISSION_REMOTE
bool "transmission remote tool option removed"
select BR2_LEGACY
select BR2_PACKAGE_TRANSMISSION_DAEMON
help
Upstream does not provide a separate configure option for
the tool transmission-remote, it is built when the
transmission daemon has been enabled. Therefore, Buildroot
has automatically enabled BR2_PACKAGE_TRANSMISSION_DAEMON
for you.
config BR2_KERNEL_HEADERS_3_4
bool "kernel headers version 3.4.x are no longer supported"
select BR2_KERNEL_HEADERS_4_1
+1 -1
View File
@@ -1959,7 +1959,7 @@ F: package/x11r7/xapp_xinput-calibrator/
F: package/zlog/
F: utils/scanpypi
N: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
N: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
F: package/crudini/
F: package/grantlee/
F: package/proj/
+2 -2
View File
@@ -87,9 +87,9 @@ all:
.PHONY: all
# Set and export the version string
export BR2_VERSION := 2018.02.2
export BR2_VERSION := 2018.02.3
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1525450000
BR2_VERSION_EPOCH = 1529344000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -1 +0,0 @@
# CONFIG_FB_MXS is not set
-92
View File
@@ -1,92 +0,0 @@
**************************************
Freescale i.MX31 PDK development board
**************************************
This file documents the Buildroot support for the Freescale i.MX31 PDK in "3
stack" configuration.
The i.MX31 Product Development Kit (or PDK) is Freescale development board [1]
based on the i.MX31 application processor [2].
For more details on the i.MX31 PDK board, refer to the User's Guide [3].
Build
=====
First, configure Buildroot for your i.MX31 PDK board:
make freescale_imx31_3stack_defconfig
Build all components:
make
You will find in ./output/images/ the following files:
- rootfs.cpio
- rootfs.cpio.gz
- rootfs.tar
- zImage
The generated zImage does include the rootfs.
Boot the PDK board
==================
The i.MX31 PDK contains a RedBoot bootloader in flash, which can be used to
boot the newly created Buildroot images from the network.
This necessitates to setup a TFTP server first. This setup is explained for
example in Freescale i.MX31 PDK 1.5 Linux User's Guide [4].
Here is a sample RedBoot configuration, for proper network boot of Buildroot on
the i.MX31 PDK:
RedBoot> fconfig -l
Run script at boot: true
Boot script:
.. load -r -b 0x100000 zImage
.. exec -c "console=ttymxc0,115200"
Boot script timeout (1000ms resolution): 2
Use BOOTP for network configuration: false
Gateway IP address: <your gateway IP address>
Local IP address: <your PDK IP address>
Local IP address mask: 255.255.255.0
Default server IP address: <your TFTP server IP address>
Board specifics: 0
Console baud rate: 115200
Set eth0 network hardware address [MAC]: false
GDB connection port: 9000
Force console for special debug messages: false
Network debug at boot time: false
Adapt those settings to your network configuration by replacing the appropriate
network addresses where necessary.
You might want to verify that your i.MX31 PDK switches settings are the correct
ones for UART, power, boot mode, etc. Here is a reference switches
configuration:
SW4
1 2 3 4 5 6 7 8
ON off off off off off off ON
SW5 SW6 SW7 SW8 SW9 SW10
0 1 0 0 0 0
See the i.MX31 PDK Linux Quick Start Guide [5] for more details on the switches
settings.
Connect a serial terminal set to 115200n8 and power on the i.MX31 PDK board.
Buildroot will present a login prompt on the serial port.
Enjoy!
References
==========
[1] http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=i.MX31PDK
[2] http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=i.MX31
[3] http://cache.freescale.com/files/32bit/doc/user_guide/pdk15_imx31_Hardware_UG.pdf
[4] http://cache.freescale.com/files/32bit/doc/support_info/IMX31_PDK15_LINUXDOCS_BUNDLE.zip, pdk15_imx31__Linux_UG.pdf
[5] http://www.freescale.com/files/32bit/doc/quick_ref_guide/PDK14LINUXQUICKSTART.pdf
+10 -6
View File
@@ -14,12 +14,16 @@
# process == program to run
# Startup the system
null::sysinit:/bin/mount -t proc proc /proc
null::sysinit:/bin/mount -o remount,rw /
null::sysinit:/bin/mkdir -p /dev/pts
null::sysinit:/bin/mkdir -p /dev/shm
null::sysinit:/bin/mount -a
null::sysinit:/bin/hostname -F /etc/hostname
::sysinit:/bin/mount -t proc proc /proc
::sysinit:/bin/mount -o remount,rw /
::sysinit:/bin/mkdir -p /dev/pts /dev/shm
::sysinit:/bin/mount -a
::sysinit:/sbin/swapon -a
null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd
null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin
null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout
null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr
::sysinit:/bin/hostname -F /etc/hostname
# now run any rc scripts
::sysinit:/etc/init.d/rcS
-20
View File
@@ -1,20 +0,0 @@
# architecture
BR2_arm=y
BR2_arm1136jf_s=y
BR2_ARM_EABIHF=y
# Linux headers same as kernel, a 4.9 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_9=y
# system
BR2_TARGET_GENERIC_GETTY_PORT="ttymxc0"
# kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_GIT=y
BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://source.codeaurora.org/external/imx/linux-imx.git"
BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="rel_imx_4.9.x_1.0.0_ga"
BR2_LINUX_KERNEL_DEFCONFIG="imx_v6_v7"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/freescale/imx31_3stack/linux.fragment"
BR2_TARGET_ROOTFS_CPIO_GZIP=y
BR2_TARGET_ROOTFS_INITRAMFS=y
@@ -1,39 +0,0 @@
# architecture
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_NEON=y
BR2_ARM_ENABLE_VFP=y
BR2_ARM_FPU_VFPV3=y
# Linux headers same as kernel, a 4.9 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_9=y
# system
BR2_TARGET_GENERIC_GETTY_PORT="ttymxc0"
# kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_GIT=y
BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://source.codeaurora.org/external/imx/linux-imx.git"
BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="rel_imx_4.9.x_1.0.0_ga"
BR2_LINUX_KERNEL_DEFCONFIG="imx_v7"
BR2_LINUX_KERNEL_DTS_SUPPORT=y
BR2_LINUX_KERNEL_INTREE_DTS_NAME="imx6sl-evk"
# filesystem
BR2_ROOTFS_POST_IMAGE_SCRIPT="board/freescale/common/imx/post-image.sh"
BR2_TARGET_ROOTFS_EXT2=y
# required tools to create the microSD image
BR2_PACKAGE_HOST_DOSFSTOOLS=y
BR2_PACKAGE_HOST_GENIMAGE=y
BR2_PACKAGE_HOST_MTOOLS=y
# bootloader
BR2_TARGET_UBOOT=y
BR2_TARGET_UBOOT_BOARDNAME="mx6slevk"
BR2_TARGET_UBOOT_FORMAT_IMX=y
BR2_TARGET_UBOOT_CUSTOM_GIT=y
BR2_TARGET_UBOOT_CUSTOM_REPO_URL="https://source.codeaurora.org/external/imx/uboot-imx.git"
BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION="rel_imx_4.9.x_1.0.0_ga"
BR2_TARGET_UBOOT_NEEDS_DTC=y
-36
View File
@@ -1,36 +0,0 @@
# architecture
BR2_arm=y
BR2_cortex_a7=y
# Linux headers same as kernel, a 4.9 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_9=y
# system
BR2_TARGET_GENERIC_GETTY_PORT="ttymxc0"
# kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_GIT=y
BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://source.codeaurora.org/external/imx/linux-imx.git"
BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="rel_imx_4.9.x_1.0.0_ga"
BR2_LINUX_KERNEL_DEFCONFIG="imx_v7"
BR2_LINUX_KERNEL_DTS_SUPPORT=y
BR2_LINUX_KERNEL_INTREE_DTS_NAME="imx6ul-14x14-evk"
# bootloader
BR2_TARGET_UBOOT=y
BR2_TARGET_UBOOT_BOARDNAME="mx6ul_14x14_evk"
BR2_TARGET_UBOOT_CUSTOM_GIT=y
BR2_TARGET_UBOOT_CUSTOM_REPO_URL="https://source.codeaurora.org/external/imx/uboot-imx.git"
BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION="rel_imx_4.9.x_1.0.0_ga"
BR2_TARGET_UBOOT_FORMAT_IMX=y
# required tools to create the microSD image
BR2_PACKAGE_HOST_DOSFSTOOLS=y
BR2_PACKAGE_HOST_GENIMAGE=y
BR2_PACKAGE_HOST_MTOOLS=y
# filesystem / image
BR2_ROOTFS_POST_IMAGE_SCRIPT="board/freescale/common/imx/post-image.sh"
BR2_TARGET_ROOTFS_EXT2=y
BR2_TARGET_ROOTFS_EXT2_4=y
+6 -6
View File
@@ -197,12 +197,12 @@ information is (assuming the package name is +libfoo+) :
* +LIBFOO_VERSION+, mandatory, must contain the version of the
package. Note that if +HOST_LIBFOO_VERSION+ doesn't exist, it is
assumed to be the same as +LIBFOO_VERSION+. It can also be a
revision number, branch or tag for packages that are fetched
directly from their revision control system. +
Examples: +
+LIBFOO_VERSION = 0.1.2+ +
+LIBFOO_VERSION = cb9d6aa9429e838f0e54faa3d455bcbab5eef057+ +
+LIBFOO_VERSION = stable+
revision number or a tag for packages that are fetched directly
from their version control system. Do not use a branch name as
version; it does not work. Examples:
** a version for a release tarball: +LIBFOO_VERSION = 0.1.2+
** a sha1 for a git tree: +LIBFOO_VERSION = cb9d6aa9429e838f0e54faa3d455bcbab5eef057+
** a tag for a git tree +LIBFOO_VERSION = v0.1.2+
* +LIBFOO_SOURCE+ may contain the name of the tarball of the package,
which Buildroot will use to download the tarball from
+1 -1
View File
@@ -46,7 +46,7 @@ built.
Most of these data can be retrieved from https://metacpan.org/.
So, this file and the Config.in can be generated by running
the script +supports/scripts/scancpan Foo-Bar+ in the Buildroot directory
the script +utils/scancpan Foo-Bar+ in the Buildroot directory
(or in a br2-external tree).
This script creates a Config.in file and foo-bar.mk file for the
requested package, and also recursively for all dependencies specified by
+2 -2
View File
@@ -9,8 +9,8 @@ Buildroot {sys:echo $\{BR2_VERSION%%-git*\}} manual generated on {localdate}
The Buildroot manual is written by the Buildroot developers.
It is licensed under the GNU General Public License, version 2. Refer to the
http://git.buildroot.org/buildroot/tree/COPYING[COPYING] file in the Buildroot
sources for the full text of this license.
http://git.buildroot.org/buildroot/tree/COPYING?id={sys:git rev-parse HEAD}[COPYING]
file in the Buildroot sources for the full text of this license.
Copyright (C) 2004-2018 The Buildroot developers
+6 -2
View File
@@ -8,6 +8,10 @@ config BR2_LINUX_KERNEL
if BR2_LINUX_KERNEL
comment "Linux kernel in thumb mode may be broken with binutils >= 2.29"
depends on BR2_arm || BR2_armeb
depends on !BR2_BINUTILS_VERSION_2_28_X
# Packages that need to have a kernel with support for loadable modules,
# but do not use the kernel-modules infrastructure, should select that
# option.
@@ -29,7 +33,7 @@ config BR2_LINUX_KERNEL_LATEST_VERSION
bool "Latest version (4.15)"
config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
bool "Latest CIP SLTS version (v4.4.112-cip18)"
bool "Latest CIP SLTS version (v4.4.130-cip23)"
help
CIP launched in the spring of 2016 to address the needs of
organizations in industries such as power generation and
@@ -117,7 +121,7 @@ endif
config BR2_LINUX_KERNEL_VERSION
string
default "4.15.16" if BR2_LINUX_KERNEL_LATEST_VERSION
default "v4.4.112-cip18" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
default "v4.4.130-cip23" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
if BR2_LINUX_KERNEL_CUSTOM_VERSION
default "custom" if BR2_LINUX_KERNEL_CUSTOM_TARBALL
+10 -3
View File
@@ -155,9 +155,9 @@ LINUX_IMAGE_NAME = zImage.epapr
else ifeq ($(BR2_LINUX_KERNEL_APPENDED_ZIMAGE),y)
LINUX_IMAGE_NAME = zImage
else ifeq ($(BR2_LINUX_KERNEL_CUIMAGE),y)
LINUX_IMAGE_NAME = cuImage.$(KERNEL_DTS_NAME)
LINUX_IMAGE_NAME = cuImage.$(firstword $(KERNEL_DTS_NAME))
else ifeq ($(BR2_LINUX_KERNEL_SIMPLEIMAGE),y)
LINUX_IMAGE_NAME = simpleImage.$(KERNEL_DTS_NAME)
LINUX_IMAGE_NAME = simpleImage.$(firstword $(KERNEL_DTS_NAME))
else ifeq ($(BR2_LINUX_KERNEL_IMAGE),y)
LINUX_IMAGE_NAME = Image
else ifeq ($(BR2_LINUX_KERNEL_LINUX_BIN),y)
@@ -235,7 +235,14 @@ LINUX_KCONFIG_FILE = $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE))
endif
LINUX_KCONFIG_FRAGMENT_FILES = $(call qstrip,$(BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES))
LINUX_KCONFIG_EDITORS = menuconfig xconfig gconfig nconfig
LINUX_KCONFIG_OPTS = $(LINUX_MAKE_FLAGS)
# LINUX_MAKE_FLAGS overrides HOSTCC to allow the kernel build to find our
# host-openssl and host-libelf. However, this triggers a bug in the kconfig
# build script that causes it to build with /usr/include/ncurses.h (which is
# typically wchar) but link with $(HOST_DIR)/lib/libncurses.so (which is not).
# We don't actually need any host-package for kconfig, so remove the HOSTCC
# override again.
LINUX_KCONFIG_OPTS = $(LINUX_MAKE_FLAGS) HOSTCC="$(HOSTCC)"
# If no package has yet set it, set it from the Kconfig option
LINUX_NEEDS_MODULES ?= $(BR2_LINUX_NEEDS_MODULES)
@@ -0,0 +1,67 @@
From d3bd7b29b79147b4155e78a8ea06ded98b91f92a Mon Sep 17 00:00:00 2001
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
Date: Tue, 8 May 2018 15:23:57 +0200
Subject: [PATCH] all: use install(1) to install executables
When the destination file already exists, the current install script
will overwrite it with the new executable.
However, when the existing executable is a symlink or hardlink to
something else, like busybox, this effectively overwrites that something
with the new executable, and thus replaces busybox and all its applets
with the code for either of the three commands.
We fix that by simply calling install(1). install(1) is sufficiently
widespread that we don't bother checking for it, as tis is just a
workaround while waiting for the version bump that will eventually fix
it for good.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
chacl/Makefile | 4 ++--
getfacl/Makefile | 4 ++--
setfacl/Makefile | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/chacl/Makefile b/chacl/Makefile
index 33858d6..c857329 100644
--- a/chacl/Makefile
+++ b/chacl/Makefile
@@ -30,6 +30,6 @@ default: $(LTCOMMAND)
include $(BUILDRULES)
install: default
- $(INSTALL) -m 755 -d $(PKG_BIN_DIR)
- $(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)
+ install -D -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)/$(LTCOMMAND)
+
install-dev install-lib:
diff --git a/getfacl/Makefile b/getfacl/Makefile
index 7fbafda..8ac63e0 100644
--- a/getfacl/Makefile
+++ b/getfacl/Makefile
@@ -31,6 +31,6 @@ default: $(LTCOMMAND)
include $(BUILDRULES)
install: default
- $(INSTALL) -m 755 -d $(PKG_BIN_DIR)
- $(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)
+ install -D -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)/$(LTCOMMAND)
+
install-dev install-lib:
diff --git a/setfacl/Makefile b/setfacl/Makefile
index c44e7c0..eea2ede 100644
--- a/setfacl/Makefile
+++ b/setfacl/Makefile
@@ -31,6 +31,6 @@ default: $(LTCOMMAND)
include $(BUILDRULES)
install: default
- $(INSTALL) -m 755 -d $(PKG_BIN_DIR)
- $(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)
+ install -D -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)/$(LTCOMMAND)
+
install-dev install-lib:
--
2.14.1
+18
View File
@@ -47,6 +47,17 @@ else
APR_UTIL_CONF_OPTS += --without-sqlite3
endif
ifeq ($(BR2_PACKAGE_OPENLDAP),y)
APR_UTIL_CONF_ENV += ac_cv_ldap_set_rebind_proc_style=three
APR_UTIL_CONF_OPTS += \
--with-ldap \
--with-ldap-include="$(STAGING_DIR)/usr/include/" \
--with-ldap-lib="$(STAGING_DIR)/usr/lib"
APR_UTIL_DEPENDENCIES += openldap
else
APR_UTIL_CONF_OPTS += --without-ldap
endif
ifeq ($(BR2_PACKAGE_OPENSSL),y)
APR_UTIL_CONF_OPTS += --with-crypto --with-openssl="$(STAGING_DIR)/usr"
APR_UTIL_DEPENDENCIES += openssl
@@ -54,6 +65,13 @@ else
APR_UTIL_CONF_OPTS += --without-crypto
endif
ifeq ($(BR2_PACKAGE_POSTGRESQL),y)
APR_UTIL_CONF_OPTS += --with-pgsql="$(STAGING_DIR)/usr"
APR_UTIL_DEPENDENCIES += postgresql
else
APR_UTIL_CONF_OPTS += --without-pgsql
endif
ifeq ($(BR2_PACKAGE_UNIXODBC),y)
APR_UTIL_CONF_OPTS += --with-odbc="$(STAGING_DIR)/usr"
# avoid using target binary $(STAGING_DIR)/usr/bin/odbc_config
@@ -0,0 +1,57 @@
From 999e0c17d7e4139d36730752a34fbfde18a4f9f1 Mon Sep 17 00:00:00 2001
From: Corey Farrell <git@cfware.com>
Date: Sun, 19 Nov 2017 14:52:59 -0500
Subject: [PATCH] Build: Fix issues building without SSL.
* Fix conditional in libasteriskssl.
* Use variables produced by configure to link the SSL and uuid libraries
into libasteriskpj.so instead of hard-coding them.
ASTERISK-27431
Change-Id: I3977931fd3ef8c4e4376349ccddb354eb839b58d
Downloaded from upstream master branch
https://github.com/asterisk/asterisk/commit/999e0c17d7e4139d36730752a34fbfde18a4f9f1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
main/Makefile | 4 ++--
main/libasteriskssl.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/main/Makefile b/main/Makefile
index 08d1f65580e..c724e2012b0 100644
--- a/main/Makefile
+++ b/main/Makefile
@@ -273,7 +273,7 @@ endif
$(ASTPJ_LIB).$(ASTPJ_SO_VERSION): _ASTLDFLAGS+=-Wl,-soname=$(ASTPJ_LIB).$(ASTPJ_SO_VERSION) $(PJ_LDFLAGS)
$(ASTPJ_LIB).$(ASTPJ_SO_VERSION): _ASTCFLAGS+=-fPIC -DAST_MODULE=\"asteriskpj\" -DAST_NOT_MODULE $(PJ_CFLAGS)
-$(ASTPJ_LIB).$(ASTPJ_SO_VERSION): LIBS+=$(PJPROJECT_LDLIBS) -lssl -lcrypto -luuid -lm -lpthread $(RT_LIB)
+$(ASTPJ_LIB).$(ASTPJ_SO_VERSION): LIBS+=$(PJPROJECT_LDLIBS) $(OPENSSL_LIB) $(UUID_LIB) -lm -lpthread $(RT_LIB)
ifeq ($(GNU_LD),1)
$(ASTPJ_LIB).$(ASTPJ_SO_VERSION): SO_SUPPRESS_SYMBOLS=-Wl,--version-script,libasteriskpj.exports,--warn-common
endif
@@ -298,7 +298,7 @@ ASTPJ_LIB:=libasteriskpj.dylib
# /lib or /usr/lib
$(ASTPJ_LIB): _ASTLDFLAGS+=-dynamiclib -install_name $(ASTLIBDIR)/$(ASTPJ_LIB) $(PJ_LDFLAGS)
$(ASTPJ_LIB): _ASTCFLAGS+=-fPIC -DAST_MODULE=\"asteriskpj\" $(PJ_CFLAGS) -DAST_NOT_MODULE
-$(ASTPJ_LIB): LIBS+=$(PJPROJECT_LIBS) -lssl -lcrypto -luuid -lm -lpthread $(RT_LIB)
+$(ASTPJ_LIB): LIBS+=$(PJPROJECT_LIBS) $(OPENSSL_LIB) $(UUID_LIB) -lm -lpthread $(RT_LIB)
$(ASTPJ_LIB): SOLINK=$(DYLINK)
# Special rules for building a shared library (not a dynamically loadable module)
diff --git a/main/libasteriskssl.c b/main/libasteriskssl.c
index 8b19e247da9..e2e256f8ffe 100644
--- a/main/libasteriskssl.c
+++ b/main/libasteriskssl.c
@@ -37,7 +37,7 @@
#endif
#if defined(HAVE_OPENSSL) && \
- !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ (!defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
#include <dlfcn.h>
@@ -0,0 +1,67 @@
From 4187e60ab52cac3ed36036a354977310dab68dcb Mon Sep 17 00:00:00 2001
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
Date: Tue, 8 May 2018 15:16:10 +0200
Subject: [PATCH] all: use install(1) to install executables
When the destination file already exists, the current install script
will overwrite it with the new executable.
However, when the existing executable is a symlink or hardlink to
something else, like busybox, this effectively overwrites that something
with the new executable, and thus replaces busybox and all its applets
with the code for either of the three commands.
We fix that by simply calling install(1). install(1) is sufficiently
widespread that we don't bother checking for it, as this is just a
workaround while waiting for the version bump that will eventually fix
it for good.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
attr/Makefile | 4 ++--
getfattr/Makefile | 4 ++--
setfattr/Makefile | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/attr/Makefile b/attr/Makefile
index 1c467e8..326dd7e 100644
--- a/attr/Makefile
+++ b/attr/Makefile
@@ -29,6 +29,6 @@ default: $(LTCOMMAND)
include $(BUILDRULES)
install: default
- $(INSTALL) -m 755 -d $(PKG_BIN_DIR)
- $(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)
+ install -D -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)/$(LTCOMMAND)
+
install-dev install-lib:
diff --git a/getfattr/Makefile b/getfattr/Makefile
index 91d3df2..f913172 100644
--- a/getfattr/Makefile
+++ b/getfattr/Makefile
@@ -30,6 +30,6 @@ default: $(LTCOMMAND)
include $(BUILDRULES)
install: default
- $(INSTALL) -m 755 -d $(PKG_BIN_DIR)
- $(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)
+ install -D -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)/$(LTCOMMAND)
+
install-dev install-lib:
diff --git a/setfattr/Makefile b/setfattr/Makefile
index d55461b..26dc5d8 100644
--- a/setfattr/Makefile
+++ b/setfattr/Makefile
@@ -30,6 +30,6 @@ default: $(LTCOMMAND)
include $(BUILDRULES)
install: default
- $(INSTALL) -m 755 -d $(PKG_BIN_DIR)
- $(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)
+ install -D -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)/$(LTCOMMAND)
+
install-dev install-lib:
--
2.14.1
+2 -2
View File
@@ -51,8 +51,8 @@ define AUDIT_INSTALL_INIT_SYSTEMD
endef
define AUDIT_INSTALL_CLEANUP
$(RM) -rf $(TARGET_DIR)/etc/rc.d
$(RM) -rf $(TARGET_DIR)/etc/sysconfig
$(RM) $(TARGET_DIR)/etc/rc.d/init.d/auditd
$(RM) $(TARGET_DIR)/etc/sysconfig/auditd
endef
AUDIT_POST_INSTALL_TARGET_HOOKS += AUDIT_INSTALL_CLEANUP
+1 -1
View File
@@ -9,7 +9,7 @@ AUTOFS_SOURCE = autofs-$(AUTOFS_VERSION).tar.xz
AUTOFS_SITE = $(BR2_KERNEL_MIRROR)/linux/daemons/autofs/v5
AUTOFS_LICENSE = GPL-2.0+
AUTOFS_LICENSE_FILES = COPYING COPYRIGHT
AUTOFS_DEPENDENCIES = host-flex host-bison
AUTOFS_DEPENDENCIES = host-flex host-bison host-nfs-utils
# autofs looks on the build machine for the path of modprobe, so tell
# it explicitly where it will be located on the target.
+2
View File
@@ -2,6 +2,8 @@ comment "Binutils Options"
choice
prompt "Binutils Version"
default BR2_BINUTILS_VERSION_2_28_X if BR2_ARM_INSTRUCTIONS_THUMB
default BR2_BINUTILS_VERSION_2_28_X if BR2_ARM_INSTRUCTIONS_THUMB2
default BR2_BINUTILS_VERSION_2_29_X if !BR2_arc
default BR2_BINUTILS_VERSION_ARC if BR2_arc
help
+13
View File
@@ -136,5 +136,18 @@ ifeq ($(BR2_BINUTILS_ENABLE_LTO),y)
HOST_BINUTILS_CONF_OPTS += --enable-plugins --enable-lto
endif
# Hardlinks between binaries in different directories cause a problem
# with rpath fixup, so we de-hardlink those binaries, and replace them
# with copies instead.
BINUTILS_TOOLS = ar as ld ld.bfd nm objcopy objdump ranlib readelf strip
define HOST_BINUTILS_FIXUP_HARDLINKS
$(foreach tool,$(BINUTILS_TOOLS),\
rm -f $(HOST_DIR)/$(GNU_TARGET_NAME)/bin/$(tool) && \
cp -a $(HOST_DIR)/bin/$(GNU_TARGET_NAME)-$(tool) \
$(HOST_DIR)/$(GNU_TARGET_NAME)/bin/$(tool)
)
endef
HOST_BINUTILS_POST_INSTALL_HOOKS += HOST_BINUTILS_FIXUP_HARDLINKS
$(eval $(autotools-package))
$(eval $(host-autotools-package))
+1 -1
View File
@@ -33,7 +33,7 @@ case "$1" in
start
;;
*)
echo "Usage: $0 {start|stop|restart}"
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
+2 -1
View File
@@ -9,7 +9,8 @@ case "$1" in
echo /sbin/mdev >/proc/sys/kernel/hotplug
/sbin/mdev -s
# coldplug modules
find /sys/ -name modalias -print0 | xargs -0 sort -u -z | xargs -0 modprobe -abq
find /sys/ -name modalias -print0 | xargs -0 sort -u | tr '\n' '\0' | \
xargs -0 modprobe -abq
;;
stop)
;;
+6 -2
View File
@@ -16,9 +16,13 @@
# Startup the system
::sysinit:/bin/mount -t proc proc /proc
::sysinit:/bin/mount -o remount,rw /
::sysinit:/bin/mkdir -p /dev/pts
::sysinit:/bin/mkdir -p /dev/shm
::sysinit:/bin/mkdir -p /dev/pts /dev/shm
::sysinit:/bin/mount -a
::sysinit:/sbin/swapon -a
null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd
null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin
null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout
null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr
::sysinit:/bin/hostname -F /etc/hostname
# now run any rc scripts
::sysinit:/etc/init.d/rcS
+3 -3
View File
@@ -13,9 +13,9 @@ CIFS_UTILS_LICENSE_FILES = COPYING
CIFS_UTILS_AUTORECONF = YES
CIFS_UTILS_DEPENDENCIES = host-pkgconf
ifeq ($(BR2_TOOLCHAIN_SUPPORTS_PIE),)
CIFS_UTILS_CONF_OPTS += --disable-pie
endif
# Let's disable PIE unconditionally. We want PIE to be enabled only by
# the global BR2_RELRO_FULL option.
CIFS_UTILS_CONF_OPTS = --disable-pie --disable-man
ifeq ($(BR2_PACKAGE_KEYUTILS),y)
CIFS_UTILS_DEPENDENCIES += keyutils
@@ -0,0 +1,46 @@
From c26b4c3550557442890f2f790d4f8b61a3734c1f Mon Sep 17 00:00:00 2001
From: Olivier Schonken <olivier.schonken@gmail.com>
Date: Thu, 8 Mar 2018 12:32:23 +0200
Subject: [PATCH] install: don't use ln -r
Oldish enterprise-class distributions have too old versions of
coreutils, with ln not supporting -r.
So we fake it.
ln -r would create minimalist relative paths, but they are not
trivial to generate. Instead, we always create paths relative to the
root, i.e.:
ln -s -r /usr/bin/foo /usr/sbin/foo
would create: /usr/sbin/foo -> ../bin/foo
while we do : /usr/sbin/foo -> ../../usr/bin/foo
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
---
Makefile.am | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index d959227..b49914a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -998,11 +998,11 @@ install-exec-hook:
$(INSTALL) -d -m 755 $(DESTDIR)$(pkgfilterdir)
$(INSTALL) -d -m 755 $(DESTDIR)$(pkgbackenddir)
if ENABLE_FOOMATIC
- $(LN_S) -r -f $(DESTDIR)$(pkgfilterdir)/foomatic-rip $(DESTDIR)$(bindir)
+ $(LN_S) -f ../..$(pkgfilterdir)/foomatic-rip $(DESTDIR)$(bindir)
endif
if ENABLE_DRIVERLESS
- $(LN_S) -r -f $(DESTDIR)$(pkgppdgendir)/driverless $(DESTDIR)$(bindir)
- $(LN_S) -r -f $(DESTDIR)$(pkgppdgendir)/driverless $(DESTDIR)$(pkgbackenddir)
+ $(LN_S) -f ../..$(pkgppdgendir)/driverless $(DESTDIR)$(bindir)
+ $(LN_S) -f ../..$(pkgppdgendir)/driverless $(DESTDIR)$(pkgbackenddir)
endif
if ENABLE_BRAILLE
$(LN_S) -f imagetobrf $(DESTDIR)$(pkgfilterdir)/imagetoubrl
--
2.14.1
+2 -1
View File
@@ -1,2 +1,3 @@
# Locally computed:
sha256 95254d7950df4c74d293ed7dfa0b714f51cff329a82da74a4ac976d342bb35ab cups-filters-1.17.9.tar.gz
sha256 aad95e35033154f54639923b439e0657fc9f616b9eac7490df89514362551f98 cups-filters-1.20.3.tar.gz
sha256 24cc91478ca68d6d982dfd86181210ad5f0931ec431bdb740793e3d6555fdcd8 COPYING
+3 -2
View File
@@ -4,7 +4,7 @@
#
################################################################################
CUPS_FILTERS_VERSION = 1.17.9
CUPS_FILTERS_VERSION = 1.20.3
CUPS_FILTERS_SITE = http://openprinting.org/download/cups-filters
CUPS_FILTERS_LICENSE = GPL-2.0, GPL-2.0+, GPL-3.0, GPL-3.0+, LGPL-2, LGPL-2.1+, MIT, BSD-4-Clause
CUPS_FILTERS_LICENSE_FILES = COPYING
@@ -40,7 +40,8 @@ else
CUPS_FILTERS_CONF_OPTS += --disable-dbus
endif
ifeq ($(BR2_PACKAGE_AVAHI),y)
# avahi support requires avahi-client, which needs avahi-daemon and dbus
ifeq ($(BR2_PACKAGE_AVAHI_DAEMON)$(BR2_PACKAGE_DBUS),yy)
CUPS_FILTERS_DEPENDENCIES += avahi
CUPS_FILTERS_CONF_OPTS += --enable-avahi
else
+3
View File
@@ -9,6 +9,9 @@ DASH_SITE = http://gondor.apana.org.au/~herbert/dash/files
DASH_LICENSE = BSD-3-Clause, GPL-2.0+ (mksignames.c)
DASH_LICENSE_FILES = COPYING
# dash does not build in parallel
DASH_MAKE = $(MAKE1)
ifeq ($(BR2_PACKAGE_LIBEDIT),y)
DASH_DEPENDENCIES += libedit host-pkgconf
DASH_CONF_OPTS += --with-libedit
-3
View File
@@ -5,6 +5,3 @@ config BR2_PACKAGE_EBTABLES
Ethernet bridge frame table administration
http://ebtables.netfilter.org/
comment "ebtables needs a glibc or uClibc toolchain"
depends on BR2_USE_MMU
+16
View File
@@ -29,4 +29,20 @@ endif
HOST_ELF2FLT_CONF_ENV = LIBS="$(HOST_ELF2FLT_LIBS)"
# Hardlinks between binaries in different directories cause a problem
# with rpath fixup, so we de-hardlink those binaries, and replace them
# with copies instead. Note that elf2flt will rename ld to ld.real
# before installing its own ld, but we already took care of the
# original ld from binutils so that it is already de-hardlinked. So
# ld is now the one from elf2flt, and we want to de-hardlinke it.
ELF2FLT_TOOLS = elf2flt flthdr ld
define HOST_ELF2FLT_FIXUP_HARDLINKS
$(foreach tool,$(ELF2FLT_TOOLS),\
rm -f $(HOST_DIR)/$(GNU_TARGET_NAME)/bin/$(tool) && \
cp -a $(HOST_DIR)/bin/$(GNU_TARGET_NAME)-$(tool) \
$(HOST_DIR)/$(GNU_TARGET_NAME)/bin/$(tool)
)
endef
HOST_ELF2FLT_POST_INSTALL_HOOKS += HOST_ELF2FLT_FIXUP_HARDLINKS
$(eval $(host-autotools-package))
@@ -17,7 +17,7 @@ index 29a6ad3..420ba60 100644
- @echo "$(CC) buildconfig.c"
- $(FE)$(CC) $(CFLAGS) $(INCLUDE) -o buildconfig buildconfig.c $(LIBS)
+ @echo "$(HOSTCC) buildconfig.c"
+ $(FE)$(HOSTCC) $(HOSTCFLAGS) $(INCLUDE) -o buildconfig buildconfig.c $(LIBS)
+ $(FE)$(HOSTCC) $(HOSTCFLAGS) $(INCLUDE) -o buildconfig buildconfig.c
# Target for the exicyclog utility script
+4
View File
@@ -0,0 +1,4 @@
# From https://sourceforge.net/projects/expect/files/Expect/5.45.3/expect5.45.3.tar.gz.SHA256
sha256 c520717b7195944a69ce1492ec82ca0ac3f3baf060804e6c5ee6d505ea512be9 expect5.45.3.tar.gz
# Locally calculated
sha256 b2415b17dc8d9a287f4509047ef5ac3436baef7ba7c50faef5222dcdf61a2bab README
+4 -3
View File
@@ -4,12 +4,13 @@
#
################################################################################
# Version 5.45.3
EXPECT_VERSION = 2014-05-02
EXPECT_SITE = cvs://expect.cvs.sourceforge.net:/cvsroot/expect
EXPECT_VERSION = 5.45.3
EXPECT_SITE = https://sourceforge.net/projects/expect/files/Expect/$(EXPECT_VERSION)
EXPECT_SOURCE = expect$(EXPECT_VERSION).tar.gz
EXPECT_LICENSE = Public domain
EXPECT_LICENSE_FILES = README
# 0001-enable-cross-compilation.patch
EXPECT_AUTORECONF = YES
EXPECT_DEPENDENCIES = tcl
EXPECT_CONF_OPTS = --with-tcl=$(BUILD_DIR)/tcl-$(TCL_VERSION)/unix
+1 -1
View File
@@ -6,7 +6,7 @@ config BR2_PACKAGE_F2FS_TOOLS
help
Tools for Flash-Friendly File System (F2FS)
http://sourceforge.net/projects/f2fs-tools/
https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs-tools.git
comment "f2fs-tools needs a toolchain w/ wchar"
depends on !BR2_USE_WCHAR
@@ -0,0 +1,32 @@
From bcde6e6f34c3cf78a254315c5caa530db91802fb Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Thu, 17 May 2018 23:41:03 +0200
Subject: [PATCH] src/Makefile: disable -Werror
gcc 8.x has enabled additional warnings that break the build due to
-Werror, so let's drop -Werror for now. A set of patches has been
submitted upstream (https://github.com/wolfcw/libfaketime/pull/161) to
properly fix the gcc 8.x issues, but in the mean time, disabling
-Werror is a simpler option.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
src/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile b/src/Makefile
index bbbd476..6b0d2cd 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -67,7 +67,7 @@ INSTALL ?= install
PREFIX ?= /usr/local
LIBDIRNAME ?= /lib/faketime
-CFLAGS += -std=gnu99 -Wall -Wextra -Werror -Wno-nonnull-compare -DFAKE_STAT -DFAKE_SLEEP -DFAKE_TIMERS -DFAKE_INTERNAL_CALLS -fPIC -DPREFIX='"'$(PREFIX)'"' -DLIBDIRNAME='"'$(LIBDIRNAME)'"'
+CFLAGS += -std=gnu99 -Wall -Wextra -Wno-nonnull-compare -DFAKE_STAT -DFAKE_SLEEP -DFAKE_TIMERS -DFAKE_INTERNAL_CALLS -fPIC -DPREFIX='"'$(PREFIX)'"' -DLIBDIRNAME='"'$(LIBDIRNAME)'"'
LIB_LDFLAGS += -shared
LDFLAGS += -Wl,--version-script=libfaketime.map -lpthread
LDADD += -ldl -lm -lrt
--
2.14.3
@@ -0,0 +1,30 @@
From a642587a9c9e2dd7feacdf513c3643ce26ad3c22 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Sat, 9 Jun 2018 16:00:06 +0000
Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis)
[baruch: drop file version string update hunk]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit a642587a9c9 in github mirror
src/readelf.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/readelf.c b/src/readelf.c
index 79c83f9f5048..1f41b46113c3 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
cname = (unsigned char *)
&nbuf[doff + prpsoffsets(i)];
- for (cp = cname; *cp && isprint(*cp); cp++)
+ for (cp = cname; cp < nbuf + size && *cp
+ && isprint(*cp); cp++)
continue;
/*
* Linux apparently appends a space at the end
--
2.17.1
+4 -1
View File
@@ -1,2 +1,5 @@
# Locally calculated
sha256 8639dc4d1b21e232285cd483604afc4a6ee810710e00e579dbe9591681722b50 file-5.32.tar.gz
sha256 1c52c8c3d271cd898d5511c36a68059cda94036111ab293f01f83c3525b737c6 file-5.33.tar.gz
sha256 3c0ad13c36f891a9b4f951e59eb2fc108065a46f849697cc6fd3cdb41cc23a3d COPYING
sha256 d98ee4d8d95e7d021a5dfc41f137ecc3b624a7b98e8bd793130202d12a21ed57 src/mygetopt.h
sha256 85e358d575ad4ac5b38b623a25b24246ccff3c7e680d930c0a9ff5228fe434b6 src/vasprintf.c
+8 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
FILE_VERSION = 5.32
FILE_VERSION = 5.33
FILE_SITE = ftp://ftp.astron.com/pub/file
FILE_DEPENDENCIES = host-file zlib
HOST_FILE_DEPENDENCIES = host-zlib
@@ -13,5 +13,12 @@ FILE_INSTALL_STAGING = YES
FILE_LICENSE = BSD-2-Clause, BSD-4-Clause (one file), BSD-3-Clause (one file)
FILE_LICENSE_FILES = COPYING src/mygetopt.h src/vasprintf.c
ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
FILE_CONF_OPTS += --enable-libseccomp
FILE_DEPENDENCIES += libseccomp
else
FILE_CONF_OPTS += --disable-libseccomp
endif
$(eval $(autotools-package))
$(eval $(host-autotools-package))
+1 -1
View File
@@ -109,7 +109,7 @@ GDB_CONF_OPTS = \
--without-x \
--disable-sim \
$(GDB_DISABLE_BINUTILS_CONF_OPTS) \
$(if $(BR2_PACKAGE_GDB_SERVER),--enable-gdbserver) \
$(if $(BR2_PACKAGE_GDB_SERVER),--enable-gdbserver,--disable-gdbserver) \
--with-curses \
--without-included-gettext \
--disable-werror \
+1 -1
View File
@@ -1,4 +1,4 @@
# From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
sha256 cfad4337f2fdbfc1e2c8abce5e17e1dd4e1718a34ac2cbe3238fbe2426f2ea19 git-2.16.1.tar.xz
sha256 6e69b0e9c487e5da52a14d4829f0b6a28b2c18a0bb6fb67c0dc8b5b5658bd532 git-2.16.4.tar.xz
sha256 5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e COPYING
sha256 1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a LGPL-2.1
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
GIT_VERSION = 2.16.1
GIT_VERSION = 2.16.4
GIT_SOURCE = git-$(GIT_VERSION).tar.xz
GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
GIT_LICENSE = GPL-2.0, LGPL-2.1+
+1 -1
View File
@@ -1,4 +1,4 @@
# Locally calculated (fetched from Github)
sha256 00fbc845678a96f4acc574c4bda4be76506ecd8bafb2d08c58bfa3507625c81a glibc-glibc-2.26-146-gd300041c533a3d837c9f37a099bcc95466860e98.tar.gz
sha256 1e18aee61dc51a5aaf7bfcb65ed01894aa82c3d3f7b9a01f20d59cd9db2f082b glibc-glibc-2.26-160-g4df8479e6b3baf365bd4eedbba922b73471e5d73.tar.gz
# Locally calculated (fetched from Github)
sha256 5aa9adeac09727db0b8a52794186563771e74d70410e9fd86431e339953fd4bb glibc-arc-2017.09-release.tar.gz
+1 -1
View File
@@ -10,7 +10,7 @@ GLIBC_SITE = $(call github,foss-for-synopsys-dwc-arc-processors,glibc,$(GLIBC_VE
else
# Generate version string using:
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master
GLIBC_VERSION = glibc-2.26-146-gd300041c533a3d837c9f37a099bcc95466860e98
GLIBC_VERSION = glibc-2.26-160-g4df8479e6b3baf365bd4eedbba922b73471e5d73
# Upstream doesn't officially provide an https download link.
# There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
# sometimes the connection times out. So use an unofficial github mirror.
+2 -2
View File
@@ -1,3 +1,3 @@
# Locally computed based on signature
# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-1.4.22.tar.bz2.sig
sha256 9594a24bec63a21568424242e3f198b9d9828dea5ff0c335e47b06f835f930b4 gnupg-1.4.22.tar.bz2
# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-1.4.23.tar.bz2.sig
sha256 c9462f17e651b6507848c08c430c791287cd75491f8b5a8b50c6ed46b12678ba gnupg-1.4.23.tar.bz2
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
GNUPG_VERSION = 1.4.22
GNUPG_VERSION = 1.4.23
GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
GNUPG_SITE = https://gnupg.org/ftp/gcrypt/gnupg
GNUPG_LICENSE = GPL-3.0+
+4 -4
View File
@@ -1,6 +1,6 @@
# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000421.html
sha1 295298debcc2c12f02a2f2fdf04aecb6d6aae396 gnupg-2.2.6.tar.bz2
# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
sha1 d87553a125832ea90e8aeb3ceeecf24f88de56fb gnupg-2.2.8.tar.bz2
# Calculated based on the hash above and signature
# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.6.tar.bz2.sig
sha256 e64d8c5fa2d05938a5080cb784a98ac21be0812f2a26f844b18f0d6a0e711984 gnupg-2.2.6.tar.bz2
# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.8.tar.bz2.sig
sha256 777b4cb8ced21965a5053d4fa20fe11484f0a478f3d011cef508a1a49db50dcd gnupg-2.2.8.tar.bz2
sha256 bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357 COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
GNUPG2_VERSION = 2.2.6
GNUPG2_VERSION = 2.2.8
GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
GNUPG2_LICENSE = GPL-3.0+
@@ -8,10 +8,10 @@ GST1_PLUGINS_BAD_VERSION = 1.12.4
GST1_PLUGINS_BAD_SOURCE = gst-plugins-bad-$(GST1_PLUGINS_BAD_VERSION).tar.xz
GST1_PLUGINS_BAD_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-bad
GST1_PLUGINS_BAD_INSTALL_STAGING = YES
GST1_PLUGINS_BAD_LICENSE_FILES = COPYING COPYING.LIB
# Unknown and GPL licensed plugins will append to GST1_PLUGINS_BAD_LICENSE if
# enabled.
GST1_PLUGINS_BAD_LICENSE = LGPL-2.0+, LGPL-2.1+
# Additional plugin licenses will be appended to GST1_PLUGINS_BAD_LICENSE and
# GST1_PLUGINS_BAD_LICENSE_FILES if enabled.
GST1_PLUGINS_BAD_LICENSE_FILES = COPYING.LIB
GST1_PLUGINS_BAD_LICENSE := LGPL-2.0+, LGPL-2.1+
GST1_PLUGINS_BAD_CONF_OPTS = \
--disable-examples \
@@ -198,7 +198,6 @@ endif
ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_AUDIOVISUALIZERS),y)
GST1_PLUGINS_BAD_CONF_OPTS += --enable-audiovisualizers
GST1_PLUGINS_BAD_HAS_GPL_LICENSE = y
else
GST1_PLUGINS_BAD_CONF_OPTS += --disable-audiovisualizers
endif
@@ -379,7 +378,7 @@ else
GST1_PLUGINS_BAD_CONF_OPTS += --disable-mxf
endif
ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_NETSIM),y)
ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_NETSIM),y)
GST1_PLUGINS_BAD_CONF_OPTS += --enable-netsim
else
GST1_PLUGINS_BAD_CONF_OPTS += --disable-netsim
@@ -514,6 +513,7 @@ endif
ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_YADIF),y)
GST1_PLUGINS_BAD_CONF_OPTS += --enable-yadif
GST1_PLUGINS_BAD_HAS_GPL_LICENSE = y
else
GST1_PLUGINS_BAD_CONF_OPTS += --disable-yadif
endif
@@ -585,7 +585,6 @@ endif
ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_FDK_AAC),y)
GST1_PLUGINS_BAD_CONF_OPTS += --enable-fdk_aac
GST1_PLUGINS_BAD_DEPENDENCIES += fdk-aac
GST1_PLUGINS_BAD_HAS_UNKNOWN_LICENSE = y
else
GST1_PLUGINS_BAD_CONF_OPTS += --disable-fdk_aac
endif
@@ -632,6 +631,7 @@ endif
ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_DTLS),y)
GST1_PLUGINS_BAD_CONF_OPTS += --enable-dtls
GST1_PLUGINS_BAD_DEPENDENCIES += openssl
GST1_PLUGINS_BAD_HAS_BSD2C_LICENSE = y
else
GST1_PLUGINS_BAD_CONF_OPTS += --disable-dtls
endif
@@ -682,6 +682,7 @@ endif
ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_OPENH264),y)
GST1_PLUGINS_BAD_CONF_OPTS += --enable-openh264
GST1_PLUGINS_BAD_DEPENDENCIES += libopenh264
GST1_PLUGINS_BAD_HAS_BSD2C_LICENSE = y
else
GST1_PLUGINS_BAD_CONF_OPTS += --disable-openh264
endif
@@ -771,12 +772,18 @@ endif
# Add GPL license if GPL licensed plugins enabled.
ifeq ($(GST1_PLUGINS_BAD_HAS_GPL_LICENSE),y)
GST1_PLUGINS_BAD_LICENSE += GPL
GST1_PLUGINS_BAD_LICENSE := $(GST1_PLUGINS_BAD_LICENSE), GPL-2.0+
GST1_PLUGINS_BAD_LICENSE_FILES += COPYING
endif
# Add BSD license if BSD licensed plugins enabled.
ifeq ($(GST1_PLUGINS_BAD_HAS_BSD2C_LICENSE),y)
GST1_PLUGINS_BAD_LICENSE := $(GST1_PLUGINS_BAD_LICENSE), BSD-2-Clause
endif
# Add Unknown license if Unknown licensed plugins enabled.
ifeq ($(GST1_PLUGINS_BAD_HAS_UNKNOWN_LICENSE),y)
GST1_PLUGINS_BAD_LICENSE += UNKNOWN
GST1_PLUGINS_BAD_LICENSE := $(GST1_PLUGINS_BAD_LICENSE), UNKNOWN
endif
# Use the following command to extract license info for plugins.
+1 -1
View File
@@ -1,3 +1,3 @@
# Locally computed
sha256 723a28f9cbc5c6130f496065fc01c839083e97bf3e4930f940a03c0155046170 7.0.7-27.tar.gz
sha256 ac957ef303fb870cb92331947ebcdcef5b553e80c7897c0aec866889f35e1a23 7.0.7-38.tar.gz
sha256 2318cc05bbd2c25c1b2d13af1aadccc45b9cf6f94757421ae59a3c8ea9064f1c LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
IMAGEMAGICK_VERSION = 7.0.7-27
IMAGEMAGICK_VERSION = 7.0.7-38
IMAGEMAGICK_SOURCE = $(IMAGEMAGICK_VERSION).tar.gz
IMAGEMAGICK_SITE = https://github.com/ImageMagick/ImageMagick/archive
IMAGEMAGICK_LICENSE = Apache-2.0
+11 -5
View File
@@ -1,10 +1,17 @@
config BR2_PACKAGE_JAMVM_ARCH_SUPPORTS
bool
default y if BR2_arm || BR2_armeb
default y if BR2_i386 || BR2_x86_64
default y if (BR2_mips || BR2_mipsel) \
&& (BR2_MIPS_FP32_MODE_32 || BR2_MIPS_SOFT_FLOAT)
default y if BR2_powerpc
config BR2_PACKAGE_JAMVM
bool "jamvm"
depends on BR2_PACKAGE_JAMVM_ARCH_SUPPORTS
depends on BR2_PACKAGE_CLASSPATH_ARCH_SUPPORTS
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on !BR2_STATIC_LIBS
depends on BR2_arm || BR2_armeb || BR2_i386 || BR2_x86_64 \
|| BR2_mips || BR2_mipsel || BR2_powerpc
depends on BR2_PACKAGE_CLASSPATH_ARCH_SUPPORTS
select BR2_PACKAGE_ZLIB
select BR2_PACKAGE_CLASSPATH
help
@@ -14,7 +21,6 @@ config BR2_PACKAGE_JAMVM
http://jamvm.sf.net
comment "jamvm needs a toolchain w/ threads, dynamic library"
depends on BR2_arm || BR2_armeb || BR2_i386 || BR2_x86_64 \
|| BR2_mips || BR2_mipsel || BR2_powerpc
depends on BR2_PACKAGE_JAMVM_ARCH_SUPPORTS
depends on BR2_PACKAGE_CLASSPATH_ARCH_SUPPORTS
depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
+2
View File
@@ -3,3 +3,5 @@ sha1 e788f6defa58b4393a5e1685c018f3b962971457 libjpeg-turbo-1.5.2.tar.gz
md5 6b4923e297a7eaa255f08511017a8818 libjpeg-turbo-1.5.2.tar.gz
# Locally computed
sha256 9098943b270388727ae61de82adec73cf9f0dbb240b3bc8b172595ebf405b528 libjpeg-turbo-1.5.2.tar.gz
sha256 5c08657eda60b7946a913ee22ac73603335a468a6aa95204506a1586a8d677ee LICENSE.md
sha256 53a3e3c299e08856964f4c5986e242c3695837b73c64625092f70c774e8af5d2 README.ijg
+2 -2
View File
@@ -7,8 +7,8 @@
JPEG_TURBO_VERSION = 1.5.2
JPEG_TURBO_SOURCE = libjpeg-turbo-$(JPEG_TURBO_VERSION).tar.gz
JPEG_TURBO_SITE = https://downloads.sourceforge.net/project/libjpeg-turbo/$(JPEG_TURBO_VERSION)
JPEG_TURBO_LICENSE = jpeg-license (BSD-3-Clause-like)
JPEG_TURBO_LICENSE_FILES = LICENSE.md
JPEG_TURBO_LICENSE = IJG (libjpeg), BSD-3-Clause (TurboJPEG), Zlib (SIMD)
JPEG_TURBO_LICENSE_FILES = LICENSE.md README.ijg
JPEG_TURBO_INSTALL_STAGING = YES
JPEG_TURBO_PROVIDES = jpeg
JPEG_TURBO_DEPENDENCIES = host-pkgconf
+3
View File
@@ -1,2 +1,5 @@
# https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/sha256sums.asc
sha256 693c8ac51e983ee678205571ef272439d83afe62dd8e424ea14ad9790bc35162 libcap-2.25.tar.xz
# Hash for license file:
sha256 088cabde4662b4121258d298b0b2967bc1abffa134457ed9bc4a359685ab92bc License
+3
View File
@@ -18,6 +18,9 @@ HOST_LIBCAP_DEPENDENCIES = host-gperf
ifeq ($(BR2_STATIC_LIBS),y)
LIBCAP_MAKE_TARGET = libcap.a libcap.pc
LIBCAP_MAKE_INSTALL_TARGET = install-static
else ifeq ($(BR2_SHARED_LIBS),y)
LIBCAP_MAKE_TARGET = all
LIBCAP_MAKE_INSTALL_TARGET = install-shared
else
LIBCAP_MAKE_TARGET = all
LIBCAP_MAKE_INSTALL_TARGET = install
+1
View File
@@ -9,6 +9,7 @@ LIBCOAP_SITE = $(call github,obgm,libcoap,$(LIBCOAP_VERSION))
LIBCOAP_INSTALL_STAGING = YES
LIBCOAP_LICENSE = GPL-2.0+ or BSD-2-Clause
LIBCOAP_LICENSE_FILES = COPYING LICENSE.GPL LICENSE.BSD
LIBCOAP_DEPENDENCIES = host-pkgconf
LIBCOAP_CONF_OPTS = --disable-examples
LIBCOAP_AUTORECONF = YES
@@ -0,0 +1,40 @@
From b5fbc486e805805efb8400373ccec2a3dee1c81b Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Mon, 21 May 2018 12:07:00 +0200
Subject: [PATCH 1/1] Fix link with ssh2 built with a static mbedtls
The ssh2 pkg-config file could contain the following lines when build
with a static version of mbedtls:
Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a
Libs.private: /xxx/libmbedcrypto.a
This static mbedtls library must be used to correctly detect ssh2
support and this library must be copied in libcurl.pc otherwise
compilation of any application (such as upmpdcli) with libcurl will fail
when trying to found mbedtls functions included in libssh2.
So, replace pkg-config --libs-only-l by pkg-config --libs.
Fixes:
- http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 5569a26b4..9e2606885 100755
--- a/configure.ac
+++ b/configure.ac
@@ -2766,7 +2766,7 @@ if test X"$OPT_LIBSSH2" != Xno; then
CURL_CHECK_PKGCONFIG(libssh2)
if test "$PKGCONFIG" != "no" ; then
- LIB_SSH2=`$PKGCONFIG --libs-only-l libssh2`
+ LIB_SSH2=`$PKGCONFIG --libs libssh2`
LD_SSH2=`$PKGCONFIG --libs-only-L libssh2`
CPP_SSH2=`$PKGCONFIG --cflags-only-I libssh2`
version=`$PKGCONFIG --modversion libssh2`
--
2.14.1
+2 -2
View File
@@ -1,4 +1,4 @@
# Locally calculated after checking pgp signature
# https://curl.haxx.se/download/curl-7.59.0.tar.xz.asc
sha256 e44eaabdf916407585bf5c7939ff1161e6242b6b015d3f2f5b758b2a330461fc curl-7.59.0.tar.xz
# https://curl.haxx.se/download/curl-7.60.0.tar.xz.asc
sha256 8736ff8ded89ddf7e926eec7b16f82597d029fc1469f3a551f1fafaac164e6a0 curl-7.60.0.tar.xz
sha256 5f3849ec38ddb927e79f514bf948890c41b8d1407286a49609b8fb1585931095 COPYING
+3 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBCURL_VERSION = 7.59.0
LIBCURL_VERSION = 7.60.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
@@ -14,6 +14,8 @@ LIBCURL_DEPENDENCIES = host-pkgconf \
LIBCURL_LICENSE = curl
LIBCURL_LICENSE_FILES = COPYING
LIBCURL_INSTALL_STAGING = YES
# We're patching configure.ac
LIBCURL_AUTORECONF = YES
# We disable NTLM support because it uses fork(), which doesn't work
# on non-MMU platforms. Moreover, this authentication method is
+4 -4
View File
@@ -1,6 +1,6 @@
# From https://www.gnupg.org/download/integrity_check.html
sha1 ab8aae5d7a68f8e0988f90e11e7f6a4805af5c8d libgcrypt-1.8.2.tar.bz2
# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html
sha1 13bd2ce69e59ab538e959911dfae80ea309636e3 libgcrypt-1.8.3.tar.bz2
# Locally calculated after checking signature
# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.2.tar.bz2.sig
sha256 c8064cae7558144b13ef0eb87093412380efa16c4ee30ad12ecb54886a524c07 libgcrypt-1.8.2.tar.bz2
# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.3.tar.bz2.sig
sha256 66ec90be036747602f2b48f98312361a9180c97c68a690a5f376fa0f67d0af7c libgcrypt-1.8.3.tar.bz2
sha256 ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f030532 COPYING.LIB
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBGCRYPT_VERSION = 1.8.2
LIBGCRYPT_VERSION = 1.8.3
LIBGCRYPT_SOURCE = libgcrypt-$(LIBGCRYPT_VERSION).tar.bz2
LIBGCRYPT_LICENSE = LGPL-2.1+
LIBGCRYPT_LICENSE_FILES = COPYING.LIB
+1 -1
View File
@@ -7,7 +7,7 @@
LIBJPEG_VERSION = 9b
LIBJPEG_SITE = http://www.ijg.org/files
LIBJPEG_SOURCE = jpegsrc.v$(LIBJPEG_VERSION).tar.gz
LIBJPEG_LICENSE = jpeg-license (BSD-3-Clause-like)
LIBJPEG_LICENSE = IJG
LIBJPEG_LICENSE_FILES = README
LIBJPEG_INSTALL_STAGING = YES
LIBJPEG_PROVIDES = jpeg
@@ -0,0 +1,33 @@
From f0ce70989526fc9a0223398c99ea0d09777ea5df Mon Sep 17 00:00:00 2001
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 15 Feb 2018 16:34:02 +1100
Subject: [PATCH] Bug 1438426 - Avoid stringop-truncation warning, r=franziskus
--HG--
extra : rebase_source : 4ea1630d0da0ce3523309e3da33ee50961682242
Upstream-commit: https://github.com/nss-dev/nss/commit/f0ce70989526fc9a0223398c99ea0d09777ea5df
[Thomas: edited after git format-patch to add the nss/ prefix needed
for the patch to apply properly on the source code extracted by the
tarball.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
nss/coreconf/nsinstall/pathsub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nss/coreconf/nsinstall/pathsub.c b/nss/coreconf/nsinstall/pathsub.c
index a42a9f30a..c31a946f0 100644
--- a/nss/coreconf/nsinstall/pathsub.c
+++ b/nss/coreconf/nsinstall/pathsub.c
@@ -212,7 +212,7 @@ reversepath(char *inpath, char *name, int len, char *outpath)
xchdir("..");
} else {
cp -= 3;
- strncpy(cp, "../", 3);
+ memcpy(cp, "../", 3);
xchdir(buf);
}
}
--
2.14.3
+1 -1
View File
@@ -1,2 +1,2 @@
# From https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/SHA256
sha256 638a20c2f9e99ee283a841cd787ab4d846d1880e180c4e96904fc327d419d11f libressl-2.6.4.tar.gz
sha256 859edfc71019d27c448fe148e679afdd972a0baa91b21f02b2b2f5f8a84ddd2a libressl-2.6.5.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBRESSL_VERSION = 2.6.4
LIBRESSL_VERSION = 2.6.5
LIBRESSL_SITE = https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
LIBRESSL_LICENSE = ISC (new additions), OpenSSL or SSLeay (original OpenSSL code)
LIBRESSL_LICENSE_FILES = COPYING
File diff suppressed because it is too large Load Diff
@@ -1,4 +1,4 @@
From eba198c27f2b8d3f0b27ea4a42f3dc79d397440c Mon Sep 17 00:00:00 2001
From 001e3f26dc80b8f21bed7d9b5872fe10e8b4af04 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Sat, 10 Nov 2012 17:29:53 +0100
Subject: [PATCH] Automatically generate XDR header files from .x sources using
@@ -8,21 +8,23 @@ Subject: [PATCH] Automatically generate XDR header files from .x sources using
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[yann.morin.1998@free.fr: update for 0.3.1]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[baruch: use external rpcgen]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Makefile.am | 19 +-
Makefile.am | 16 +-
src/Makefile.am | 2 +-
tirpc/rpc/rpcb_prot.h | 797 --------------------------------------------------
tirpc/rpcsvc/crypt.h | 109 -------
4 files changed, 17 insertions(+), 910 deletions(-)
tirpc/rpc/rpcb_prot.h | 797 ------------------------------------------
tirpc/rpcsvc/crypt.h | 109 ------
4 files changed, 14 insertions(+), 910 deletions(-)
delete mode 100644 tirpc/rpc/rpcb_prot.h
delete mode 100644 tirpc/rpcsvc/crypt.h
diff --git a/Makefile.am b/Makefile.am
index 8558289..aa5908e 100644
index 3f6063771faf..368fb8a1aed2 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,9 @@
SUBDIRS = src man doc rpcgen
SUBDIRS = src man doc
ACLOCAL_AMFLAGS = -I m4
+GENFILES = tirpc/rpcsvc/crypt.h \
@@ -39,7 +41,7 @@ index 8558289..aa5908e 100644
tirpc/rpc/xdr.h \
tirpc/rpc/types.h \
tirpc/rpc/svc_soc.h \
@@ -20,7 +22,6 @@ nobase_include_HEADERS = tirpc/netconfig.h \
@@ -21,7 +23,6 @@ nobase_include_HEADERS = tirpc/netconfig.h \
tirpc/rpc/rpcent.h \
tirpc/rpc/rpc_com.h \
tirpc/rpc/rpcb_prot.x \
@@ -47,7 +49,7 @@ index 8558289..aa5908e 100644
tirpc/rpc/rpcb_clnt.h \
tirpc/rpc/raw.h \
tirpc/rpc/pmap_rmt.h \
@@ -51,5 +52,17 @@ endif
@@ -48,5 +49,14 @@ endif
pkgconfigdir=$(libdir)/pkgconfig
pkgconfig_DATA = libtirpc.pc
@@ -55,19 +57,16 @@ index 8558289..aa5908e 100644
+nobase_nodist_include_HEADERS = $(GENFILES)
+BUILT_SOURCES = $(GENFILES)
+
+$(GENFILES): %.h: %.x $(top_builddir)/rpcgen/rpcgen
+$(GENFILES): %.h: %.x
+ mkdir -p $(dir $@)
+ $(top_builddir)/rpcgen/rpcgen -h -o $@ $<
+
+$(top_builddir)/rpcgen/rpcgen: force
+ cd rpcgen && $(MAKE)
+ rpcgen -h -o $@ $<
+
+force:
+
+CLEANFILES = cscope.* *~ $(GENFILES)
DISTCLEANFILES = Makefile.in libtirpc*.tar.gz
diff --git a/src/Makefile.am b/src/Makefile.am
index 7428e92..0356171 100644
index 2af40f16d03a..0b7e23835c36 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -8,7 +8,7 @@
@@ -81,7 +80,7 @@ index 7428e92..0356171 100644
diff --git a/tirpc/rpc/rpcb_prot.h b/tirpc/rpc/rpcb_prot.h
deleted file mode 100644
index 7ae48b8..0000000
index 7ae48b805370..000000000000
--- a/tirpc/rpc/rpcb_prot.h
+++ /dev/null
@@ -1,797 +0,0 @@
@@ -884,7 +883,7 @@ index 7ae48b8..0000000
-#endif /* !_RPCB_PROT_H_RPCGEN */
diff --git a/tirpc/rpcsvc/crypt.h b/tirpc/rpcsvc/crypt.h
deleted file mode 100644
index da1f9cc..0000000
index da1f9ccb56ea..000000000000
--- a/tirpc/rpcsvc/crypt.h
+++ /dev/null
@@ -1,109 +0,0 @@
@@ -998,5 +997,5 @@ index da1f9cc..0000000
-
-#endif /* !_CRYPT_H_RPCGEN */
--
1.9.1
2.17.0
+8
View File
@@ -10,6 +10,7 @@ LIBTIRPC_SITE = http://downloads.sourceforge.net/project/libtirpc/libtirpc/$(LIB
LIBTIRPC_LICENSE = BSD-3-Clause
LIBTIRPC_LICENSE_FILES = COPYING
LIBTIRPC_DEPENDENCIES = host-nfs-utils
LIBTIRPC_INSTALL_STAGING = YES
LIBTIRPC_AUTORECONF = YES
@@ -18,4 +19,11 @@ LIBTIRPC_CONF_ENV = CFLAGS="$(TARGET_CFLAGS) -DGQ"
LIBTIRPC_CONF_OPTS = --disable-gssapi
define HOST_LIBTIRPC_INSTALL_CMDS
$(INSTALL) -D -m 0644 $(@D)/tirpc/rpc/types.h $(HOST_DIR)/include/rpc/types.h
$(INSTALL) -D -m 0644 $(@D)/tirpc/netconfig.h $(HOST_DIR)/include/netconfig.h
endef
$(eval $(autotools-package))
# We are only copying headers; no need for the autotools infrastructure
$(eval $(host-generic-package))
@@ -0,0 +1,65 @@
From 28afb6c537dc82ba04d5f245b15ca7205c6dbb9c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Mon, 26 Feb 2018 13:48:00 +0100
Subject: [PATCH] Limit client cut text length to 1 MB
This patch constrains a client cut text length to 1 MB. Otherwise
a client could make server allocate 2 GB of memory and that seems to
be to much to classify it as a denial of service.
The limit also prevents from an integer overflow followed by copying
an uninitilized memory when processing msg.cct.length value larger
than SIZE_MAX or INT_MAX - sz_rfbClientCutTextMsg.
This patch also corrects accepting length value of zero (malloc(0) is
interpreted on differnet systems differently).
CVE-2018-7225
<https://github.com/LibVNC/libvncserver/issues/218>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libvncserver/rfbserver.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
index 116c488..4fc4d9d 100644
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
@@ -88,6 +88,8 @@
#include <errno.h>
/* strftime() */
#include <time.h>
+/* PRIu32 */
+#include <inttypes.h>
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
#include "rfbssl.h"
@@ -2575,7 +2577,23 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
msg.cct.length = Swap32IfLE(msg.cct.length);
- str = (char *)malloc(msg.cct.length);
+ /* uint32_t input is passed to malloc()'s size_t argument,
+ * to rfbReadExact()'s int argument, to rfbStatRecordMessageRcvd()'s int
+ * argument increased of sz_rfbClientCutTextMsg, and to setXCutText()'s int
+ * argument. Here we impose a limit of 1 MB so that the value fits
+ * into all of the types to prevent from misinterpretation and thus
+ * from accessing uninitialized memory (CVE-2018-7225) and also to
+ * prevent from a denial-of-service by allocating to much memory in
+ * the server. */
+ if (msg.cct.length > 1<<20) {
+ rfbLog("rfbClientCutText: too big cut text length requested: %" PRIu32 "\n",
+ msg.cct.length);
+ rfbCloseClient(cl);
+ return;
+ }
+
+ /* Allow zero-length client cut text. */
+ str = (char *)calloc(msg.cct.length ? msg.cct.length : 1, 1);
if (str == NULL) {
rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");
rfbCloseClient(cl);
--
2.11.0
@@ -0,0 +1,28 @@
From: Thomas Daede <daede003@umn.edu>
Date: Wed, 9 May 2018 21:56:59 +0000 (-0700)
Subject: CVE-2017-14160: fix bounds check on very low sample rates.
X-Git-Url: https://git.xiph.org/?p=vorbis.git;a=commitdiff_plain;h=018ca26dece618457dd13585cad52941193c4a25
CVE-2017-14160: fix bounds check on very low sample rates.
Downloaded from upstream commit
https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=018ca26dece618457dd13585cad52941193c4a25
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
diff --git a/lib/psy.c b/lib/psy.c
index 422c6f1..1310123 100644
--- a/lib/psy.c
+++ b/lib/psy.c
@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
for (i = 0, x = 0.f;; i++, x += 1.f) {
lo = b[i] >> 16;
- if( lo>=0 ) break;
hi = b[i] & 0xffff;
+ if( lo>=0 ) break;
+ if( hi>=n ) break;
tN = N[hi] + N[-lo];
tX = X[hi] - X[-lo];
@@ -1,35 +0,0 @@
From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Fri, 10 Jun 2016 14:23:58 +0200
Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion
An empty decimal-separator could cause a heap overread. This can be
exploited to leak a couple of bytes after the buffer that holds the
pattern string.
Found with afl-fuzz and ASan.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit eb1030de311
libxslt/numbers.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libxslt/numbers.c b/libxslt/numbers.c
index d1549b46ca26..e78c46b6357b 100644
--- a/libxslt/numbers.c
+++ b/libxslt/numbers.c
@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self,
}
/* We have finished the integer part, now work on fraction */
- if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) {
+ if ( (*the_format != 0) &&
+ (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) {
format_info.add_decimal = TRUE;
the_format += xsltUTF8Size(the_format); /* Skip over the decimal */
}
--
2.10.2
+4 -1
View File
@@ -1,2 +1,5 @@
# Locally calculated after checking pgp signature
sha256 b5976e3857837e7617b29f2249ebb5eeac34e249208d31f1fbf7a6ba7a4090ce libxslt-1.1.29.tar.gz
sha256 526ecd0abaf4a7789041622c3950c0e7f2c4c8835471515fd77eec684a355460 libxslt-1.1.32.tar.gz
# Hash for license file:
sha256 7e48e290b6bfccc2ec1b297023a1d77f2fd87417f71fbb9f50aabef40a851819 COPYING
+4 -6
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBXSLT_VERSION = 1.1.29
LIBXSLT_VERSION = 1.1.32
LIBXSLT_SITE = ftp://xmlsoft.org/libxslt
LIBXSLT_INSTALL_STAGING = YES
LIBXSLT_LICENSE = MIT
@@ -13,11 +13,9 @@ LIBXSLT_LICENSE_FILES = COPYING
LIBXSLT_CONF_OPTS = \
--with-gnu-ld \
--without-debug \
--without-python \
--with-libxml-prefix=$(STAGING_DIR)/usr/ \
--with-libxml-libs-prefix=$(STAGING_DIR)/usr/lib
--without-python
LIBXSLT_CONFIG_SCRIPTS = xslt-config
LIBXSLT_DEPENDENCIES = libxml2
LIBXSLT_DEPENDENCIES = host-pkgconf libxml2
# GCC bug with Os/O2/O3, PR77311
# error: unable to find a register to spill in class 'CCREGS'
@@ -35,7 +33,7 @@ endif
HOST_LIBXSLT_CONF_OPTS = --without-debug --without-python --without-crypto
HOST_LIBXSLT_DEPENDENCIES = host-libxml2
HOST_LIBXSLT_DEPENDENCIES = host-pkgconf host-libxml2
$(eval $(autotools-package))
$(eval $(host-autotools-package))
+5 -5
View File
@@ -240,14 +240,14 @@ endchoice
config BR2_DEFAULT_KERNEL_HEADERS
string
default "3.2.101" if BR2_KERNEL_HEADERS_3_2
default "4.1.51" if BR2_KERNEL_HEADERS_4_1
default "4.4.131" if BR2_KERNEL_HEADERS_4_4
default "4.9.98" if BR2_KERNEL_HEADERS_4_9
default "3.2.102" if BR2_KERNEL_HEADERS_3_2
default "4.1.52" if BR2_KERNEL_HEADERS_4_1
default "4.4.138" if BR2_KERNEL_HEADERS_4_4
default "4.9.109" if BR2_KERNEL_HEADERS_4_9
default "4.10.17" if BR2_KERNEL_HEADERS_4_10
default "4.11.12" if BR2_KERNEL_HEADERS_4_11
default "4.12.14" if BR2_KERNEL_HEADERS_4_12
default "4.13.16" if BR2_KERNEL_HEADERS_4_13
default "4.14.39" if BR2_KERNEL_HEADERS_4_14
default "4.14.50" if BR2_KERNEL_HEADERS_4_14
default "4.15.18" if BR2_KERNEL_HEADERS_4_15
default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
+1 -1
View File
@@ -7,7 +7,7 @@
LOG4CPLUS_VERSION = 1.1.2
LOG4CPLUS_SOURCE = log4cplus-$(LOG4CPLUS_VERSION).tar.xz
LOG4CPLUS_SITE = http://downloads.sourceforge.net/project/log4cplus/log4cplus-stable/$(LOG4CPLUS_VERSION)
LOG4CPLUS_LICENSE = Apache-2.0
LOG4CPLUS_LICENSE = Apache-2.0, BSD-2-Clause
LOG4CPLUS_LICENSE_FILES = LICENSE
LOG4CPLUS_INSTALL_STAGING = YES
+4
View File
@@ -24,6 +24,10 @@ define LRZSZ_INSTALL_TARGET_CMDS
$(INSTALL) -m 0755 -D $(@D)/src/lsz $(TARGET_DIR)/usr/bin/sz
ln -sf rz $(TARGET_DIR)/usr/bin/lrz
ln -sf sz $(TARGET_DIR)/usr/bin/lsz
ln -sf rz $(TARGET_DIR)/usr/bin/rb
ln -sf sz $(TARGET_DIR)/usr/bin/sb
ln -sf rz $(TARGET_DIR)/usr/bin/rx
ln -sf sz $(TARGET_DIR)/usr/bin/sx
endef
$(eval $(autotools-package))
+13 -6
View File
@@ -1,14 +1,20 @@
config BR2_PACKAGE_LTRACE_ARCH_SUPPORTS
bool
default y if BR2_arm
default y if BR2_i386
default y if BR2_mips
default y if BR2_mipsel
default y if BR2_powerpc
default y if BR2_sparc
default y if BR2_x86_64
default y if BR2_xtensa
config BR2_PACKAGE_LTRACE
bool "ltrace"
depends on BR2_USE_WCHAR # elfutils
depends on !BR2_STATIC_LIBS # elfutils
depends on BR2_TOOLCHAIN_USES_UCLIBC || BR2_TOOLCHAIN_USES_GLIBC # elfutils
# ltrace normally has mips/mipsel support, but it's currently
# broken (error: 'struct ltelf' has no member named
# 'relplt_count'). Issue reported upstream at
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756764.
depends on (BR2_i386 || BR2_arm || BR2_mips || BR2_mipsel \
|| BR2_powerpc || BR2_sparc || BR2_x86_64 || BR2_xtensa)
depends on BR2_PACKAGE_LTRACE_ARCH_SUPPORTS
select BR2_PACKAGE_ELFUTILS
help
Debugging program which runs a specified command until it
@@ -19,5 +25,6 @@ config BR2_PACKAGE_LTRACE
http://ltrace.org
comment "ltrace needs a uClibc or glibc toolchain w/ wchar, dynamic library"
depends on BR2_PACKAGE_LTRACE_ARCH_SUPPORTS
depends on !BR2_USE_WCHAR || BR2_STATIC_LIBS \
|| !(BR2_TOOLCHAIN_USES_UCLIBC || BR2_TOOLCHAIN_USES_GLIBC)
@@ -0,0 +1,41 @@
From bb47abe9e7996147f6b7b325f5c9b2143abf8f13 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Mon, 7 May 2018 22:00:52 +0200
Subject: [PATCH] src/chrtrans: don't build host tools with target LDFLAGS
In a cross-compilation context, the LDFLAGS variable contains linker
flags used when building things for the target. However, the makeuctb
tool is built for the host machine, and therefore should not use the
same LDFLAGS as the target, which is why BUILD_LDFLAGS exist.
Using LDFLAGS when building a tool for the host can cause problems
when some flags in LDFLAGS are not supported by the host machine. For
example, if you're linking statically lynx for the target, but the
build machine does not support static linking:
gcc -I../.. -I../../src -I../../src/chrtrans -I../../WWW/Library/Implementation -I../../ -static -o makeuctb makeuctb.o
/usr/bin/ld: cannot find -lc
collect2: error: ld returned 1 exit status
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream-status: submitted on the mailing list
---
src/chrtrans/makefile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/chrtrans/makefile.in b/src/chrtrans/makefile.in
index aab358f..6e0ef03 100644
--- a/src/chrtrans/makefile.in
+++ b/src/chrtrans/makefile.in
@@ -123,7 +123,7 @@ OBJS = makeuctb$o
C_SRC = $(OBJS:$o=.c)
$(MAKEUCTB) : $(OBJS)
- $(BUILD_CC) $(CC_OPTS) $(LDFLAGS) $(BUILD_LDFLAGS) -o $@ $(OBJS) $(INTLLIB) $(BUILD_LIBS)
+ $(BUILD_CC) $(CC_OPTS) $(BUILD_LDFLAGS) -o $@ $(OBJS) $(INTLLIB) $(BUILD_LIBS)
makeuctb$o : $(srcdir)/UCkd.h $(srcdir)/makeuctb.c
--
2.14.3
+2 -2
View File
@@ -1,5 +1,5 @@
# From https://downloads.mariadb.org/mariadb/10.1.31/
sha256 ab7641c2fe4e5289da6141766a9c3350e013def56fafd6f1377080bc8048b2e6 mariadb-10.1.31.tar.gz
# From https://downloads.mariadb.org/mariadb/10.1.33/
sha256 94312c519f2c0c25e1964c64e22aff0036fb22dfb2685638f43a6b2211395d2d mariadb-10.1.33.tar.gz
# Hash for license files
sha256 69ce89a0cadbe35a858398c258be93c388715e84fc0ca04e5a1fd1aa9770dd3a README
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
MARIADB_VERSION = 10.1.31
MARIADB_VERSION = 10.1.33
MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
MARIADB_LICENSE = GPL-2.0 (server), GPL-2.0 with FLOSS exception (GPL client library), LGPL-2.0 (LGPL client library)
# Tarball no longer contains LGPL license text
+3 -3
View File
@@ -1,5 +1,5 @@
# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
sha1 e36d7cbdc2ed0a5d5659385840e8fbb4d351234e mbedtls-2.7.2-apache.tgz
sha256 fd38c2bb5fbe1ffd3e7fdcdd71130986f2010f25b3a5575eb8ded0dd3bc573d7 mbedtls-2.7.2-apache.tgz
# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.12-released
sha1 8352f6713a9ee695f6f19e893c0e85941af71967 mbedtls-2.7.3-apache.tgz
sha256 05282af7d95fedb2430c248ffe3081646800b8dae9071f8da11a07100963d765 mbedtls-2.7.3-apache.tgz
# Locally calculated
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 apache-2.0.txt
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
MBEDTLS_SITE = https://tls.mbed.org/code/releases
MBEDTLS_VERSION = 2.7.2
MBEDTLS_VERSION = 2.7.3
MBEDTLS_SOURCE = mbedtls-$(MBEDTLS_VERSION)-apache.tgz
MBEDTLS_CONF_OPTS = \
-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS_PROGRAMS),ON,OFF) \
+5 -3
View File
@@ -1,5 +1,7 @@
# Locally calculated after checking pgp signature
sha256 5314b0fb8ad291bfc79ff4c5c321b971916819a65233ec065434358fcf8aee38 mpg123-1.25.2.tar.bz2
# From https://sourceforge.net/projects/mpg123/files/mpg123/1.25.10/
sha1 604784ddbcfe282bffdc595d1d45c677c7cf381f mpg123-1.25.10.tar.bz2
md5 ea32caa61d41d8be797f0b04a1b43ad9 mpg123-1.25.10.tar.bz2
# Locally calculated
sha256 6c1337aee2e4bf993299851c70b7db11faec785303cfca3a5c3eb5f329ba7023 mpg123-1.25.10.tar.bz2
# License file
sha256 f40e0dd86b27b52e429b693a87b3ca63ae0a98a4d142e77207aa6bdf1db7a295 COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
MPG123_VERSION = 1.25.2
MPG123_VERSION = 1.25.10
MPG123_SOURCE = mpg123-$(MPG123_VERSION).tar.bz2
MPG123_SITE = http://downloads.sourceforge.net/project/mpg123/mpg123/$(MPG123_VERSION)
MPG123_CONF_OPTS = --disable-lfs-alias
@@ -0,0 +1,32 @@
From 5eb1838b4d3752fd863d19442943983a2a5ee87c Mon Sep 17 00:00:00 2001
From: Cyrill Gorcunov <gorcunov@gmail.com>
Date: Sat, 10 Feb 2018 00:33:41 +0300
Subject: [PATCH] nasmlib: Drop unused seg_init
The helper has been eliminated in 2c4a4d5810d0a59b033a07876a2648ef5d4c2859
https://bugzilla.nasm.us/show_bug.cgi?id=3392461
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
---
include/nasmlib.h | 2 --
1 file changed, 2 deletions(-)
diff --git a/include/nasmlib.h b/include/nasmlib.h
index 79e866b5..fee1b5ea 100644
--- a/include/nasmlib.h
+++ b/include/nasmlib.h
@@ -188,10 +188,8 @@ int64_t readnum(char *str, bool *error);
int64_t readstrnum(char *str, int length, bool *warn);
/*
- * seg_init: Initialise the segment-number allocator.
* seg_alloc: allocate a hitherto unused segment number.
*/
-void pure_func seg_init(void);
int32_t pure_func seg_alloc(void);
/*
--
2.17.0
+1 -1
View File
@@ -1,3 +1,3 @@
# Locally calculated
sha256 8ac3235f49a6838ff7a8d7ef7c19a4430d0deecc0c2d3e3e237b5e9f53291757 nasm-2.13.02.tar.xz
sha256 812ecfb0dcbc5bd409aaa8f61c7de94c5b8752a7b00c632883d15b2ed6452573 nasm-2.13.03.tar.xz
sha256 1563996c52e220e15ef2418e67d39488255aa8c28c89e617074d3afe3ee329e0 LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
NASM_VERSION = 2.13.02
NASM_VERSION = 2.13.03
NASM_SOURCE = nasm-$(NASM_VERSION).tar.xz
NASM_SITE = http://www.nasm.us/pub/nasm/releasebuilds/$(NASM_VERSION)
NASM_LICENSE = BSD-2-Clause
+6 -8
View File
@@ -22,8 +22,8 @@ elif [ -f /etc/rc.d/init.d/functions ]; then
fi
# Source networking configuration.
if [ -f /etc/sysconfig/network ]; then
. /etc/sysconfig/network
if [ -f /etc/default/network ]; then
. /etc/default/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
@@ -32,10 +32,8 @@ elif [ ! -f /etc/network/interfaces ]; then
exit 0
fi
[ -x /sbin/netplugd ] || exit 0
if [ -f /etc/sysconfig/netplugd ]; then
. /etc/sysconfig/netplugd
if [ -f /etc/default/netplugd ]; then
. /etc/default/netplugd
fi
# See how we were called.
@@ -43,7 +41,7 @@ case "$1" in
start)
# Start daemon.
printf "Starting network plug daemon: "
start-stop-daemon -S -q -p /var/run/netplugd.pid -x /sbin/netplugd ${NETPLUGDARGS}
start-stop-daemon -S -q -x /sbin/netplugd -- -p /var/run/netplugd.pid ${NETPLUGDARGS}
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/netplugd
@@ -51,7 +49,7 @@ case "$1" in
stop)
# Stop daemon.
printf "Shutting down network plug daemon: "
start-stop-daemon -K -n netplugd
start-stop-daemon -K -q -p /var/run/netplugd.pid
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/netplugd
+1 -1
View File
@@ -1,5 +1,5 @@
config BR2_PACKAGE_NETWORK_MANAGER
bool "networkmanager"
bool "network-manager"
depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
depends on !BR2_STATIC_LIBS # gnutls
depends on BR2_USE_MMU # dbus
+1 -1
View File
@@ -11,7 +11,7 @@ config BR2_PACKAGE_NFS_UTILS
help
The NFS Linux kernel server.
http://sourceforge.net/projects/nfs
http://linux-nfs.org/
if BR2_PACKAGE_NFS_UTILS
+23
View File
@@ -24,6 +24,20 @@ NFS_UTILS_CONF_OPTS = \
--with-statedir=/run/nfs \
--with-rpcgen=internal
HOST_NFS_UTILS_CONF_OPTS = \
--disable-nfsv4 \
--disable-nfsv41 \
--disable-gss \
--disable-uuid \
--disable-ipv6 \
--without-tcp-wrappers \
--with-statedir=/run/nfs \
--disable-caps \
--disable-tirpc \
--without-systemd \
--with-rpcgen=internal
HOST_NFS_UTILS_DEPENDENCIES = host-pkgconf host-libtirpc
NFS_UTILS_TARGETS_$(BR2_PACKAGE_NFS_UTILS_RPCDEBUG) += usr/sbin/rpcdebug
NFS_UTILS_TARGETS_$(BR2_PACKAGE_NFS_UTILS_RPC_LOCKD) += usr/sbin/rpc.lockd
NFS_UTILS_TARGETS_$(BR2_PACKAGE_NFS_UTILS_RPC_RQUOTAD) += usr/sbin/rpc.rquotad
@@ -89,4 +103,13 @@ endef
# nfsiostat is interpreted python, so remove it unless it's in the target
NFS_UTILS_POST_INSTALL_TARGET_HOOKS += $(if $(BR2_PACKAGE_PYTHON),,NFS_UTILS_REMOVE_NFSIOSTAT)
define HOST_NFS_UTILS_BUILD_CMDS
$(MAKE) -C $(@D)/tools/rpcgen
endef
define HOST_NFS_UTILS_INSTALL_CMDS
$(INSTALL) -D -m 0755 $(@D)/tools/rpcgen/rpcgen $(HOST_DIR)/bin/rpcgen
endef
$(eval $(autotools-package))
$(eval $(host-autotools-package))
+2 -2
View File
@@ -1,5 +1,5 @@
# From http://nodejs.org/dist/v8.11.1/SHASUMS256.txt
sha256 40a6eb51ea37fafcf0cfb58786b15b99152bec672cccf861c14d1cca0ad4758a node-v8.11.1.tar.xz
# From http://nodejs.org/dist/v8.11.3/SHASUMS256.txt
sha256 577c751fdca91c46c60ffd8352e5b465881373bfdde212c17c3a3c1bd2616ee0 node-v8.11.3.tar.xz
# Hash for license file
sha256 b87be6c1479ed977481115869c2dd8b6d59e5ea55aa09939d6c898242121b2f5 LICENSE

Some files were not shown because too many files have changed in this diff Show More