Bernd Kuhls [Sun, 19 Aug 2018 13:22:17 +0000 (15:22 +0200)]
package/nodejs: security bump version to 8.11.4
Release notes:
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
Fixes CVE-2018-12115, also CVEs were fixed in included OpenSSL code
which do not use for the target build.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 19 Aug 2018 09:25:34 +0000 (11:25 +0200)]
package/ipsec-tools: add security patch to fix CVE-2016-10396
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 19 Aug 2018 06:59:32 +0000 (08:59 +0200)]
linux-headers: bump 4.{4, 9, 14, 17}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 19 Aug 2018 06:59:31 +0000 (08:59 +0200)]
linux: bump default to version 4.17.17
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 18 Aug 2018 22:00:13 +0000 (00:00 +0200)]
package/bind: security bump to version 9.11.4-P1
Fixes CVE-2018-5740: https://ftp.isc.org/isc/bind9/9.11.4-P1/CHANGES
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Fri, 17 Aug 2018 16:06:49 +0000 (18:06 +0200)]
core/pkg-kconfig: allow dependencies before configurators
Some users of kconfig need some packages to be built before their
kconfig infra be used.
For example, the linux kernel, starting with 4.16, needs flex and bison
to generate the parser code. Furthermore, starting with 4.18, it will
also need the cross-compiler before parsing the kconfig stuff, because
that calls the compiler to check its features.
Currently, this is broken, even the flex/bison ones, even though they
are listed, because there is no way to define dependencie that are
guaranteed before the (visual) configurators. For example:
$ make distclean
$ make menuconfig
--> enable the linux kernel, choose a defconfig, save, exit
$ make linux-menuconfig
[...]
HOSTCC scripts/basic/fixdep
HOSTCC scripts/kconfig/conf.o
YACC scripts/kconfig/zconf.tab.c
/bin/sh: bison: command not found
LEX scripts/kconfig/zconf.lex.c
scripts/Makefile.lib:196: recipe for target 'scripts/kconfig/zconf.tab.c' failed
make[3]: *** [scripts/kconfig/zconf.tab.c] Error 127
make[3]: *** Waiting for unfinished jobs....
/bin/sh: flex: command not found
scripts/Makefile.lib:188: recipe for target 'scripts/kconfig/zconf.lex.c' failed
make[3]: *** [scripts/kconfig/zconf.lex.c] Error 127
Makefile:528: recipe for target 'rpc_defconfig' failed
make[2]: *** [rpc_defconfig] Error 2
linux/linux.mk:511: recipe for target '/home/ymorin/dev/buildroot/buildroot/output/build/linux-4.17.11/.config' failed
make[1]: *** [/home/ymorin/dev/buildroot/buildroot/output/build/linux-4.17.11/.config] Error 2
Makefile:79: recipe for target '_all' failed
make: *** [_all] Error 2
So, we introduce a new type of dependencies for kconfig-based packages,
that are guaranteed to be built and installed before the (visual)
configurators are called.
Since those dependencies are phony targets and therefore always out of
date, a normal dependency would cause the .config target to be rebuilt
on each invocation of make. So we use an order-only pre-requisite, like
is done for the patch dependency.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Fri, 17 Aug 2018 16:06:47 +0000 (18:06 +0200)]
linux: explain why we need host-{flex, bison}
The commit that added the dependency on host-{bison,flex} did
so because the pre-generated kconfig parser source files were
removed from the kernel tree, in linux-4.16.
But then, in linux-4.17, the pre-generated dtc parser source
files were in turn removed as well.
So, document the two reasons why they are needed, so we don't
accidentally remove them when we (soon) introduce the kconfig
dependencies.
(Also fix the first assignment to LINUX_DEPENDENCIES to be a
simple assignement, not an append-assignment.)
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 18 Aug 2018 20:10:52 +0000 (22:10 +0200)]
boost: enable back log on powerpc with uclibc
boost-log builds fine with powerpc on uclibc nowadays so enable it back.
By removing this dependency, build failure on azmq is also fixed as this
package is currently selecting boost-log without fulfilling this
dependency
Fixes:
- http://autobuild.buildroot.net/results/
9c373d0b5a1a59e2271d71c480d55a90a67b84cb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 18 Aug 2018 19:47:25 +0000 (21:47 +0200)]
boost: context needs thread without C++11 mutex
Extract from output/build/boost-1.67.0/libs/context/build/Jamfile.v2:
explicit cxx11_hdr_mutex_check ;
local cxx11_mutex = [ check-target-builds
cxx11_hdr_mutex_check "C++11 mutex"
:
: <library>/boost/thread//boost_thread
] ;
So select boost_thread if gcc <= 4.7
Fixes:
- http://autobuild.buildroot.net/results/
fb046c04fe18bec973d120e4ab33971f32ba5769
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 18 Aug 2018 15:27:07 +0000 (17:27 +0200)]
package/mariadb: security bump to version 10.1.35
Fixes CVE-2018-3064, CVE-2018-3063, CVE-2018-3058 & CVE-2018-3066:
https://mariadb.com/kb/en/library/mariadb-10135-release-notes/
Added all hashes provided by upstream.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sat, 18 Aug 2018 19:31:40 +0000 (21:31 +0200)]
libselinux: use correct name and content for patch 0004
Commit
6288409642d8368104f916bd264d2cb042942dfa ("libselinux: add
patch to fix build with gcc < 4.7") introduced a patch, but its file
name was incorrect, so it was never applied. In addition, the patch
was generated against the Git repository of SELinux, which includes
all projects, and therefore it doesn't apply to the libselinux source
code extracted from the tarball: the "libselinux/" component path
needs to be removed from the patch.
This commit fixes both problems, which should finally and really fix:
http://autobuild.buildroot.net/results/
c3272566bb808e43bb77ec59cfe596f7e0fe9a64/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Fri, 17 Aug 2018 22:10:14 +0000 (00:10 +0200)]
boost: thread needs atomic if GCC hasn't lock-free
When gcc has not always lock-free atomic ints:
- lockfree boost::atomic_flag : no
boost thread needs boost atomic:
output/host/usr/bin/nios2-linux-readelf -d output/staging/usr/lib/libboost_thread.so
Dynamic section at offset 0x2cee0 contains 32 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libboost_system.so.1.67.0]
0x00000001 (NEEDED) Shared library: [libboost_atomic.so.1.67.0]
Fixes:
- http://autobuild.buildroot.net/results/
5a7db292f1365f27e32695527701d5b827f60092
- http://autobuild.buildroot.net/results/
413dff87f5329d3c5180167a8711cdedea5dec67
- http://autobuild.buildroot.net/results/
a7eb4cbcdbd9412c344f45336dec58c82e84dab9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Fri, 17 Aug 2018 22:10:13 +0000 (00:10 +0200)]
toolchain: add BR2_TOOLCHAIN_SUPPORTS_ALWAYS_LOCKFREE_ATOMIC_INTS hidden option
Add BR2_TOOLCHAIN_SUPPORTS_ALWAYS_LOCKFREE_ATOMIC_INTS variable and
use it in BR2_TOOLCHAIN_HAS_GCC_BUG_64735.
This new variable will be used to select boost atomic when lock-free
atomic ints are not available
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 18 Aug 2018 08:08:01 +0000 (10:08 +0200)]
package/samba4: Fix uClibc build on 64bit platforms by including stdint.h
Patch needed to be updated for samba-4.8.4
Fixes
http://autobuild.buildroot.net/results/140/
1404a594583ff192d70086ef590f924472465c89/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 18 Aug 2018 09:09:33 +0000 (11:09 +0200)]
package/php: security bump to version 7.2.9
Version 7.2.8 fixed CVE-2018-12882, CVE-2018-14883 & CVE-2018-14851:
http://www.php.net/ChangeLog-7.php#7.2.8
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 18 Aug 2018 09:09:50 +0000 (11:09 +0200)]
package/x11r7/xdriver_xf86-video-ati: fix glamor dependency
Glamor support needs egl, fix dependency after
https://git.buildroot.net/buildroot/commit/?id=
5b4bcbdafbe8e7b42d4e085a0524d70665cdbaf5
Fixes
http://autobuild.buildroot.net/results/6ac/
6acd5ad820a47fc3442d3e3a5d8d72b396fb6e41/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Fri, 17 Aug 2018 15:44:18 +0000 (17:44 +0200)]
ruby: security bump to version 2.4.4
Fixes the following security issues:
CVE-2017-17405: Command injection vulnerability in Net::FTP (2.4.3):
https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/
CVE-2017-17742: HTTP response splitting in WEBrick (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
CVE-2018-8777: DoS by large request in WEBrick (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
CVE-2018-8778: Buffer under-read in String#unpack (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
(2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
Multiple vulnerabilities in RubyGems (2.4.4):
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Flax [Thu, 16 Aug 2018 22:16:20 +0000 (08:16 +1000)]
eigen: Fix pkg-config file prefix error
eigen generates a pkg-config file which has a broken prefix
(@CMAKE_INSTALL_PREFIX@). This broken prefix causes an incorrect path when
other packages call pkg-config --cflags eigen.
This patch fixes the prefix in the generated eigen pc file, so projects
which depend on this pc file can now correctly find the eigen include
directory at build time.
Also correct the Cflags output to use the runtime prefix instead of the
build time STAGING_DIR, like we do elsewhere.
[Peter: drop backslashes, tweak commit message]
Signed-off-by: Matt Flax <flatmax@flatmax.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 17 Aug 2018 14:47:36 +0000 (16:47 +0200)]
python-django: security bump to version 1.11.15
Bump to the latest release of the 1.11.x LTS series as 1.10.x is no longer
supported upstream:
https://www.djangoproject.com/download/
Fixes the following security issues:
- CVE-2017-12794: Possible XSS in traceback section of technical 500 debug
page (1.11.5)
- CVE-2018-6188: Information leakage in AuthenticationForm (1.11.10)
- CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc
template filters (1.11.11)
- CVE-2018-7537: Denial-of-service possibility in truncatechars_html and
truncatewords_html template filters (1.11.11)
- CVE-2018-14574: Open redirect possibility in CommonMiddleware (1.11.15)
Also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Fri, 17 Aug 2018 12:38:03 +0000 (14:38 +0200)]
package/m4: fix build on host with glibc-2.28
glibc-2.28 did quite some lifting in their headers, which breaks the
way some packages were detecting glibc, like gnulib.
However, packages do bundle gnulib (it was meant to be bundled),
and so does m4.
Since m4 hasn't seen the slightest commit since 2017-01-09, it is
bundling an old gnulib version, that predates glibc-2.28, and thus
breaks. It also means that upstream hasn't already fixed the issue.
Furthermore, as upstream is using a git submodule for gnulib, and
that the paths are not the same in the release tarball (in lib/)
and in the git tree (in gnulib/), we can't do a plain backport.
So, we selectively backport the two patches from gnulib upstream,
restricted to only the files that happen to be used in m4.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reported-by: c32 on IRC
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Fri, 17 Aug 2018 09:43:15 +0000 (12:43 +0300)]
dahdi-tools: unify dependencies comments
The threads dependency comment is currently shown even though the
toolchain supports threads, only because kernel build is disabled.
Merge the kernel and threads comments. This is similar to what we have
in other packages that need the kernel.
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Fri, 17 Aug 2018 09:35:44 +0000 (12:35 +0300)]
dbus: bump to version 1.2.10
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Wed, 15 Aug 2018 12:14:09 +0000 (15:14 +0300)]
cryptsetup: fix build with pre C11 toolchains
Add a patch removing a redefined typedef. Redefinition of typedef, even
to the same type, used to be illegal before C11.
Fixes:
http://autobuild.buildroot.net/results/93b/
93b300a62f2ddbad66eab08e25fc3225969f224b/
http://autobuild.buildroot.net/results/6c6/
6c6092d633400498ee5b8090733a949a9632e473/
http://autobuild.buildroot.net/results/f46/
f46ef6123b5fa92753ff534b4ef7bea3f53ac388/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Tested-by: Hollis Blanchard <hollis_blanchard@mentor.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 17 Aug 2018 07:01:21 +0000 (09:01 +0200)]
libfuse: security bump to version 2.9.8
Fixes CVE-2018-10906 - In fuse before versions 2.9.8 and 3.x before 3.2.5,
fusermount is vulnerable to a restriction bypass when SELinux is active.
This allows non-root users to mount a FUSE file system with the
'allow_other' mount option regardless of whether 'user_allow_other' is set
in the fuse configuration. An attacker may use this flaw to mount a FUSE
file system, accessible by other users, and trick them into accessing files
on that file system, possibly causing Denial of Service or other unspecified
effects.
And additionally:
- libfuse no longer segfaults when fuse_interrupted() is called outside the
event loop.
- The fusermount binary has been hardened in several ways to reduce
potential attack surface. Most importantly, mountpoints and mount options
must now match a hard-coded whitelist. It is expected that this whitelist
covers all regular use-cases.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 22:16:01 +0000 (00:16 +0200)]
orangepi_zero_defconfig: bump linux to 4.17.15 to include latest fixes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 22:16:00 +0000 (00:16 +0200)]
orangepi_zero_defconfig: bump u-boot to 2018.07 to fix build issue
u-boot 2018.01 now fails to build with the following error:
CC arch/arm/lib/asm-offsets.s
In file included from /builds/buildroot.org/buildroot/output/host/include/libfdt.h:54:0,
from /builds/buildroot.org/buildroot/output/build/uboot-2018.01/scripts/dtc/libfdt/fdt.c:54:
/builds/buildroot.org/buildroot/output/host/include/libfdt_env.h:82:24: error: redefinition of 'fdt16_to_cpu'
static inline uint16_t fdt16_to_cpu(fdt16_t x)
^~~~~~~~~~~~
In file included from /builds/buildroot.org/buildroot/output/build/uboot-2018.01/scripts/dtc/libfdt/fdt.c:51:0:
/builds/buildroot.org/buildroot/output/build/uboot-2018.01/scripts/dtc/libfdt/libfdt_env.h:81:24: note: previous definition of 'fdt16_to_cpu' was here
static inline uint16_t fdt16_to_cpu(fdt16_t x)
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314891
Fix it by bumping the u-boot version to 2018.07.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 21:31:51 +0000 (23:31 +0200)]
orangepi_pc_defconfig: bump linux to 4.17.15 to include latest fixes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 21:31:50 +0000 (23:31 +0200)]
orangepi_pc_defconfig: bump u-boot to 2018.07 to fix build issue
u-boot 2018.05 now fails to build with the following error:
HOSTCC scripts/dtc/flattree.o
In file included from /builds/buildroot.org/buildroot/output/host/include/libfdt.h:54:0,
from /builds/buildroot.org/buildroot/output/build/uboot-2018.05/scripts/dtc/libfdt/fdt.c:54:
/builds/buildroot.org/buildroot/output/host/include/libfdt_env.h:82:24: error: redefinition of 'fdt16_to_cpu'
static inline uint16_t fdt16_to_cpu(fdt16_t x)
^~~~~~~~~~~~
In file included from /builds/buildroot.org/buildroot/output/build/uboot-2018.05/scripts/dtc/libfdt/fdt.c:51:0:
/builds/buildroot.org/buildroot/output/build/uboot-2018.05/scripts/dtc/libfdt/libfdt_env.h:81:24: note: previous definition of 'fdt16_to_cpu' was here
static inline uint16_t fdt16_to_cpu(fdt16_t x)
^~~~~~~~~~~~
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314886
Fix it by bumping the u-boot version to 2018.07.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 16 Aug 2018 20:45:23 +0000 (22:45 +0200)]
linux: replace shell for loop with make foreach loop
This commit replaces the loop copying out-of-tree DTS into the kernel
tree by a make foreach loop instead of a shell for loop. This allows
to error out if one of the DTS file cannot be copied (for example if
it doesn't exist).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 20:11:39 +0000 (22:11 +0200)]
sheevaplug: add a basic readme
Describing how to update the board.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 20:11:38 +0000 (22:11 +0200)]
sheevaplug_defconfig: bump linux to 4.14.63 to include latest fixes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 20:11:37 +0000 (22:11 +0200)]
sheevaplug_defconfig: bump u-boot to 2018.07 to fix build issue
u-boot 2016.05 no longer builds with the default gcc/binutils versions:
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314946
LD u-boot
fs/built-in.o: In function `read_symbol':
/builds/buildroot.org/buildroot/output/build/uboot-2016.05/fs/jffs2/mini_inflate.c:129: undefined reference to `pull_bit'
fs/built-in.o: In function `decompress_huffman':
/builds/buildroot.org/buildroot/output/build/uboot-2016.05/fs/jffs2/mini_inflate.c:159: undefined reference to `pull_bits'
/builds/buildroot.org/buildroot/output/build/uboot-2016.05/fs/jffs2/mini_inflate.c:170: undefined reference to `pull_bits'
..
/builds/buildroot.org/buildroot/output/host/bin/arm-buildroot-linux-uclibcgnueabi-ld.bfd: BFD (GNU Binutils) 2.29.1 assertion fail elf32-arm.c:9509
Makefile:1192: recipe for target 'u-boot' failed
make[1]: *** [u-boot] Error 1
make[1]: Leaving directory '/builds/buildroot.org/buildroot/output/build/uboot-2016.05'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 17 Aug 2018 05:32:07 +0000 (07:32 +0200)]
package/libopenssl: security bump to version 1.0.2p
Fixes CVE-2018-0732 & CVE-2018-0737:
https://www.openssl.org/news/vulnerabilities.html
Added upstream sha1 hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Wed, 15 Aug 2018 20:17:21 +0000 (22:17 +0200)]
linux: bump default to version 4.17.15
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Wed, 15 Aug 2018 20:17:20 +0000 (22:17 +0200)]
linux-headers: bump 4.{4, 9, 14, 17}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 16 Aug 2018 18:30:31 +0000 (20:30 +0200)]
boost: put back chrono select for coroutine
coroutine module does use chrono directly:
./libs/coroutine/performance/asymmetric/segmented/Jamfile.v2: <library>/boost/chrono//boost_chrono
./libs/coroutine/performance/asymmetric/Jamfile.v2: <library>/boost/chrono//boost_chrono
./libs/coroutine/performance/symmetric/segmented/Jamfile.v2: <library>/boost/chrono//boost_chrono
./libs/coroutine/performance/symmetric/Jamfile.v2: <library>/boost/chrono//boost_chrono
So put back select of chrono for coroutine
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Thu, 16 Aug 2018 09:42:18 +0000 (11:42 +0200)]
libselinux: add patch to fix build with gcc < 4.7
This commit adds a patch from Hollis Blanchard on libselinux to fix
build on host machines that have gcc < 4.7.
Fixes:
http://autobuild.buildroot.net/results/
a82bb0c0b22ff24263ad7a7d165b21c0df7b3b1d/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Tue, 14 Aug 2018 04:24:51 +0000 (07:24 +0300)]
bzip2: change upstream site
The bzip.org website is down. Use the Buildroot backup download site.
Remove the website link as there is no clear alternative upstream at
this point.
https://lwn.net/Articles/762264/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 14 Aug 2018 20:34:20 +0000 (22:34 +0200)]
boost: thread needs chrono
chrono is selected by thread (see libs/thread/build/Jamfile.v2):
rule usage-requirements ( properties * )
{
[...]
result += <library>/boost/chrono//boost_chrono ;
}
So add this select for BR2_PACKAGE_BOOST_THREAD and remove it from
BR2_PACKAGE_BOOST_COROUTINE, BR2_PACKAGE_BOOST_LOG,
BR2_PACKAGE_TYPE_ERASURE and BR2_PACKAGE_BOOST_WAVE
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 14 Aug 2018 20:34:19 +0000 (22:34 +0200)]
boost: locale needs thread with icu
output/host/usr/bin/nios2-linux-readelf -d output/staging/usr/lib/libboost_locale.so
Dynamic section at offset 0x125ec0 contains 36 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libboost_chrono.so.1.67.0]
0x00000001 (NEEDED) Shared library: [libboost_thread.so.1.67.0]
0x00000001 (NEEDED) Shared library: [libboost_system.so.1.67.0]
0x00000001 (NEEDED) Shared library: [librt.so.1]
0x00000001 (NEEDED) Shared library: [libicudata.so.60]
0x00000001 (NEEDED) Shared library: [libicui18n.so.60]
0x00000001 (NEEDED) Shared library: [libicuuc.so.60]
Fixes:
- http://autobuild.buildroot.net/results/
57838f7cd84f37b66ab7007deaea847af8f54b72
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 14 Aug 2018 20:16:08 +0000 (22:16 +0200)]
domoticz: fix appversion.default
Retrieve correct appversion.default (9700) from upstream
Without this patch, the wrong version is displayed in the web ui and
when the user checks for an update, domoticz wrongly says that a new
version is available
This issue was reported by an email from Eyal Eshed <eeshed@coldroll.ca>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Wed, 15 Aug 2018 05:23:00 +0000 (07:23 +0200)]
package/samba4: security bump to version 4.8.4
Release notes: https://www.samba.org/samba/history/samba-4.8.4.html
Fixes
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mirza Krak [Wed, 15 Aug 2018 07:16:09 +0000 (09:16 +0200)]
package/pkg-golang: post-pone evaluation of variables
As explained in pkg-generic.mk, all variable references inside the
inner-xxx-package should use $$(...). Otherwise, they are evaluated
too early, and will not contain the expected value. In the content of
the pkg-golang infrastructure, the <pkg>_SRC_DOMAIN, <pkg>_SRC_VENDOR
and <pkg>_SRC_SOFTWARE variables were not properly escaping their
reference to the $$($(2)_SITE) variable.
This was not visible until now, as only target Go packages were
supported, where $(2)_SITE was always defined prior to this macro
being expanded. With the upcoming support of host Go packages, we need
to fix this, as $(2)_SITE may be defined later, inherited from
$(3)_SITE.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
[Thomas: rework commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Tue, 14 Aug 2018 21:13:09 +0000 (23:13 +0200)]
qt5serialbus: examples need qt5 widgets module
Fixes [1]:
make[2]: Entering directory '.../build/qt5serialbus-5.11.1/examples'
Some of the required modules (qtHaveModule(widgets)) are not available.
Skipped.
[...]
cp -dpfr .../host/mips64el-buildroot-linux-gnu/sysroot/usr/lib/qt/examples/serialbus .../target/usr/lib/qt/examples/
cp: cannot stat '.../host/mips64el-buildroot-linux-gnu/sysroot/usr/lib/qt/examples/serialbus': No such file or directory
[1] http://autobuild.buildroot.net/results/
147809b5f8758af935bee48c0fc83fd86a8509e9
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Marcin Niestroj [Thu, 26 Jul 2018 17:15:23 +0000 (19:15 +0200)]
package/lvm2: Fix runtime crash when using uclibc
When using uclibc libdevmapper.so was calling dm_task_get_info_base()
function recursively, leading to segmentation fault. This was
happening because uclibc linker loader just takes first existing
'dm_task_get_info' (which is 'dm_task_get_info_base') symbol in elf
binary, instead of default version.
Add upstreamable lvm2 patch [1], which introduces
--enable-symvers[=STYLE] switch. Use that switch to disable symbol
versions, as we do not plan to support binaries compiled against
old libdevmapper library.
Fixes bug #10781.
[1] https://www.redhat.com/archives/dm-devel/2018-July/msg00187.html
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Laurent Hartanerot [Mon, 30 Jul 2018 10:24:16 +0000 (12:24 +0200)]
lighttpd: Add systemd tmpfile to fix lighttpd systemd boot
Problem starting lighttpd application with systemd.
/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
2018-06-22 11:21:34: (server.c.733) opening errorlog '/var/log/lighttpd-error.log' failed: Permission denied
2018-06-22 11:21:34: (server.c.1420) Opening errorlog failed. Going down.
Lighttpd can not write the 'lighttpd-access.log' and 'lighttpd-error.log' files
to the directory '/var/log/'.
When using systemd the directory '/var/log' does not allow the user www-data to
write.
To correct the problem, we add /usr/lib/tmpfiles.d/lighttpd.conf.
This file create the 'lighttpd-access.log' and 'lighttpd-error.log' files with
the permission
Signed-off-by: Laurent Hartanerot <laurent.hartanerot@atos.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Tue, 14 Aug 2018 13:38:32 +0000 (08:38 -0500)]
package/aircrack-ng: powerpc arch requires altivec
The powerpc support in this package currently requires an arch with
altivec accelerator support. This is a bug and the the powerpc arch
should have a non-simd option like ARM/x86.
Upstream issue: https://github.com/aircrack-ng/aircrack-ng/issues/1941
Fixes
http://autobuild.buildroot.net/results/
87e82a5e8d0b1c1ff10ec3e59d25bcd56b329075
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Mon, 13 Aug 2018 18:39:49 +0000 (20:39 +0200)]
qt5base: fix double-conversion compile for aarch64_be
Fixes [1]:
../3rdparty/double-conversion/include/double-conversion/utils.h:81:2: error: #error Target architecture was not detected as supported by Double-Conversion.
#error Target architecture was not detected as supported by Double-Conversion.
[1] http://autobuild.buildroot.net/results/
1fe2be0f26e5b92db57a5cfb5646dd253b731a5c
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 12 Aug 2018 14:53:31 +0000 (16:53 +0200)]
configs/arm_juno: bump ATF to v1.3
ATF in version 1.2 fails to build with:
./build/juno/release/bl1/context_mgmt.o: In function `cm_prepare_el3_exit':
context_mgmt.c:(.text.cm_prepare_el3_exit+0x54): undefined reference to `cm_set_next_context'
context_mgmt.c:(.text.cm_prepare_el3_exit+0x54): relocation truncated to fit: R_AARCH64_JUMP26 against undefined symbol `cm_set_next_context'
This has been fixed in ATF v1.3. Even though there are even newer
versions of ATF available, we take a conservative approach, and bump
to the first version that has the build issue fixed.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314771
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 12 Aug 2018 14:29:15 +0000 (16:29 +0200)]
board/technologic/ts7680: fix bogus size in genimage.cfg
512B is not a correct size to express "512 bytes", and causes a
genimage failure:
ERROR: Invalid size suffix 'B' in '512B'
To express "512 bytes", using just "512" is sufficient. With this
commit, genimage works fine, and we indeed have a 512 bytes unused
partition:
$ fdisk -l output/images/sdcard.img
Disk output/images/sdcard.img: 60 MiB,
62915584 bytes, 122882 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x00000000
Device Boot Start End Sectors Size Id Type
output/images/sdcard.img1 1 1 1 512B 0 Empty
output/images/sdcard.img2 2 524289 524288 256M 83 Linux
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314963
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 12 Aug 2018 14:18:51 +0000 (16:18 +0200)]
configs: add missing dependencies of Linux on host-openssl
Four defconfigs have Linux kernel configuration that need OpenSSL on
the host, but forgot to express this dependency, causing build
failures. This commit adjusts those defconfigs, fixing the following
defconfig builds:
imx6ulpico_defconfig
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314839
imx7dpico_defconfig
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314841
mx51evk_defconfig
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314847
orangepi_lite_defconfig
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314883
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 12 Aug 2018 14:13:22 +0000 (16:13 +0200)]
configs/snps_archs38_vdk: use post-build script instead of overlay
In commit
2cdfa6c84951b25e805d329cb7bae833d333538f ("synopsys/axs10x:
Update /etc/inittab by post-build"), two Synopsys platforms were
changed to use a post-build script adding an extra getty in the
inittab instead of a rootfs overlay containing a custom
inittab. However, in this commit, configs/snps_archs38_vdk_defconfig
was not changed, even though it was using the same rootfs overlay.
This commit therefore adjusts configs/snps_archs38_vdk_defconfig to
also use the newly introduced post-build script, fixing the build of
configs/snps_archs38_vdk_defconfig.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314952
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 12 Aug 2018 14:09:28 +0000 (16:09 +0200)]
configs/raspberrypi2: increase ext4 filesystem size
The default size of the ext4 filesystem is no longer sufficient to
hold all the kernel modules built by the RPi Linux kernel
configuration. Let's increase to 120 MB, like we did for
raspberrypi3_defconfig.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314938
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 12 Aug 2018 07:45:20 +0000 (09:45 +0200)]
ncmpc: fix build with some old toolchains
With some "old" toolchains (glibc, uclibc in version 4.9.4, 5.3, 5.4,
5.5 ...), the following error is raised by the compiler:
../src/screen.cxx:60:29: required from here
/usr/lfs/v0/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/mips-linux-gnu/include/c++/5.3.0/ext/new_allocator.h:120:4:
error: no matching function for call to 'std::pair<const screen_functions* const, std::unique_ptr<Page> >::pair(const screen_functions*, Page*)'
[...]
/usr/lfs/v0/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/mips-linux-gnu/include/c++/5.3.0/bits/stl_pair.h:112:26:
note: candidate: constexpr std::pair<_T1, _T2>::pair(const _T1&, const _T2&) [with _T1 = const screen_functions* const; _T2 = std::unique_ptr<Page>]
_GLIBCXX_CONSTEXPR pair(const _T1& __a, const _T2& __b)
^
/usr/lfs/v0/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/mips-linux-gnu/include/c++/5.3.0/bits/stl_pair.h:112:26:
note: no known conversion for argument 2 from 'Page*' to 'const std::unique_ptr<Page>&'
This is due to the fact that init function of screen_functions
structure returns Page* but PageMap wants a std::unique_ptr<Page>
To fix this, cast raw pointer into a unique_ptr with an explicit cast
Fixes:
- http://autobuild.buildroot.net/results/
d8a7339d8bdd5cdc6bd1716585d4bcf15a2e8015
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Fri, 10 Aug 2018 21:46:32 +0000 (23:46 +0200)]
mesa3d-headers: fix logic to generate the dri.pc file
As noted by Arnout in [1], the logic in mesa3d-headers.mk generates a
bogus dri.pc file, which looks like this:
prefix=/usr
exec_prefix=/usr
libdir=/lib
includedir=/include
dridriverdir=/dri
Indeed, the ${...} are expanded as shell variables when the sed
command is executed, while the intention is that those ${...} should
go in the .pc file. By escaping those using $${...}, we get the
expected .pc file:
prefix=/usr
exec_prefix=/usr
libdir=${exec_prefix}/lib
includedir=${prefix}/include
dridriverdir=${libdir}/dri
This was detected by the not yet committed check-package improvement
from Ricardo that detects bogus ${...} usage to reference make
variables.
[1] http://lists.busybox.net/pipermail/buildroot/2018-July/225402.html
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 11 Aug 2018 08:48:55 +0000 (10:48 +0200)]
package/vlc: needs speexdsp for optional speex support
Fixes configure warning:
checking for SPEEX... yes
checking for SPEEXDSP... no
configure: WARNING: Package speexdsp was not found in the pkg-config search path.
Perhaps you should add the directory containing `speexdsp.pc'
to the PKG_CONFIG_PATH environment variable
Package 'speexdsp', required by 'world', not found.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 11 Aug 2018 08:06:47 +0000 (10:06 +0200)]
package/vlc: Remove warning from Config.in
Four years ago this warning was added to this package
https://git.buildroot.net/buildroot/commit/package/vlc?id=
e33019aaa0409e35b725dddffe09e3e2a42959d1
due to "autobuilder failures for vlc on many platforms".
The last autobuilder failure occured May 1st, 2018 and was fixed by
https://git.buildroot.net/buildroot/commit/package/vlc?id=
9f115bfc2ac798c737d0c2a8ec8c96670e814a49
Therefore this warning is not needed anymore.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
David Owens [Fri, 20 Jul 2018 12:30:07 +0000 (07:30 -0500)]
mtd: backport upstream bug fix
A regression in the mtd package prevents non-consecutive ubi volume
IDs from working properly. This change backported from upstream
reverts the commit [0]. The issue was originally described on the mtd
mailing list:
http://lists.infradead.org/pipermail/linux-mtd/2018-June/081562.html
[0] http://git.infradead.org/mtd-utils.git/commitdiff/
dede98ffb706676309488d7cc660f569548d5930
Signed-off-by: David Owens <david.owens@rockwellcollins.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Thu, 9 Aug 2018 22:12:19 +0000 (00:12 +0200)]
busybox: bump version to 1.29.2
Includes fixes for fdisk (compat fixes, allow 2TB+ sizes), gzip
(FEATURE_GZIP_LEVELS was producing badly-compressed .gz), hexedit (segfault
fix).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Fri, 10 Aug 2018 05:37:21 +0000 (08:37 +0300)]
uboot-tools: force host CFLAGS
U-Boot now adds -std=gnu11 when building its build utilities, like
fixdep. This option is only supported since gcc version 4.7.
https://gcc.gnu.org/gcc-4.7/changes.html
Force usage of Buildroot HOST_CFLAGS, like we do already for
host-uboot-tools, to avoid the -std=gnu11 option.
Fixes:
http://autobuild.buildroot.net/results/ea0/
ea09b614a3c10d494939d9551c0c3bfca4626ece/
http://autobuild.buildroot.net/results/f8e/
f8efd9af4d86c51fe4f5afe44db9abf9adc5718f/
http://autobuild.buildroot.net/results/c0a/
c0ab35c3cb46f84863fe20c0ee92ecc2379578b6/
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ricardo Martincoski [Mon, 6 Aug 2018 03:17:15 +0000 (00:17 -0300)]
support/testing: add test for file capabilities
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ricardo Martincoski [Mon, 6 Aug 2018 03:17:14 +0000 (00:17 -0300)]
makedevs: allow leading whitespace for capabilities
Currently makedevs silently ignores extended attributes with leading
whitespace, for example those added to a <PACKAGE>_PERMISSIONS following
the recommended style from check-package.
Makedevs already ignores leading whitespace for normal entries (file
permission changes and device files creation). Do the same for extended
attributes.
Fixes: #11191.
Reported-by: Jean-pierre Cartal <jpcartal@free.fr>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 9 Aug 2018 14:57:22 +0000 (16:57 +0200)]
ncurses: disable terminfo database install for host-ncurses
Since commit
b35ad5d0b45e (ncurses: make host-ncurses use host terminfo), we
are now pointing host-ncurses to the host terminfo (typically) located in
/usr/share/terminfo.
With this change we are reusing the existing host terminfo database, so
there is no point in trying to install our own on top. The user running
buildroot typically will have no write access to /usr/share/terminfo, but
tic in that case falls back to writing the database to $HOME/.terminfo.
Neither of which are desirable.
In case $HOME/.terminfo also isn't writable, tic fails, breaking the install
step for host-ncurses:
** Building terminfo database, please wait...
Running sh ./shlib tic to install /usr/share/terminfo ...
You may see messages regarding extended capabilities, e.g., AX.
These are extended terminal capabilities which are compiled
using
tic -x
If you have ncurses 4.2 applications, you should read the INSTALL
document, and install the terminfo without the -x option.
"terminfo.tmp", line 21272, terminal 'v3220': /home/peko/.terminfo: permission denied (errno 30)
To fix all of this, simply disable the terminfo database install.
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Hollis Blanchard <hollis_blanchard@mentor.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Thu, 9 Aug 2018 15:57:28 +0000 (17:57 +0200)]
chrony: backport upstream patch to fix blocking on getrandom() at startup with recent kernels
chrony calls getrandom() at startup if available, so it needs a workaround
for the blocking behaviour on recent (4.14.39+), similar to what was done
for util-linux in commit
c4d86707cd6 (util-linux: add two upstream patches
to fix blocking on getrandom() with recent kernels).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Thu, 9 Aug 2018 19:53:55 +0000 (21:53 +0200)]
package/waylandpp: fix build error with gcc 4.4/4.9
Fixes
http://autobuild.buildroot.net/results/51a/
51afcd6d3c3c4839d8216b7b0dba35c8e38211f4/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Thu, 9 Aug 2018 19:40:47 +0000 (21:40 +0200)]
linux: bump default to version 4.17.14
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Thu, 9 Aug 2018 19:40:46 +0000 (21:40 +0200)]
linux-headers: bump 4.{4, 9, 14, 17}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Wed, 8 Aug 2018 18:14:47 +0000 (20:14 +0200)]
package/wpa_supplicant: add upstream security fix
Fixes CVE-2018-14526:
http://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
Added license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Tue, 7 Aug 2018 20:37:36 +0000 (22:37 +0200)]
package/x11r7/xserver_xorg-server: bump version to 1.20.1
Release notes for this bugfix release:
https://lists.x.org/archives/xorg-announce/2018-August/002912.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
André Hentschel [Wed, 8 Aug 2018 20:40:05 +0000 (22:40 +0200)]
wireshark: bump version to 2.2.16 (security)
Security fixes since 2.2.15:
- wnpa-sec-2018-06
RPKI-Router infinite loop. Bug 14414. CVE-2018-7325.
- wnpa-sec-2018-34
BGP dissector large loop. Bug 13741. CVE-2018-14342.
- wnpa-sec-2018-35
ISMP dissector crash. Bug 14672. CVE-2018-14344.
- wnpa-sec-2018-36
Multiple dissectors could crash. Bug 14675. CVE-2018-14340.
- wnpa-sec-2018-37
ASN.1 BER dissector crash. Bug 14682. CVE-2018-14343.
- wnpa-sec-2018-38
MMSE dissector infinite loop. Bug 14738. CVE-2018-14339.
- wnpa-sec-2018-39
DICOM dissector crash. Bug 14742. CVE-2018-14341.
- wnpa-sec-2018-40
Bazaar dissector infinite loop. Bug 14841.
- wnpa-sec-2018-41
HTTP2 dissector crash. Bug 14869.
Full release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.16.html
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Wed, 8 Aug 2018 18:41:55 +0000 (20:41 +0200)]
package/samba4: disable build of manpages and documentation
Fixes
http://autobuild.buildroot.net/results/
3f214cbb1fe2dc2c2cbfb630032e13eba81c1b5a/
and many others
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: reformat patch as Git formatted]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Thu, 9 Aug 2018 08:06:19 +0000 (10:06 +0200)]
package/samba4: drop patch numbering in patch 0003
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Thu, 9 Aug 2018 08:05:38 +0000 (10:05 +0200)]
package/samba4: reformat patch 0002 as Git-formatted patch
This commit reformats
0002-patch-source3__libads__kerberos_keytab.c.patch as a Git-formatted
patch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Alexey Brodkin [Tue, 7 Aug 2018 17:33:59 +0000 (20:33 +0300)]
uclibc: ldso/arc: fix LD_DEBUG segv when printing R_ARC_NONE
Dynamic linker used to segfault on attempt to print info
about R_ARC_NONE reloaction.
The fix is already in upstream master [1],
should be removed on uClibc version bump.
[1] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=
269a2a2a0f863e1b43dc02f2f4f0f3c50299456e
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 7 Aug 2018 11:04:48 +0000 (14:04 +0300)]
cryptsetup: fix build with old host kernel headers
By default cryptsetup configure fails when the if_alg.h kernel header is
not available. Kernels older than 2.6.38, like the one in RHEL 6 hosts,
do not provide this header. Since we don't need the kernel crypto
feature for host tools, just disable this feature to allow successful
completion of the configure script.
While at it, fix a typo in the --with-crypto_backend option (hyphen ->
underscore).
Should fix:
http://autobuild.buildroot.net/results/ffd/
ffda2579b215b53161025b7bc703091cb30ef95d/
http://autobuild.buildroot.net/results/c48/
c48015f76b13fec38f650f66824e7b986eb28572/
http://autobuild.buildroot.net/results/be6/
be621f71bf9da8719bf7fc943eccc9b4dc2cc43e/
Cc: Martin Hicks <mort@bork.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 7 Aug 2018 08:12:28 +0000 (10:12 +0200)]
boot-wrapper-aarch64: use SPDX identifier for 3 clause BSD
Use the correct SPDX identifier for the 3 clause BSD license, like we do
elsewhere.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Angelo Compagnucci [Tue, 7 Aug 2018 06:53:53 +0000 (08:53 +0200)]
linux: bump CIP to version v4.4.138-cip25
This patch bumps the CIP Linux kernel to version v4.4.138-cip25
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 7 Aug 2018 06:03:58 +0000 (08:03 +0200)]
linux: bump default to version 4.17.13
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 7 Aug 2018 06:03:57 +0000 (08:03 +0200)]
linux-headers: bump 4.{4, 9, 14, 17}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 7 Aug 2018 05:33:20 +0000 (08:33 +0300)]
libgit2: security bump to version 0.27.4
Fixes CVE-2018-10887 and CVE-2018-10888: out-of-bounds reads when
reading objects from a packfile.
Also fixes out-of-bounds reads when processing smart-protocol "ng"
packets (no known CVE yet).
Drop upstream patch.
Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-By: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 7 Aug 2018 14:55:22 +0000 (17:55 +0300)]
libarchive: add upstream security patches
Add patches for the following security issues:
CVE-2017-14501 - An out-of-bounds read flaw exists in parse_file_info in
archive_read_support_format_iso9660.c when extracting a specially
crafted iso9660 iso file.
CVE-2017-14502 - Off-by-one error for UTF-16 names in RAR archives,
leading to an out-of-bounds read in archive_read_format_rar_read_header.
CVE-2017-14503 - Out-of-bounds read within lha_read_data_none() in
archive_read_support_format_lha.c when extracting a specially crafted
lha archive.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 8 Aug 2018 14:17:52 +0000 (16:17 +0200)]
CHANGES: add 2018.08-rc1 release date
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Angelo Compagnucci [Sun, 5 Aug 2018 14:05:03 +0000 (16:05 +0200)]
package/mono: remove target mips architecture
Current version of mono doesn't compile on mips due to a bug, so
disabling the mips target architecture until the bug is fixed upstream.
Fixes: http://autobuild.buildroot.net/results/b402af8cb7f00dc2e69c219926b474a8e0c8d372
and many others.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 5 Aug 2018 14:09:43 +0000 (16:09 +0200)]
docs/website: update news.html with 2018.08-rc1 announcement link
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 5 Aug 2018 13:40:05 +0000 (15:40 +0200)]
Update for 2018.08-rc1
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 5 Aug 2018 13:29:56 +0000 (15:29 +0200)]
linuxptp: add patch to fix no-thread/linuxthreads uClibc builds
linuxptp missing.h header implements a replacement clock_nanosleep()
function, which was used when the thread implementation was not NPTL,
because uClibc failed to provide clock_nanosleep() in such
configurations.
However, uClibc-ng has fixed this problem upstream, and has backported
this change in Buildroot in patch
package/uclibc/0002-librt-declare-clock_nanosleep-independent-of-thread-.patch
(the code is upstream and will be part of uClibc-ng 1.0.31). Due to
this, there is now a conflicting definition of clock_nanosleep()
between the C library and the linuxptp missing.h code, which manifests
itself by the following build failure:
missing.h:117:19: error: static declaration of 'clock_nanosleep' follows non-static declaration
static inline int clock_nanosleep(clockid_t clock_id, int flags,
^~~~~~~~~~~~~~~
In file included from clockadj.h:24:0,
from clockadj.c:24:
This commit fixes that by adding a patch that removes the replacement
clock_nanosleep() implementation from the linuxptp code base.
Fixes:
http://autobuild.buildroot.net/results/
bf400095a853f5beb28c77a50fcffefe52c3d769/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 27 Jun 2018 19:21:50 +0000 (21:21 +0200)]
wiringpi: disable for static build
Static build of the wiringPi package is disabled by the tool author
(see wiringPi/noMoreStatic for details) since the version bump
to 2.46.
Fixes [1]:
arm-linux-gcc.br_real: error: ../wiringPi/libwiringPi.a: No such file or directory
[1] http://autobuild.buildroot.net/results/
a1ca953247475a5f31fe9283ade05c9cba26853b
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Sat, 16 Jun 2018 11:25:32 +0000 (13:25 +0200)]
configs/qemu_sh4eb-r2d: restore the old sh-sci driver behaviour
As for sh4-r2d (little-endian) restore the old sh-sci driver behaviour
for sh4eb-r2d.
Tested with qemu_sh4eb_r2d_defconfig.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Sat, 16 Jun 2018 11:25:31 +0000 (13:25 +0200)]
configs/qemu_sh4-r2d: restore the old sh-sci driver behaviour
This reverts commit
18e8cf159177100e69d528293f8cf6875c0b1bca (kernel)
The last Qemu kernel update [1] introduced a regresion in sh4 SCIF
serial device. Some keyboard presses are very slow to be taken into
account, perhaps not even taken into account at all. This would
explain why our test infrastructure doesn’t manage to login as root
[2][3][4].
git bisect reported a kernel patch from 4.11, increasing RX FIFO
trigger defaults value for sh-sci (H)SCIF. The kernel patch itself
looks good but the Qemu emulation is not ready to handle this new
setting.
>From Qemu (2.12.0): target/sh4/README.sh4
"Configuration of the second serial port (SCIF) is supported. FIFO
handling infrastructure has been started but is not completed yet."
We can't use the first serial port (ttySC0) because it's the second
SH UART that's emulated by Qemu.
In order to be able to test sh4 architecture with newer kernel,
revert to the old behaviour.
[1]
03fb00f2175cdb4565e26fcb9b3da1c1059de1bd
[2] https://gitlab.com/free-electrons/toolchains-builder/-/jobs/
72006425
[3] https://gitlab.com/free-electrons/toolchains-builder/-/jobs/
72006427
[4] https://gitlab.com/free-electrons/toolchains-builder/-/jobs/
72006426
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Carlos Santos [Wed, 18 Jul 2018 12:34:43 +0000 (09:34 -0300)]
vim: install /bin/vi as a relative symlink
Prevent creating a dangling symlink when vim is not present on the host
machine. With BR2_ROOTFS_MERGED_USR, just link to "vim", since they are
on the same directory, otherwise link to "../usr/bin/vim".
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Artem Panfilov [Wed, 1 Aug 2018 13:21:14 +0000 (16:21 +0300)]
package/pure-ftpd: add optional support for linux-pam
Signed-off-by: Artem Panfilov <apanfilov@spectracom.com>
[Thomas: add explicit --without-pam when linux-pam is not enabled.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 26 Jun 2018 21:43:26 +0000 (23:43 +0200)]
gnuradio: needs host-python2
gnuradio needs host-python2 however there is no way to enforce this so
add a dependency on !BR2_PACKAGE_PYTHON3.
Indeed, if BR2_PACKAGE_PYTHON3 is selected, then buildroot will only
build host-python3.
This issue was not raised in the previous version of gnuradio as
host-python-cheetah was the only dependency and host-python-cheetah
enforces python2 through HOST_PYTHON_CHEETAH_NEEDS_HOST_PYTHON however
we now have host-python-six and host-python-mako dependencies and it
does not seem right to enforces python2 on those packages
Fixes:
- http://autobuild.buildroot.net/results/
a502fef3e2a40f38ca63332440b0b6bd2ed11d5a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 26 Jun 2018 21:10:46 +0000 (23:10 +0200)]
gnuradio: remove host-python-cheetah dependency
host-python-cheetah has been replaced by host-python-mako:
https://github.com/gnuradio/volk/commit/
1b2bedc8685c4dc2b3587068339d69b5ab1c874d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Wed, 1 Aug 2018 19:47:29 +0000 (21:47 +0200)]
package/glibc: remove --{with, without}-fp option
This option has been removed since glibc 2.27 [1].
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=
8df5d34720dd71e934545bade879e04697830757
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Wed, 1 Aug 2018 20:55:28 +0000 (22:55 +0200)]
package/opencv3: fix build with gcc bug 64735
OpenCV3 allows to disable the usage of std::exception_ptr:
https://github.com/opencv/opencv/issues/11878#issuecomment-
402099255
Fixes
http://autobuild.buildroot.net/results/5ca/
5ca221792c72c0a19f8b0e8303c0603d28f3c48e/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Sun, 5 Aug 2018 10:13:31 +0000 (13:13 +0300)]
docs/manual: update host gcc minimum required version
The oldest gcc that is known to work with current Buildroot is that of
RHEL 6, version 4.4.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Daniel Nicoletti [Thu, 2 Aug 2018 13:38:13 +0000 (10:38 -0300)]
package/cutelyst: bump version to fix build issues
Fixes:
http://autobuild.buildroot.net/results/
fd78e54eca9e95ae5c7a27e6afa1891a0bf65994/
Signed-off-by: Daniel Nicoletti <dantti12@gmail.com>
[Thomas: add autobuilder reference.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Fri, 3 Aug 2018 18:13:10 +0000 (20:13 +0200)]
package/gdb: bump to version 8.1.1
https://sourceware.org/ml/gdb-announce/2018/msg00002.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Fri, 3 Aug 2018 20:04:55 +0000 (22:04 +0200)]
package/tinc: bump version to 1.0.34
Updated license hash after upstream commit:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=
54b18a85f68652f94ac5ecffbd9d100879ed06ea
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Thu, 2 Aug 2018 18:09:44 +0000 (20:09 +0200)]
package/qt5/qt5base: fix PKG_CONFIG_LIBDIR
By default pkgconf searches "${libdir}/pkgconfig:${datadir}/pkgconfig"
for .pc files:
https://github.com/pkgconf/pkgconf/blob/
844f0a66621629a65e3cbf3c3ca47185602e9df5/configure.ac#L41
The new xorgproto package installs .pc files to ${datadir}/pkgconfig
whichs translates to $(STAGING_DIR)/usr/share/pkgconfig, for example
dri3proto:
https://cgit.freedesktop.org/xorg/proto/xorgproto/tree/Makefile.am#n65
whereas the old xproto_ packages installed their .pc files to
${libdir}/pkgconfig:
https://cgit.freedesktop.org/xorg/proto/dri3proto/tree/Makefile.am?id=
3937f72040b79c7245b261da880364177cc40a6e#n4
Normally this upstream change is not a problem because pkgconf searches
both paths for .pc files, unless we define PKG_CONFIG_LIBDIR with
something else like we did for the last six years ;)
https://github.com/buildroot/buildroot/blame/master/package/qt5/qt5base/qt5base.mk#L280
This patch removes all variables concerning pkgconf paths. At the time
the qt5base package was introduced the pkgconf wrapper did not exist.
Today these variables are not necessary anymore.
Fixes
http://autobuild.buildroot.net/results/061/
06159500c27026d56a772fafbb0d956c72dd4e6c/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>