Bernd Kuhls [Fri, 2 Mar 2018 06:06:57 +0000 (07:06 +0100)]
package/clamav: security bump to version 0.99.4
Fixes CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-
1000085 &
CVE-2018-0202.
For details see upstream announcement:
http://lists.clamav.net/pipermail/clamav-announce/2018/000029.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 1 Mar 2018 20:54:29 +0000 (21:54 +0100)]
uboot: ensure host includes are searched before system default includes
Commit
baae5156ce37e (uboot: use local fdt headers) changed the uboot logic
to pass the host include directories with -idirafter instead of -I, so
include files local to u-boot would be preferred over host includes.
This unfortunately breaks configurations using
BR2_TARGET_UBOOT_NEEDS_OPENSSL on hosts with incompatible openssl headers
installed in the system default include directories as explained here:
http://lists.busybox.net/pipermail/buildroot/2018-March/214651.html
The problem is that -idirafter directories gets added to the very end of the
search order, AFTER the system default directories.
Instead use -isystem which causes the directories to be added after -I but
before the system default directories. With this in place, the include
directories of u-boot will first be scanned, followed by the host includes
and finally the system default include directories.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 1 Mar 2018 21:56:06 +0000 (22:56 +0100)]
qt: mark as obsolete
qt 4.x is no longer supported upstream since December 2015:
https://blog.qt.io/blog/2015/05/26/qt-4-8-7-released/
So it shouldn't be used for new projects. Add an obsolete warning to the
package prompt to make this clear.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 28 Feb 2018 23:11:40 +0000 (00:11 +0100)]
mosquitto: security bump to version 1.4.15
Fixes CVE-2017-7651: Unauthenticated clients can send a crafted CONNECT
packet which causes large amounts of memory use in the broker. If multiple
clients do this, an out of memory situation can occur and the system may
become unresponsive or the broker will be killed by the operating system.
The fix addresses the problem by limiting the permissible size for CONNECT
packet, and by adding a memory_limit configuration option that allows the
broker to self limit the amount of memory it uses.
The hash of new tarball is not (yet) available through download.php, so use
a locally calculated hash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 1 Mar 2018 19:41:51 +0000 (20:41 +0100)]
package/dovecot: security bump to version 2.3.4
Fixes CVE-2017-15130, CVE-2017-14461 & CVE-2017-15132:
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
Removed patch applied upstream:
https://github.com/dovecot/core/commit/
a008617e811673064fd657acf517dc4a12493d29
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 1 Mar 2018 16:57:51 +0000 (17:57 +0100)]
systemd: correct README hash after bump to version 237
systemd-237 slightly changed the README, but the hash was not updated
leading to legal-info failing. Fix it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 1 Mar 2018 16:14:01 +0000 (17:14 +0100)]
utils/scanpypi: fix 'downloas' typo in error message
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Wed, 28 Feb 2018 09:04:26 +0000 (10:04 +0100)]
sdl2: rpi video support needs OpenGL ES
Fixes [1]:
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c: In function 'RPI_Create':
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:126:39: error: 'RPI_GLES_DefaultProfileConfig' undeclared (first use in this function); did you mean 'RPI_GLES_DeleteContext'?
device->GL_DefaultProfileConfig = RPI_GLES_DefaultProfileConfig;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RPI_GLES_DeleteContext
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:126:39: note: each undeclared identifier is reported only once for each function it appears in
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c: In function 'RPI_CreateWindow':
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:281:17: error: 'SDL_VideoDevice {aka struct SDL_VideoDevice}' has no member named 'egl_data'; did you mean 'gl_data'?
if (!_this->egl_data) {
^~~~~~~~
gl_data
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:286:10: error: 'SDL_WindowData {aka struct SDL_WindowData}' has no member named 'egl_surface'
wdata->egl_surface = SDL_EGL_CreateSurface(_this, (NativeWindowType) &wdata->dispman_window);
^~
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:286:26: warning: implicit declaration of function 'SDL_EGL_CreateSurface'; did you mean 'SDL_Vulkan_CreateSurface'? [-Wimplicit-function-declaration]
wdata->egl_surface = SDL_EGL_CreateSurface(_this, (NativeWindowType) &wdata->dispman_window);
^~~~~~~~~~~~~~~~~~~~~
SDL_Vulkan_CreateSurface
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:288:14: error: 'SDL_WindowData {aka struct SDL_WindowData}' has no member named 'egl_surface'
if (wdata->egl_surface == EGL_NO_SURFACE) {
^~
[1] http://autobuild.buildroot.net/results/
9612d43b192bbb88214a11fe18f8b8da6ad10313
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Wed, 28 Feb 2018 12:36:43 +0000 (09:36 -0300)]
linux-headers: bump 4.{4, 9, 14, 15}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Wed, 28 Feb 2018 12:36:42 +0000 (09:36 -0300)]
linux: bump default to version 4.15.7
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Tue, 27 Feb 2018 21:51:31 +0000 (22:51 +0100)]
package/tvheadend: disable for microblazeel
tvheadend does not build on microblazeel, because of some assertion
failure in binutils:
[...]/microblazeel-buildroot-linux-uclibc/bin/ld: FDE encoding in [...]/lib/gcc/microblazeel-buildroot-linux-uclibc/6.4.0/libgcc.a(_divdi3.o)(.eh_frame) prevents .eh_frame_hdr table being created.
[...]/microblazeel-buildroot-linux-uclibc/bin/ld: FDE encoding in [...]/lib/gcc/microblazeel-buildroot-linux-uclibc/6.4.0/libgcc.a(_udivdi3.o)(.eh_frame) prevents .eh_frame_hdr table being created.
[...]/microblazeel-buildroot-linux-uclibc/bin/ld: FDE encoding in [...]/lib/gcc/microblazeel-buildroot-linux-uclibc/6.4.0/libgcc.a(_umoddi3.o)(.eh_frame) prevents .eh_frame_hdr table being created.
[...]/microblazeel-buildroot-linux-uclibc/bin/ld: BFD (GNU Binutils) 2.29.1 assertion fail elf32-microblaze.c:1494
[...]/microblazeel-buildroot-linux-uclibc/bin/ld: [...]/sysroot/usr/lib/Scrt1.o: probably compiled without -fPIC?
[...]/microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: Bad value
collect2: error: ld returned 1 exit status
Fixes:
http://autobuild.buildroot.org/results/
85475885a95f23f3dbc88e5b162108a458233bc4/
[...]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 27 Feb 2018 21:26:52 +0000 (22:26 +0100)]
wavpack: add upstream security fixes
Fixes the following security issues:
CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig
function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to
cause a denial-of-service attack or possibly have unspecified other impact
via a maliciously crafted RF64 file.
CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file
of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service
(heap-based buffer over-read) or possibly overwrite the heap via a
maliciously crafted DSDIFF file.
CVE-2018-7254: The ParseCaffHeaderConfig function of the cli/caff.c file of
WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global
buffer over-read), or possibly trigger a buffer overflow or incorrect memory
allocation, via a maliciously crafted CAF file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 27 Feb 2018 21:58:57 +0000 (22:58 +0100)]
Update for 2018.02-rc3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Trent Piepho [Tue, 27 Feb 2018 21:21:31 +0000 (13:21 -0800)]
bluez5_utils: Make systemd link correctly
The link in /etc/systemd/system/, named dbus-org.bluez.service, pointing to
../../../../usr/lib/systemd/system/bluetooth.service has one too many ".." in
it. Likely the target was copied from the other link in
/etc/systemd/system/bluetooth.target.wants/, which is one level deeper.
Adjust link to be correct.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Trent Piepho [Fri, 23 Feb 2018 20:18:35 +0000 (12:18 -0800)]
systemd: Fix relative ln add-wants wrapper
The patch to allow systemd to work with old "ln" versions that don't
support --relative didn't work properly in the the meson-add-wants.sh
script.
This results in all the links in systemd's "*.wants" directories being
broken, e.g.
/usr/lib/systemd/system/multi-user.target.wants/getty.target ->
../../../../usr/lib/systemd/system/getty.target
There is one too few ".." in that relative link.
The problem is that the script is called with the link name being either a
file or an existing directory. In the latter case, ln creates the link in
the directory using the name of the target. This means the link is one
level deeper than the relative link making code thinks.
The solution used is to only dirname the link, moving up a level, if it's
not a directory, to mimic ln's logic in how it creates links.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Tue, 27 Feb 2018 20:50:47 +0000 (21:50 +0100)]
pcre2: add patch fixing a build issue on m68k
A pretty nasty difference in alignment rules between most
architectures and m68k lead pcre2 to fail building its 16-bit and
32-bit variants on m68k. This commit adds a patch that fixes that.
Fixes:
http://autobuild.buildroot.net/results/
f6a45df5cb80e3fd94d57163bd28a0014a02bf4/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gaël PORTAY [Mon, 12 Feb 2018 04:25:23 +0000 (23:25 -0500)]
qt5multimedia: fix build issue with mesa3d w/out xcb
The mesa's EGL/eglplatform.h header includes X11 headers unless the flag
MESA_EGL_NO_X11_HEADERS is defined[1].
A build issue happens when mesa3d is selected as then OpenGL EGL backend
but the XCB library is not selected.
This commit tells qmake to pass the cflag MESA_EGL_NO_X11_HEADERS to
make and prevent from including the missing X headers.
The issue QTBUG-66233 is opened in the Qt tracker[1].
Fixes:
In file included from
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/EGL/egl.h:39:0,
from qsgvideonode_egl.h:48,
from qsgvideonode_egl.cpp:40:
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/EGL/eglplatform.h:118:22:
fatal error: X11/Xlib.h: No such file or directory
#include <X11/Xlib.h>
^
compilation terminated.
Makefile:550: recipe for target '.obj/qsgvideonode_egl.o' failed
[1]: https://github.com/mesa3d/mesa/blob/
79ee1b2ff0b85f4eeb4165d23a7943c28d3a3d93/include/EGL/eglplatform.h#L109-L125
[2]: https://bugreports.qt.io/browse/QTBUG-66233
[Peter: simplify logic]
Cc: Julien CORJON <corjon.j@ecagroup.com>
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gaël PORTAY [Mon, 12 Feb 2018 04:25:22 +0000 (23:25 -0500)]
qt5webkit: fix build issue with mesa3d w/out xcb
The mesa's EGL/eglplatform.h header includes X11 headers unless the flag
MESA_EGL_NO_X11_HEADERS is defined[1].
A build issue happens when mesa3d is selected as then OpenGL EGL backend
but the XCB library is not selected.
This commit tells qmake to pass the cflag MESA_EGL_NO_X11_HEADERS to
make and prevent from including the missing X headers.
The issue QTBUG-66233 is opened in the Qt tracker[1].
Fixes:
In file included from /home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/EGL/egl.h:39:0,
from platform/graphics/opengl/Extensions3DOpenGLES.cpp:33:
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/EGL/eglplatform.h:118:22: fatal error: X11/Xlib.h: No such file or directory
#include <X11/Xlib.h>
^
compilation terminated.
Makefile.WebCore.Target:93596: recipe for target '.obj/platform/graphics/opengl/Extensions3DOpenGLES.o' failed
[1]: https://github.com/mesa3d/mesa/blob/
79ee1b2ff0b85f4eeb4165d23a7943c28d3a3d93/include/EGL/eglplatform.h#L109-L125
[2]: https://bugreports.qt.io/browse/QTBUG-66233
[Peter: simplify logic]
Cc: Julien CORJON <corjon.j@ecagroup.com>
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gaël PORTAY [Mon, 12 Feb 2018 04:25:24 +0000 (23:25 -0500)]
qt5wayland: fix build issue with mesa3d w/out xcb
The mesa's EGL/eglplatform.h header includes X11 headers unless the flag
MESA_EGL_NO_X11_HEADERS is defined[1].
A build issue happens when mesa3d is selected as then OpenGL EGL backend
but the XCB library is not selected.
This commit tells qmake to pass the cflag MESA_EGL_NO_X11_HEADERS to
make and prevent from including the missing X headers.
The issue QTBUG-66233 is opened in the Qt tracker[1].
Fixes:
In file included from
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/EGL/egl.h:39:0,
from
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/qt5/QtEglSupport/5.10.0/QtEglSupport/private/qt_egl_p.h:65,
from
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/qt5/QtEglSupport/5.10.0/QtEglSupport/private/qeglstreamconvenience_p.h:55,
from
../../../../hardwareintegration/compositor/wayland-egl/waylandeglclientbufferintegration.cpp:56:
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/EGL/eglplatform.h:118:22:
fatal error: X11/Xlib.h: No such file or directory
#include <X11/Xlib.h>
^
compilation terminated.
Makefile:656: recipe for target
'.obj/waylandeglclientbufferintegration.o' failed
make[8]: *** [.obj/waylandeglclientbufferintegration.o] Error 1
[1]: https://github.com/mesa3d/mesa/blob/
79ee1b2ff0b85f4eeb4165d23a7943c28d3a3d93/include/EGL/eglplatform.h#L109-L125
[2]: https://bugreports.qt.io/browse/QTBUG-66233
[Peter: simplify logic]
Cc: Julien CORJON <corjon.j@ecagroup.com>
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 10 Feb 2018 19:58:15 +0000 (20:58 +0100)]
domoticz: depends on NPTL
boost 1.66 uses pthread_condattr_setclock in
boost/asio/detail/impl/posix_event.ipp.
Boost is mostly a header-only library, in particular the asio stuff.
There are sub-options for the parts of Boost that are not purely
headers, but there are not any sub-options for the parts of Boost that
are just headers.
So, the options are either to add sub-options to Boost, or to make
Boost as a whole only available on NPTL toolchains. The latter is a bit
annoying as it would mean adding this dependency to all Boost reverse
dependencies, even those not using asio.
So, instead of updating boost, add a dependency to
BR2_TOOLCHAIN_HAS_THREADS_NPTL to domoticz. This is the best solution
that can be done today. It's not perfect, but it's good enough.
Fixes:
- http://autobuild.buildroot.net/results/
197baa15cbf7f4fc7b3ccc602515af3f375ed68f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mahyar Koshkouei [Mon, 26 Feb 2018 15:41:12 +0000 (15:41 +0000)]
mpv: security bump to 0.27.2
Fixes CVE-2018-6360: mpv through 0.28.0 allows remote attackers to execute
arbitrary code via a crafted web site, because it reads HTML documents
containing VIDEO elements, and accepts arbitrary URLs in a src attribute
without a protocol whitelist.
[Peter: Add CVE description]
Signed-off-by: Mahyar Koshkouei <mahyar.koshkouei@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mahyar Koshkouei [Mon, 26 Feb 2018 15:41:11 +0000 (15:41 +0000)]
mpv: disable mali-fbdev support
Fixes:
http://autobuild.buildroot.net/results/2ce/
2ce2d9be9e0699114e3bc3c0434ba05f64741f89/
A compile error occurs when attempting to compile mpv with mali support
(eg. when odroid-mali package is selected).
Signed-off-by: Mahyar Koshkouei <mahyar.koshkouei@gmail.com>
Signed-off-by: Mahyar Koshkouei <mahyar.koshkouei@gmail.com><br/>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas De Schampheleire [Tue, 27 Feb 2018 19:18:35 +0000 (20:18 +0100)]
asterisk: replace $(HOST_DIR)/usr/bin with $(HOST_DIR)/bin
Commit
0f9c0bf3d5cd did a global replace of $(HOST_DIR)/usr/bin to
$(HOST_DIR)/bin. But later, a new occurrence of $(HOST_DIR)/usr/bin snuck
into the sources via commit
05e306d8d33 which added asterisk.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 27 Feb 2018 19:21:45 +0000 (20:21 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 17.3.6
Release note of this emergency release:
https://lists.freedesktop.org/archives/mesa-announce/2018-February/000403.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 27 Feb 2018 19:10:34 +0000 (20:10 +0100)]
linux-headers: bump 3.2.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sébastien Szymanski [Tue, 27 Feb 2018 17:48:26 +0000 (18:48 +0100)]
qt5: bump latest version to 5.9.4
qt5connectivity:
- removed
0001-Example-heartrate-server-needs-only-core-and-bluetoo.patch
(upstream comitted [1])
qt5quickcontrols2:
- removed 0001-Example-flatstyle-needs-widgets-module.patch (upstream
comitted [2])
qt5webengine:
- removed 0002-Load-libEGL-and-libGLES2-symbols-implicitly.patch
(upstream comitted, reverted and recomitted [3])
[1] https://codereview.qt-project.org/211810
[2] https://codereview.qt-project.org/212583
[3] https://codereview.qt-project.org/209547
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Alistair Francis [Tue, 27 Feb 2018 16:43:23 +0000 (08:43 -0800)]
DEVELOPERS: Update email address
I am leaving Xilinx so to avoid future bounces update my email address
to my personal email address.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 27 Feb 2018 08:55:41 +0000 (09:55 +0100)]
check-host-tar.sh: blacklist tar 1.30+
Tar 1.30 changed the --numeric-owner output for filenames > 100 characters,
leading to hash mismatches for the tar archives we create ourselves from
git. This is really a fix for a bug in earlier tar versions regarding
deterministic output, so it is unlikely to be reverted in later versions.
For more details, see:
http://lists.busybox.net/pipermail/buildroot/2018-January/211222.html
To work around this issue, blacklist tar 1.30+ similar to how we do it for
pre-1.17 versions so Buildroot falls back to building host-tar.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 27 Feb 2018 08:55:40 +0000 (09:55 +0100)]
dependencies.mk: check for valid host-tar before other host dependencies
host-{cmake,lzip,xz} needs host-tar to extract their source code tarball, so
we need to ensure that host-tar gets added to DEPENDENCIES_HOST_PREREQ
before these in case they are both needed, otherwise the tools will fail to
extract.
With the upcoming change to blacklist modern tar versions this situation is
likely to trigger more often.
The real solution to this issue is the <foo>_EXTRACT_DEPENDENCIES rework,
but that series is a bit too intrusive to add this close to 2018.02, so
therefore this hack.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Mon, 26 Feb 2018 20:34:29 +0000 (21:34 +0100)]
php: disable on configurations using BR2_BINFMT_FLAT
BR2_BINFMT_FLAT configurations require the use of elf2flt. However,
PHP uses -export-dynamic which breaks badly with elf2flt. Even a
simple program fails to build:
$ ./output/host/bin/arm-linux-gcc -Wl,-export-dynamic -o toto toto.c
/home/thomas/projets/buildroot/output/host/opt/ext-toolchain/arm-buildroot-uclinux-uclibcgnueabi/bin/ld.real: section .junk LMA [
0000000000000000,
0000000000000027] overlaps section .text LMA [
0000000000000000,
0000000000006d07]
-export-dynamic is clearly not useful for FLAT configurations, which
are always statically linked, but it's quite a bit of work to change
the PHP build system to use it only conditionall.
It looks more like an interaction bug between gcc (which wants to put
the .text section at address 0x0 in its linker script) and elf2flt,
which wants to put its .junk section (containing the .rel.text stuff)
also at address 0x0.
Fixes (works around) the "section overlap" part of:
http://autobuild.buildroot.net/results/
35cbed8927bb10500ecf2816aa728ea240a0be21/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Mon, 26 Feb 2018 20:34:28 +0000 (21:34 +0100)]
php: add patch to fix build on static-only systems
This commit adds a patch to PHP to fix the build on static-only
system, a regression introduced in PHP recently.
Fixes:
http://autobuild.buildroot.net/results/
fbf7ebbb9502424727006f39e169ec1ee870186d/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Eric Le Bihan [Mon, 26 Feb 2018 20:04:21 +0000 (21:04 +0100)]
rustc: disable for ARMV7A with EABI
The Rust project does not support armv7a EABI, only EABIHF [1]. So
disable rustc for this ARM variant.
Fixes:
- http://autobuild.buildroot.net/results/
51c98ca5486e7e83725ababa437cbb8204ceb66b/
[1] https://forge.rust-lang.org/platform-support.html
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Johan Oudinet [Mon, 26 Feb 2018 16:58:38 +0000 (17:58 +0100)]
erlang: enable host-erlang for x86/x86_64 architectures only
And make erlang depends on host-erlang.
This patch aims at avoiding the following autobuilder failures:
http://autobuild.buildroot.net/results/
45edf95c0c44c9d553879e0cbb771098d7c63aa1
http://autobuild.buildroot.net/results/
a36d00407a371d70b4551a9717ebd6ff852c8bca
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Mon, 26 Feb 2018 18:17:11 +0000 (19:17 +0100)]
php: fix build on C libraries that don't provide AI_IDN
The PHP sockets module now provides access to AI_IDN functionality (by
simply declaring a bunch of constants available from PHP code). AI_IDN
(internationalized domain names) is not supported in uClibc or musl,
which breaks the build.
This commit adds a patch to PHP which makes the use of AI_IDN
conditional, in a way that is identical to what is already done for
AI_ALL. The patch has been submitted upstream.
Fixes:
http://autobuild.buildroot.net/results/
ef040cc45bb2789ead82a8c445db3376e36b5ac7/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gaël PORTAY [Wed, 21 Feb 2018 21:02:16 +0000 (16:02 -0500)]
fs/cpio/init: preserve arguments
Use "$@" instead of $* to preserve arguments containing spaces.
The shell expands "$@" as "$1" "$2" "$3"... while it expands $@ as $1 $2
$3. With the second form, we loses spaces in positional parameters.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Mon, 26 Feb 2018 11:36:10 +0000 (08:36 -0300)]
linux-headers: bump 4.{4, 9, 14, 15}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Mon, 26 Feb 2018 11:36:09 +0000 (08:36 -0300)]
linux: bump default to version 4.15.6
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Daniel Serpell [Sun, 18 Feb 2018 14:50:42 +0000 (11:50 -0300)]
docs/manual: add documentation for the "make sdk" target
Signed-off-by: Daniel Serpell <daniel.serpell@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Sun, 25 Feb 2018 22:10:43 +0000 (23:10 +0100)]
package/zlib: zlib-ng only available on some archs
Upstream has code only for those architectures, with no fallback
generic code, so we must restrict zlib-ng to only those four archs...
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Nicolas Cavallari <Nicolas.Cavallari@green-communications.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Stefan Fröberg <stefan.froberg@petroprogram.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: fix typoes in the Config.in option name.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 25 Feb 2018 22:18:52 +0000 (23:18 +0100)]
Revert "package/htop: remove 0xe2 from MetersPanel.c"
This reverts commit
93f080ba0a3d84bf3b23404e083b0a33cd5fa31d.
This patch was intended for the next branch, it shouldn't have been
applied to the master branch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Romain Naour [Tue, 20 Feb 2018 22:20:25 +0000 (23:20 +0100)]
package/htop: remove 0xe2 from MetersPanel.c
This non ascii character trigger an issue with MakeHeader.py.
./scripts/MakeHeader.py MetersPanel.c
Traceback (most recent call last):
File "./scripts/MakeHeader.py", line 32, in <module>
for line in file.readlines():
File "[...]/output/host/lib/python3.6/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 956: ordinal not in range(128)
Fixes:
http://autobuild.buildroot.net/results/8ed/
8edb78b054a265447fd0e83f67cba5f978be4ed6
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas De Schampheleire [Tue, 20 Feb 2018 11:11:56 +0000 (12:11 +0100)]
check-bin-arch: skip /lib/modules to allow 32-bit userland on 64-bit arch
The script check-bin-arch fails as follows on a config for PowerPC e6500
(64-bit CPU) with BR2_ARCH="powerpc" (32-bit userland desired):
ERROR: architecture for "/lib/modules/..../lib/libcrc32c.ko"
is "PowerPC64", should be "PowerPC"
This situation is perfectly acceptable: the kernel is 64-bit and so are its
modules, even though userland is 32-bit.
To keep check-bin-arch and its caller simple, just skip /lib/modules/
entirely, like is done for /lib/firmware and some others.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Sat, 24 Feb 2018 20:49:00 +0000 (22:49 +0200)]
mbedtls: fix API compatibility
Add upstream patch fixing API compatibility with previous releases.
Fixes (hiawatha):
http://autobuild.buildroot.net/results/ce6/
ce6b4a50e6aafd06f82eaae688dd8720b982e9c2/
http://autobuild.buildroot.net/results/cde/
cdec7ae3565d5b76a9bc50156c6244b44197534e/
http://autobuild.buildroot.net/results/9c1/
9c1aec09c03f60bee9dc134da5a29e2671fc3b5e/
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas De Schampheleire [Mon, 19 Feb 2018 15:56:32 +0000 (16:56 +0100)]
uboot: revert "uboot: use local libfdt.h"
This reverts commit
3a6573ccee2624de0c604abf2c7df6704a4cf566.
It is no longer necessary after solving the problem differently.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas De Schampheleire [Mon, 19 Feb 2018 15:56:31 +0000 (16:56 +0100)]
uboot: use local fdt headers
After commit
b8c3e941731d ("package/dtc: qemu system build need libfdt")
changed the dtc install target from 'install-bin' to 'install', uboot
compilation failures occurred because libfdt related headers were now
suddenly taken from output/host/include rather than from the uboot sources
itself.
Commit
3a6573ccee26 ("uboot: use local libfdt.h") solved this by patching
one specific uboot source file, tools/fdtgrep.c, to replace '<...>'-style
includes by '"..."'-style includes.
However, depending on the uboot version, this may not be enough: there may
be other references to fdt header files. In particular taking into account
that it is not uncommon to have vendor-provided uboot trees which have
custom changes.
The root of the problem is that the uboot.mk file passes the host compiler
as follows:
UBOOT_MAKE_OPTS += \
...
HOSTCC="$(HOSTCC) $(HOST_CFLAGS)" \
...
where HOST_CFLAGS contains the string '-I$(HOST_DIR)/include'
The uboot makefiles then use constructs of the form:
$(CC) $(CPPFLAGS) $(CFLAGS) .....
where CPPFLAGS may contain -I references pointing to local directories.
On the expanded compiler command-line, Buildroot's '-I$(HOST_DIR)/include'
is thus present _before_ any -I to local directories, and thus takes
precedence. And that becomes a problem for header files present both
locally as in the Buildroot host directory, which is the case for libfdt.
To fix this problem without having to patch u-boot sources, use '-idirafter'
rather than '-I' to pass the Buildroot host include directory. '-idirafter'
is basically the same thing, but adds the specified directory at the end
of the include precedence chain, rather than at the beginning.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
John Keeping [Wed, 21 Feb 2018 15:39:02 +0000 (15:39 +0000)]
libglib2: don't override ac_cv_func_strerror_r_char_p
libglib2 recently changed to use the result of the autoconf macro to
decide how to use strerror_r() in g_strerror() instead of embedding the
same preprocessor condition as in glibc's strings.h (upstream commit
c8e268bb was first included in release 2.53.4).
Following this change, if ac_cv_func_strerror_r_char_p is incorrectly
set to "no", the error string is an uninitialized buffer which cannot be
encoded as UTF-8. The final result of this is that GLib functions that
are expected to fill in an error pointer on failure in fact leave this
pointing to NULL which is likely to cause a segfault in client
applications.
In fact the autoconf check compiles a test file but does not need to run
it, so the test is safe when cross-compiling and returns the correct
answer. So remove this cached value and let the configure script figure
it out for itself, fixing g_strerror() on glibc systems.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Fri, 23 Feb 2018 08:37:10 +0000 (09:37 +0100)]
asterisk: security bump to version 14.7.6
Fixes the following security issues:
AST-2018-002: Crash when given an invalid SDP media format description
By crafting an SDP message with an invalid media format description Asterisk
crashes when using the pjsip channel driver because pjproject's sdp parsing
algorithm fails to catch the invalid media format description.
AST-2018-003: Crash with an invalid SDP fmtp attribute
By crafting an SDP message body with an invalid fmtp attribute Asterisk
crashes when using the pjsip channel driver because pjproject's fmtp
retrieval function fails to check if fmtp value is empty (set empty if
previously parsed as invalid).
AST-2018-004: Crash when receiving SUBSCRIBE request
When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the
accepted formats present in the Accept headers of the request. This code
did not limit the number of headers it processed despite having a fixed
limit of 32. If more than 32 Accept headers were present the code would
write outside of its memory and cause a crash.
AST-2018-005: Crash when large numbers of TCP connections are closed suddenly
A crash occurs when a number of authenticated INVITE messages are sent over
TCP or TLS and then the connection is suddenly closed. This issue leads to
a segmentation fault.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Thu, 22 Feb 2018 22:17:31 +0000 (23:17 +0100)]
website: update package number text
We have quite a bit more than "hundreds of packages" nowadays:
find package -name \*.mk | wc -l
2285
So adjust the text to say 'several thousand' instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Fri, 23 Feb 2018 17:50:37 +0000 (18:50 +0100)]
azmq: add NPTL dependency
boost-log depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL so add this
dependency to azmq
Fixes:
- http://autobuild.buildroot.net/results/
ffa5f21d7e7c38ea7adebc84f1cc8ee4cff74f1b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Fri, 23 Feb 2018 05:22:31 +0000 (07:22 +0200)]
patch: security bump to version 2.7.6
Fixes CVE-2016-10713: Out-of-bounds access within pch_write_line() in
pch.c can possibly lead to DoS via a crafted input file.
Add upstream patch fixing CVE-2018-6951: There is a segmentation fault,
associated with a NULL pointer dereference, leading to a denial of
service in the intuit_diff_type function in pch.c, aka a "mangled
rename" issue.
This bump does NOT fix CVE-2018-6952. See upstream bug #53133
(https://savannah.gnu.org/bugs/index.php?53133).
Add license file hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Fri, 23 Feb 2018 04:56:11 +0000 (06:56 +0200)]
mbedtls: security bump to version 2.7.0
CVE-2018-0487: Remote attackers can execute arbitrary code or cause a
denial of service (buffer overflow) via a crafted certificate chain that
is mishandled during RSASSA-PSS signature verification within a TLS or
DTLS session.
CVE-2018-0488: When the truncated HMAC extension and CBC are used,
allows remote attackers to execute arbitrary code or cause a denial of
service (heap corruption) via a crafted application packet within a TLS
or DTLS session.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Thu, 22 Feb 2018 17:12:11 +0000 (14:12 -0300)]
linux-headers: bump 4.{4, 9, 14, 15}.x series
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Thu, 22 Feb 2018 17:12:10 +0000 (14:12 -0300)]
linux: bump default to version 4.15.5
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Tue, 20 Feb 2018 21:39:25 +0000 (22:39 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 17.3.5
This is a emergency release fixing major a issue in the RADV driver [1].
[1] https://lists.freedesktop.org/archives/mesa-announce/2018-February/000401.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Zoltan Gyarmati [Wed, 21 Feb 2018 16:55:52 +0000 (17:55 +0100)]
package/gpsd: disable profiling support on ARC
With the currently used ARC glibc version the profiling build fails with
linking error to __mcount. The ARC glibc version arc-2018.03-eng007+
fixes this, therefore when glibc is bumped, this restriction can be
removed.
Fixes:
http://autobuild.buildroot.net/results/
88870f5bf4aff557d8eac4e1cc5d3e397e607af0/
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 19 Feb 2018 16:14:35 +0000 (17:14 +0100)]
exim: add upstream security fix
Fixes the following security issue:
CVE-2018-6789: Meh Chang discovered a buffer overflow flaw in a utility
function used in the SMTP listener of Exim, a mail transport agent. A
remote attacker can take advantage of this flaw to cause a denial of
service, or potentially the execution of arbitrary code via a specially
crafted message.
Dropped ChangeLog hunk and adjusted file path of upstream commit so it
applies to tarball.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 19 Feb 2018 15:50:59 +0000 (16:50 +0100)]
quagga: add upstream security fixes
Fixes the following security issues:
CVE-2018-5378
It was discovered that the Quagga BGP daemon, bgpd, does not
properly bounds check data sent with a NOTIFY to a peer, if an
attribute length is invalid. A configured BGP peer can take
advantage of this bug to read memory from the bgpd process or cause
a denial of service (daemon crash).
https://www.quagga.net/security/Quagga-2018-0543.txt
CVE-2018-5379
It was discovered that the Quagga BGP daemon, bgpd, can double-free
memory when processing certain forms of UPDATE message, containing
cluster-list and/or unknown attributes, resulting in a denial of
service (bgpd daemon crash).
https://www.quagga.net/security/Quagga-2018-1114.txt
CVE-2018-5380
It was discovered that the Quagga BGP daemon, bgpd, does not
properly handle internal BGP code-to-string conversion tables.
https://www.quagga.net/security/Quagga-2018-1550.txt
CVE-2018-5381
It was discovered that the Quagga BGP daemon, bgpd, can enter an
infinite loop if sent an invalid OPEN message by a configured peer.
A configured peer can take advantage of this flaw to cause a denial
of service (bgpd daemon not responding to any other events; BGP
sessions will drop and not be reestablished; unresponsive CLI
interface).
https://www.quagga.net/security/Quagga-2018-1975.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gaël PORTAY [Wed, 14 Feb 2018 02:37:14 +0000 (21:37 -0500)]
qt5webengine: fix build issue with alsa
Qt WebEngine auto-guesses if it compiles support for alsa. When the
alsa-lib config is enabled but the features mixer, rawmidi, hwdep and
seq are not also enabled, it leads to a build failure.
Lets the developer decide whether or not support for alsa in Qt
WebEngine by adding the new config BR2_PACKAGE_QT5WEBENGINE_ALSA that
selects the features it needs when it is set.
Fixes [1].
[1]: http://autobuild.buildroot.net/results/
d81537a8f67bb0a3625057560b2f16daf4828f98/build-end.log
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 18 Feb 2018 22:40:37 +0000 (23:40 +0100)]
wireguard: bump version to 0.0.
20180218
Fixes a memory leak and various minor tooling fixes.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 18 Feb 2018 21:54:13 +0000 (22:54 +0100)]
e2fsprogs: bump version to 1.43.9
Drop 0001-libext2fs-fix-build-failure-in-swapfs.c-on-big-endia.patch as it
is now upstream.
Only contains minor bugfixes since 1.43.8 and no new features.
>From the release notes:
Remove the huge file flag from libe2p (and hence from chattr/lsattr),
since it was never made visible by the kernel. Remove the description
of some compression related flags, and add a description of the
encrypted file flag, and the project hierarchy flag.
Remove a misplaced "MNP is unsupported" message from debugfs.
Fix a build failure in lib/ext2fs/swapfs.c on big-endian systems.
(Addresses Debian Bug #886119)
Fix various Debian packaging issues. (Addresses Debian Bug #269569).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ryan Coe [Mon, 19 Feb 2018 14:23:39 +0000 (06:23 -0800)]
mariadb: security bump version to 10.1.31
Release notes: https://mariadb.com/kb/en/mariadb-10131-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10131-changelog/
Fixes the following security vulnerabilities:
CVE-2018-2562 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server : Partition). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server as well as unauthorized update, insert or
delete access to some of MySQL Server accessible data.
CVE-2018-2622 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.5.58
and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
CVE-2018-2640 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
CVE-2018-2665 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
CVE-2018-2668 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
CVE-2018-2612 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and
prior and 5.7.20 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access to critical data or all
MySQL Server accessible data and unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Mon, 19 Feb 2018 13:22:12 +0000 (08:22 -0500)]
zic: bump to 2018c
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas De Schampheleire [Mon, 19 Feb 2018 15:57:34 +0000 (16:57 +0100)]
jq: compile as _GNU_SOURCE to fix segfault when compiled with gcc 6
When compiling host-jq with gcc 6+, running it gives an immediate segfault.
Reported upstream: https://github.com/stedolan/jq/issues/1598
The issue can be solved by compiling with _GNU_SOURCE as extra preprocessor
define. Once the issue is solved upstream, this change can be reverted.
As the issue will normally be the same for target, apply the same fix there.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Sat, 17 Feb 2018 14:06:15 +0000 (12:06 -0200)]
linux-headers: bump 4.{4, 9, 14, 15}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Sat, 17 Feb 2018 14:06:14 +0000 (12:06 -0200)]
linux: bump default to version 4.15.4
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 16 Feb 2018 08:09:55 +0000 (09:09 +0100)]
libvorbis: add upstream security fixes
Fixes the following security issues:
CVE-2017-14632: Libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in info.c
when vi->channels<=0, a similar issue to Mozilla bug 550184.
CVE-2017-14633: In libvorbis 1.3.5, an out-of-bounds array read
vulnerability exists in the function mapping0_forward() in mapping0.c, which
may lead to DoS when operating on a crafted audio file with
vorbis_analysis().
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 15 Feb 2018 23:01:00 +0000 (00:01 +0100)]
glibc: security bump to the latest commit on 2.26 branch
Fixes the following security issues according to NEWS:
CVE-2018-6485: An integer overflow in the implementation of the
posix_memalign in memalign functions in the GNU C Library (aka
CVE-2018-6551: The malloc implementation in the GNU C Library (aka glibc or
libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on
i386, did not properly handle malloc calls with arguments close to SIZE_MAX
and could return a pointer to a heap region that is smaller than requested,
eventually leading to heap corruption.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 15 Feb 2018 22:03:43 +0000 (23:03 +0100)]
Update for 2018.02-rc2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 15 Feb 2018 21:35:36 +0000 (22:35 +0100)]
libcpprestsdk: needs host-pkgconf
Commit
d2f0a9bba400 (libcpprestsdk: fix building as a static library)
changed libcpprestsdk to use pkg-config to find the linker flags for
openssl, so ensure it is available.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 15 Feb 2018 19:26:40 +0000 (20:26 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 17.3.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Mon, 12 Feb 2018 16:51:06 +0000 (17:51 +0100)]
package/ffmpeg: bump version to 3.4.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Tue, 13 Feb 2018 13:26:35 +0000 (14:26 +0100)]
docs/website: Free Electrons is now Bootlin
Free Electrons has been renamed to Bootlin, so update the
Documentation section of our website describing the Buildroot training
course to use the new company name and domain name.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Tue, 13 Feb 2018 13:26:34 +0000 (14:26 +0100)]
DEVELOPERS: Free Electrons is now Bootlin
Free Electrons is being renamed to Bootlin. While the
@free-electrons.com e-mail addresses still work, it is not guaranteed
to be the case in the future. Hence, this patch updates the DEVELOPERS
file to use the @bootlin.com addresses for all Bootlin engineers.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Tue, 13 Feb 2018 13:26:33 +0000 (14:26 +0100)]
DEVELOPERS: drop entry for amd-catalyst package
Romain Perier is no longer at Free Electrons, and his e-mail address
@free-electrons.com no longer exists, especially with the rename to
Bootlin. Romain is no longer maintaining the amd-catalyst package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gaël PORTAY [Wed, 14 Feb 2018 05:04:58 +0000 (00:04 -0500)]
pure-ftpd: Config.in: fix help text wrapping
This commit fixes the warnings reported by check-package on the help
text of package Config.in file, related to the formatting of the help
text: should start with a tab, then 2 spaces, then at most 62
characters.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Acked-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gaël PORTAY [Wed, 14 Feb 2018 05:04:57 +0000 (00:04 -0500)]
gconf: Config.in: fix help text wrapping
This commit fixes the warnings reported by check-package on the help
text of package Config.in file, related to the formatting of the help
text: should start with a tab, then 2 spaces, then at most 62
characters.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gaël PORTAY [Wed, 14 Feb 2018 05:04:56 +0000 (00:04 -0500)]
package/*/Config.in.host: fix help text check-package warnings
This commit fixes the warnings reported by check-package on the help
text of all package Config.in.host files, related to the formatting of
the help text: should start with a tab, then 2 spaces, then at most 62
characters.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gaël PORTAY [Tue, 13 Feb 2018 23:16:45 +0000 (18:16 -0500)]
qt5: fetch sources using https URLs
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gaël PORTAY [Sun, 11 Feb 2018 00:18:37 +0000 (19:18 -0500)]
qt5webengine: replace $(HOST_DIR)/usr/bin with $(HOST_DIR)/bin
Apply effect of commit
0f9c0bf3d5 to Qt WebEngine.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gaël PORTAY [Sat, 10 Feb 2018 19:11:38 +0000 (14:11 -0500)]
qt5webkit{, -examples}: use https link in hashfile
All Qt modules but qt5webkit use https link in their hashfile.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Vincent Stehlé [Sun, 11 Feb 2018 21:34:51 +0000 (22:34 +0100)]
configs: add pylibfdt where necessary
Add TARGET_UBOOT_NEEDS_PYLIBFDT to all defconfigs, where u-boot needs
Python libfdt to build.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Jagan Teki <jagan@amarulasolutions.com>
Cc: Mike Harmony <mike.harmony@snapav.com>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Cc: Jan Kraval <jan.kraval@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Mon, 12 Feb 2018 17:23:50 +0000 (12:23 -0500)]
libcpprestsdk: fix building as a static library
Use pkg-config to find OpenSSL. This will automatically find any
dependent libraries and put them in the correct order for linking.
Upstream status: submitted
https://github.com/Microsoft/cpprestsdk/pull/688
Fixes:
http://autobuild.buildroot.net/results/
be9e8d1717968a0ff8f01f7fadfa79825ac88b94/
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Ricardo Martincoski [Mon, 12 Feb 2018 21:02:08 +0000 (19:02 -0200)]
support/testing: fix job check-gitlab-ci.yml
Currently 'run-tests -l' is broken. It breaks 'make .gitlab-ci.yml' that
in turn breaks the job in GitLab.
TestRustBase is not a test case by itself, so it can't have a method
with the name starting with "test_" otherwise nose2 assumes it is a test
case.
Move the test_run method from the base class to the derived classes.
While at it, update .gitlab-ci.yml with the new test cases.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/
52000035
Reported-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabio Estevam [Tue, 13 Feb 2018 21:18:19 +0000 (19:18 -0200)]
linux-headers: bump 4.{9, 14}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Eric Le Bihan [Tue, 13 Feb 2018 07:21:28 +0000 (08:21 +0100)]
rustc: fix check-package warnings
utils/check-package complains as follows:
package/rustc/Config.in.host:6: attributes order: type, default, depends on, select, help (http://nightly.buildroot.org/#_config_files)
package/rustc/Config.in.host:79: empty line at end of file
This patch fixes these warnings.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Eric Le Bihan [Tue, 13 Feb 2018 07:21:27 +0000 (08:21 +0100)]
rustc: use RUSTC_{HOST,TARGET}_NAME
utils/check-package complains as follows:
package/rustc/rustc.mk:10: possible typo: RUST_TARGET_NAME -> *RUSTC*
package/rustc/rustc.mk:18: possible typo: RUST_HOST_NAME -> *RUSTC*
As RUST_{HOST,TARGET}_NAME are related to the Rust compiler, it
sounds sensible to rename them to RUSTC_{HOST,TARGET}_NAME.
So update all rust related packages to use the new variables.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Audrey Motheron [Mon, 12 Feb 2018 21:59:31 +0000 (22:59 +0100)]
package/mesa3d-demos: remove duplicate osmesa option
--disable-osmesa option is unconditionally added to CONF_OPTS even if
--enable-osmesa is used latter.
Signed-off-by: Audrey Motheron <audrey.motheron@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Waldemar Brodkorb [Mon, 12 Feb 2018 21:02:41 +0000 (22:02 +0100)]
systemd: resolved was renamed to resolve in meson build
While the conversion to meson, this seems to be missed.
Found while trying to build systemd with uClibc toolchain.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Mon, 12 Feb 2018 17:01:12 +0000 (12:01 -0500)]
php: disable valgrind
Introduced in PHP7.2, if a host has valgrind headers installed, PHP will detect
them and set HAVE_VALGRIND to 1.
Disable this entry after configuring.
fixes:
http://autobuild.buildroot.net/results/d59/
d59b5961890aeddcd6d59ed52243be6554d1fe21
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Mon, 12 Feb 2018 20:02:31 +0000 (22:02 +0200)]
librsvg: security bump to version 2.40.20
Fixes CVE-2018-
1000041: information disclosure via a crafted SVG file.
Bump to the latest (maybe last) release in the 2.40.x series. Newer
versions require a Rust compiler.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabio Estevam [Mon, 12 Feb 2018 12:39:00 +0000 (10:39 -0200)]
linux-headers: bump 4.15.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabio Estevam [Mon, 12 Feb 2018 12:38:59 +0000 (10:38 -0200)]
linux: bump default to version 4.15.3
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Danilo Bargen [Mon, 12 Feb 2018 08:21:50 +0000 (09:21 +0100)]
dropbear: use https URLs
While a hash check is being done, it's still better to use a download
URL with HTTPS.
Signed-off-by: Danilo Bargen <mail@dbrgn.ch>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Sat, 10 Feb 2018 20:16:38 +0000 (22:16 +0200)]
postgresql: update license file hash
Copyright year update.
Fixes:
http://autobuild.buildroot.net/results/d79/
d7989660584430945644e3a4406ba33cee22863d/
http://autobuild.buildroot.net/results/b51/
b5141b64ed838caa1daca1bf4fe322dd2afaf0b5/
http://autobuild.buildroot.net/results/a37/
a375d533036a1b95af32b6bda086e93174b8c5f0/
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Tue, 13 Feb 2018 16:51:41 +0000 (18:51 +0200)]
busybox: add upstream security fixes
CVE-2017-15873: Integer overflow in decompress_bunzip2.c leads to a read
access violation
CVE-2017-15874: Integer overflow in decompress_unlzma.c leads to a read
access violation
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gaël PORTAY [Sat, 10 Feb 2018 14:49:06 +0000 (09:49 -0500)]
qt5tools: fix typo in <pkg>_SOURCE
The QT5TOOLS_SOURCE variable uses mismatch QT5BASE_VERSION variable.
This commit fixes the typo by using the appropriate QT5TOOLS_VERSION
variable.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gaël PORTAY [Sat, 10 Feb 2018 13:19:52 +0000 (08:19 -0500)]
qt5enginio: bump to 1.6.3
Qt Enginio has been bumped to 1.6.3 with Qt 5.6.3.
This new version follows the Qt release number and has only one change
since 1.6.2[1].
[1]: https://github.com/qt/qtenginio/commit/
e447818458c9211e95ee5e75e294f76b6abf32d4
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gaël PORTAY [Sat, 10 Feb 2018 12:38:00 +0000 (07:38 -0500)]
qt53d: fix typo in <pkg>_SOURCES
The QT53D_SOURCE variable uses mismatch QT5SVG_VERSION variable.
This commit fixes the typo by using the appropriate QT53D_VERSION
variable.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Fri, 9 Feb 2018 05:26:28 +0000 (07:26 +0200)]
rsync: security bump to version 3.1.3
Fixes CVE-2018-5764: remote attackers can bypass an
argument-sanitization protection mechanism
Drop upstream patches.
Add license file hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Fri, 9 Feb 2018 09:07:58 +0000 (11:07 +0200)]
libxml2: add security fix
CVE-2017-8872: An attackers can cause a denial of service (buffer
over-read) or information disclosure.
Patch from the upstream bug tracker.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>