Jann Horn, Project Zero (Google) discovered that ntfs-3g, a read-write
NTFS driver for FUSE does not not scrub the environment before
executing modprobe to load the fuse module. This influence the behavior
of modprobe (MODPROBE_OPTIONS environment variable, --config and
--dirname options) potentially allowing for local root privilege
escalation if ntfs-3g is installed setuid.
Notice that Buildroot does NOT install netfs-3g setuid root, but custom
permission tables might be used, causing it to vulnerable to the above.
ntfs-3g does not seem to have a publicly available version control system
and no new releases have been made, so instead grab the patch from Debian.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
- CVE-2016-1248: vim before patch 8.0.0056 does not properly validate values
for the 'filetype', 'syntax' and 'keymap' options, which may result in the
execution of arbitrary code if a file with a specially crafted modeline is
opened.
- CVE-2017-5953: vim before patch 8.0.0322 does not properly validate values
for tree length when handling a spell file, which may result in an integer
overflow at a memory allocation site and a resultant buffer overflow.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package otherwise fails to build with a recent toolchain with GCC6
(tested with Linaro ARM 2016.11).
It used to fail at sqrt check during package configuration:
Checking for function sqrt : not found
The configuration failed
Bumping version to latest HEAD fixes the issue as explained in the
following discussion:
https://github.com/glmark2/glmark2/issues/15
Fixes:
http://autobuild.buildroot.net/results/8dc9400505b9087ce290981d95486598df0beb56/
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
[Thomas: add reference to autobuilder failure.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
GNU classpath can exist without jamvm, so don't depend on it.
Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Due to the patches we have on wget 1.19, we need to
autoreconf. Unfortunately, when the autoreconfiguration process occurs
with host-gettext already built and installed, the build of wget fails
with a fairly weird error:
In file included from str-two-way.h:44:0,
from c-strcasestr.c:37:
./stdint.h:89:5: error: #if with no expression
#if
As explained in http://git.net/ml/bug-gnulib-gnu/2017-01/msg00067.html
and the links pointed by this page, this is due to an incompatibility
between the newer version of gnulib used in wget, and an older .m4 file
in gettext.
In the context of Buildroot, the easiest way to avoid the issue is to
not autoreconf wget. The wget project has conveniently released a 1.19.1
release, which contains our two patches, plus just one small feature
addition. It is therefore reasonable to apply this as a solution to this
build issue.
Fixes:
http://autobuild.buildroot.net/results/b62ac6fd5ce36453935c309e112262467cf0e3bf/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
http://autobuild.buildroot.net/results/2f8/2f85a2d19232365f7e5fddde6092af9dd74d4518/http://autobuild.buildroot.net/results/80d/80d83c650c668ee1e87c288bd7a0ce63eab95631/
The build system doesn't specify any dependencies between the generated
header files and the source files including them, causing a race condition:
GEN lib/riemann/proto/riemann.pb-c.c
GEN lib/riemann/proto/riemann.pb-c.h
CC src/src_riemann_client-riemann-client.o
In file included from ./lib/riemann/riemann-client.h:23:0,
from src/riemann-client.c:18:
./lib/riemann/attribute.h:21:40: fatal error: riemann/proto/riemann.pb-c.h: No such file or directory
Work around it by forcing non-parallel make.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash:
https://kb.isc.org/article/AA-01453
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Requested-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Use comm(1) to check that all our config options are properly set in the
resulting configuration, rather than our canned and fragile code.
Reported-by: Cam Hutchison <camh@xdna.net>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update patch 0001-Adjust-for-buildroot-build.patch to
use real static linking (command line flag '-static' for
target gpio-static).
Fixes [1]:
[Link]
.../output/host/usr/lib/gcc/powerpc-buildroot-linux-uclibc/5.4.0/libgcc.a(unwind-dw2-fde-dip.o): In function `_Unwind_Find_FDE':
...output/build/host-gcc-final-5.4.0/build/powerpc-buildroot-linux-uclibc/libgcc/../../../libgcc/unwind-dw2-fde-dip.c:465: undefined reference to `dl_iterate_phdr'
collect2: error: ld returned 1 exit status
make[1]: *** [gpio-static] Error 1
make[1]: Leaving directory `.../output/build/wiringpi-2.32/gpio'
[1] http://autobuild.buildroot.net/results/b905617dda0e120d04c54daf7cae2bad236ac767
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This revert the commit [1] which break the simulator for aarch64.
Backport the upstream fix instead (from 7.12).
[1] f71ad71f24
Tested with gcc 4.4.5 (debian squeeze chroot).
Fixes:
http://autobuild.buildroot.net/results/cfd/cfdc9117fef7ecdf5cc5fc907a6fe8701a2c174a
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add an option to build the libpoppler-qt5 library.
Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The motion autotools script helpfully detects the host
Microprocessors intr set and optimizes for it.
Disabling this feature causes autotools to use the
target parameters passed by BR instead.
Signed-off-by: Ray Kinsella <ray.kinsella@intel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit 55a9737895 ("util-linux: link scriptreplay with libm (for isnan)")
added two patches that touch configure.ac and Makemodule.am. But forgot
to enable AUTORECONF.
When AUTORECONF is disabled and configure.ac is patched, it looks like
make will detect change in timestamps and trigger reconfig. But it
later fails because of missing dependencies. To fix this, explicitly
enable AUTORECONF.
Fixes:
http://autobuild.buildroot.net/results/544/544e8da290d40424ea3d1bffad7e0b8a566de495
Fixes: 55a9737895 ("util-linux: link scriptreplay with libm (for isnan)")
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Cc: Carlos Santos <casantos@datacom.ind.br>
Acked-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adds support for header v1 (used on Arria 10 SoCs)
Signed-off-by: Lionel Flandrin <lionel@svkt.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Sometimes, it interesting to have a global overview of whether the
package builds at all or not, rather than test on all toolchains.
Add an option that allows testing on a limited set of randomly choosen
toolchains.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When a build is skipped, store the lines from the config snippet, that
are missing in the resulting configuration, in a file in the build
directory, for the user to inspect.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Acked-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This script helps in testing that a package builds fine on a wide range
of architectures and toolchains: BE/LE, 32/64-bit, musl/glibc/uclibc...
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[yann.morin.1998@free.fr:
- completely rewrite the script from Thomas, with help from Luca
]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Acked-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Acked-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bump U-Boot to 2017.01 version and kernel to 4.9.9.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As now the Qt version is configurable to simplify the menu display
logic we remove the menu comment about deprecated modules and
indicate it in the relevant modules' help text instead, and also
mention in the help text if a package's tech preview status has been
changed between Qt 5.6 and Qt 5.8
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
cryptodev-linux-1.8 build is broken with kernel >= 4.6.0 because of
APIs changes in the kernel. Upstream already fixed this:
2b29be8ac4f126e4837ef14b4706b0cb186f6826
Bump to latest commit to fix cryptodev-linux build.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
ddrescue is not an autotools package. Convert to generic package to make
it build correctly for target architecture.
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The rework done on commit
accba02a47 ("toolchain: add option for
toolchains affected by GCC PR libstdc++/64735") by me was wrong. The
BR2_TOOLCHAIN_HAS_GCC_BUG_64735 option should be enabled when the bug is
present in the toolchain, not the opposite.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
exception_ptr, nested_exception, and future from libstdc++ are not
available for architectures not supporting always lock-free atomic ints
before GCC 7.
Bug report:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64735
Fix available starting from GCC 7 (not yet released):
https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=244051
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[Thomas:
- directly define the value where BR2_TOOLCHAIN_HAS_GCC_BUG_64735
rather than having additional patches touching affected architectures
Config.in files
- add a better comment above the Config.in option.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
