As reported by [1], SSP support is missing in the Buildroot toolchain
for microblaze even if it's requested by selecting
BR2_TOOLCHAIN_HAS_SSP config option.
In Buildroot, we are using libssp provided by the C library (glibc,
musl, uClibc-ng) when available. We are not using libssp from gcc.
So for a microblaze glibc based toolchain, the SSP support is enabled
unconditionally by a select BR2_TOOLCHAIN_HAS_SSP.
BR2_microblazeel=y
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_KERNEL_HEADERS_4_14=y
BR2_BINUTILS_VERSION_2_30_X=y
BR2_GCC_VERSION_8_X=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
While building the toolchain, we are building host-binutils which
provide "as" (assembler) and host-gcc-initial wich provide a
minimal cross gcc (C only cross-compiler without any C library).
When SSP support is requested, gcc_cv_libc_provides_ssp=yes is
added to the make command line (see [2] for full details)
With this setting, the SSP support is requested but it's not available
in the end and the toochain build succeed.
When the microblaze toolchain is imported to Biuldroot (2018.05) as
external toolchain with BR2_TOOLCHAIN_EXTERNAL_HAS_SSP set, the build
stop with :
"SSP support not available in this toolchain, please disable BR2_TOOLCHAIN_EXTERNAL_HAS_SSP"
The test is doing the following command line:
echo 'void main(){}' | [...]/host/bin/microblazeel-linux-gcc.br_real -Werror -fstack-protector -x c - -o [...]/build/.br-toolchain-test.tmp
cc1: error: -fstack-protector not supported for this target [-Werror]
When we look at the gcc-final log file (config.log) we can see this
error several time when using the minimal gcc (from host-gcc-initial).
So Why the minimal gcc doesn't support SSP?
When we look at the gcc-initial log file (config.log) we can see an
error with 'as':
configure:23194: checking assembler for cfi directives
configure:23209: [...]microblazeel-buildroot-linux-gnu/bin/as -o conftest.o conftest.s >&5
conftest.s: Assembler messages:
conftest.s:2: Error: CFI is not supported for this target
conftest.s:3: Error: CFI is not supported for this target
conftest.s:4: Error: CFI is not supported for this target
conftest.s:5: Error: CFI is not supported for this target
conftest.s:6: Error: CFI is not supported for this target
conftest.s:7: Error: CFI is not supported for this target
configure:23212: $? = 1
configure: failed program was
.text
.cfi_startproc
.cfi_offset 0, 0
.cfi_same_value 1
.cfi_def_cfa 1, 2
.cfi_escape 1, 2, 3, 4, 5
.cfi_endproc
This is the only relevant difference compared to a nios2 toolchain where
libssp is enabled and available (nios2 is an example).
"CFI" stand for "Control Flow Integrity" and it seems that SSP support
requires CFI target support (see [3] for some explanation).
The SSP support seems to depends on CFI support, but the toolchain
infrastructure is not detailed enough to handle the CFI dependency.
The NiosII toolchains built with binutils < 2.30 are also affected by
this issue.
This patch improve the toolchain infrastructure by adding a new
BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI blind option
Disable SSP support for microblaze entirely.
Disable SSP support for nios2 only with Binutils < 2.30.
Fixes:
https://gitlab.com/free-electrons/toolchains-builder/-/jobs/72006389
[1] https://gitlab.com/free-electrons/toolchains-builder/issues/1
[2] https://git.buildroot.net/buildroot/tree/package/gcc/gcc.mk?h=2018.05#n275
[3] https://grsecurity.net/rap_faq.php
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: adjust how the BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI option
is expressed.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 435613ef29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We already turn on kernel features for several packages, so let's do it
for audit too, since the daemon is useless and fails to load otherwise.
Notice that we also turn NET on, since AUDIT depends on NET, like we do
for the wireguard package.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2c828ed72f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
audit uses syslog(). Rename its init script to S02auditd to ensure that
it will start after syslogd. Otherwise the initial log messages will be
sent to the console (and probably lost, since almost nobody watches the
system console on embedded systems).
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6fe5fe4c4d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
audispd is installed at /usr/sbin but the configuration file pointed
to /sbin, causing auditd to fail on startup.
This patch cannot be sent upstream because audispd does not exist
anymore on the master branch (it was merged to auditd).
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4be494b804)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
CVE-2018-3282: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Storage Engines). Supported versions that are
affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability
to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server.
CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow
context-dependent attackers to have unspecified impact via vectors involving
big-endian CRC calculation.
CVE-2018-3174: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client programs). Supported versions that are affected are
5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior.
Difficult to exploit vulnerability allows high privileged attacker with
logon to the infrastructure where MySQL Server executes to compromise MySQL
Server. While the vulnerability is in MySQL Server, attacks may
significantly impact additional products. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2018-3143: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2018-3156: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2018-3251: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
The README has gotten a few extra URLs added, so update the sha256 to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Unbreaks builds without BR2_PACKAGE_MARIADB_SERVER as this only gets
installed if the server is enabled.
As pointed out in commit 2b82e014b4 (package/mariadb: bump version to
10.3.10), this file has been removed upstream in newer versions as it hasn't
been updated in >8 years and the compiled in defaults are sensible, so
completely remove the file handling instead of adding logic to only install
it if the server is enabled.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove 0003-Revert-libbb-remove-unnecessary-variable-in-xmalloc_.patch
It caused a segfault which was fixed in this release.
Signed-off-by: Ferdinand van Aartsen <ferdinand@ombud.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 77497f5497)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some packages have archive name that is different from package name.
For example websocket-client's archive name is websocket_client-*.tar.gz.
scanpypi expects the temporary extract folder to be:
/tmp-folder/BR-package-name/PyPI-packagename-and-version
In the case of websocket-client package the real extraction folder
will be different from the expected one because of the '_' in the
archive file name.
Use archive file name instead of package name to specify the extraction
folder. As the version is already part of this file, we don't need to
specify it.
Bonus: remove obsolete "return None, None" as the function doesn't return
anything. OSError class doesn't provide "message" member, so replace it
with "strerror".
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=11251
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd29797f65)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If a license file could be found, but license id couldn't be detected place
following warning into *.mk file:
FOO_LICENSE = FIXME: license id couldn't be detected
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0101ac62c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
external.desc must be present when using a br2-external tree. The
documentation notes this later in the text, but the file is missing
from the initial overview of files.
Fixes bug #11481.
Signed-off-by: Philipp Wagner <mail@philipp-wagner.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a6479d6058)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Suppose we use Makefile wrapper and build some project out of
buildroot tree (O=...). A command like "make
busybox-all-external-deps" will output the string "uname 022 && make
..." to stdout before the usefull information. It pollutes stdout. At
the same time if we use the same command in the buildroot source-tree
then we don't get the additional output. This patch makes wrapper
silent by default. People who prefer to see more verbose output can
use V=1.
Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c77cd17082)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2018-16850: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER
... REFERENCING
For more details, see the advisory:
https://www.postgresql.org/about/news/1905/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://webkitgtk.org/2018/10/29/webkitgtk2.22.3-released.html
Patch "0001-ARM-Building-FELightingNEON.cpp-fails-due-to-missing.patch"
is removed because it is included in the new release.
This is a maintenance release which further improves playback of video
when using media source extensions (MSE), specially for WebM content,
and provides a few correctness fixes.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0def20865d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
NetworkManager includes some parts of the systemd-networkd code in its
codebase. That can be found at src/systemd/src/libsystemd-networkd.
The DHCP implementation provided by systemd-networkd is used when
NetworkManager is configured to use the internal implementation,
however the default is to use dhclient.
When NetworkManager is configured to use the internal dhcp and an
interface is setup with ipv6.method=auto (which is the default value)
or ipv6.method=dhcp, this flaw can be exploited. When using
ipv6.method=auto, the DHCPv6 client can be automatically started with a
Router Advertisement packet.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0a51ba655c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The "development" defconfigs for Atmel platforms enable both OpenSSH
and Dropbear, which doesn't make a lot of sense, as only one SSH
server can start on port 22.
This commit therefore drops BR2_PACKAGE_DROPBEAR=y from those
defconfigs, keeping OpenSSH as an SSH server/client, as was requested
by Atmel/Microchip folks in the review of an earlier version of this
patch [1]. Since those defconfigs are "development" defconfigs, they
are not meant to be minimal, and already provide an arbitrary set of
packages, so using openssh is just as good as using dropbear in this
case.
[1] https://patchwork.ozlabs.org/patch/989516/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Ferre <nicolas.ferre@microchip.com>
Cc: Joshua Henderson <joshua.henderson@microchip.com>
Cc: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dab1539613)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Systemd-networkd is vulnerable to an out out-of-bounds heap write in the
DHCPv6 client when handling options sent by network adjacent DHCP servers.
A attacker could exploit this via malicious DHCP server to corrupt heap
memory on client machines, resulting in a denial of service or potential
code execution.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: add description]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bc6ecbbeef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
1.4.50:
[mod_alias] security: potential path traversal with specific configs
[core] security: use-after-free invalid Range req
[mod_alias] security: path traversal in mod_alias (in some use cases) (fixes#2898)
[core] security: use-after-free after invalid Range request (fixes#2899)
1.4.51:
[core,security] process headers after combining folded headers
[mod_userdir] security: skip username “.” and “..”
1.4.51 brings optional pam and wolfssl support. Explicitly disable these
options for now.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 15793bc19f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some ZynqMP device trees in the kernel have a dot in their name,
for example "zynqmp-zcu102-rev1.0". The post image script
left out the part after the dot and created an invalid symlink.
Signed-off-by: Francois Beerten <fbeerten.git@colabti.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4f56655b2b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit 916b21a7fb ("package/tar:
Depends on MMU"), BR2_PACKAGE_TAR depends on BR2_USE_MMU. However, the
Config.in comment does not take into account this dependency, an
inconsistency which is fixed by this commit.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2a3ef05520)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The new version, among other changes, includes important fixes
for unaligned memory access on ARM (both for 32 and 64-bit), as well
as performance improvements and build fixes.
Patch "0001-Tell-CMake-to-not-check-for-a-C-compiler.patch" is not
needed due to the issue being fixed upstream, and therefore is removed.
Patch "0001-CMake-Allow-using-BUILD_SHARED_LIBS-to-choose-static.patch"
is rebased against the latest upstream changes.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit be733b54a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the runtime tests were first introduced, they still ran pretty
quickly. Nowadays, however, there are a lot of runtime tests, and some
of them take a really long time. So running them on every push is
really too much.
Just like we do for the defconfigs, run them on explicit trigger only.
The explicit trigger is now done every week, but it can be increased
to e.g. twice or three times per week.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 96123c1c4f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When we do a release, we know only of a set of gcc versions that the
host may have. But in the future, distributions with newer gcc versions
may show up.
Currently, we do not recognise those versions, and thus we do as if they
were older than the oldest we know of. This means that a set of packages
become unselectable, when they should be.
We fix that by capping the detected version to the highest we know of.
Reported-by: gargar_ on IRC
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3950e69dad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Qt KMS support should not explicitly depend on the availability of opengl.
Don't explicitly disable KMS if opengl is not available and fallback to
detecting if libdrm is available before disabling kms.
The scenario where this is necessary involves using the Qt linuxfb backend
"dumb buffer" support via the DRM API. This is new in Qt 5.9 [1] and only
requires KMS, but not opengl. Although on Qt 5.6, only eglfs actually
uses libdrm/kms, it doesn't hurt to add the dependency and the -kms
option there as well, and doing so keeps the logic in the .mk file
simple.
[1] http://doc.qt.io/qt-5/embedded-linux.html#linuxfb
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f91ea94a6f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
