If util-linux is not installed system-wide on the host, the build
fails with:
/usr/bin/gcc -Wp,-MT,isohybrid.o,-MMD,./.isohybrid.o.d -O2 -I/home/thomas/projets/buildroot/output/host/usr/include -W -Wall -Wstrict-prototypes -Os -fomit-frame-pointer -D_FILE_OFFSET_BITS=64 -I/home/thomas/projets/buildroot/output/build/syslinux-6.03/utils -c -o isohybrid.o /home/thomas/projets/buildroot/output/build/syslinux-6.03/utils/isohybrid.c
/home/thomas/projets/buildroot/output/build/syslinux-6.03/utils/isohybrid.c:40:23: fatal error: uuid/uuid.h: No such file or directory
#include <uuid/uuid.h>
^
compilation terminated.
Therefore, this commit adds a dependency on host-util-linux, which
will ensure that libuuid is available. The resulting isohybrid tool is
really installed, and linked with libuuid:
$ readelf -d output/host/usr/bin/isohybrid
Dynamic section at offset 0x3e00 contains 26 entries:
Tag Type Name/Value
0x0000000000000001 (NEEDED) Shared library: [libuuid.so.1]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
0x000000000000000f (RPATH) Library rpath: [/home/thomas/projets/buildroot/output/host/usr/lib]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d98d7d660e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2017-8372 - The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a
denial of service (assertion failure and application exit) via a crafted
audio file.
CVE-2017-8373 - The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted audio file.
CVE-2017-8374 - The mad_bit_skip function in bit.c in Underbit MAD libmad
0.15.1b allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) via a crafted audio file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6369a06150)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the WebRTC plugin option was introduced in commit
ee267886bc ("gst1-plugins-bad: enable
webrtc plugin"), it was incorrect added as "webrtc", while the actual
name of the plugin and corresponding configure option is "webrtcdsp".
This commit therefore fixes the .mk file to use the correct name. And
also, since we want to keep Buildroot option consistent with the name
of the GStreamer plugins, it renames the Config.in option as well, and
introduces the necessary Config.in.legacy handling.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c06d2490a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pngquant's homegrown configure script doesn't understand CC with a
space, so we can't use ccache with it. Only the host variant is
affected: for the target, we call ccache from the toolchain-wrapper so
it's transparent to the configure script.
This wasn't seen in the autobuilders since they never enable
BR2_CCACHE.
To test, use any configuration and do
make BR2_CCACHE=y host-pngquant
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4a6168db97)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the release notes:
- Avoid memset(NULL, 0, 0) to calm down the paranoid.
- Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten
offset from the frame flag bytes (unnoticed in practice for a long time).
Fuzzers are in the house again. This one got CVE-2017-10683.
https://sourceforge.net/p/mpg123/bugs/252/
- Avoid a mostly harmless conditional jump depending on uninitialised
fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet.
- Fix undefined shifts on signed long mask in layer3.c (worked in practice,
never right in theory). Code might be a bit faster now, even. Thanks to
Agostino Sarubbo for reporting.
dlopen() is now directly used to load output modules (and the
--with-modules-suffix option has been removed), so adjust the modules logic
to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b3a0afd47f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before
2017-06-29, allows out-of-bounds heap memory write due to calling memcpy()
with a wrong size, leading to a denial of service (application crash) or
possibly code execution.
https://trac.videolan.org/vlc/ticket/18467
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b9153ed954)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default, cut prints the entire line if the specified delimiter is not
present at all:
$ printf "foo bar" | cut -d' ' -f2
bar
$ printf "foobar" | cut -d' ' -f2
foobar
In setlocalversion, cut is presented with the output of 'hg id' which has
the format:
"<revision> <tags-if-any>"
If the current revision is not tagged, the output of 'hg id' does not
contain the delimiter (space), cut prints the entire string, and
setlocalversion thinks the version is the tag.
As setlocalversion does not print anything for tagged versions, there is no
output overall, and no correct indication of the mercurial revision.
Fix by passing the extra cut option '--only-delimited', which suppresses
output if no delimiter is found.
This problem likely went unnoticed for so long, because the tag 'tip' (i.e.
most recent revision of the branch) is treated specially: in this case the
mercurial revision _is_ printed, i.e. the situation is treated as
'untagged'.
The problem is only seen when you are _not_ at the most recent revision in
your branch.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ec019bcf64)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone
transfers
An attacker who is able to send and receive messages to an authoritative DNS
server and who has knowledge of a valid TSIG key name may be able to
circumvent TSIG authentication of AXFR requests via a carefully constructed
request packet. A server that relies solely on TSIG keys for protection with
no other ACL protection could be manipulated into:
* providing an AXFR of a zone to an unauthorized recipient
* accepting bogus NOTIFY packets
https://kb.isc.org/article/AA-01504/74/CVE-2017-3142
CVE-2017-3041: An error in TSIG authentication can permit unauthorized dynamic
updates
An attacker who is able to send and receive messages to an authoritative DNS
server and who has knowledge of a valid TSIG key name for the zone and service
being targeted may be able to manipulate BIND into accepting an unauthorized
dynamic update.
https://kb.isc.org/article/AA-01503/74/CVE-2017-3143
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a0c53973f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-8312: Heap out-of-bound read in ParseJSS in VideoLAN VLC due
to missing check of string length allows attackers to read heap
uninitialized data via a crafted subtitles file.
[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b2f2f92887)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Qt5Multimedia builds the alsa plugin if it detects libasound in the
system. Add alsa-lib to dependencies if BR2_PACKAGE_ALSA_LIB is
selected.
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8d7dd837e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Qt5Multimedia includes support for pulseaudio if it detects libpulse
and libpulse-mainloop-glib in the system at build-time. We need to
depend on pulseaudio and libglib2 if it is selected.
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ac8044fc32)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In some cases, passing STRIP=true is not sufficient to disable striping
altogether, as some (incorrectly generated?) configure scripts will
ignore a ${STRIP} that is not a full path.
This is the case, for example, for nmap, which ends up using the host
strip command when we pass STRIP=true:
checking for arm-buildroot-linux-gnueabihf-strip... no
checking for strip... /usr/bin/strip
configure: WARNING: using cross tools not prefixed with host triplet
[--SNIP--]
/usr/bin/install -c -c -m 755 nping /home/ymorin/dev/buildroot/O/target/usr/bin/nping
/usr/bin/strip -x /home/ymorin/dev/buildroot/O/target/usr/bin/nping
/usr/bin/strip: Unable to recognise the format of the input file `/home/ymorin/dev/buildroot/O/target/usr/bin/nping'
We fix that by forcing a full path to the strip sommand when it is
disabled: STRIP=/bin/true
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d5dcc76d9e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH
values to manipulate the heap/stack, causing them to alias, potentially
resulting in arbitrary code execution. Please note that additional
hardening changes have been made to glibc to prevent manipulation of stack
and heap memory but these issues are not directly exploitable, as such they
have not been given a CVE.
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Patches are identical to upstream, except that the ChangeLog modifications
have been stripped.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c87fdfb605)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-9868: In Mosquitto through 1.4.12, mosquitto.db (aka the
persistence file) is world readable, which allows local users to obtain
sensitive MQTT topic information.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e51d69a3b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a fix for CVE-2017-9445: In systemd through 233, certain sizes passed to
dns_packet_new in systemd-resolved can cause it to allocate a buffer that's
too small. A malicious DNS server can exploit this via a response with a
specially crafted TCP payload to trick systemd-resolved into allocating a
buffer that's too small, and subsequently write arbitrary data beyond the
end of it.
The other patch fixes an issue with the security fix.
[Peter: use CVE description from MITRE]
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6da327adb2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
tmpfile support is optional in systemd but the dhcp server install it's
config file in $(TARGET_DIR)/usr/lib/tmpfiles.d directory when systemd
is used as init system.
So it seems that dhcp server require tmpfile support for systemd based
system.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 51a24f8d71)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit fixes a problem where it was not possible to replace
/etc/shadow with a symlink to a e.g. a user partition where the
shadow file is placed. This is required, e.g. for systems where the
rootfs is mounted read-only but users should still be able to be
added. Thus, if within an filesystem overlay setup a user tries
to replace /etc/shadow with a symlink to the real file on a user
partition a buildroot build stops with an error message because
sed is called on the symlink instead of following the symlink.
This commit fixes this shortcoming.
Signed-off-by: Jens Maus <mail@jens-maus.de>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 82f64203a8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2016-9577
Frediano Ziglio of Red Hat discovered a buffer overflow
vulnerability in the main_channel_alloc_msg_rcv_buf function. An
authenticated attacker can take advantage of this flaw to cause a
denial of service (spice server crash), or possibly, execute
arbitrary code.
CVE-2016-9578
Frediano Ziglio of Red Hat discovered that spice does not properly
validate incoming messages. An attacker able to connect to the
spice server could send crafted messages which would cause the
process to crash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 087e70498a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2016-0749: The smartcard interaction in SPICE allows remote attackers to
cause a denial of service (QEMU-KVM process crash) or possibly execute
arbitrary code via vectors related to connecting to a guest VM, which
triggers a heap-based buffer overflow.
CVE-2016-2150: SPICE allows local guest OS users to read from or write to
arbitrary host memory locations via crafted primary surface parameters, a
similar issue to CVE-2015-5261.
The pyparsing check has been dropped from configure, and the spice protocol
definition is again included, so the workarounds can be removed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 75057fe767)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2015-3247: Race condition in the worker_update_monitors_config function
in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial
of service (heap-based memory corruption and QEMU-KVM crash) or possibly
execute arbitrary code on the host via unspecified vectors.
CVE-2015-5260: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to cause a denial of service (heap-based memory corruption
and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL
commands related to the surface_id parameter.
CVE-2015-5261: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to read and write to arbitrary memory locations on the host
via guest QXL commands related to surface creation.
Client/gui support is gone upstream (moved to spice-gtk / virt-viewer), so
add Config.in.legacy handling for them.
Lz4 is a new optional dependency, so handle it.
The spice protocol definition is no longer included and instead used from
spice-protocol. The build system uses pkg-config --variable=codegendir to
find the build time path of this, which doesn't take our STAGING_DIR prefix
into consideration, so it needs some help. The installed protocol
definition will likewise be newer than the generated files, so we need to
workaround that to ensure they are not regenerated (which needs host python
/ pyparsing).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 622ff3d6ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tunneling support is gone upstream, so drop the patch and add
Config.in.legacy handling for the option.
Celt051 is no longer a hard dependency, and opus is a new optional
dependency, so adjust the dependencies to match.
Python / pyparsing are not needed as the tarball contains the generated
files (this should presumably have been host-python in the first place as
these are used at build time), but we need a small workaround to convince
configure that they really aren't needed.
Alsa-lib is only needed for client support, and the configure script checks
for X11/Xext/Xrender, so adjust the dependencies to match.
A user manual is now generated by default if asciidoc is available, so
explicitly disable that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6f2c022023)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch backports two patches that have been sent upstream as a pull
request in order to fix sshd for MIPS64 n32.
The first patch adds support for detecting the MIPS ABI during the
configure phase.
The second patch sets the right value to seccomp_audit_arch taking into
account the MIPS64 ABI.
Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
for MIPS64. However, that's only valid for n64 ABI. The right macros for
n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.
Because of that an sshd built for MIPS64 n32 rejects connection attempts
and the output of strace reveals that the problem is related to seccomp
audit:
[pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
filter=0x555d5da0}) = 0
[pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ?
[pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP},
{fd=6, revents=POLLHUP}])
[pid 194] +++ killed by SIGSYS +++
Pull request: https://github.com/openssh/openssh-portable/pull/71
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6da3737984)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
