musl provides its own SYS_getrandom definition, but not GRND_NONBLOCK.
This breaks the build with kernel headers older than v3.17. Add a patch
adding a local definition of GRND_NONBLOCK to fix the build.
The following defconfig reproduces the build failure:
BR2_x86_pentium_mmx=y
BR2_TOOLCHAIN_BUILDROOT_MUSL=y
BR2_KERNEL_HEADERS_3_12=y
BR2_PACKAGE_LIBRESSL=y
The getentropy_linux.c file is in upstream tarball, but not in its git
repository. It originates from OpenBSD. For this reason the patch is
against the tarball, but not git formatted.
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[Arnout: change filename to correspond to how git creates it]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This upstream patch fixes the build error produced by building for
powerpc 32bit after the glibc bump to 2.26 with the following internal
toolchain config.
gcc5.4.0
glibc2.26
bin2.28.1
linux4.1.43
Failure log:
CC net/proto-ipv4.o
net/proto-ipv4.c: In function ‘ip_setsockopt’:
net/proto-ipv4.c:231:49: error: ‘UIO_MAXIOV’ undeclared (first use in this function); did you mean ‘_IO_MAGIC’?
so->optlen = rnd() % sizeof(unsigned long)*(2*UIO_MAXIOV+512);
^~~~~~~~~~
_IO_MAGIC
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Arnout: add Matthew's Sob to the patch]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
And add hashes for the license files while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix for CVE-2017-9798 is included in this release, so this patch is
removed.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Update commit log: not a security bump]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The dependency is actually only for the kernel module (and thus on the
runtime kernel version rather than kernel headers), but as we don't know the
runtime version in kconfig and the user space part doesn't make much sense
without the kernel module this will have to do.
[Peter: extend commit message, add comment to Config.in as suggested by
Arnout, fix off-by-one in comment text]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is only for the device-mapper library, so a user selectable
Config.in.host option isn't needed.
[Peter: add host-pkgconf dependency as pointed out by Arnout]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues and adds a number of other bigfixes:
2.8.1: Changelog:
https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg06332.html
CVE-2017-2615 - display: cirrus: oob access while doing bitblt copy backward
mode
CVE-2017-2620 - display: cirrus: out-of-bounds access issue while in
cirrus_bitblt_cputovideo
CVE-2017-2630 - nbd: oob stack write in client routine drop_sync
2.8.1.1 Changelog:
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg03460.html
CVE-2017-7471 - 9p: virtfs allows guest to change filesystem attributes on
host
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes
http://autobuild.buildroot.net/results/8e6/8e639ab8912e7d884fd8e6dbb1ca8b49451dd766/
/home/test/autobuild/run/instance-1/output/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libcrypto.a(c_zlib.o):
In function `zlib_stateful_expand_block':
c_zlib.c:(.text+0x54): undefined reference to `inflate'
/home/test/autobuild/run/instance-1/output/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libcrypto.a(c_zlib.o):
In function `zlib_stateful_compress_block':
c_zlib.c:(.text+0xd4): undefined reference to `deflate'
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
./configure: --disable-uuid is obsolete, UUID support is always built
Change-Id: I9e278418d19e15bbbd3ea233658cd62f75e3385c
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building Qt with QtWebKit on configuration step there is
a check which disables QtWebKit build with GCC 6+.
Back in the day nobody thought about building Qt with GCC
version greater than 5.x. And now with modern GCCs like
6.x and 7.x this assumption gets in the way.
Given in Buildroot today we don't have GCC older than 4.9
it should be safe to remove now meaningless check completely
by adding patch to qt.
Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, bridge-utils wants to grap the headers from the linux-headers
package, so we point it directly there, as has been the case since we
first added bridge-utils in 2003 (c8eea31d3f), and then further refined
in 2005 (178a317d26) which is the first moment we pointed to the linux-
headers directory.
However, ther are two things wrong with that.
First, the headers are not directly in $(LINUX_HEADERS_DIR). Instead,
they are in a sub-directory thereof. So, we could not have found them
the way we are doing now.
Second, this definitely does not work when using an external toolchain,
because there is not linux-headers package enabled then.
Yet, against all odds, bridge-utils has valiantly deflected all rocks
thrown its way, day-in day-out building without any issue in every
autobuilders it's been confronted with. Good boy, good boy. :-)
And indeed, it turns out that the required headers are easily found from
within the sysroot of the toolchain. Wonders! :-)
But there's still a gotcha: the default search path is still a hard
coded path pointing to the installed kernel source tree on the host.
So, we still have to pass this option, but we can simply point to the
sysroot.
[Peter: point to sysroot instead of non-existing directory]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Glibc bump to 2.26 exposed this missing header when building with the
following combination using an i386 internal toolchain:
gcc5.4.0
bin2.28.1
linux4.1.43
Logfile snippet:
2017-10-02T00:08:11 ^
2017-10-02T00:08:12 rpc.c: In function ‘nsm_recv_getport’:
2017-10-02T00:08:12 rpc.c:469:13: error: ‘UINT16_MAX’ undeclared (first use in this function)
Upstream: https://bugzilla.linux-nfs.org/show_bug.cgi?id=312
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The COPYING file is part of the xf86-input-tslib project's source tree.
Let's include the hash for it's current version.
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since tslib's COPYING file in part of the source tree, we can easily
include it's hash for the given version here.
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop direct sed'ing of config.h for HAVE_CONNTRACK, HAVE_LUASCRIPT, and
HAVE_DBUS. Use MAKE_OPTS COPTS parameters instead, like we do already
for all other options.
Rename DNSMASQ_ENABLE_LUA to DNSMASQ_TWEAK_LIBLUA since it now does only
that.
Merge two conntrack and three dbus conditional sections.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Supported Lua version is now 5.2.
Add licenses hash.
Fixes a number of security issues:
CVE-2017-13704 - Crash when DNS query exceeded 512 bytes (a regression
in 2.77, so technically not fixed by this bump)
CVE-2017-14491 - Heap overflow in DNS code
CVE-2017-14492 - Heap overflow in IPv6 router advertisement code
CVE-2017-14493 - Stack overflow in DHCPv6 code
CVE-2017-14494 - Information leak in DHCPv6
CVE-2017-14496 - Invalid boundary checks allows a malicious DNS queries
to trigger DoS
CVE-2017-14495 - Out-of-memory Dos vulnerability
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, the extraction commands entirely remove the urg directory,
which means the downloaded stamp will get removed, and thus a subsequent
build would try to re-download it.
It turns out that the directory extracted by urg is already correctly
named, so we just need to extract out of the build directory. This
highly simplifies the command.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
