The libuv library uses __sync atomic built-ins:
$ readelf -a -W output/target/usr/lib/libuv.so.1.0.0 | grep __sync
122: 00000000 0 NOTYPE GLOBAL DEFAULT UND __sync_val_compare_and_swap_4
but this is not currently taken into account in the libuv package,
causing some build failures in packages using libuv as an optional
dependency, such as janus-gateway and mosquitto.
Therefore, this commit updates the libuv package with this additional
dependency. The reverse dependencies of libuv are also updated: luv, luvi
and moarvm.
Fixes:
- http://autobuild.buildroot.net/results/bdaa67d763c0d8d377a04529c74f73bee7d4ccef/
(janus-gateway)
- http://autobuild.buildroot.net/results/2bc84ba2d1167018e2d48e5183ead22b6425dcf5/
(mosquitto)
[Peter: drop cmake changes after cmake revert]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
htop wants to use backtrace() support from the C
library. Unfortunately, with old uClibc versions such as the one we
use for the ARC architecture, the backtrace() implementation is in
libubacktrace. In addition, this implementation needs dladdr()
support, which is in libdl, not available when static linking.
Since this problem no longer exists in more recent versions of uClibc,
we simply special case the ARC+static linking case, and make the
configure script believe that <execinfo.h> is not available.
Fixes:
http://autobuild.buildroot.net/results/cdea351fad7a0f61ddec3e6a141da8da0523a902/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Buildroot manual documents that <pkg>_CONF_ENV is passed in the
environment when calling cmake during the configure step. However, the
actual implementation in pkg-cmake passes HOST_<pkg>_CONF_ENV when
configuring the host variant of a cmake package, but does not pass
<pkg>_CONF_ENV when configuring the target variant of a cmake package.
This commit fixes that by passing <pkg>_CONF_ENV in the environment as
expected. It should not cause any behavior change, because this
feature is in fact not used by any package in upstream Buildroot:
$ grep CONF_ENV $(git grep -l cmake-package package/)
package/pkg-cmake.mk:$(2)_CONF_ENV ?=
package/pkg-cmake.mk: $$($$(PKG)_CONF_ENV) $$(BR2_CMAKE) $$($$(PKG)_SRCDIR) \
package/pkg-cmake.mk: $$($$(PKG)_CONF_ENV) $$(BR2_CMAKE) $$($$(PKG)_SRCDIR) \
This issue was reported by Olivier <ovalentin@awox.com> as bug #9616.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ncurses sub-options BR2_PACKAGE_NCURSES_TARGET_{FORM,MENU,PANEL}
are currently very badly broken: they only control whether the
libform, libmenu and libpanel libraries are installed in
$(TARGET_DIR), but do absolutely nothing about their installation in
$(STAGING_DIR).
This means that when one of those options is disabled, the
corresponding library is indeed not installed in the target, but is
available in staging. It can therefore be detected by the configure
script of another package and used... even though the library will not
be in the target, causing a runtime failure.
Internally, ncurses.mk uses the "make install" logic of ncurses for
the staging installation, but uses a completely hand-written logic for
the target installation, which is the reason for this
desynchronization between what's installed in staging and target.
When BR2_PACKAGE_NCURSES_WCHAR=y, this also causes some build
failures. Indeed, when BR2_PACKAGE_NCURSES_WCHAR=y, Buildroot creates
some symbolic links lib<foo>.so -> lib<foo>w.so in staging and target,
but only for the lib<foo> that have been enabled by
BR2_PACKAGE_NCURSES_TARGET_{FORM,MENU,PANEL}. Due to this, a package
that for example needed the libmenu library but forgot to select
BR2_PACKAGE_NCURSES_TARGET_MENU was:
- Building fine with BR2_PACKAGE_NCURSES_WCHAR disabled (because
libmenu.so exists in staging), but would fail to run at runtime
because libmenu.so is not in the target.
- Fail to build with BR2_PACKAGE_NCURSES_WCHAR=y because only
libmenuw.so exists, and not the libmenu.so symbolic link.
Since those libraries are small (43K for libform, 21K for libmenu and
8.2K for libpanel), this commit takes the very simple approach of
removing those options, and installing the libraries
unconditionally. It therefore uses the "make install" logic for both
the staging *and* target installation.
In detail, this commit:
- Removes the NCURSES_PROGS variable, not needed since
--without-progs already allows to disable the build and
installation of programs.
- Removes the NCURSES_LIBS-y variable, and replaces it with a single
unconditional assignement to NCURSES_LIBS, only used to create the
lib<foo>w.so -> lib<foo>.so symbolic links when wchar support is
enabled.
- Removes NCURSES_INSTALL_TARGET_CMDS and the functions it was
calling: NCURSES_INSTALL_TARGET_LIBS and
NCURSES_INSTALL_TARGET_PROGS.
- Adds a NCURSES_TARGET_SYMLINK_RESET hook to create the reset ->
tset symbolic link, as was done before.
- Adds a NCURSES_TARGET_CLEANUP_TERMINFO to cleanup the terminfo
files in the target, so that we stay in the same situation in terms
of installed terminfo files.
- Removes the BR2_PACKAGE_NCURSES_TARGET_{FORM,MENU,PANEL} options
from the Config.in files: both their definition and usage.
- Simplifies all the symlink dance for lib<foo> -> lib<foo>w, because
as Yann E. Morin suggested, this dance is only needed in staging, not
in the target. Once binaries have been built, they refer to the
SONAME of the library, which is the lib<foo>w variant (for shared
linking). For static linking and .pc files, it's obvious that we
don't care about them on the target. Therefore the
NCURSES_LINK_LIBS_STATIC, NCURSES_LINK_LIBS_SHARED and
NCURSES_LINK_PC functions no longer take any argument: they always
apply to STAGING_DIR only. NCURSES_LINK_TARGET_LIBS is removed.
It is worth mentioning that adding Config.in.legacy support is *NOT*
necessary. Indeed:
- If they were disabled before this patch, having them in
Config.in.legacy would not trigger the legacy warning.
- If they were enabled before this patch, then the behavior is
unchanged: all libraries are now unconditionally installed. So
there is no point in warning the user.
We double-checked the installed size of a filesystem containing just
ncurses before and after this patch, and the only folder that has its
size changed is /usr/lib, growing from 852 KB to 932 KB in the wchar
enabled case. That's a 80 KB system size increase.
This commit fixes the sngrep build failure and potentially numerous
runtime issues with ncurses.
Fixes:
http://autobuild.buildroot.net/results/7b5db21a6c568e6c6c8fe2b5d5a2f5ca24df510c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since there's not much point in generating missing host keys when the
init script is called with "stop", the call to ssh-keygen should not
be done inconditionally, but in the start function instead.
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libanl.so is needed for asynchronous network address and service
translation, declared in netdb.h
Signed-off-by: Jesper Bækdahl <jbb@gamblify.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit a5015f1025 ("util-linux: security
bump to version 2.29.2") incorrectly removed <pkg>_AUTORECONF = YES.
While the patches touching configure.ac have indeed been removed, there
is still a patch touching a Makemodule.am file, which triggers an
autoreconf a build time, which itself fails because autoconf/automake
are not available.
So re-add <pkg>_AUTORECONF, with a comment pointing specifically at the
patch that makes it necessary.
Fixes:
http://autobuild.buildroot.net/results/309127a532eed00e406bbaf0b1a51b7241a10505/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently the host build of Python 2 defaults to narrow unicode (UCS2),
ignoring the BR2_PACKAGE_PYTHON_UCS4 configuration option which may be
set to wide (UCS4).
This results in host and target Python packages which are incompatible
in subtle ways.
For example, installing wheels into the target fails when they are made
with the host python, citing incompatibility (as can be seen by the
package tags which may be "cp27u-manylinux1" instead of
"cp27mu-manylinux1").
Compiling the host Python 2 with the same UCS configuration as the
target ensures that the packages are compatible (and the tags match).
This does not affect Python 3 as support for narrow unicode was
deprecated in version 3.3, see https://www.python.org/dev/peps/pep-0393/
Thanks to Tony Breeds <tony@bakeyournoodle.com> for reporting this.
Signed-off-by: Chris Smart <mail@csmart.io>
[Thomas: add comment in the code.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2017-5847 - The gst_asf_demux_process_ext_content_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote
attackers to cause a denial of service (out-of-bounds heap read) via vectors
involving extended content descriptors.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2017-5848 - The gst_ps_demux_parse_psm function in
gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows
remote attackers to cause a denial of service (invalid memory read and
crash) via vectors involving PSM parsing.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It turned out that the troll character U+c2a0 was added by our own
patch.
So fix it amd drop our second patch.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a patch to btrfs-progs that fixes the build of
docker-engine, and possibly other packages including kerncompat.h from
btrfs-progs.
For the btrfs-progs build itself, a --disable-backtrace option allows to
indicate whether backtrace()/<execinfo.h> support should be used or
not. However, once btrfs-progs is installed, it simply looks at whether
__GLIBC__ is defined or not to decide to use backtrace() or not.
However, uClibc defines __GLIBC__ but does not provide backtrace()
functionality. The additional patch tweaks the kerncompat.h to look at
__UCLIBC__ and not use backtrace() functionality in this case.
Fixes:
http://autobuild.buildroot.net/results/9dc9370a79c5c44e6c92be6a44334842c211d923/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
Makefile:532: *** mbedtls is in the dependency chain of bctoolbox that
has added it to its _DEPENDENCIES variable without selecting it or
depending on it from Config.in. Stop.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update the comment about the ARC exception to match the one used in VLC,
so that a 'git grep "ARC toolchain issue"' returns the list of packages
to re-evaluate on ARC when the ARC toolchain gets upgraded.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Because with libimxvpuapi older than 0.10.3, the gst1-imx-0.12.3 "imxvpu"
plugin will not build.
Changelog:
* properly pass on color format in simplified JPEG encoder interface
* add alternative write-callback-style encoding mode
also add encode example variant which uses write-callback style output
* add support for "fake grayscale mode" in encoders
this is done by using I420 internally and filling the U and V planes
with 0x80 bytes
* make sure JPEG quantization table is copied in standardized zig zag order
the VPU does not, so this has to be done explicitely
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-2629 - curl SSL_VERIFYSTATUS ignored
>From the advisory (http://www.openwall.com/lists/oss-security/2017/02/21/6):
Curl and libcurl support "OCSP stapling", also known as the TLS Certificate
Status Request extension (using the `CURLOPT_SSL_VERIFYSTATUS` option). When
telling curl to use this feature, it uses that TLS extension to ask for a
fresh proof of the server's certificate's validity. If the server doesn't
support the extension, or fails to provide said proof, curl is expected to
return an error.
Due to a coding mistake, the code that checks for a test success or failure,
ends up always thinking there's valid proof, even when there is none or if the
server doesn't support the TLS extension in question. Contrary to how it used
to function and contrary to how this feature is documented to work.
This could lead to users not detecting when a server's certificate goes
invalid or otherwise be mislead that the server is in a better shape than it
is in reality.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From https://www.kernel.org/pub/linux/utils/util-linux/v2.29/v2.29.2-ReleaseNotes
This release fixes su(1) security issue CVE-2017-2616:
It is possible for any local user to send SIGKILL to other processes with root
privileges. To exploit this, the user must be able to perform su with a
successful login. SIGKILL can only be sent to processes which were executed
after the su process. It is not possible to send SIGKILL to processes which
were already running.
Drop upstream patches and autoreconf since it's no longer required.
[Peter: extend commit message with CVE info / description]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#9666 [1]
cp -dpfr .../host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/qml/QtQuick/PrivateWidgets .../target/usr/qml/QtQuick
cp: cannot stat ‘.../host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/qml/QtQuick/PrivateWidgets’: No such file or directory
[1] https://bugs.busybox.net/show_bug.cgi?id=9666
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
