1. 14 Jul, 2017 7 commits
  2. 13 Jul, 2017 14 commits
    • Martin Bark's avatar
      package/nodejs: security bump to version 8.1.4 · 476ccdb3
      Martin Bark authored
      Fixes CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
      is used for parsing NAPTR responses, could be triggered to read memory
      outside of the given input buffer if the passed in DNS response packet was
      crafted in a particular way.  This patch checks that there is enough data
      for the required elements of an NAPTR record (2 int16, 3 bytes for string
      lengths) before processing a record.
      
      See https://nodejs.org/en/blog/release/v8.1.4/
      
      
      
      [Peter: add CVE info]
      Signed-off-by: default avatarMartin Bark <martin@barkynet.com>
      Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
      476ccdb3
    • Bernd Kuhls's avatar
      package/samba4: security bump to version 4.5.12 · f9751065
      Bernd Kuhls authored
      Fixes CVE-2017-11103:
      
      All versions of Samba from 4.0.0 onwards using embedded Heimdal
      Kerberos are vulnerable to a man-in-the-middle attack impersonating
      a trusted server, who may gain elevated access to the domain by
      returning malicious replication or authorization data.
      
      Samba binaries built against MIT Kerberos are not vulnerable.
      
      https://www.samba.org/samba/history/samba-4.5.12.html
      
      
      
      [Peter: add CVE info]
      Signed-off-by: default avatarBernd Kuhls <bernd.kuhls@t-online.de>
      Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
      f9751065
    • Bernd Kuhls's avatar
      package/pcre: security bump to version 8.41 · bc6a84bb
      Bernd Kuhls authored
      Removed patches 0003 & 0004, applied upstream.
      
      Fixes the following security issues:
      
      CVE-2017-7244 - The _pcre32_xclass function in pcre_xclass.c in libpcre1 in
      PCRE 8.40 allows remote attackers to cause a denial of service (invalid
      memory read) via a crafted file.
      
      CVE-2017-7245 - Stack-based buffer overflow in the pcre32_copy_substring
      function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
      cause a denial of service (WRITE of size 4) or possibly have unspecified
      other impact via a crafted file.
      
      CVE-2017
      
      -7246 - Stack-based buffer overflow in the pcre32_copy_substring
      function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
      cause a denial of service (WRITE of size 268) or possibly have unspecified
      other impact via a crafted file.
      
      [Peter: add CVE info]
      Signed-off-by: default avatarBernd Kuhls <bernd.kuhls@t-online.de>
      Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
      bc6a84bb
    • Bernd Kuhls's avatar
      29f956d9
    • Thomas Petazzoni's avatar
      python-twisted: add missing dependency on host-python-incremental · 38aef10e
      Thomas Petazzoni authored
      The recent change on PYTHONPATH for Python 2.x has revealed a missing
      dependency in the python-twisted package. The incremental Python
      module is listed in both setup_requires and install_requires, so we
      must depend on both its target *and* host variants.
      
      Fixes:
      
        http://autobuild.buildroot.net/results/386bf87abba550b5477d5e15e57981b8c3cef8d6/
      
      
      
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      38aef10e
    • Baruch Siach's avatar
      DEVELOPERS: remove Sagaert Johan · 58e07385
      Baruch Siach authored
      
      
      The email address of Sagaert Johan is bouncing. Remove his DEVELOPERS entry.
      
      Signed-off-by: default avatarBaruch Siach <baruch@tkos.co.il>
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      58e07385
    • Thomas Petazzoni's avatar
      python: remove target Python packages from PYTHONPATH · 350941e3
      Thomas Petazzoni authored
      We currently have
      $(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages/
      inside the PYTHON_PATH variable, which gets used to define PYTHONPATH,
      passed to the host Python interpreter when building/installing target
      packages.
      
      However, this is terribly wrong, as it causes the host interpreter to
      potentially import target Python packages. This is wrong for several
      reasons:
      
       - Some Python packages might need some Python modules to be installed
         on the host (described in setup_requires in setup.py), but their
         installation currently works because by luck the corresponding
         Python module is installed for the target. Some of those cases were
         happening for real, and fixed by previous patches.
      
       - Some Python packages include some native code, therefore built for
         a specific CPU architecture. When you point the host Python
         interpreter to native libraries built for the target, you get nice
         build failures, such as the one affecting the python-cffi related
         packages.
      
      Making this change allows to fix the python-cffi related build
      failures:
      
        http://autobuild.buildroot.net/results/a9af84f2d845ee25e2b7d8b92aef485112b46060/
        (python-cryptography)
      
        http://autobuild.buildroot.net/results/b017c4f6b4d45c0afbf06a80dbd3f2ebe5d49d20/
        (python-pynacl)
      
        http://autobuild.buildroot.net/results/25144ea191ad46d851b31d3a2f0ef939f215494b/
        (python-smbus-cffi)
      
      This change has been verified with the following defconfig that
      enables a lot of Python packages:
      
      BR2_arm=y
      BR2_TOOLCHAIN_EXTERNAL=y
      BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
      BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
      BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/br-arm-full-2017.05-834-gb595627.tar.bz2
      
      "
      BR2_TOOLCHAIN_EXTERNAL_GCC_4_9=y
      BR2_TOOLCHAIN_EXTERNAL_HEADERS_3_10=y
      BR2_TOOLCHAIN_EXTERNAL_LOCALE=y
      BR2_TOOLCHAIN_EXTERNAL_CXX=y
      BR2_INIT_NONE=y
      BR2_SYSTEM_BIN_SH_NONE=y
      BR2_PACKAGE_PYTHON=y
      BR2_PACKAGE_PYTHON_ALSAAUDIO=y
      BR2_PACKAGE_PYTHON_ARROW=y
      BR2_PACKAGE_PYTHON_ATTRS=y
      BR2_PACKAGE_PYTHON_AUTOBAHN=y
      BR2_PACKAGE_PYTHON_BITSTRING=y
      BR2_PACKAGE_PYTHON_BOTTLE=y
      BR2_PACKAGE_PYTHON_CAN=y
      BR2_PACKAGE_PYTHON_CBOR=y
      BR2_PACKAGE_PYTHON_CHARDET=y
      BR2_PACKAGE_PYTHON_CHEETAH=y
      BR2_PACKAGE_PYTHON_CHERRYPY=y
      BR2_PACKAGE_PYTHON_CONFIGOBJ=y
      BR2_PACKAGE_PYTHON_CONFIGSHELL_FB=y
      BR2_PACKAGE_PYTHON_CRC16=y
      BR2_PACKAGE_PYTHON_CRCMOD=y
      BR2_PACKAGE_PYTHON_CSSSELECT=y
      BR2_PACKAGE_PYTHON_CSSUTILS=y
      BR2_PACKAGE_PYTHON_DAEMON=y
      BR2_PACKAGE_PYTHON_DIALOG=y
      BR2_PACKAGE_PYTHON_DICTTOXML=y
      BR2_PACKAGE_PYTHON_DJANGO=y
      BR2_PACKAGE_PYTHON_DOCOPT=y
      BR2_PACKAGE_PYTHON_DPKT=y
      BR2_PACKAGE_PYTHON_ECDSA=y
      BR2_PACKAGE_PYTHON_ENUM=y
      BR2_PACKAGE_PYTHON_FLASK_BABEL=y
      BR2_PACKAGE_PYTHON_FLASK_JSONRPC=y
      BR2_PACKAGE_PYTHON_FLASK_LOGIN=y
      BR2_PACKAGE_PYTHON_FLUP=y
      BR2_PACKAGE_PYTHON_GOBJECT=y
      BR2_PACKAGE_PYTHON_GUNICORN=y
      BR2_PACKAGE_PYTHON_HTML5LIB=y
      BR2_PACKAGE_PYTHON_HTTPLIB2=y
      BR2_PACKAGE_PYTHON_HUMANIZE=y
      BR2_PACKAGE_PYTHON_ID3=y
      BR2_PACKAGE_PYTHON_INIPARSE=y
      BR2_PACKAGE_PYTHON_IOWAIT=y
      BR2_PACKAGE_PYTHON_IPADDR=y
      BR2_PACKAGE_PYTHON_IPY=y
      BR2_PACKAGE_PYTHON_IPYTHON=y
      BR2_PACKAGE_PYTHON_JSON_SCHEMA_VALIDATOR=y
      BR2_PACKAGE_PYTHON_KEYRING=y
      BR2_PACKAGE_PYTHON_LIBCONFIG=y
      BR2_PACKAGE_PYTHON_LMDB=y
      BR2_PACKAGE_PYTHON_LXML=y
      BR2_PACKAGE_PYTHON_MAD=y
      BR2_PACKAGE_PYTHON_MARKDOWN=y
      BR2_PACKAGE_PYTHON_MELD3=y
      BR2_PACKAGE_PYTHON_MISTUNE=y
      BR2_PACKAGE_PYTHON_MSGPACK=y
      BR2_PACKAGE_PYTHON_MUTAGEN=y
      BR2_PACKAGE_PYTHON_MWSCRAPE=y
      BR2_PACKAGE_PYTHON_NETADDR=y
      BR2_PACKAGE_PYTHON_NETIFACES=y
      BR2_PACKAGE_PYTHON_NFC=y
      BR2_PACKAGE_PYTHON_NUMPY=y
      BR2_PACKAGE_PYTHON_PAHO_MQTT=y
      BR2_PACKAGE_PYTHON_PAM=y
      BR2_PACKAGE_PYTHON_PARAMIKO=y
      BR2_PACKAGE_PYTHON_PILLOW=y
      BR2_PACKAGE_PYTHON_POSIX_IPC=y
      BR2_PACKAGE_PYTHON_PSUTIL=y
      BR2_PACKAGE_PYTHON_PUDB=y
      BR2_PACKAGE_PYTHON_PYCLI=y
      BR2_PACKAGE_PYTHON_PYCPARSER=y
      BR2_PACKAGE_PYTHON_PYELFTOOLS=y
      BR2_PACKAGE_PYTHON_PYFTPDLIB=y
      BR2_PACKAGE_PYTHON_PYGAME=y
      BR2_PACKAGE_PYTHON_PYGAME_IMAGE=y
      BR2_PACKAGE_PYTHON_PYGAME_EXAMPLES=y
      BR2_PACKAGE_PYTHON_PYGAME_FONT=y
      BR2_PACKAGE_PYTHON_PYGAME_MIXER=y
      BR2_PACKAGE_PYTHON_PYINOTIFY=y
      BR2_PACKAGE_PYTHON_PYLIBFTDI=y
      BR2_PACKAGE_PYTHON_PYMYSQL=y
      BR2_PACKAGE_PYTHON_PYPARTED=y
      BR2_PACKAGE_PYTHON_PYPCAP=y
      BR2_PACKAGE_PYTHON_PYQRCODE=y
      BR2_PACKAGE_PYTHON_PYRATEMP=y
      BR2_PACKAGE_PYTHON_PYRO=y
      BR2_PACKAGE_PYTHON_PYROUTE2=y
      BR2_PACKAGE_PYTHON_PYSENDFILE=y
      BR2_PACKAGE_PYTHON_PYSMB=y
      BR2_PACKAGE_PYTHON_PYSNMP_APPS=y
      BR2_PACKAGE_PYTHON_PYSNMP_MIBS=y
      BR2_PACKAGE_PYTHON_PYSOCKS=y
      BR2_PACKAGE_PYTHON_PYTABLEWRITER=y
      BR2_PACKAGE_PYTHON_PYTRIE=y
      BR2_PACKAGE_PYTHON_PYUSB=y
      BR2_PACKAGE_PYTHON_PYXB=y
      BR2_PACKAGE_PYTHON_PYZMQ=y
      BR2_PACKAGE_PYTHON_REQUESTS_TOOLBELT=y
      BR2_PACKAGE_PYTHON_RPI_GPIO=y
      BR2_PACKAGE_PYTHON_RTSLIB_FB=y
      BR2_PACKAGE_PYTHON_SDNOTIFY=y
      BR2_PACKAGE_PYTHON_SERIAL=y
      BR2_PACKAGE_PYTHON_SETPROCTITLE=y
      BR2_PACKAGE_PYTHON_SH=y
      BR2_PACKAGE_PYTHON_SHUTILWHICH=y
      BR2_PACKAGE_PYTHON_SIMPLEJSON=y
      BR2_PACKAGE_PYTHON_SMBUS_CFFI=y
      BR2_PACKAGE_PYTHON_SOCKETIO=y
      BR2_PACKAGE_PYTHON_SORTEDCONTAINERS=y
      BR2_PACKAGE_PYTHON_SPIDEV=y
      BR2_PACKAGE_PYTHON_THRIFT=y
      BR2_PACKAGE_PYTHON_TOMAKO=y
      BR2_PACKAGE_PYTHON_TREQ=y
      BR2_PACKAGE_PYTHON_U_MSGPACK=y
      BR2_PACKAGE_PYTHON_UBJSON=y
      BR2_PACKAGE_PYTHON_UJSON=y
      BR2_PACKAGE_PYTHON_URLLIB3=y
      BR2_PACKAGE_PYTHON_VERSIONTOOLS=y
      BR2_PACKAGE_PYTHON_WATCHDOG=y
      BR2_PACKAGE_PYTHON_WEB2PY=y
      BR2_PACKAGE_PYTHON_WEBPY=y
      BR2_PACKAGE_PYTHON_WHOOSH=y
      BR2_PACKAGE_PYTHON_WS4PY=y
      BR2_PACKAGE_PYTHON_WSACCEL=y
      BR2_PACKAGE_PYTHON_XLUTILS=y
      
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      Reviewed-by: default avatarYegor Yefremov <yegorslists@googlemail.com>
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      350941e3
    • Thomas Petazzoni's avatar
      python-treq: needs host-python-incremental · dc8a18f9
      Thomas Petazzoni authored
      
      
      The python-treq package lists the incremental Python module as part of
      its setup_requires variable in setup.py, so it must be added as a host
      dependency of the python-treq package to avoid build failures.
      
      So far, this issue wasn't visible because python-treq selects
      python-twisted, which itself selects the target python-incremental
      package. Because python-incremental was before python-treq in the
      alphabetic ordering, it was always built before python-treq. And due
      to the fact that PYTHONPATH currently contains the directory with
      target Python modules, the host Python interpreter was happily using
      the target python-incremental while running on the host. But as we are
      going to clean up PYTHONPATH, this will no longer be the case, and
      hence python-treq needs to be fixed.
      
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      Reviewed-by: default avatarYegor Yefremov <yegorslists@googlemail.com>
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      dc8a18f9
    • Thomas Petazzoni's avatar
      python-incremental: add host variant · bd3a3f60
      Thomas Petazzoni authored
      
      
      A host variant of the python-incremental package will be needed for
      the python-treq package.
      
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      Reviewed-by: default avatarYegor Yefremov <yegorslists@googlemail.com>
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      bd3a3f60
    • Thomas Petazzoni's avatar
      python-json-schema-validator: needs versiontools on the host · d3921001
      Thomas Petazzoni authored
      
      
      python-json-schema-validator does not need versiontools on the target,
      but only on the host, as it's listed in setup_requires in setup.py.
      
      This was not noticed so far because host Python interpreter is started
      with a PYTHONPATH that contains a directory with target Python
      packages, so versiontools was found there. But as we are about to fix
      PYTHONPATH to no longer include such a directory,
      python-json-schema-validator would fail due to versiontools being
      missed on the host.
      
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      Reviewed-by: default avatarYegor Yefremov <yegorslists@googlemail.com>
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      d3921001
    • Thomas Petazzoni's avatar
      python-versiontools: add host variant · 13582f32
      Thomas Petazzoni authored
      
      
      It will be needed by python-json-schema-validator.
      
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      Reviewed-by: default avatarYegor Yefremov <yegorslists@googlemail.com>
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      13582f32
    • Thomas Petazzoni's avatar
      python-u-msgpack: switch to setuptools instead of distutils · 0767c6a3
      Thomas Petazzoni authored
      python-u-msgpack can use setuptools instead of distutils, and
      using setuptools is generally preferred.
      
      In addition, using setuptools allows to make sure the package will
      continue to build when we will adjust the PYTHONPATH variable to no
      longer point to target Python modules. Without such a change to
      setuptools, the build would fail with:
      
      =====================================================================
      running install
      Checking .pth file support in /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
      /home/test/buildroot/output/host/bin/python -E -c pass
      TEST FAILED: /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/ does NOT support .pth files
      error: bad install directory or PYTHONPATH
      
      You are attempting to install a package to a directory that is not
      on PYTHONPATH and which Python does not read ".pth" files from.  The
      installation directory you specified (via --install-dir, --prefix, or
      the distutils default setting) was:
      
          /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
      
      and your PYTHONPATH environment variable currently contains:
      
          '/home/test/buildroot/output/target/usr/lib/python2.7/sysconfigdata/'
      
      Here are some of your options for correcting the problem:
      
      * You can choose a different installation directory, i.e., one that is
        on PYTHONPATH or supports .pth files
      
      * You can add the installation directory to the PYTHONPATH environment
        variable.  (It must then also be on PYTHONPATH whenever you run
        Python and want to use the package(s) you are installing.)
      
      * You can set up the installation directory to support ".pth" files by
        using one of the approaches described here:
      
        https://setuptools.readthedocs.io/en/latest/easy_install.html#custom-installation-locations
      
      
      =====================================================================
      
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      Reviewed-by: default avatarYegor Yefremov <yegorslists@googlemail.com>
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      0767c6a3
    • Thomas Petazzoni's avatar
      python-pyro: switch to setuptools instead of distutils · 77712325
      Thomas Petazzoni authored
      python-pyro can use setuptools instead of distutils, and using
      setuptools is generally preferred.
      
      In addition, using setuptools allows to make sure the package will
      continue to build when we will adjust the PYTHONPATH variable to no
      longer point to target Python modules. Without such a change to
      setuptools, the build would fail with:
      
      =====================================================================
      running install
      Checking .pth file support in /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
      /home/test/buildroot/output/host/bin/python -E -c pass
      TEST FAILED: /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/ does NOT support .pth files
      error: bad install directory or PYTHONPATH
      
      You are attempting to install a package to a directory that is not
      on PYTHONPATH and which Python does not read ".pth" files from.  The
      installation directory you specified (via --install-dir, --prefix, or
      the distutils default setting) was:
      
          /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
      
      and your PYTHONPATH environment variable currently contains:
      
          '/home/test/buildroot/output/target/usr/lib/python2.7/sysconfigdata/'
      
      Here are some of your options for correcting the problem:
      
      * You can choose a different installation directory, i.e., one that is
        on PYTHONPATH or supports .pth files
      
      * You can add the installation directory to the PYTHONPATH environment
        variable.  (It must then also be on PYTHONPATH whenever you run
        Python and want to use the package(s) you are installing.)
      
      * You can set up the installation directory to support ".pth" files by
        using one of the approaches described here:
      
        https://setuptools.readthedocs.io/en/latest/easy_install.html#custom-installation-locations
      
      
      =====================================================================
      
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      Reviewed-by: default avatarYegor Yefremov <yegorslists@googlemail.com>
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      77712325
    • Thomas Petazzoni's avatar
      python-pyasn: switch to setuptools instead of distutils · b40e701e
      Thomas Petazzoni authored
      python-pyasn can use setuptools instead of distutils, and using
      setuptools is generally preferred.
      
      In addition, using setuptools allows to make sure the package will
      continue to build when we will adjust the PYTHONPATH variable to no
      longer point to target Python modules. Without such a change to
      setuptools, the build would fail with:
      
      =====================================================================
      running install
      Checking .pth file support in /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
      /home/test/buildroot/output/host/bin/python -E -c pass
      TEST FAILED: /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/ does NOT support .pth files
      error: bad install directory or PYTHONPATH
      
      You are attempting to install a package to a directory that is not
      on PYTHONPATH and which Python does not read ".pth" files from.  The
      installation directory you specified (via --install-dir, --prefix, or
      the distutils default setting) was:
      
          /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
      
      and your PYTHONPATH environment variable currently contains:
      
          '/home/test/buildroot/output/target/usr/lib/python2.7/sysconfigdata/'
      
      Here are some of your options for correcting the problem:
      
      * You can choose a different installation directory, i.e., one that is
        on PYTHONPATH or supports .pth files
      
      * You can add the installation directory to the PYTHONPATH environment
        variable.  (It must then also be on PYTHONPATH whenever you run
        Python and want to use the package(s) you are installing.)
      
      * You can set up the installation directory to support ".pth" files by
        using one of the approaches described here:
      
        https://setuptools.readthedocs.io/en/latest/easy_install.html#custom-installation-locations
      
      
      =====================================================================
      
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      Reviewed-by: default avatarYegor Yefremov <yegorslists@googlemail.com>
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      b40e701e
  3. 12 Jul, 2017 11 commits
  4. 11 Jul, 2017 8 commits