buildroot/package, branch 2018.02

package/skeleton-systemd: invert factory logic

2018-03-04T19:35:30+00:00

Currently, we handle the factory by redirectoring /var with a symlink at build time, and with some trickery during the filesystem generation, depending on whether we need to remount the filesystem read-write or not. However, this is causing quite some pain with the latest systemd, now that they have moved their dbus socket to /run instead of /var/run. As such, trying to play tricks with /var/run as a symlink is difficult, because at times it is in .usr/share/factory/var/run (during build) and then it is in /var/run (at runtime). So a relative symlink is not possible. But an absolute symlink is not possible either, because we are installing out-of-tree. Oh the joys of cross-compilation... :-) We fix all this mess by making /var a real directory from the onset, so that we can use the runtime-expected layout even during the build. Then, during filesystem generation, we move /var away to the factory, and populate it as we used to do. This still requires a post-fs hook to restore /var after the filesystem generation. This leaves a situation that, should the filesystem generation fails, /var will be left in an inconsistent state. But that is not worse than what we already had anyway. Signed-off-by: "Yann E. MORIN" Cc: Maxime Hadjinlian Cc: Trent Piepho Cc: Adam Duskett Cc: Romain Naour Cc: Thomas Petazzoni Cc: Peter Korsgaard Signed-off-by: Peter Korsgaard

package/skeleton-init-systemd: work around for /var/lib not populating

2018-03-04T19:34:10+00:00

When using a RO root with systemd, it is intended that /var/lib should be populated at boot time by tmpfiles system mirroring it from /usr/share/factory/var/lib. However, this will only happen if /var/lib does not already exist at the time systemd-tmpfiles runs. If it does exist, then tmpfiles will (silently) skip it and do nothing. It turns out /var/lib will exist, because some part of systemd creates /var/lib/systemd/catalog on boot before tmpfiles runs. The fix used here is to also create tmpfiles entries for the contents of /var/lib/* and /var/lib/systemd/*. This way, when those directories already exist, the entire tree is not skipped and instead the not-yet-existing contents of /var/lib and /var/lib/systemd will be still be mirrored from the factory dir. And if /var/lib/systemd, or a prefix of that, stops getting created and does not exist, it'll still mirror properly. It does cause some warnings from systemd: systemd[1]: Starting Create Volatile Files and Directories... systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:7] Duplicate line for path "/var/lib/systemd", ignoring. systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:8] Duplicate line for path "/var/lib/systemd/coredump", ignoring. But they can be ignored. IMHO, I think a better solution would be for systemd-tmpfiles to gain a "merge tree" operation that is like "C" but doesn't abort if the destination exists, but rather merges the source into it. Signed-off-by: Trent Piepho [yann.morin.1998@free.fr: slight rework of commit title] Signed-off-by: Yann E. MORIN Tested-by: Adam Duskett Signed-off-by: Peter Korsgaard

linux-headers: bump 4.{9, 14}.x series

2018-03-04T17:36:11+00:00

Signed-off-by: Fabio Estevam Signed-off-by: Peter Korsgaard

package/systemd: needs any UTF-8 locale

2018-03-04T10:59:16+00:00

Not all distributions have the language-agnostic C.UTF-8 locale (Gentoo, I'm frowning at you!). Instead, use any UTF-8 locale provided by the system. Reported-by: Christian Stewart Signed-off-by: "Yann E. MORIN" Cc: Maxime Hadjinlian Cc: Julius Kriukas Cc: Christian Stewart Cc: Trent Piepho Cc: Adam Duskett Signed-off-by: Peter Korsgaard

package/systemd: create groups required for udevd

2018-03-04T10:42:12+00:00

udevd needs extra groups for its bundled rules: Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'render' unknown Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'kvm' unknown Add those missing groups. Signed-off-by: "Yann E. MORIN" Cc: Maxime Hadjinlian Cc: Julius Kriukas Cc: Trent Piepho Cc: Adam Duskett Signed-off-by: Peter Korsgaard

package/tor: security bump to version 0.3.1.10

2018-03-04T10:01:45+00:00

Fixes CVE-2018-0490: null-pointer crash in directory authority protocol list code. Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard

libv4l: fix libdvbv5 musl compile

2018-03-04T09:15:25+00:00

Add optional copy of TEMP_FAILURE_RETRY macro. Fixes [1]: ../../lib/libdvbv5/.libs/libdvbv5.so: undefined reference to `TEMP_FAILURE_RETRY' [1] http://autobuild.buildroot.net/results/7aea0cbb9e7fe7d9919c9be04ba4567ddcf4e15e Patch submitted upstream: https://www.mail-archive.com/linux-media@vger.kernel.org/msg127134.html [Peter: add upstream submission link as suggested by Baruch] Signed-off-by: Peter Seiderer Signed-off-by: Peter Korsgaard

dhcp: add upstream security fixes

2018-03-03T22:26:08+00:00

CVE-2018-5732: The DHCP client incorrectly handled certain malformed responses. A remote attacker could use this issue to cause the DHCP client to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the dhclient AppArmor profile. CVE-2018-5733: The DHCP server incorrectly handled reference counting. A remote attacker could possibly use this issue to cause the DHCP server to crash, resulting in a denial of service. Both issues are fixed in version 4.4.1. But we are close to release, so backport the fixes instead of bumping version. Signed-off-by: Baruch Siach Signed-off-by: Peter Korsgaard

postgresql: security bump to 10.3

2018-03-03T19:15:59+00:00

Helps mitigate CVE-2018-1058 see: https://www.postgresql.org/docs/current/static/release-10-3.html for more bugfixes. Signed-off-by: Adam Duskett Signed-off-by: Peter Korsgaard

mosquitto: unbreak build with websockets and !libopenssl

2018-03-03T16:16:42+00:00

Fixes: http://autobuild.buildroot.net/results/d69/d693f3e3f1c73ccf54ac7076623e436355a9d901/b Signed-off-by: Peter Korsgaard