gcc does not build when the srcdir path contains a '@', because that
path is then substitued in a texi file as argument to an @include
directive. But then, the '@' in the path will start a command evaluation
of its own, thus breaking the build. For example, with a $(O) path set
to /home/ymorin/dev/buildroot/O/to@ti :
perl ../../gcc/../contrib/texi2pod.pl ../../gcc/doc/invoke.texi > gcc.pod
../../gcc/doc/invoke.texi:1678: unknown command `ti'
../../gcc/doc/invoke.texi:1678: @include: could not find /home/ymorin/dev/buildroot/O/to/build/host-gcc-initial-7.3.0/build/gcc/../../gcc/../libiberty/at-file.texi
[Peter: use findstring instead of subst/compare]
Reported-by: c32 on IRC
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7007dc2bc9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-10873: A vulnerability was discovered in SPICE before version
0.14.1 where the generated code used for demarshalling messages lacked
sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted messages to its peer which
would result in a crash or, potentially, other impacts.
Drop patches as they are now upstream.
Add host-pkgconf as the configure script uses pkg-config. Drop removed
--disable-automated-tests configure flag.
Add optional opus support, as that is now supported and needs to be
explicitly disabled to not use. Explicitly disable optional gstreamer
support for now as the dependency tree is fairly complicated.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f33f7a4f64)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The license heading in source files includes the "or any later"
language.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cfa3447a78)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-14501: An out-of-bounds read flaw exists in
parse_file_info in archive_read_support_format_iso9660.c in libarchive
3.3.2 when extracting a specially crafted iso9660 iso file, related to
archive_read_format_iso9660_read_header.
Drop upstream patches.
Use upstream provided tarball hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 946f136fe1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When two Buildroot builds run in parallel, and they both happen to call
npm at roughly the same time, the two npm instances may conflict when
accessing the npm cache, which is by default ~/.npm
Although npm is supposed to lock access to the cache, it seems it does
sometimes fail to do so properly, bailling out in error, when it would
never ever crash at all when not running in parallel. We suspect that
the sequence leading to such failures are something like:
npm-1 npm-2
lock(retry=few, sleep=short) .
does-stuff() .
. lock(retry=few, sleep=short)
. # can't lock local cache
. download-module()
. # can't download
. exit(1)
unlock()
As per the docs [0], few = 10, short = 10. So if the first npm (npm-1)
takes more than 100s (which can happen behind slow links and/or big
modules that contain native code that is compiled), then the second npm
(npm-2) will bail out (the download would fail if there is no network
access, for example, and only local modules are used).
Point npm to use a per-build cache directory, so they no longer compete
across builds.
That would still need some care when we do top-level parallel builds,
though.
Note also that the conflicts are not totally eliminated: two or more npm
instances may still compete for some other resource that has not yet
been identified.
But, at least, the conflict window has been drastically shortened now,
to the point where it now seldom occurs.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4a16182d5f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While Erlang includes a version of zlib, it's intended for Windows and
there's an expectation that non-Windows platforms provide it. It's also
not as regularly updated as the one in Buildroot. This change makes
Erlang always use a Buildroot-provided zlib.
Fixes this compile error:
CC /home/buildroot/autobuild/run/instance-0/output/build/erlang-21.0/erts/emulator/zlib/obj/x86_64-buildroot-linux-musl/opt/adler32.o
In file included from zlib/adler32.c:11:0:
zlib/zutil.h:172:39: error: "_LFS64_LARGEFILE" is not defined [-Werror=undef]
(!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0)
^~~~~~~~~~~~~~~~
See http://autobuild.buildroot.net/results/fc633f80c7c36a90e641487f5a888fbb767c2a54/.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ec5378038f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported by Jeff Wittrock in bug #11396, the U-Boot environment
image checksum is invalid for big endian targets, because the test on
the BR2_ENDIAN Config.in option doesn't take into account that it is
double quoted.
The fix was provided by Jeff himself on bugzilla.
Fixes bug #11396.
Reported-by: Jeff Wittrock <jwittrock@faultrecorder.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d6fcf044a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For some reason, ustr installs its own source code, which means we end
up with 448 KB of source code in /usr/share in the target filesystem:
$ tree output/target/usr/share/
output/target/usr/share/
└── ustr-1.0.4
├── malloc-check.h
├── ustr-b-code.h
├── ustr-b-dbg-code.c
├── ustr-b-opt-code.c
├── ustr-cmp-code.h
├── ustr-cmp-dbg-code.c
├── ustr-cmp-internal.h
├── ustr-cmp-opt-code.c
├── ustr-cntl-code.h
├── ustr-fmt-code.h
├── ustr-fmt-dbg-code.c
├── ustr-fmt-internal.h
[...]
$ du -sh output/target/usr/share/ustr-1.0.4/
448K output/target/usr/share/ustr-1.0.4/
So let's drop this source code in a post-install target hook.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c27484b2ef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-10933: authentication bypass vulnerability in the server
code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authenticate without any credentials.
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Drop an upstream patch.
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit de24e47d90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pass TARGET_LDFLAGS to EXTRA_LDFLAGS to fix following issue:
/home/buildroot/autobuild/run/instance-3/output/build/host-gcc-final-7.3.0/build/arm-buildroot-linux-musleabihf/libgcc/../../../libgcc/config/arm/lib1funcs.S:1545: undefined reference to `raise'
Also pass TARGET_CFLAGS to EXTRA_CFLAGS and TARGET_CXXFLAGS to
EXTRA_CXXFLAGS and move all these variables to
OPEN_PLC_UTILS_MAKE_OPTS for readability
Fixes:
- http://autobuild.buildroot.org/results/67bc5e7ac8ae1c49c035b022a394d2f746705cf2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d8738d3b97)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit a31a66802a ("freetype:
security bump to version 2.5.3"), the freetype package was changed to
call ./autogen.sh to regenerate the autotools stuff, because the
ltmain.sh provided by upstream freetype was not compatible with
Buildroot libtool-patching logic.
Since then, freetype has been bumped several times, and the current
version packaged in Buildroot has an ltmain.sh that is compatible with
our libtool-patching logic.
Therefore, this commit drops the no longer needed autogen stuff.
This autogen stuff was badly breaking per-package host/target
directory, because the autogen happened at the post-patch hook step,
at which point the host-automake/host-autoconf/host-libtool
dependencies have not yet been copied into this package host
directory.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 88c6329521)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use system liblinear instead of using included liblinear.
liblinear in buildroot is at version 2.20 released on December 2017
whereas liblinear in nmap has not been updated since 7 years (except for
liblinear.vcxproj which has been updated 2 years ago)
Do not use --with-liblinear option as otherwise nmap will forget to add
-llinear to LIBS due to the following line in configure.ac:
if test $have_liblinear != yes; then
AC_CHECK_HEADERS([linear.h],
AC_CHECK_LIB(linear, predict, [have_liblinear=yes; LIBLINEAR_LIBS="-llinear"; break],, [-lm])
)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c0d9ba562c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When used without spdx_lookup the BSD licence cannot be
detected correctly because many Python packages just specify
BSD without the exact version in their metadata. So add a
special message warning the user instead of the licence id.
Bonus: fix typo.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d05e41eb1a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 87d759ced5 (ntp: fix build for no-MMU) added a patch to make MMU
dependent code hidden behind HAVE_WORKING_FORK. It turns out that the
patch covers too much code. When libcap is enabled we pass
--enable-linuxcaps, which in turn enables HAVE_DROPROOT. This adds calls
to code that is covered by HAVE_WORKING_FORK.
Update the no-MMU fix so that HAVE_WORKING_FORK only covers the no-MMU
incompatible routine.
Fixes:
http://autobuild.buildroot.net/results/c5c/c5cf28bb969fec7c07864cdd094dedfa4d5439d2/
Cc: Artem Panfilov <apanfilov@spectracom.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7cf152852d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Many platforms don't provide all FPU features needed by Poco when
configured for soft floating point in their fenv.h header. So
disable fpenvironment for this configuration to avoid build breakage.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c735f39881)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The enum34 dependency is required for python2.7 for both the host and
target builds. This patch adds the host dependency to match what is
already in place for the target.
The host build is used by the setools package seinfo tool offline for
host based policy analysis. The analysis is easiest performed offline
as the policy is checked for path/reachability, which is something
that occurs by taking the policy file and using debug libraries to
perform test cases.
Fixes the following runtime error:
$ ./output/host/bin/sesearch
Traceback (most recent call last):
[...]
File "/home/test/buildroot/output/host/lib/python2.7/site-packages/setools-4.1.1-py2.7-linux-x86_64.egg/setools/policyrep/util.py", line 21, in <module>
from enum import Enum
ImportError: No module named enum
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a5e4eddb84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2018-16758: Michael Yonli discovered that tinc 1.0.34 and earlier allow
a man-in-the-middle attack that, even if the MITM cannot decrypt the traffic
sent between the two endpoints, when the MITM can correctly predict when an
ephemeral key exchange message is sent in a TCP connection between two
nodes, allows the MITM to force one node to send UDP packets in plaintext.
The tinc 1.1pre versions are not affected by this.
CVE-2018-16738: Michael Yonli discoverd that tinc versions 1.0.30 to 1.0.34
allow an oracle attack, similar to CVE-2018-16737, but due to the
mitigations put in place for the Sweet32 attack in tinc 1.0.30, it now
requires a timing attack that has only a limited time to complete. Tinc
1.1pre16 and earlier are also affected if there are nodes on the same VPN
that still use the legacy protocol from tinc version 1.0.x.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d0758184c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
get-developers tries to open DEVELOPERS in the current directory, so it
breaks when calling it from elsewhere than the toplevel Buildroot directory.
Traceback (most recent call last):
File "../utils/get-developers", line 107, in <module>
__main__()
File "../utils/get-developers", line 26, in __main__
devs = getdeveloperlib.parse_developers(os.path.dirname()
File "/home/peko/source/buildroot/utils/getdeveloperlib.py", line 161, in parse_developers
with open(os.path.join(basepath, "DEVELOPERS"), "r") as f:
IOError: [Errno 2] No such file or directory: '/home/peko/source/buildroot/output-foo/DEVELOPERS'
Fix it by instead figuring out where the DEVELOPERS file is relative to the
location of get-developers (E.G. one level up).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Arnout:
- add realpath to support a symlinked get-developers script;
- pass devs_dir argument to check_developers() to support -c in subdir;
- convert basepath to absolute path to support -f option.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 62d5558f76)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes a syntax error introduced in bcf2ed5cc3.
Output before the patch:
$ ./utils/get-developers outgoing/*
File "./utils/get-developers", line 97
print dev
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean
print(dev)?
Output after the patch:
$ ./utils/get-developers outgoing/*
git send-email --to buildroot@buildroot.org
Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8320ad3341)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When called with a list of patches, get-developers prints the entire git
send-email invocation line:
./utils/get-developers 0001-git-security-bump-to-version-2.16.5.patch
git send-email --to buildroot@buildroot.org --cc "Matt Weber <matthew.weber@rockwellcollins.com>"
This may be handy when creating an entire patch series and editing a cover
letter, but it does mean that this has to be explicitly executed and
get-developers cannot be used directly by the --cc-cmd option of git
send-email to automatically CC affected developers.
So add an -e flag to only let get-developers print the email addresses of
the affected developers in the one-email-per-line format expected by git
send-email, similar to how get_maintainer.pl works in the Linux kernel.
With this and a suitable git configuration:
git config sendemail.to buildroot@buildroot.org
git config sendemail.ccCmd "$(pwd)/utils/get-developers -e"
You can simply do:
git send-email master
To automatically mail the buildroot list and CC affected developers on
patches.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bcf2ed5cc3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In addition:
- Update 0001-user-exec-fix-usage-of-mcontext-structure-on-ARM-uCl.patch
with new line numbers and file location.
- Remove upstream 0002-memfd-fix-configure-test.patch
- Add new options found in 2.12.0 in qemu.mk as disabled.
- Remove --with-system-pixman as it's no longer optional.
Tested with test-pkg:
./utils/test-pkg -p qemu -c configs/qemu_min_defconfig
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: SKIPPED
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
armv5-ctng-linux-gnueabi [6/6]: OK
6 builds, 1 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 06e3957c16)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Our package infrastructure uses inheritance of a number of values from
the target package to the host package, which assumes the target
package is defined before the host package. In addition, future
changes are going to make this requirement even more important.
Therefore, let's fix the qemu package so that it declares its target
variant before its host variant, like all other packages in
Buildroot. We handle qemu separately from other packages, because
unlike other packages, it didn't had the "eval" for the host and
target packages at the end of the file, but rather all variables
related to the host variant first, then the call to the package
infrastructure for the host variant, then the variables related to the
target variant, and finally the call to the package infrastructure for
the target variant. We are inverting the order of those two big parts
in this commit.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2ae7b21e0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to target/mips/TODO in the Qemu sources:
MIPS64
------
- Userland emulation (both n32 and n64) not functional.
And indeed, trying to run a mips64n32 binary under qemu user emulation
results in:
Invalid ELF image for this architecture
So we move the BR2_mips64(el) dependency from
BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS to
BR2_PACKAGE_HOST_QEMU_SYSTEM_ARCH_SUPPORTS, so that only the system
emulation is available on mips64, and not the user-mode emulation.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 17024f5900)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Not all architectures are supported by both the system emulation and
user-mode emulation in Qemu, so a single
BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS doesn't work very well.
Therefore, this commit introduces the
BR2_PACKAGE_HOST_QEMU_{SYSTEM,USER}_ARCH_SUPPORTS hidden options. We
keep the BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS option for the (numerous)
architectures supported by both system emulation and user-mode
emulation.
The 'select' logic to make sure that at least either system emulation
or user-mode emulation is selected is reworked, and done carefully to
avoid recursive Kconfig dependencies.
For now BR2_PACKAGE_HOST_QEMU_SYSTEM_ARCH_SUPPORTS and
BR2_PACKAGE_HOST_QEMU_USER_ARCH_SUPPORTS are the same, but they will
become different in a follow-up commit.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d7f74dced9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
