All Buildroot pre-built toolchains have been rebuilt with Buildroot
2017.11-rc1, so that they have the latest version of
glibc/musl/uClibc, and also the latest gcc/binutils updates.
Specifically, this will fix the build failures on Blackfin that were
due to the missing accept4() support:
http://autobuild.buildroot.net/results/8b5a72dd7cde685f6f68f46aeee8b1b60c96d559/
(openobex)
http://autobuild.buildroot.net/results/b19dd9ed29944d7f79c6f824669e3baaa0bb045a/
(libiio)
In terms of changes to the toolchains:
- AArch64 glibc toolchain changed to use 4.4 kernel headers instead
of 4.1, in order to increase the variety of kernel header versions
being tested.
- Most configurations now use 4.13 kernel headers instead of 4.12
(except the configurations that were explicitly using an older
kernel headers version)
- The mips64 n64 configuration is changed from using gcc 4.9 to gcc
5, since another ARM configuration already tests gcc 4.9.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>From the changelong:
Set the FD_CLOEXEC flag on sockets, so they are not "leaked" to
spawned processes
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes the following security issues:
CVE-2017-12172: Start scripts permit database administrator to modify
root-owned files.
CVE-2017-15098: Memory disclosure in JSON functions.
CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT
privileges.
See the announcement for more details:
https://www.postgresql.org/about/news/1801/
While we're at it, also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This is a maintenance release of the current stable WebKitGTK+ version,
which contains a minor rendering fix, another for the WebDriver
implementation, and security fixes for CVE-2017-13798, CVE-2017-13788,
and CVE-2017-13803.
Release notes:
https://webkitgtk.org/2017/11/10/webkitgtk2.18.3-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go-bootstrap is a host package that builds a first stage Go compiler,
later used to build the final Go compiler. However, this first stage
compiler only supports building on x86, x86-64 and arm as host
architectures, so we need to add the relevant architecture
dependencies to avoid having go-bootstrap built on other unsupported
platforms.
We do this by introducing BR2_PACKAGE_HOST_GO_BOOTSTRAP_ARCH_SUPPORTS
in a new package/go-bootstrap/Config.in.host file. This option is then
used by BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS to make sure we can't enable
Go packages when the host architecture doesn't allow building the Go
compiler.
Fixes:
http://autobuild.buildroot.net/results/cbd419c6ab6fa8a6d18dc137c91f895867e53b8a/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The prosody configure script defines CFLAGS as -fPIC -Wall, but
because we pass our own CFLAGS, the -fPIC goes away, causing a build
failure when building shared libraries on x86-64:
/home/test/autobuild/run/instance-0/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-amd-linux-gnu/6.2.0/../../../../x86_64-amd-linux-gnu/bin/ld: encodings.o: relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
So let's pass this -fPIC flag explicitly in CFLAGS. We don't bother
passing it conditionally !BR2_STATIC_LIBS because other packages (e.g
lua) also pass -fPIC unconditionally.
Fixes:
http://autobuild.buildroot.net/results/7f0eb285b75cdeacb21a1f9a9f64d2f0cbbf1d59/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The recent crypto handling change (commit 04a1031d3: package/libssh2: Add
selectable crypto libraries) had the unfortunate side effect that it no
longer automatically selects the most suitable crypto backend (E.G. one
where the dependency is already enabled), so all users not wanting to use
the mbedtls backend need to explicitly configure this.
Fix this by inverting the logic so the crypto backend sub options use
'depends on' their dependencies instead of 'select', so only the available
backends are displayed.
Like before, default to openssl if no crypto backend dependencies are
currently enabled.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
uClibc doesn't implement __register_atfork() on noMMU systems, causing
a build failure of libressl. Since openssl is available as an
alternative on such platforms, we just disable libressl on
uClibc/noMMU systems.
Fixes:
/home/thomas/projets/buildroot/output/build/libressl-2.5.5/crypto/.libs/libcrypto.a(arc4random.o): In function `_rs_init.part.1':
arc4random.c:(.text+0x74): undefined reference to `__register_atfork'
collect2: error: ld returned 1 exit status
This build issue is not visible in the autobuilders, because libressl
is only selectable through a choice, which isn't randomized by the
autobuilder logic.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump kernel to 4.13.11 and U-Boot to 2017.09.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ethtool has a configure script option allowing the enabling or disabling of
pretty printing for drivers, SFP modules etc which can save a significant
amount of bytes on the root filesystem. Allow selecting that, and turn it on by
default (like ethtool's configure script).
[Peter: fix Config.in indentation/style]
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/49d/49dcec0bd2f3bb78c18675a9fa5c9c53cc183fd2/
g_cclosure_marshal_VOID__VOID is defined both in libgobject.a and
libgstreamer.a. It is probably possible to fix this, but gstreamer0.10
has been deprecated for a long time now and is anyway unlikely to be
used in static-only situations, so let's just require dynamic linking.
Propagate to the reverse dependencies. opencv3 already did depend on
dynamic libs.
[Peter: add autobuild reference]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We use the host compiler for x86-64 builds, so ensure it is only available
on x86-64 hosts.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update kernel to 4.13 and U-Boot to 2017.09.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/106/106af20196089e74c35daabdae46f030981600bd/
Otherwise the (handwritten) configure script uses a config.guess script from
2010 to figure out the build host, breaking builds on ppc64le hosts.
The result of --host / --build is only used to detect if we are building for
Windows or not, which is why things are working on x86(-64) build hosts
without specifying --host even though we are cross compiling - But this may
change in the future, so we better pass the correct values.
Passing extra jimtcl configure flags is unfortunately not forseen in the
usb_modeswitch Makefile, so add a small patch making this possible.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/d13/d137680bf1c0ebfacef635cb2f0fc14524759143/
Otherwise the (handwritten) configure script uses a config.guess script from
2010 to figure out the build host, breaking builds on ppc64le hosts.
The result of --host / --build is only used to detect if we are building for
Windows or not, which is why things are working on x86(-64) build hosts
without specifying --host even though we are cross compiling - But this may
change in the future, so we better pass the correct values.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://github.com/libimobiledevice/libplist/blob/master/NEWS
This version bump fixes
* CVE-2017-6440
* CVE-2017-6439
* CVE-2017-6438
* CVE-2017-6437
* CVE-2017-6436
* CVE-2017-6435
* CVE-2017-5836
* CVE-2017-5835
* CVE-2017-5834
* CVE-2017-5545
* CVE-2017-5209
... and several others that didn't receive any CVE (yet).
The dependency to libxml2 was removed.
Autoreconf is not needed anymore, the upstream tarball includes a
configure script.
[Peter: also drop host-pkgconf dependency, only used for cython]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove --enable-abstract-sockets; dropped upstream. Remove
ac_cv_have_abstract_sockets that is dropped as well.
Remove --disable-selinux; we handle selinux as an optional dependency
below.
Remove --{enable,disable}-dnotify; this options has been removed in
version 1.7.6, broken since 2010.
Remove --with-init-scripts; dropped upstream.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
