Version 2.24.3 is a minor update which contains many bugfixes.
>From the announcement:
- Fix previous/next gestures in RTL mode.
- Fix rendering artifacts in popular sites (YouTube, GitHub, etc.)
- Fix media playback annoyances (volume randomly changing, HLS streams
starting too slowly, some audio streams would not play, etc.)
- Fix build with audio and video disabled.
https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3ff05d9094)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When running in a CI system, stat messages become white noise. Introduce
an option to suppress non-error, non-warning, messages.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 44af8386f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Barebox starting from 2019.02 no longer ships flex/bison generated
parser. Add conditional kconfig dependencies, same as we did for kernel
and uboot.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e7d8d9a765)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When TARGET_CFLAGS (or _LDFLAGS or _CXXFLAGS) are empty, but were
constructed by appending other variables, like:
TARGET_CFLAGS = $(SOMETHING) $(SOMETHING_ELSE)
and both variables are empty, then $(TARGET_CFLAGS) is _not_ the
null-string; it's value is a string made of a single space.
This means that the construct:
$(if $(TARGET_CFLAGS),true,false)
will in fact return 'true'.
In our case, it means that we will call:
`printf '"%s", ' `
which expands to just:
"",
which we are then happy to insert as-is in the generated
cross-compilation.conf.
Then meson, will happily call the compiler with an empty argument.
The compiler is less happy, though:
arm-none-linux-gnueabi-gcc: error: : No such file or directory
And this is not even trivial to debug either... The only clue being that
there seems to be something missing between ': :'
We fix that testing the $(strip)ed value. We can still pass the
non-$(strip) expansion, because the shell will just do it for us, and we
are then sure there is at least one non-blank word in there.
Thanks a lot to Adam for his invaluable help debugging this!
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e9de6d9e0a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilites:
CVE-2018-20843: In libexpat in Expat before 2.2.7, XML input including XML
names that contain a large number of colons could make the XML parser
consume a high amount of RAM and CPU resources while processing (enough to
be usable for denial-of-service attacks).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 84fd08cf4f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-15664: API endpoints behind the 'docker cp' command are
vulnerable to a symlink-exchange attack with Directory Traversal, giving
attackers arbitrary read-write access to the host filesystem with root
privileges, because daemon/archive.go does not do archive operations on a
frozen filesystem (or from within a chroot).
And includes additional post-18.09.6 fixes:
Builder
- Fixed a panic error when building dockerfiles that contain only comments.
moby/moby#38487
- Added a workaround for GCR authentication issue. moby/moby#38246
- Builder-next: Fixed a bug in the GCR token cache implementation
workaround. moby/moby#39183
Runtime
- Added performance optimizations in aufs and layer store that helps in
massively parallel container creation and removal. moby/moby#39107,
moby/moby#39135
- daemon: fixed a mirrors validation issue. moby/moby#38991
- Docker no longer supports sorting UID and GID ranges in ID maps.
moby/moby#39288
Logging
- Added a fix that now allows large log lines for logger plugins.
moby/moby#39038
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit cdbb3ced00)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-15664: API endpoints behind the 'docker cp' command are
vulnerable to a symlink-exchange attack with Directory Traversal, giving
attackers arbitrary read-write access to the host filesystem with root
privileges, because daemon/archive.go does not do archive operations on a
frozen filesystem (or from within a chroot).
And includes additional post-18.09.6 fixes:
Builder
- Fixed a panic error when building dockerfiles that contain only comments.
moby/moby#38487
- Added a workaround for GCR authentication issue. moby/moby#38246
- Builder-next: Fixed a bug in the GCR token cache implementation
workaround. moby/moby#39183
Runtime
- Added performance optimizations in aufs and layer store that helps in
massively parallel container creation and removal. moby/moby#39107,
moby/moby#39135
- daemon: fixed a mirrors validation issue. moby/moby#38991
- Docker no longer supports sorting UID and GID ranges in ID maps.
moby/moby#39288
Logging
- Added a fix that now allows large log lines for logger plugins.
moby/moby#39038
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 13cf6f0c0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroots autobuild identified a failure on GCC v6.2 and GCC v6.3,
producing the following warning (reported as error due to -Werror):
event_dispatcher_poll.cpp:231:13: error: types may not be defined
in a for-range-declaration [-Werror]
for (const struct pollfd &pfd : pollfds) {
^~~~~~
cc1plus: all warnings being treated as errors
A fix has been integrated upstream, bump the package to incorporate it.
Fixes: http://autobuild.buildroot.net/results/f6dd4c60c04892c8b1669e6000fce7edb2b6349e/
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1db7890e0a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On my machine, it happens once in a while that the virtualised machine
boots too fast for the rootfs to be available at the time the kernel
tries to mount it.
For example, board/qemu/arm-vexpress/readme.txt suggested changing
"-smp 1" up to "-smp 4". But doing so here causes a kernel panic:
VFS: Cannot open root device "mmcblk0" or unknown-block(0,0): error -6
Please append a correct "root=" boot option; here are the available partitions:
1f00 131072 mtdblock0
(driver?)
1f01 32768 mtdblock1
(driver?)
Kernel panic - not syncing: VFS: Unable to mount root fs on
unknown-block(0,0)
So, add the oh-so-useful 'rootwait' option to all kernel command lines
for qemu defconfigs.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Joel Stanley <joel@jms.id.au>
Cc: Mark Corbin <mark.corbin@embecosm.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 626c9705d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2019-12450: file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0
through 2.61.1 does not properly restrict file permissions while a copy
operation is in progress. Instead, default permissions are used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
test-pkg will use gigabytes of space when testing all toolchains.
Nevertheless, you are normally only interested in the actual build / host
tree when there is a build failure.
Do a 'make clean' for successful builds to save disk space, unless the new
option '-k/--keep' is set.
Note that the logfile and configuration is always retained for inspection.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 72bf48606c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The long option parsing of test-pkg is broken because:
- some long options are not declared
- there should be a comma between long options, the colon does not replace
it.
This change also revealed that the declaration of 'toolchains-dir' should
have been 'toolchains-csv', originally introduced in commit ed59f81a3c.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 989cda12ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From patch [1] included in kernel >= 5.0:
"The upcoming GCC 9 release extends the -Wmissing-attributes warnings
(enabled by -Wall) to C and aliases: it warns when particular function
attributes are missing in the aliases but not in their target.
In particular, it triggers for all the init/cleanup_module
aliases in the kernel (defined by the module_init/exit macros),
ending up being very noisy.
These aliases point to the __init/__exit functions of a module,
which are defined as __cold (among other attributes). However,
the aliases themselves do not have the __cold attribute.
Since the compiler behaves differently when compiling a __cold
function as well as when compiling paths leading to calls
to __cold functions, the warning is trying to point out
the possibly-forgotten attribute in the alias."
Werror is set by default while building ppc kernel [2], but
some warning can be introduced while building current kernel with
newer compiler (for example building kernel 4.19 with gcc 9.1).
For the same reason why we remove Werror in packages's compiler
flags. Building with Werror is not bulletproof when we start
using a newer compiler that introduce new warnings.
This is the case here.
Also this option is a bit strange since it's specific to ppc kernels:
"The intention is to make it harder for people to inadvertantly
introduce warnings in the arch/powerpc code."
Other kernel developers on other arch may be interested by a
similar/more generic option.
So, It's clearly intended for kernel developers.
Instead of backporting this patch [1] to kernel 4.19, select
unconditionally the Kconfig option CONFIG_PPC_DISABLE_WERROR
that allow to disable Werror.
Fixes:
https://gitlab.com/kubu93/toolchains-builder/-/jobs/205435741
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=a6e60d84989fa0e91db7f236eda40453b0e44afa
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=ba55bd74360ea4b8b95e73ed79474d37ff482b36
[3] https://gitlab.com/bootlin/toolchains-builder
Fix-suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1713c3c344)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Starting from Qt5 5.9.0, -optimize-debug is enabled by default for
debug builds causing -Og flag to be appended to CFLAGS and
consequently override TARGET_CFLAGS. We don't want this so let's pass
-no-optimize-debug to QT5BASE_CONFIGURE_OPTS if QT5_VERSION_LATEST=y.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5857ab6a96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We want to install the lmbench script along with the other executables,
so we add it to the appropriate list.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1956fbe5a4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
scripts/build makes use of the "+=" operator which is not supported by
a pure POSIX shell. We switch to /bin/bash in order to avoid errors of
the form:
../scripts/build: 21: ../scripts/build: LDLIBS+= -lm: not found
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 037d5ffcb6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
jimtcl, perl, usb_modeswitch and x264 are registering
UPDATE_CONFIG_HOOK as a post patch hook to get their gnuconfig files
updated. lmbench is the only package calling CONFIG_UPDATE directly,
so for consistency, let's make it use the same logic as jimtcl, perl,
usb_modeswitch and x264.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2b8b6767ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Package tvheadend builds using '-pie' linker flag in any case. This
leads to linking failure if toolchain doesn't support 'pie'.
Add patch to fix tvheadend's Makefile bug where '-pie' flag is hardcoded
making it depend on '--disable-pie' as compiler's flags already are
treated.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dd0907d465)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add hash for COPYING file
Fixes:
$: make haveged-legal-info
>>> haveged 1.9.4 Collecting legal info
ERROR: No hash found for COPYING
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0ae29b98d1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit b3bba8e425 (package/linux-headers: drop support 4.20 headers)
removed the option for 4.20.x kernel headers, but forgot to add a legacy
option. Add that now.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8f60d30829)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In glibc 2.27 the following change occurred:
"Statically compiled applications attempting to load locales compiled
for the GNU C Library version 2.27 will fail and fall back to the
builtin C/POSIX locale."
This impacts us since upstream buildroot uses a localdef built against
an older eglibc release, as reported at [0].
This is a combination of my patch to move to glibc and Peter Seiderer's
patch to avoid building all of glibc just for localedef.
[0] https://bugs.busybox.net/show_bug.cgi?id=11096
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
[localedef build & fixups:]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Thomas: share the tarball with the glibc package]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0ec7169e6c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add hash for COPYING file
Fixes:
$: make logrotate-legal-info
>>> logrotate 3.15.0 Collecting legal info
ERROR: No hash found for COPYING
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 38626b4b63)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic links
in their own home directory to bypass authentication and connect to a
DBusServer with elevated privileges. The standard system and session
dbus-daemons in their default configuration were immune to this attack
because they did not allow DBUS_COOKIE_SHA1, but third-party users of
DBusServer such as Upstart could be vulnerable. Thanks to Joe Vennix of
Apple Information Security.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2019/06/11/2
Also contains a number of other smaller fixes, including fixes for memory
leaks. For details, see NEWS:
https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 992b106d1d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Nehalem, the predecessor to westmere, is best match for westmere
architecture in current openblas.
Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b04f1deab3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The westmere line of x86_64 targets lies between nehalem (corei7) and
sandybridge (corei7-avx). Allowing use of -march=westmere enables use of
AES instruction set on these targets.
Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 97651ce275)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The licensing text in README.md has changed slightly. The reference to
COPYING.LESSER has been removed. The file itself has been gone for awhile
now. COPYING.thirdparty has also been renamed to THIRDPARTY.
Release notes:
https://mariadb.com/kb/en/library/mariadb-10315-release-notes/
Changelog:
https://mariadb.com/kb/en/mariadb-10315-changelog/
Fixes the following security vulnerabilities:
CVE-2019-2614 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication). Supported versions that are affected
are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to
exploit vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2019-2627 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Security: Privileges). Supported versions that are
affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior.
Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability
to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server.
CVE-2019-2628 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and
prior and 8.0.15 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 033844c44d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* Fix multiple buffer overflows in the ps demuxer
* Fix a buffer overflow when copying a biplanar YUV image
* Fix multiple buffer overflows in the faad decoder
* Fix buffer overflow in the svcdsub decoder
* Fix buffer overflows in the ogg muxer & demuxer
* Fix buffer overflows in libavformat demuxer
* Fix multiple buffer overflows in the MKV demuxer
* Fix a buffer overflow in the MP4 demuxer
* Fix a buffer overflow in the textst decoder
* Fix a buffer overflow in the webvtt decoder
* Fix a buffer overflow in the ASF demux
* Fix a buffer overflow in the UPNP SD
* Fix use after free in the ogg demuxer
* Fix multiple use after free in the MKV demuxer
* Fix multiple use after free in the DMO decoder
* Fix integer underflow in the MKV demuxer
* Fix an updater NULL pointer dereference on invalid signing keys
* Fix NULL pointer dereference in the MKV demuxer
* Fix an integer overflow in the spudec decoder
* Fix an integer overflow in the nsc demuxer
* Fix an integer overflow in the avi demuxer
* Fix reads of uninitialized pointers in the MKV demuxer
* Fix a floating point exception in the MKV demuxer
* Fix an infinite loop in the flac packetizer
For more details, see the NEWS file:
https://www.videolan.org/developers/vlc-branch/NEWS
Removed patch 0010, applied upstream.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 04efb17c86)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an from from upstream to fix linking Gerbera with taglib. The patch
fixes the following issue:
When cross-compiling CMakes `find_program()` will search for binaries on the
host. This is typically correct, e.g. when search for compilers or shells.
When cross-compiling, searching for `taglib-config` using `find_program` should
not find the binary on the host, instead it should find the binary in the sysroot
directory, as the host `taglib-config` will output the wrong host paths
and libs, whereas the sysroot `taglib-config` will output the correct sysroot
paths and libs.
Therefore, use the `CMAKE_FIND_ROOT_PATH_MODE_PROGRAM` variable when
cross-compiling. This variable controls whether the `CMAKE_FIND_ROOT_PATH`
and `CMAKE_SYSROOT` are used by find_program().
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 6d52768315)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current taglib-config program does not work when cross-compiling as it only
returns paths to the host, which breaks building programs which link against
taglib.
For example gerbera uses `taglib-config` and it fails with:
```
[..]
-- Found TagLib: -L/usr/lib -ltag
[..]
arm-linux-gnueabihf-g++: ERROR: unsafe header/library path used in cross-compilation: '-L/usr/lib'
```
Before the patch the output of `taglib-config` is:
```
$ ./output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/bin/taglib-config --libs
-L/usr/lib -ltag
```
Add a patch from upstream which fixes taglib-config.
After applying the fix, the pkg-config file is correct:
```
$ ./output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/bin/taglib-config --libs
-L/home/joerg/Development/git/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib -ltag
```
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ad29cd6224)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current logic will set the "-static" flag when building go
host packages if BR2_STATIC_LIBS is set, this will not work as
there is no support to link host packages statically.
Fix this by applying this logic only for target builds.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 60d455f20b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
PATH must be set to $(BR_PATH) thanks to $(TARGET_MAKE_ENV) before
calling make otherwise build fails on:
/bin/bash: gawk: command not found
When build fails, config.log contains the following line:
configure:13709: checking for gawk
configure:13725: found /home/buildroot/autobuild/run/instance-3/output/host/bin/gawk
configure:13736: result: gawk
[...]
ac_cv_prog_AWK=gawk
Fixes:
- http://autobuild.buildroot.org/results/43c5d08f599e8f44b59a576d243ae1c7b27de7a3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 10aa85ac8a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The build fails if libintl.h is found but xgettext is not available:
Has header "libintl.h" : YES
Library intl found: NO
po/meson.build:28:5: ERROR: Can not do gettext because xgettext is not installed.
This is because enable_nls defaults to true if libintl.h is found. Use
the nls option to enable/disable NLS explicitly, depending on
BR2_SYSTEM_ENABLE_NLS,
Also, fix the second patch to always look for libintl, even if NLS is
not enabled. The enable_nls option disables processing the po files, but
the gettext calls in the source are still there, so we need to link with
libintl anyway.
Fixes:
- http://autobuild.buildroot.org/results/0ab0a42fd4c5c9fd5891f3b84287bd788f763ba4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 56fb7401b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixing the following list of issues (fixed in 0.27.6 and 0.27.5):
The function family git__strtol is used to parse integers
from a buffer. As the functions do not take a buffer length as
argument, they will scan either until the end of the current
number or until a NUL byte is encountered. Many callers have
been misusing the function and called it on potentially
non-NUL-terminated buffers, resulting in possible out-of-bounds
reads. Callers have been fixed to use git__strntol functions
instead and git__strtol functions were removed.
The function git__strntol64 relied on the undefined behavior
of signed integer overflows. While the code tried to detect
such overflows after they have happened, this is unspecified
behavior and may lead to weird behavior on uncommon platforms.
In the case where git__strntol32 was unable to parse an
integer because it doesn't fit into an int32_t, it printed an
error message containing the string that is currently being
parsed. The code didn't truncate the string though, which
caused it to print the complete string until a NUL byte is
encountered and not only the currently parsed number. In case
where the string was not NUL terminated, this could have lead
to an out-of-bounds read.
When parsing tags, all unknown fields that appear before the
tag message are skipped. This skipping is done by using a plain
strstr(buffer, "\n\n") to search for the two newlines that
separate tag fields from tag message. As it is not possible to
supply a buffer length to strstr, this call may skip over the
buffer's end and thus result in an out of bounds read. As
strstr may return a pointer that is out of bounds, the
following computation of buffer_end - buffer will overflow
and result in an allocation of an invalid length. Note that
when reading objects from the object database, we make sure to
always NUL terminate them, making the use of strstr safe.
When parsing the "encoding" field of a commit, we may perform
an out of bounds read due to using git__prefixcmp instead of
git__prefixncmp. This can result in the parsed commit object
containing uninitialized data in both its message encoding and
message fields. Note that when reading objects from the object
database, we make sure to always NUL terminate them, making the
use of strstr safe.
Submodule URLs and paths with a leading "-" are now ignored.
This is due to the recently discovered CVE-2018-17456, which
can lead to arbitrary code execution in upstream git. While
libgit2 itself is not vulnerable, it can be used to inject
options in an implementation which performs a recursive clone
by executing an external command.
When running repack while doing repo writes,
packfile_load__cb() could see some temporary files in the
directory that were bigger than the usual, and makes memcmp
overflow on the p->pack_name string. This issue was reported
and fixed by bisho.
The configuration file parser used unbounded recursion to parse
multiline variables, which could lead to a stack overflow. The
issue was reported by the oss-fuzz project, issue 10048 and
fixed by Nelson Elhage.
The fix to the unbounded recursion introduced a memory leak in
the config parser. While this leak was never in a public
release, the oss-fuzz project reported this as issue 10127. The
fix was implemented by Nelson Elhage and Patrick Steinhardt.
When parsing "ok" packets received via the smart protocol, our
parsing code did not correctly verify the bounds of the
packets, which could result in a heap-buffer overflow. The
issue was reported by the oss-fuzz project, issue 9749 and
fixed by Patrick Steinhardt.
The parsing code for the smart protocol has been tightened in
general, fixing heap-buffer overflows when parsing the packet
type as well as for "ACK" and "unpack" packets. The issue was
discovered and fixed by Patrick Steinhardt.
Fixed potential integer overflows on platforms with 16 bit
integers when parsing packets for the smart protocol. The issue
was discovered and fixed by Patrick Steinhardt.
Fixed potential NULL pointer dereference when parsing
configuration files which have "include.path" or
"includeIf..path" statements without a value.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 02afc9db7a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We have some internal packages which automatically bake a version string
from the git checkout, and we usually combine these with a
*_OVERRIDE_SRCDIR. I would like to let Buildroot *not* skip the .git
directory when picking up sources from the local checkout. It turns out
that the existing mechanism (*_OVERRIDE_SRCDIR_RSYNC_EXCLUSIONS) only
supports adding to the exclude list because `rsync` simply uses the
first match from the provided filtering rules.
Solve this by using the user-provided values first. If they match, then
`rsync` won't exclude stuff based on the generic VCS exclude patterns.
Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a27078d32d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop third patch which is not upstreamable and set XSLTPROC to false
instead to disable documentation
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 48a9848cd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch is not needed since version 4.9.0 and
859698d29b
which solved the issue by avoiding calling this function.
Also renumber the remaining patches.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit df859a83f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mpd can't be built statically with tremor and vorbis, build fails on:
block.c:(.text+0x11c): multiple definition of `vorbis_block_init'
/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib/libvorbisidec.a(block.o):block.c:(.text+0x0): first defined here
/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/7.4.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: Disabling relaxation: it will not work with multiple definitions
/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib/libvorbis.a(block.o): In function `_vorbis_block_alloc':
Fix this by making both options mutually exclusive
It should be noted that upstream explicitly removed the possibility to
enable tremor and vorbis at the same time since version 0.21.6 and
c18cd941aa
Since we only have 0.20.23, it is still possible to build them together,
but there is clearly no need to allow it.
Fixes:
- http://autobuild.buildroot.org/results/60c721a82ffd668bebf02d80bca83780d6cdb2f2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5395b1ca45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop tremor select added by commit
d428dddf68
Indeed, nowadays, mpd can be built successfully even if there is no
input plugin selected.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5d4ee34c39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If a go host package is built using cgo, it needs access
to HOST_CFLAGS/HOST_LDFLAGS to utilize host packages it
might depend on.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Acked-by: Adam Duskett <aduskett@gmail.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d65b6b337b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2019-12308: AdminURLFieldWidget XSS¶
The clickable "Current URL" link generated by AdminURLFieldWidget displayed
the provided value without validating it as a safe URL. Thus, an
unvalidated value stored in the database, or a value provided as a URL query
parameter payload, could result in an clickable JavaScript link.
AdminURLFieldWidget now validates the provided value using URLValidator
before displaying the clickable link. You may customize the validator by
passing a validator_class kwarg to AdminURLFieldWidget.__init__(), e.g.
when using formfield_overrides.
Patched bundled jQuery for CVE-2019-11358: Prototype pollution¶
jQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because of
Object.prototype pollution. If an unsanitized source object contained an
enumerable __proto__ property, it could extend the native Object.prototype.
The bundled version of jQuery used by the Django admin has been patched to
allow for the select2 library’s use of jQuery.extend().
For more details, see the release notes:
https://docs.djangoproject.com/en/dev/releases/2.1.9/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 426084e25f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dosfstools and busybox may each install mkfs.vfat, so dosfstools must
be installed before busybox.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca42df2111)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gcc target abi options for powerpc were added by [1] and renamed by [2]
to BR2_PPC_ABI_* but never used. Since always BR2_GCC_TARGET_ABI is empty
when using a powerpc toolchain.
Buildroot currently support SPE and Classic target ABI, nothing seems
to require a specific gcc target abi option.
This patch is a cleanup like commit [3].
[1] 7d8a59b40e
[2] 98175bd43d
[3] fd08153b9d
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Cyril Bur <cyrilbur@gmail.com>
Cc: Sam Bobroff <sam.bobroff@au1.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This fixes a kernel 5.1.x compatibility issue. The only changes
between 0.12.1 and 0.12.2 are:
d3b198ef6f57ca512fb25147c9d85b922fd4651a Released v0.12.2
376c2c28bd7d4470cd92ff646d6087ca70cd9d2e fixed typo
6edc4b164b1f05bee74cb507a4f50776a65ceb73 mentioned support for 5.0.0
0b8feb80fdef9a415d8250bca1790b3ff23e8391 Replace v4l2_get_timestamp with ktime_get_ts(64)
541e3bc7aaf46dc9a21f92c7f527397fce03dfd8 Update README.md
So the only functional change is the actual ktime_get_ts() fix, which
is needed for Linux 5.1 compatibility. Therefore, bumping is pretty
much the same as backporting just this commit.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Thomas: extend the commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The following vulnerabilities have been fixed:
- wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778.
Update patches to use the ones merged upstream
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We can't use dosfstools' install target, because it'll install *all*
binaries, even the disabled ones. Also, we can't just delete dosfstools
binaries from the target directory after installing them, because other
packages (specifically Busybox) may provide tools of the same name, and
we may end up deleting those instead.
To avoid any issues, we create our own install routines, which only
copy the enabled binaries into the target location.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
[Thomas: use full destination path for INSTALL commands.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Provide additional details on how Mender works within Buildroot.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
[Thomas: remove duplicate "Default configuration files" title, rewrap
text]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
(3.41) CVE-2018-12404: Cache side-channel variant of the Bleichenbacher
attack
(3.42.1) CVE-2018-18508: Add additional null checks to several CMS functions
to fix a rare CMS crash. Thanks to Hanno Böck and Damian Poddebniak for the
discovery and fixes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
every encryption operation. RFC 7539 specifies that the nonce value (IV)
should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
front pads the nonce with 0 bytes if it is less than 12 bytes. However it
also incorrectly allows a nonce to be set of up to 16 bytes. In this case
only the last 12 bytes are significant and any additional leading bytes are
ignored.
It is a requirement of using this cipher that nonce values are unique.
Messages encrypted using a reused nonce value are susceptible to serious
confidentiality and integrity attacks. If an application changes the
default nonce length to be longer than 12 bytes and then makes a change to
the leading bytes of the nonce expecting the new value to be a new unique
nonce then such an application could inadvertently encrypt messages with a
reused nonce.
Additionally the ignored bytes in a long nonce are not covered by the
integrity guarantee of this cipher. Any application that relies on the
integrity of these ignored leading bytes of a long nonce may be further
affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is
safe because no such use sets such a long nonce value. However user
applications that use this cipher directly and set a non-default nonce
length to be longer than 12 bytes may be vulnerable.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since linux-4.19, the kernel's build system internally touches its
.config file.
However, we currently used that file as a timestamp to detect whether
our kconfig fixups were to be (re)applied or not, which in turn is used
to decide whether we should (re)build the package or not.
But with latest kernel versions, this timestamp heuristic is now broken,
and we always rebuild the kernel on subsequent builds.
We fix that by introducing a separate timestamp file of our own, which
we know the kernel (or the kconfig-based packages, for that matters)
does not use.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to the LICENSE file curve25519-donna is licensed under
BSD-3-Clause license.
There is only BSD-2-Clause license mentioned so remove
BSD-2-Clause-like.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This external toolchain is pre-built for x86, so it can only work on
x86 and x86-64, and for the latter, the ia32 libraries are necessary.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There are two additional inventory scripts provided in
the Mender client repository, let's install them.
- mender-inventory-os
- will push content of /etc/os-release
- mender-inventory-rootfs-type
- will push filesystem type of rootfs
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The configuration options (RootfsPartA/RootfsPartB) must
provide a valid path to a block devices.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Always set CMAKE_BUILD_TYPE to Release otherwise supertux will be built
with -pg since:
afd5f1b33c
This will result in the following build failure on uclibc or musl:
[ 77%] Linking C executable sq_static
CMakeFiles/sq_static.dir/sq.c.o: In function `quit':
/home/buildroot/autobuild/instance-3/output/build/supertux-0.6.0/external/squirrel/sq/sq.c:42: undefined reference to `__gnu_mcount_nc'
Fixes:
- http://autobuild.buildroot.org/results/b0b2e25af198d01713d1e2bcf38c77ae8ffbd7de
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
With Microblaze Gcc version < 8.x the build hangs due to bug 85180:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180
To avoid this, the flare-engine package has a
!BR2_TOOLCHAIN_HAS_GCC_BUG_85180 dependency. However, gcc bug 85180 only
triggers when optimization is enabled, so we can work around the issue
by passing -O0, which is what we do in other Buildroot packages to work
around this bug.
So, this commit passes -O0 when BR2_TOOLCHAIN_HAS_GCC_BUG_85180, and
re-enables flare-engine on Microblaze. It is not enough to set
CMAKE_CXX_FLAGS, because flare-engine's CMakeLists.txt sets
CMAKE_CXX_FLAGS_<BUILD_TYPE> (depending on the value of
CMAKE_BUILD_TYPE), and the build-type-specific flags come after the
generic flags, so our -O0 gets overridden again. Therefore, also set
CMAKE_BUILD_TYPE to the dummy value Buildroot.
Fixes:
http://autobuild.buildroot.net/results/706/7065e14917a8bbc0faf21b29183ac55b6c800ee3/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[Arnout: extend explanatory comment and update commit log]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Modify config.sub so that it knows about the C-SKY
architecture. Without this, all autotools projects fail to build on
C-SKY.
Signed-off-by: Guo Ren <ren_guo@c-sky.com>
[Thomas: improved commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some inline declarations of strtok_r (specifically in Sourcery CodeBench
Lite 2016.11-19) contain code where an '__s' local variable can be used
uninitialized.
When GCC expands that declaration in tpm2-totp, __s becomes an alias to
a variable which fact is not initialized, but this is not relevant since
the execution path leading to the uninitialized use is never followed.
Anyway, apply a patch already submitted upstream to fix the compilation
error.
Upstream bug report:
https://github.com/tpm2-software/tpm2-totp/issues/32
Fixes:
http://autobuild.buildroot.net/results/5693a35e4d6bc76a1f46fe0e217abc49f7188aad/
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
QT 5.6 fails to correctly detect gstreamer support with gstreamer 0.10
as a result libqgsttools_p.so is not built and build fails on:
cp: cannot stat '/home/buildroot/autobuild/run/instance-1/output/host/xtensa-buildroot-linux-uclibc/sysroot/usr/lib/libqgsttools*.so.*': No such file or directory
Fixes:
- http://autobuild.buildroot.org/results/c88afcd365418e29c89f247d9d887b5f786b0ec8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
To match the default kernel headers we use.
[Peter: drop 5.1.x bump, tweak commit message]
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For early microcode loading, there is no need to install the individual
microcode files to /lib/firmware - So make that optional.
Let the option default to y for backwards compatibility, and select it from
iucode-tool as the init script relies on the /lib/firmware files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To support building in (a subset of) the intel-microcode files into the
kernel using the CONFIG_EXTRA_FIRMWARE option, we need to ensure that the
microcode files are installed before the Linux kernel is built.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Microcode based security mitigation (E.G. MDS) requires that the microcode
gets loaded very early. This can be handled by one of:
- Concatenating (a subset of) the intel-microcode files and write to
kernel/x86/microcode/GenuineIntel.bin in the initrd. Requires that the
(first) initrd is external from the kernel and NOT compressed.
- Build (a subset of) the intel-microcode files into the kernel using the
CONFIG_EXTRA_FIRMWARE option.
Install the microcode files into images to support these use cases (E.G.
through a post-build script for the initrd, or by pointing
CONFIG_EXTRA_FIRMWARE_DIR to ${BR_BINARIES_DIR}, similar to how we include
the .cpio image inside the kernel).
Notice that there may be licensing concerns when embedded non-GPL firmware
in the kernel.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With Microblaze ccc version < 8.x the build hangs due to bug 85180:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180. To avoid this, the
assimp package has a !BR2_microblaze dependency. However, gcc bug
85180 only triggers when optimization is enabled, so we can work
around the issue by passing -O0, which is what we do in other
Buildroot packages to work around this bug.
So, this commit passes -O0 when BR2_TOOLCHAIN_HAS_GCC_BUG_85180, and
re-enables assimp on Microblaze.
Note that the comment was talking about gcc bug 71124, but this gcc
bug is a duplicate of 85180. Since all Buildroot packages now use the
reference to gcc bug 85180 and the option is named
BR2_TOOLCHAIN_HAS_GCC_BUG_85180, we use this naming as well for
assimp.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With Microblaze Gcc version < 8.x the build hangs due to gcc bug
85180: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180. To avoid
this problem, until now, ffmpeg could not be selected on
Microblaze. However, this problem only happens due to optimization,
and can worked around by forcing -O0.
So, when BR2_TOOLCHAIN_HAS_GCC_BUG_85180=y, this commit:
- adds --disable-optimizations to FFMPEG_CONF_OPTS
- passes -O0 to CFLAGS in FFMPEG_CONF_ENV
Then, we remove 'depends on !BR2_microblaze' from Config.in to
re-enable the package.
Note that the comment was talking about gcc bug 71124, but this gcc
bug is a duplicate of 85180. Since all Buildroot packages now use the
reference to gcc bug 85180 and the option is named
BR2_TOOLCHAIN_HAS_GCC_BUG_85180, we use this naming as well for
ffmpeg.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[Thomas: tweak CFLAGS logic, improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With Microblaze Gcc version < 8.x the build hangs to gcc bug 85180:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180. This package has
been excluded from building if the toolchain is affected by gcc bug
85180. To be consistent with how we deal with this issue in other
packages, we re-enable the package and instead work around the issue
by building with -O0, since gcc bug 85180 manifests itself only when
optimization is enabled.
To achieve this:
- add --disable-optimizations to EXTRA_OPTS, which gets passed down to
the built-in libav library
- pass -O0 to CFLAGS in CONF_ENV
Then we remove 'depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_85180' and its
comment if not available from Config.in
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[Thomas: tweak CFLAGS logic, improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 8d8d4ecaf1 ("package/glibmm: work
around gcc bug 85180") was incorrect reworked by me, and
TARGET_CXXFLAGS was used instead of GLIBMM_CXXFLAGS, causing the
Microblaze workaround to be ineffective. This new commit fixes this
typo.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a new major release which brings in many improvements and new
features. For a complete list, please refer to the release notes:
https://webkitgtk.org/2019/03/13/webkitgtk2.24.0-released.htmlhttps://webkitgtk.org/2019/04/09/webkitgtk2.24.1-released.htmlhttps://webkitgtk.org/2019/05/17/webkitgtk2.24.2-released.html
Updating to version 2.24.2 also includes fixes for CVE-2019-6201,
CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503,
CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523,
CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544,
CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563,
CVE-2019-11070, CVE-2019-6237, CVE-2019-8571, CVE-2019-8583,
CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594,
CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601,
CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610,
CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, and
CVE-2019-8623.
The detailed security advisories can be found at:
https://webkitgtk.org/security/WSA-2019-0002.htmlhttps://webkitgtk.org/security/WSA-2019-0003.html
The BR2_PACKAGE_WEBKITGTK_ARCH_SUPPORTS_JIT configuration symbol is not
needed anymore, because the logic to decide whether the JavaScriptCore
JIT spport can be enabled has been improved upstream.
One of the new features in 2.24.x is the support for JPEG2000 images,
which is implemented using the OpenJPEG library. Therefore now
BR2_PACKAGE_OPENJPEG is selected.
This adds one small patch which did not make it to the 2.24.2 release
which solves a build issue when the building the GStreamer GL elements
is disabled.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
/lib/grub is already ignored, so add /usr/lib/grub to support
BR2_ROOTFS_MERGED_USR.
Signed-off-by: Alex Xu <alex_y_xu@yahoo.ca>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Includes MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
Move to the Intel github repo as this release is not yet available on
downloadmirror.intel.com.
Update license hash because of copyright year and DOS/UNIX newlines change.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Contains the following security related fixes:
- Race condition possibility; CWE-362: Concurrent Execution using
Shared Resource with Improper Synchronization ('Race Condition'):
36c8eae890
- Fix realloc error handling:
430043842e
Update hash of COPYING and remove MIT from licenses because sd-daemon
files were removed:
0984e0f4a0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pcsc-lite is not only licensed under BSD-3-Clause, so retrieve licenses
from COPYING (BSD-2-Clause, GPL-3.0+, MIT, ISC) and add GPL-3.0.txt to
license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch is not needed as static build has been disabled since
commit ad8c327053
Moreover, pthread dependency should be correctly retrieved from
libusb-1.0.pc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The project has been moved from the kergoth user account to the
libts organisation on github. While github seems to maintain redirects,
we should use the new location directly.
Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
`NAME` is not set resulting in a pidfile without a basename:
`/var/run/.pid`. Use the correct variable `DAEMON` instead.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current URL no longer exists, so update it to what looks like the
main DHCP upstream site.
This issue was noticed by the upstream URL check added by Matt Weber
in the pkg-stats script, whose results are visible at
http://autobuild.buildroot.net/stats/.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2013-1752: Change use of readline() in :class:`imaplib.IMAP4_SSL` to limit line length
- CVE-2018-14647: The C accelerated _elementtree module now initializes hash
randomization salt from _Py_HashSecret instead of libexpat's default
CSPRNG.
For more details, see the NEWS file:
https://github.com/python/cpython/blob/v2.7.16/Misc/NEWS.d/2.7.16rc1.rst
Refresh patches, drop now upstream
package/python/0035-bpo-35746-Fix-segfault-in-ssl-s-cert-parser-GH-11569.patch
and adjust hash of LICENSE file for a change of copyright years.
run-tests results:
16:05:41 TestPython2 Starting
16:05:42 TestPython2 Building
16:11:26 TestPython2 Building done
16:11:32 TestPython2 Cleaning up
.
----------------------------------------------------------------------
Ran 1 test in 351.905s
OK
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now wpebackend-fdo depends only on HAS_LIBEGL but if libegl is not of
wayland type, build breaks due to different EGLNativeWindowType types
depending on backends(fb,x11,wl).
Modify:
'depend on BR2_PACKAGE_HAS_LIBEGL'
to:
'depend on BR2_PACKAGE_HAS_LIBEGL_WAYLAND'
in Config.in to avoid building if there is not a wayland egl backend.
Modify also comment in Config.in when package is not selectable
mentioning the need to have an OpenEGL-capable Wayland backend.
Fixes:
http://autobuild.buildroot.net/results/4f02b91f6ffffd194e09ed18c917b4f678b1a52d/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-pkg-conf is already in default lynx's dependencies so remove it
from openssl condition block.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In case of BR2_STATIC_LIBS=y the linking with libidn fails because
linker can't resolve libiconv symbols needed by libidn. Fix it by
required LIBS for libidn generated by pkg-conf.
The issue can be reproduced with the following defconfig:
BR2_x86_i686=y
BR2_STATIC_LIBS=y
BR2_PACKAGE_LIBICONV=y
BR2_PACKAGE_LIBIDN=y
BR2_PACKAGE_LYNX=y
Fixes:
http://autobuild.buildroot.net/results/23a421e15c32b17ff2f69f183a2e8620ecb93316/
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/eeb2863c6237aac8428e49a5ee514d43088b0fb8http://autobuild.buildroot.net/results/f938fd1515f1d6e11b57aa6e314135789da52a44
In commit 6da049f8ae ("package/netsurf:
fix build"), the CC variable passed to netsurf's build system was
extended to pass some special -I and -L options needed for netsurf to
find its own headers/libraries.
Unfortunately, on some systems (including mine), it breaks the build,
due to:
toolpath_ := $(shell /bin/which $(CC__))
when $(CC__) contains some -I/-L options, they are considered to be
options "to which", which causes the funny:
/usr/bin/make install --directory=libnslog HOST=arm-buildroot-linux-uclibcgnueabi PREFIX=/home/thomas/projets/outputs/shared-netsurf/build/netsurf-3.8/tmpusr Q=@ WARNFLAGS='-Wall -W -Wno-error' DESTDIR=
make[3]: warning: jobserver unavailable: using -j1. Add '+' to parent make rule.
/bin/which: invalid option -- 'I'
/bin/which: invalid option -- '/'
/bin/which: invalid option -- 'h'
/bin/which: invalid option -- 'o'
/bin/which: invalid option -- 'm'
/bin/which: invalid option -- 'e'
/bin/which: invalid option -- '/'
/bin/which: invalid option -- 't'
/bin/which: invalid option -- 'h'
/bin/which: invalid option -- 'o'
/bin/which: invalid option -- 'm'
/bin/which: invalid option -- 's'
/bin/which: invalid option -- '/'
[...]
/bin/which: invalid option -- 'l'
/bin/which: invalid option -- 'b'
/bin/which: --read-alias, -i: Warning: stdin is a tty.
and the build simply hangs.
We cannot pass CFLAGS/LDFLAGS as make options, as they would override
the CFLAGS definitions in netsurf Makefiles. However, those Makefiles
use the construct:
CFLAGS := $(CFLAGS) -more-flags
so by passing CFLAGS and LDFLAGS through the make environment, which
can achieve our goal.
It is worth mentioning that it remains very fragile, because
CFLAGS/LDFLAGS are used both for building target objects but also some
host tools. The netsurf build system is really not good.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit b2e16ea64a tried to remove
gstreamer 0.10 support by removing its dependency but this was just
masking the issue as we have a build failure with gstreamer 0.10
So put back this dependency.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
preadv/pwritev don't provide separate version for 64-bit wide off_t,
and default to 32-bit wide off_t, which results in a mismatch between
declaration and definition for user programs built with
-D_FILE_OFFSET_BITS=64.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Between glibc 2.28 and glibc 2.29, commit
89983cb37c9319806a551e8fe9f3a11ff8f973e1 ("Update siginfo constants
from Linux kernel (bug 21286)") was merged. This commit moved the
TRAP_HWBKPT definition from an IA64-specific header to an
architecture-agnostic header.
This change exhibited a build issue that until then was only visible
on IA64 (which Buildroot does not support). This Buildroot commit
backports a patch from gdb upstream (which is in gdb since 8.2) which
mentions IA64 because it was originally meant to fix only the
IA64-related issue. But the glibc change, this change has become
visible on all architectures.
Fixes:
- No autobuilder failures
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Between glibc 2.28 and glibc 2.29, commit
89983cb37c9319806a551e8fe9f3a11ff8f973e1 ("Update siginfo constants
from Linux kernel (bug 21286)") was merged. This commit moved the
TRAP_HWBKPT definition from an IA64-specific header to an
architecture-agnostic header.
This change exhibited a build issue that until then was only visible
on IA64 (which Buildroot does not support). This Buildroot commit
backports a patch from gdb upstream (which is in gdb since 8.2) which
mentions IA64 because it was originally meant to fix only the
IA64-related issue. But the glibc change, this change has become
visible on all architectures.
Fixes:
- No autobuilder failures
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Install generated trusted shared libraries in the target file
system next to the trusted applications.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change fixes the TA binary files install sequence that were
previously install in target filesystem though
OPTEE_OS_INSTALL_IMAGES_CMDS instead of expected
OPTEE_OS_INSTALL_TARGET_CMDS.
This change removes useless mkdir prior call to $(INSTALL) that
already handles parent directory creation when needed.
This change conditions the .ta files installation upon their
availability as they may exist or not depending on the exact OPTEE
version/configuration selected.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
CVE-2018-16860: The checksum validation in the S4U2Self handler in the
embedded Heimdal KDC did not first confirm that the checksum was keyed,
allowing replacement of the requested target (client) principal.
For more details, see the advisory:
https://www.samba.org/samba/security/CVE-2018-16860.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Between glibc 2.28 and glibc 2.29, commit
89983cb37c9319806a551e8fe9f3a11ff8f973e1 ("Update siginfo constants
from Linux kernel (bug 21286)") was merged. This commit moved the
TRAP_HWBKPT definition from an IA64-specific header to an
architecture-agnostic header.
This change exhibited a build issue that until then was only visible
on IA64 (which Buildroot does not support). This Buildroot commit
backports a patch from gdb upstream (which is in gdb since 8.2) which
mentions IA64 because it was originally meant to fix only the
IA64-related issue. But the glibc change, this change has become
visible on all architectures.
Fixes:
- http://autobuild.buildroot.org/results/a81eb395bd95306fcbb07c1443c9134fd63fa379
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: extend commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In particular, the manual was incorrect when the user had selected an
out-of-tree build.
Signed-off-by: Charlie Turner <cturner@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
qt5enginio needs Qt5 with ssl support, a dependency could be added on
BR2_PACKAGE_QT5BASE_OPENSSL but this proposal was rejected in the first
iteration of this patch.
Qt5 has ssl support through libressl on Qt 5.6 or openssl in latest Qt
however we can't select libressl without adding a circular dependency as
some packages (such as sqlcipher) force openssl through
BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL.
Any solution at the Kconfig level that tries to select libressl will
lead to circular dependencies. Since Qt 5.6 is more or less deprecated
anyway, and since it is not tested in the autobuilders, solve this with
a comment. The comment is only shown for Qt 5.6, when libressl is not
selected. Note that it is also shown when qt5enginio is not selected.
Fixes:
- http://autobuild.buildroot.org/results/60678cab68ec9aa17184b8417b64b3b79adf428a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add hint about which package needs to be installed to provide IA32 libs
support for the host when it is needed.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following commit fee29b05bb
("configs/pc_x86_64_efi: use a GPT partition table"),
board/pc/grub-efi.cfg is no longer used anywhere: the
post-image-efi-gpt.sh script generates the grub configuration.
Also, since post-image-efi-gpt.sh generates a grub configuration file
that uses the root filesystem partition UUID as the root= kernel
argument, the instructions in the readme.txt file to tweak root= from
/dev/sda2 to /dev/vda2 is no longer relevant. This was noted in the
commit log of fee29b05bb:
The root filesystem location is passed to the kernel by a partition
UUID, so it is possible to boot on QEMU, directly from the disk image,
or dump the image to a physical device.
Fixes: #11841
Cc: Pete Morici <pmorici@dev295.com>
Cc: Carlos A. M. dos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2019-10129: Memory disclosure in partition routing
Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes
of server memory by executing a purpose-crafted INSERT statement to a
partitioned table.
CVE-2019-10130: Selectivity estimators bypass row security policies
PostgreSQL maintains statistics for tables by sampling data available in
columns; this data is consulted during the query planning process. Prior to
this release, a user able to execute SQL queries with permissions to read a
given column could craft a leaky operator that could read whatever data had
been sampled from that column. If this happened to include values from rows
that the user is forbidden to see by a row security policy, the user could
effectively bypass the policy. This is fixed by only allowing a
non-leakproof operator to use this data if there are no relevant row
security policies for the table.
For more details, see the release notes:
https://www.postgresql.org/about/news/1939/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Threads dependency has been added in 2015 with commit
07c1ad4647 however bind can be built
without threads thanks to --disable-threads
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Static build has been disabled in 2014 with commit
6045904752 however bind can be built
statically thanks to --without-dlopen so enable it back
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
lua plugin has been added in version 5.6.0 with
023092323c
Disabled it otherwise it'll be enabled if liblua is found
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
./libbotan-2.a(utils_filesystem.o): In function `Botan::get_files_recursive(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)':
filesystem.cpp:(.text+0x758): undefined reference to `__atomic_fetch_sub_4'
# Override FFMPEG_CONFIGURE_CMDS: FFmpeg does not support --target and others
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
