Fixes:
TypeError: cannot use a str to initialize an array with typecode 'B'
File "../../scripts/file_to_c.py", line 32, in main
for x in array.array("B", inf.read()):
for x in array.array("B", inf.read()):
TypeError: cannot use a str to initialize an array with typecode 'B'
TypeError: cannot use a str to initialize an array with typecode 'B'
Signed-off-by: Romain Naour <romain.naour@smile.fr>
[Peter: reword commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 876e1b3479)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
optee-os needs host-python-pycrypto build for python3. The only way we can
force building host-python modules for python3 is to select python3 package
for the target.
Since we want to avoid adding more host-python3-<modules>
(host-python-pycrypto host-python-pyelftools), select python3 package
even if it's not used.
This problem will be fixed as soon as python2 is removed.
Fixes:
File "scripts/pem_to_pub_c.py", line 24, in main
from Crypto.PublicKey import RSA
ImportError: No module named 'Crypto'
https://gitlab.com/buildroot.org/buildroot/-/jobs/456818689
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9f16ddcdc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
xtensa ld fails with the following message
ld: BFD (GNU Binutils) 2.31.1 internal error, aborting at
elf32-xtensa.c:3283 in elf_xtensa_finish_dynamic_sections
during domoticz package build. It happens because of mismatch between
the size allocated for dynamic relocations in the executable image and
the number of PLT relocations actually written to the image. The
mismatch is caused by the fact that undefined weak symbol is treated as
dynamic (and thus needing PLT relocation), but xtensa linker not
expecting that.
Fixes: http://autobuild.buildroot.net/results/7885705f1b1c0f31cf21b464150f5509929c1906/
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Backported from: e15a8da9c71336b06cb5f2706c3f6b7e6ddd95a3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1b887cfc69)
[Peter; drop 2.33.1 patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch site to github to get latest release
- Drop first and second patches (already in version)
- Drop third patch and OPENSSL_INCLUDE_DIR (not needed since
4e713175ea)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d97153beb7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The web-interface files (~1.8MB) are by default installed under
/usr/share/doc/cups, which is unfortunate as Buildroot removes usr/share/doc
in target-finalize, breaking the webui.
As a fix, store the web-interface files under /usr/share/cups/doc-root,
similar to how it is done in Debian.
Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru>
[Peter: use --with-docdir, update description]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 07ea16bd9e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The SWUPDATE_SET_BUILD_OPTIONS macro sets a number of swupdate
configuration options with local build details, especially the
cross-compiler path and sysroot path.
This means that if one stores an swupdate defconfig file as part of
Buildroot, generated with "make swupdate-update-defconfig", it will
contain things like:
CONFIG_CROSS_COMPILE="/home/thomas/projets/buildroot/output/host/bin/arm-linux-"
CONFIG_SYSROOT="/home/thomas/projets/buildroot/output/host/arm-buildroot-linux-uclibcgnueabi/sysroot"
which obviously are not good, as they are specific to where the build
was done.
So instead this commit:
- Uses the CROSS_COMPILE environment variable to pass the
cross-compiler path.
- Drops entirely the use of CONFIG_SYSROOT, since all it does is pass
a --sysroot option to the compiler, which is not needed in the
context of Buildroot.
- Pass EXTRA_CFLAGS/EXTRA_LDFLAGS also through the environment.
Thanks to that the swupdate defconfig file no longer contains any
local build details, and can be re-used by different users of a given
Buildroot configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 716f43153e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- disable introspection unconditionally (as already done for all
other original gstreamer1 packages)
- use '=' instead of '+=' for the first usage of GST1_VALIDATE_CONF_OPTS
Fixes:
http://autobuild.buildroot.net/results/e6e43fb85c71af9bb599ea8bbe2e805b392cf1ad
GEN GstValidate-1.0.gir
Couldn't find include 'GstPbutils-1.0.gir' (search path: '['/nvmedata/autobuild/instance-6/output-1/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/bin/../share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/nvmedata/autobuild/instance-6/output-1/host/share', 'gir-1.0', '/nvmedata/autobuild/instance-6/output-1/host/share/gir-1.0', '/usr/share/gir-1.0']')
make[5]: *** [Makefile:1612: GstValidate-1.0.gir] Error 1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4f64face1f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-thrift can fail if a broken Qt4 is found on host:
CMake Error in lib/cpp/CMakeLists.txt:
Imported target "Qt4::QtCore" includes non-existent path
"/nvmedata/autobuild/instance-4/output-1/host/usr/mkspecs/default"
in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:
* The path was deleted, renamed, or moved to another location.
* An install or uninstall procedure did not complete successfully.
* The installation package was faulty and references files it does not
provide.
Fixes:
- http://autobuild.buildroot.org/results/57cad5313896c868e99b0b9534678f1c83a386f2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2f81865717)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (since 1.60):
- 1.61 2020-01-11 Fixed errors in the documentation for bcm2835_spi_write.
Fixes issue seen on Raspberry Pi 4 boards where 64-bit off_t is used by
default via -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64. The offset was
being incorrectly converted, this way is clearer and fixes the problem.
Contributed by Jonathan Perkin.
- 1.62 2020-01-12 Fixed a problem that could cause compile failures with
size_t and off_t
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3cbf70366f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
checking for a Python interpreter with version >= 2.6... none
configure: error: no suitable Python interpreter found
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 93490c2583)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It was discovered the fix for CVE-2018-19758 (libsndfile) was not
complete and still allows a read beyond the limits of a buffer in
wav_write_header() function in wav.c. A local attacker may use this flaw
to make the application crash.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3426b37ebb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is a heap-based buffer over-read at wav.c in wav_write_header in
libsndfile 1.0.28 that will cause a denial of service.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 27acdca7ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Several users of rolling-release distributions have been reporting on
IRC that Buildroot is broken now that they have switched to the newly
released make 4.3.
It turns out that the constructs we use to generated and include the
internal br2-external related fragments is no longer working with
make-4.3.
Indeed, an upstream bug report [0] seems to imply that it so far was
working by chance. There has been no further feedback, whether this is
really considered a fix for a previous ill-defined behaviour, or an
actual regression...
In the meantime, we add a workaround, suggested in that same bug report,
that fixes the issue for make 4.3, and that should not break on older
make versions either (verified on all relevant versions: from 3.81,
3.82, 4.0, 4.1, and 4.2).
[0] https://savannah.gnu.org/bugs/?57676
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Mircea Gliga <mgliga@bitdefender.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9e2128bf50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-1010301: jhead 3.03 is affected by: Buffer Overflow. The
impact is: Denial of service. The component is: gpsinfo.c Line 151
ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG
file.
- Fix CVE-2019-1010302: jhead 3.03 is affected by: Incorrect Access
Control. The impact is: Denial of service. The component is: iptc.c
Line 122 show_IPTC(). The attack vector is: the victim must open a
specially crafted JPEG file.
- Fix CVE-2019-19035: jhead 3.03 is affected by: heap-based buffer
over-read. The impact is: Denial of service. The component is:
ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is:
Open a specially crafted JPEG file.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit faf755b491)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9ea528f84b (package/python-nfc: bump to version 0.13.5) changed the
python-nfc package to download from github, so the package no longer needs
bzr on the host.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 06417e97e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to
overwrite arbitrary files via a .. (dot dot) in a zip file, because of
the function unzzip_cat in the bins/unzzipcat-mem.c file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 401d18b2e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in ZZIPlib through 0.13.69. There is a memory
leak triggered in the function __zzip_parse_root_directory in zip.c,
which will lead to a denial of service attack.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ffd556f407)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ad9c33935b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings
beginning with a ! character. NOTE: this is the same commit as for
CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to
a shell metacharacter.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0835550ce9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a
memory leak (CWE-655) in VNC server code, which allow an attacker to
read stack memory and can be abused for information disclosure. Combined
with another vulnerability, it can be used to leak stack memory and
bypass ASLR. This attack appear to be exploitable via network
connectivity. These vulnerabilities have been fixed in commit
d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 05bf029c11)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability
in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b10cee5326)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib
1.11.1 allows remote attackers to cause information disclosure
(heap-based buffer over-read) via a crafted audio file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 70b2411cee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In TagLib 1.11.1, the rebuildAggregateFrames function in
id3v2framefactory.cpp has a pointer to cast vulnerability, which allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted audio file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 85ed0d1c09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building qdoc requires a llvm and clang for the host.
However, there is a limitation in the llvm and clang packages in
Buildroot, which makes it impossible to have a host variant without
a target variant.
So, propagate the dependencies of the target llvm and clang, to ensure
we can only have a host-llvm and -clang packages that are correctly
built.
Note that we do propagate all of the dependencies (instead of just the
architecture part), to be consistent.
Reported-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 546a4e1c1f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
3.0.7:
- CVE-2019-19553: In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS
dissector could crash. This was addressed in
epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object
identifier is set to NULL after a ContentInfo dissection.
3.0.8:
- CVE-2020-7045: In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could
crash. This was addressed in epan/dissectors/packet-btatt.c by validating
opcodes.
3.0.9:
- CVE-2020-9428: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to
2.6.14, the EAP dissector could crash. This was addressed in
epan/dissectors/packet-eap.c by using more careful sscanf parsing.
- CVE-2020-9430: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to
2.6.14, the WiMax DLMAP dissector could crash. This was addressed in
plugins/epan/wimax/msg_dlmap.c by validating a length field.
- CVE-2020-9431: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to
2.6.14, the LTE RRC dissector could leak memory. This was addressed in
epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a
stack-based buffer over-read.
Same patch as for CVE-2017-14160
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- update 0001-*.patch to also reference CVE-2018-10393
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e21730db5c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not
validate the number of channels, which allows remote attackers to cause
a denial of service (heap-based buffer overflow or over-read) or
possibly have unspecified other impact via a crafted file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3321eef6f2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and
Android, has a buffer overflow in the dev_map_read function in
btt/devmap.c because the device and devno arrays are too small, as
demonstrated by an invalid free when using the btt program with a
crafted file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8c0ecc91b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read
has been detected in the pure_strcmp function in utils.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6ef8420dd8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through
2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a
different issue than CVE-2020-6851.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 190964b668)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenJPEG through 2.3.1 has a heap-based buffer overflow in
opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of
opj_j2k_update_image_dimensions validation.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a3b1f2885e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In OpenJPEG 2.3.1, there is excessive iteration in the
opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could
leverage this vulnerability to cause a denial of service via a crafted
bmp file. This issue is similar to CVE-2018-6616.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5934e676f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in
the HTTP request parsing logic. By sending a crafted multipart/form-data
HTTP request, an attacker could exploit this to force shellinaboxd into
an infinite loop, exhausting available CPU resources and taking the
service down.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5553223297)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in Suricata 5.0.0. It is possible to
bypass/evade any tcp based signature by overlapping a TCP segment with a
fake FIN packet. The fake FIN packet is injected just before the PUSH
ACK packet we want to bypass. The PUSH ACK packet (containing the data)
will be ignored by Suricata because it overlaps the FIN packet (the
sequence and ack number are identical in the two packets). The client
will ignore the fake FIN packet because the ACK flag is not set. Both
linux and windows clients are ignoring the injected packet.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2914843b39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
/usr/bin/suricatactl and /usr/bin/suricatasc have their interpreter set
to the path of python in the HOST machine.
Use distutils' option '-e' to specify a better shabang.
[yann.morin.1998@free.fr:
- author did not provide their SoB, but it's simple enough to
not require it for once
- reword commit log
- use git-formatted patch, with a proper commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 061768a040)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666
regardless of the configured umask, leading to disclosure of information
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7d74283309)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream patch to fix CVE-2018-19876: cairo 1.16.0, in
cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a
free function incompatible with WebKit's fastMalloc, leading to an
application crash with a "free(): invalid pointer" error.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 91b150dc33)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input
file can result in an infinite loop and hang, with high CPU consumption.
Remote attackers could leverage this vulnerability to cause a denial of
service via a crafted file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d8be0e4cd4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in
types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory
in crwimage_int.cpp, because there is no validation of the relationship
of the total size to the offset and size.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d383b46ac1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-15682: RDesktop version 1.8.4 contains multiple
out-of-bound access read vulnerabilities in its code, which results in
a denial of service (DoS) condition. This attack appear to be
exploitable via network connectivity. These issues have been fixed in
version 1.8.5
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ffb50125b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
keymaps and save-keymaps require kbd_mode and dumpkeys, respectively, so
remove them if the kbd package is not selected (e.g. devices with serial
console, only).
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr:
- expand to three commands to match the existing hook
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0acd05423d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openrc provides scripts that have been written for the big-gun kmod, and
so use options unknown to the busybox' provided applets:
- Busybox modprobe does not have a "--first-time" option,
- the "--verbose" option is just "-v",
- the "--use-blacklist" option is just "-b". Also blacklist support is
not selected in our default busybox configuration.
One of two options, is to "fix" or "adapt" openrc's scripts to busybox,
which means for the openrc package to go peek into files from the
busybox package, which is not nice, and can't work because that is not
available by the time we scan our Makefiles.
The other option, which this patch implements, is to just add a
dependency onto kmod and its tools.
Reported-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4cc586695f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In all steps, we print the message indicating the start of the step
using the MESSAGE macro before running pre-hooks. Except in the image
installation step, where the message is printed after the pre-hooks.
Let's fix this inconsistency.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 15e96f9417)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-9308: archive_read_support_format_rar5.c in libarchive
before 3.4.2 attempts to unpack a RAR5 file with an invalid or
corrupted header (such as a header size of zero), leading to a SIGSEGV
or possibly unspecified other impact.
- use --with-nettle to enable nettle support, see
f96a71144b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- drop new optional dependency to mbedtsl, forced off for now
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6785c19bf5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in
packet.c has an integer overflow in a bounds check, enabling an attacker
to specify an arbitrary (out-of-bounds) offset for a subsequent memory
read. A crafted SSH server may be able to disclose sensitive information
or cause a denial of service condition on the client system when a user
connects to the server.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8d76402ee1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A vulnerability was found in dnsmasq before version 2.81, where the
memory leak allows remote attackers to cause a denial of service
(memory consumption) via vectors involving DHCP response creation.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d0063f2ff1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-17543: LZ4 before 1.9.2 has a heap-based buffer overflow
in LZ4_write32 (related to LZ4_compress_destSize), affecting
applications that call LZ4_compress_fast with a large input. (This
issue can also lead to data corruption.) NOTE: the vendor states "only
a few specific / uncommon usages of the API are at risk."
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4390b365a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-20044: In Zsh before 5.8, attackers able to execute
commands can regain privileges dropped by the --no-PRIVILEGED option.
Zsh fails to overwrite the saved uid, so the original privileges can
be restored by executing MODULE_PATH=/dir/with/module zmodload with a
module that calls setuid().
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 141ec69812)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, fixing a number of issues. For details, see the
announcement:
https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final
Adjust the spacing in the hash file and update the hash of the license file
for a change in copyright years:
-2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Python Software Foundation;
+2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Python Software Foundation;
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ed19f4d231)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host-swig package installs the swig binary as 'swig' and adds a
swig<major> symlink (E.G. swig4.0). This causes issues for older software
which may not know about the 4.0 version of swig, E.G. CMake 3.10.x
contains the following swig detection logic:
find_program(SWIG_EXECUTABLE NAMES swig3.0 swig2.0 swig)
If the host has a 3.x or 2.x variant of swig installed, then that will be
used instead of our host-swig.
As a workaround, also add a swig3.0 symlink so our host-swig will be used.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Peter: reworded]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 738cefe700)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-9273: In ProFTPD 1.3.7, it is possible to corrupt the memory pool
by interrupting the data transfer channel. This triggers a use-after-free
in alloc_pool in pool.c, and possible remote code execution.
And additionally, fixes a number of other issues. For details, see the
release notes:
https://github.com/proftpd/proftpd/blob/1.3.6/RELEASE_NOTES
This also bumps the bundled libcap, so
0001-fix-kernel-header-capability-version.patch can be dropped.
While we are at it, adjust the white space in the .hash function to match
the new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a1859b6204)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
brltty builds host tools which rely on the expat library, and
pkg-config is used to detect the expat library.
Since commit cd16e18584 ("pkgconf:
always keep system libs"), the wrapper script added
--keep-system-libs, which adds a -L$(STAGING_DIR)/usr/lib to the
pkg-config results instead of just -lexpat. So, previously, by chance,
the pkg-config result for the target expat was "good enough" for the
host expat as well. But now that -L$(STAGING_DIR)/usr/lib is added, it
breaks the build in all sort of ways as obviously building host
binaries with the library search path pointing to $(STAGING_DIR) is
not a good idea.
To fix that, this commit adjusts the brltty build system so that the
PKG_CONFIG_FOR_BUILD variable is used when using pkg-config to build
host binaries.
Fixes:
http://autobuild.buildroot.net/results/5a64dfb845389882c366b6c91aaf5868c090a802/
Many thanks to the initial work from Fabrice Fontaine at
http://patchwork.ozlabs.org/patch/1238163/ which provided an initial
starting point for this investigation.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7bed3ee409)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a patch to correct a typo in the Makefile, so -fno-stack-protector /
-fno-stack-protector-all are really used. With this applied, kvm-unit-tests
will always be built without SSP as intented by upstream. This will fix the
build on ppc64 with SSP that started to fail for an unknown reason since
November 27th.
Moreover, the Arch Linux workaround could also be removed in a follow-up
patch.
Fixes:
- http://autobuild.buildroot.org/results/ad689b08173548af21dd1fb0e827fd561de6dfef
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dc006056bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The regular expressions used in the sed commands assumes that there is a
space after '/dev/root' but the skeleton file contains a tab. Use a more
flexible '[[:blank:]]', instead.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c51c981a06)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Call BUSYBOX_INSTALL_INDIVIDUAL_BINARIES in BUSYBOX_INSTALL_TARGET_CMDS,
not in BUSYBOX_INSTALL_INIT_SYSV. This should have been done in commit
b1e07d6d79 but was somehow lost during the
review/aply process.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3da205b274)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Unlike <PKG>_DEPENDENCIES, <PKG>_PATCH_DEPENDENCIES only guarantees
extract and patch of listed dependencies, not build. Make this subtlety
more explicit in the documentation.
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[yann.morin.1998@free.fr: slight fix]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d01e808bfe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix potential memory overread when performing an ECDSA signature
operation. The overread only happens with cryptographically low
probability (of the order of 2^-n where n is the bitsize of the
curve) unless the RNG is broken, and could result in information
disclosure or denial of service (application crash or extra resource
consumption).
- To avoid a side channel vulnerability when parsing an RSA private
key, read all the CRT parameters from the DER structure rather than
reconstructing them.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 07fd2da595)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Create the staging symlink the same way as the host symlink. This means
using a make dependency rather than recreating it every time.
In coreutils versions below 8.27, re-creation of symbolic links was not
atomic. This means that there is a period in time where the existing link is
removed, before the new one is created. In coreutils 8.27 this was fixed,
see [1]. Note that CentOS 7 ships with coreutils 8.22.
In the following scenario, this is a problem:
- an application is compiled using the sysroot prepared by Buildroot and
links against Xenomai userspace libraries, but its build process is steered
from outside of Buildroot
- to know the correct flags, the application makefile uses the 'xeno-config'
file to request them, and passes DESTDIR=/buildroot/output/staging
- the xeno-config responds with flags based on the path
'/buildroot/output/staging/...'
- while the application build is ongoing, a 'make' happens in Buildroot,
causing the 'staging' symlink to be recreated (even though it already
existed)
- when exactly at this time, the application calls the compiler with -I
flags pointing to output/staging, the build fails with:
-I/buildroot/output/staging/usr/include/xenomai/mercury: Error: ^ is not a directory
-I/buildroot/output/staging/usr/include/xenomai: Error: ^ is not a directory
-I/buildroot/output/staging/usr/include/xenomai/xenomai: Error: ^ is not a directory
-I/buildroot/output/staging/usr/include/xenomai/psos: Error: ^ is not a directory
Failed: ** ^ *
Work around this problem by only creating the staging symlink once, similar
to how the host symlink (if any) is created.
See also commit d0f4f95e39 which changed the
way these symlinks are made. The reasoning in this commit is to move away
from the 'dirs' target.
[1] 376967889e
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9b82442314)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues (12.15.0):
- CVE-2019-15606: HTTP header values do not have trailing OWS trimmed
- CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding
header
- CVE-2019-15604: Remotely trigger an assertion on a TLS server with a
malformed certificate string
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
On top of this, 12.16.0 brings a number of changes and bugfixes.
Update the license hash for an addition of the (MIT) licensing terms for the
uvwsai module:
+
+- uvwasi, located at deps/uvwasi, is licensed as follows:
+ """
+ MIT License
+
+ Copyright (c) 2019 Colin Ihrig and Contributors
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in all
+ copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.
+ """
While we are at it, adjust the white space in the .hash function to match
the new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 61810db518)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package instrumentation step 'step_pkg_size' is populating the files:
output/build/packages-file-list.txt
output/build/packages-file-list-staging.txt
output/build/packages-file-list-host.txt
by comparing the list of files before and after installation of a package,
with some clever tricks to detect changes to existing files etc.
As an optimization, instead of gathering this list before and after each
package, where the 'after-state' of one package is the same as the
'before-state' of the next package, only the 'after-state' is used and
is shared between packages.
This works fine, except at the end of the build, as explained next.
In the target-finalize step, many files will be touched. For example, files
like /etc/hosts, /etc/os-release, but also all object files that are
stripped, and all files touched by post-build scripts or created by rootfs
overlays. This means that the 'after-state' of the last package does not
reflect the actual situation after target-finalize is run.
For a single complete build this poses no problem. But, if one incrementally
rebuilds a package after the initial build, e.g. with 'make foo-rebuild',
then all changes that happened in target-finalize at the end of the initial
build (the 'after-state' of the last package built) will be detected as
changes caused by the rebuild of package foo. As a result, all these files
will incorrectly be treated as 'owned' by package foo.
Correct this situation by capturing a new state at the end of
target-finalize, so that the 'before-state' of an incremental build will be
correct.
Note: the reasoning above talks about packages-file-list.txt and
target-finalize, but also applies to
packages-file-list-staging.txt/staging-finalize and
packages-file-list-host.txt/host-finalize.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 509db3b88a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-1720: ALTER ... DEPENDS ON EXTENSION is missing authorization checks
https://www.postgresql.org/about/news/2011/
Update the license hash for a change in copyright years:
-Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
+Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 832ff93c89)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and
lmtp processes
lib-smtp doesn't handle truncated command parameters properly, resulting
in infinite loop taking 100% CPU for the process. This happens for LMTP
(where it doesn't matter so much) and also for submission-login where
unauthenticated users can trigger it.
- CVE-2020-7957: Specially crafted mail can crash snippet generation
Snippet generation crashes if:
- message is large enough that message-parser returns multiple body
blocks
- The first block(s) don't contain the full snippet (e.g. full of
whitespace)
- input ends with '>'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 250535975d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the kernel has CONFIG_SHMEM disabled, /dev is a ramfs (instead of a
tmpfs) and the name_to_handle_at system call is not supported. This
causes eudev's monitor application to exit on startup.
Upstream eudev has added this fix which is not yet part of a release.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1b81eb7d04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the
data-container property of tooltip.
- Fix an XSS vulnerability (CVE-2019-8331) in our tooltip and popover
plugins by implementing a new HTML sanitizer
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bc31029617)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-19307: An integer overflow in parse_mqtt in mongoose.c in
Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS
(infinite loop), or possibly cause an out-of-bounds write, by sending
a crafted MQTT protocol packet.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c18562a82a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
/home/test/autobuild/run/instance-1/output-1/host/lib/gcc/xtensa-buildroot-linux-uclibc/8.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: ../../lib/libOgreMain.so.1.12.0: undefined reference to `__atomic_fetch_add_8'
This is often for example the case on sparc v8 32 bits.
Fixes:
- http://autobuild.buildroot.org/results/3a09e2d1d26b19243244eb7f9235c85488a788d2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bc88757481)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2016-6328: A vulnerability was found in libexif. An integer overflow
when parsing the MNOTE entry data of the input file. This can cause
Denial-of-Service (DoS) and Information Disclosure (disclosing some
critical heap chunk metadata, even other applications' private data).
- CVE-2017-7544: libexif through 0.6.21 is vulnerable to out-of-bounds heap
read vulnerability in exif_data_save_data_entry function in
libexif/exif-data.c caused by improper length computation of the allocated
data of an ExifMnote entry which can cause denial-of-service or possibly
information disclosure.
- CVE-2018-20030: An error when processing the EXIF_IFD_INTEROPERABILITY and
EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to
exhaust available CPU resources.
- CVE-2019-9278: In libexif, there is a possible out of bounds write due to
an integer overflow. This could lead to remote escalation of privilege in
the media content provider with no additional execution privileges needed.
User interaction is needed for exploitation.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 81a4940d25)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Recent is*_l fix broke uclibc build because removed __isctype_l
definition was used in libc/misc/ctype/ctype.c. Restore it.
Fixes: 8723c5e7a6 ("package/uclibc: fix ctype.h is*_l definitions")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
[yann.morin.1998@free.fr:
- add new patch, don't fix existing one
- add URL to upstream ML post
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 115185b407)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC later than 5.x produce _fdti1.so file with an undefined
symbol str2charp_size due to C99 inline semantics change. So
remove this keyword.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[yann.morin.1998@free.fr: add upstream status]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 135cc97eef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstreamed patch that reorders find_package() commands.
This way Python interpreter will be detected first and based on
it the Python libraries can be found.
Fixes the following CMake error:
Could NOT find PythonLibs (missing: PYTHON_LIBRARIES PYTHON_INCLUDE_DIRS)
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit df734533cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2020-3123: A vulnerability in the Data-Loss-Prevention (DLP)
module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0
could allow an unauthenticated, remote attacker to cause a denial of service
condition on an affected device. The vulnerability is due to an
out-of-bounds read affecting users that have enabled the optional DLP
feature. An attacker could exploit this vulnerability by sending a crafted
email file to an affected device. An exploit could allow the attacker to
cause the ClamAV scanning process crash, resulting in a denial of service
condition.
Release notes:
https://lists.clamav.net/pipermail/clamav-announce/2020/000045.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19748514b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We can only know the details of the license files for known versions. For
custom, older or newer versions, the license files may change, or may be
moved around.
So, do for U-Boot as was done for ATF, linux, and linux-headers, and only
define the list of license files for the latest version.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ff1a03ab28)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes CVE-2019-5188:
A code execution vulnerability exists in the directory rehashing
functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4
directory can cause an out-of-bounds write on the stack, resulting
in code execution. An attacker can corrupt a partition to trigger
this vulnerability.
Also change the hash file to the new spacing convention introduced
by Yann E. Morin.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 31b8b08b47)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit a17402e42d has conditionally
enabled NEON and VFPv3 optimizations. However, the VFPv3 logic is
causing issues on some targets such as Cortex-A5 with VFPv4-D16 but
not VFPv4.
Since the ENABLE_VFPV3=ON option only adds CFLAGS, we can always set
it to OFF, and let Buildroot pass appropriate CFLAGS.
However, the ENABLE_NEON option also adds the build of NEON-specific
code, so we keep this logic.
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=11996
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4d0f3dd870)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2018-10754: In ncurses before 6.1.20180414, there is a NULL Pointer
Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It
could lead to a remote denial of service if the terminfo library code is
used to process untrusted terminfo data in which a use-name is invalid
syntax (REJECTED).
- CVE-2018-19211: In ncurses 6.1, there is a NULL pointer dereference at
function _nc_parse_entry in parse_entry.c that will lead to a denial of
service attack. The product proceeds to the dereference code path even
after a "dubious character `*' in name or alias field" detection.
- CVE-2018-19217: In ncurses, possibly a 6.x version, there is a NULL
pointer dereference at the function _nc_name_match that will lead to a
denial of service attack. NOTE: the original report stated version 6.1,
but the issue did not reproduce for that version according to the
maintainer or a reliable third-party.
- CVE-2019-17594: There is a heap-based buffer over-read in the
_nc_find_entry function in tinfo/comp_hash.c in the terminfo library in
ncurses before 6.1-20191012.
- CVE-2019-17595: There is a heap-based buffer over-read in the fmt_entry
function in tinfo/comp_hash.c in the terminfo library in ncurses before
6.1-20191012.
Ncurses upstream uses a fairly special way of releasing (security) bugfixes.
Approximately once a week an incremental .patch.gz is released, and once in
a while these incremental patches are bundled up to a bigger patch relative
to the current release in .patch.sh.bz2 format (a bzip2 compressed patch
with a small shell script prepended, luckily apply-patches can handle that),
and the relative patch files deleted.
For details of this process, see the upstream FAQ:
https://invisible-island.net/ncurses/ncurses.faq.html#applying_patches
Apply the latest .patch.sh.bz2 and incremental patches up to 20200118 to fix
a number of (security) issues. Notice that these patch files are NOT
available on the GNU mirrors.
The license file COPYING is updated with the new Copyright year (2019 ->
2020), so update the hash accordingly.
While we are at it, adjust the white space in the .hash file to match
sha256sum output for consistency.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[fix whitespace inconsistency after 'sha256' keyword]
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[yann.morin.1998@free.fr: fix license hash for (C) year]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 10fae9624b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-19921: runc volume mount race condition with shared mounts
- CVE-2019-16884: runc through 1.0.0-rc8, as used in Docker through
19.03.2-ce and other products, allows AppArmor restriction bypass because
libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a
malicious Docker image can mount over a /proc directory.
For details, see the announcement:
https://github.com/containerd/containerd/releases/tag/v1.2.12
containerd is now a separate CNCF sponsored project, and is no longer
explicitly associated with docker/moby.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8ebb77ac1d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2019-9755: An integer underflow issue exists in ntfs-3g 2017.3.23.
A local attacker could potentially exploit this by running /bin/ntfs-3g with
specially crafted arguments from a specially crafted directory to cause a
heap buffer overflow, resulting in a crash or the ability to execute
arbitrary code. In installations where /bin/ntfs-3g is a setuid-root
binary, this could lead to a local escalation of privileges.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4fb3c69854)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2020-7595: xmlStringLenDecodeEntities in parser.c in libxml2
2.9.10 has an infinite loop in a certain end-of-file situation.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 615b7c4af5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2014-9638: oggenc in vorbis-tools 1.4.0 allows remote attackers to
cause a denial of service (divide-by-zero error and crash) via a WAV file
with the number of channels set to zero.
- CVE-2014-9639: Integer overflow in oggenc in vorbis-tools 1.4.0 allows
remote attackers to cause a denial of service (crash) via a crafted number
of channels in a WAV file, which triggers an out-of-bounds memory access.
- CVE-2014-9640: oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote
attackers to cause a denial of service (out-of-bounds read) via a crafted
raw file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd43037c8c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In gcc 5.1.0, a change was introduced which causes internal search paths
inside the sysroot to be relative to 'lib64' rather than 'lib'. See [1] [2]
and [3].
For example for dtc:
LD convert-dtsv0
/opt/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/mips64-octeon-linux-gnu/7.3.0/../../../../mips64-octeon-linux-gnu/bin/ld: cannot find crt1.o: No such file or directory
/opt/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/mips64-octeon-linux-gnu/7.3.0/../../../../mips64-octeon-linux-gnu/bin/ld: cannot find crti.o: No such file or directory
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:236: convert-dtsv0] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: Leaving directory '/opt/buildroot/output/build/dtc-1.4.7'
make: *** [package/pkg-generic.mk:241: /opt/buildroot/output/build/dtc-1.4.7/.stamp_built] Error 2
In this case, crt1.o was searched for in following locations:
16073 access("/opt/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/mips64-octeon-linux-gnu/7.3.0/n32/octeon3/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/n32/octeon3/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/mips64-octeon-linux-gnu/7.3.0/../../../../mips64-octeon-linux-gnu/lib/mips64-octeon-linux-gnu/7.3.0/n32/octeon3/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/mips64-octeon-linux-gnu/7.3.0/../../../../mips64-octeon-linux-gnu/lib/../lib32-fp/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/mips64-buildroot-linux-gnu/sysroot/lib64/mips64-octeon-linux-gnu/7.3.0/n32/octeon3/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/mips64-buildroot-linux-gnu/sysroot/lib64/../lib32-fp/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/mips64-buildroot-linux-gnu/sysroot/usr/lib64/mips64-octeon-linux-gnu/7.3.0/n32/octeon3/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/mips64-buildroot-linux-gnu/sysroot/usr/lib64/../lib32-fp/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/mips64-octeon-linux-gnu/7.3.0/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/mips64-octeon-linux-gnu/7.3.0/../../../../mips64-octeon-linux-gnu/lib/mips64-octeon-linux-gnu/7.3.0/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/mips64-octeon-linux-gnu/7.3.0/../../../../mips64-octeon-linux-gnu/lib/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/mips64-buildroot-linux-gnu/sysroot/lib64/mips64-octeon-linux-gnu/7.3.0/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/mips64-buildroot-linux-gnu/sysroot/lib64/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/mips64-buildroot-linux-gnu/sysroot/usr/lib64/mips64-octeon-linux-gnu/7.3.0/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
16073 access("/opt/buildroot/output/host/mips64-buildroot-linux-gnu/sysroot/usr/lib64/crt1.o", R_OK) = -1 ENOENT (No such file or directory)
As can be seen above, all attempted paths contain 'lib64' as base,
instead of 'lib' or 'lib32', e.g.
.../sysroot/lib64/../lib32-fp/crt1.o
.../sysroot/lib64/crt1.o
This problem was detected on a gcc 7.x toolchain provided by Marvell as part
of their Octeon SDK. For this toolchain, here are the values of the paths
as detected by the Buildroot toolchain logic, for two different Octeon
processors:
- octeon2 (soft-float) (-mabi=n32 -march=octeon2):
SYSROOT_DIR=/opt/buildroot/output/host/opt/ext-toolchain/mips64-octeon-linux-gnu/sys-root/;
ARCH_SYSROOT_DIR=/opt/buildroot/output/host/opt/ext-toolchain/mips64-octeon-linux-gnu/sys-root/;
ARCH_SUBDIR=;
ARCH_LIB_DIR=lib32/octeon2;
SUPPORT_LIB_DIR=/opt/buildroot/output/host/opt/ext-toolchain/mips64-octeon-linux-gnu/lib32/octeon2/
- octeon3 (hard-float) (-mabi=n32 -march=octeon3):
SYSROOT_DIR=/opt/buildroot/output/host/opt/ext-toolchain/mips64-octeon-linux-gnu/sys-root/;
ARCH_SYSROOT_DIR=/opt/buildroot/output/host/opt/ext-toolchain/mips64-octeon-linux-gnu/sys-root/;
ARCH_SUBDIR=;
ARCH_LIB_DIR=lib32-fp;
SUPPORT_LIB_DIR=/opt/buildroot/output/host/opt/ext-toolchain/mips64-octeon-linux-gnu/lib32-fp/
For both cases (MIPS64n32) Buildroot created a symlink 'lib32->lib', from
SYSTEM_LIB_SYMLINK in system/system.mk. Additionally, the function
create_lib_symlinks in
toolchain/toolchain-external/pkg-toolchain-external.mk will use ARCH_LIB_DIR
and create an additional link $(ARCH_LIB_DIR)->lib.
For the Octeon3 case this thus results in the following symlinks (where the
'lib32' one is normally not needed):
lib32 -> lib/
lib32-fp -> lib/
Since the toolchain is searching based on a 'lib64' component, it will fail
to find its internal paths.
To solve the problem, we need to create an additional symlink 'lib64':
lib64 -> lib/
[1] 257ccd463a
[2] https://gcc.gnu.org/ml/gcc-patches/2014-10/msg03377.html
[3] https://gcc.gnu.org/ml/gcc-patches/2014-11/msg00539.html
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 45fbadb0b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/d9a/d9a84b642357f758c3f84270fb9a109abd7e2684/
configure.ac contains a test using $ax_cv_check_cl_libcl:
if test "$build_modules" != 'no' || test "X$ax_cv_check_cl_libcl" != Xno; then
AC_MSG_RESULT([-------------------------------------------------------------])
AC_MSG_CHECKING([for libltdl])
But ax_cv_check_cl_libcl is only assigned a value (yes/no) if
--disable-opencl is NOT passed, as the assignment logic is inside a
conditional:
AC_ARG_ENABLE([opencl],
[AC_HELP_STRING([--disable-opencl],
[do not use OpenCL])],
[disable_opencl=$enableval],
[disable_opencl='yes'])
if test "$disable_opencl" = 'yes'; then
..
AC_CACHE_CHECK([for OpenCL library], [ax_cv_check_cl_libcl],
So configure errors out if --disable-opencl is passed on setups where
libltdl isn't available:
checking if libltdl package is complete... no
configure: error: in `/home/naourr/work/instance-0/output-1/build/imagemagick-7.0.8-59':
configure: error: libltdl is required for modules and OpenCL builds
As a workaround, explictly set ax_cv_check_cl_libcl=no to skip this
conditional.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cf9591660a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since alsa-lib version 1.1.7 [1] the location for add-on config files
has changed.
In fact, the path for the alsa add-on config files has never been
correct set in the package (it should have been
`/usr/share/alsa/alsa.conf.d`).
With alsa-lib version 1.1.7 or later the correct path is
`/etc/alsa/conf.d`.
[1] 93e03bdc2a
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4e36111dbc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://mariadb.com/kb/en/library/mariadb-10322-release-notes/
Changelog:
https://mariadb.com/kb/en/library/mariadb-10322-changelog/
Fixes the following security vulnerability (10.3.22):
CVE-2020-2574 - Vulnerability in the MySQL Client product of Oracle MySQL
(component: C API). Supported versions that are affected are 5.6.46 and
prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit
vulnerability allows unauthenticated attacker with network access via
multiple protocols to compromise MySQL Client. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Client.
Fixes the following security vulnerabilities (10.3.19):
CVE-2019-2974 - Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: Optimizer). Supported versions that are affected are
5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2019-2938 - Vulnerability in the MySQL Server product of Oracle MySQL
(component: InnoDB). Supported versions that are affected are 5.7.27 and
prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
Patch 0002-fix-build-error-with-newer-cmake.patch has been removed as it
has been applied upstream.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4071a7d743)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
egrep/fgrep are wrapper scripts, calling the grep binary with the correct
arguments.
The shell wrappers use the value of SHELL at build time as the shebang value
in these wrapper scripts, which in Buildroot points to /bin/bash.
The target may not have bash available, causing runtime errors.
As a fix, add a post-install hook to change this to /bin/sh.
If the target does not have /bin/sh, simply remove the aliases.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8f9f48acd2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the grep package is selected, it should be installed at the same exact
location where busybox installs it too, this way the grep/egrep/fgrep
executables will end up overwriting the busybox provided ones.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 10bc79c612)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order to check if the initial database needs to be created, the startup
script calls ls -1 $MYSQL_LIB | wc -l to check the number of files in the
directory. If the directory does not exist, an error is printed. We fix
this by redirecting stderr to /dev/null for the ls call.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 22bb9b2c28)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We already remove mysql_config from the target since it's only useful in
staging. The same is true for mariadb_config. Thus, we remove it from the
target as well.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c700b5ea8d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mysql_install_db is currently called in the systemd unit without
--user=mysql that the sysv script uses. This will generate the initial
database files with root permissions. However, mysqld runs as user mysql
so this will cause problems. We fix this by calling chown instead of
passing the user parameter because an upcoming version bump will fail when
ran this way.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit add2c2ba2e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some packages installs libOpenCL without declaring
BR2_PACKAGE_PROVIDES_LIBOPENCL (e.g. imx-gpu-viv). ImageMagick will detect
the library and will require libtool. Since libtool is not in dependencies,
build might fail.
To prevent that situation, explicitly disable opencl support for target and host.
Signed-off-by: Julien Olivain <juju@cotds.org>
[Peter: drop unneeded ax_cv_check_cl_libcl=no]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9056908e93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues (2.2.10):
- CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)
django.contrib.postgres.aggregates.StringAgg aggregation function was
subject to SQL injection, using a suitably crafted delimiter.
For more details, see the advisory:
https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
Fixes the following security issues (2.2.11):
- CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS
functions and aggregates on Oracle.
GIS functions and aggregates on Oracle were subject to SQL injection,
using a suitably crafted tolerance.
For more details, see the advisory:
https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The meson script includes the full path to the python interpreter. In
deep build trees, this path can be more than 128 characters long, which
is the limit for how long a shebang may be.
Notice that this has been bumped to 256 since kerel 5.1, but the issue still
persists:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eb3c3d0a52dca337e327ae8868ca1f44a712e02
In older kernels, this limit was silently ignored, leading to potential
bugs, but newer kernels enforce that limit, and refuse to execve() the
script, returning with NOEXEC. Since the script is +x, the shell (any
bourne shell, as well as the C shell) will conclude from that situation that
they should interpret it as a shell script, which it obviously is not.
Fix the problem by replacing the shebang with a call to /usr/bin/env
which will redirect to the correct python3 interpreter found in the
PATH.
Note however that this means our meson installation can no longer be
called from outside of the meson-package infrastructure anymore (not
that we ever supported it before, but who knows what people may have
done in their br2-external), unless one does set the PATH to include
$(HOST_DIR)/bin/ earlier than a system-provided python3 would be found.
Fixes: #12331#12461
Reported-by: Jean-pierre Cartal <jpcartal@free.fr>
Reported-by: Matthias Weißer <m.weisser.m@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 62df914ced)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While the kernel is built for the target, the build may need various host
libraries depending on config (and kernel version), so use HOST_MAKE_ENV
instead of TARGET_MAKE_ENV.
In particular, this ensures that our host-pkgconf will look for host
libraries and not target ones.
Fixes building scripts/dtc for Buildroot configurations enabling libyaml and
host-pkgconf for kernels after commit 067c650c45 (dtc: Use pkg-config to
locate libyaml).
With this enabled, we can drop the PKG_CONFIG_* variables for the
_NEEDS_HOST_LIBELF conditional, as those are included in HOST_MAKE_ENV.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f0b208f125)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building host-util-linux, the systemdsystemunitdir is set to the
real host directory, so the install step fails with:
/usr/bin/install: cannot remove '/usr/lib/systemd/system/fstrim.service': Permission denied
/usr/bin/install: cannot remove '/usr/lib/systemd/system/fstrim.timer': Permission denied
Since we don't need systemd support in host-util-linux, unconditionally
disable it for the host build.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 86441b9fd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patches already applied upstream and, consequently, AUTORECONF.
util-linux 2.35.1 Release Notes
===============================
build-sys:
- add --disable-hwclock-gplv3 [Karel Zak]
chrt:
- Use sched_setscheduler system call directly [jonnyh64]
lib/randutils:
- use explicit data types for bit ops [Karel Zak]
libfdisk:
- fix __copy_partition() [Karel Zak]
- make sure we use NULL after free [Karel Zak]
libmount:
- fix x- options use for non-root users [Karel Zak]
po:
- update uk.po (from translationproject.org) [Yuri Chornoivan]
sfdisk:
- make sure we do not overlap on --move [Karel Zak]
- remove broken step alignment for --move [Karel Zak]
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3052da3eac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version brings bug fixes, enhancements and a new script utility,
scriptlive. For detailed information see the release notes:
http://www.kernel.org/pub/linux/utils/util-linux/v2.35/v2.35-ReleaseNotes
Pull some fixed applied after the release.
Disable the use of code under GPLv3 included in hwclock since v2.30. The
subject was discussed upstream[1] and it was decided that hwclock will
be made GPLv2-only again in v2.36, so do it in advance in Buildroot.
Meanwhile, be warned that all OS images selecting hwclock built with
Buildroot since commit 74235a6854 (util-linux: bump to version 2.30)
contain code under GPLv3, which imposes some technical difficulties to
include in embedded systems. For more information see GPLv3, Section 6,
"Conveying Non-Source Forms", and the definitions of User Product and
Installation Information[2].
1. https://lore.kernel.org/util-linux/20200127202152.4jh2w4chch37wgee@ws.net.home/T/#t
2. https://www.gnu.org/licenses/gpl-3.0.html
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4f3af906fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixed the following security issue:
- CVE-2020-0569: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would
search for certain plugins first on the current working directory of the
application, which allows an attacker that can place files in the file
system and influence the working directory of Qt-based applications to
load and execute malicious code. This issue was verified on macOS and
Linux and probably affects all other Unix operating systems. This issue
does not affect Windows.
- CVE-2020-0570: QLibrary in Qt versions 5.12.0 through 5.14.0, on certain
x86 machines, would search for certain libraries and plugins relative to
current working directory of the application, which allows an attacker
that can place files in the file system and influence the working
directory of Qt-based applications to load and execute malicious code.
This issue was verified on Linux and probably affects all Unix operating
systems, other than macOS (Darwin). This issue does not affect Windows.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/01/30/1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f5e4100c08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixed the following security issue:
- CVE-2020-0569: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would
search for certain plugins first on the current working directory of the
application, which allows an attacker that can place files in the file
system and influence the working directory of Qt-based applications to
load and execute malicious code. This issue was verified on macOS and
Linux and probably affects all other Unix operating systems. This issue
does not affect Windows.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/01/30/1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c0607b38c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Includes fixes to the runtime, the crypto/x509, and net/http
packages.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9b15ef3505)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1
parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients
can be made to crash by an HTTPS server, while net/http servers that accept
client certificates will recover the panic and are unaffected. Thanks to
Project Wycheproof for providing the test cases that led to the discovery of
this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f40acb4684)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-3862: Impact: A malicious website may be able to cause a denial
of service. Description: A denial of service issue was addressed with
improved memory handling.
- CVE-2020-3864: Impact: A DOM object context may not have had a unique
security origin. Description: A logic issue was addressed with improved
validation.
- CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
been considered secure. Description: A logic issue was addressed with
improved validation.
- CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
to universal cross site scripting. Description: A logic issue was
addressed with improved state management.
- CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
to arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
For more details, see the advisory:
https://wpewebkit.org/security/WSA-2020-0002.html
While we are at it, adjust the white space in the .hash function to match
the new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit abafaedd05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CMakeLists.txt contains a toolchain check:
if (${CMAKE_CXX_COMPILER_ID} STREQUAL "GNU")
if (${CMAKE_CXX_COMPILER_VERSION} VERSION_LESS "7.3.0")
message(FATAL_ERROR "GCC 7.3 or newer is required to build WebKit. Use a newer GCC version or Clang.")
endif ()
endif ()
So bump the toolchain dependency to >= GCC 7. The check is really about >=
7.3.0, but we do not have such detailed version checks. Given that GCC
7.3.0 was released in January 2018 (and 7.1.0 in May 2017), most external
GCC 7.x toolchains probably use >= 7.3.0.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 09af6d8bfd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Forcibly disable the JavaScriptCore JIT compilation support
for MIPSr6 processors, which are unsupported.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f779520a63)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-8835: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8844: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8846: A use after free issue was addressed with improved memory
management
For details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0001.html
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9412a38fec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-3862: Impact: A malicious website may be able to cause a denial
of service. Description: A denial of service issue was addressed with
improved memory handling.
- CVE-2020-3864: Impact: A DOM object context may not have had a unique
security origin. Description: A logic issue was addressed with improved
validation.
- CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
been considered secure. Description: A logic issue was addressed with
improved validation.
- CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
to universal cross site scripting. Description: A logic issue was
addressed with improved state management.
- CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
to arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
For more details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0002.html
While we are at it, adjust the white space in the .hash function to match
the new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 97ce61f633)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CMakeLists.txt contains a toolchain check:
if (${CMAKE_CXX_COMPILER_ID} STREQUAL "GNU")
if (${CMAKE_CXX_COMPILER_VERSION} VERSION_LESS "7.3.0")
message(FATAL_ERROR "GCC 7.3 or newer is required to build WebKit. Use a newer GCC version or Clang.")
endif ()
endif ()
So bump the toolchain dependency to >= GCC 7. The check is really about >=
7.3.0, but we do not have such detailed version checks. Given that GCC
7.3.0 was released in January 2018 (and 7.1.0 in May 2017), most external
GCC 7.x toolchains probably use >= 7.3.0.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ec1ff802df)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-8835: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8844: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8846: A use after free issue was addressed with improved memory
management
For details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0001.html
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 35df7bdb07)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail address is bouncing:
Your message to bachmann@tofwerk.com couldn't be delivered.
bachmann wasn't found at tofwerk.com.
thomas.petazzoni Office 365 bachmann
Action Required Recipient
Unknown To address
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 19829deb25)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When 'make' includes a new Makefile, it appends its path to the MAKEFILE_LIST
variable. From that variable, we construct a few set of derivative
variables:
pkgdir = $(dir $(lastword $(MAKEFILE_LIST)))
pkgname = $(lastword $(subst /, ,$(pkgdir)))
Essentially, pkgdir is the full directory where the package is located
(either relative to Buildroot's top directory for in-tree packages, or
absolute for packages in br2-external trees), while pkgname is the last
component of that directory.
pkgdir is in turn used to seed FOO_PKGDIR.
This all happens when we eventually call the package-generic infra,
later down in the file.
When they are parsed, the Makefiles for each linux-extensions are
appended to MAKEFILE_LIST, after the linux.mk one. But since they are
located in the same directory as the main linux.mk, the last component
of MAKEFILE_LIST, which is no longer the main linux.mk, will still yield
the correct values for the linux package.
This is a tough assumption we made there and then.
When we added the support for br2-external linux extensions, we where
very cautious to explicitly scan them from a directory named 'linux', so
that this would yield the correct package name.
And that worked well so far, until someone needed to build an older
kernel, for which our conditional patch is needed, and which just
failed:
/bin/bash: [...]/buildroot-external-linux-test/linux//0001-timeconst.pl-Eliminate-Perl-warning.patch.conditional: No such file or directory
When we scan linux extensions from a br2-external tree, the last
component of MAKEFILE_LIST is no longer in the same directory as the
main linux.mk, and thus the assumption above falls to pieces...
Again, when we added support for linux extensions from br2-external,
although we cared about the package name (pkgname), we completely missed
out on the package directory, and the LINUX_PKGDIR variable.
We do not have a very clean way out of this mess, but we have a nice
dirty trick: Scan the linux extensions from a br2-external tree before we
scan the in-tree ones. That way, the last component of MAKEFILE_LIST is
back to one that is in the same directory as the main linux.mk, and
we're back on tracks.
This is still very fragile, though, but short of a complete overhaul on
how packages are parsed and evaluated, this is the best we can come in
short order.
Reported-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a1feef1a0d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Qt5 has predefined optimization flags depending if you're building for
size, for debug etc. These flags are defined in
mkspecs/common/gcc-base.conf:
QMAKE_CFLAGS_OPTIMIZE = -O2
QMAKE_CFLAGS_OPTIMIZE_FULL = -O3
QMAKE_CFLAGS_OPTIMIZE_DEBUG = -Og
QMAKE_CFLAGS_OPTIMIZE_SIZE = -Os
Then, in the same file, they use them to set
QMAKE_CFLAGS_RELEASE/QMAKE_CXXFLAGS_RELEASE:
QMAKE_CFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CXXFLAGS_RELEASE += $$QMAKE_CFLAGS_RELEASE
At this point there is our chance to override QMAKE_CFLAGS_OPTIMIZE_* in
qmake.conf, but it's too late, because QMAKE_CFLAGS_RELEASE is already
set (i.e. -O2) so trying to add or remove QMAKE_CFLAGS_OPTIMIZE (that is
reset now on) from QMAKE_CLAGS_RELEASE in
common/features/default_post.prf won't work:
optimize_size {
!isEmpty(QMAKE_CFLAGS_OPTIMIZE):!isEmpty(QMAKE_CFLAGS_OPTIMIZE_SIZE) {
QMAKE_CFLAGS_RELEASE -= $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CXXFLAGS_RELEASE -= $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE_SIZE
QMAKE_CXXFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE_SIZE
}
} else: optimize_full {
!isEmpty(QMAKE_CFLAGS_OPTIMIZE):!isEmpty(QMAKE_CFLAGS_OPTIMIZE_FULL) {
QMAKE_CFLAGS_RELEASE -= $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CXXFLAGS_RELEASE -= $$QMAKE_CFLAGS_OPTIMIZE
QMAKE_CFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE_FULL
QMAKE_CXXFLAGS_RELEASE += $$QMAKE_CFLAGS_OPTIMIZE_FULL
}
}
So let's reset:
QMAKE_CFLAGS_RELEASE
QMAKE_CFLAGS_DEBUG
QMAKE_CXXFLAGS_RELEASE
QMAKE_CXXFLAGS_DEBUG
in our qmake.conf since the only assignment done in
mkspecs/common/gcc-base.conf only regards optimization.
This package is also affected by BR2_TOOLCHAIN_HAS_GCC_BUG_90620 and
it's been worked around by appending -O0 to CFLAGS/CXXFLAGS. This bug
prevented workaround to work overriding optimization flags, so solving
this also solves workaround problem.
Fixes:
http://autobuild.buildroot.net/results/ada/adaa9b4bcc6f9d2b5e82c479859a07e8abf5cf13/http://autobuild.buildroot.net/results/a83/a83bdd1f3bf309c07abebe871b017c331ed36e67/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Tested-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Arnout: add a comment to qmake.conf.in]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c4a6f974b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2018-11813: libjpeg 9c has a large loop because read_pixel in
rdtarga.c mishandles EOF.
- Update hash of README (small updates such as authors, year ...)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 75a14ec067)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues (4.10.12):
CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
CVE-2019-14907: Crash after failed character conversion at log level 3
or above.
CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD
DC.
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.10.12.html
In addition, 4.10.13 fixes a number of bugs. For details, see the release
notes:
https://www.samba.org/samba/history/samba-4.10.13.html
Drop now upstreamed
0006-heimdal_build-wscript_build-do-not-add-host-include-.patch
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As recently reported to the list:
http://lists.busybox.net/pipermail/buildroot/2020-January/271937.html
The hardcoded rootfs partition size can lead to hard to understand build
failures if more packages are added.
So drop the hardcoded partition size. Genimage will then size the partition
to match the size of the rootfs image (which by default is also 60MB for ext4).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f1d1967422)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 4.12.2 release brings a large number of fixes:
https://xenproject.org/downloads/xen-project-archives/xen-project-4-12-series/xen-project-4-12-2/
Including a number of security fixes:
XSA-296: VCPUOP_initialise DoS (CVE-2019-18420)
XSA-298: missing descriptor table limit checking in x86 PV emulation
(CVE-2019-18425)
XSA-299: Issues with restartable PV type change operations (CVE-2019-18421)
XSA-301: add-to-physmap can be abused to DoS Arm hosts (CVE-2019-18423)
XSA-302: passed through PCI devices may corrupt host memory after
deassignment (CVE-2019-18424)
XSA-303: ARM: Interrupts are unconditionally unmasked in exception handlers
(CVE-2019-18422)
XSA-304: x86: Machine Check Error on Page Size Change DoS (CVE-2018-12207)
XSA-305: TSX Asynchronous Abort speculative side channel (CVE-2019-11135)
XSA-306: Device quarantine for alternate pci assignment methods
(CVE-2019-19579)
XSA-307: find_next_bit() issues (CVE-2019-19581 CVE-2019-19582)
XSA-308: VMX: VMentry failure with debug exceptions and blocked states
(CVE-2019-19583)
XSA-309: Linear pagetable use / entry miscounts (CVE-2019-19578)
XSA-310: Further issues with restartable PV type change operations
(CVE-2019-19580)
XSA-311: Bugs in dynamic height handling for AMD IOMMU pagetables
(CVE-2019-19577)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 636df7ffcd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/14af2dc3219847a92c6ec2db14ba387159b61fde
The Xen build system builds and embeds a default XSM FLASK (Flux Advanced
Security Kernel) security policy if it detects SELinux checkpolicy on the
build machine.
If enabled, a gen-policy.py python script is used to convert the binary
FLASK policy to a C array initialization list to embed it in the Xen binary.
Depending on the python version and locale available on the host, this fails
with byte values outside the 0..255 range:
policy.c:7:10: error: unsigned conversion from 'int' to 'unsigned char' changes value from '56575' to '255' [-Werror=overflow]
0xdc8c, 0xdcff, 0x7c, 0xdcf9, 0x08, 0x00, 0x00, 0x00, 0x58, 0x65, 0x6e, 0x46, 0x6c,
To fix this and ensure a consistent build, pass XEN_HAS_CHECKPOLICY=n to
disable the checkpolicy detection.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b60f3e2ae6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building with path containing "m4/" occurence(i.e. make
O=output-m4) gettext-tiny install recipe copies files to wrong place and
later some package using autotools fail to autoreconf(i.e. minicom).
This is due to buggy gettext-tiny Makefile install recipe where they
substitute every "m4/" in INSTALL destination path, including the "m4/"
part of our build folder. Add patch to fix this by using $(patsubst ...)
instead of $(subst m4/,,$@) to substitute only last "m4/" occurence in
path.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12481
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 41b9a64526)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The README file saved by legal-info does not mention the host package
variant of the saved material. Add them.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ec78068972)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This list dates back to 2012. Since a long time now Buildroot saves the
patches applied as well as the actual source code for some external
toolchains. Update the manual accordingly.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a74e57c932)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2019-18222: Our bignum implementation is not constant
time/constant trace, so side channel attacks can retrieve the blinded
value, factor it (as it is smaller than RSA keys and not guaranteed to
have only large prime factors), and then, by brute force, recover the
key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a7186d0913)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With Qt 5.12.x only handwriting/lipi-toolkit needs 3rdparty parts
installation (with Qt 5.6.x although zn_CZ/pinyin and zh_TW tcime).
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=12456
cp: cannot stat '.../host/arm-buildroot-linux-gnueabihf/sysroot/usr/qtvirtualkeyboard': No such file or directory
Also fix the way we test the variable: we very seldomly use ifdef,
instead we usually test for equality.
Reported-by: Sam Petrocelli <sam.petrocelli@gmail.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: also fix the way we test the variable]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3645f89922)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds a new manual section that captures an overview
of the run-tests tool, how to manually run a test and where to
find the test case script.
A brief set of steps is included to go through how to add a new
test case and suggestions on how to test/debug.
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr:
- switch the creating and debugging sections
- minor reformatting
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e2e57d5678)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2019-10155 (IKEv1 information exchange packet's integrity check
value is not verified)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 94c66ece47)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-13117: In numbers.c in libxslt 1.1.33, an xsl:number with certain
format strings could lead to a uninitialized read in
xsltNumberFormatInsertNumbers. This could allow an attacker to discern
whether a byte on the stack contains the characters A, a, I, i, or 0, or
any other character.
- CVE-2019-13118: In numbers.c in libxslt 1.1.33, a type holding grouping
characters of an xsl:number instruction was too narrow and an invalid
character/length combination could be passed to xsltNumberFormatDecimal,
leading to a read of uninitialized stack data.
- CVE-2019-18197: In xsltCopyText in transform.c in libxslt 1.1.33, a
pointer variable isn't reset under certain circumstances. If the relevant
memory area happened to be freed and reused in a certain way, a bounds
check could fail and memory outside a buffer could be written to, or
uninitialized data could be disclosed.
Remove patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: mention security impact]
(cherry picked from commit 5645107c39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-14491: An issue was discovered in OpenCV before 3.4.7
and 4.x before 4.1.1. There is an out of bounds read in the function
cv::predictOrdered<cv::HaarEvaluator> in
modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
- Fix CVE-2019-14492: An issue was discovered in OpenCV before 3.4.7
and 4.x before 4.1.1. There is an out of bounds read/write in the
function HaarEvaluator::OptFeature::calc in
modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
- atomic workaround is not needed since version 3.4.8 and
464972855e
- Update hash of license file (Xperience.AI added:
766465ce94)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f6fb2cae06)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed patches 0006 & 0007 which were applied upstream as single
commit on the server-1.20-branch branch:
07efd81b81
Updated upstream URL for patch 0001.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5f90daa66f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add two patches to fix openssl support:
- 0003-Fix-openssl-detection.patch (suggested by Jonathan Kimmitt)
- 0004-Support-OpenSSL-1.1.0.patch (taken from upstream)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 62ad96c057)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 5eecaf354c (package/rtl8821au: switch to abperiasamy fork) changed
the upstream location, but didn't update the link in the help text.
Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6d4c2d062e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without the device-mapper udev rules, dm devices will not get a proper
symlink like /dev/disk/by-label/LABEL, which in turn causes fstab
LABEL= mounts to fails.
And by extension causes shenanigans with systemd, where it will
unmount a manually mounted disk because it can't resolve the label.
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 51ec0f48ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-14271: In Docker 19.03.x before 19.03.1 linked against the GNU C
Library (aka glibc), code injection can occur when the nsswitch facility
dynamically loads a library inside a chroot that contains the contents of
the container
Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0161899ae5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-19221: In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c
has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example,
bsdtar crashes via a crafted archive.
And adds various security fixes. For details, see :
https://github.com/libarchive/libarchive/releases/tag/v3.4.1
Also remove upstreamed patch.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bbc64eae62)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mender-grubenv currently has 3 problems that prevent an x86_64-efi image from
successfully being made with the genimage.sh script.
- mender-grubenv does not currently depend on Grub2.
While Grub2 is not needed to build the mender-grubenv package, Grub2 needs
to be built first for mender-grubenv to overwrite the default Grub2 files
reliably.
- The MENDER_GRUBENV_ENV_DIR variable points to /boot/efi/EFI/BOOT instead of
/boot/EFI/BOOT, which is where the Grub2 package installs the default files.
This variable now points to the correct location.
- The Grub2 package installs images to $(BINARIES_DIR)/efi-part, which the
mender-grubenv package currently does not do. As such; the default Grub2
configuration file is used instead of the one provided by mender-grubenv.
Adding a MENDER_GRUBENV_INSTALL_IMAGES_CMDS define in mender-grubenv.mk which
copies the installed files from $(TARGET_DIR)/boot/EFI to
$(BINARIES_DIR)/efi-part fixes this issue.
Signed-off-by: Adam Duskett <aduskett@greenlots.com>
[Thomas:
- drop "runtime" on the depends on BR2_TARGET_GRUB2 since we now have
a build-time dependency on it
- explicitly copy the files installed by mender-grubenv in
MENDER_GRUBENV_INSTALL_IMAGES_CMDS instead of blindly copying
everything that is in $(TARGET_DIR)/boot/EFI]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 425f79087a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-14271: In Docker 19.03.x before 19.03.1 linked against the GNU C
Library (aka glibc), code injection can occur when the nsswitch facility
dynamically loads a library inside a chroot that contains the contents of
the container
Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 39cffd5356)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
containerd 1.2.9/gRPC:
- CVE-2019-9512: Some HTTP/2 implementations are vulnerable to ping floods,
potentially leading to a denial of service. The attacker sends continual
pings to an HTTP/2 peer, causing the peer to build an internal queue of
responses. Depending on how efficiently this data is queued, this can
consume excess CPU, memory, or both
- CVE-2019-9514: Some HTTP/2 implementations are vulnerable to a reset
flood, potentially leading to a denial of service. The attacker opens a
number of streams and sends an invalid request over each stream that
should solicit a stream of RST_STREAM frames from the peer. Depending on
how the peer queues the RST_STREAM frames, this can consume excess memory,
CPU, or both
- CVE-2019-9515: Some HTTP/2 implementations are vulnerable to a settings
flood, potentially leading to a denial of service. The attacker sends a
stream of SETTINGS frames to the peer. Since the RFC requires that the
peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
frame is almost equivalent in behavior to a ping. Depending on how
efficiently this data is queued, this can consume excess CPU, memory, or
both
containerd 1.2.10/runc:
- CVE-2019-16884: runc through 1.0.0-rc8, as used in Docker through
19.03.2-ce and other products, allows AppArmor restriction bypass because
libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a
malicious Docker image can mount over a /proc director
Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f40f2bae81)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
- CVE-2019-16884: runc through 1.0.0-rc8, as used in Docker through
19.03.2-ce and other products, allows AppArmor restriction bypass because
libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a
malicious Docker image can mount over a /proc directory.
Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dbbf08849b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
- CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
https://www.samba.org/samba/history/samba-4.10.11.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
boost-thread needs std::current_exception since version 1.71.0 and
386f5507cb
std::current_exception depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 as a
result, gnuradio fails to build on:
[ 12%] Building CXX object gnuradio-runtime/lib/pmt/CMakeFiles/gnuradio-pmt.dir/pmt_pool.cc.o
In file included from /home/test/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/exception/detail/exception_ptr.hpp:15:0,
from /home/test/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/exception_ptr.hpp:9,
from /home/test/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/thread/exceptional_ptr.hpp:10,
from /home/test/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/thread/future.hpp:34,
from /home/test/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/thread.hpp:24,
from /home/test/autobuild/run/instance-2/output-1/build/gnuradio-3.7.13.5/gnuradio-runtime/include/pmt/pmt_pool.h:27,
from /home/test/autobuild/run/instance-2/output-1/build/gnuradio-3.7.13.5/gnuradio-runtime/lib/pmt/pmt.cc:31:
/home/test/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/exception/diagnostic_information.hpp: In function 'std::string boost::current_exception_diagnostic_information(bool)':
/home/test/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/exception/diagnostic_information.hpp:49:26: error: 'current_exception' is not a member of 'std'
else if (auto* p=std::current_exception().__cxa_exception_type())
^
So add this dependency on boost-thread, boost-log and gnuradio (the only
reverse dependencies of boost-thread that does not already depends on
!BR2_TOOLCHAIN_HAS_GCC_BUG_64735)
Finally, add this dependency on gqrx as it is a reverse dependency of
gnuradio
Fixes:
- http://autobuild.buildroot.org/results/c384205cf50929c320d90b620f2390837721d9f9
- http://autobuild.buildroot.org/results/47440354b336b943b74b72fa303b079dc962bfd0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d7e49f5f42)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set AM_CFLAGS to an empty value to avoid the following redefinition
error when building with our custom _FORTIFY_SOURCE:
/accts/mlweber1/rc-buildroot-test/scripts/instance-1/output/host/bin/mips-linux-gnu-gcc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wall -Werror -Wuninitialized -Wundef -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -D_FORTIFY_SOURCE=1 -Wp,-MMD,3rdparty/hmac_sha/.hmac_sha2.o.d,-MT,3rdparty/hmac_sha/hmac_sha2.o -c 3rdparty/hmac_sha/hmac_sha2.c -o 3rdparty/hmac_sha/hmac_sha2.o
<command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
Fixes:
- http://autobuild.buildroot.org/results/cfef9315441b5f4909b58a6dccd8bea8e67ae992
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 05a802f671)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a patch from the upstream AutoGen package that allows POSIX_SHELL
to be taken from the environment, then define that to be '/bin/sh'.
Since we are cross-compiling, the original behaviour of detecting the
host shell is not useful as we cannot assume that the target uses the
same shell, and it can prevent builds being reproducible because a
different host environment will result in a different target binary.
Signed-off-by: James Byrne <james.byrne@origamienergy.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 88f7948187)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. Removing
the text from the beginning of the URL line addresses the 'Missing'
URL status in the package stats web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7cc6df7a69)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In board/freescale/common/imx/imx8-bootloader-prepare.sh, when
invoking mkimage_fit_atf.sh, the U-Boot DTB is passed as parameter, to
be included in the FIT image. This parameter usually comes from
BR2_ROOTFS_POST_SCRIPT_ARGS config option. The variable
BL33=u-boot.bin set in the invocation uses the u-boot image which is
including its embedded DTB. This means the U-Boot DTB is included
twice.
The upstream script mkimage_fit_atf.sh plus its Buildroot patch are
meant to use by default the nodtb variant and use the DTB in a
separate image. See [1] and [2].
The U-Boot default DTB which will be included in u-boot.bin image is
selected with U-Boot CONFIG_DEFAULT_DEVICE_TREE, or DEVICE_TREE
variable when invoking "make". If one of those option is not aligned
to the BR2_ROOTFS_POST_SCRIPT_ARGS config option, it's possible the
two included U-Boot DTBs are different. If such case happens, the
built-in DTB is always used, regardless of the other one, selected
with BR2_ROOTFS_POST_SCRIPT_ARGS.
For example, this case happens for TechNexion Pico Pi i.MX8M and
i.MX8MMini. Since the U-Boot defconfig assumes the nodtb version will
be used, it does not set the default DTB. The u-boot.bin will include
the fsl-imx8mm-evk instead. Including the wrong board DTB breaks the
USB and UMS commands (and possibly others). Since those boards does
not have SD card slots, a recovery serial download is needed at every
update.
This patch make sure that only the separate U-Boot DTB will be
included in the FIT image by using the nodtb variant.
[1] https://source.codeaurora.org/external/imx/imx-mkimage/tree/iMX8M/mkimage_fit_atf.sh?h=rel_imx_4.14.98_2.0.0_ga#n35
[2] https://git.busybox.net/buildroot/tree/package/imx-mkimage/0001-add-support-for-overriding-bl32-and-bl33-not-only-bl.patch?h=2019.11#n42
Signed-off-by: Julien Olivain <juju@cotds.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d130f0a837)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The correct syntax that Qt5 understands for display names is
"HDMI1" and "LVDS1", so fix it accordingly.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit aac5060d5d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fc37106579)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ff0d2dd1f2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 587006496c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 47e0aec2c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6c74afc128)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This variable is never defined, so it is empty. Using it makes the
code needlessly more complicated than it needs to be, so let's drop
it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d6febe48c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1a31c20c86)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3661a3e3a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3e581829e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 14dabed5ef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 77c7fa9539)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a7edcb7a7c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a2d09a16f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For musl toolchain timezone.c needs time.h include.
Fixes:
http://autobuild.buildroot.net/results/77346a2cdb9eeef661527fb9566019f3cd1b82c9
In file included from util.c:28:
timezone.c: In function 'mktime':
timezone.c:644:18: error: dereferencing pointer to incomplete type 'struct tm'
save_isdst = tm->tm_isdst;
timezone.c:661:11: warning: implicit declaration of function 'localtime'; did you mean 'dostime'? [-Wimplicit-function-declaration]
ltm = localtime(&then);
timezone.c:661:9: warning: assignment to 'struct tm *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
ltm = localtime(&then);
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 376d2e8564)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For some obscure reason, the order in which the libdrm/libgbm libraries
are loaded matters.
Without this fix, the first call to check_modesetting() will work and
load then unload all symbols properly, but the second call to this
function will lock up as soon as dlopen() is called on libdrm.
Swapping the order in which the libdrm and libgbm libraries are loaded
is enough to fix (or work around?) this issue.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
[yann.morin.1998@free.fr: add upstream commit URL]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c84d36db7b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2dc43f8fa9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(406)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4c9494a187)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(406)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 784186fdac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(406)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 01e4f712aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
- CVE-2019-19844: Potential account hijack via password reset form
By submitting a suitably crafted email address making use of Unicode
characters, that compared equal to an existing user email when lower-cased
for comparison, an attacker could be sent a password reset token for the
matched account
In addition, a number of bugs have been fixed. For details, see the release
notes:
https://docs.djangoproject.com/en/dev/releases/2.2.9/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a patch from upstream chromium[1] that allows passing
-I instead of -isystem to CFLAGS.
Fixes:
In file included from /usr/lib/gcc/x86_64-pc-linux-gnu/6.1.0/include/g++-v6/bits/stl_algo.h:59:0,
from /usr/lib/gcc/x86_64-pc-linux-gnu/6.1.0/include/g++-v6/algorithm:62,
from /usr/include/qt5/QtCore/qglobal.h:85,
from /usr/include/qt5/QtCore/qalgorithms.h:37,
from /usr/include/qt5/QtCore/qlist.h:37,
from /usr/include/qt5/QtCore/qstringlist.h:34,
from /usr/include/qt5/QtCore/QStringList:1,
from base/http/requestparser.cpp:32:
/usr/lib/gcc/x86_64-pc-linux-gnu/6.1.0/include/g++-v6/cstdlib:75:25: fatal error: stdlib.h: No such file or directory
#include_next <stdlib.h>
[1] a8c8396fd2
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[Thomas: improved commit log with comments from Giulio.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6cfe21ae90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/openrc has the file sysv-rcs which starts sysvinit services
not written for openrc. However, currently it is not installed to
the target.
Install this file to $(TARGET_DIR)/etc/init.d during the
target_install step.
Signed-off-by: Adam Duskett <aduskett@greenlots.com>
[yann.morin.1998@free.fr: use full-path for destination, not just dir]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3945226a7e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 556fb0d6b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch to github to get latest version
- Drop patches (already in version)
- Fix CVE-2018-19840: The function WavpackPackInit in pack_utils.c in
libwavpack.a in WavPack through 5.1.0 allows attackers to cause a
denial-of-service (resource exhaustion caused by an infinite loop) via
a crafted wav audio file because WavpackSetConfiguration64 mishandles
a sample rate of zero.
- Fix CVE-2018-19841: The function WavpackVerifySingleBlock in
open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers
to cause a denial-of-service (out-of-bounds read and application
crash) via a crafted WavPack Lossless Audio file, as demonstrated by
wvunpack.
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7a24c6d63b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
KF5_KCOREADDONS_CONF_OPTS is set both outside and inside the
conditional block, so the value set outside would be lost if
the condition were to be true.
Use append-assignement in this case, as reported by check-package.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f7e750e8f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Microblaze ld emits warnings like:
'
FDE encoding in
CMakeFiles/KF5CoreAddons.dir/KF5CoreAddons_autogen/mocs_compilation.cpp.o(.eh_frame)
prevents .eh_frame_hdr table being created
'
Since '-Wl,--fatal-warnings' is passed by default, build fails, so don't
treat warnings as errors by appending "-Wl,--no-fatal-warnings" to
CMAKE_SHARED_LINKER_FLAGS that is previously defined in package
dependency kf5-extra-cmake-modules.
Fixes:
http://autobuild.buildroot.net/results/f19/f198c86930535c50393e17fc7a70fb4f27b096ee/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cc53d5357d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
[yann.morin.1998@free.fr:
- use the git tree instead of the 8-year old freshmeat webpage
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 23ac8317a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6fd8a74276)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
[yann.morin.1998@free.fr: use offical (de) homepage]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2ca152fb70)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following CVE:
- CVE-2019-1351: Windows provides the ability to substitute
drive letters with arbitrary letters, including multi-byte
Unicode letters. To fix any potential issues arising from
interpreting such paths as relative paths, we have extended
detection of DOS drive prefixes to accomodate for such cases.
- CVE-2019-1352: by using NTFS-style alternative file streams for
the ".git" directory, it is possible to overwrite parts of the
repository. While this has been fixed in the past for Windows,
the same vulnerability may also exist on other systems that
write to NTFS filesystems. We now reject any paths starting
with ".git:" on all systems.
- CVE-2019-1353: by using NTFS-style 8.3 short names, it was
possible to write to the ".git" directory and thus overwrite
parts of the repository, leading to possible remote code
execution. While this problem was already fixed in the past for
Windows, other systems accessing NTFS filesystems are
vulnerable to this issue too. We now enable NTFS protecions by
default on all systems to fix this attack vector.
- CVE-2019-1354: on Windows, backslashes are not a valid part of
a filename but are instead interpreted as directory separators.
As other platforms allowed to use such paths, it was possible
to write such invalid entries into a Git repository and was
thus an attack vector to write into the ".git" dierctory. We
now reject any entries starting with ".git" on all systems.
libgit2 is not affected by these git CVE:
- CVE-2019-1348: the fast-import stream command "feature
export-marks=path" allows writing to arbitrary file paths.
- CVE-2019-1349: by using NTFS 8.3 short names, backslashes or
alternate filesystreams, it is possible to cause submodules to
be written into pre-existing directories during a recursive
clone using git.
- CVE-2019-1350: recursive clones may lead to arbitrary remote
code executing due to improper quoting of command line
arguments.
- CVE-2019-1387: it is possible to let a submodule's git
directory point into a sibling's submodule directory, which may
result in overwriting parts of the Git repository and thus lead
to arbitrary command execution. As libgit2 doesn't provide any
way to do submodule clones natively, it is not susceptible to
this vulnerability. Users of libgit2 that have implemented
recursive submodule clones manually are encouraged to review
their implementation for this vulnerability.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 818f2be00b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
- CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping
addresses for loaded libraries and thus bypass ASLR for a setuid
program. Reported by Marcin Kościelnicki.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bda95544b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a number of regressions in 1.3-20190808:
- Menu shadows are not longer (erroneously) drawn with --no-shadow
- Spaces in menu fields are now correctly handled on uClibc-ng
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8b3dc43595)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit 57f85e52a7 ("package/gpsd:
unconditionally enable NTP time hinting support"), the option
BR2_PACKAGE_GPSD_NTP_SHM was removed, because NTP time hinting support
is now enabled unconditionally.
However, in one place, a select of this option was kept, which is
obviously no longer needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c727b23cdf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is no option BR2_PACKAGE_OPENPOWERLINK_PCAP_DAEMON, and we never
had any option named like this, so it seems like a leftover from
previous iterations of the openpowerlink patch series. Since the
option does not exist, the select doesn't do anything, and we can
simply drop it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 76a6f1285d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since openssl was converted to a virtual package,
BR2_PACKAGE_OPENSSL_BIN no longer exists: it was renamed to
BR2_PACKAGE_LIBOPENSSL_BIN, but easy-rsa was not changed accordingly.
easy-rsa needs to take into account the two providers of openssl, and
select the appropriate suboptions depending on which openssl
implementation was chosen.
Ideally, we would probably need a more elaborate option that ensures
easy-rsa doesn't have to know the details of which openssl
implementation is selected, but practically speaking with just two
providers of openssl at the moment, the proposed solution is good
enough.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ef3f8ba99e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The eventlog package was removed as part of commit
5e0b1f9c23 ("package/eventlog: remove
package"). It used to be a separate package, but it is now part of
syslog-ng itself, which is why the eventlog package was removed.
But commit 5e0b1f9c23 forgot to drop the
select BR2_PACKAGE_EVENTLOG, so let's fix this.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 03a0f08720)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_WEBRTC does not exist, and we already select
BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING, which is the package really
needed by the webrtcdsp plugin.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8393212437)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The option BR2_PACKAGE_XLIB_LIBXP does not exist, but is select by
efl/Config.in since the package was introduced. Since all xlib_*
dependency in the .mk file each have a corresponding select in the
Config.in file, we simply drop this bogus dependency.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 286b06e9d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--without-pam was wrongly put back when next was merged into master for
2019.02 in commit 13c43455a0 (Merge branch 'next')
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: mention next merge]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 525c22c983)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
* CVE-2019-1348:
The --export-marks option of git fast-import is exposed also via
the in-stream command feature export-marks=... and it allows
overwriting arbitrary paths.
* CVE-2019-1349:
When submodules are cloned recursively, under certain circumstances
Git could be fooled into using the same Git directory twice. We now
require the directory to be empty.
* CVE-2019-1350:
Incorrect quoting of command-line arguments allowed remote code
execution during a recursive clone in conjunction with SSH URLs.
* CVE-2019-1351:
While the only permitted drive letters for physical drives on
Windows are letters of the US-English alphabet, this restriction
does not apply to virtual drives assigned via subst <letter>:
<path>. Git mistook such paths for relative paths, allowing writing
outside of the worktree while cloning.
* CVE-2019-1352:
Git was unaware of NTFS Alternate Data Streams, allowing files
inside the .git/ directory to be overwritten during a clone.
* CVE-2019-1353:
When running Git in the Windows Subsystem for Linux (also known as
"WSL") while accessing a working directory on a regular Windows
drive, none of the NTFS protections were active.
* CVE-2019-1354:
Filenames on Linux/Unix can contain backslashes. On Windows,
backslashes are directory separators. Git did not use to refuse to
write out tracked files with such filenames.
* CVE-2019-1387:
Recursive clones are currently affected by a vulnerability that is
caused by too-lax validation of submodule names, allowing very
targeted attacks via remote code execution in recursive clones.
* CVE-2019-19604:
The git submodule update operation can lead to execution of arbitrary
shell commands defined in the .gitmodules file
https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For A64 frequency stability.
git shortlog --invert-grep --grep=travis --no-merges
a5e38ca3f05f0f74fdd5e85a711c964383ad23df..
Vasily Khoruzhick (1):
Set GPU clock to 432MHz on A64
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bb6e4a3b5e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With the change to pkg-python to use TARGET_CONFIGURE_OPTS in
PKG_PYTHON_SETUPTOOLS_ENV in commit 1745fcde74, the
LIRC_TOOLS_MAKE_ENV is incorrect as it sets the SETUPTOOLS_ENV using
double quotes. This causes issues because the
PKG_PYTHON_SETUPTOOLS_ENV contain double quotes as well. This causes a
build error such as:
/bin/sh: -I/home/naourr/work/instance-0/output-1/host/include
CXXFLAGS_FOR_BUILD=-O2: No such file or directory
Fix this by using single quotes with PKG_PYTHON_SETUPTOOLS_ENV instead
of double quotes.
Fixes:
http://autobuild.buildroot.net/results/f7a9c02add9bde563c7289f7c0be2cb7aefd96b8
Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8192ff796a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We've been using libyang, sysrepo, libnetconf2 and the Netopeer2 suite
of software for more than two years, so let's make this official.
Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 603f8f124f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
wchar is used in src/tinyformat.h and is a reverse dependency of boost
Fixes:
- No autobuilder failure (as package can't be enabled yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8703905be0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
bitcoin can never be enabled because BR2_PACKAGE_BITCOIN_ARCH_SUPPORTS
is never set as it has no default value
Fixes:
- No autobuilder failure
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit caa5baf53a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Obviously, bitcoin depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735, not on
BR2_TOOLCHAIN_HAS_GCC_BUG_64735
Fixes:
- No autobuilder failure
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bbdd4cd815)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If a inittab file was already provided in the skeleton, don't overwrite
it with the one that comes with the busybox package.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 10c7610bb9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
License is GPL-2.0+ not GPL-2.0 as specified in files that contain
license information: tilde.{h,c} and xmalloc.{h,c}
Release 2.00 also added a comment about this in CHANGES and README
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f3ee9c4337)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building host or target python packages, we need to ensure that
the build environment utilize {HOST|TARGET}_CONFIGURE_OPTS. This
ensures that the correct linker and compiler environment variables are
set to compile utilizing either the host or target folders.
It was discovered that when compiling a host-python package, it was
using linking against the build machines library folder instead of the
host folder because LDFLAGS was not properly set and was improperly
detecting whether or not a shared or static library was present in the
host folder.
CC: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1745fcde74)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
<daniel.nystrom@timeterminal.se>: host ASPMX.L.GOOGLE.COM[172.217.218.26] said:
550-5.1.1 The email account that you tried to reach does not exist. Please
try 550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1
https://support.google.com/mail/?p=NoSuchUser o14si10209151edi.116 - gsmtp
(in reply to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f9eb59a88a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 4b81badbcc
Currently, calling foo-reconfigure for a kconfig-based package will not
re-trigger the configuration (kconfig-wise) step for the package.
was supposed to solve this problem and lately we had
Commit 05fea6e4a6
infra/pkg-kconfig: do not rely on package's .config as a timestamp
that introduced the .stamp_dotconfig file.
For this reason, to trigger a kconfig package reconfigure is now
necessary to remove the .stamp_dotconfig file.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d1f1947af1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 2.86.6 of python-gobject is quite old and no longer works with
Python versions > 3.7. When importing a user will recieve the following error:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.8/site-packages/gobject/__init__.py", line 26, in
<module>
File "/usr/lib/python3.8/site-packages/glib/__init__.py", line 22, in <module>
SystemError: initialization of _glib raised unreported exception
Because new versions of python-gobject require gobject-introspection, which is
not currently available in Buildroot, add a dependency on python2 to prevent
users from receiving the above error.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12286
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 4a392d1678)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With Python 3.7, genrandconfig fails with:
'str' object has no attribute 'decode'
We are already working on str objects, and there is no need to decode
them, so we drop the call to decode_byte_list() and its definition as
it was only used there.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5cfe5d7897)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add additional input validation to prevent integer overflow when parsing
a frame header. This addresses CVE-2019-18609.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 63d0762ab7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-19118: Privilege escalation in the Django admin
Additionally, 2.2.8 (and 2.2.7) fixes a number of bugs and adds python 3.8
support.
For more details, see the release notes:
https://docs.djangoproject.com/en/dev/releases/2.2.8/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6340272e88)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add 0003-test-asclen-CVE-2018-19540.patch:
If txtdesc->asclen is < 1, the array index of
txtdesc->ascdata will be negative which causes the heap based overflow.
Patch was proposed upstream[1] but upstream is very inactive. Linux
distributions use the same fix to patch their packages.
1: https://github.com/mdadams/jasper/pull/198
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 332a851a08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add 0001-verify-data-range-CVE-2018-19541.patch:
We need to verify the data is in the expected range. Otherwise we get
problems later.
Patch was proposed upstream[1] but upstream is very inactive. Linux
distributions use the same fix to patch their packages.
1: https://github.com/mdadams/jasper/pull/211
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fddee3cf74)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/3b6/3b6280b0b7a9634b747db2865b21c6266007c725/
The PYTHON_KEEP_PY_FILES global variable conflicts with the per-package
<pkg>_KEEP_PY_FILES variable for the python package, causing make to
complain:
package/zlib/zlib.mk:7: *** Recursive variable 'PYTHON_KEEP_PY_FILES' references itself (eventually). Stop.
As a workaround, rename the global variable to KEEP_PYTHON_PY_FILES so it
cannot conflict with the per-package variable.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(406)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
adds ConditionVirtualization=vmware to vmtoolsd.service
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a bugfix release for the stable 0.11 branch. It is recommended
for all users of 0.11.x to upgrade.
Important note for those upgrading: Previous releases did not
automatically expire messages from group chat (MUC) archives, so if
mod_muc_mam was loaded and enabled for a MUC, archives would grow
indefinitely. This is not what most deployments want, therefore
automatic expiry is now implemented and enabled with a default 7 day
retention. You can configure this with the muc_log_expires_after
configuration option, which can be set to "never" to restore the old
behaviour and preserve any existing logs older than 7 days.
For details see:
https://prosody.im/doc/release/0.11.3
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 7643ab05de
("package/network-manager: drop obsolete dependencies") was a bit too
brutal in its dependency removal, as it forgot that removing dbus-glib
as a dependency would make libglib2 no longer part of the dependencies
of network-manager.
However, network-manager does require libglib2. From configure.ac:
PKG_CHECK_MODULES(GLIB, [gio-unix-2.0 >= 2.37.6 gmodule-2.0],
[AC_SUBST(LOG_DRIVER, '$(top_srcdir)/build-aux/tap-driver.sh')
AC_SUBST(AM_TESTS_FD_REDIRECT, '--tap')],
[PKG_CHECK_MODULES(GLIB, gio-unix-2.0 >= 2.40 gmodule-2.0)
AC_SUBST(LOG_DRIVER, '$(top_srcdir)/build-aux/test-driver')])
So this commit re-adds libglib2 as a dependency, and propagates the
appropriate "depends on". Nothing selects BR2_PACKAGE_NETWORK_MANAGER,
so we don't have to propagate these additional "depends on" anywhere.
Fixes:
http://autobuild.buildroot.net/results/2025b1bd721bb5c5fa6638ccf389d2fd8fd10339/https://bugs.busybox.net/show_bug.cgi?id=12326
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Lubomir Rintel <lkundrak@v3.sk>
Cc: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.13.4 (released 2019/10/31) with fixes to the net/http and syscall packages.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The OpenCV Python module does a fairly strange thing to read a few
configuration details: it uses Python's execfile() to execute two .py
files and access a few variables. However, execfile() only works with
.py files and not .pyc files.
When BR2_PACKAGE_PYTHON{,3}_PYC_ONLY=y, the .py files are all removed,
causing the OpenCV Python module to not work:
File "usr/lib/python3.7/site-packages/cv2/__init__.py", line 89, in <module>
File "usr/lib/python3.7/site-packages/cv2/__init__.py", line 58, in bootstrap
File "usr/lib/python3.7/site-packages/cv2/__init__.py", line 56, in load_first_config
ImportError: OpenCV loader: missing configuration file: ['config.py']. Check OpenCV installation.
To fix this problem, this commit uses the newly introduced
<pkg>_KEEP_PY_FILES mechanism, to ensure the important config*.py
files are kept.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12171
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_PACKAGE_PYTHON{,3}_PYC_ONLY=y, we force remove all .py files
from the system, as they have all been byte-compiled into their .pyc
variants.
However, it turns out that some packages (e.g: OpenCV) do some funky
things with a few .py files: they pass them through Python's
execfile() facility, which only works with .py files and not .pyc
files. It is used by OpenCV for example to read two small
configuration files.
In order to support such use cases, this commit introduces a very
simple mechanism by which packages can exclude some path patterns from
the .py removal: a per-package <pkg>_KEEP_PY_FILES variable that is
collected into a global PYTHON_KEEP_PY_FILES variable, then used by
the python/python3 target-finalize hooks.
This variable is intentionally not documented, this is really a hack
that we ideally would like to see go away, and we'd rather not see its
usage spread too much.
This is necessary to be able to fix bug #12171.
[Peter: check if PYTHON_KEEP_PY_FILES contains non-white space]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Dustismo.LICENSE contains the license for the Dustismo_Sans.ttf font
file. The rest is licensed under the same terms as Perl as specified
in README
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- lzma program is licensed under GPL-2.0+
- lzmadec program has no license information in source file
- lzmainfo program is licensed under LGPL-2.1+
- LzmaDecode.h is licensed under LGPL-2.1+ (or CPL) as stated in
src/sdk/7zip/Compress/LZMA_C/LzmaDecode.{c,h}, other sdk files have no
license information
- lzmore and lzgrep scripts are licensed under GPL-2.0+
- lzdiff script has no license information
- basic and perms tests are licensed under GPL-3.0+
- mkdtemp and test-lib.sh tests have no license information
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Just like _SITE, _SOURCE, _SITE_METHOD, it is very likely that if
<pkg>_DL_OPTS is defined, the same value should be used for
HOST_<pkg>_DL_OPTS, so let's have the same inheritance logic than the
one we have for other variables.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12321
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#12366 [1]
The rpi-userland extra include paths where added with [2] including
a rpi-userland dependency for the dispmanx option.
The dispmanx option was moved to gst1-plugins-base with commit [3],
including the rpi-userland dependency, excluding the extra include
paths.
Tested gst1-plugins-base with dispmanx enabled compiles without
failures. It seems to be safe to remove the extra includes from
gst1-plugins-bad.
Fixes (from meson-log.txt):
Sanity check compile stderr:
arm-buildroot-linux-uclibcgnueabihf-gcc.br_real: error:
/.../host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/IL:
No such file or directory
arm-buildroot-linux-uclibcgnueabihf-gcc.br_real: error:
/.../host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/interface/vcos/pthreads:
No such file
arm-buildroot-linux-uclibcgnueabihf-gcc.br_real: error:
/.../host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/interface/vmcs_host/linux:
No such file
[1] https://bugs.busybox.net/show_bug.cgi?id=12366
[2] https://git.buildroot.net/buildroot/commit/?id=962ffda68cd9b0c4ab6055c97c14e762a5439571
[3] https://git.buildroot.net/buildroot/commit/?id=3f2aef56127fbe71378e6a2d55192a0835d962ab
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Dustismo.LICENSE contains the license for the Dustismo_Sans.ttf font
file. The rest is licensed under the same terms as Perl as specified
in README so add README to license files and add GPL-2.0+ to license
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
- CVE-2019-18840: In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity
checks of memory accesses in parsing ASN.1 certificate data while
handshaking. Specifically, there is a one-byte heap-based buffer overflow
inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because
the domain name location index is mishandled. Because a pointer is
overwritten, there is an invalid free.
For details, see the writeup:
https://medium.com/@social_62682/heap-overflow-in-wolfssl-cve-2019-18840-185d233c27de
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(500)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a short package description. Add an upstream URL to address
the 'Missing' URL status in the package stats web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-19330: The HTTP/2 implementation in HAProxy before 2.0.10
mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd),
line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka
Intermediary Encapsulation Attacks.
In addition, 2.0.6..10 fixes a number of bugs. See the changelog for
details:
https://www.haproxy.org/download/2.0/src/CHANGELOG
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. Removing
the trailing comment from the URL line addresses the 'Missing'
status in the package stats web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
[Peter: also add URL to BR2_TOOLCHAIN_BUILDROOT_MUSL help]
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
glibc versions prior to 2.23 have a <fts.h> implementation that is not
compatible with large file support, causing build failures such as:
In file included from selinux_restorecon.c:17:0:
/home/naourr/work/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/fts.h:41:3: error: #error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
# error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
Prior to commit 3fce6f1c15
("package/libselinux: fix the build with Python 3.8"), we were not
passing PKG_PYTHON_DISTUTILS_ENV in the environment. But with
3fce6f1c15, we are now passing the
PKG_PYTHON_DISTUTILS_ENV variable, provided by pkg-python.mk, into the
build environment. While this is part of fixing the build of
libselinux with Python 3.8, it breaks the build because we are no
longer filtering out the -D_FILE_OFFSET_BITS=64 option from
CFLAGS. Indeed, while we do so at the beginning of libselinux.mk, it
gets overridden later by the addition of $(PKG_PYTHON_DISTUTILS_ENV).
To avoid this, we pass CFLAGS/LDFLAGS *after*
$(PKG_PYTHON_DISTUTILS_ENV) has been added. In practice, the
CFLAGS/LDFLAGS passed by $(PKG_PYTHON_DISTUTILS_ENV) are just
$(TARGET_CFLAGS) and $(TARGET_LDFLAGS), so we are not missing anything
specific.
Fixes:
http://autobuild.buildroot.net/results/ef6ff91086a094eb25b145d66d072c6d2fc60154/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--with-yajl is not recognized so replace it by the correct
--with-libyajl option
The option is named --with-libyajl since a very long time (since at
least version 4.8.0 and
f154fb21fb)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
After building host tools, we currently run a pass of patchelf to add
the proper RPATH to these tools so that they are able to find the
libraries they depend on.
Unfortunately, the "torque" host tool is used during the build itself,
before we have a chance to run "patchelf" on it. Since it is linked
against libcrypto.so available in $(HOST_DIR)/lib, the build aborts
because the RPATH is not set.
To fix this, we make sure that $(HOST_LDFLAGS) are properly taken into
account: since they contain the -Wl,-rpath option, the host tools will
have the correct RPATH. This both fixes the build failure, and makes
the patchelf hack no longer necessary.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12211http://autobuild.buildroot.net/results/a1f5e336ddaf386ba08eb5a7a299a48e2bdfe2d9/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
nodejs can use some FPU instructions on ARM, but it needs to know that
thanks to the --with-arm-fpu option. Without this, it may use the
wrong FPU setting, such as use VFPv3 even if only a VFPv3-D16 is
available. This has been reported as bug #12166, where the compiled
node binary had some floating point instructions using floating point
registers above 16 on a VFPv3-D16 system.
This commit makes sure we pass the appropriate --with-arm-fpu value
when it makes sense. Note that NodeJS only has explicit support for a
subset of the FPUs, for the ones that are not explicitly supported, we
simply pass no --with-arm-fpu value.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12166
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When commit 0064132ba0 introduced ARM64
support in nodejs.mk, it incorrectly kept the NODEJS_ARM_FP
definition. This variable is used to pass --with-arm-float-abi, which
in NodeJS's configure.py script is only used when --dest-cpu=arm, and
not when --dest-cpu=arm64.
So we are passing --with-arm-float-abi=<something> for ARM64, which
has no effect, and we are no longer passing it on ARM.
This commit fixes that by putting the NODEJS_ARM_FP definition back at
the right location.
Fixes:
0064132ba0
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changes:
* PLAIN mechanism is used only when no other mechanisms are supported
* Legacy authentication is disabled by default, can be enabled with
connection flag XMPP_CONN_FLAG_LEGACY_AUTH
* Session is not established if it is optional
* Fixed a bug causing a reused connection not to cleanup properly
* Improved debug logging in OpenSSL module
* Few memory leaks fixed
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in as it
is pointing to an old page.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in.host. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(406)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Minicom's configure script will set values for the default port and lock
directory based on the configuration of the host machine, which is not
useful for cross-compiling or reproducible builds, so instead set them
to sensible default values.
Signed-off-by: James Byrne <james.byrne@origamienergy.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerabilities:
- CVE-2019-2201: In generate_jsimd_ycc_rgb_convert_neon of
jsimd_arm64_neon.S, there is a possible out of bounds write due to a
missing bounds check. This could lead to remote code execution in an
unprivileged process with no additional execution privileges needed.
For more details, see the upstream bugtracker:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361
Additionally, it fixes a number of other issues. From the release notes:
- Fixed a regression in the SIMD feature detection code, introduced by the
AVX2 SIMD extensions (2.0 beta1[1]), that was known to cause an illegal
instruction exception, in rare cases, on CPUs that lack support for CPUID
leaf 07H (or on which the maximum CPUID leaf has been limited by way of a
BIOS setting.)
- The 4:4:0 (h1v2) fancy (smooth) chroma upsampling algorithm in the
decompressor now uses a similar bias pattern to that of the 4:2:2 (h2v1)
fancy chroma upsampling algorithm, rounding up or down the upsampled
result for alternate pixels rather than always rounding down. This
ensures that, regardless of whether a 4:2:2 JPEG image is rotated or
transposed prior to decompression (in the frequency domain) or after
decompression (in the spatial domain), the final image will be similar.
- Fixed a regression introduced by 2.0 beta1[15] whereby attempting to
generate a progressive JPEG image on an SSE2-capable CPU using a scan
script containing one or more scans with lengths divisible by 16 would
result in an error ("Missing Huffman code table entry") and an invalid
JPEG image.
- Fixed an issue whereby tjDecodeYUV() and tjDecodeYUVPlanes() would throw
an error ("Invalid progressive parameters") or a warning ("Inconsistent
progression sequence") if passed a TurboJPEG instance that was previously
used to decompress a progressive JPEG image.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit
For details, see the release notes:
https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html
(9.11.11..12 were not released)
Upstream moved to a 2019-2020 signing key, so update comment in hash file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The GPL only applies to the C++ bindings and eeprom utility, which are
conditionally enabled with BR2_PACKAGE_LIBFTDI1_LIBFTDIPP1 and
BR2_PACKAGE_LIBFTDI1_FDTI_EEPROM, respectively.
The COPYING.LIB is indeed the LGPL-2.0, but the source file for
libftdi1 states LGPL-2.1-only, see src/ftdi.c
The src/ftdi_stream.c also bears a notice of the MIT license, so the
library itself is under both LGPL-2.1-only and MIT.
Note: the COPYING.GPL license file may get added twice to the list, but
that is not a problem in practice: it is just copied twice.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- GPL-2.0 also applies to the ftdi_eeprom utility
- s/ftdipp1/libftdipp1/
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 9b0b15e90b (package/libftdi: add license) was too hastily fixed,
with confusion between libftdi and libftdi1. The MIT-licensed file is
not present in libftdi; it is only in libftdi1.
Remove the unused MIT license from the list.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The COPYING.LIB license file contains the test of the LGPL-2.0, but the
source code itself explicitly refers to the GPL-2.1-only. Additionally,
parts of the library (src/ftdi_stream.c) are under the MIT license.
The C++ bindings are udner the GPL-2.0-only with an exception, which is
expressed in the LICENSE file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- the library is under both GPL-2.1-only and MIT
- the GPL-2.0-only only applies to the C++ bindings
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
gob2 itself is GPL-2.0+, but it is a code generator. The code generated
by gob2 id not covered by gob2's license, and this is made explicit in
an accompanying license file.
So we include both license files.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- add COPYING.generated-code
- expand commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As spotted in
http://autobuild.buildroot.net/results/a61/a612cb7a85927d8cfe55c95c34d2901e7694fab0//diffoscope-results.txt,
faifa installs a library symlink with an incorrect target, which was
detected by the reproducible build logic, but is in fact wrong in any
case:
-lrwxrwxrwx 0 0 0 0 2019-11-07 19:38:04.000000 ./usr/lib/libfaifa.so -> /home/naourr/work/instance-3/output-1/target/usr/lib/libfaifa.so.0
+lrwxrwxrwx 0 0 0 0 2019-11-07 19:38:04.000000 ./usr/lib/libfaifa.so -> /home/naourr/work/instance-3/output-2/target/usr/lib/libfaifa.so.0
In practice, this is not a problem at runtime, as the .so symlink is
not used: the library soname is libfaifa.so.0. However, it still makes
sense to fix.
It is fixed by backporting an upstream commit. We considered bumping
to a newer version, but the latest version requires a new dependency
(libevent), so we preferred the backporting approach.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Upstream systemd-stable has started tagging point releses.
The commit we currently used has now been tagged as v243.3, and this
brings us to v243.4.
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- expand commit log to explain previous version
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Changes announced upstream:
Upgrade urgency HIGH: many issues fixed, some may have an impact.
Redis 5.0.7 fixes a number of bugs, none is very critical, however
there are a few that may have an impact. It's a good idea to upgrade.
There are fixes in the area of replication from modules commands and
callbacks, AOF fsync (non critical issue), memory leaks (very rare and small),
streams beahvior (non critical), and a potential crash in commands
processing multiple keys at the same time that is there for years, and happens
very rarely, but is not impossible to trigger.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
AST-2019-006: SIP request can change address of a SIP peer.
A SIP request can be sent to Asterisk that can change a SIP peer’s IP
address. A REGISTER does not need to occur, and calls can be hijacked as a
result. The only thing that needs to be known is the peer’s name;
authentication details such as passwords do not need to be known. This
vulnerability is only exploitable when the “nat” option is set to the
default, or “auto_force_rport”.
https://downloads.asterisk.org/pub/security/AST-2019-006.pdf
AST-2019-007: AMI user could execute system commands.
A remote authenticated Asterisk Manager Interface (AMI) user without
“system” authorization could use a specially crafted “Originate” AMI request
to execute arbitrary system commands.
https://downloads.asterisk.org/pub/security/AST-2019-007.pdf
AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0
and no c line in the SDP, a crash will occur.
https://downloads.asterisk.org/pub/security/AST-2019-008.pdf
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is a minor release which includes fixes for CVE-2019-8812 and
CVE-2019-8814.
This release also fixes the build with WebDriver disabled and without
X11, so "0001-GTK-ANGLE-s-eglplatform.h-is-build-broken-with-DENAB.patch"
and "0002-WPE-GTK-Build-fails-with-ENABLE_WEBDRIVER-OFF.patch" are not
needed anymore (and therefore removed). There is also a performance
improvement for a regression related to fallback font selection, and a
couple of small fixes. The full release notes are available at:
https://webkitgtk.org/2019/11/06/webkitgtk2.26.2-released.html
The detailed security advisory can be found at:
https://webkitgtk.org/security/WSA-2019-0006.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On x86_64, we use the host compiler instead of the target compiler to
build kvm-unit-tests, because it is built with -m32 and our target
compiler doesn't support that.
However, the compiler on Arch Linux is broken: it *always* builds with
-fstack-protector, even when -ffreestanding is passed. However, when
-fnostdlib is passed at link time (which is normally the case when
building with -ffreestanding), it is not linked with the stack-protector
library. This leads to a link time error:
/usr/bin/ld: x86/realmode.o: in function `print_serial_u32':
.../x86/realmode.c:104: undefined reference to `__stack_chk_fail'
Since the entire package is built with -ffreestanding, it doesn't
support stack-protector at all. Therefore, simply pass
-fno-stack-protector explicitly on x86_64 to work around the bug in Arch
Linux.
Commit c0ffd16e4 tried to do this, but got the condition wrong:
-fno-stack-protector was passed in all cases *except* for x86_64. This
commit fixes that, by inverting the condition and moving the
--cross-prefix part to the else branch.
Fixes:
http://autobuild.buildroot.net/results/ca9576721214ecdce5622f2b7ec4fd4fc3699ac0/
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version fixes a runtime issue which crashes gerbera:
https://github.com/gerbera/gerbera/issues/522
The issue has been reported upstream:
https://github.com/mrjimenez/pupnp/pull/122
The fix for this issue is the only "useful" commit between 1.8.5 and
1.8.6:
$ git --no-pager log --format=oneline release-1.8.5..release-1.8.6
71a47673795e9228775959ea23a984ff6c4d0a43 (tag: release-1.8.6) Adjust the library numbers for release
436aae7b617a4cd7bc1e1411d6882780699eb2ee Put the 1.8.6 release on README.md
90069231d83d2f365b76e2b15d918dfb06209970 Update README.md
7d6158d2c88245f2da4354a8bd0bc359eb15fac6 Update Changelog and THANKS
463f1cc025b27af35b0b73a05ba379d0051bcedf Fix format string for ExtraHeaders
8516da470bf32fa1f5c6f59aac3508378d5a85be Homekeeping for the next release
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When systemd support is enabled, systemd should be built before,
otherwise the build fails with:
checking for SYSTEMD... no
configure: error: libsystemd support requested but found
package/pkg-generic.mk:228: recipe for target
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
qemu requires python in its configre script. Yet host-python was
not listed as one of the package's dependencies. If no other package
requested host-python, then configuring this package will fail since
it won't find any executable named python in the host dir.
In order to reproduce this issue you must not have python2 installed
on your host machine.
Signed-off-by: Avi Shukron <avraham.shukron@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a patch to filter -Wl,--no-undefined as -Wl,-z,undefs was only
added in binutils 2.30, and therefore is not available in some older
toolchains, causing build failures such as:
/home/naourr/work/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/aarch64_be-linux-gnu/7.3.1/../../../../aarch64_be-linux-gnu/bin/ld: warning: -z undefs ignored.
Fixes:
- http://autobuild.buildroot.org/results/06a6d865b6b7d8ebd793bde214f4a4c40e0962e1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The release notes at
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
say:
==
Upgrade urgency CRITICAL: Only in case of exposed instances to untrusted users.
This Redis release, 5.0.6, is a bugfix and enhancement release. The most
important bugfix is a corruption related to the HyperLogLog. A malformed
HyperLogLog string could cause an invalid access to the memory. At a first
glance the vulnerability appears to be not exploitable but just a DoS. The
way to trigger the issue is complex, we'll not provide any information about
how to do that for the users safety.
==
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the documentation for the output/host/ directory to mention
that it contains the sysroot for the target toolchain, as well as the
host tools required for running buildroot.
Update the staging/ documentation to reflect that it is a link to the
target toolchain sysroot in the host/ directory.
Signed-off-by: Michael Drake <michael.drake@codethink.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 68b5b79b2f has set the getty port to the default console but left
"ttyO0" in bootargs, in the U-Boot environment. Use "ttyS0", instead.
Also set loadaddr to 0x82000000 and fdtaddr to 0x88000000, replacing the
values that were valid for the ancient U-Boot and Linux pre-installed on
old boards but cause boot hangs with the current versions.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The jailhouse package was added in commit
ee4990721c by Carlo Caione, but no entry
in the DEVELOPERS file was added. Let's fix this to ensure we have a
registered maintainer for the Jailhouse package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Carlo Caione <ccaione@baylibre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a minor release which includes fixes for CVE-2019-8812 and
CVE-2019-8814.
This release also fixes the build with WebDriver disabled, making patch
"0002-WPE-GTK-Build-fails-with-ENABLE_WEBDRIVER-OFF.patch" unneeded
(and therefore removed). There is also a performance improvement for
a regression related to fallback font selection, and a couple of small
fixes. The full release notes are available at:
https://wpewebkit.org/release/wpewebkit-2.26.2.html
The detailed security advisory can be found at:
https://wpewebkit.org/security/WSA-2019-0006.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The two helper programs TesturePackager and JsonSchemaBuilder are built
out of the same source tree as Kodi, so to avoid downloading the same
archive three times, let's them share the same download directory.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A sub-component of Kodi (cpluff) needs to be autoreconf-ed, and uses
gettext, so calls to autopoint:
[ 2%] Performing autoreconf step for 'libcpluff'
autoreconf: Entering directory `.'
autoreconf: running: autopoint --force
Can't exec "autopoint": No such file or directory at [...]/host/share/autoconf/Auto4te/FileUtils.pm line 345.
autoreconf: failed to run autopoint: No such file or directory
autoreconf: autopoint is needed because this package uses Gettext
make[4]: *** [CMakeFiles/libcpluff.dir/build.make:121: build/cpluff/src/libcpluff-stamp/libcpluff-autoreconf] Error 1
make[3]: *** [CMakeFiles/Makefile2:615: CMakeFiles/libcpluff.dir/all] Error 2
Add a dependency to host-gettext to bring an appropriate variant that
provides autotpoint (gettext-tiny's autopoint works like a charm, for
the curious).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When a textdomain is specified, we ignore it twice: we shift args, and
we printf ${2}, which would yield an empty printf.
Fix that by not shifting, and just printf ${2}; this is nicer.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gettext-tiny also installs a fake autopoint, but it still needs to be
pointed at the m4 macros, which the template autopoint expects to be in
@datadir@, where datadir is the traditional autotools datadir, derived
from datarootdir, itself derived from prefix.
So, pass prefix so all the locations are properly pointing to HOST_DIR,
instead of the default /usr/local.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
neardal is licensed under LGPL-2.0, which is (most likely) not license
compatible with readline (GPL-3.0+), so always use the libedit backend.
The choice is done by ./configure, which first checks for libedit, and
uses readline only as a fallback. Since we do build libedit before
neardal, that's what is going to be picked up.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr:
- add blurb about preference in ./configure
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
COPYING states LGPL-2.0, not GPL-2.0:
GNU LIBRARY GENERAL PUBLIC LICENSE
Version 2, June 1991
So use that for the license tag.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
{python-,}readline is (no longer) a required dependency of kodi, and
readline (GPL-3.0+) is not license compatible with kodi (GPL-2.0), so drop
the dependency.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In commit 6136765b23 ("toolchain:
generate check-headers program under $(BUILD_DIR)"), the
check_kernel_headers_version function was simplified to not check the
return value of the check-kernel-headers.sh script, assuming that
"make" does bail out on the first failing command.
However, check_kernel_headers_version when used in $(2)_CONFIGURE_CMDS
from pkg-toolchain-external.mk, is called in a sequence of commands,
where the return value of each command is not checked. Therefore, a
failure of check-kernel-headers.sh no longer aborts the build.
Since all other macros are using this principle of calling "exit 1",
we revert back to the same for check_kernel_headers_version, as it was
done prior to 6136765b23.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Carlos Santos <unixmania@gmail.com>
Reviewed-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
oracle-mysql is licensed under GPL-2.0, which is not license compatible with
modern readline (GPL-3.0+), so instead use the bundled older version
(GPL-2.0+ licensed) of readline instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
socat is licensed under GPL-2.0, which is not license compatible with
readline (GPL-3.0+), so drop the optional dependency and add a comment
explaining why.
This also matches how socat is packaged in Debian, where the man page has
the following snippet added:
READLINE
Uses GNU readline and history on stdio to allow editing and reusing input lines (example).
Due to licensing restrictions the readline feature is disabled in Debian. See BUGS.
You can use STDIO instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
mariadb is licensed under GPL-2.0, which is not license compatible with
modern readline (GPL-3.0+), so instead use the bundled older version
(GPL-2.0+ licensed) of readline instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
lvm2 is licensed under GPL-2.0, which is not license compatible with
readline (GPL-3.0+), so drop the optional dependency and add a comment
explaining why.
Notice: The readline support is only used when the raw lvm tool is called
without arguments.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The tarball unfortunately does not include a dedicated license file, so
instead use the main source file for the setkey command.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
chrony is licensed under GPL-2.0, which is not license compatible with
readline (GPL-3.0+), so remove the optional readline handling and replace
with libedit instead.
While we are at it, also explicitly disable the libedit backend when not
available.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Dropwatch links with readline, which is GPL-3.0+, so not compatible with
GPL-2.0. When asked about this, upstream has clarified that the license
really is GPL-2.0+:
https://github.com/nhorman/dropwatch/issues/14
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: add a coomet as suggested by Baruc]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Baruch Siach <baruch@tkos.co.il>
While the core connman code is licensed under GPL-2.0, the client code is
GPL-2.0+ for compatibility with readline (which is GPL-3.0+).
Extend the _LICENSE with this info to clarify that linking against
readline is OK licensing wise.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
ninja depends on python3 specifically, but the configure.py file
simply uses "env python". Where no python is selected for the target
you simply won't get a python symlink in $(HOST_DIR)/usr/bin, so the
configure.py script fails to run since it can't find "python".
Notice that in order to reproduce the issue, you must not have
python2 installed on your host machine.
Signed-off-by: Avi Shukron <avraham.shukron@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Install QtWayland only if the latest Qt version is selected. It does not
exist in version 5.6.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Docker fails to start with "Devices cgroup isn't mounted" as of systemd 243.
According to the systemd documentation:
systemd now defaults to the "unified" cgroup hierarchy setup during
build-time, i.e. -Ddefault-hierarchy=unified is now the build-time default.
Previously, -Ddefault-hierarchy=hybrid was the default. [...] Downstream
production distributions might want to continue to use
-Ddefault-hierarchy=hybrid (or even =legacy) for their builds as unfortunately
the popular container managers have not caught up with the kernel API changes.
Changing this option to "hybrid" or "legacy" fixes the Docker startup.
Reference: https://github.com/opencontainers/runc/issues/654
Signed-off-by: Christian Stewart <christian@paral.in>
Tested-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build can sometimes fails on:
src/svgtiny.c:21:10: fatal error: autogenerated_colors.c: No such file or directory
#include "autogenerated_colors.c"
^~~~~~~~~~~~~~~~~~~~~~~~
because svgtiny.c does not properly depends on autogenerated_colors.c
that is built by gperf. So, just disable parallel build instead of
trying to fix this issue especially because libsvgtiny uses the netsurf
buildsystem
Fixes:
- http://autobuild.buildroot.org/results/48e7a7f7c72634d59cca817778d31661bfe8e72f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Just some bugfixes, including an important one to fix long indication
messages that are split into multiple fragments.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 2be4232d98 removed the config option for openvmtools' procps
support, but forgot to add it to the legacy menu.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit fixes a number of small minor details in the jailhouse
Config.in file:
- The Config.in comment is in the middle of the main
BR2_PACKAGE_JAILHOUSE option and its sub-options, causing the
sub-options to not be indented properly in menuconfig
- jailhouse was capitalized as Jailhouse, while all Buildroot
packages in menuconfig use small letters, so use "jailhouse"
everywhere
- no need to repeat "jailhouse" in the prompt of the sub-option for
helper scripts, since it is not properly indented under the main
jailhouse option. Ditto in the comment when python is disabled.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- further drop 'jailhouse' from the helper scripts comment when
python is not enabled
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commits 495e757d2 (package/dtc: add optional libyaml dependency) and
e43d9072a (package/dtc: fix build without libyaml), added a conditional
dependency to host-pkgconf, when libyaml is enabled, while commit
56d6dd453 (package/dtc: disable valgrind) explicitly disabled support of
valgrind.
However, presence of libyaml, as well as that of valgrind, *is* detected
by calling pkg-config:
NO_VALGRIND := $(shell $(PKG_CONFIG) --exists valgrind; echo $$?)
NO_YAML := $(shell $(PKG_CONFIG) --exists yaml-0.1; echo $$?)
Passing NO_YAML=1 or NO_VALGRIND=1 do not prevent the tests from being
executed, which would yield messages like:
/bin/sh: 1: /home/ymorin/dev/buildroot/O/host/bin/pkg-config: not found
(note however that, even if the test is executed, the value we pass on
the command line still takes precedence, and the support for either is
properly disabled.)
So, move the dependency on host-pkgconfig out of the condition. Ditto
for the host package.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Titouan Christophe <titouan.christophe@railnova.eu>
Cc: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When a package specifies extra downloads, it has the option to only name
the basename of the extra download, in which case that extra download
will be retrieved from the same location the main download is retrieved
from.
In that case, if the extra download contains a '+', it would confuse the
dl-wrapper, which believes the LHS of the '+' is the site method, and
the RHS the actual URI, and so the dl-wrapper mangles and damages the
URI when fetching such extra downloads, like that happens with android
tools, where the proper URI and mangled URIs of the extra download are,
respectively:
https://launchpad.net/ubuntu/+archive/primary/+files/android-tools_4.2.2+git20130218-3ubuntu41.debian.tar.gzhttp://archive/primary/+files/android-tools_4.2.2+git20130218-3ubuntu41.debian.tar.gz
We fix that by always propagating the site method to extra downloads,
but only when they are specified as relative to the main download URI.
For the extra downloads that specify a full URI, it is not systematic
that it is the same site method. For example, a main download could be a
git clone, but an extra download a pure http download; in that case we
can't replicate the site method for extra downloads, so they'll have to
take appropriate care to specify the required method and encoding if
needed.
Reported-by: Jemy Zhang <jemy.zhang@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Jemy Zhang <jemy.zhang@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit ccc9e05990 ("package/meson:
install cross-compilation.conf during toolchain install") moved the
logic to generate the global cross-compilation.conf from
package/meson/meson.mk to package/pkg-meson.mk. While doing so, it
renamed the macro from HOST_MESON_INSTALL_CROSS_CONF to
PKG_MESON_INSTALL_CROSS_CONF, but the registration of this hook in
TOOLCHAIN_POST_INSTALL_STAGING_HOOKS was not changed accordingly: it
is still registering HOST_MESON_INSTALL_CROSS_CONF.
Due to this, the global cross-compilation.conf file was no longer
generated.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When a previous package (e.g. a custom skeleton) or on a rebuild, the
sudoers.d directory may be non-empty, if the user has installed a custom
config file there, so we do not want to remove the directory if it is
not empty; we just want to remove it if it is empty.
Pass --ignore-fail-on-non-empty to rmdir to fix the following error:
rmdir /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-2/output/target/etc/sudoers.d
rmdir: failed to remove '/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-2/output/target/etc/sudoers.d': Directory not empty
Fixes:
- http://autobuild.buildroot.org/results/0cfc61a98760c1d3a98aa0f1e126767881c49abd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- expand commit log to explain why we don't do rm -rf
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Thomas: cherry-picked to master as it fixes a build issue with the
musl C library:
output/build/libressl-2.9.2/crypto/compat/getprogname_linux.c: In function ‘getprogname’:
output/build/libressl-2.9.2/crypto/compat/getprogname_linux.c:32:2: error: #error "Cannot emulate getprogname"
#error "Cannot emulate getprogname"]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bugfix release. From the ChangeLog:
Ver 1.31:
- Fix issue with handling CID 0 context identifier.
- Fix issue with handling detach state and running LTE.
- Fix issue with handling SIM states and Quectel modems.
Signed-off-by: Anthony Viallard <viallard@syscom-instruments.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit bumps ARC toolchain to arc-2019.09-rc1.
We want to test how new toolchain-rc1 builds packages,
so we can make fixes before release of toolcain.
ARC GNU tools of version arc-2019.09-rc1 bring some quite significant changes like:
* Binutils v2_33.20191002 with additional ARC patches
* GCC 9.2.0 with additional ARC patches
* glibc 2.30 with additional ARC patches
Please note that it is a release candidate and it might contain some breakages,
please don't use it for production builds.
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The latest version specifies the CMake project type as C-only.
Otherwise the build will fail for configurations without C++ compiler.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Clarify that the new floating point ABI logic is for RISC-V and add the
linux-serial-test package that got added just before -rc1.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 1e55b66e97.
This bump breaks the build of a number of defconfigs with errors like:
HOSTCC scripts/dtc/libfdt/fdt_ro.o
scripts/dtc/libfdt/fdt_ro.c:92:10: error: redefinition of ‘fdt_get_max_phandle’
uint32_t fdt_get_max_phandle(const void *fdt)
^~~~~~~~~~~~~~~~~~~
In file included from scripts/dtc/libfdt/fdt_ro.c:54:
/work/beaglebone/host/include/libfdt.h:384:24: note: previous definition of ‘fdt_get_max_phandle’ was here
So revert it for 2019.11.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Stephan Henningsen <stephan+buildroot@asklandd.dk>
[yann.morin.1998@free.fr:
- drop the conditional creation
- uid -is -'- when username is
- leading TAB in user table, squeeze other spaces
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The name of the option to enable/disable support for pulseaudio has been
in flux in FreeRDP, soemtimes being WITH_PULSE, sometimes being the
erroneous WITH_PULSEAUDIO. Eventually, FreeRDP came to their feet, and
fixed it to WITH_PULSE everywhere.
Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru>
[yann.morin.1998@free.fr:
- remove useless (obsolete) WITH_PULSEAUDIO
- fix the else clause too
- enhance commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The current URL from which we download the yaffs2utils tarball no
longer works:
-2019-11-02 10:17:20-- https://yaffs2utils.googlecode.com/files/0.2.9.tar.gz
Resolving yaffs2utils.googlecode.com (yaffs2utils.googlecode.com)... 2a00:1450:400c:c02::52, 173.194.76.82
Connecting to yaffs2utils.googlecode.com (yaffs2utils.googlecode.com)|2a00:1450:400c:c02::52|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2019-11-02 10:17:20 ERROR 404: Not Found.
So, let's replace it with a working URL.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A Fast, Extensible Progress Bar for Python and CLI.
Signed-off-by: Louis Aussedat <aussedat.louis@gmail.com>
[Thomas:
- drop depends on BR2_PACKAGE_PYTHON3
- fix license information]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some lxc segfaults (in 3.1.0) are fixed in this newer version.
New dependency on !UCLIBC as fexecve() is required now.
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The "1.21.2" is not a NetworkManager release, it's a development
snapshot. Bring the package back to 1.20.x stable series.
This reverts commit 9cf61746a2.
It should eventually be brought back, but just not yet.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit c898f95c27 added support for
Gallium VDPAU state tracker by updating Config.in to add a dependency on
XORG7. However, mesa3d.mk was not updated to reflect this dependency.
XORG7 dependences is already managed under the ifeq
BR2_PACKAGE_MESA3D_OPENGL_GLX block so reuse this block by making ifeq
depends on a new BR2_PACKAGE_MESA3D_NEEDS_X11 hidden option
Fixes:
- http://autobuild.buildroot.org/results/bbd102d59bbdca35fd1b5401df2790dd197d1e5f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit c975106f60 which does
not seem to really work. The issue will be fixed by a patch retrieved
from upstream.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This bump incorporates the changes found while preparing the 1.3.7
release and drops the CVE 2019-12815 patch which was incorporated in
a73dbfe3b6.
Adjusted the site location to point at github.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump U-Boot to 2019.10 and kernel to 5.3.8 versions.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
check-package does not like us overriding IPUTILS_NINFOD, so rework the
logic to use unset (empty) for the positive case and explicitly test against
'n'.
package/iputils/iputils.mk:51: conditional override of variable IPUTILS_NINFOD
package/iputils/iputils.mk:56: conditional override of variable IPUTILS_NINFOD
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The systemd project maintains a separate repository on github where patches
are backported on top of released version by the systemd maintainers.
This patch changes the SYSTEMD_SITE to point on that repository and points
to the latest version of v243, which was the previous version used by
systemd.
Unfortunately, upstream does not tag any version,so we use 'git describe'
as a SYSTEMD_VERSION
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Reviewed-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These are normally enabled by systemctl preset-all.
[Peter: use positive logic, explicitly pass BUILD_NINFOD=true in the
positive case]
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
eudev and systemd provide a hardware database (hwdb) as a set of
multiple files. Various other utilities may also use that database.
Those files have to be "compiled" into a binary to be useful; libudev
(and thus all utilities based on it) only use the compiled hwdb.
Compiling the hwdb is done with udevadm, using the hwdb sub-command:
udevadm hwdb --update
Provide a simple host-variant of eudev, so that we can call udevadm at
build time.
When it is configured, eudev will shoehorn its --prefix path as the base
location where the .hwdb file will be searched from, as well as where
the hwdb.bin will be generated in. This means that with the usual
--prefix=$(HOST_DIR), it would look into there.
udevadm also accepts a --root=/path option at runtime, which prepends
/path to all the paths it uses to find and generate files.
Obviously, combining --root=$(TARGET_DIR) and --prefix=$(HOST_DIR) would
not do what we want: all files would be searched for, and generated, in
$(HOST_DIR)$(TARGET_DIR)/ . Avoiding use of --root would not help much
either, as files would still searched in $(HOST_DIR) (we could use a
trick to copy files there, generate and then move the hwdb.bin, but
that's not nice).
However, since we only need udevadm, and since udevadm has no internal
and no external dependency, we can use a less dirty trick and configure
host-eudev with --prefix=/usr (and similar for the other paths), manually
copy udevadm to HOST_DIR, and then use --root when calling it.
Then, we get a udevadm that can read files from, and generate files into
$(TARGET_DIR). We register a target-finalize hook to generate the
hwdb.bin, so that any pakage may install its .hwdb files (currently only
eudev and systemd do, but other packages might (e.g. sane is known to do
so on standard desktop distros))
The *.hwdb source files consume a lot of space, roughly the same as the
generated database, i.e. ~8MiB as of today, and they are totally useless
on the target; only the generated hwdb.bin is useful. So we want to get
rid of them.
However, we also want to be able to complete a build (e.g. make
foo-reinstall to reinstall more hwdb files), so we don't want to
irremediably lose them. As such, we register a pre-rootfs-cmd hook, that
removes them just before assembling the filesystems, when we're only
using a copy of the target directory.
Note that this is the first host package to register a target-finalize
hook, and also the first to register a pre-rootfs-cmd hook. This avoids
duplicating these hooks logic in both eudev and systemd.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The indirect dependency through kmod was not tracked.
Detected with randconfig.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The indirect dependency via python-cryptography was not set in the
Config.in.
Detected with randconfig.
And propagate this to the reverse dependencies.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Peter: also propagate to the reverse dependencies]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The rsyslog project removed the ability to toggle libcurl dependencies in
dc95ef09bd,
however there are a series of options that now add a libcurl dependency.
This bump disables the following options to prevent libcurl as a new dependency.
--disable-elasticsearch
--disable-clickhouse
--disable-omhttp
--disable-fmhttp
--disable-imdocker
--disable-omhttpfs
--disable-mmkubernetes
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use the github macro rather than manually downloading from github and
include -stable in the version number to match release-monitoring.org.
And update the .hash line to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The upstream Alljoyn project is dead since the AllSeen
Alliance merged with the Open Connectivity Foundation
back in 2016. No other package depends on Alljoyn, so
it can be removed.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
[Peter: fixup legacy option text]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- added sha256 hash values for archive and license files
- updated sha1 from upstream download site
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/7.4.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: libsysrepo.so.0.7.8: undefined reference to `__atomic_fetch_add_4'
This is often for example the case on sparcv8 32 bit.
Fixes:
- http://autobuild.buildroot.org/results/d807f3dc922a61e099a66de3bc340c018a86e150
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
dbus-glib is not required since version 1.2.8 and
28098f2c7c
Parts of dbus-glib have been copied into dbus-python instead. It can
only use the bundled copy, not the system dbus-glib.
So drop it and add dbus-gmain/COPYING to license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If the libselinux package is selected, add the package to the
dependency list and explicitly set --enable-selinux.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If the systemd package is selected, add the package to the
dependency list and explicitly set --enable-systemd.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This is a very minor bugfix release which solves an issue with wrong
version numbers in the headers included in the 1.4.0 release tarball,
without any functional changes. Programs which explicitly check for
version 1.4.0 of libwpe will not build or run without this update.
While Buildroot which use libwpe do not need this applied, they may
in the future. Also, third-party packages added through a BR2_EXTERNAL
may depend on using a version of libwpe which corrects the issue with
the version numbers.
Release notes:
https://wpewebkit.org/release/libwpe-1.4.0.1.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
License files are sometimes called LICENCE, so support that as well.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Use official tarball (which contains a configure so drop autoreconf)
- Drop first and second patches (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
iconv.h is always included by mz_os_posix.c so select
BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE
Fixes:
- No autobuilder failures
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump OP-TEE OS package version to OP-TEE release 3.7.0.
This adds host-python-pyelftools to optee-os dependencies
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes reference path "../build/optee_os-" to "./output/build/optee-os-"
as package is optee-os and symbol file here is reached from BR top
dir and assuming output in output/.
Updates GDB tool name to arm-linux-gdb.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
On some architectures, atomic operations are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/7.4.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: libleveldb.so.1.22.0: undefined reference to `__atomic_fetch_sub_4'
This is often for example the case on sparcv8 32 bit.
Fixes:
- http://autobuild.buildroot.net/results/257a820bb87a874ce0e2152d2752845be972fabe
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This is a security release in order to address the following defects:
o CVE-2019-10218: Client code can return filenames containing path
separators.
o CVE-2019-14833: Samba AD DC check password script does not receive
the full password.
o CVE-2019-14847: User with "get changes" permission can crash AD DC
LDAP server via dirsync.
Release notes: https://www.samba.org/samba/history/samba-4.10.10.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
sysrepo is a YANG-based configuration and operational state
data store for Unix/Linux applications. It is a dependency
of Netopeer, a NETCONF server.
Both patches have been merged upstream.
Signed-off-by: Heiko Thiery <heiko.thiery@kontron.com>
[Arnout: fix sysvinit scripts to properly daemonize and to read
/etc/default]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Enable host support because host-sysrepo depends on host-libev and
host-sysrepo is needed for netopeer-keystored.
Signed-off-by: Heiko Thiery <heiko.thiery@kontron.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop custom gtest.pc and gmock.pc, already provided.
Add a post-install-staging hook to install the gmock-config script.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes [1]:
In file included from double-conversion.h:42,
from number_decimalquantity.cpp:19:
double-conversion-utils.h:121:2: error: #error Target architecture was not detected as supported by Double-Conversion.
#error Target architecture was not detected as supported by Double-Conversion.
[1] http://autobuild.buildroot.net/results/fc331ae8e2484be6818f4fc334d3f8c9658fffdc
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
license lives now in its own file
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
license lives now in its own file
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
license lives now in its own file
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Switch to cmake to fix a build failure on m68k with uclibc because
glog's configure tests wrongly thinks that -fPIE works
By switching to cmake, we can remove the patch as the unittests won't be
built anymore
We can also finely tune options such as gflags, threads and dynamic
library support. This last option is handled through the standard
BUILD_SHARED_LIBS option
Fixes:
- http://autobuild.buildroot.net/results/5a659d960c24256a2905f129dfa70e3dc9e92aec
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libsigrok optionally depends on libftdi1, not libftdi. This was already
the case for a long time, but until the recent commit 01b30e5d69, all
the configure options were wrong so it would use the automatic check for
availability of libftdi1. Now we pass the --with-libftdi option
explicitly, configure will fail if libftdi1 is not available.
Fixes:
- http://autobuild.buildroot.net/results/ec1f9f57944139b24738c1be529c4fc4b128a516
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Also moved License sha256sum.
- vendor/github.com/mendersoftware/go-liblzma/LICENSE to
vendor/github.com/remyoudompheng/go-liblzma/LICENSE
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch extends the "copy extra GCC libraries to target" feature to
also work for internal toolchains. The variable has been renamed to be
BR2_TOOLCHAIN_EXTRA_LIBS and the configuration option moved under the
generic toolchain package. For external toolchains, the step that does
the copy is still in the copy_toolchain_lib_root() helper which copies
from the sysroot to the target. For the internal toolchain, the host
gcc-final package does a post install hook to copy the libraries from
the toolchain build folders to both the sysroot and target(!static).
Examples where this can be useful is for adding debug libraries to the
target like the GCC libsanitizer (libasan/liblsan/...).
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This is required by wpewebkit and webkitgtk.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Remove FindLibUV patch which is now upstream.
Resync/reformat rename cmake rootfile patch for 3.15.4 with git
format-patch.
Copyright.txt has updated copyright year and added some authors.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Python 2.7 will not be maintained past 2020.
Many scripts on the tree are used during the build and should keep
Python 2 compatibility for a while.
This is not the case for the runtime test infra. It's meant to be run in
modern distros only, so it can safely switch to support Python 3 only.
An advantage of this approach is to have less scenarios to test in.
Otherwise every change to the test infra or runtime tests would need to
be tested against both versions of the interpreter, increasing the
effort of the developers, to ensure the compatibility to Python 2 was
not broken.
In order to accomplish the change to Python 3:
- change the shebang for run-tests;
- use Python 3 urllib as a drop-in replacement for Python 2 urllib2;
- when writing the downloaded binary files, explicitly open the output
file as binary;
- when subprocess is used to retrieve the text output from commands,
explicitly ask for text output. For this, use 'universal_newlines'
because 'text' was added only on Python 3.7;
- when pexpect is used to retrieve the text output from qemu or git,
explicitly ask for text output using 'encoding';
- the code using csv currently follows the example in the documentation
for the Python 2 module, change it to follow the example in the
documentation for the Python 3 module;
- fix the relative import for test_git.py to be Python 3 compliant.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Romain Naour <romain.naour@smile.fr>
Tested-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use --with-libgrpc++ option as otherwise collectd will try to find
grpc++.pc which is not available
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
m68k does not seem to really support PIE as it raises the following
build failure with aer-inject:
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main':
(.text+0x4): undefined reference to `__shared_flat_add_library'
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: final link failed: bad value
We also have another build failure with uclibc on microblazeel:
/home/buildroot/autobuild/instance-1/output-1/host/lib/gcc/microblazeel-buildroot-linux-uclibc/8.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: bad value
collect2: error: ld returned 1 exit status
Makefile.in:114: recipe for target '../utils/getconf' failed
So add a BR2_TOOLCHAIN_SUPPORTS_PIE dependency on BR2_PIC_PIE
Fixes:
- http://autobuild.buildroot.net/results/4cdd6f0368cc9d3c6e88f01b1a8929eb0839b638
- http://autobuild.buildroot.net/results/a82a484409149d7f9aff6140ddcb89f627f508c7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues (1.33.2):
- CVE-2019-17596: Invalid DSA public keys can cause a panic in dsa.Verify.
In particular, using crypto/x509.Verify on a crafted X.509 certificate
chain can lead to a panic, even if the certificates don’t chain to a
trusted root. The chain can be delivered via a crypto/tls connection to a
client, or to a server that accepts and verifies client certificates.
net/http clients can be made to crash by an HTTPS server, while net/http
servers that accept client certificates will recover the panic and are
unaffected.
Additionally, 1.13.3 fixes a number of issues. From the release notes:
Fixes to the go command, the toolchain, the runtime, syscall, net, net/http,
and crypto/ecdsa packages
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some python scripts may be ran in the custom scripts a user can define
in the config. Allow the user to enable host-python explicitly.
If any of those require ssl, they will fail with no possible fix.
Add an option to enable openssl as well. This is made optional because
openssl significantly increases the build time.
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Some python scripts may be ran in the custom scripts a user can define
in the config. Allow the user to enable host-python3 explicitly.
If any of those require ssl, they will fail with no possible fix.
Add an option to enable openssl as well. This is made optional because
openssl significantly increases the build time.
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
It has python3 and nose for python3! :-)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add a BR2_PACKAGE_CHRONY_DEBUG_LOGGING config option to allow enabling
compiled-in support for debug logging in Chrony.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
[Arnout: don't enable by default]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In commit 2c8ff251cb ("boot/uboot: add
option to generate env image from default env"), the possibility of
generating an environment image using the built-in U-Boot environment
as a source was added.
This is meant to happen when the string option
BR2_TARGET_UBOOT_ENVIMAGE_SOURCE is empty, but the original commit
added the Config.in help text to BR2_TARGET_UBOOT_ENVIMAGE, which is a
boolean option, and therefore cannot be empty.
Move the help text to BR2_TARGET_UBOOT_ENVIMAGE_SOURCE, where it
belongs.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order for the ngrep version to match what is given by
release-monitoring.org, replace '_' by '.' in NGREP_VERSION
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix several issues with systemd service file installation for gpsd:
- systemd support in the gpsd build was defaulting to enabled or not
based on whether the host system had systemd directories present. Set
this explicitly based on whether BR2_INIT_SYSTEMD is set.
- The installed systemd service files referenced paths in /usr/local when
the actual binaries are installed in /usr. Replace /usr/local with /usr
in the installed service files.
- When BR2_PACKAGE_HAS_UDEV was enabled, all of the binaries were
re-installed again, along with the udev rules, as part of the
post-install hooks. This overwrites the service files that were just
fixed up. Since udev-install implies install, we can just call
udev-install.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
udhcpc6 implements "stateful" DHCPv6 for explicitly requesting an address
and other configuration information. A major difference between DHCPv4
and DHCPv6 is that DHCPv6 does *not* advertise a default route; this is
determined by normal IPv6 autoconfiguration.
Add logic to wait up to IF_WAIT_DELAY seconds for the IPv6 route to be
configured; as above this doesn't come from DHCPv6 but rather the IPv6
Router Advertisement (RA) which happens independently from udhcpc6. The
intent here is to try and ensure that the interface is route-able upon the
script's completion as it would be if called from udhcpc.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
udhcpc6 will call the default script with the stateful address set in the
"ipv6" variable. Set "ip" to this address if present, using the /128 prefix
used by stateful DHCPv6 so the existing renew/bound logic can be used like
in DHCPv4.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The test infra will soon be converted to Python 3 only.
So add the interpreter and also the Python 3 variant of modules nose2
and pexpect to the docker image used to run runtime tests.
Keep the Python 2 variant of those modules to allow a gradual
transition.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds the remaining ssp and relro cases plus both of the
fortify options. The randomization was left consistant between the
options but the order of the conditions placed the most restrictive
hardening options with more priority.
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit bumps ARC toolchain to arc-2019.09-eng002. We want to
test how new toolchain-eng002 builds packages, so we can make fixes
before release of toolcain.
Please note that it is an engineering build and it might have all
kinds of breakages, please don't use it for production builds
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The POSIX functions sched_getscheduler(), sched_setscheduler(),
sched_getparam(), sched_setparam() are technically not correctly
implemented by the Linux syscalls of the same name, because what the
kernel calls a PID and what POSIX calls a PID isn't truly the same,
resulting in somewhat different semantics as to what these functions
exactly apply to.
Details: https://sourceware.org/bugzilla/show_bug.cgi?id=14829
Since the musl developers put a high premium on POSIX compliance, they
deliberately implement these functions to return -ENOSYS instead of
relaying them to the respective Linux syscalls as glibc/uClibc do.
Unfortunally this breaks virtually all Linux programs using these
functions under musl. For example running 'chrt -p 1' fails with
'Function not implemented' on a musl-libc based system.
In particular, it affects embedded systems using these interfaces
for scheduling real-time processes.
As it seems unfeasible to fix all affected programs to manually use
syscall wrappers instead of the libc functions, make musl behave the
Linux way.
Signed-off-by: Stefan Nickl <Stefan.Nickl@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Ogre needs host-swig with pcre support when python interpreter is
present on the target.
Otherwise the build stop with the following message:
"SWIG:7: Error: PCRE regex matching is not available in this SWIG build."
Ogre has been tested using the SampleBrowser binary but some demos
are not working due to missing optional dependencies (nvidia Cg plugin).
See: https://www.ogre3d.org/2019/05/01/ogre3d-1-12-released
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change introduces a Qemu board for an Armv7-A target executing
with OP-TEE secure world services. The target Linux based normal world
embeds the standard minimal filesystem with OP-TEE non-secure components
embedded files from OP-TEE test, examples and benchmark packages.
qemu_arm_vexpress_tz_defconfig differs from qemu_arm_vexpress_defconfig.
Supporting both secure and non-secure worlds on the Arm target mandates
a secure world, here OP-TEE OS, and a bootloader to boot both worlds,
here TF-A (boot/arm-trusted-firmware). Here non-secure Linux kernel is
booted through U-boot
TF-A bootloader (BL1/BL2) => OP-TEE (BL32) => U-boot (BL33).
| Executes as secure | Secure | Execs as Non-secure
| Loads BL32/BL33 in RAM | Jumps to BL33 | Always booted after
| Jumps to BL32 once done | as Non-secure | secure world inits
Vexpress and vexpress-tz defconfigs also differs in that Qemu emulates
a Cortex-A9 in the former and a Cortex-A15 in the later. Cortex-A15
is the Armv7-A CPU used in upstream TF-A and OP-TEE OS packages hence
selected here.
Defconfig adds a fragment to the Linux kernel native configuration to
enable OP-TEE driver support.
Defconfig adds a fragment to the U-Boot native configuration set boot
command, enable semihosting and remove U-Boot persistent environment
storage support.
The defconfig also enables build of the Qemu emulator in case the
system installed Qemu does not yet support CPU TrustZone secure state.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Arnout, with the help of Peter: correct spelling mistakes in readme,
fix U-Boot version to 2019.01, download tarball of TF-A instead of git]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since commit 6eacea5a (support/kconfig: bump to kconfig from Linux
4.17-rc2), xconfig uses Qt5, so update prerequisite.txt to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, we set TOOLCHAIN_INSTALL_STAGING three times: once
(conditionally) in toolchain.mk, and once each (unconditionally) in
pkg-cmake.mk and pkg-meson.mk.
This is a little bit messy... Set it just once, unconditionally, in
toolchain.mk where it belongs.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 32bec8ee2f
("toolchain-external: copy ld*.so* for all C libraries") changed (among
other things) the glob pattern to catch the dynamic loader from
ld*.so.*
to
ld*.so*
thus now matching files like 'ld-2.20.so' in addition to files like
'ld.so.1'.
However, there is no apparent reason why that change was made. It is
not explicitly mentioned in the commit message as to why that would be
needed, nor is clear based on the rest of the changes in that
commit. But it turns out that it causes too many files to be copied
with some toolchains.
In most toolchains, the structure looks like this:
-rwxr-xr-x 1 tdescham tdescham 834364 Feb 16 21:23 output/target/lib/ld-2.16.so
lrwxrwxrwx 1 tdescham tdescham 10 Feb 16 21:23 output/target/lib/ld.so.1 -> ld-2.16.so
So, a symlink 'ld.so.1' which points to another file. Applications
would have 'ld.so.1' (the link) encoded as program interpreter
(readelf -l <program>, see INTERP entry)
The patterns like 'ld*.so*' are passed as argument to
copy_toolchain_lib_root which is defined in toolchain/helpers.mk.
This macro copy_toolchain_lib_root will find all files/links matching
the pattern. If a match is a regular file, it is simply copied. If it
is a symbolic link, the link is copied and then the logic is
recursively repeated on the link destination. That destination could
either again be a link or a regular file. In the first case we recurse
again, in the latter we stop and continue with the next match of the
pattern.
The problem this patch is solving is when a toolchain does not have
this structure with a link and a real file, but rather two actual
files:
-rwxr-xr-x 1 tdescham tdescham 170892 Feb 16 21:55 output/target/lib/ld-2.20.so
-rwxr-xr-x 1 tdescham tdescham 170892 Feb 16 21:55 output/target/lib/ld.so.1
In this case the pattern 'ld*.so*' would find two regular file matches
and copy both. On the other hand, the pattern 'ld*.so.*' would only
find the 'ld.so.1' file and copy just that. This saves about 170K in
rootfs size.
Closer inspection reveals that this particular toolchain has more such
dedoubled symbolic links, e.g. the standard pattern of
'usr/lib/libfoo.so -> libfoo.so.1 -> libfoo.so.1.0.2' is not present,
and each of these three components are real files. In any case, it is
obvious that the toolchain itself is 'broken'.
That being said, because we have the logic that recursively resolves
symbolic links, TOOLCHAIN_EXTERNAL_LIBS really only needs to contain
the "initial" name of the library to be copied.
Therefore, revert the glob pattern back to what it was.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas: improve the commit log with the additional details from Thomas]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/meson installs a cross-compilation.conf file in
$(HOST_DIR)/etc/meson, via TARGET_FINALIZE_HOOKS.
package/pkg-cmake.mk installs a toolchainfile.cmake in
$(HOST_DIR)/share/buildroot, via TOOLCHAIN_POST_INSTALL_STAGING_HOOKS.
Both files have a similar concept, they describe some flags/paths needed for
compilation using respective build systems. One difference is that the meson
file is added for external compilation, from the SDK, while the cmake file
is used internally in Buildroot.
The 'problem' of using TARGET_FINALIZE_HOOKS for the meson file, is that it
installs a 'host' file from target-finalize, which is conceptually incorrect
since not just TARGET_DIR but also HOST_DIR is "regenerated" on a subsequent
'make' when everything was already built (i.e. only target-finalize is run).
This can easily be fixed, by using the same hook as cmake uses, i.e.
TOOLCHAIN_POST_INSTALL_STAGING_HOOKS.
Note that actually even for cmake, TOOLCHAIN_POST_INSTALL_STAGING_HOOKS is
not the best hook to install a host file. A better hook would have been
TOOLCHAIN_POST_INSTALL_HOOKS, but this triggers only for 'host' packages,
and 'toolchain' is treated as a 'target' package.
Also, the hook (and therefore also the definition of
PKG_MESON_INSTALL_CROSS_CONF) is moved to pkg-meson.mk, again to make it
more similar to how it's done for cmake. Otherwise check-package
complains that the meson package is setting variables that don't start
with MESON_.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
"mount" from the "util-linux" package does expect the helper utilities
in "/sbin" and not "/usr/sbin". We use "--exec-prefix=/" to fix the
issue. The man-pages are then still installed under "/usr/share/man".
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When the "Run a getty" option is disabled, sysvinit doesn't remove the
/etc/inittab line from previous builds. With this patch, the line is
correctly commented out.
Based on similar change made by Stephen Bos <stephen.bos@hagergroup.com>
and Christophe Blaess <christophe.blaess@logilin.fr> for busybox.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This new package provides mdevd, a small daemon managing kernel hotplug
events similar to udevd.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
While at it, drop the "Calculated based on the hash above" comment,
which doesn't make any sense: you don't calculate a hash based on
another hash.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use support/scripts/genimage.sh, instead, which prevents duplicating
TARGET_DIR under ${BUILD_DIR}/genimage.tmp/root.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use support/scripts/genimage.sh, instead, which prevents duplicating
TARGET_DIR under ${BUILD_DIR}/genimage.tmp/root.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
genimage makes a full copy of the given rootpath to ${GENIMAGE_TMP}/root
so passing TARGET_DIR would be a waste of time and disk space. We don't
rely on genimage to build the rootfs image, just to insert a pre-built
one in the disk image.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use support/scripts/genimage.sh, instead, which prevents duplicating
TARGET_DIR under ${BUILD_DIR}/genimage.tmp/root.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use support/scripts/genimage.sh, instead, which prevents duplicating
TARGET_DIR under ${BUILD_DIR}/genimage.tmp/root.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use support/scripts/genimage.sh, instead, which prevents duplicating
TARGET_DIR under ${BUILD_DIR}/genimage.tmp/root.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use support/scripts/genimage.sh, instead, which prevents duplicating
TARGET_DIR under ${BUILD_DIR}/genimage.tmp/root.
Use a post-build script to copy uEnv.txt to BINARIES_DIR, as made for
beagleboneai.
Keep the post-image script because it is still used by beaglebone_qt5.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use support/scripts/genimage.sh, instead, which prevents duplicating
TARGET_DIR under ${BUILD_DIR}/genimage.tmp/root.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
genimage makes a full copy of the given rootpath to ${GENIMAGE_TMP}/root
so passing TARGET_DIR would be a waste of time and disk space. We don't
rely on genimage to build the rootfs image, just to insert a pre-built
one in the disk image.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
i.MX6 has GPU in hardware, so we really don't need to
fallback to software rendering.
Remove the unneeded BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST
option.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
After migrating to Mesa 19.2 the imx-drm_dri.so is no longer installed
unless the kmsro gallium driver is selected, so explicitly select
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_KMSRO to fix the problem.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Instead of reseting the variable when we can't set it, just set it when
we can: we just have to negate the condition.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This makes it more in-line with how we handle such case in the
rest of Buildroot.
Also, move the variable assignment before its use. Even though
in a makefile that does not matter, it makes it cleaner, more
logical, and easier to follow (for us mere humans).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
There is no longer any reason to assign to LICENSE using an
immediate assignment. There was even no reason to use it
either in the first assignment.
Drop it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
There is no longer any reason to assign to LICENSE using an
immediate assignment. There was even no reason to use it
either in the first assignment.
Drop it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Now that the infra takes care of removing extraneous spaces before
commas, we can safely append to LICENSE variables.
This removes the only case where we had to use immediate assignment
to append to a variable.
Mechanical change, with:
$ sed -r -i -e 's/\<([^[:space:]]+_LICENSE) := \$\(\1\),/\1 += ,/' \
$(git grep -l -E '\<([^[:space:]]+_LICENSE) := \$\(\1\),')
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, the formatting we impose on the _LICENSE variable requires
that we also use the rarely used := assignment operator, which makes
the _LICENSE variable the only variable that users have to write with
this operator.
This really departs from the simplicity and consistency of using the
append-assignment, which we use for every other variable.
This is because the append-assignment operator surreptiously
introduces a space between the original value and the appended one. But
we can use this knowledge, to match any instance of a space followed by
a comma, and turn it into a single comma.
This allows users to now have a consistent use of the '=' and '+='
operators we use everywhere else in .mk files.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Also fixed a build issue reported by test-pkg.
We now need to AUTORECONF as the pre-generated configure script is no
longer provided in the Git repository.
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, we only require a gcc 4.4 version, which now is pretty old
(released in April 2009). This requirement is not even tested nowadays,
with our oldest autobuilder having a 4.7 version only.
And even then, 4.7 is still old enough that it prevents us from
upgrading some packages. For example cmake 3.10+ requires C++11
constructs that were only added in gcc 4.8 (when C++11 support was
finally completed in gcc).
So, update our requirements for gcc to at least 4.8.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
- CVE-2019-18218: cdf_read_property_info in cdf.c in file through 5.37 does
not restrict the number of CDF_VECTOR elements, which allows a heap-based
buffer overflow (4-byte out-of-bounds write).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Back a few years ago, when we were starting to think about top-level
parallel build, we were not sure how to deal with packages that
installed the same files, so we wanted to catch the situation to assess
how prevalent that was, before we decided what to do and how to address
it.
However, the trend nowadays is that packages will install in a
per-package target/ (and staging/ and host/), and the final directories
will be assembled in a reproducible (alphabetical) order, so if two
packages install the same file, the last one will win (as is currently
the case).
Besides, check-uniq-files reports loads of spurious errors when packages
get reinstalled (e.g. during development).
Finally, check-uniq-files is the only script called during the build,
that is written in python.
So, get rid of check-uniq-files.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 05484f621c ("package/dstat: bump
to 0.7.4 which allows to run on Python3") added:
select BR2_PACKAGE_PYTHON if !BR2_PACKAGE_PYTHON3
Unfortunately, some other packages do it the other way around, which
causes the following Kconfig circular dependency:
package/python/Config.in:5:error: recursive dependency detected!
package/python/Config.in:5: symbol BR2_PACKAGE_PYTHON is selected by BR2_PACKAGE_PYTHON3
package/python3/Config.in:5: symbol BR2_PACKAGE_PYTHON3 is selected by BR2_PACKAGE_PYTHON
Fix that by inverting the python version selection in the dstat
package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Select BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL in order to fix
the following build error:
scripts/Makefile.host:90: recipe for target 'scripts/extract-cert' failed
make[2]: *** [scripts/extract-cert] Error 1
make[2]: *** Waiting for unfinished jobs....
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/332655822
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes https://gitlab.com/buildroot.org/buildroot/-/jobs/332656041
The recent bump of a number of python packages broke docker-compose, as
docker-compose specifies both minimum and maximum versions for (most of) its
dependencies:
Dependencies of docker-compse 1.20.1 (! = unmet):
cached-property: < 2 (currently 1.51)
docopt: < 0.7 (currently 0.6.2)
! pyyaml: < 4.0, patched to < 4.3 (currently 5.1.2)
requests: < 2.19, patched to < 3 (currently 2.22.0)
! texttable: < 0.10 (currently 1.6.2)
websocket-client: < 1.0 (currently 0.56.0)
! docker: < 4.0 (currently 4.1.0)
dockerpty: < 0.5 (currently 0.4.1)
six: < 2 (currently 1.12.0)
jsonschema: < 3 (currently 2.5.1)
enum34: < 2 (currently 1.1.6)
backports.ssl-match-hostname: >= 3.5 (currently 3.7.0.1)
ipaddress: >= 1.0.16 (currently 1.0.23)
To fix this, bump docker-compose to the most recent release (1.24.1). This
is unfortunately not enough, as our docker, pyyaml, requests and texttable
packages are too new, so add 3 patches from upstream to relax the version
checks of dependencies. Notice that patch 0003 is from
https://github.com/docker/compose/pull/6623 and has not been merged yet.
Discussions around the problem of these maximum versions of the dependencies
and the fact that all downstream users have to patch it is ongoing here:
https://github.com/docker/compose/issues/6756
docker-compose 1.24.1 added a requirement for ssh support in python-docker in:
7b82b2e8c7
So add a dependency for python-paramiko and update the toolchain dependency
for C++ (from python-paramiko -> python-cryptography) and adjust the
toolchain configuration of the runtime test to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build ID is added to binaries at link time. Building in different
output directories causes some packages to have different Build IDs,
thus resulting in non-reproducibility.
Adding "-Wl,--build-id=none" fixes this issue by disabling setting of
Build ID.
Diffoscope output for Build ID issue:
https://gitlab.com/snippets/1886180/raw
After this patch, build is reproducible - i.e. diffoscope does not
produce any output.
Signed-off-by: Atharva Lele <itsatharva@gmail.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Added config option for new systemd-pstore feature.
Removed patches that have been committed upstream.
Added symlinks required to enable some services.
After extensive discussion with upstream it does not seem there is any
acceptable option to have symlink installation handled on their side.
The recommended solution from upstream is to have systemctl handle
service installation, however this has a number of downsides such as
requiring us to build a host-systemd just to install a few symlinks.
Since we already customize service installation it is simpler for us
to create the symlinks ourselves, this will also simplify service
customization on our side as we will not need to disable any systemd
default services in cases where we need to make customizations.
In addition using systemctl would introduce a minimum host headers
dependency in which we don't have the infrastructure to handle
properly.
The downside to this approach is that we need to track service creation
changes from upstream ourselves, however this is relatively straightforward
and since upstream service file locations are relatively stable regressions
should be limited. This will mostly be a concern in regards to adding
support for new systemd features.
Details:
https://github.com/systemd/systemd/issues/12767https://github.com/systemd/systemd/pull/12164https://github.com/systemd/systemd/pull/12769https://github.com/systemd/systemd/pull/12775
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Tested-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The generated loop.c provided with the tarball was generated with
Cython 0.29.10 and it doesn't compile against the new Python 3.8
headers. Upstream is now working on a new uvloop release which will
use the newest Cython (0.29.13). Until then, we will remove the
current loop.c and force regenration of it.
Fixes:
- http://autobuild.buildroot.net/results/bffe1b2ee7b674f870e15398680ce5b5b22fd296
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patch which was applied upstream:
cbeda6a9c5
We still need autoreconf however due to using source code retrieved by
the github helper.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Updated link to package homepage since old link is just a redirect now.
Added sha1 and md5 hashes provided by upstream.
Removed -no-pie workaround after upstream added a check in configure,
quoting ChangeLog:
- Added configure script autodetection for x86/amd64 -fno-pie compile
and -no-pie linker flags. These are needed when compiler/linker
produces position independent executable (PIE) by default.
Build-tested host-aespipe on Debian Buster 10.1 using
"gcc version 8.3.0 (Debian 8.3.0-6)"
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This release includes:
- enable VERITY by default on Android
- introduce some preen mode in fsck.f2fs
- add f2fs_io tool
- add casefolding support
And, there are lots of bug fixes.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
tbl2hex is a host command line that is built with:
$(CC_FOR_BUILD) $(LDFLAGS_FOR_BUILD) -o $@ $(TBL2HEX_OBJECTS) $(EXPAT_LIBS_FOR_BUILD) $(LDLIBS_FOR_BUILD)
It needs cldr.o which can depends on expat and is built through:
%.$B: $(SRC_DIR)/%.c
$(CC_FOR_BUILD) -DFOR_BUILD $(CFLAGS_FOR_BUILD) -o $@ -c $<
When cross-compiling, build fails because expat is not found on host:
gcc -DFOR_BUILD -I. -I. -I./../Programs -I../Programs -I../Headers -I./.. -I.. -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=2 -D_BSD_SOURCE -D_XOPEN_SOURCE=500 -D_XOPEN_SOURCE_EXTENDED -D_GNU_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=2 -D_BSD_SOURCE -D_XOPEN_SOURCE=500 -D_XOPEN_SOURCE_EXTENDED -D_GNU_SOURCE -DHAVE_CONFIG_H -g -O2 -std=gnu99 -Wall -Werror=format-security -o cldr.build.o -c cldr.c
cldr.c:31:10: fatal error: expat.h: No such file or directory
#include <expat.h>
^~~~~~~~~
To fix this issue, add host-expat dependency as well as patch so that
the *_FOR_BUILD variables are properly passed to the sub-configure
script that brltty runs to build the host utilities.
Fixes:
- http://autobuild.buildroot.org/results/362cfb57e4a91a066493269d8078d931529ddf69
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: use a different, simpler solution.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Following the switch to Python 3.8, the libselinux Python extension
started to fail building. This is fixed by upstream commit
2efa06857575e4118e91ca250b6b92da68b130d5, which we backport as
0003-libselinux-Use-Python-distutils-to-install-SELinux-p.patch.
This patch has the nice merit of switching to using distutils to build
the Python extension of libselinux, instead of some custom logic. This
allows to significantly simplify our libselinux.mk: we can rely on
PKG_PYTHON_DISTUTILS_ENV and HOST_PKG_PYTHON_DISTUTILS_ENV instead of
lots of custom variables.
However, upstream commit 2efa06857575e4118e91ca250b6b92da68b130d5 had
its own issues:
* Hardcode of -I $(DESTDIR)/$(INCLUDEDIR) -L $(DESTDIR)/$(LIBDIR) at
build time, while DESTDIR is normally empty at build time, causing
bogus -I /usr/include -L /usr/lib to be used
This is fixed in
0004-src-Makefile-don-t-pass-bogus-I-and-L-to-python-setu.patch
* New usage of ln --relative, which is not supported in older
distributions.
This is fixed in
0005-Remove-ln-relative-usage-in-install-pywrap.patch
* Usage of the host Python "imp" module to query the extension used
for native Python module, but that returns an incorrect result when
cross-compiling. We chose to simplify the code to not have to query
for this information.
This is fixed in
0006-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
With this patch, the libselinux Python module was built-tested with
Python 2 and Python 3, and run-time tested as well in both
configurations, for both the target and host variants of libselinux.
Fixes:
http://autobuild.buildroot.net/results/aeb58de7ad674b980258e6ed30c7da3949a04452/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove 0004-meson-Link-xvmc-with-libxv.patch witch was backported to mesa3d
19.2. This patch was added to Buildroot at the time when mesa3d version 19.1
was used.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Set WANT_SWIG={ON,OFF} to {en,dis}able swig and avoid a random build
failures probably due to parallel build issue when extracting
pre-generated tarball:
CMake Error: Problem with archive_write_header(): Can't unlink already-existing object
CMake Error: Current file: swigpyrun.h
CMake Error: Problem extracting tar: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output/build/znc-1.7.5/modules/modpython/generated.tar.gz
This tarball contains pre-generated files, and is not used when
host-swig is available.
Fixes:
- http://autobuild.buildroot.org/results/f3394de616cea4f474b6d5887aa0d5f5dff05281
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
icu is required to build Q5tWebkit.
When UChar is defined as char16_t in ICU, then qtbase fails to detect ICU.
The issue is described https://bugreports.qt.io/browse/QTBUG-49586
Build fails with following error messages:
...
ustring.h:473:20: error: ‘UChar’ does not name a type
u_strCompare(const UChar *s1, int32_t length1,
^
^
make[2]: *** [Makefile:195: icu.o] Error 1
ICU disabled.
The ICU library support cannot be enabled.
Signed-off-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
On x86_64, we use the host compiler instead of the target compiler to
build kvm-unit-tests, because it is built with -m32 and our target
compiler doesn't support that.
However, the compiler on Arch Linux is broken: it *always* builds with
-fstack-protector, even when -ffreestanding is passed. However, when
-fnostdlib is passed at link time (which is normally the case when
building with -ffreestanding), it is not linked with the stack-protector
library. This leads to a link time error:
/usr/bin/ld: x86/realmode.o: in function `print_serial_u32':
.../x86/realmode.c:104: undefined reference to `__stack_chk_fail'
Since the entire package is built with -ffreestanding, it doesn't
support stack-protector at all. Therefore, simply pass
-fno-stack-protector explicitly on x86_64 to work around the bug in Arch
Linux.
Bug reported upstream: https://bugs.archlinux.org/task/64270
Fixes:
- http://autobuild.buildroot.org/results/e6f767755ffdb5ecc014eb5ad7519814f075a60e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Adapt the format to the current template, used in other init scripts.
Move the one socond delay in restart to stop, giving acpid time to send
dying gasp to syslog.
Users willing to add start arguments can set the ACPID_ARGS variable in
/etc/default/acpid instead of rewriting the init script.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This used to cause a build failure with gettext-tiny, but this is now
fixed by the version bump in 160f0a033b
("package/gettext-tiny: bump version"). Nevertheless, it makes sense
to not install the i18n files when they are not needed, i.e when
BR2_SYSTEM_ENABLE_NLS is disabled.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The first line of JITTERENTROPY_LIBRARY_BUILD_CMDS must end with "\" to
concatenate the two lines.
Fixes: build error
[...]
/usr/bin/make -j33 -C
/local/users/mmayer/buildroot/output/arm64/build/jitterentropy-library-2.2.0
/local/users/mmayer/buildroot/output/arm64/host/bin/aarch64-linux-gcc
-shared -Wl,-soname,libjitterentropy.so.2 -o libjitterentropy.so.2.2.0
jitterentropy-base.o -Wl,-z,relro,-z,now -lrt
/local/users/mmayer/buildroot/output/arm64/host/bin/aarch64-linux-ar
rcs libjitterentropy.a jitterentropy-base.o
jitterentropy
/bin/bash: jitterentropy: command not found
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Allow to build LLVM with run-time type information as this feature is
needed (for example) by mesa3d's Gallium Nouveau driver or the Clover
OpenCL state tracker when llvm support is enabled in mesa3d.
While we only care about RTTI support in the target, we also need to
enable it in the host LLVM, so that llvm-config gives the proper
result.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This allows sharing a host USB port with the guest, which is helpful for
the upcoming libvirt package.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adapt the format to the current template, used in other init scripts,
but do not use start/stop functions due to peculiarities.
Treat RNG initialization and random seed backup as separate operations.
Read /proc/sys/kernel/random/poolsize to calculate the pool size, as
suggestred by the urandom manual page.
Ensure that the random seed file has the correct size to prevent dumping
an empty file to /dev/urandom on the first boot.
Save the seed at /var/lib/random-seed as other non-systemd distributions
do (e.g. RHEL6), since /etc can be in a red-only rootfs. The Filesystem
Hierarchy Standard defines that /var/lib holds persistent data modified
by programs as they run.
Users willing to use a different path just need to redefine URANDOM_SEED
in /etc/default/urandom instead of rewriting the init script.
[Peter: save/restore umask]
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This allows to use xserver_xorg-server without mesa3d.
Build-tested using this defconfig:
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PACKAGE_XORG7=y
BR2_PACKAGE_XSERVER_XORG_SERVER=y
BR2_PACKAGE_NVIDIA_DRIVER=y
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These patches are already in qemu upstream under:
- 184943d827ce09375284e6fbb9fd5eeb9e369529
- 71ba74f67eaca21b0cc9d96f534ad3b9a7161400
They rename gettid() to sys_gettid() to avoid clash with glibc
Signed-off-by: Paulo Matos <pmatos@igalia.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since version 9.1, GCC provides support for the D programming language [1].
So add an option to indicate the selected toolchain supports this
language.
[1] https://dlang.org/
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Package has been relicensed under the MIT license, and LICENSE.md has been
removed. The git repo has a LICENSE file, but it isn't available in the
tarball, so use the readme file instead.
611b74341f
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the bump of python3 to 3.8, the kmod Python extensions fail to
build. There was a change in Python 3.8: they no longer want Python
extensions to be linked with libpython.
However, kmod Python extensions are built with -Wl,--no-undefined,
which checks that there isn't any unresolved symbol in the .so files
being built. This is not compatible with the new Python policy, so we
add a patch (submitted upstream) that passes -Wl,-z,undefs when
building the kmod Python extensions, to override the effect of
-Wl,--no-undefined.
Fixes:
http://autobuild.buildroot.net/results/84455dbc892865b9748bedeecb1d3b0bdc15704d/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Openssl is required so that Gem can install ruby gems from secure websites.
ERROR: While executing gem ... (Gem::Exception)
Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or
use non-HTTPS sources
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
sox implements a custom mechanism to detect whether the toolchain has
SSP suport or not. In doing so, it explicitly tries to see if libssp.so
is present, in which case it unconditionally links with it, even though
the compiler, if left by itself, would have used the SSP support
provided by the C library.
However, with Buildroot, the SSP options are handled in our gcc
wrapper, so packages should just not bother with that.
It turns out that, when sox is configured with --disable-stack-protector,
it does not disable it, but really does nothing, which is good for us.
Currently, SSP is conditionally disabled in sox, under various
conditions: that the toolchain does not have SSP, or that it is one of
the know SSP-challenged (i.e. broken) toolchains. Those conditions dates
back tpo before our wrapper started handling that.
Remove all those conditions, unconditionally disable SSP in sox, and let
our gcc wrapper handle the SSP options.
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In Buildroot, the internal toolchain backend uses the SSP support from
the C library, not that of gcc.
Some external toolchains come with SSP suport in gcc, which is
implemented in libssp.so, rather than in the C library.
When a toolchain even has both, it is up to the compiler to decide
whether it will link to libssp or use the support from the C library.
However, in the latter case, a (incorrectly written) package may decide
to explicitly link with libssp.so when it is available (even though the
compiler may have decided otherwise if left by itself). This is the case
for example with sox, which results in runtime failures, such as:
$ sox
sox: error while loading shared libraries: libssp.so.0: cannot open
shared object file: No such file or directory
Even if sox is wrong in doing so, the case for libssp-only toolchains is
still valid, and we must copy it as we copy other libs.
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
USB passthrough is a useful feature while using qemu for debugging purpose.
[Peter: reword commit message, pass --disable-libusb if not enabled]
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order for the libyang version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
LIBYANG_SITE and not LIBYANG_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order for the libnetconf2 version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
LIBNETCONF2_SITE and not LIBNETCONF2_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Switch to the official U-Boot repository since
the board has been officially supported.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Switch to the official Linux repository since
the board has been officially supported.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Release after 1.2.2 uses date instead of version, so suppress v character
appended before version
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While LIBSELINUX_INSTALL_STAGING_CMDS uses
$(LIBSELINUX_MAKE_INSTALL_TARGETS), LIBSELINUX_INSTALL_TARGET_CMDS
does not use it. Due to this, the Python module is only installed to
$(STAGING_DIR) and not to $(TARGET_DIR).
Fix this by using $(LIBSELINUX_MAKE_INSTALL_TARGETS) in
LIBSELINUX_INSTALL_TARGET_CMDS.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
SGI is gone (RIP). Use the github project as landing page.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add comments to the dependencies that also come from ell. Note that the
BR2_TOOLCHAIN_HAS_SYNC_4 is coming both from ell and from internal sync
calls, so no comment is added.
While we're at it, also order the selects and DEPENDENCIES
alphabetically.
Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com>
[Arnout: extend "reason" comments to Config.in; alphabetical ordering]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
NSS_ENABLE_ECC is not supported anymore, then remove it from our
libnss.mk file.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
LibYANG processes YIN and YANG files. It's a dependency of sysrepo
which is a dependency of Netopeer, a NETCONF/YANG server.
Signed-off-by: Heiko Thiery <heiko.thiery@kontron.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
package/nodejs/nodejs.mk:73: expected indent with tabs
package/nodejs/nodejs.mk:74: expected indent with tabs
package/nodejs/nodejs.mk:75: expected indent with tabs
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed libhttpparser dependency as nodejs now uses built in llhttp.
Installed additional build tools to host that are required for target build.
License file change is due to 3rd party dependency changes and date updates.
Dependencies still appear to have Apache and BSD family licenses.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove
`0001-configure.ac-add-disable-examples-option-to-not-buil.patch` as
the `--disable-examples` option exists in LTTng-UST 2.11.0.
Also handle numactl as an optional dependency.
Signed-off-by: Philippe Proulx <eeppeliteloop@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This fixes compilation issue in case memfd_create is a stub in libc.
Patch already merged in lxc master branch
(344b8ee293f4d3730a70a6ccaa03d7e4a516ae95).
Copy of the original commit log:
In case the internal memfd_create has to be used, make sure we don't
clash with the already existing memfd_create function from glibc.
This can happen if this glibc function is a stub. In this case, at
./configure time, the test for this function will return false, however
the declaration of that function is still available. This leads to
compilation errors.
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Switch to new site and add license file hash
* Add new libsysfs dependency for rng available check
* Remove patch adding special return code when no RNG module is available.
This has been replaced by using the jitter library to always have a
source (new jitterentropy dependency)
* Change to a autotools build and add patch to allow README file to not be
found during autoreconfig
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Tested-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
New library to support rng-tools using a CPU source as a backup entropy
source when a kernel provided rng isn't present.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit :
- bumps Linux & U-Boot to linux4sam_6.2
- bumps at91bootstrap to v3.9.0
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sunwait calculates sunrise or sunset times with civil, nautical,
astronomical and custom twilights.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[Thomas:
- add dependency on C++
- improve the build logic to pass cflags/ldflags properly]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since <package>-rebuild implies <package>-reinstall and
<package>-reconfigure implies <package>-rebuild, it is confusing
to mention the make and make <package> commands when describing
the restart of the configuration, compilation and installation of
the package.
Therefore remove the ", followed by +make+ or +make <package>+"
portions in the "8.3. Understanding how to rebuild packages" section,
and add a new paragraph clarifying how to include the rebuilt package
in the filesystem image, if that is necessary.
Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerablities:
- CVE-2018-1000222: Libgd version 2.2.5 contains a Double Free Vulnerability
vulnerability in gdImageBmpPtr Function that can result in Remote Code
Execution . This attack appear to be exploitable via Specially Crafted
Jpeg Image can trigger double free
- CVE-2018-5711: gd_gif_in.c in the GD Graphics Library (aka libgd), as used
in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x
before 7.2.1, has an integer signedness error that leads to an infinite
loop via a crafted GIF file, as demonstrated by a call to the
imagecreatefromgif or imagecreatefromstring PHP function
- CVE-2019-11038: When using the gdImageCreateFromXbm() function in the GD
Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP
versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it
is possible to supply data that will cause the function to use the value
of uninitialized variable. This may lead to disclosing contents of the
stack that has been left there by previous code
- CVE-2019-6978: The GD Graphics Library (aka LibGD) 2.2.5 has a double free
in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This requires to remove a lot of broken code until it's fixed in upstream.
Added 2 patches from upcoming release.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
LICENSE was renamed to LICENSE.rst with little rephrasing.
In addition, statements about the documentation licensing were
moved from LICENSE to docs/license.rst so this file was added
to _LICENSE_FILES (plus hash).
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since version 3.0.0, secretstorage doesn't support Python 2 anymore.
Update its reverese dependency (python-keyring) as well.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asgiref doesn't support Python 2 since version 2.0.0.
All the recursive reverse dependencies already support Python 3 only.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since version 6.0.0, the package supports only Python 3, and will
lead to syntax errors when in use with Python 2.
In addition, the dependency of python-six is no longer needed.
The reursive reverse dependencies were updated accordingly.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
License isn't shipped with the tarball so we take
PKG-INFO as license file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
License is provided with the tarball, so there's no need to
use PKG-INFO.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This release fixes CVE-2019-9740, CVE-2019-9948, CVE-2019-15903.
Adjust 0002-Fix-get_python_inc-for-cross-compilation.patch for 2.7.17.
Remove the following patches (now on upstream):
* 0035-bpo-35907-CVE-2019-9948-urllib-rejects-local_file-sc.patch
* 0036-bpo-36216-Add-check-for-characters-in-netloc-that-no.patch
* 0037-3.7-bpo-36216-Only-print-test-messages-when-verbose-.patch
* 0038-bpo-36742-Fixes-handling-of-pre-normalization-charac.patch
* 0039-bpo-36742-Corrects-fix-to-handle-decomposition-in-us.patch
* 0040-2.7-bpo-36742-Fix-urlparse.urlsplit-error-message-fo.patch
* 0041-bpo-30458-Disallow-control-chars-in-http-URLs-GH-127.patch
Full release details at:
https://github.com/python/cpython/blob/v2.7.17/Misc/NEWS.d/2.7.17rc1.rst
run-tests results:
10:30:20 TestPython2 Starting
10:30:21 TestPython2 Building
10:37:37 TestPython2 Building done
10:37:47 TestPython2 Cleaning up
.
----------------------------------------------------------------------
Ran 1 test in 448.616s
OK
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patch applied upstream:
1fa0931286
Drop CUPS_FILTERS_MAKE_LN_SRF_EXECUTABLE which is no longer needed now
that the ln-srf script is part of the tarball and not added through a
patch.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
lld can be used by external packages or by setting BR2_TARGET_LDFLAGS
(though a dependency is missing to make the latter really work). Future
patches will improve the integration in the build.
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
i.MX6 has GPU in hardware, so we really don't need to
fallback to software rendering.
Remove the unneeded BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST
option.
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Patch for adding the `--enable-wipefs` configuration option requires an
reconfiguration of autotools which is causing autobuilder failures.
Signed-off-by: Sam Voss <sam.voss@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Buildroot does not reconfigure pkgconf system library and system include
dirs to STAGING_DIR. This means that pkgconf prints the sysroot system
library and system include dirs instead of letting the compiler handle
the logical sysroot. This breaks the -isystem compiler flag, as it
increases the priority of the system library and system include
directories. For example:
$ output/host/bin/pkg-config --cflags glib-2.0
-Ioutput/host/bin/../x86_64-buildroot-linux-gnu/sysroot/usr/include/glib-2.0
-Ioutput/host/bin/../x86_64-buildroot-linux-gnu/sysroot/usr/lib/glib-2.0/include
-Ioutput/host/bin/../x86_64-buildroot-linux-gnu/sysroot/usr/include
A header in `.../sysroot/usr/include` will be included before a header
in any directory specified with -isystem flags. Specifically, this
breaks the Chromium build system, which expects a C++ math.h in a
bundled LLVM C++ library, and gets a GNU C math.h instead.
Fix this by telling pkgconf about the sysroot's system library and
system include directories, so that it doesn't accidentally print them.
Signed-off-by: Thomas Preston <thomas.preston@codethink.co.uk>
[Arnout: change order of variables]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The pkgconf command is a long and confusing line, which is about to get
longer. Split it up into logical stages so that it is easier to
visualise changes.
Signed-off-by: Thomas Preston <thomas.preston@codethink.co.uk>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
After migrating to Mesa 19.2 the imx-drm_dri.so is no longer installed
unless the kmsro gallium driver is selected, so explicitly select
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_KMSRO to fix the problem.
Suggested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
On uClibc up to at least v1.0.32, syscall() for x86_64 is defined in
libc/sysdeps/linux/x86_64/syscall.S as
syscall:
movq %rdi, %rax /* Syscall number -> rax. */
movq %rsi, %rdi /* shift arg1 - arg5. */
movq %rdx, %rsi
movq %rcx, %rdx
movq %r8, %r10
movq %r9, %r8
movq 8(%rsp),%r9 /* arg6 is on the stack. */
syscall /* Do the system call. */
cmpq $-4095, %rax /* Check %rax for error. */
jae __syscall_error /* Branch forward if it failed. */
ret /* Return to caller. */
And __syscall_error is defined in
libc/sysdeps/linux/x86_64/__syscall_error.c as
int __syscall_error(void) attribute_hidden;
int __syscall_error(void)
{
register int err_no __asm__ ("%rcx");
__asm__ ("mov %rax, %rcx\n\t"
"neg %rcx");
__set_errno(err_no);
return -1;
}
Notice that __syscall_error returns -1 as a 32-bit int in %rax, a 64-bit
register i.e. 0x00000000ffffffff (decimal 4294967295). When this value
is compared to -1 in _sys_chk_seccomp_flag_kernel() the result is false,
leading the function to always return 0.
Prevent the error by coercing the return value of syscall() to int in a
temporary variable before comparing it to -1. We could use just an (int)
cast but the variable makes the code more readable and the machine code
generated by the compiler is the same in both cases.
All other syscall() invocations were inspected and they either already
coerce the result to int or do not compare it to -1.
The same problem probably occurs on other 64-bit systems but so far only
x86_64 was tested.
A bug report is being submitted to uClibc.
Upstream status: https://github.com/seccomp/libseccomp/pull/175
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
We need to update the sysconfigdata path for python 3.8.0 per upstream
commit 7efc526e5cfb929a79c192ac2dcf7eb78d3a4401 which indicates the "m"
flag has been removed from sys.abiflags.
Fixes this build error when building target packages:
ValueError: Empty module name
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add option to enable wipefs as a standalone app, so that it may be
enabled when the flag --disable-all-packages is set.
Signed-off-by: Sam Voss <sam.voss@gmail.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* Fix indentation in hash file.
* Update dependency list.
* The package can now be compiled for both Python 2 and Python 3,
since it doesn't depend on pytablereader anymore (which used pathpy).
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* Update dependency list.
* License change: same content, line endings are now CRLF.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[Arnout: keep alphabetical order of selects]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* Fix indentation in hash file.
* LICENSE was renamed to LICENSE.rst.
In addition, some phrasing and formatting were slightly changed
(commit 65da441ee72ffd270e7ce4e4ab60a8826567078b on upstream).
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
License update: copyright year bump and addition of a developer
to the contributors list.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Update dependency list.
* Take tarball from PyPI instead of Github.
* webpy now supports both Python 2 and Python 3.
* License change: On commit 97466ad0392738be2f5cc3bd4c1289872a8a0f44,
WSGI server moved the cherrypy library so web/wsgiserver/LICENSE.txt
has removed and LICENSE.txt doesn't mention WSGI anymore.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Update dependency list.
* Add hash for license file.
* The package now supports both Python 2 and Python 3.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Switch _SETUP_TYPE to setuptools instead of distutils.
* License has changed to MIT (updated LICENSE, PKG-INFO, setup.py,
sources files, etc.)
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a BPF generation bug where the optimizer mistakenly identified
duplicate BPF code blocks.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 5.2.x series is now EOL so remove the option and add legacy
handling for it.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump OpenSBI to the latest version. We need a patch for RV32 to avoid
hard/soft float build failures.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CAPS is a collection of audio plugins comprising virtual guitar
amplification and a small range of basic classic effects, signal
processors and generators of often elementary and occasionally
exotic nature.
The plugins aim to satisfy the highest demands in sound quality
with maximal computational efficiency and zero latency.
Note, that the original patch [1] dates back in 2014.
[1] https://patchwork.ozlabs.org/patch/376822/
CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[Thomas:
- drop patch 0001, use improved logic in .mk file instead
- add dependency on !BR2_STATIC_LIBS]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is the latest cmake that doesn't require a c++11 toolchain.
The hash of the license file is changed due to the addition of one
more contributor in upstream commit
a3388900f88e2e576d17f635bbf3a7ed257804a3.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gst1-plugins-good uses TARGET_NLS_LIBS without depending on
TARGET_NLS_DEPENDENCIES, fix this mistake
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove all patches, since they were already applied upstream.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes a couple of important things and among other things the build of
pvrdma code:
----------------------->8---------------------
In function 'create_qp':
hw/rdma/vmw/pvrdma_cmd.c:517:16: error: 'rc' undeclared
----------------------->8---------------------
Bumped into this build problem while building vanilla
qemu_arm_versatile_defconfig.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Alexander Dahl <post@lespocky.de>
Cc: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is no need for double grep, so choose a better regexp. Use &&
instead of ; between commands so the sequence of commands fail faster.
Break the last sequence of commands in 2 calls run() so the proper
return code can be tested for each.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This bump is not marked as security bump. The 8.1 release fixes a XMSS
key parsing code vulnerability. This code can not be enabled without
explicit definition of the WITH_XMSS macro.
Update LICENCE hash; converted to UTF-8.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 3.9.2 strips the trailing comments generated by udhcpc
LICENSE copyright updated to 2019
Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2019-14287: a sudo user may be able to run a command as root
when the Runas specification explicitly disallows root access as long as
the ALL keyword is listed first.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
per upstream commit: e9f2ea6c22f36cb7986d2228763629ed44b9e76b
e9f2ea6c22
The update to the GPL text in COPYRIGHT is purely cosmetic.
Added COPYING.LGPL to licenses for libnm.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
News from upstream [1]:
"""
This version adds the GLOB_TILDE extension for glob, a non-stub
implementation of the catgets localization API, and posix_spawn
extensions for chdir in the child. Many arch-specific bugs are fixed,
some serious, including CVE-2019-14697 affecting several math
functions only on i386, broken riscv64 atomics, broken lseek with
large offsets on x32 and mipsn32, and broken setjmp/longjmp on mipsr6.
Various low-severity, non-arch-specific bugs are also fixed.
In addition, this release cycle sets the internal groundwork for
moving 32-bit archs to 64-bit time_t, needed for their future
viability as Y2038 approaches. Most of the changes are not externally
visible, but some affect which syscalls are used. Notably, mips64
stat-family functions can now report 64-bit file timestamps correctly,
and some time-related breakage on x32 is fixed. In addition, select no
longer stores remaining time back to the timeout argument. Previously,
whether it did so was arch-dependent and merely a consequence of the
Linux syscall behavior, which was found to be mildly non-conforming.
"""
Remove patches 0002 to 0005, which are included in the new version.
Note, that the CVE fix mentioned above is the same as patch 0004.
The license file has changed because Arm was added to the copyright
file.
[1] https://www.musl-libc.org/download.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Add host-python-setuptools-scm-git-archive as build-time dependecy.
* Update runtime dependecies list.
* Update license file name (and hash): LICENSE was renamed to LICENSE.md
with no changes. After that, the copyright year was bumped.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The package is only needed for building Python packages, so
it's going to be compiled for host only.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Update dependency list.
* Take tarball from PyPI.
* Update license hash: same content, changed to UNIX line endings.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Update dependency list.
* Update license hash: same content, line endings are now CRLF.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 5cb821d563 added a new option to enable GLX support in mesa3d.
Before that, GLX was implicitly enabled whenever a DRI driver was built.
Adjust xserver_xorg-server to use the new GLX option instead of just
DRI.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This fixes breakage with gperf 3.1.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
0002-pkeys-Fix-uclibc-build-caused-by-conflicting-signatu.patch
(patch was accepted in a slightly different form)
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
qdoc was previously built as part of qtbase (in the pre-5.6 era), but
with qt-5.6 it is now part of qttools.
With qt-5.12, it needs libclang to build, so be it...
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Arnout: rebase with disabled examples and tests]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Other changes:
- Remove --disable-twolame as this plugin is now in gst1-plugins-good.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Other changes:
- Add 0002-fix-hls-meson-logic.patch:
If one was to set -Dhls-crypto to either libgcrypt or openssl
instead of auto, the following lines in ext/hls/meson.build would fail
because hls_crypto_dep is not yet set:
if not hls_crypto_dep.found() and ['auto', 'libgcrypt'].contains(hls_crypto)
if not hls_crypto_dep.found() and ['auto', 'openssl'].contains(hls_crypto)
Instead, change "if not hls_crypto_dep.found()" to "if not have_hls_crypto"
which fixes the error. This patch is upstream.
- Remove --disable-avc, this option is no longer in any of the plugin
packages.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Other changes:
- Remove BR2_PACKAGE_GST1_PLUGINS_GOOD_ZLIB
Existing configs will already have BR2_PACKAGE_ZLIB selected, so no legacy
entry is needed for BR2_PACKAGE_GST1_PLUGINS_GOOD_ZLIB
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Arnout: fix merge conflict with shout2]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When building gst1-plugins-base with GL support on the rpi3 (which
supports only GLES2, not full desktop GL), GStreamer was being asked to
disable its GL support completely. This isn't correct since it can be
used with either GL or GLES2. There is already a Config.in symbol to
indicate that either of them is enabled:
BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL_HAS_API. So use that to
determine if gl should be enabled or disabled.
While we're at it, also move the GL/GLES handling under the same API
condition. This makes it clearer that they belong together.
Signed-off-by: Charlie Turner <cturner@igalia.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
[Arnout: refactor using
BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL_HAS_API]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Hostapd TEAP support fails to build when internal TLS implementation
is selected. TEAP is still an experimental feature that is not
recommmended for production use. Currently it should not be used for
anything else than experimentation and interoperability testing.
Disable TEAP when internal TLS implementation is selected. Those
who needs experimenting with TEAP are encouraged to enable openssl
in their buildroot configuration.
Fixes:
http://autobuild.buildroot.net/results/f88/f880b1a430ebd6f97885103a622f1a4d9ec6de3a
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Hostapd v2.9 follows the approach taken by bridge-utils and attempts
to use new bridge ioctls whenever possible. New bridge calls are
enabled in hostapd build using NEED_LINUX_IOCTL configuration option.
That switch is enabled for all the practical configurations excluding
wired driver. However it is required to support dynamic VLANs in
any configuration.
Enable NEED_LINUX_IOCTL hostapd configuration option whenever
dynamic VLANs support is requested in buildroot.
Fixes:
http://autobuild.buildroot.net/results/71a/71aa92578622a266b4bed92b66a65438bc32cbd6
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
On some cases, when the package contains multiple license files
and some of them from the same type, the scanpypi script will write
the same license type more than once under _LICENSE.
Hence, before creating the _LICENSE variable, we'll remove every
possible duplication.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The RISCV Proxy Kernel (AKA BBL) isn't being used by most distros so has
very limited testing. It has been replaced by OpenSBI and been
deprecated for awhile, so let's just remove it.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Mainline kernel and u-boot both supports this board in mainline
from quite some time.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Switch to Linux kernel version 4.19.38 from the TI SDK 06.00.00.07
(TI SDK release date: 7.8.2019)
Added beaglebone blue
Updated uboot to version 2019.07
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Back in commit 025b863e6f, the option
BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS was introduced, to
separate the option that host packages needing Rust should depend on
(BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS) from the option that target
packages needing Rust should depend on
(BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS).
Since the example in the manual is showing a target package, we must
use BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Sam Voss <sam.voss@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes:
https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html
Added dependencies to libcurl and libmspack.
Although it is technically possible to build this package without
libcurl it makes no sense because only libclamav would be built by
passing the new configure option --enable-libclamav-only but this would
disable most of the package rendering the scan for viruses impossible.
Therefore we decided to make libcurl a mandatory dependency.
libmspack was added as dependency to avoid building the internally
provided code for this package, we prefer to provide needed libraries
ourselves. Linking against internally-built libmspack is broken anyway
but we do not bother to fix the problem, use system libmspack instead.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Needed for upcoming clamav version bump to 0.102.0.
Package passed test-pkg:
andes-nds32 [ 1/44]: OK
arm-aarch64 [ 2/44]: OK
br-aarch64-glibc [ 3/44]: OK
br-arcle-hs38 [ 4/44]: OK
br-arm-basic [ 5/44]: OK
br-arm-cortex-a9-glibc [ 6/44]: OK
br-arm-cortex-a9-musl [ 7/44]: OK
br-arm-cortex-m4-full [ 8/44]: OK
br-arm-full [ 9/44]: OK
br-arm-full-nothread [10/44]: OK
br-arm-full-static [11/44]: OK
br-i386-pentium4-full [12/44]: OK
br-i386-pentium-mmx-musl [13/44]: OK
br-m68k-5208-full [14/44]: OK
br-m68k-68040-full [15/44]: OK
br-microblazeel-full [16/44]: OK
br-mips32r6-el-hf-glibc [17/44]: OK
br-mips64-n64-full [18/44]: OK
br-mips64r6-el-hf-glibc [19/44]: OK
br-mipsel-o32-full [20/44]: OK
br-nios2-glibc [21/44]: OK
br-openrisc-uclibc [22/44]: OK
br-powerpc-603e-basic-cpp [23/44]: OK
br-powerpc64le-power8-glibc [24/44]: OK
br-powerpc64-power7-glibc [25/44]: OK
br-powerpc-e500mc-full [26/44]: OK
br-riscv32 [27/44]: OK
br-riscv64 [28/44]: OK
br-sh4-full [29/44]: OK
br-sparc64-glibc [30/44]: OK
br-sparc-uclibc [31/44]: OK
br-x86-64-core2-full [32/44]: OK
br-x86-64-musl [33/44]: OK
br-xtensa-full [34/44]: OK
linaro-aarch64-be [35/44]: OK
linaro-aarch64 [36/44]: OK
linaro-arm [37/44]: OK
sourcery-arm-armv4t [38/44]: OK
sourcery-arm [39/44]: OK
sourcery-arm-thumb2 [40/44]: OK
sourcery-mips64 [41/44]: OK
sourcery-mips [42/44]: OK
sourcery-nios2 [43/44]: OK
sourcery-x86-64 [44/44]: OK
44 builds, 0 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit modifies the main() function so that it returns the sum of
build and legal errors, making sure the overall test-pkg script exists
with a non-zero error code upon failure.
Signed-off-by: Heiko Thiery <heiko.thiery@kontron.com>
[Thomas: improved commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
License is not included in the tarball, so we'll use PKG-INFO
(the license was added to the MANIFEST, and maybe included on the
next release).
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
QT_QPA_EGLFS_ALWAYS_SET_MODE=1 needs to be exported, otherwise the Qt5
Cinematic demo throws a storm of the following messages:
Could not queue DRM page flip on screen LVDS1 (Invalid argument)
Improve the instructions by mentioning such requirement.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit cf66a67112 ("package/glmark2: drm support needs udev")
udev is needed when the drm flavor is used.
Move from mdev to eudev in order to fix the following glmark2
build failure:
Unknown flavor: . Supported flavors are dispmanx-glesv2, drm-gl,
drm-glesv2, mir-gl, mir-glesv2, wayland-gl, wayland-glesv2, win32-gl,
win32-glesv2, x11-gl, x11-glesv2
Suggested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
selinux-python only has two sub-options, so menuconfig is overkill.
Convert it to a normal config with indented sub-option.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The selinux-python package has two sub-packages, audit2allow and
sepolgen. Both of these repeat the dependencies (and comment) of the
top-level selinux-python package. Remove those redundant dependencies
(and comments).
This redundancy was introduced by commit 9d6da7a26. Originally, sepolgen
was a separate package and audit2allow was a sub-package of
policycoreutils, so both of them had these dependencies. When the two
options were moved into selinux-python, the dependencies stayed.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libselinux is now available on ARC, so we can re-enable the fastboot
option on this architecture.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
policycoreutils no longer has the !BR2_arc dependency, so we can drop
it as well from refpolicy.
Note that in practice, we still can't enable refpolicy on ARC due to
BR2_PACKAGE_AUDIT_ARCH_SUPPORTS.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libsemanage no longer has the !BR2_arc dependency, so we can drop it
as well from policycoreutils. In practice, we still can't select
policycoreutils on ARC due to BR2_PACKAGE_AUDIT_ARCH_SUPPORTS.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Now that libselinux is available on ARC, we can drop the !BR2_arc
dependency from libsemanage.
Note that in practice, libsemanage is still not available on ARC,
because BR2_PACKAGE_AUDIT_ARCH_SUPPORTS does not include the ARC
architecture. But still, it makes sense to drop that !BR2_arc which
was inherited from libselinux.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libselinux is now available on ARC, so we can allow the selection of
restorecond on ARC as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libselinux is now available on ARC, so we can re-enable the SELinux
support in Busybox on ARC as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
checkpolicy is now available on ARC, so we can re-enable building
audit2allow on ARC as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libselinux is now available on ARC, so we can re-enable checkpolicy as
well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libselinux is now available on ARC, so we can re-enable setools as
well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The build on ARC was disabled in commit
881845f5fc ("libselinux: mark as not
available on ARC") and since then the ARC toolchain support has made a
lot of progress. libselinux now builds fine on ARC, so we can
re-enable it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Now that policycoreutils is available on !glibc configurations, we can
also make refpolicy available for such configurations.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Now that libsemanage is available on non-glibc configurations, we can
also allow the selection of policycoreutils for such configurations.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libsemanage was only available in glibc configurations, for three
reasons, which are all no longer true:
- The usage of fts.h by libselinux is now provided by the musl-fts
package when uClibc-ng or musl are used, which makes libselinux
available to all C libraries.
- libsemanage use of getpwent_r() has been removed by upstream commit
2c651e0a2822368c74587efe6ec920e64e72f37b ("genhomedircon: avoid use
of non-standard `getpwent_r`"), which is in SELinux since version
2.7
- audit is now available on musl, thanks to Buildroot commit
"package/audit: re-enable on musl", which backports an upstream
patch to make audit build with musl
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libselinux can now be built on !glibc configurations, so we can
re-enable restorecond on !glibc configurations as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libselinux can now be built on !glibc toolchains, so we can re-enable
building fastboot on !glibc toolchains as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Now that libselinux can be built on !glibc configs, we can re-enable
setools as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW was not available on !glibc
due to its dependency on checkpolicy. Now that checkpolicy is
available on !glibc systems, we can drop that dependency.
Note that the Config.in comment was wrong: it did mention the glibc
dependency, but the corresponding "depends on" was not there.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Backport an upstream patch (which will be part of the next 3.0
release) that provides replacement functions for functions not
implemented in musl. This allows to re-enable audit on musl.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
liselinux can now be selected on !glibc toolchains, so we can drop the
glibc dependency of the checkpolicy package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libselinux can now be selected for non-glibc toolchains, so
BR2_PACKAGE_BUSYBOX_SELINUX can loose its BR2_TOOLCHAIN_USES_GLIBC
dependency.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This package provides a replacement implementation for <fts.h>
functions missing from musl and uClibc-ng.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Arnout: move v from VERSION to SITE, as suggested by Matt]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump U-Boot to 2019.10 and kernel to 5.3.4 version.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The service we were using for cors proxing disappeared rendering the
bottom part of website not working.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Better to keep final assignment to *_CONF_OPTS after all assignements to
KF5_KCOREADDONS_CXXFLAGS have been done. So move _CONF_OPTS assignment
after -latomic assignment.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is no need to memorise the matched pattern; it's a left-over
from a previous attempt.
However, ensure the pattern is correctly anchored to the beginning and
end of the line, to avoid accidentally matching it anywhere else (e,g,
in a comment).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add "0002-WPE-GTK-Build-fails-with-ENABLE_WEBDRIVER-OFF.patch", which is
a slightly edited version of an upstream patch that fixes building
WebKitGTK with ENABLE_WEBDRIVER=OFF.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add "0002-WPE-GTK-Build-fails-with-ENABLE_WEBDRIVER-OFF.patch", which is
a slightly edited version of an upstream patch that fixes building WPE
WebKit with ENABLE_WEBDRIVER=OFF.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file for this application is BSD-2-Clause and not
BSD-3-Clause as we currently state in the _LICENSE variable.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Add hash for license file.
* Take tarball from PyPi (instead of Github).
* Update _SETUP_TYPE to setuptools.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Ash is no longer working at Savoir-faire Linux. Update his email
address in the DEVELOPERS file.
Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Morgan's e-mail is bouncing:
"""
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
m.delestre@sinters.fr
retry timeout exceeded
"""
And I was confirmed by CORJON Julien <CORJON.J@ecagroup.com> that
Morgan is no longer at ECA/Sinters.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In a private e-mail answering one of our notifications about packages
being outdated, Jonathan replied:
"""
I switched from Buildroot to OpenEmbedded in 2013 so am no longer actively
involved with Buildroot.
Please unsubscribe me from outdated package notifications.
"""
So let's remove him from the DEVELOPERS file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This makes sure the state from a previous run (previous file) can never
leak over into the next file.
Also order the initializations alphabetically.
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Acked-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The handling of 'comment...', 'if ...' and 'menu ...' lines have almost
nothing in common, and subsequent patches will give them even less in
common. Therefore, completely separate their handling in top-level
conditions. The only code that gets duplicated in the different branches
is the 'self.initialize_level_elements(text)' call.
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
A comment is considered an alternative delimiter like a menu. I.e.,
a menu that comes after a comment should not be considered a submenu of
that comment. Therefore, remove the '-comment' state before adding the
'-menu' one.
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Update hash of README: lots of updates (year, changelog, ...)
- Drop patch and switch to autotools infrastructure to use the new
configure script added in this release
- Add patch to fix install
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the bump to 6.0.1, python-tornado has dropped support for Python 2
and now needs Python >= 3.5 (cfr. setup.cfg).
Apparently this is not checked by setuptools, and apparently
byte-compile is not done in the autobuilders, so there's not autobuild
failure.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.sqlite.org/releaselog/3_30_0.html
Changed Config.in option from stat3 to stat4
https://www.sqlite.org/compile.html#enable_stat3
"This option used to cause the ANALYZE command to collect index
histogram data in the sqlite_stat3 table. But that functionality was
superceded by SQLITE_ENABLE_STAT4 as of SQLite version 3.8.1
(2013-10-17). The SQLITE_ENABLE_STAT3 compile-time option continued to
be supported through version 3.29.0 (2019-07-10) but has now become a
no-op."
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- fix up the 'V' prefix in the version: in order for the fwts version to
match what is given by release-monitoring.org, the 'V' prefix should
be encoded in FWTS_SOURCE and not FWTS_VERSION
- Update patch
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The meson buildsystem does not honour environment variables; instead, it
insists that path to programs be passed in the [binaries] section of the
cross-compilation.conf.
So, that is what we must do to pass the path to llvm-config.
Note that, LLVM_CONFIG does exist in the mesa3d source code, but it is
limited to the Scons buildsystem, and is also a leftover from when
mesa3d was using the autotools. It has never worked with the meson
buildsystem.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file has changed to BSD-3-Clause, but the source files
still specify the LGPL-2.1+ license, so we'll have to specify both
licenses for now.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove all patches (already in version)
- In order for the libpagekite version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
LIBPAGEKITE_SITE and not LIBPAGEKITE_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop second patch (already in version)
- Add libmaxminddb optional dependency and use --disable-libgeoip to prefer
maxminddb over geoip, see:
d29072647fc55226b712
- Disable sphinx-build (to avoid a build failure)
- This release fixes a number of issues found in the 4.1 branch. Some of
the issues are security issues, so upgrading is highly recommended.
See https://suricata-ids.org/2019/09/24/suricata-4-1-5-released
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Also update license hash (changed with a year bump).
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Also update the license file hash, since it was adjusted to fit
to the exact MIT formatting.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update license file to LICENSE which is now included (and add hash).
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
License file changes: some files mentioned in LICENSE moved to a
different directory; minimal-examples was added to the list of Public
Domain code.
Signed-off-by: Mehmet Sami Tok <mehmetsamitok@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Version 1.25.6 contains the config.rpath and ABOUT-NLS, so it wouldn't
be necessary to fake them even if we still used autoreconf.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
[Thomas:
- bump to version 1.0.19
- drop --disable-maintainer-mode and --disable-debug
- add missing dependency on libcurl
- drop = in --with-gnutls=]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
LICENSE was added to the package, so we can use it instead
of PKG-INFO.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use LICENSE as license file instead of PKG-INFO and take into account
the switch to setuptools in setup.py.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also add hash for license file and take into account the switch to
setuptools in setup.py.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also add hash for license file, and take into account the switch to
setuptools for setup.py.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Second patch is not needed anymore as the only, optional, dependency of
libusb is udev which can't be built statically
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The 5.1.x series is now EOL and 5.3.x has been added, so remove the option
and add legacy handling for it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following (low severity) security vulnerabilities:
4.0.9:
- CVE-2019-2386: After user deletion in MongoDB Server the improper
invalidation of authorization sessions allows an authenticated user's
session to persist and become conflated with new accounts, if those
accounts reuse the names of deleted ones
https://jira.mongodb.org/browse/SERVER-38984
4.0.11:
- CVE-2019-2389: Incorrect scoping of kill operations in MongoDB Server's
packaged SysV init scripts allow users with write access to the PID file
to insert arbitrary PIDs to be killed when the root user stops the MongoDB
process via SysV init
https://jira.mongodb.org/browse/SERVER-40563
- CVE-2019-2390: An unprivileged user or program on Microsoft Windows which
can create OpenSSL configuration files in a fixed location may cause
utility programs shipped with MongoDB server versions less than 4.0.11
https://jira.mongodb.org/browse/SERVER-42233
Plus a number of other bugfixes. For details, see the release notes:
https://docs.mongodb.com/manual/release-notes/4.0/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove 2 patches accepted in this release, add new one
(no need to autoreconf any more).
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-16276: Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP
Request Smuggling.
https://github.com/golang/go/issues/34540
>From the release notes:
go1.12.10 (released 2019/09/25) includes security fixes to the net/http and
net/textproto packages
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changes since 10.9:
- Removed several build options. Functionalities are now always enabled.
- mbed TLS updated to 2.16.3.
- Updated Let's Encrypt script due to changes in the API.
- Bugfix: AlterMode not working correctly.
Diffing the CMakeLists.txt between 10.9 and 10.10 does not show any
build option change that is relevant for us.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From https://wiki.samba.org/index.php/LinuxCIFS_utils:
- April 5, 2019: Release 6.9
- smbinfo utility is added to query various kinds of information
from the server (objectId, snapshots, different FileInfo* classes
and other metadata)
- server IP change is supported by expiring DNS key resolver entries
- get/setcifsacl tools are improved to handle unexpected behavior
- share snapshot are allowed to be specified by a GMT token or SMB
100-nanoseconds time
- various new mount option are documented: bsize, handletimeout,
handlecache, rdma, max_credits and others
- https://lists.samba.org/archive/samba-technical/2019-April/133233.html
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the NEWS file:
Version 1.8.6:
- Aliases are now expanded recursively
- Minor bug fixes
Version 1.8.5:
- Fixed OAUTHBEARER.
- Support for TLS client certificates via PKCS11 devices, e.g. smart cards.
- Various small bug fixes and improvements.
Version 1.8.4:
- Added support for the OAUTHBEARER authentication method.
- Several minor bug fixes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A new option is added to build all functions.
This option was implicitly used before, so it is activated by default to
avoid unpleasant surprises.
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump version to 2.9.0.0 and drop runtime test patches, as
cross-compilation detection has been revamped.
The hash of the COPYING file is updated to take into account the
copyright year change:
-Copyright (c) 2011-2018 Laurent Bercot <ska-skaware@skarnet.org>
+Copyright (c) 2011-2019 Laurent Bercot <ska-skaware@skarnet.org>
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes [1]:
cpu.c:57:10: fatal error: sys/auxv.h: No such file or directory
>From build/flac-1.3.3/src/libFLAC/cpu.c:
56 #if defined FLAC__CPU_PPC
57 #include <sys/auxv.h>
58 #endif
Fixed by configure.ac patch checking for for sys/auxv.h before defining
FLAC__CPU_PPC (fallback already implemented for ppc_cpu_info method in
case FLAC__CPU_PPC is not defined).
[1] http://autobuild.buildroot.net/results/eb3a59a78dbb0c83cff78aac2384edea890af830
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
OMAP kernels use 8250 driver by default. Hence the name of
the console device is not /dev/ttyO0 but /dev/ttyS0.
Use /dev/console in order to handle the console independently
of the selected driver.
Tested in BeagleBone Black board.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hash of the NOTICE file has changed due to:
- Update in copyright year
- Rewrapping/indentation changes
- Addition of the license for other parts of the software, but that
are under MIT, so no change from that perspective
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A Django Channels channel layer that uses Redis as its backing store,
and supports both a single-server and sharded configurations, as well
as group support.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Thomas:
- alphabetic ordering of selects in Config.in
- drop redis dependency
- add missing python3 dependency]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Channels augments Django to bring WebSocket, long-poll HTTP, task
offloading and other async support to your code, using familiar Django
design patterns and a flexible underlying framework that lets you not
only customize behaviours but also write support for your own
protocols and needs.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Thomas:
- alphabetic ordering of selects in Config.in
- add missing BR2_PACKAGE_PYTHON3 dependency]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
asyncio (PEP 3156) Redis client library.
Provides a simple and clear interface to Redis based on asyncio.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Thomas:
- drop dependency on redis, there is no such dependency, the redis
server could be remote
- add dependency on Python 3.x]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
$: ./utils/check-package package/argus/*
package/argus/argus.hash:7: empty line at end of file
43 lines processed
1 warnings generated
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Daphne is a HTTP, HTTP2 and WebSocket protocol server for ASGI and ASGI-HTTP,
developed to power Django Channels.
It supports automatic negotiation of protocols; there's no need for URL
prefixing to determine WebSocket endpoints versus HTTP endpoints.
In addition, add the patch: remove pytest-runner-requirement.
Setup and runtime work without without pytest-runner as such, it is not actually
a requirement for building.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Thomas:
- alphabetic ordering of select in Config.in
- make the license more precise, as suggested by Yegor]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 5facee5cc3 ("configs/solidrun_clearfog_gt_8k: bump versions of
BSP components") broke automatic load of the mv88e6xxx dsa driver. The
kernel configuration makes the driver a module, which is not loaded
automatically at boot. Mark mv88e6xxx dependencies built-it to fix that.
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Otherwise they are installed even though the Braille support is not
built because it requires liblouis, which is not available.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit 529fef57f6 ("package/bird: add
optional protocols") we added options to conditionally enable
different protocol support. However, disabling the RIP support was not
working, so it remained forcefully enabled, and there was no
BR2_PACKAGE_BIRD_RIP option.
However, since the bump to 2.0.6 in commit
b9f43ade0f, this issue has been fixed,
so we can introduce the BR2_PACKAGE_BIRD_RIP option, and make it
really optional.
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a new major release, to be used along with WPE WebKit 2.26.0
as per the compatibility matrix:
https://wpewebkit.org/release/schedule/#compatible-components
The release includes experimental support for DRM/KMS output, which is
explicitly disabled at the moment. The complete release notes are
available at:
https://wpewebkit.org/release/cog-0.4.0.html
Starting with the 0.4.x series, Cog is available directly from the
main WPE WebKit site, and this COG_SITE is changd accordingly.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a new major release which brings in many improvements and new
features. For a complete list, please refer to the release notes:
https://wpewebkit.org/release/wpewebkit-2.26.0.html
The new support for accessibility and the Bubblewrap sandbox need
additional dependencies and therefore are explicitly disabled at the
moment.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Do not trust apr_hints.m4 for setting '-D_REENTRANT', set it only for
toolchains with thread support.
Fixes misleading configure error ([1]):
checking whether int64_t and int use fmt %d... no
checking whether int64_t and long use fmt %ld... no
checking whether int64_t and long long use fmt %lld... no
configure: error: could not determine the string function for int64_t
which results from warning (promoted to error by '-Werror=cpp'), from
config.log:
configure:24288: checking whether int64_t and long long use fmt %lld
configure:24320: .../host/bin/arm-linux-gcc -c -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -Werror -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c >&5
In file included from .../host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/sys/types.h:26:0,
from conftest.c:147:
.../host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/features.h:218:5: error: #warning requested reentrant code, but thread support was disabled [-Werror=cpp]
# warning requested reentrant code, but thread support was disabled
^~~~~~~
cc1: all warnings being treated as errors
configure:24320: $? = 1
configure: failed program was:
[1] http://autobuild.buildroot.net/results/4da73982f160305ac2d5d2b4f615fa98eec5a7a3
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libhttpserver is a C++ library for building high performance RESTfuls
web servers. libhttpserver is built upon libmicrohttpd to provide a
simple API for developers to create HTTP services in C++.
The installed pkg-config file contains an error, thus we include the
patch 458d16b922304006fe418897044e14b0544a127a from the upstream repo
that is not yet released.
Signed-off-by: Stephan Hoffmann <stephan.hoffmann@ext.grandcentrix.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove first patch (already in version)
- Update hash of README: small updates in year, version
- Remove --without-viavoice option (not available anymore)
- Disable espeak-ng (not available in buildroot yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop first and third patches (already in version)
- Add two upstream patches and refresh second one so that it applies
cleanly
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Update first, second and fourth patches
- Update license to Apache-2.0 with GPL2/LGPL2 exception, see:
e3101897477b6d49eec9
- Remove CUPS_INSTALL_{STAGING,TARGET}_OPTS as setting DSTROOT is not
needed since
083672b18c
- --{with,without}-{java,perl,php,python} are not supported anymore:
98491ecc6f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes following warning:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_FFTW_SINGLE
Depends on [n]: BR2_PACKAGE_FFTW [=n]
Selected by [y]:
- BR2_PACKAGE_MINIMODEM [=y]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ASGI is a standard for Python asynchronous web apps and servers to
communicate with each other, and positioned as an asynchronous
successor to WSGI.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
sqlparse is a non-validating SQL parser for Python. It provides support for
parsing, splitting and formatting SQL statements.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package lets you use real Python (PEP435-style) enums with Django.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Thomas: add select on python-enum34 if python 2.x is used]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This includes the following changes:
a1e738a tests: cipher-aead-srtp: Fix cao->dst alignment
f971e0c Fix module loading with Linux v5.0-rc5
fd8b15e Release version 1.10
6b0a81c add CIOCCPHASH to copy hash state between sessions
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The patch 0001-fix-opengl-detection.patch is removed because it is now
upstream. Thanks to this, autoreconf is no longer needed, which allows
us to drop AUTORECONF = YES and the 0002-fix-autoreconfig.patch which
was only needed to fix autoreconf.
Signed-off-by: Peter Macleod Thompson <peter.macleod.thompson@gmail.com>
[Thomas: improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
I no longer work at Amarula Solutions and neither do I have access to
olimex A33 olinuxino board. So, add Jagan as maintainer of this board.
Signed-off-by: Shyam Saini <mayhs11saini@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Xtensa hwloop_optimize segfaults when zero overhead loop is about to be
inserted as the first instruction of the function.
Insert zero overhead loop instruction into new basic block before the
loop when basic block that precedes the loop is empty.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The SONAME of the libraries installed by pigpio now contain a major
version number:
$ readelf -d output/target/usr/lib/libpigpio* | grep soname
0x0000000e (SONAME) Library soname: [libpigpiod_if2.so.1]
0x0000000e (SONAME) Library soname: [libpigpiod_if.so.1]
0x0000000e (SONAME) Library soname: [libpigpio.so.1]
So we must make sure they are installed with this name, and not just
with a .so extension. For consistency, we do the same logic for both
the target and the staging installation.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
[Thomas: improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stack pointer adjustment code in xtensa call0 ABI prologue missed a case
of no callee-saved registers and a stack frame size bigger than 128 bytes.
Handle that case.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Change the type of variable "level" to make it a class member.
It will be used not only locally.
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[Thomas: initialize self.level in the before() method, as suggested by
Ricardo]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The POSIX specification defines a 'trap <action> EXIT' mechanism that is
useful to perform clean-up actions in shell scripts. A trap has two main
advantages over hand-crafted clean-up mechanisms:
- It runs even if the process is terminated by a SIGTERM.
- It runs even if the script stops due to a pipeline failure (set -e).
Now we can make the script to stop immediately if a compilation error
occurs, instead of letting it try to run an unexisting program.
This change may appear to be overkill but Buildroot is an open source
project and each piece of code is a potential learning tool for other
developments. We must strive to provide good examples.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Acked-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some installations mount /tmp with the 'noexec' option, which prevents
running the program generated there to check the kernel headers.
Avoid the problem by generating the program under $(BUILD_DIR), passed
as the first argument to check-kernel-headers.sh.
We could globally export a TMPDIR environment variable with some path
under $(BUILD_DIR) but such solution would be too intrusive, depriving
the user from the freedom to set TMPDIR at his will (or needs).
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12241
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It can be useful for scripts to be able to access a package's source
file after download. That used to be easy, just DL_DIR/PKG_SOURCE.
However, with the subdirectories in DL_DIR which can be overridden with
PKG_DL_SUBDIR, that is no longer easy.
Therefore, this patch adds dl_dir to the package information. It prints
just PKG_DL_SUBDIR, to avoid dumping absolute paths to the buildroot
directory in the show-info output.
It can be used with the following jq script to get a newline-separated
list of all downloaded files:
make show-info | jq -r '.[] | ("dl/" + .dl_dir + "/" + .downloads[]?.source)'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove patches (already in version) and so drop autoreconf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch makes openrc-netifrc package aware of BR2_SYSTEM_DHCP
config, and if set, will start dhcp daemon on configured interface.
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
[yann.morin.1998@free.fr:
- simplify condition for BR2_SYSTEM_DHCP
- reword commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
netifrc entirely replaces openrc's basic network management. As such, it
conflicts with the network services installed by openrc, so we remove
them from openrc when netifrc is enabled.
Currently, we only catter tfor the loopback interface, but we prepare
for also handling the DHCP interface, to come in a latter patch.
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
[yann.morin.1998@free.fr:
- remove openrc files within the openrc package itself
- as it's a generic-package, no need to use post-install hooks
- use description from the homepage in the help text
- check-package fixes
- rename package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Thomas:
- pass UDEVDIR to install udev rules at the correct location]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We install a template getty service, and we 'instantiate' it in the
default runlevel, using the configured tty.
Ideally, packages that provide a getty program would be responsible
for installing the corresponding service file. However, to keep
consistency with the existing init systems (busybox, systemd, and
sysv), so we do provide it from the openrc package itself.
OpenRC only acts on the files in a runlevel sub-directory, but the
documentation [0] actually suggests that the instance symlink be done
in init.d, and then again symlinked into the actual runlevel
sub-directory. So, we abide by the rules.
Also, to be noted, the getty service file is installed without ensuring
that a getty command is available. This again is not unlike other init
systems, sysvinit and busybox, which behave the same.
[0] https://wiki.gentoo.org/wiki/OpenRC
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
[yann.morin.1998@free.fr:
- move getty template to openrc package (Thomas)
- fix namespace of the vaiables (Thomas)
- simplify creation of the defaults file
- rewrite commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a pseudo entry for /dev/root in fstab, to tell openrc to properly
remount or not remount / read-write.
For consistency with systemd (which is the only other init system to
tweak an fstab basd on / being rw or not), we do this change in the
openrc skeleton rather than in the openrc package.
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
[yann.morin.1998@free.fr:
- tweak the sed expressions
- reword commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an OpenRC service that starts and stops sysv-init scripts. We order
that script 'after local' so that it is started after all other native
openrc services.
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
[yann.morin.1998@free.fr:
- don't propagate the micro optimisation for running .sh scripts
- use spaces, not TABs
- stop services in reverse order
- reword commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop second and third patches (alredy in version)
- Add mitigation against an ECDSA timing attack. [T4626,CVE-2019-13627]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Remove patch (already in version)
- Change license file to COPYING and Add its hash
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It was here just for backwards compatibility and is not used by any
package or board after commits
59856480b6 packages/devmem2: remove from all board configurations
2f6e3eae55 package/ti-gfx: do not use devmem2 in script
There are address casting issues with 32bit access on a 64bit bus (like
on the SoC FPGA ARM processors) with this tool. The Busybox version of
devmem is the most up to date and supports quadword access.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=10171
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit aee39cbf27 ("arch/riscv:
set the default float ABI based on ISA extensions"), RISC-V 32/64 use
the lp32d/lp64d ABIs by default. But our pre-built external toolchains
were built with the LP32/LP64 ABI.
Building with lp32d/lp64d gcc flags, but a toolchain built with the
LP32/LP64 ABI causes a number of failures such as:
/home/mark/buildroot-test/instance-1/output/host/riscv64-buildroot-linux-gnu/sysroot/usr/include/gnu/stubs.h:11:11: fatal error: gnu/stubs-lp64d.h: No such file or directory
or:
/home/mark/buildroot-test/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/riscv64-buildroot-linux-gnu/7.4.0/../../../../riscv64-buildroot-linux-gnu/bin/ld: /tmp/cc2BTtFE.o: can't link hard-float modules with soft-float modules
/home/mark/buildroot-test/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/riscv64-buildroot-linux-gnu/7.4.0/../../../../riscv64-buildroot-linux-gnu/bin/ld: failed to merge target specific data of file /tmp/cc2BTtFE.o
So let's fix our config fragments to reflect the ABIs those toolchains
were built with.
Fixes:
http://autobuild.buildroot.net/results/a3959b0613cf561059483abc580b144be4817d1a/ (libsepol)
http://autobuild.buildroot.net/results/3db50d8a0a913413b2198d6c301419136d2d22a7/ (attr)
http://autobuild.buildroot.net/results/7780fada05b8440ae3e97618615624a6a2dac03f/ (libusb)
and many others
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use a more common formatting for HOST_LIBSEMANAGE_DEPENDENCIES.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This package was only used by libsemanage, but it is no longer used
since SELinux 2.7, so drop it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since SELinux 2.7 (upstream commit
920ee9ee18024c7714f1121e91854f38fa1eef73), ustr is no longer used by
libsemanage.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
DESTDIR was needed before upstream commit
6b901a4fb80cc61c46f75144b5bb366b8da38e82 ("policycoreutils: build:
follow standard semantics for DESTDIR and PREFIX"), but now the proper
semantic is used for DESTDIR and PREFIX.
However, in addition to the PREFIX that is already passed, we also
need to pass ETCDIR and SBINDIR, which are not defined in terms of
PREFIX.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The ARCH variable is no longer referenced by the policycoreutils build
system since upstream commit 4cc808671a18b5405be5707eefedd78b9c693268
("Move policycoreutils/mcstrans to mcstrans.")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
There is no reason for host-policycoreutils to depend on host-setools,
it builds/works fine without it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since SELinux 2.7, the python tools that used to be in policycoreutils
have been moved into a separate package, called "python" in upstream
SELinux, and "selinux-python" in Buildroot. Therefore, we can drop the
host-python(3) dependency from host-policycoreutils.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since SELinux 2.7, restorecond has been moved to a separate package
from policycoreutils. Due to this, host-dbus-glib is no longer needed
to build host-policycoreutils.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The recent versions of ncurses now have the license information in a
separate file called COPYING.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package is incompatible with Kodi 18.x, configure is broken:
CMake Error at output/host/x86_64-buildroot-linux-uclibc/sysroot/usr/share/kodi/cmake/AddonHelpers.cmake:197 (message):
"@ADDON_DEPENDS@" not found in addon.xml.in.
This package is also not part of the upstream binary repo:
https://github.com/xbmc/repo-binary-addons
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This package is incompatible with Kodi 18.x, configure is broken:
CMake Error at output/host/x86_64-buildroot-linux-uclibc/sysroot/usr/share/kodi/cmake/AddonHelpers.cmake:197 (message):
"@ADDON_DEPENDS@" not found in addon.xml.in.
For details read PR 2857 of https://github.com/LibreELEC/LibreELEC.tv
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This package is incompatible with Kodi 18.x, configure is broken:
CMake Error at output/host/x86_64-buildroot-linux-uclibc/sysroot/usr/share/kodi/cmake/AddonHelpers.cmake:197 (message):
"@ADDON_DEPENDS@" not found in addon.xml.in.
This package is also not part of the upstream binary repo:
https://github.com/xbmc/repo-binary-addons
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Internal rar support in Kodi was moved to this addon with the Kodi
release 18.0-Leia, see upstream PR 11912.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Arnout: fix license, add license file hashes]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Switch site to github to get latest version
- Switch to cmake to be able to disable tests as they fail to build with
/home/fabrice/buildroot/output/host/lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: warning: libspatialindex.so.5, needed by ../../.libs/libspatialindex_c.so, not found (try using -rpath or -rpath-link)
/home/fabrice/buildroot/output/host/lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: ../../.libs/libspatialindex_c.so: undefined reference to `Tools::NotSupportedException::NotSupportedException(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >)'
- Add C++11 dependency for shared_ptr
- Drop patch (already in version)
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Add hash for license files
- RISC-V is supported since version 0.11.0 and
fdfad81006
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The hash of the license file has changed due to the name:
-Copyright (c) 2015-2019, angt
+Copyright (c) 2015-2019, Adrien Gallouët <adrien@gallouet.fr>
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When this line:
unix-stream ("/dev/log");
is used as source in the .conf file and syslog-ng receives a message
(sent for test purposes using 'logger') the server throws the exception:
ERROR:lib/window-size-counter.c:76:window_size_counter_sub: assertion failed: (old_value >= value)
Even after replacing that config by:
unix-dgram ("/dev/log");
when the server is stopped it throws the same exception.
Add one upstream patch to fix both issues.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/295369456
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Chris Packham <judge.packham@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update patches for meson:
0002-configure.ac-invert-order-for-wayland-scanner-check.patch
0003-set-LIBCLC_INCLUDEDIR.patch
Disable unused options that are set to "auto" mode.
(valgrind, gallium-omx, power8).
Remove --disable-static option since there is no meson equivalent.
Remove --disable-mangling since it's not yet supported by meson.
Use r100 instead of radeon as DRI name for BR2_PACKAGE_MESA3D_DRI_DRIVER_RADEON.
Add a new depedency on host-python3-mako since we can't use
generated headers from the release archive [2].
[1] http://patchwork.ozlabs.org/patch/1084248/
[2] http://lists.busybox.net/pipermail/buildroot/2019-April/249057.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
host-python3-mako will be used by python 3 only script used in the
build system of mesa3d package.
There is no way to force building host-python-mako for python2 and
python3 [1].
[1] http://patchwork.ozlabs.org/patch/1084248/
Signed-off-by: Romain Naour <romain.naour@smile.fr>
[removed host-python-markupsafe dependency, not needed since v1.0.2]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- aarch64_be is supported since version 0.10.0 and
d1c6784254
- m68k is supported since version 0.10.0 and
2748bd6c7b
- mips is supported since version 0.7.4 and
e1259cb179
- nios2 is supported since version 0.10.0 and
859050b308
- powerpc64 is supported
- sparc64 is supported
Build tested:
br-m68k-68040-full [15/44]: OK
br-mips32r6-el-hf-glibc [17/44]: OK
br-mips64-n64-full [18/44]: OK
br-mips64r6-el-hf-glibc [19/44]: OK
br-mipsel-o32-full [20/44]: OK
br-nios2-glibc [21/44]: OK
br-powerpc64le-power8-glibc [24/44]: OK
br-powerpc64-power7-glibc [25/44]: OK
br-sparc64-glibc [30/44]: OK
linaro-aarch64-be [35/44]: OK
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Remove patch (already in version)
- Drop 'v' prefix from version to match release-monitoring.org
- Download a snapshot tarball instead of using git
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Userspace Raspberry Pi PWM/PCM/SPI library for SK6812 and WS281X LEDs.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump Linux to 5.2, U-Boot to 2019.07, and ATF to armada-18.12.2.
Updated ATF uses updated binaries-marvell package which now
provides common firmware supporting both A7K and A8K. So no
need to specify platform for binaries-marvell anymore.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump Linux to 5.2, U-Boot to 2019.07, and ATF to armada-18.12.2.
Updated ATF uses updated binaries-marvell package which now
provides common firmware supporting both A7K and A8K. So no
need to specify platform for binaries-marvell anymore.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump version of Marvell DDR training software. This update accompanies
update of the ARM Trusted Firmware used on Marvell A8K platforms.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since release 18.12 binaries-marvell repository provides
common firmware supporting both A7K and A8K SoC families.
This commit bumps package version to 18.12 and removes
platform specific binary selections from Config.in.
Single firmware image suitable for both A7K and A8K
platforms is now specified in mk file explicitely.
Legacy handling is not needed, as configs which did have
the option set will continue to work without change.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Arnout:
- Remove BINARIES_MARVELL_IMAGE entirely;
- Add remark about legacy handling;
- Remove the deprecated option from the defconfigs and test that use
it.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
New wpa_supplicant v2.9 enables by default AP, P2P, WIFI_DISPLAY
features in defconfig. However these features make sense only for
wpa_supplicant drivers supporting AP mode.
That is why, for consistent configuration, these features should
be explicitely disabled in wpa_supplicant .config file unless
they are requested by Config.in options.
Note that at the moment AP support in Buildroot can be enabled
only for NL80211 driver.
Fixes:
http://autobuild.buildroot.net/results/d37672374db935ac29953263ec68a2786ee65cc2/
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
New hostapd v2.9 supports WPA3 features such as OWE, SAE, DPP.
Those features are disabled by default in defconfig, so no
dependency from openssl is requried unless WPA3 support
is enabled.
This patch adds Config.in option for WPA3 support in hostapd.
When this option is selected, libopenssl is also selected and
WPA3 features including OWE, SAE, DPP are enabled in hostapd
.config file. When this option is deselected, then WPA3
options are disabled.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
New wpa_supplicant v2.9 enables by default WPA3 features in defconfig.
Meanwhile building those features requires openssl.
This patch adds Config.in option for WPA3 support in wpa_supplicant.
When this option is selected, libopenssl is also selected and WPA3
features OWE, SAE, DPP are enabled in wpa_supplicant .config file.
When this feature is deselected, then all the above WPA3 options
are disabled.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When switching to meson build system, enabling GLX support
require at least one DRI or Gallium dirver.
So add a dependency on BR2_PACKAGE_MESA3D_DRIVER for
BR2_PACKAGE_MESA3D_OPENGL_GLX option.
quoting the meson build system:
"dri based GLX requires at least one DRI driver." [1]
"Even when building just gallium drivers the user probably wants dri." [2]
[1] https://cgit.freedesktop.org/mesa/mesa/tree/meson.build?h=19.0#n340
[2] https://cgit.freedesktop.org/mesa/mesa/tree/meson.build?h=19.0#n266
Signed-off-by: Romain Naour <romain.naour@smile.fr>
[Bernd: moved x11 dependencies from glx condition to xorg7 condition to
fix build error with enabled egl without glx
BR2_PACKAGE_HAS_LIBGL needs to depend on BR2_PACKAGE_MESA3D_OPENGL_GLX]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Arnout: small changes to Config.in help text and menus]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This option is renamed in order to match the naming used by the
meson buildsystem.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Remove '_NEW' from 'select BR2_PACKAGE_WPA_SUPPLICANT_DBUS_NEW' in
Config.in.
Wpa_supplicant dbus support option has been renamed from
BR2_PACKAGE_WPA_SUPPLICANT_DBUS_NEW to BR2_PACKAGE_WPA_SUPPLICANT_DBUS
in the bump to v2.9 (f2ffdbee2a).
While connman package, which depends on wpa_supplicant, has not been
updated.
This patch will fix legacy build error.
Signed-off-by: Thuan Ho <sandwichdoge@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Joe changed the COPYING file from GPL-1.0 to GPL-2.0 in the development
leading up to 3.8:
d731f9b379/
So change the license to GPL-2.0+
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This fixes WARNINGs in make legal-info of the kind:
WARNING: kf5-extra-cmake-modules-5.47.0: cannot save license
(KF5_EXTRA_CMAKE_MODULES_LICENSE_FILES not defined)
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The source files contain the "(at your option) any later version" text, so
change the licese to GPL-2.0+.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The source files contain the "(at your option) any later version" text and
the website states:
License
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
http://0pointer.de/lennart/projects/ifplugd/
So change the license to GPL-2.0+
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Which is the version used by docker 18.09.9:
0a3767c7e9
Also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Includes a number of post-18.09.7 bugfixes and to keep in sync with the
docker-engine version.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security vulnerability:
CVE-2019-13509: Docker Engine in debug mode may sometimes add secrets to the
debug log. This applies to a scenario where docker stack deploy is run to
redeploy a stack that includes (non external) secrets. It potentially
applies to other API users of the stack API if they resend the secret.
And a number of other non-security issues.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The patch used previously to support versions of ln lacking the '-r'
option generated broken links:
$ file target/usr/lib/cups/backend/driverless
target/usr/lib/cups/backend/driverless: broken symbolic link to ../../usr/lib/cups/driver/driverless
Add a squashing of two patches already applied upstream that provide a
better solution:
https://github.com/OpenPrinting/cups-filters/pull/154https://github.com/OpenPrinting/cups-filters/pull/157
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
texttotext must be linked to libiconv if !BR2_ENABLE_LOCALE so pull a
patch applied upstream that adds libiconv discovery via autoconf.
With this change, autoreconf requires the config.rpath and ABOUT-NLS
files which are not in v1.25.4. Add a pre-configure hook to fake them.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12031
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
fakeroot can be built to either use SYSV IPC or TCP for message passing.
A bug was discovered where Microsoft Windows 10 Services for Linux
doesn't include support for SYSV IPC MsgQ. This patch adds support to
detect this case and automatically build fakeroot to use the TCP
transport instead (It is assumed a TCP transport would definitely have
more overhead then MsgQs so the default wasn't changed to TCP).
Fixes
https://bugs.busybox.net/show_bug.cgi?id=11366
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Jean-Francois Doyon <jfdoyon@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Arnout: use a post-patch hook and AUTORECONF=YES]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This reverts commit 9135ab7a7c. This
version bump causes a major issue: the entire root filesystem of the
build machine is being copied into $(STAGING_DIR)/usr/lib/python2.7/,
causing the build to consume the entire disk space of the machine.
>>> python-sip 4.19.13 Installing to target
[...]
make[2]: Leaving directory `/home/test/buildroot/output/build/python-sip-4.19.13/siplib'
Traceback (most recent call last):
File "/home/test/buildroot/output/build/python-sip-4.19.13/mk_distinfo.py", line 108, in <module>
fn_f = open(fn, 'rb')
FileNotFoundError: [Errno 2] No such file or directory: '/home/test/buildroot/output/target/usr/lib/python3.7/site-packages/sip.pyi'
make[1]: *** [install_distinfo] Error 1
make[1]: *** Waiting for unfinished jobs....
cp: cannot open `/proc/fs/aufs/plink_maint' for reading: Permission denied
cp: cannot open `/proc/sys/fs/protected_fifos' for reading: Permission denied
cp: cannot open `/proc/sys/fs/protected_hardlinks' for reading: Permission denied
cp: cannot open `/proc/sys/fs/protected_regular' for reading: Permission denied
cp: cannot open `/proc/sys/fs/protected_symlinks' for reading: Permission denied
cp: cannot open `/proc/sys/kernel/cad_pid' for reading: Permission denied
cp: cannot open `/proc/sys/kernel/unprivileged_userns_apparmor_policy' for reading: Permission denied
cp: cannot open `/proc/sys/kernel/usermodehelper/bset' for reading: Permission denied
...
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When using a newer host system cmake to build MariaDB, the following build
error occurs:
CMake Error at cmake/os/Linux.cmake:29 (STRING):
STRING sub-command REPLACE requires at least four arguments.
Call Stack (most recent call first):
CMakeLists.txt:101 (INCLUDE)
CMake Error at cmake/os/Linux.cmake:29 (STRING):
STRING sub-command REPLACE requires at least four arguments.
Call Stack (most recent call first):
CMakeLists.txt:101 (INCLUDE)
Fixes: https://bugs.busybox.net/show_bug.cgi?id=11781
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
mariadb no longer allows the WITH_SSL=OFF configure option. It will
instead search for openssl or gnutls headers, and if missing error out
with:
CMake Error at /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
Could NOT find GnuTLS (missing: GNUTLS_LIBRARY GNUTLS_INCLUDE_DIR)
(Required is at least version "3.3.24")
Call Stack (most recent call first):
/usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:378 (_FPHSA_FAILURE_MESSAGE)
/usr/share/cmake/Modules/FindGnuTLS.cmake:54 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
libmariadb/CMakeLists.txt:298 (FIND_PACKAGE)
Therefore, make host-mariadb depend on host-openssl, and tell mariadb
to use the system openssl.
This was not found by autobuilders because mariadb isn't built in the
autobuilders (it's part of a choice).
Note that the target mariadb already has an unconditional dependency
on openssl.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Leave pam_selinux enabled by default in su.pam and remove it from the
/etc/pam.d/su and /etc/pam.d/su-l files if libselinux is not selected.
This cosmetic change prevents leaving a misleading commented-out line
that references a PAM module that does not exist.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If follow through the customize-outside-br.txt with how to add external
toolchain in br-ext tree then one thing is missing - inclusion of
*.mk file with external toolchain package description.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When updating to libglib2 2.62.0, the file 0002-add-option-to-build-tests.patch
had to be refactored to work with the new build_tests checks. In the process of
refactoring, a missing check was overlooked in glib/meson.build causing
distributions with older versions of objcopy to fail because the older version
does not contain the --add-symbol argument.
Adding the check for the build_tests argument fixes the issue.
Fixes:
http://autobuild.buildroot.net/results/dcc2352a036aba9650eae8abaaa23819fc67332d
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
match.o: In function `SetMatchSpec':
match.c:(.text+0x9c): undefined reference to `re_comp'
match.o: In function `Match':
match.c:(.text+0xca): undefined reference to `re_exec'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove second patch (already in version)
- Fix a missing error detection in ECJPAKE. This could have caused a
predictable shared secret if a hardware accelerator failed and the
other side of the key exchange had a similar bug.
- When writing a private EC key, use a constant size for the private
value, as specified in RFC 5915. Previously, the value was written as
an ASN.1 INTEGER, which caused the size of the key to leak about 1 bit
of information on average and could cause the value to be 1 byte too
large for the output buffer.
- The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to
implement blinding. Because of this for the same key and message the
same blinding value was generated. This reduced the effectiveness of
the countermeasure and leaked information about the private key
through side channels. Reported by Jack Lloyd.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Change NILFS_UTILS_SITE to https://nilfs.sourceforge.io as this is the
official site with the official tarballs
- Remove first and third patch (already in version)
- Drop fourth patch and host-pkgconf from dependencies, not needed since
d5ce780856
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Remove all patches except first one (already in version)
- Update first patch
- Fix CVE-2019-6471: A race condition when discarding malformed packets
can cause BIND to exit with an assertion failure
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update to the latest version of libcamera, including a fix for toolchains
which require libatomic to be linked manually.
The patch which handles this locally is therefore removed.
Since the last version update, the option to disable building of the
unit tests has been renamed from '-Dtests=' to '-Dtest='
This is updated accordingly.
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a new major release which brings in many improvements and new
features. For a complete list, please refer to the release notes:
https://webkitgtk.org/2019/09/09/webkitgtk2.26.0-released.html
A small patch is added which fixes a build failure when X11 headers
are not available (for example, when building a Wayland-only system)
The new support for the WPE renderer on Wayland and the new Bubblewrap
sandbox need additional dependencies and therefore are explicitly
disabled at the moment.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch sets the default floating point ABI based on the ISA
extensions that have been selected rather than defaulting to soft
float.
For 64-bit:
ISA 'D' selects lp64d
ISA 'F' selects lp64f
Otherwise select lp64
For 32-bit:
ISA 'D' selects ilp32d
ISA 'F' selects ilp32f
Otherwise select ilp32
This change was proposed by Palmer Dabbelt at SiFive.
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Reviewed-by: Palmer Dabbelt <palmer@sifive.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
I am exclusively using my Gmail address for now on. Reflect this in
the DEVELOPERS file.
Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mathieu is no longer working at Savoir-faire Linux, update his email
address in the DEVELOPERS file.
Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following check-package warning:
package/libglib2/libglib2.mk:90: consecutive empty lines
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
New upstream at github. Update homepage link and download site.
Drop the custom extract command; we now get the source tree from github.
Drop patch #2; the code detects rpc support.
Add optional dependency on libtirpc.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes a security issue. From the annoncement:
A vulnerability exists in Mosquitto versions 1.5 to 1.6.5 inclusive.
If a client sends a SUBSCRIBE packet containing a topic that consists of
approximately 65400 or more '/' characters, i.e. the topic hierarchy
separator, then a stack overflow will occur.
The issue is fixed in Mosquitto 1.6.6 and 1.5.9. Patches for older versions
are available at https://mosquitto.org/files/cve/2019-hier
The fix addresses the problem by restricting the allowed number of topic
hierarchy levels to 200. An alternative fix is to increase the size of the
stack by a small amount.
https://mosquitto.org/blog/2019/09/version-1-6-6-released/
Also notice that 1.6.5 silently fixed a security issue:
CVE-2019-11778
A vulnerability exists in Mosquitto version 1.6 to 1.6.4 inclusive, known as CVE-2019-11778
If an MQTT v5 client connects to Mosquitto, sets a last will and testament,
sets a will delay interval, sets a session expiry interval, and the will
delay interval is set longer than the session expiry interval, then a use
after free error occurs, which has the potential to cause a crash in some
situations.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This would normally be enabled by systemctl preset-all however since we
don't have a host systemctl we need to enable the service manually.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
MANIFEST may contains line like this:
"LICENSE LICENSE file (added by Distar)"
so, retains only the first word.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.net/results/a6247b95f1578fe1daec485589582310c75b5d84/
luksmeta-v9 generates man pages at build if a2x is available since:
commit 3fa51bb22350fee101fc52044949f6eb394114ae
Author: Daniel Kopeček <dkopecek@redhat.com>
Date: Fri Jul 13 01:52:45 2018 +0200
Generate manual page from source during build time
If a2x (asciidoc) is not available during configure time,
a warning will be generated and the manual page wont be
generated nor installed.
Man pages are not needed on target and the build step fails in certain
setups, so disable it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add hash for license file, and drop 'v' from version for compatibility with
release-monitoring.org.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The JSON::PP Perl module is used at build time by the webkitgtk and
wpewebkit packages.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The project now ships a proper LICENSE file, with the complete license
text, so we use it instead of the README file. The license remains the
same as Perl, i.e Artistic license or GPL-1.0+.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The copyright year in the LICENSE file was changed, which explains why
the hash is modified:
-This software is Copyright (c) 2000 - 2017 by David Rolsky.
+This software is Copyright (c) 2000 - 2019 by David Rolsky.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libglib2 needs util-linux only for libmount, which is a configuration option.
Instead, check if util-linux-libmount is selected, and if so, set the option
to true.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Refactor 0002-add-option-to-build-tests.patch to work with the new version.
- Add the new option oss_fuzz=disabled to HOST_LIBGLIB2_CONF_OPTS and
LIBGLIB2_CONF_OPTS.
- Change -Diconv=gnu to -Diconv=external as the option has changed.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerabilities:
- ECDSA remote timing attack (CVE-2019-1547)
Severity: Low
- Fork Protection (CVE-2019-1549)
Severity: Low
- Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
Severity: Low
For more details, see the advisory:
https://www.openssl.org/news/secadv/20190910.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In the SYSV init script allow /etc/default/vmtoolsd to override $ARGS
(if it present)
Signed-off-by: Simon Rowe <simon.rowe@citrix.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bugfix release, fixing a number of issues:
- Fix v5 DISCONNECT packets with remaining length == 2 being treated as a
protocol error. Closes#1367.
- Fix support for libwebsockets 3.x (excluding 3.2.0)
- Fix slow websockets performance when sending large messages. Closes
#1390.
- Fix bridges potentially not connecting on Windows. Closes#478.
- Fix clients authorised using use_identity_as_username or
use_subject_as_username being disconnected on SIGHUP. Closes#1402.
- Improve error messages in some situations when clients disconnect.
Reduces the number of "Socket error on client X, disconnecting" messages.
- Fix Will for v5 clients not being sent if will delay interval was greater
than the session expiry interval. Closes#1401.
- Fix CRL file not being reloaded on HUP. Closes#35.
- Fix repeated "Error in poll" messages on Windows when only websockets
listeners are defined. Closes#1391.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Added md5 hash provided by upstream.
Switched _SOURCE to .xz tarball provided by upstream.
This tarball contains a configure script so we do not need to
autoreconf anymore.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
lrzip is a compression utility that excels at compressing
large files (usually > 10-50 MB)
Signed-off-by: Sam Lancia <sam@gpsm.co.uk>
[Thomas: license is GPL-2.0+, not GPL-2.0]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerability:
CVE-2019-15903: In libexpat before 2.2.8, crafted XML input could fool the
parser into changing from DTD parsing to document parsing too early; a
consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)
then resulted in a heap-based buffer over-read.
While we're at it, also change to use .tar.xz rather than the bigger
.tar.bz2.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add COPYRIGHT to LICENSE_FILES, and add hashes for both license files.
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Replace version.c by COPYING in LICENSE_FILES, and add a hash for the
license file.
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Thomas: drop version.c in the license files, the newly introduced
COPYING file is much better]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add hash for LICENSE.
This version works with linux kernel 5.0 and newer. It requires
CONFIG_NF_NAT enabled in the kernel configuration, otherwise it fails
to build:
ERROR: "nf_nat_setup_info" [/home/thomas/projets/buildroot/output/build/xtables-addons-3.4/extensions/xt_DNETMAP.ko] undefined!
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Thomas: enable CONFIG_NF_NAT in the kernel configuration.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update hash for license files (update in year and address, some
whitespace changes)
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As suggested by Baruch Siach, using "git rev-parse HEAD" is a lot
simpler than playing around with "git log" to just retrieve the commit
id corresponding to the current HEAD.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order for the luvi version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
LUVI_SOURCE and LUVI_SITE and not LUVI_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order for the openpowerlink version to match what is given by
release-monitoring.org, the 'V' prefix should be encoded in
OPENPOWERLINK_SOURCE and OPENPOWERLINK_SITE and not
OPENPOWERLINK_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The wellknown module `argparse` is now used by LuaRocks 3.2.0, instead
of a homemade argument parsing.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since syslog-ng 3.11.1 eventlog has been bundled with the sources.
Remove the separate package.
We don't add Config.in.legacy handling because eventlog was only used
by syslog-ng, and was not really meant to be used by anyone else, so
there is no point in warning users who had this package enabled in
their configuration that it no longer exists, as it was only used by
syslog-ng, and syslog-ng now bundles eventlog.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
[Thomas: extend explanation about why we don't have any
Config.in.legacy handling]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Qemu can optionally depend on nettle if available, so we should take
into account this optional dependency.
Cc: Florian Wolters <florian@florian-wolters.de>
Signed-off-by: Alexander Dahl <post@lespocky.de>
[Thomas: reword commit log, so that it makes sense in the context of
upstream Buildroot]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Create the configuration file as /etc/thttpd.conf, as expected by the
systemd unit file.
This matches other web server packages that install configuration files
at /etc/lighttpd/, /etc/apache2, etc.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Added license hash files
* Updated site to new GNU location
* Reconfig required to use newer automake
* Dropped patch for 01_array_initialize.patch as it was fixed
* Refactored patches for makeinfo variable and write io errs
* Added new dc fix exit code patch from Debian sid
* Added new libmath offline gen cross-compile patch from Yocto
Upstream patch status: Pending
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the bump to the 20190819 snapshot there is now a dedicated dts file
for the rpi0, so use that rather than the rpi-b-plus one:
bd1336d8b6
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes#12816
Commit 42d22f3bdb ({configs/raspberrypi,package/rpi-firmware}: bump
kernel/firmware to 20190819 version) updated the kernel version but failed
to take into consideration that the rpi0w dts file has been renamed:
6f91b5dbfd
Fix it by renaming the dts/dtb file referenced from the kernel build and
genimage.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Useful for test purposes when we want to install util-linux with a
custom TARGET_DIR, e.g.
$ make util-linux-reinstall TARGET_DIR=/tmp/util-linux
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use github macro and drop SOURCE variable to keep the default SOURCE
value which gives a much more sensible tarball name
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The init script provided by thttpd is for FreeBSD. Add a custom one,
made specifically for Buildroot.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order for the sslh version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
SSLH_SOURCE and not SSLH_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order for the kompexsqlite version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
KOMPEXSQLITE_SOURCE and not KOMPEXSQLITE_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order for the zziplib version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
ZZIPLIB_SITE and not ZZIPLIB_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order for the perl-class-std-fast version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
PERL_CLASS_STD_FAST_SOURCE and not PERL_CLASS_STD_FAST_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerabilities:
- CVE-2019-9511 "Data Dribble": The attacker requests a large amount of data
from a specified resource over multiple streams. They manipulate window
size and stream priority to force the server to queue the data in 1-byte
chunks. Depending on how efficiently this data is queued, this can
consume excess CPU, memory, or both, potentially leading to a denial of
service.
- CVE-2019-9512 "Ping Flood": The attacker sends continual pings to an
HTTP/2 peer, causing the peer to build an internal queue of responses.
Depending on how efficiently this data is queued, this can consume excess
CPU, memory, or both, potentially leading to a denial of service.
- CVE-2019-9513 "Resource Loop": The attacker creates multiple request
streams and continually shuffles the priority of the streams in a way that
causes substantial churn to the priority tree. This can consume excess
CPU, potentially leading to a denial of service.
- CVE-2019-9514 "Reset Flood": The attacker opens a number of streams and
sends an invalid request over each stream that should solicit a stream of
RST_STREAM frames from the peer. Depending on how the peer queues the
RST_STREAM frames, this can consume excess memory, CPU, or both,
potentially leading to a denial of service.
- CVE-2019-9515 "Settings Flood": The attacker sends a stream of SETTINGS
frames to the peer. Since the RFC requires that the peer reply with one
acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost
equivalent in behavior to a ping. Depending on how efficiently this data
is queued, this can consume excess CPU, memory, or both, potentially
leading to a denial of service.
- CVE-2019-9516 "0-Length Headers Leak": The attacker sends a stream of
headers with a 0-length header name and 0-length header value, optionally
Huffman encoded into 1-byte or greater headers. Some implementations
allocate memory for these headers and keep the allocation alive until the
session dies. This can consume excess memory, potentially leading to a
denial of service.
- CVE-2019-9517 "Internal Data Buffering": The attacker opens the HTTP/2
window so the peer can send without constraint; however, they leave the
TCP window closed so the peer cannot actually write (many of) the bytes on
the wire. The attacker then sends a stream of requests for a large
response object. Depending on how the servers queue the responses, this
can consume excess memory, CPU, or both, potentially leading to a denial
of service.
- CVE-2019-9518 "Empty Frames Flood": The attacker sends a stream of frames
with an empty payload and without the end-of-stream flag. These frames
can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends
time processing each frame disproportionate to attack bandwidth. This can
consume excess CPU, potentially leading to a denial of service.
(Discovered by Piotr Sikora of Google)
Notice that this version bump requires nghttp2 1.39.2. It also includes an
(unconditional) embedded copy of brotli.
Update the license hash because of copyright year changes and the addition
of the MIT-style license text for large_pages and brotli.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
CVE-2019-9511: Data Dribble
CVE-2019-9513: Resource Loop
For details, see the advisory:
https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/
Notice that libnghttp2 itself is not affected by these vulnerabilities, only
nghttpx and nghttpd (which are currently not built).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop the v prefix on the download URL as the 1.2 git tag is just '1.2' and
add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Update CCACHE_SITE to github.
- The hash of the license file is updated. There were two changes:
* The reference to the credits.html file changed from
ccache.samba.org to ccache.dev
* The MIT license text for minitrace.[ch] was added, but it doesn't
change the fact that the whole is under GPL-3.0, and we anyway
already had "GPL-3.0, others" in CCACHE_LICENSE
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[Thomas: update the license file hash]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bugfix release, fixing a potential infinite loop when handling the LUKS
header:
git shortlog v8..v9
Daniel Kopeček (2):
Use asciidoc as the manual page source format
Generate manual page from source during build time
Milan Broz (1):
Fix infinite loop when initializing trimmed LUKS header.
Nathaniel McCallum (3):
Fix invalid man page section reference
Fix typos in the man page
Release version 9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
nfs-utils selects rpcbind, and rpcbind unconditionally selects
libtirpc. Therefore, nfs-utils will never be used with the C library
RPC implementation: libtirpc will always be used. Consequently, all
the conditional logic to use libtirpc only if available is useless,
and we can use libtirpc unconditionally.
As an added bonus, this means that we can enable IPv6, because
libtirpc provides an IPv6-compatible RPC implementation.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=10806
Signed-off-by: Carlos Santos <unixmania@gmail.com>
[Thomas: rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
pkg-stats extracts the Buildroot commit id from which the package
information was collected. However, when doing so, it always assumes
we're using the master branch, by running "git log master".
But in fact, pkg-stats can be run from any branch/tag, so it makes a
lot more sense to use "git log HEAD".
Cc: victor.huesca@bootlin.com
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is no need to override the SOURCE variable when the github macro
is used, and in fact keeping the default SOURCE value gives a much
more sensible tarball name, so let's drop the SOURCE variable
entirely.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order for the ascii-invaders version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
ASCII_INVADERS_SITE and not ASCII_INVADERS_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Minimodem is a command-line program which decodes (or generates)
audio modem tones at any specified baud rate, using various
framing protocols. It acts a general-purpose software FSK modem,
and includes support for various standard FSK protocols such as
Bell103, Bell202, RTTY, TTY/TDD NOAA SAME, and Caller-ID.
Signed-off-by: Alexander Kurz <akurz@blala.de>
[Thomas:
- switch from a depends on to a select for the libsndfile or
pulseaudio or alsa dependency
- re-order statements in Config.in
- add missing host-pkgconf dependency]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This includes the following changes:
94079e6 Fixed invalid UTF-8 codes in ChangeLog
1470a82 Updated service.fedora
9596c53 Updated service.fedora
b50b59b New version 1.9.5
037e059 New version 1.9.5
2681d01 Added test for /dev/random symlink
0dac21b Update to automake 1.16
638e2f0 Fixed built issue on Cygwin
083f827 minimize diff
b38def1 minimize diff
e16369d take into account review by @nbraud
6dfce53 Remove support for CPUID on ia64
fc50dda [PATCH] Output some progress during CUSUM and RANDOM EXCURSION test
be4e481 NEWS: Cleanup extraneous whitespace
0815b3c Fixup upstream changelog
6d52229 Fix type mismatch in get_poolsize
90d00f7 service.redhat: update PIDFile
16a9726 fix segv at start
ceab89a init.d/Makefile.am: add missing dependency
01e3154 Diagnostics capture mode now works correctly by referencing the right variable during rng warmup
f219358 Fix segfault on arm machines
Also add a 'v' prefix in _SITE variable.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
syslog-ng warns when using a configuration from an older version. Update
the version in the example config.
Fixes: 9695f3e069 ("package/syslog-ng: bump version to 3.22.1")
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Change download location as the project is now part of the linux-can
organization.
Also remove an upstreamed patch.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Python packages should no longer depend on BR2_PACKAGE_PYTHON in their
config file, unless they are only compatible with Python 2.
Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Dropped musl and profiling patches as they were incorporated upstream.
- Profiling is set as explicitly disabled as it can now be configured.
- License file hash is changed due to an update in the copyright year:
-"iperf, Copyright (c) 2014-2018, The Regents of the University of California,
+"iperf, Copyright (c) 2014-2019, The Regents of the University of California,
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hash of the license file changed due to this single change of the
copyright year:
- * The Nmap Security Scanner is (C) 1996-2018 Insecure.Com LLC ("The Nmap *
+ * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap *
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order for the json-for-modern-cpp version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
JSON_FOR_MODERN_CPP_SITE and not JSON_FOR_MODERN_CPP_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It's the latest original version. The defconfig and
package/rpi-firmware changes are done in a single patch, as they are
going together.
Signed-off-by: Gergely Imreh <imrehg@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
(3.44.1)
CVE-2019-11729: More thorough input checking
CVE-2019-11719: Don't unnecessarily strip leading 0's from key material
during PKCS11 import
CVE-2019-11727: Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
Note:
This version requires nspr 4.22 or newer provided by the previous patch.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order for the bitcoin version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
BITCOIN_SITE and not BITCOIN_VERSION.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Kevin Joly (kevin.joly@sensefly.com)<mailto:kevin.joly@sensefly.com>
Your message couldn't be delivered to the recipient because you don't have permission to send to it.
Looking at his LinkedIn profile, he left SenseFly in January 2019,
which quite certainly explains why his @sensefly.com e-mail address is
no longer working.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We couldn't track down the reason why the profile sets $PAGER other
than that it has always been there.
However, it defeats pager autodetection by various tool (systemctl,
nmcli, etc.) that would otherwise prefer less to more, in case both
were available.
Let's drop it. My desktop Linux distro (Fedora) doesn't seem to set it
either and the universe doesn't seem to have collapsed yet.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
glibc since 2.28 dropped DES encryption routines setkey() and encrypt(),
but uclibc still provides them. So, if building with uclibc, we can
avoid using huge openssl library.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit aee34c479a, network-manager
was bumped to 1.20.0. As part of this bump, the libnm-util/ subfolder
was removed, and therefore libnm-util/COPYING no longer exists,
breaking the legal-info of this package.
The only remaining COPYING file is at the top-level. However, it
documents only the GPL-2.0 license, while in fact many parts of
network-manager, especially libraries, are under LGPL-2.0. This is
well explained in the CONTRIBUTING file, which states:
"""
Legal
-----
NetworkManager is partly licensed under terms of GNU Lesser General Public License
version 2 or later (LGPL-2.0+). That is for example the case for libnm.
For historical reasons, the daemon itself is licensed under terms of GNU General
Public License, version 2 or later (GPL-2.0+). See the license comment in the source
files.
Note that all new contributions to NetworkManager MUST be made under terms of
LGPL-2.0+, that is also the case for parts that are currently licensed GPL-2.0+.
The reason for that is that we might eventually relicense everything as LGPL and
new contributions already must agree with that future change.
"""
So, we keep GPL-2.0 and LGPL-2.0 as license, drop libnm-util/COPYING
from the LICENSE_FILES variable, and instead add the CONTRIBUTING
file. We also add a comment above the LICENSE variable.
Fixes:
http://autobuild.buildroot.net/results/44ce11d110a508821f76aae7ce996c1814c6a453/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gmp has optional C++ support, which is disabled by default. Let's
enabled it conditionally depending on the BR2_INSTALL_LIBSTDCPP
option.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
After hostapd update to 2.9, the patch provided no longer works,
although applies. Moreover, AP support for Realtek chips is broken
anyway in kernels > 4.9.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
[Thomas: add Config.in.legacy handling]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
AST-2019-004: Crash when negotiating for T.38 with a declined stream
When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint
responds with a declined media stream a crash will then occur in Asterisk.
https://downloads.asterisk.org/pub/security/AST-2019-004.pdf
AST-2019-005: Remote Crash Vulnerability in audio transcoding
When audio frames are given to the audio transcoding support in Asterisk the
number of samples are examined and as part of this a message is output to
indicate that no samples are present. A change was done to suppress this
message for a particular scenario in which the message was not relevant. This
change assumed that information about the origin of a frame will always exist
when in reality it may not.
https://downloads.asterisk.org/pub/security/AST-2019-005.pdf
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update hash of license file (year, authors, files have been updated)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since configure is using PKG_CHECK_MODULES macro, we need to
unconditionally depends on host-pkgconf.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the URL and add a new patch. Quoting changelog [1]:
unzip (6.0-25) unstable; urgency=medium
* Apply one more patch by Mark Adler:
- Do not raise a zip bomb alert for a misplaced central directory.
This should allow Firefox to build again. Closes: #932404.
Reported by Peter Green. Hopefully CVE-2019-13232 is fixed now.
-- Santiago Vila <sanvila@debian.org> Sat, 27 Jul 2019 18:01:36 +0200
[1] https://sources.debian.org/data/main/u/unzip/6.0-25/debian/changelog
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit a0b032ad85 (package/qemu: security bump to version 3.1.1)
bumped the version but didn't update the patch subdirectory name, so the
patches are now ignored.
Fix that by renaming the directory. Drop
0002-configure-improve-usbfs-check.patch as that is now upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update the COPYING hash, since the copyright year was updated:
-Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.
+Copyright (C) 1998-2019 Ivo Timmermans, Guus Sliepen and others.
Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
[Thomas: update license file hash]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump to the latest git version, containing multiple fixes and support
for render-only GPUs (lima, panfrost, ...) and missing DRM driver
names to run like meson, rockchip, sun4i-drm.
Tested on Khadas VIM2 (aarch64) and Panfrost.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changed _SITE to https.
Add hash for license file.
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Peter: fix LICENSE hash, only use for the host package]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The license file was changed from xlrd/licences.py to LICENSE in the
following upstream commit:
e7bcab2f45
While the formatting has changed, the contents are the same. We take
this opportunity to add the hash of the license file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[Thomas: fix license file details]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also remove obsolete patch and not calling autoreconf (as configure.ac
is not patched anymore)
Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switched _SOURCE to .xz, added all hashes provided by upstream and
license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that we can order packages from biggest to smallest, it makes sense
to assign the most aggressive colours to the biggest packages.
As such, reorder the current colours so that we have, in order:
- red-ish
- orange-ish
- yellow-ish
- purple-ish
- eggplant-ish (is that even a colour? :-] )
- some-indeterminate-blue-ish
- dark-green-ish
- light-green-ish
For the previous, smallest-first ordering, it does not matter much what
the ordering is: the actual colours are still somewhat-unpredictably
assigned to packages, depending on the cut-off limit...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, the packages are sorted smallest first, and biggest last
(with unknown and others second-to-last and last, resp.).
Add an option to invert the ordering (but keeping unknown and others at
their current positions).
This has the nice side effect that we can now control the colours
assigned to the biggest package(s), as the colours are cycled from the
first to the last. Currently, the biggest packages gets a redish colour,
which is appropriate, but the second gets a greenish one, which is not
as appropriate (but changing that can come later).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When dealing with embedded devices, storage is more often than not some
kind of flash device, on which the memory is usually counted as powers
of 1024 instead of powers of 1000. As such, people may prefer reports
using IEC prefixes [0] instead of the SI prefixes.
Add an option to that effect.
We use argparse's ability to use custom actions [1] [2], to provide a
set of options that act on a boolean, but has a single help entry and
internally ensures consistency of the settings. We could have been using
the more conventional store_true/store_false actions instead, but that
would have meant either two help entries, one for each set of options,
and/or some logic after parse_args() to check the validity of the
settings.
[0] https://en.wikipedia.org/wiki/Binary_prefix
[1] https://docs.python.org/2/library/argparse.html#action
[2] https://docs.python.org/2/library/argparse.html#argparse.Action
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, we group packages that contribute less then 1%, into the
"Other" category.
However, in some cases, there can be a lot of very comparatively small
packages, and they may not exceed this limit, and so only the "Others"
category would be displayed, which is not nice.
Conversely, if there are a lot of packages, most of which only so
slightly exceeding this limit, then we get all of them in the graph,
which is not nice either.
Add a way for the developers to pass a different cut-off limit. As for
the dependency graph which has BR2_GRAPH_DEPS_OPTS, add the environment
variable BR2_GRAPH_SIZE_OPTS to carry those extra option (in preparation
for more to come, later).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Arnout:
- remove empty base class definition from Config;
- use parser.error instead of ValueError for invalid argument.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, we forcibly report sizes in multiple of Kilobytes. In some
big configurations, the sizes of the system as a whole, as well as that
of individual packages, may exceed megabytes, and when some artistic
assets get used, even the gigabyte may get exceed.
These big sizes are not easy to read when expressed in kilobytes.
Additionally, some very small packages might have sizes below the
kilobyte (and when we can specify the cut-off grouping size, they may
get reported), and thus the size displayed for those would be 0 kB.
Add a helper function that can format a floating-point size into a
string with all the appropriate formatting:
- there are at least 3 meaningfull digits visible, i.e. we display
"3.14" or "10.4" instead of just "3" or "10", but for big number we
don't care about too many precision either, so we report "100" or
"1000", not "100.42" or "1000.27";
- the proper SI prefix is appended, if needed.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, the "unknown" category may be reported anywhere, so it does
not really stand out when there are a lot of packages in the graph.
Move it towards the end, but right before the "other" category, so that
it is a bit more visible. Like for Others, don't report it if its size
is zero.
Also, make it title case (i.e. "Unknown" instead of "unknown").
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
It is nicer overall to have a main() function, like all our other
scripts tend to have too.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit was pushed accidentally, it was not yet ready for prime
time. A better way to implement it was proposed.
In addition, it still introduces a circular dependency: systemd ->
polkit -> libglib2 -> util-linux -> systemd
This reverts commit 335c77b667.
The findmount and lsblk utilities need udev to work correctly but cannot
be built with udev support because the packages providing libudev (eudev
and systemd) depend on util-linux, creating a chicken-egg problem. Solve
it by means of the following changes:
- Split util-linux into three packages:
- util-linux-libs, providing lib{blkid,fdisk,mount,smartcols,uuid}.
- util-linux-programs, providing both the aforementioned libs and the
programs.
- util-linux, a dummy package that drives configuration and building
of the other ones.
- Add blind selections for -libs and -programs, i.e. they are indirectly
selected according to the util-linux options.
- Make util-linux have build dependencies on util-linux-{libs,programs}
if they are selected.
- host-util-linux has a build dependency on either host-util-linux-libs
or host-util-linux-programs (not on both, since they are installed on
the same destination).
- Make eudev and systemd have build dependencies on util-linux-libs.
This can be extended to other packages in the future but is not needed
right now because the configuration options are backward-compatible.
- Make util-linux-programs have an optional build dependency on the
package that provides libudev (either eudev or systemd), if it is
selected.
util-linux-libs is installed on STAGING_DIR by default and on TARGET_DIR
if util-linux-programs is not selected. Conversely, util-linux-programs
installs on TARGET_DIR by default and on STAGING_DIR if util-linux-libs
is not selected. This prevents installing the libraries twice on the
same destination, which would confuse check-uniq-files.
With this approach we don't need to patch configuration files neither
change other packages besides eudev and systemd. Other packages that
require util-linux libraries and whose libraries can be used by
util-linux programs can be updated later. We also don't need to change
any existing defcconfig, since all configuration options are kept in
the dummy util-linux package.
The main drawback of this approach is that util-linux-rebuild, as wel as
-reinstall, -reconfigure and even -dirclean targets do not have real
effect. It's necessary to use util-linux-libs-rebuild, for instance, but
this is a reasonable price to pay for the solution.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=11811
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Switch to generic-package (autotools has been dropped since version
5.1.5)
- Remove hook and instead use dedicated makefile targets to build only
shared or static library and not binaries or documentation (added by
an upstreamble patch)
- ac_cv_prog_have_xmlto=no can be removed as doc is not built anymore
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: drop redundant GIFLIB_SOURCE]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2018-11490: The DGifDecompressLine function in dgif_lib.c in
GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p
0.49.4, has a heap-based buffer overflow because a certain
"Private->RunningCode - 2" array index is not checked. This will lead
to a denial of service or possibly unspecified other impact.
- Fix CVE-2019-15133: In GIFLIB before 2019-02-16, a malformed GIF file
triggers a divide-by-zero exception in the decoder function DGifSlurp
in dgif_lib.c if the height field of the ImageSize data structure is
equal to zero.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mbedtls support has been added in version 0.9.6 with
d449f013fa
So enable it if mbedtls is enabled and always enable embedded axTLS
support to keep existing behavior
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove second, third and fourth patches (already in version)
- Update first patch and sent it upstream
- Add AUTORECONF=YES to avoid patching configure in first patch
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The patch against 0.6.1 has been merged upstream,
and has been removed from this package.
A small change has been made to the LICENSE file:
"Cloudflare, Inc." was added in the copyright
declaration.
Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch and autoreconf, instead use existing
--disable-libevent-regress option to disable tests
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Kernel commit 0472301a28f ("bpf: fix uapi bpf_prog_info fields
alignment") fixed the issue causing build failure in bpf support code.
The fix has been applied to all kernel versions that are affected and
supported (v4.19, v5.1, v5.2). Enable back bpf for m68k.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop if_tun.h kernel header removal patch; current musl doesn't need it.
Don't disable termios_ispeed; commit 1c25119a93 ("socat: convert to
AUTOTARGETS") disabled it for no apparent reason.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
this module has moved under the luarocks organization
diff LICENSE:
+ 2019 Paul Ouellette
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bundled editline has been removed; readline is a mandatory dependency
now.
Add patch fixing build with editline is not installed.
Add license files hashes.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update download location to match installation docs.
Update validation comment to reference Minisign signature.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes:
Version 1.6.1
-------------
* inputattach supports the RainShadow HDMI CEC dongle (this requires
kernel 4.12 or later; thanks to Hans Verkuil).
* The jscal store and restore tools use udevadm on the path, instead
of hard-coding /sbin.
Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove patch, as gtk-doc disabling now works correctly.
- The XML library in use is now expat, instead of libxml2
Signed-off-by: Ilya Averyanov <averyanovin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add support to test that the root passowrd is working as expected.
- Buildtime test: Check the hash present in the generated '/etc/shadow'.
- Runtime test: Build an armv7 image and try to login with a password.
Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit adds a minimal defconfig to build a Buildroot system for
the STM32MP157 Discovery Kit, which is the low-cost evaluation
platform for the new STM32MP157 system-on-chip from ST. This
system-on-chip features a single or dual Cortex-A7, a single
Cortex-M4, and a wide variety of peripherals.
This commit includes a custom linux configuration file, because there
is no specific defconfig for this platform in the kernel, only
multi_v7_defconfig supports it, which is really a massive
defconfig. That's why a custom linux configuration file is added.
A small U-Boot config fragment allows to disable the watchdog, so that
userspace by default doesn't need to have a watchdog daemon running.
The vendor U-Boot and Linux trees are used for the moment, but the
platform support is being upstreamed, so switching to upstream
versions will be possible in the relatively near future.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently many test cases call subprocess.check_output on their own.
Factor out that code to an infra method so the call get standardized.
This will be handful when switching the test infra to use Python 3.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The python-cbor sample script to be run on the target dumps a binary
variable to the target stdout. This is done for debug purposes-only, in
the case the test on test infra fails.
This non-utf-8 is currently silently ignored by the Emulator class /
pexpect.spawn from the test infra because the infra uses Python 2, that
in turn do not differentiate between string and byte data.
Make the code Python3-friendly (Python 3 in the host) by doing the right
thing and encoding the data before printing it.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Do the same as other fs tests and minimally check the ubi image before
booting.
The call to 'file' was already there, but the output wasn't tested for
some unknown reason. Add the assert for the output of the command.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
