Compare commits

...

238 Commits

Author SHA1 Message Date
Peter Korsgaard 51ff8bb263 Update for 2018.02.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-20 12:25:30 +01:00
Peter Korsgaard c5b37e0bf1 swupdate: ensure TARGET_CC is used for compiling/linking
Fixes:
http://autobuild.buildroot.net/results/e302d0edb59ff7617b5f2d21f06eb65ae04981fe
http://autobuild.buildroot.net/results/dbb69acadc20b4bb559311348eca276c1e6343f7

Swupdate uses $CROSS-cc instead of $CROSS-gcc, which is not available in all
external toolchains, and use CC for linking. Ensure TARGET_CC is used for both.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 291ec1d2be)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-18 15:27:39 +01:00
Asaf Kahlon d4d7cc9908 python-requests: bump to version 2.20.1
Fixes a bug introduced in 2.20.0 with unintended Authorization header
stripping for redirects using default ports (http/80, https/443).

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 745132abc0)
[Peter: mention fix from 2.20.0]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-17 23:12:24 +01:00
Asaf Kahlon fa75b09956 python-requests: security bump to version 2.20.0
Fixes CVE-2018-18074: The Requests package before 2.20.0 for Python sends an
HTTP Authorization header to an http URI upon receiving a same-hostname
https-to-http redirect, which makes it easier for remote attackers to
discover credentials by sniffing the network.

LICENSE update: replaced http address with https.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 42bebd1e7c)
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-17 23:12:13 +01:00
Bernd Kuhls 35f0fba38c package/python-requests: bump version to 2.19.1
Updated package using scanpypi, added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 217fa315ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-17 23:12:01 +01:00
Peter Korsgaard c0a646fd29 package/go: security bump to version 1.9.7
go1.9.1 (released 2017/10/04) includes two security fixes.

go1.9.2 (released 2017/10/25) includes fixes to the compiler, linker,
runtime, documentation, go command, and the crypto/x509, database/sql, log,
and net/smtp packages.  It includes a fix to a bug introduced in Go 1.9.1
that broke go get of non-Git repositories under certain conditions.

go1.9.3 (released 2018/01/22) includes fixes to the compiler, runtime, and
the database/sql, math/big, net/http, and net/url packages.

go1.9.4 (released 2018/02/07) includes a security fix to “go get”.

go1.9.5 (released 2018/03/28) includes fixes to the compiler, go command,
and net/http/pprof package.

go1.9.6 (released 2018/05/01) includes fixes to the compiler and go command.

go1.9.7 (released 2018/06/05) includes fixes to the go command, and the
crypto/x509, and strings packages.  In particular, it adds minimal support
to the go command for the vgo transition.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:56:44 +01:00
Ezequiel Garcia 84e043b4af ci20: Fix U-Boot build with codesourcery toolchain
Currently, U-Boot is failing to build, due to some issues
with the toolchain and the U-Boot port.

Fix it.

Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aacf3acb84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:53:25 +01:00
Jörg Krause 8cffd1416d package/luvi: add upstream patch to fix runtime issue with CMake 3.12+
luvi fails to run when it was build with CMake 3.12+:

```
[string "return require('init')(...)"]:1: module 'init' not found:
	no field package.preload['init']
	no file './init.lua'
	no file '/usr/share/luajit-2.0.5/init.lua'
	no file '/usr/local/share/lua/5.1/init.lua'
	no file '/usr/local/share/lua/5.1/init/init.lua'
	no file '/usr/share/lua/5.1/init.lua'
	no file '/usr/share/lua/5.1/init/init.lua'
	no file './init.so'
	no file '/usr/local/lib/lua/5.1/init.so'
	no file '/usr/lib/lua/5.1/init.so'
	no file '/usr/local/lib/lua/5.1/loadall.so'
```

Looking at link.txt for the luvi executable shows that `-rdynamic` is
not set anymore in CMake 3.12. This has the effect, that symbols are
missing in the `.dynsym` section in the binary.

The patch, sets `ENABLE_EXPORTS` to true in CMakeLists.txt to force setting
`-rdynamic` explicitly.

Upstream status: b8781653dcb8815a3019a77baf4f3b7f7a255ebe

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 56d2ac54dd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:49:18 +01:00
Adrian Perez de Castro cf13e30393 package/webkitgtk: security bump to version 2.22.5
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE identifiers: CVE-2018-4437,
CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, and
CVE-2018-4464. Additionally, it fixes a couple of build failures in
unusual build configurations.

Release notes can be found in the announcement:

  https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html

More details on the issues covered by security fixes can be found
in the corresponding security advisory:

  https://webkitgtk.org/security/WSA-2018-0009.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6bbfaf1d40)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:38:07 +01:00
Jared Bents 874e1094fa package/swupdate: Update to version 2018.11
Update to version 2018.11 to resolve the following build failure:

corelib/channel_curl.c: In function ‘channel_map_curl_error’:
corelib/channel_curl.c:298:2: error: duplicate case value
  case CURLE_SSL_CACERT:
  ^
corelib/channel_curl.c:297:2: error: previously used here
  case CURLE_PEER_FAILED_VERIFICATION:
  ^

when building with CONFIG_DOWNLOAD=y. This issue is happening since
the libcurl bump to 7.62.0.

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1040b18634)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:36:25 +01:00
Julien Corjon 7d2b922356 package/swupdate: default website have a new API
2018.03 introduce a new website with Websocket asynchronous
communication[1]

[1] https://github.com/sbabic/swupdate/blob/master/doc/source/mongoose.rst

Signed-off-by: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2d9e9d04d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:36:13 +01:00
Jörg Krause 8bca3e0294 swupdate: bump to version 2018.03
Remove upstream patches:
  * 0001-compat.h-introduce-compatibility-header.patch
  * 0002-Fix-build-if-DOWNLOAD-is-set-but-no-JSON.patch

Update note about bundled modified version of mongoose 6.11.

Update licenses. Some files are LGPL-2.1+ now. Remove Public Domain as the
relevant bundled sqlite3 code was removed some time age.

Regenerated the .config file by doing:

```
make swupdate-menuconfig
make swupdate-update-config
```
.. and removing the paths for the build options manually.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 26184c2815)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:36:03 +01:00
Peter Korsgaard ecf0883ee9 nginx: bump to version 1.15.7
1.15.7 contains a number of bugfixes. From the changes file:

     *) Bugfix: memory leak on errors during reconfiguration.

    *) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
       $upstream_header_time variables.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_mp4_module was used on 32-bit platforms.

https://nginx.org/en/CHANGES

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bc60c57f69)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:32:34 +01:00
Thomas Petazzoni 938f823fd1 package/libgpgme: properly tweak gpgme-config
libgpgme installs a gpgme-config script, it should be tweaked using
the <pkg>_CONFIG_SCRIPTS mechanism. This is generally useful and is
going to be particularly important with per-package directories.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3df53aa11d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:28:40 +01:00
Max Filippov 06a9fb8ac5 package/uclibc: add custom bits/poll.h for xtensa
Definitions of POLLWRNORM, POLLWRBAND and POLLREMOVE in xtensa linux
kernel are non-standard. Provide bits/poll.h with correct values for
these constants for uclibc-ng.

This fixes the following strace build errors:

  In file included from xlat/pollflags.h:4:0,
                   from poll.c:34:
  ./static_assert.h:40:24: error: static assertion failed: "POLLWRBAND != 0x0100"
   # define static_assert _Static_assert
                          ^
  xlat/pollflags.h:75:1: note: in expansion of macro ‘static_assert’
   static_assert((POLLWRBAND) == (0x0100), "POLLWRBAND != 0x0100");
   ^~~~~~~~~~~~~
  ./static_assert.h:40:24: error: static assertion failed: "POLLREMOVE != 0x0800"
   # define static_assert _Static_assert
                          ^
  xlat/pollflags.h:117:1: note: in expansion of macro ‘static_assert’
   static_assert((POLLREMOVE) == (0x0800), "POLLREMOVE != 0x0800");
   ^~~~~~~~~~~~~

Fixes:
 http://autobuild.buildroot.net/results/5a0112b7a2c81fa5253c9adc93efe415256cd811
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit 95f11fb25d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:23:01 +01:00
Thomas Petazzoni e0e2bf15ed package/liquid-dsp: add missing dependency on fftw
When one of BR2_PACKAGE_FFTW_PRECISION_* is enabled, liquid-dsp links
against fftw3f, fftw3 or fftw3l, but forgets to add the fftw package
in its dependencies. It works fine in practice because "fftw" is
before "liquid-dsp" in the alphabetic ordering, but building with
"make liquid-dsp" or with per-package directory causes a build
failure.

Fix that by adding the missing dependencies.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Reviewed-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2517fa73ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:17:50 +01:00
Thomas Petazzoni b9350e3aa1 package/sdl2_net: add missing host-pkgconf dependency
The sdl2_net configure script uses pkg-config to finx sdl2. If it
doesn't find pkg-config, it tries to locate sdl2-config, and defaults
to /usr/bin/sdl2-config, which causes the build to fail with:

arm-linux-gcc: ERROR: unsafe header/library path used in cross-compilation: '-I/usr/include/SDL2'

Fix this by adding host-pkgconf to the dependencies of sdl2_net. We
could have added the right autoconf cache variable to tell the
configure script where sdl2-config is located, but since pkg-config is
tried first, let's use that.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c2a1bcb1b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:16:11 +01:00
Thomas Petazzoni 7f2f18ba0f package/wine: host-wine also needs bison and flex
Just like the build of the target wine, the build of host wine also
needs bison and flex, otherwise the build fails with:

checking for flex... no
configure: error: no suitable flex found. Please install the 'flex' package.

(and similarly for bison once host-flex is provided)

This was detected using per-package directories. It used to "work"
because host-wine comes alphabetically after host-flex and host-bison,
which are dependencies of target wine.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e4d153b16a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:11:56 +01:00
Peter Korsgaard 782598a884 package/nodejs: security bump to version 8.14.0
Fixes the following security vulnerabilities:

- Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
- Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
- Node.js: Hostname spoofing in URL parser for javascript protocol
  (CVE-2018-12123)
- Node.js: HTTP request splitting (CVE-2018-12116)
- OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
- OpenSSL: Microarchitecture timing vulnerability in ECC scalar
  multiplication (CVE-2018-5407)

For more details, see the announcement:
https://nodejs.org/en/blog/release/v8.14.0/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0de2c9c76c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:09:57 +01:00
Martin Bark 7a13171e4e package/nodejs: bump version to 8.12.0
See https://nodejs.org/en/blog/release/v8.12.0/

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e75d9c6bcf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:09:52 +01:00
Joel Stanley 74680fc8be package/libopenssl: use HTTPS for URL
The host forces HTTPS regardless. This can be seen in the build logs:

 >>> host-libopenssl 1.0.2q Downloading
 URL transformed to HTTPS due to an HSTS policy
 --2018-12-10 09:53:27--  https://www.openssl.org/source/openssl-1.0.2q.tar.gz

Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4d6fa03760)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 22:04:57 +01:00
Bernd Kuhls a90e0671e3 package/libpjsip: add optional dependency on libgsm
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 94e7a91092)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 21:20:47 +01:00
Bernd Kuhls 296d6c5509 package/libpjsip: add optional dependency on speex
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b9c6b38f2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 21:20:45 +01:00
Bernd Kuhls dbaa1b31e8 package/libpjsip: disable build of test binaries
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8e50901517)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 21:20:42 +01:00
Fabrice Fontaine 61ecf7556f libmpd: fix build with strndup
Retrieve a patch from upstream to include config.h otherwise build will
fail when trying to redefine strndup:
libmpd-internal.h:210:10: error: expected identifier or '(' before '__extension__'
 char *   strndup     (const char *s, size_t n);

Indeed, without an include on config.h, HAVE_STRNDUP won't be defined

Fixes:
 - http://autobuild.buildroot.org/results/a174818fa768b029d19b033139f9c5e0aaaed149

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b65c8e28ce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 20:43:06 +01:00
Fabrice Fontaine 2a7779ef92 libmpd: add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8e884ba02b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 20:42:58 +01:00
Peter Korsgaard ea2b196419 php: security bump to version 7.2.13
Fixes CVE-2018-19518: University of Washington IMAP Toolkit 2007f on UNIX,
as used in imap_open() in PHP and other products, launches an rsh command
(by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen
function in osdep/unix/tcp_unix.c) without preventing argument injection,
which might allow remote attackers to execute arbitrary OS commands if the
IMAP server name is untrusted input (e.g., entered by a user of a web
application) and if rsh has been replaced by a program with different
argument semantics.  For example, if rsh is a link to ssh (as seen on Debian
and Ubuntu systems), then the attack can use an IMAP server name containing
a "-oProxyCommand" argument.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1af5232138)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 19:58:00 +01:00
Bernd Kuhls b227e85ce8 package/php: bump version to 7.2.12
Changelog: http://www.php.net/ChangeLog-7.php#7.2.12

Rebased patch 0004 and updated license hash after white space removal:
https://github.com/php/php-src/commit/902d39a3a79c6efe93c8879575fdd5a759cf03de

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d383a73a8e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 19:57:49 +01:00
Bernd Kuhls 6afe81999d package/php: bump version to 7.2.11
Changelog: http://www.php.net/ChangeLog-7.php#7.2.11

Removed patch 0008, applied upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8dc3d02bac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 19:57:26 +01:00
Peter Korsgaard 59d54e178a squashfs: do not force gzip support if lz4/xz/zstd is selected
The logic to ensure at least one compression backend is selected was not
updated when lz4, xz and zstd were introduced -  Fix that.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[Peter: add comment as suggested by Peter Seiderer]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 84aeb4419f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 16:16:11 +01:00
Thomas Petazzoni e7657aeaf8 package/pps-tools: bump version to fix usage without bash
As reported in bug #11426, the ppsfind shell script uses /bin/bash,
but the Buildroot pps-tools package doesn't depend on bash. In fact,
upstream has fixed the problem, and the script can now be used with a
POSIX shell, and the shebang is /bin/sh.

This commit therefore bumps pps-tools to the latest upstream commit,
which is precisely this fix.

Fixes bug #11426.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5c89726d9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 16:05:29 +01:00
Thomas Petazzoni a76f2dceab package/lynx: add dependency on host-pkgconf
The Lynx configure script uses pkg-config when available:

checking for nios2-buildroot-linux-gnu-pkg-config... /home/thomas/projets/buildroot/output/host/bin/pkg-config
checking pkg-config for openssl... yes
[...]
checking pkg-config for ncurses... yes

Using pkg-config avoids build failures such as:

checking for _nc_freeall... no
configure: error: Configuration does not support color-styles
make: *** [/home/test/autobuild/run/instance-1/output/build/lynx-2.8.9rel.1/.stamp_configured] Error 1

When building with "make lynx", so that pkg-config is not built
before. The issue is that in this case, lynx configure script picks up
the ncurses6-config script for the host ncurses instead of the one in
staging. Using pkg-config solves that nicely.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 67ee7f9eb1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 16:02:35 +01:00
Yann E. MORIN 21a231e104 linux: ensure images/ exist before creating files there
When using an initramfs, on the first-pass build, we create a dummy cpio
so that the build succeeeds. The real cpio will come later, and we'll do
a second-pass build to use the actual cpio.

However, when we touch that dummy cpio, the images/ directory may not
yet exist, since commit d0f4f95e39 (Makefile: rework main directory
creation logic) removed its creation at the begining of the build, to
only at the moment we need it, i.e. during the *_INSTALL_IMAGES_CMDS
steps.

However, the linux build is not a _INSTALL_IMAGES_CMDS step, so there is
no guarantee that images/ already exist at that time.

Fix that by explicitly creating images/ before touching the dummy cpio.

Reported-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 524fb10bbe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 16:01:21 +01:00
Yann E. MORIN 46433b998a package/libiscsi: do not built the manpages
The pre-rendered, bundled ones are still installed, though, but they
get removed in target-finalize anyway.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5b5c84a2a8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 15:53:57 +01:00
Yann E. MORIN fe36685e07 package/libiscsi: fix build due to warnings
Fixes:
    http://autobuild.buildroot.org/results/55b/55bf50fc7dcd465b71b5757434887dd3d0b25abc/
    http://autobuild.buildroot.org/results/98d/98dcfe5c9fc3babd5c8d3116d5128d437715c44e/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d2d81637ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 15:51:25 +01:00
Peter Korsgaard faa7f87936 {linux, linux-headers}: bump 4.{9, 14, 19}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 177a8a5fd9)
[Peter: drop 4.19.x, linux / hash changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 15:43:51 +01:00
Trent Piepho 9bbd9c7789 package/libcurl: use GnuTLS's default cert path
libcurl doesn't find any trust path for CA certs when it cross-compiles.
When using OpenSSL, it is explicitly configured to use the SSL cert
directory with OpenSSL style hash files in it.  But with GnuTLS, it gets
nothing.

Rather than configure libcurl to use the OpenSSL directory or a bundle
file, configure it to use the GnuTLS default.  This way the CA certs
path can be configured in one place (gnutls) and then libcurl and anyone
else who uses gnutls can default to that.

Also, when libcurl with gnutls is configured to use a directory, it ends
up loading each cert three times.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 43b4d3ae45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 15:25:12 +01:00
Trent Piepho a32df40af6 package/gnutls: give library a default trust location
Gnutls is building with no default location to look for CA certs.  Since
there are buildroot packages to provide these, configure it to use them
by default.

Configure gnutls to find them using the bundle file which contains all
certs, rather than looking in the cert directory.  When gnutls is told
to use the directory, it loads *every* file in it.  This means it loads
the bundle with all certs, then loads each cert a second time using the
individual pem files, and then loads them all the third time via the
hash symlinks to the pem files.

When p11-kit is enabled, use its trust module instead of the bundle
file.  p11-kit can be configured to use the bundle (the default), but it
can do other things too, such as integrate with the "trust" command for
adding and removing trust anchors.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 379306e8f2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-16 15:25:08 +01:00
Peter Korsgaard 82c624cd6e {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 85d00b3c8e)
[Peter: drop 4.19.x, linux / hash changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-11 08:42:08 +01:00
Waldemar Brodkorb 5c5d972941 package/uclibc: add upstream patch to fix aarch64 issues
fstatfs/statfs on aarch64 seems broken, add a patch from uClibc-ng
upstream git to fix it.

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2179ca4a61)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-10 23:07:32 +01:00
Fabrice Fontaine 3f9ea4512f package/c-ares: use LICENSE.md
c-ares has a LICENSE.md file since version 1.12 and
https://github.com/c-ares/c-ares/commit/4e861351d9deaef7b78aee50ce9229325f4fc59a

So use it instead of one of the source file and add its hash

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c9dfcbd6ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 23:27:59 +01:00
Peter Korsgaard 4c4c2d0bf5 glibc: bump version for post-2.26 security fixes
Fixes the following security vulnerability:

  CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
  denial of service due to resource exhaustion when processing getaddrinfo
  calls with crafted host names.  Reported by Guido Vranken.

Adhemerval Zanella (2):
      Fix misreported errno on preadv2/pwritev2 (BZ#23579)
      x86: Fix Haswell CPU string flags (BZ#23709)

Alexandra Hájková (1):
      Add an additional test to resolv/tst-resolv-network.c

Andreas Schwab (1):
      libanl: properly cleanup if first helper thread creation failed (bug 22927)

Florian Weimer (3):
      preadv2/pwritev2: Handle offset == -1 [BZ #22753]
      conform: XFAIL siginfo_t si_band test on sparc64
      CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]

Ilya Yu. Malakhov (1):
      signal: Use correct type for si_band in siginfo_t [BZ #23562]

Martin Kuchta (1):
      pthread_cond_broadcast: Fix waiters-after-spinning case [BZ #23538]

Stefan Liebler (2):
      Fix segfault in maybe_script_execute.
      Fix race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP [BZ #23275]

Szabolcs Nagy (1):
      i64: fix missing exp2f, log2f and powf symbols in libm.a [BZ #23822]

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 23:25:47 +01:00
Fabrice Fontaine df2b72b67f php: intl support needs dynamic library
getArgTypeList is defined both in ext/intl/msgformat/msgformat_helpers.cpp
and icu library so add a !BR2_STATIC_LIBS dependency to
BR2_PACKAGE_PHP_EXT_INTL

Fixes:
 - http://autobuild.buildroot.org/results/628b677d1ceb8b404265d89357225e0a1dce1407

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f108445a3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 23:22:53 +01:00
Fabrice Fontaine e7daab236e python-numpy: fix build with lapack
If BR2_PACKAGE_LAPACK is enabled (without BR2_PACKAGE_CLAPACK), build of
python-numpy will fail if lapack is built before python-numpy because
lapack does not provide blas library

So disable BLAS and LAPACK through PYTHON_NUMPTY_ENV if
BR2_PACKAGE_CLAPACK is not set

Fixes:
 - http://autobuild.buildroot.org/results/41671976c7be7883f31ee5f51ca0eb90b81262fd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 76815cd1e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 23:19:12 +01:00
Peter Korsgaard 194c8e543e ghostscript: security bump to version 9.26
Fixes the following security vulnerabilities:

 - CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to
   bypass a sandbox protection mechanism via vectors involving errorhandler
   setup.  NOTE: this issue exists because of an incomplete fix for
   CVE-2018-17183.

- CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to
  bypass a sandbox protection mechanism via vectors involving the 1Policy
  operator.

- CVE-2018-19409: An issue was discovered in Artifex Ghostscript before
  9.26.  LockSafetyParams is not checked correctly if another device is
  used.

- CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because available
  stack space is not checked when the device remains the same.

- CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because of a
  setcolorspace type confusion.

- CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because of a
  JBIG2Decode type confusion.

For more details, see the release notes:
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e52b02677a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 23:09:59 +01:00
Peter Seiderer e1f45e9464 freetype: bump version to 2.9.1
According to [1]:

- fixes CVE-2018-6942: A NULL pointer dereference in the Ins_GETVARIATION()
  function within ttinterp.c could lead to DoS via a crafted font file

- needs '--enable-freetype-config' for freetype-config installation

[1] https://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?id=86bc8a95056c97a810986434a3f268cbe67f2902

[Peter: also pass --enable-freetype-config for host variant]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 750d43ae14)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 23:07:45 +01:00
Bernd Kuhls daef1c454f package/freetype: bump version to 2.9
Changelog:
https://sourceforge.net/projects/freetype/files/freetype2/2.9/

Upstream changed its project URL to https in docs/FTL.TXT. We do the
same in Config.in and update the license hash for docs/FTL.TXT.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0d386f8847)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 23:05:57 +01:00
Peter Korsgaard 23b8a2139a libopenssl: security bump to version 1.0.2q
Fixes the following security vulnerabilities:

  *) Microarchitecture timing vulnerability in ECC scalar multiplication

     OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
     shown to be vulnerable to a microarchitecture timing side channel attack.
     An attacker with sufficient access to mount local timing attacks during
     ECDSA signature generation could recover the private key.

     This issue was reported to OpenSSL on 26th October 2018 by Alejandro
     Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
     Nicola Tuveri.
     (CVE-2018-5407)
     [Billy Brumley]

  *) Timing vulnerability in DSA signature generation

     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
     timing side channel attack. An attacker could use variations in the signing
     algorithm to recover the private key.

     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
     (CVE-2018-0734)
     [Paul Dale]

For more information, see the changelog:
https://www.openssl.org/news/cl102.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3301b6e1b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 23:03:30 +01:00
Florian Fainelli eb2a89acb0 xfsprogs: Define PLATFORM to linux
PLATFORM is an environment variable used by xfsprogs' configure script
to determine the platform for which the applications are being built. If
we set some incorrect/unsupported value through e.g: export, this will
be picked up by xfsprogs' configure script and used as-is and assigned
to PKG_PLATFORM, which will lead to build failures.

If PLATFORM was empty/unset, then uname on the host building xfsprogs
gets used to determine the build platform, which again could be
incorrect if we e.g: built xfsprogs on a Darwin system.

Since we are obviously building for Linux, let's just make sure we
define it that way which solves both issues.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 257a2118be)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 23:02:07 +01:00
Peter Korsgaard 7d708397a9 samba4: security bump to version 4.8.7
Fixes the following security vulnerabilities:

 - CVE-2018-14629:
   All versions of Samba from 4.0.0 onwards are vulnerable to infinite
   query recursion caused by CNAME loops. Any dns record can be added via
   ldap by an unprivileged user using the ldbadd tool, so this is a
   security issue.

 - CVE-2018-16841:
   When configured to accept smart-card authentication, Samba's KDC will call
   talloc_free() twice on the same memory if the principal in a validly signed
   certificate does not match the principal in the AS-REQ.

   This is only possible after authentication with a trusted certificate.

   talloc is robust against further corruption from a double-free with
   talloc_free() and directly calls abort(), terminating the KDC process.

   There is no further vulnerability associated with this issue, merely a
   denial of service.

 - CVE-2018-16851:
   During the processing of an LDAP search before Samba's AD DC returns
   the LDAP entries to the client, the entries are cached in a single
   memory object with a maximum size of 256MB.  When this size is
   reached, the Samba process providing the LDAP service will follow the
   NULL pointer, terminating the process.

   There is no further vulnerability associated with this issue, merely a
   denial of service.

 - CVE-2018-16853:
   A user in a Samba AD domain can crash the KDC when Samba is built in the
   non-default MIT Kerberos configuration.

   With this advisory we clarify that the MIT Kerberos build of the Samba
   AD DC is considered experimental.  Therefore the Samba Team will not
   issue security patches for this configuration.

For more details, see the release notes:

https://www.samba.org/samba/history/samba-4.8.7.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 22:58:05 +01:00
Bernd Kuhls 2614104752 package/samba4: bump version to 4.8.5
Release notes: https://www.samba.org/samba/history/samba-4.8.5.html

Rebased patches 0001 & 0004.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 934d23bec7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 22:57:58 +01:00
Fabrice Fontaine 0172a94ac5 popt: add libiconv to popt.pc.in
Add ${LTLIBICONV} to popt.pc.in so applications such as shairport-sync
will know that they must link with -liconv when building statically

Fixes:
 - http://autobuild.buildroot.org/results/c5b0d1d2867e49c022a2ad971dd9f358ff0f3865

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1209eb2dca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 22:53:25 +01:00
Fabrice Fontaine dca53990a0 msgpack: disables tests
tests are enabled if gperf and zlib are found and they fail on:
/home/buildroot/autobuild/run/instance-0/output/build/msgpack-2.1.5/include/msgpack/v1/object.hpp:652:34:
error: 'void* memcpy(void*, const void*, size_t)' copying an object of non-trivial type 'struct msgpack::v2::object' from an array of 'const msgpack_object' {aka 'const struct msgpack_object'} [-Werror=class-memaccess]
     std::memcpy(&o, &v, sizeof(v));

So disable them.

Fixes:
 - http://autobuild.buildroot.org/results/7d7aa9723f02f9bc78dbf6248674be4d402199bf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d2d75e07db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 22:52:19 +01:00
Yann E. MORIN f00bc4994e package/libid3tag: needs autoreconf
libid3tag uses a very old configure script.

When the toolchain lacks C++ and the build machine lacks /lib/cpp, this
old configure script fails because it can't find a C++ preprocessor that
is valid:

    checking for arm-buildroot-linux-uclibcgnueabi-g++... no
    checking whether we are using the GNU C++ compiler... no
    checking whether no accepts -g... no
    checking dependency style of no... none
    checking how to run the C++ preprocessor... /lib/cpp
    configure: error: C++ preprocessor "/lib/cpp" fails sanity check
    See `config.log' for more details.

This is yet another case that was tentatively fixed by bd39d11d2e
(core/infra: fix build on toolchain without C++), further amended by
4cd1ab1588 (core: alternate solution to disable C++).

However, this only works on libtool scripts that are recent enough, and
thus we need to autoreconf to get it.

We also need to patch configure.ac so that it does not fail on the
missing, GNU-specific files: NEWS, AUTHORS, and Changelog.

Fixes:
    http://autobuild.buildroot.org/results/ac3/ac3870208aab6001db6b790b6c5dde64d08f7669/
    http://autobuild.buildroot.org/results/cc1/cc18397f38dfd4f1e6605f7a6f58edab49b396ac/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 43274dd3e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 22:51:05 +01:00
Yann E. MORIN 1cef40d5c1 package/dante: needs autoreconf
We have a patch that touches a .m4 file, so we need to regenerate the
configure script. Otherwise, this is done during the build step, and
some environment variables are thus missing and the build may fail when
the host machine does not have the expected autostuff tools.

Fixes:
    http://autobuild.buildroot.org/results/e37/e37e61bae1d81a7956e2843be70fea84b0bbb64b/
    http://autobuild.buildroot.org/results/f96/f969718402cae71446d6280ec1f66d357a155293/
    ...

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 83d1902812)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 22:46:51 +01:00
Fabrice Fontaine 93d0a413d5 dante: disable pam
Fixes:
 - http://autobuild.buildroot.org/results/5222592f2052e18c184fae42214c112e7f39be6e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 982805a32b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-12-03 22:46:47 +01:00
Peter Korsgaard d047c4032b Update for 2018.02.8
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 23:41:24 +01:00
Adrian Perez de Castro 9037ebe8b5 package/webkitgtk: bump to version 2.22.4
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for  CVE-2018-4345, CVE-2018-4372,
CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,
CVE-2018-4382, CVE-2018-4386, CVE-2018-4392, and CVE-2018-4416.
Additionally, it fixes a few build failures, and a crash when using
certain version of Cairo.

Release notes can be found in the announcement:

  https://webkitgtk.org/2018/11/21/webkitgtk2.22.4-released.html

More details on the issues covered by security fixes can be found
in the corresponding security advisory:

  https://webkitgtk.org/security/WSA-2018-0008.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7a827a17dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 19:02:19 +01:00
Fabrice Fontaine e718e4241f package/samba4: fix install of systemd files
Since version 4.8.0 and
https://github.com/samba-team/samba/commit/080d590de1ff9f8ebc55aeffaea8d41991466549,
the systemd files (nmd.service, ...) are not available in packaging/systemd

Indeed, they are built in bin/default/packaging/systemd

So use the new --systemd-install-services configure option to install
these files

Fixes:
 - http://autobuild.buildroot.org/results/a09a065c523931c1892e81a99c57521fbe095d8b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ea5280b889)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 19:01:39 +01:00
Fabrice Fontaine aa8d13d70e package/usb_modeswitch: disable parallel build
Build of package will sometime fails because of the following issue:
install-static target has two dependencies: dispatcher-static and
install-common

Because dispatcher-static is not a file but only a target, it will
always be called to build usb_modeswitch_dispatcher.
So, even if install-common depends on usb_modeswitch_dispatcher, in some
rare cases, install-static won't be able to install
usb_modeswitch_dispatcher because it is being rebuild by
dispatcher-static

To fix this issue, disable parallel build

Fixes:
 - http://autobuild.buildroot.org/results/8297be35725b816ff5afaf909605ceb41223efb6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a554109af8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 18:57:16 +01:00
Bernd Kuhls f4c3937cdf {linux, linux-headers}: bump 4.{4, 9, 14, 18}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0021a2a49f)
[Peter: drop 4.18.x, linux / hash changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 18:52:15 +01:00
Yann E. MORIN 81c273d174 support/graph-depends: fix package names starting with a non-alpha
Graphviz' dot utility does not like nodes which names does not start
with an ^[[:alpha:]], i.e. 18xx-ti-utils would cause grievance:

    Warning: syntax ambiguity - badly delimited number '18x' in line 4 [...]/graph-depends.dot splits into two tokens
    Warning: syntax ambiguity - badly delimited number '18x' in line 5 [...]/graph-depends.dot splits into two tokens
    Warning: syntax ambiguity - badly delimited number '18x' in line 6 [...]/graph-depends.dot splits into two tokens
    Warning: syntax ambiguity - badly delimited number '18x' in line 7 [...]/graph-depends.dot splits into two tokens

Prefix nodes with an underscore to fix that.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 020206ca57)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 18:49:35 +01:00
Andreas Naumann 1353c0c8e2 linux: Make dtc install step more reliable
Checking for the existence of the dtc binary built by the
non-dependent dtc package may cause instable behaviour when giving more
freedom on the order of how the packages are built (parallelization).

In addidion, when moving to per-package host/target method, the check
would always trigger in the isolated host, leading to linux-dtc always
being installed as dtc.
This in turn may lead to undesired overwriting of the real host-dtc binary
when finally assembling the global host dir.

Thus rework the linux-dtc install condition to be defined by configuration
rather than compile time order.

Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 860906ee05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 18:46:54 +01:00
Peter Korsgaard 311f62435b prosody: security bump to version 0.9.14
This fixes a cross-host authentication vulnerability, CVE-2018-10847.
The issue affects Prosody instances that have multiple virtual hosts
(including anonymous authenticated hosts):
https://blog.prosody.im/prosody-0-10-2-security-release

A full security advisory is available at
https://prosody.im/security/advisory_20180531

Compute hashes locally as they are no more available on
https://prosody.im/downloads/source/{MD5,SHA1,SHA256,SHA512}SUMS

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 18:07:41 +01:00
Thomas Petazzoni 1d84214699 configs/armadeus_apf27: fix U-Boot configuration
The U-Boot part of the defconfig was not specifying explicitly any
U-Boot version. Since commit 21e3ae8a18
("boot/uboot: default to kconfig buildsystem for latest version"), we
default to using the kconfig build system when the default U-Boot
version is used. Following this change, the apf27 defconfig therefore
started using kconfig, for which the BR2_TARGET_UBOOT_BOARDNAME
Config.in option is not used. Due to this, the build fails with:

boot/uboot/uboot.mk:411: *** No board defconfig name specified, check your BR2_TARGET_UBOOT_BOARD_DEFCONFIG setting.  Stop.

Indeed, when Kconfig is used, the board defconfig must be specified
with BR2_TARGET_UBOOT_BOARD_DEFCONFIG.

As part of fixing this, we also set a fixed U-Boot version for this
defconfig, like we do in all other defconfigs.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/123771003

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a8aaee72a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 18:02:03 +01:00
Thomas Petazzoni 743df43a35 configs/imx6-sabresd_qt5: add missing dependency on host-openssl
host-openssl is needed to build the Linux kernel. This is the same
issue that was fixed in commit
5dac3b9b8d ("configs/imx6-sabresd: needs
host-openssl for the Linux kernel build") for the minimal defconfig
for the same board.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/123771070

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c32608ba39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 17:59:50 +01:00
Fabio Estevam cc0bc0f913 configs/imx6sabre: Create distinct pre-processed mkimage config files
Commit 0c4bccf9e8 ("configs/imxsabre: Fix U-Boot parallel build issue")
tried to fix the parallel build issue, but the real fix was developed
later by Trent Piepho later, so add such commit to fix Buildroot
build failures on rel_imx_4.9.x_1.0.0_ga NXP branch.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/123771053
https://gitlab.com/buildroot.org/buildroot/-/jobs/123771054
https://gitlab.com/buildroot.org/buildroot/-/jobs/123771055

Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1ad9c45a05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 17:57:09 +01:00
Fabrice Fontaine 7da0365553 gauche: fix parallel build
Add a patch to fix parallel build issue on ext/rfc

Fixes:
 - http://autobuild.buildroot.org/results/f4935e29ce6aaebdaa47d46c56120b7e97145d1b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e00369fa84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 17:28:38 +01:00
Yann E. MORIN 668e4b1ab0 fs/tar: add support for xattrs (thus capabilties)
By default, tar will not include any extended attribute (xattr) when
creating archives, and thus will not store capabilties either (as they
are stored in the xattr 'security.capability').

Using option --xattrs is enough to create a tarball with all the xattrs
attached to a file. However, extracting all xattrs from a tarball
requires that --xattrs-include='*' be used. This is not symetric (but on
purpose, as per the documentation), and so is confusing to some.

So, we use --xattrs-include='*' to create the archive, so as to be
explicit that we want all xattrs to be stored.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6d688e2132)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 17:24:45 +01:00
Thomas Claveirole 8603656ec8 package/netplug: fix quoting of ${NETWORKING} in init script
Since 4adaa581b2, S29netplug looks for
/etc/default/network instead of /etc/sysconfig/network.  When this
file exists but does not define $NETWORKING, the script fails on line
29 with something like:

/etc/init.d/S29netplug: 29: [: =: unexpected operator

Fix quoting so this error no longer happens.

Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
[Thomas: keep double quotes around "no", keep curly braces when
referencing the variable.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit 5682ba9363)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 17:21:27 +01:00
Serj Kalichev a039dd082d package/pkg-generic.mk: fix show-build-order stdout pollution
The commands like "make show-build-order" or "make
<package>-show-build-order" show the build order and then print
"make[1]: Nothing to be done for 'show-build-order'" to stdout. It
pollutes output. Technically this message is true but it's not true
for user because he gets an information.

The <package>-show-build-order targets use $(info) for package name
printing.  The make utility doesn't consider the internal directive as
a command so it think that it's "Nothing to be done". The patch adds
the empty command to <package>-show-build-order to inform make utility
that taget makes some real actions.

Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Thomas: invert $(info) and @:, as suggested by Yann.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit 75c81a12f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 17:19:02 +01:00
Carlos Santos 5edb7ab4e4 vtun: remove reference to start-stop-daemon from package help
None of the other 82 packages that use start-stop-daemon does this.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 11d96cdeb9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 17:18:39 +01:00
Grzegorz Blach 8771409fa8 package/webkitgtk: use proper USE_WOFF2 flag instead of ENABLE_WOFF2
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ef3deade61)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 17:17:19 +01:00
Thomas Petazzoni 54f7565eb2 rpm: really take DEPENDENCIES into account
Commit e7af4033c3 ("rpm: use the new
gettext logic") introduced a really nasty bug: by adding
$(TARGET_NLS_DEPENDENCIES) to RPM_DEPENDENCIES, it completely
overwrote the existing value of RPM_DEPENDENCIES, entirely masking all
mandatory RPM dependencies.

rpm is fairly towards the end of the alphabet, and most other
mandatory dependencies (berkeleydb, host-pkgconf, file and popt)
appear earlier by alphabetic ordering. Only zlib was afterwards, but
since file depends on zlib, it was always built before. This probably
explains why our autobuilders haven't encountered a single build
failure.

However, a simple "make rpm" clearly exhibits the failure, and
obviously the upcoming per-package folder mechanism makes such bugs
even more obvious.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 36385f87f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 17:15:49 +01:00
Yann E. MORIN 3f14fed1de core: ensure we use the realpath(3) of DL_DIR
When $(TOPDIR)/dl is a symlink, checking out git submodules can fail,
as reported by Michael in #11086.

To reproduce a similarly-related mis-behaviour:

    $ mkdir -p foo/bar foo/buz
    $ cd foo/bar
    $ ln -s ../buz meh
    $ cd meh
    $ cd ../../foo

The last command should not succeed, because, relative to meh, there is
no ../../foo directory; we would expect it to be ../../../foo, instead.
But since meh is a symlink to a directory, then a relative path from that
symlink is interpreted as relative to the derefrenced directory, i.e.
from buz in this case.

But where this gets even weirder, is that, if the last command is
replaced by:

    $ cd ../../../foo

then it still works, too.

And that is the root of Michael's issue: the dl directory in Buildroot's
TOPDIR is a symlink to a similarly-named directory one directory higher,
which then confuses relative paths, which gets especially and noticeably
bad for git submodules.

Avoid this strangeness, and just use so-called "physical" path, i.e. a
path where all symlinks to directories have been dereferenced.

Fixes: #11086

Reported-by: Michael Nosthoff <posted@heine.so>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Michael Nosthoff <posted@heine.so>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 632e164a19)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 17:14:36 +01:00
Peter Korsgaard 387a72cc16 mosquitto: fix build on uClibc
Fixes:
http://autobuild.buildroot.net/results/c42/c425eb496cc5422ff1e2e51e59d4baf377bcbeed/

The memory tracking feature of mosquitto (which is enabled by default on
systems defining __GLIBC__) uses malloc_usable_size() which was only added
to uClibc-ng in 1.0.29.

2018.02.x still uses 1.0.28, so disable this feature when building on
uClibc.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 12:51:26 +01:00
Serj Kalichev 371498e002 fs/common.mk: Fix show-build-order
The command "make show-build-order" doesn't show dependencies of rootfs-common target.

This patch adds $(ROOTFS_COMMON_DEPENDENCIES) to PACKAGES variable.

Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 305e4487e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 12:49:26 +01:00
Thomas Petazzoni cd7fa21864 utils/genrandconfig: add missing new line when creating the configuration
When adding the custom BR2_WGET value in the configuration,
genrandconfig forgets to add a newline. Due to this, the next option
that is added is printed on the same line as BR2_WGET="", which causes
it to be ignored.

Due to this, in all builds, the line right after BR2_WGET was
ignored. It could have been BR2_ENABLE_DEBUG, BR2_INIT_BUSYBOX,
BR2_INIT_SYSTEMD, BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV,
BR2_STATIC_LIBS or BR2_PACKAGE_PYTHON_PY_ONLY depending on the
randomization.

Fix that by adding a proper newline at the end of the BR2_WGET option.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3eb49f59d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 12:48:13 +01:00
Fabrice Fontaine 353477440b easydbus: fix build without C++
Specify that easydbus is a C project file otherwise build will fail if
no C++ compiler is found by cmake

Fixes:
 - http://autobuild.buildroot.org/results/486c3cd98124e7415dee2fd1463bd5e0fcc9ba91

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e8fc4364a4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 12:47:44 +01:00
Thomas Petazzoni a57968c880 package/openocd: add missing host-pkgconf dependency
The configure.ac script uses PKG_CHECK_MODULES(), and we autoreconf
the package, so host-pkgconf should be listed in the dependencies.

This issue is seen either with per-package folders, or by doing a
clean build with just "make openocd":

>>> openocd 0.10.0 Configuring
>>> openocd 0.10.0 Autoreconfiguring
[...]
configure.ac:12: error: possibly undefined macro: AC_MSG_WARN
      If this token and others are legitimate, please use m4_pattern_allow.
      See the Autoconf documentation.
configure.ac:201: error: possibly undefined macro: AC_DEFINE
configure.ac:582: error: possibly undefined macro: AC_MSG_NOTICE

Even if the message seems unrelated, it's really the lack of pkg.m4
from host-pkgconf that causes the issue.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 915c136c5c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 12:45:43 +01:00
Thomas Petazzoni 1d54e21381 libsemanage: define installation location of semanage.conf for host
When /etc/selinux/semanage.conf does not exist, libsemanage tries to
overwrite it. For the target package, it works fine because $(DESTDIR)
is taken into account.

However, for the host package, $(DESTDIR) is empty, and the location
used for /etc/selinux/semanage.conf is not affected by $(PREFIX). This
causes host-libsemanage to try to install /etc/selinux/semanage.conf,
which obviously fails with:

  test -f /etc/selinux/semanage.conf || install -m 644 -D semanage.conf /etc/selinux/semanage.conf
  install: cannot create directory '/etc/selinux': Permission denied

To fix this, this commit passes DEFAULT_SEMANAGE_CONF_LOCATION in the
make options when building/installing host-libsemanage, providing a
path to semanage.conf that Buildroot can write to.

Fixes:

  http://autobuild.buildroot.net/results/cd27e3c66274622d0c3dd5a601a36efb1bc45011/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4c9c70453c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 12:41:58 +01:00
Thomas Petazzoni 7a060d6a4c package/x11r7/xlib_libfontenc: add missing dependency on host-pkgconf
The xlib_libfontenc configure.ac uses PKG_CHECK_MODULES(), but the
Buildroot package does not have a dependency on host-pkgconf. This
causes a build failure with per-package host/target folders, or if one
builds just with "make xlib_libfontenc", which is why it was never
detected by the autobuilders.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7b1238055c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 09:49:32 +01:00
Peter Korsgaard 8e7af5788a elfutils: security bump to version 0.174
Fixes the following security issues:

CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils
before 2018-08-18 allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted file.

CVE-2018-16402: libelf/elf_end.c in elfutils 0.173 allows remote attackers
to cause a denial of service (double free and application crash) or possibly
have unspecified other impact because it tries to decompress twice.

CVE-2018-16403: libdw in elfutils 0.173 checks the end of the attributes
list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr
in dwarf_hasattr.c, leading to a heap-based buffer over-read and an
application crash.

For more details, see the announcement:
https://sourceware.org/ml/elfutils-devel/2018-q3/msg00116.html

0.172 and 0.173 also included fixes for crashes and hangs found by afl-fuzz
(no CVEs assigned):
https://sourceware.org/ml/elfutils-devel/2018-q2/msg00272.html
https://sourceware.org/ml/elfutils-devel/2018-q2/msg00209.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6a74acb6fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 09:38:57 +01:00
Baruch Siach c20c6acea7 elfutils: bump to version 0.171
Drop the po/ disable patch; not needed anymore.

Drop the __mempcpy compatibility patch; __mempcpy is not used anymore.

Refresh the -Werror removal patch; still needed, unfortunately.

Renumber the remaining patches.

Add GPLv3 license file.

Add license files hash.

[Peter: drop security reference, was added post-release]
Cc: Stefan Fröberg <stefan.froberg@petroprogram.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit f0335b0cf7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 09:38:01 +01:00
Peter Korsgaard d5666f793f squid: add upstream security fix for SQUID-2018_5 / CVE-2018-19132
>From the advisory:

 Due to a memory leak in SNMP query rejection code, Squid is
 vulnerable to a denial of service attack.

http://www.squid-cache.org/Advisories/SQUID-2018_5.txt

Add the patch from the 3.5 branch fixing this issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 09:30:42 +01:00
Peter Korsgaard 7ee8a9a781 squid: add upstream security fix for SQUID-2018_4 / CVE-2018-19131
>From the advisory:

Due to incorrect input handling, Squid is vulnerable to a
Cross-Site Scripting vulnerability when generating HTTPS response
messages about TLS errors.

http://www.squid-cache.org/Advisories/SQUID-2018_4.txt

Add the patch from the 3.5 branch fixing this issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 09:30:38 +01:00
Peter Korsgaard 23f0f12b81 squid: security bump to version 3.5.28
Fixes SQUID-2018:3 / CVE-2018-1172: Crash in ESI Response processing

For more details, see the advisory:

http://www.squid-cache.org/Advisories/SQUID-2018_3.txt

Drop patch 0003 / 0004 as these (security) fixes are now upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-26 09:30:32 +01:00
Peter Korsgaard 073b82751d libnss: security bump to version 3.39
Fixes the following security issue:

CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a
ServerHello that had an all-zero random.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1c32e4c298)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:43:15 +01:00
Bernd Kuhls 0c70a9fd42 package/libnss: fix aarch64_be build
libnss does not treat aarch64_be the same way as aarch64:
https://hg.mozilla.org/projects/nss/file/fb3585458ac3/lib/freebl/Makefile#l523

Add code to translate "aarch64_be" into "aarch64" to fix
http://autobuild.buildroot.net/results/4fca771980f9b049ce2690971ddd856652cd5b43/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 826981d45d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:42:52 +01:00
Baruch Siach 258a839976 libnss: fix build with uClibc
Add a patch defining AT_HWCAP2 locally since uClibc is missing this
macro. Once uClibc updates its elf.h copy we can remove this patch.

Fixes:

  http://autobuild.buildroot.net/results/06f/06f5ee4bc9e623fa08d77278acdcb447148ae997/
  http://autobuild.buildroot.net/results/7cd/7cd7586f5854f9447c37adeedb9c113ba37ebea4/
  http://autobuild.buildroot.net/results/335/335bee755fbec45a6d5336c2501dc2687859ec0e/

Cc: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1a9f539d97)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:42:32 +01:00
Baruch Siach 2cf22bf38e libnss: drop obsolete patch
uClibc implements RTLD_NOLOAD for quite some time now. Remove the patch
adding a dummy definition of RTLD_NOLOAD.

Cc: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cf9100d3f2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:42:11 +01:00
Fabrice Fontaine d3228692be libnss: bump to version 3.38
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 902f537b14)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:41:34 +01:00
Joseph Kogut d381b5e2a7 libnss: bump to version 3.37.3
Fixes:
http://autobuild.buildroot.net/results/fd64ee3486f9045dfbd83908b8f06ef62c0d9781/
http://autobuild.buildroot.net/results/698500a92688c50e9cc71cf82c0848cb4adb81ad/
http://autobuild.buildroot.net/results/adaa2f79b202cb01ae57fa0cdb0eac9c07b22ea2/
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9a5c3d5bb4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:41:26 +01:00
Fabrice Fontaine b12d8ac049 libnss: fix build without int128
Patch retrieved from upstream, more info here:
https://bugzilla.mozilla.org/show_bug.cgi?format=default&id=1459739

Fixes:
 - http://autobuild.buildroot.net/results/093113829d7ce19d578a920e76caa10822774139

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 46706ced35)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:40:57 +01:00
Baruch Siach 9d6fa81211 libnss: remove upstream patch
The merge of the next branch failed to remove an upstream applied patch.

Fixes:
http://autobuild.buildroot.net/results/31f/31fe428584ada680f30d11e5d1abfbc533c0a70e/
http://autobuild.buildroot.net/results/bb2/bb25363497dfd7fd5f8a81c28110fab87d5c2dc8/
http://autobuild.buildroot.net/results/70a/70adacf85154d2a663808cf0db69849b6a490457/

Cc: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 800aefb182)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:40:00 +01:00
Joseph Kogut 9896f1163f libnss: bump to version 3.37
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f36d4be02c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:36:10 +01:00
Peter Korsgaard 088d4b73a1 libnss: add upstream patch fixing build on aarch64
Fixes:
http://autobuild.buildroot.net/results/037/037c772a36762df8febd529b329743d18ffbf66a/

Build system forgets to compile a file on aarch64, breaking the build.

For details, see the upstream bugreport:
https://bugzilla.mozilla.org/show_bug.cgi?id=1432455

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 306242a474)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:35:22 +01:00
Peter Korsgaard 5dfd60c615 libnss: bump version to 3.35
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0ccab9b0ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:35:11 +01:00
Baruch Siach 59474ec97b libnspr: fix nios2 and microblaze support patches
Commit c9e3d5b6c5 (libnspr: bump to version 4.20) did not refresh the
hunks touching the _linux.cfg file. As a result, these hunk were applied
to the wrong (x86 specific) place in that file, rendering them
ineffective. Refresh the patches to fix that.

Fixes:
http://autobuild.buildroot.net/results/2d1/2d1288e98a6459d84c2599c99b5617a2fde81f62/

Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 56825a6518)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:34:18 +01:00
Fabrice Fontaine 32701537bb libnspr: bump to version 4.20
Support for riscv was added in this version

Fixes:
 - http://autobuild.buildroot.org/results/a98db13ea105d627f2a4770969b31550926c2791

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c9e3d5b6c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:34:06 +01:00
Peter Korsgaard 08e03ffd28 libnspr: bump version to 4.19
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fb521b5d45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:33:58 +01:00
Peter Korsgaard a3dc826ab0 {linux, linux-headers}: bump 4.{4, 9, 14, 18}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Peter: drop 4.18.x, linux / hash changes]
(cherry picked from commit cd0ca09e43)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:27:18 +01:00
Fabrice Fontaine e43f9631d7 supertuxkart: fix build on bdver3
Retrieve upstream patch to fix build failure in
lib/graphics_utils/mipmap/cpusimd.h due to direct inclusion of
intrinsics headers:
https://github.com/supertuxkart/stk-code/issues/3091

Fixes:
 - http://autobuild.buildroot.org/results/52bd5c45b0d04a863a2530d388899b3e46494ee9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 236a7d5d78)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:24:10 +01:00
Fabrice Fontaine bbceedcdfa trace-cmd: fix site
Replace $(BR2_KERNEL_MIRROR) by https://git.kernel.org/pub, which
fixes the download of this package:

>>> trace-cmd trace-cmd-v2.6.1 Downloading
Initialized empty Git repository in /home/thomas/dl/trace-cmd/git/.git/
Fetching all references
fatal: repository 'https://cdn.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git/' not found
Detected a corrupted git cache.
Removing it and starting afresh.
Initialized empty Git repository in /home/thomas/dl/trace-cmd/git/.git/
Fetching all references
fatal: repository 'https://cdn.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git/' not found
Detected a corrupted git cache.
This is the second time in a row; bailing out
--2018-11-11 21:08:00--  http://sources.buildroot.net/trace-cmd/trace-cmd-trace-cmd-v2.6.1.tar.gz
Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.210.19, 104.25.211.19, 2606:4700:20::6819:d313, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.210.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1859835 (1.8M) [application/x-gtar-compressed]

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e311d8387d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:20:14 +01:00
Fabrice Fontaine 2c73a56a82 qemu: disable opengl
Since version 0.15.0, qemu has an optional dependency to opengl:
https://github.com/qemu/qemu/commit/20ff075bb3340c5278a0da38ad1f4d602565aa06

Since version 2.4, libepoxy is also needed to enable opengl:
https://github.com/qemu/qemu/commit/dcf30025c3e3d43140a687240433de1920adf8b0

As a result if libepoxy is built before qemu, opengl support will be
detected (see config.log):
OpenGL support    yes
OpenGL dmabufs    yes

This will raise the failures in milkymist-tmu2:
hw/display/milkymist-tmu2.c:35:22: fatal error: X11/Xlib.h: No such file or directory

or in sdl2:
  CC      /home/peko/autobuild/instance-0/output/targetui/sdl2-2d.o
In file included from /home/peko/autobuild/instance-0/output/build/qemu-2.12.1/include/ui/egl-context.h:5:0,
                 from ui/egl-context.c:3:
/home/peko/autobuild/instance-0/output/build/qemu-2.12.1/include/ui/egl-helpers.h:45:55: error: unknown type name 'Window'; did you mean 'minor'?

or in translate-a64:
/accts/mlweber1/scripts/instance-3/output/build/qemu-2.12.1/target/arm/translate-a64.c: In function 'handle_shri_with_rndacc':
/accts/mlweber1/scripts/instance-3/output/build/qemu-2.12.1/target/arm/translate-a64.c:7000:28: warning: 'tcg_src_hi' may be used uninitialized in this function [-Wmaybe-uninitialized]
             tcg_gen_mov_i64(tcg_src, tcg_src_hi);
                            ^
../ui/gtk-egl.o: In function `gd_egl_init':
/accts/mlweber1/scripts/instance-3/output/build/qemu-2.12.1/ui/gtk-egl.c:52: undefined reference to `gdk_x11_window_get_xid'

So, for the time being, disable opengl as done in xen since commit
13c6754f3c.

Fixes:
 - http://autobuild.buildroot.org/results/656e45721c72197834462eb2bd8c762e520725a4
 - http://autobuild.buildroot.org/results/d4736a930144fc5e25b377bc1c0baf44fbf8718d
 - http://autobuild.buildroot.org/results/50e0d7d1b4f5c2b827b50bb82d8fbc066bf31118

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ce735b0c59)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:18:42 +01:00
Fabrice Fontaine 2d52b161f9 libiscsi: fix build failures due to warnings
Retrieve two upstream patches to fix build failures due to warnings

Fixes:
 - http://autobuild.buildroot.org/results/7ec1e1cc060bbdaaf758c0d55a053247b731e792

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6a5e9a7ac6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:16:53 +01:00
Fabrice Fontaine 6fa4e5d797 libiscsi: add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e711623912)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 23:16:47 +01:00
Jörg Krause 7926f3e0f2 package/libnfs: add patch to fix musl build issue
Add a patch to fix build issues with the musl C library.

This patch fixes an autobuild issue when linking the mpd package
against libnfs. The header file libnfs.h uses `struct timeval` which is
defined in `<sys/time.h>` for POSIX systems. Unfortunately, upstream
only includes it conditionally, based on the system. Therefore, we
remove the check in the first patch.

Reported upstream:
https://github.com/sahlberg/libnfs/issues/272

Fixes:
http://autobuild.buildroot.org/results/452/4522014698b9fe50720a71b663e47a75805bcf54
http://autobuild.buildroot.org/results/b0a/b0a0c20ad1705e9fa7ba4a12eb9c182e8077ab0c
http://autobuild.buildroot.org/results/53c/53c87361923cc177de7889523b3d16ba6b1d3d0f
.. and more.

Previous patch: Changes requested
http://patchwork.ozlabs.org/patch/973605/

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 582fd7c094)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:33:18 +01:00
Max Filippov d3e731f7b0 package/gcc: fix xtensa uclinux code generation
xtensa-uclinux uses bFLT executable file format that cannot relocate
fields representing offsets from data to code. C++ objects built as PIC
use offsets to encode FDE structures. As a result C++ exception handling
doesn't work correctly on xtensa-uclinux. Don't use PIC by default on
xtensa-uclinux.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop gcc-8.x patch]
(cherry picked from commit 4debb2fbb7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:30:26 +01:00
Nicolas Cavallari 58d46327d9 attr: Add a patch to fix an unconditional infinite recursion
The bump to 2.4.48 introduced a bug that, according to the author,
only happen in certain cases on glibc. But under uclibc-ng, it happens
every time.

The bug essentially cause any program calling any libattr.so function
to enter an infinite recursion, because of a symbol conflict between
uclibc-ng and libattr wrappers, that causes the libattr wrappers to
call themselves.

This infinite recursion does not consume the stack, so programs
basically behave like they enter an infinite loop.

It is easy to reproduce with qemu_arm_versatile_defconfig +
BR2_PACKAGE_ATTR: "getfattr ." never returns and takes 100% CPU.

Upstream fixed it, but the patch is not part of a release yet,
so take the patch.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 99989d3b91)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:28:01 +01:00
Peter Korsgaard d0bae57e0d nginx: security bump to 1.15.6
Fixes the following security issues:

CVE-2018-16843: Excessive memory usage in HTTP/2

CVE-2018-16844: Excessive CPU usage in HTTP/2

CVE-2018-16845: Memory disclosure in the ngx_http_mp4_module

Refreshed patch 0004 + 0007 as they no longer applied cleanly.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c2f5b3a3a8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:26:00 +01:00
Ignacy Gawędzki 0fd4d7c45c nginx: bump to version 1.15.0
The following patches have been updated to apply on 1.15.0:

   0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch
   0006-auto-lib-openssl-conf-use-pkg-config.patch

The follow patch has been removed, because it was applied upstream:

   0009-auto-lib-conf-fix-PCRE-condition-WRT-the-http-and-ht.patch

The license file hash has changed because the copyright years were
updated in the LICENSE file:

  - * Copyright (C) 2002-2017 Igor Sysoev
  - * Copyright (C) 2011-2017 Nginx, Inc.
  + * Copyright (C) 2002-2018 Igor Sysoev
  + * Copyright (C) 2011-2018 Nginx, Inc.

Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
[Thomas: drop unneeded patch updates, improve commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit 2fe054a7ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:25:52 +01:00
Peter Korsgaard b1f390f1d7 mosquitto: security bump to version 1.5.4
>From the announcement:

When using a TLS enabled websockets listener with require_certificate
enabled, the mosquitto broker does not correctly verify client certificates.
This is now fixed.  All other security measures operate as expected, and in
particular non-websockets listeners are not affected by this.

https://mosquitto.org/blog/2018/11/version-154-released/

Drop patch 0001, now applied upstream:
https://github.com/eclipse/mosquitto/pull/933

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3a4c111b1f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:15:37 +01:00
Fabrice Fontaine a884892d16 mosquitto: security bump to version 1.5.3
Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that
begins with $, but is not $SYS, then an assert that should be unreachable is
triggered and Mosquitto will exit.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5e62304359)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:15:27 +01:00
Bernd Kuhls 8ebb40cfa5 package/mosquitto: bump version to 1.5.1
Removed patch 0001, applied upstream.
Replaced patch 0002 with a more generic solution as patch 0001.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f5336412d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:15:15 +01:00
Fabrice Fontaine 2177c01655 mosquitto: fix build with some glibc
Add patch to define _GNU_SOURCE before using S_IF{DIR,REG}

Fixes:
 - http://autobuild.buildroot.net/results/7dcfb6ca9d14a5cd6872590065549356f1ab42a0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f66c171b4d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:15:06 +01:00
Fabrice Fontaine 795d30f5f2 mosquitto: bump to version 1.5
- Remove patch (already in version)
- Add patch to fix crash (retrieved from upstream)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 375e11a186)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:15:00 +01:00
Fabrice Fontaine 09860913c9 twolame: fix static linking with libmagic
libmagic (from file package) already provides the buffer_init function
so to avoid a build failure for applications wanting to statically link
with twolame and libmagic (for example sox), rename buffer_init into
bitbuffer_init (also rename buffer_deinit into bitbuffer_deinit and
buffer_sstell into bitbuffer_sstell for consistency)

Fixes:
 - http://autobuild.buildroot.org/results/b3fc62e7f372fe595966e84091c11ccdb4cfa77c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 393b205de1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:08:38 +01:00
Fabrice Fontaine 1b03e57bbe qt: disable static build for qt-zlib
Static build of applications using qt-zlib and zlib (such as mpv) will
fail because zlib and qt-zlib defines the same functions (inflateReset,
inflatePrime ...)

So add a dependency on !BR2_STATIC_LIBS on BR2_PACKAGE_QT_QTZLIB

Fixes:
 - http://autobuild.buildroot.org/results/0be6e359d46a8a701006305c32b514687854b035

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 112667fd12)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:07:28 +01:00
Peter Korsgaard 837bae2539 bind: security bump to version 9.11.5
Fixes the following security issues:

- CVE-2018-5738: Some versions of BIND can improperly permit recursive query
  service to unauthorized clients

- CVE-2018-5740: A flaw in the "deny-answer-aliases" feature can cause an
  INSIST assertion failure in named

For more details, see the release notes:

https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html

Drop patch 0003-Rename-ptrsize-to-ptr_size.patch as the uClibc-ng issue was
fixed upstream in commit 931fd627f6195 (mips: fix clashing symbols), which
is included in uclibc-1.0.12 (January 2016).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 955df7463b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 22:02:44 +01:00
Sébastien Szymanski 8af9cc1e02 package/mmc-utils: add patch to fix build failure
Patch taken from:
 - https://patchwork.kernel.org/patch/10654531/

Fixes:
 - http://autobuild.buildroot.net/results/404bfbd095a7b80273391ea36ea81ba496164b80
 - http://autobuild.buildroot.net/results/233ef5c00951b5be10a59408f4a8781ecc658d74
 - http://autobuild.buildroot.net/results/eba3cf4ac21095bca5af2d5d1d69aca0c9098f9b

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ee6217d52b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 21:58:14 +01:00
Sergio Prado d25b7d630c traceroute: fix 'no rule to make target -lm' error
Fix the following build error:

make[3]: *** No rule to make target '-lm', needed by 'traceroute'.

Fixes:
http://autobuild.buildroot.org/results/dde63672e1de1d4ba036331ab127ccc8ff044444
http://autobuild.buildroot.org/results/4efb67e6a29c3dd784676d30a1051f9f0c2a6c80
http://autobuild.buildroot.org/results/7ac23a3959aec22297695899c0f76dbbc4e114d3
And many more...

As explained by Arnout, this happens when host-make is built (E.G.  when
glibc is built on a machine with an old make version) because the traceroute
Makefiles have a target with a dependency on -lm, and make automatically will
look in make's $prefix/lib directory for libm.so / libm.a to satisfy this
dependency.  From the make info pages:

   When a prerequisite's name has the form '-lNAME', 'make' handles it
specially by searching for the file 'libNAME.so', and, if it is not
found, for the file 'libNAME.a' in the current directory, in directories
specified by matching 'vpath' search paths and the 'VPATH' search path,
and then in the directories '/lib', '/usr/lib', and 'PREFIX/lib'
(normally '/usr/local/lib', but MS-DOS/MS-Windows versions of 'make'
behave as if PREFIX is defined to be the root of the DJGPP installation
tree).

Our host-make is configured with prefix=$(HOST_DIR), and $(HOST_DIR)/lib
does not contain libm.so / libm.a, causing make to error out.

Work around it by pointing VPATH to $(STAGING_DIR)/usr/lib, so make will
find the (target) libm.so / libm.a.

[Peter: extend description based on Arnouts investigation]
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 49dd099650)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 21:51:24 +01:00
Romain Naour 25589148f7 Config.in: security hardening: disable FORTIFY_SOURCE for gcc < 6
As reported in the bug report [1], gcc < 6 doesn't build when
FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
upstream bug report [2] but the patch fixing the issue for gcc 6
has not been backported to earlier gcc versions.

Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
and BR2_FORTIFY_SOURCE_2.

[1] https://bugs.busybox.net/show_bug.cgi?id=11476
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
[3] https://github.com/gcc-mirror/gcc/commit/55f12fce4ccf77513644a247f9c401a5b1fa2402

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
[Peter: only limit for internal toolchain as suggested by Matthew]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit a75ee0e812)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 21:48:40 +01:00
Romain Naour dbe92b6d33 toolchain: disable SSP support if CFI support in binutils is missing
As reported by [1], SSP support is missing in the Buildroot toolchain
for microblaze even if it's requested by selecting
BR2_TOOLCHAIN_HAS_SSP config option.

In Buildroot, we are using libssp provided by the C library (glibc,
musl, uClibc-ng) when available. We are not using libssp from gcc.

So for a microblaze glibc based toolchain, the SSP support is enabled
unconditionally by a select BR2_TOOLCHAIN_HAS_SSP.

BR2_microblazeel=y
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_KERNEL_HEADERS_4_14=y
BR2_BINUTILS_VERSION_2_30_X=y
BR2_GCC_VERSION_8_X=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y

While building the toolchain, we are building host-binutils which
provide "as" (assembler) and host-gcc-initial wich provide a
minimal cross gcc (C only cross-compiler without any C library).
When SSP support is requested, gcc_cv_libc_provides_ssp=yes is
added to the make command line (see [2] for full details)

With this setting, the SSP support is requested but it's not available
in the end and the toochain build succeed.

When the microblaze toolchain is imported to Biuldroot (2018.05) as
external toolchain with BR2_TOOLCHAIN_EXTERNAL_HAS_SSP set, the build
stop with :
"SSP support not available in this toolchain, please disable BR2_TOOLCHAIN_EXTERNAL_HAS_SSP"

The test is doing the following command line:

echo 'void main(){}' | [...]/host/bin/microblazeel-linux-gcc.br_real -Werror -fstack-protector -x c - -o [...]/build/.br-toolchain-test.tmp
cc1: error: -fstack-protector not supported for this target [-Werror]

When we look at the gcc-final log file (config.log) we can see this
error several time when using the minimal gcc (from host-gcc-initial).
So Why the minimal gcc doesn't support SSP?

When we look at the gcc-initial log file (config.log) we can see an
error with 'as':

configure:23194: checking assembler for cfi directives
configure:23209: [...]microblazeel-buildroot-linux-gnu/bin/as    -o conftest.o conftest.s >&5
conftest.s: Assembler messages:
conftest.s:2: Error: CFI is not supported for this target
conftest.s:3: Error: CFI is not supported for this target
conftest.s:4: Error: CFI is not supported for this target
conftest.s:5: Error: CFI is not supported for this target
conftest.s:6: Error: CFI is not supported for this target
conftest.s:7: Error: CFI is not supported for this target
configure:23212: $? = 1
configure: failed program was
    .text
    .cfi_startproc
    .cfi_offset 0, 0
    .cfi_same_value 1
    .cfi_def_cfa 1, 2
    .cfi_escape 1, 2, 3, 4, 5
    .cfi_endproc

This is the only relevant difference compared to a nios2 toolchain where
libssp is enabled and available (nios2 is an example).

"CFI" stand for "Control Flow Integrity" and it seems that SSP support
requires CFI target support (see [3] for some explanation).

The SSP support seems to depends on CFI support, but the toolchain
infrastructure is not detailed enough to handle the CFI dependency.

The NiosII toolchains built with binutils < 2.30 are also affected by
this issue.

This patch improve the toolchain infrastructure by adding a new
BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI blind option

Disable SSP support for microblaze entirely.
Disable SSP support for nios2 only with Binutils < 2.30.

Fixes:
https://gitlab.com/free-electrons/toolchains-builder/-/jobs/72006389

[1] https://gitlab.com/free-electrons/toolchains-builder/issues/1
[2] https://git.buildroot.net/buildroot/tree/package/gcc/gcc.mk?h=2018.05#n275
[3] https://grsecurity.net/rap_faq.php

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: adjust how the BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI option
is expressed.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 435613ef29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 21:43:39 +01:00
Carlos Santos dc849a3c07 linux: enable CONFIG_AUDIT if the audit package is selected
We already turn on kernel features for several packages, so let's do it
for audit too, since the daemon is useless and fails to load otherwise.

Notice that we also turn NET on, since AUDIT depends on NET, like we do
for the wireguard package.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2c828ed72f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 21:39:46 +01:00
Carlos Santos 769bdf52d0 package/audit: bump to version 2.8.4
Fix a segfault in auditd when dns resolution isn't available. Additional
changes since 2.8.2 can be seen at

    http://people.redhat.com/sgrubb/audit/ChangeLog

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0d03c33f22)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 21:38:26 +01:00
Carlos Santos 29cfca5949 package/audit: ensure that it starts after the logging daemon
audit uses syslog(). Rename its init script to S02auditd to ensure that
it will start after syslogd. Otherwise the initial log messages will be
sent to the console (and probably lost, since almost nobody watches the
system console on embedded systems).

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6fe5fe4c4d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 21:38:18 +01:00
Carlos Santos 92932e40d1 package/audit: fix audispd path in auditd.conf
audispd is installed at /usr/sbin but the configuration file pointed
to /sbin, causing auditd to fail on startup.

This patch cannot be sent upstream because audispd does not exist
anymore on the master branch (it was merged to auditd).

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4be494b804)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 21:38:10 +01:00
Peter Korsgaard b669d94c7c mariadb: security bump to version 10.1.37
Fixes the following security vulnerabilities:

CVE-2018-3282: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Storage Engines).  Supported versions that are
affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12
and prior.  Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability
to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server.

CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow
context-dependent attackers to have unspecified impact via vectors involving
big-endian CRC calculation.

CVE-2018-3174: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client programs).  Supported versions that are affected are
5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior.
Difficult to exploit vulnerability allows high privileged attacker with
logon to the infrastructure where MySQL Server executes to compromise MySQL
Server.  While the vulnerability is in MySQL Server, attacks may
significantly impact additional products.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3143: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.41 and
prior, 5.7.23 and prior and 8.0.12 and prior.  Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3156: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.41 and
prior, 5.7.23 and prior and 8.0.12 and prior.  Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-3251: Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.41 and
prior, 5.7.23 and prior and 8.0.12 and prior.  Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

The README has gotten a few extra URLs added, so update the sha256 to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 21:10:54 +01:00
Peter Korsgaard a189aefcec mariadb: drop my-small.cnf handling
Unbreaks builds without BR2_PACKAGE_MARIADB_SERVER as this only gets
installed if the server is enabled.

As pointed out in commit 2b82e014b4 (package/mariadb: bump version to
10.3.10), this file has been removed upstream in newer versions as it hasn't
been updated in >8 years and the compiled in defaults are sensible, so
completely remove the file handling instead of adding logic to only install
it if the server is enabled.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-25 21:10:47 +01:00
Peter Korsgaard dbd4966edf xproto_inputproto: also disable asciidoc documentation for host builds
Fixes:
http://autobuild.buildroot.net/results/0ff/0ff9a3a27984ad91aa33079143bb87ed71bfe7c4/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-20 11:40:36 +01:00
Matt Weber 67de8b9d6d package/xproto_inputproto: disable documentation
Resolves:
http://autobuild.buildroot.net/results/e6b/e6badde04047e10023b97946bbff434abc07344d/

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-19 08:51:13 +01:00
Baruch Siach 27177f455c lua-curl: fix build with libcurl 7.62.0
The last libcurl bump changed error code definitions in a way that
breaks lua-curl build. Add a patch to fix that.

Fixes:
http://autobuild.buildroot.net/results/fa6/fa6e289162124b3e079c4a2d9c3f00910c8cc063/
http://autobuild.buildroot.net/results/7b9/7b962a63630abaed21d99f719c1bd710ec4d4b28/
http://autobuild.buildroot.net/results/c5b/c5b2a7f21259bbf79861bd95a2d7ca055920bf09/

Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3988480bf0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-15 08:20:50 +01:00
Bernd Kuhls 8188d4680c package/x11r7/xdriver_xf86-video-geode: add upstream commits to fix build errors
Fixes
http://autobuild.buildroot.net/results/a9b/a9baf6ecf147f336021edda20bb091b8aa071209/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 34743203e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 23:50:18 +01:00
Yegor Yefremov ea1bf543b7 utils/scanpypi: use archive file name to specify the extraction folder
Some packages have archive name that is different from package name.
For example websocket-client's archive name is websocket_client-*.tar.gz.
scanpypi expects the temporary extract folder to be:

/tmp-folder/BR-package-name/PyPI-packagename-and-version

In the case of websocket-client package the real extraction folder
will be different from the expected one because of the '_' in the
archive file name.

Use archive file name instead of package name to specify the extraction
folder. As the version is already part of this file, we don't need to
specify it.

Bonus: remove obsolete "return None, None" as the function doesn't return
anything. OSError class doesn't provide "message" member, so replace it
with "strerror".

Fixes:
https://bugs.busybox.net/show_bug.cgi?id=11251

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd29797f65)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 23:35:48 +01:00
Philipp Wagner ff0259774e docs/manual: add external.desc to list of files needed for BR2_EXTERNAL
external.desc must be present when using a br2-external tree. The
documentation notes this later in the text, but the file is missing
from the initial overview of files.

Fixes bug #11481.

Signed-off-by: Philipp Wagner <mail@philipp-wagner.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a6479d6058)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 23:28:39 +01:00
Serj Kalichev 64e3896a10 support/scripts/mkmakefile: make wrapper silent by default
Suppose we use Makefile wrapper and build some project out of
buildroot tree (O=...). A command like "make
busybox-all-external-deps" will output the string "uname 022 && make
..." to stdout before the usefull information. It pollutes stdout. At
the same time if we use the same command in the buildroot source-tree
then we don't get the additional output. This patch makes wrapper
silent by default. People who prefer to see more verbose output can
use V=1.

Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c77cd17082)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 23:25:47 +01:00
Thomas Petazzoni f225caedec nfs-utils: add patch to fix build with glibc 2.28
Fixes:

  http://autobuild.buildroot.net/results/feb2b42028f7035f791db9cb76d07ead55d7733a/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f0cf62abae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 23:22:05 +01:00
Peter Korsgaard 49e16bb103 postgresql: security bump to version 10.6
Fixes the following security issue:

CVE-2018-16850: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER
...  REFERENCING

For more details, see the advisory:

https://www.postgresql.org/about/news/1905/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 23:19:10 +01:00
Carlos Santos 826f70cb3b uclibc: fix mkostemp
Pull a patch already submitted upstream[1] that fixes mkostemp when
_LARGEFILE64_SOURCE is defined. This is required to prevent failures
on eudev[2]:

    # udevadm hwdb --update
    Failure writing database //etc/udev/hwdb.bin: Invalid argument

1. https://patchwork.ozlabs.org/patch/990045/
2. https://patchwork.ozlabs.org/patch/984848/

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c33fb6e9f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 22:57:37 +01:00
Adrian Perez de Castro b3f35e05fd webkitgtk: bump to version 2.22.3
Release notes:

    https://webkitgtk.org/2018/10/29/webkitgtk2.22.3-released.html

Patch "0001-ARM-Building-FELightingNEON.cpp-fails-due-to-missing.patch"
is removed because it is included in the new release.

This is a maintenance release which further improves playback of video
when using media source extensions (MSE), specially for WebM content,
and provides a few correctness fixes.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0def20865d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 10:45:06 +01:00
Adrian Perez de Castro 03b24bf276 webkitgtk: add an option to control USE_GSTREAMER_GL
This covers the case where GL/GLES is available (so -DENABLE_OPENGL=ON
gets passed), which makes the webkitgtk build system assume GStreamer-GL
is available, while actually it is not.

Also, providing an option to manually disable usage of GStremer-GL can
help with certain target configurations in which using OpenGL for video
handling might result in incorrect rendering.

This fixes some autobuilder failures like the following:

  http://autobuild.buildroot.net/results/187796535af53ece426641ff7d88aabada281674
  http://autobuild.buildroot.net/results/00c1a8ea23a99728a4f3f4478705f2383414ae41

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4ac29a8196)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 10:44:42 +01:00
Peter Korsgaard 08451630ad libcurl: security bump to version 7.62.0
Fixes the following security issues:

CVE-2018-16839: SASL password overflow via integer overflow
https://curl.haxx.se/docs/CVE-2018-16839.html

CVE-2018-16840: use-after-free in handle close
https://curl.haxx.se/docs/CVE-2018-16840.html

CVE-2018-16842: warning message out-of-buffer read
https://curl.haxx.se/docs/CVE-2018-16842.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c1a01ac2f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 10:36:08 +01:00
Bernd Kuhls 9cd3f1b1ab package/network-manager: Add upstream patch to fix CVE-2018-15688
NetworkManager includes some parts of the systemd-networkd code in its
codebase. That can be found at src/systemd/src/libsystemd-networkd.
The DHCP implementation provided by systemd-networkd is used when
NetworkManager is configured to use the internal implementation,
however the default is to use dhclient.

When NetworkManager is configured to use the internal dhcp and an
interface is setup with ipv6.method=auto (which is the default value)
or ipv6.method=dhcp, this flaw can be exploited. When using
ipv6.method=auto, the DHCPv6 client can be automatically started with a
Router Advertisement packet.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0a51ba655c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 10:34:19 +01:00
Thomas Petazzoni 129c83e06f configs/{at91, atmel}*_dev*: drop Dropbear as it duplicates OpenSSH
The "development" defconfigs for Atmel platforms enable both OpenSSH
and Dropbear, which doesn't make a lot of sense, as only one SSH
server can start on port 22.

This commit therefore drops BR2_PACKAGE_DROPBEAR=y from those
defconfigs, keeping OpenSSH as an SSH server/client, as was requested
by Atmel/Microchip folks in the review of an earlier version of this
patch [1]. Since those defconfigs are "development" defconfigs, they
are not meant to be minimal, and already provide an arbitrary set of
packages, so using openssh is just as good as using dropbear in this
case.

[1] https://patchwork.ozlabs.org/patch/989516/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Ferre <nicolas.ferre@microchip.com>
Cc: Joshua Henderson <joshua.henderson@microchip.com>
Cc: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dab1539613)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 09:14:09 +01:00
Bernd Kuhls 2e755e82ec package/systemd: Add upstream patch to fix CVE-2018-15688
Systemd-networkd is vulnerable to an out out-of-bounds heap write in the
DHCPv6 client when handling options sent by network adjacent DHCP servers.
A attacker could exploit this via malicious DHCP server to corrupt heap
memory on client machines, resulting in a denial of service or potential
code execution.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: add description]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit bc6ecbbeef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 09:11:24 +01:00
Peter Korsgaard 6167179b02 ruby: security bump to version 2.4.5
Fixes the following security issues:

- CVE-2018-16396: Tainted flags are not propagated in Array#pack and
  String#unpack with some directives
https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/

- CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/

Update hash of LEGAL as it had a few (wayback machine) URLs added/changed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 646ae5a0b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 00:12:12 +01:00
Peter Korsgaard 63f0bc6fbf lighttpd: security bump to version 1.14.51
Fixes the following security issues:

1.4.50:
[mod_alias] security: potential path traversal with specific configs
[core] security: use-after-free invalid Range req
[mod_alias] security: path traversal in mod_alias (in some use cases) (fixes #2898)
[core] security: use-after-free after invalid Range request (fixes #2899)

1.4.51:
[core,security] process headers after combining folded headers
[mod_userdir] security: skip username “.” and “..”

1.4.51 brings optional pam and wolfssl support.  Explicitly disable these
options for now.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 15793bc19f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 00:11:33 +01:00
Baruch Siach da7f34d20b lighttpd: bump to version 1.4.49
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b94ddb8d5d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 00:11:25 +01:00
Fabrice Fontaine d1d92ff1fd qemu: sdl frontend needs x11
Since qemu 2.12.0 and
https://github.com/qemu/qemu/commit/2ec78706d188df7d3dab43d07b19b05ef7800a44,
x_keymap.h has been converted from "SDL display driver" to "X11 keymaps"

So add a select on BR2_PACKAGE_SDL_X11

Fixes:
 - http://autobuild.buildroot.org/results/1908d2d7de8d3aff11ed6fbb8fe4cf3eff54b5a5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8153ce21e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 00:09:13 +01:00
Fabrice Fontaine 2f3dd72e30 neardal: fix static build with libedit and libbsd
Add an upstreamable patch to use pkg-config for finding libedit and
readline dependencies and drop ncurses "hack"

Fixes:
 - http://autobuild.buildroot.org/results/b0b17f4a5b0a32631a12bdb350ba7c21f7c595d0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 91b6ca9682)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 00:05:38 +01:00
Fabrice Fontaine 1d70b9573d openswan: bump to version 2.6.51.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 03d142edc8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 00:03:45 +01:00
Fabrice Fontaine 560f12ac2a openswan: security bump to version 2.6.50.1
- Fixes CVE-2018-15836 (a Bleichenbacher-style signature forgery which
  involves RSA padding attack)
- Add hash for license files

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1de17e341b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 00:03:37 +01:00
Fabrice Fontaine 3610e1f023 openswan: disable documentation
Disable pod2man and xmlto which are used to build man pages

Fixes:
 - http://autobuild.buildroot.org/results/2268814b8f5a071ecec1aab962b50a1edcb818d7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8a0c8258b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 00:03:32 +01:00
Fabrice Fontaine ce93f3d6ba libkcapi: disable documentation
Disable db2pdf, db2ps and xmlto which are used for building PDF, PS, man
or html documentation

Fixes:
 - http://autobuild.buildroot.org/results/28df3b50d90bc53b965280b77224f89fe09ec2b9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8b3dea2c2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-14 00:01:22 +01:00
Fabrice Fontaine a62833438e lcdproc: use ac_cv_mtab_file
Set ac_cv_mtab_file to /etc/mtab otherwise build will fail if no mtab,
mnttab or fstab is found in /etc (on host)

Fixes:
 - http://autobuild.buildroot.org/results/efaf2833d674c7e366c59f367f0b83c7f88546bb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b4501ca80d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 23:59:50 +01:00
Carlos Santos 2e0984cd58 liburiparser: security bump to version 0.9.0
Fixes an out-of-bounds write, detect an integer overflow and protect
against acting on NULL input. For additional datails, see

   https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2f3042a79b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 23:58:50 +01:00
Carlos Santos e91d6df5be liburiparser: bump to version 0.8.6
Version 0.8.6 is a bugfix release including a nasty bug that has
potential to crash applications when parsing certain URIs (like
"//:%aa@", excluding quotes).

For more details please check the change log at

    https://github.com/uriparser/uriparser/blob/uriparser-0.8.6/ChangeLog

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cba4062a34)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 23:58:43 +01:00
Carlos Santos fff27a900e liburiparser: bump to version 0.8.5 and move to GitHub
uriparser 0.8.5 with bugfixes has been released. It has also moved from
SourceForge to GitHub:

    https://uriparser.github.io/

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ca0e627200)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 23:58:36 +01:00
Fabrice Fontaine a893191052 gpsd: disable documentation
Fixes:
 - http://autobuild.buildroot.org/results/cbdb4cc34080714082f044fde7e069e6ab5a0e8e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c0deed8eed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 23:57:19 +01:00
Thomas Petazzoni b76722dff4 mysql: properly order "depends on" vs. bool
This fixes a check-package warning introduced by commit
19df27ed03 ("package/mariadb: add option
to disable build of embedded server")

Fixes:

package/mysql/Config.in:59: attributes order: type, default, depends on, select, help (http://nightly.buildroot.org/#_config_files)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cbf62fc569)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 23:55:23 +01:00
Fabrice Fontaine b803c7e85c giflib: disable xmlto
Fixes:
 - http://autobuild.buildroot.org/results/87c7fa4a8e393acaccc84bd2774f9eee32ef7d90

xmlto is optionally used to generate documentation, which we don't need.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 220f25e940)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 23:54:17 +01:00
Thomas Petazzoni adac24dc04 tar: adjust Config.in comment dependency
Since commit 916b21a7fb ("package/tar:
Depends on MMU"), BR2_PACKAGE_TAR depends on BR2_USE_MMU. However, the
Config.in comment does not take into account this dependency, an
inconsistency which is fixed by this commit.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2a3ef05520)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 23:51:55 +01:00
Adrian Perez de Castro 021e95bca3 brotli: update to version 1.0.7
The new version, among other changes, includes important fixes
for unaligned memory access on ARM (both for 32 and 64-bit), as well
as performance improvements and build fixes.

Patch "0001-Tell-CMake-to-not-check-for-a-C-compiler.patch" is not
needed due to the issue being fixed upstream, and therefore is removed.

Patch "0001-CMake-Allow-using-BUILD_SHARED_LIBS-to-choose-static.patch"
is rebased against the latest upstream changes.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit be733b54a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 23:47:28 +01:00
Baruch Siach bd87905b02 p11-kit: fix detection of certificates path
The p11-kit configure script looked for certificates location on the
host. This doesn't work well with cross compilation. Make the
certificates patch depend on BR2_PACKAGE_CA_CERTIFICATES, and set the
right target location of the path.

Fixes:
http://autobuild.buildroot.net/results/295/295614d4aa3db9bb35bebbe56e38110f5a2de178/
http://autobuild.buildroot.net/results/0fb/0fb454ca0df74a8585cffe8f5d1f5d23cdfdbec6/
http://autobuild.buildroot.net/results/ef7/ef71f3d67afba547b5167253fb02476e59152803/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 30efa8ee7e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 23:44:33 +01:00
Peter Korsgaard 6a5413f2c8 xserver_xorg-server: backport upstream fix for CVE-2018-14665 to 1.19.6
Incorrect command-line parameter validation in the Xorg X server can
lead to privilege elevation and/or arbitrary files overwrite, when the
X server is running with elevated privileges (ie when Xorg is
installed with the setuid bit set and started by a non-root user).

The -modulepath argument can be used to specify an insecure path to
modules that are going to be loaded in the X server, allowing to
execute unprivileged code in the privileged process.

The -logfile argument can be used to overwrite arbitrary files in the
file system, due to incorrect checks in the parsing of the option.

For more details, see the advisory:

https://lists.x.org/archives/xorg-announce/2018-October/002927.html

Issue was introduced in 1.19.0, so the older xserver variants are not
affected.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 23:27:24 +01:00
Arnout Vandecappelle (Essensium/Mind) 067cdf7005 .gitlab-ci.yml: do runtime tests only on explicit trigger
When the runtime tests were first introduced, they still ran pretty
quickly. Nowadays, however, there are a lot of runtime tests, and some
of them take a really long time. So running them on every push is
really too much.

Just like we do for the defconfigs, run them on explicit trigger only.

The explicit trigger is now done every week, but it can be increased
to e.g. twice or three times per week.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 96123c1c4f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-26 21:38:10 +02:00
Peter Korsgaard 8c9284703c Update for 2018.02.7
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-25 20:43:18 +02:00
Bernd Kuhls 7da5629626 package/live555: security bump to version 2018.10.17
Changelog: http://www.live555.com/liveMedia/public/changelog.txt

Fixes CVE-2018-4013:
https://security-tracker.debian.org/tracker/CVE-2018-4013

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 01d7686c90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 17:58:25 +02:00
Bernd Kuhls a5672d609a package/live555: bump version to 2018.08.05
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e305ae1c1b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 17:58:19 +02:00
Bernd Kuhls 52b83f394e package/live555: Add a pkg-config file for the shared libraries
Needed for vlc to fix linking issue.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 13f7959e8d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 17:58:13 +02:00
Yann E. MORIN 336befc8e4 core: support host gcc of the future
When we do a release, we know only of a set of gcc versions that the
host may have. But in the future, distributions with newer gcc versions
may show up.

Currently, we do not recognise those versions, and thus we do as if they
were older than the oldest we know of. This means that a set of packages
become unselectable, when they should be.

We fix that by capping the detected version to the highest we know of.

Reported-by: gargar_ on IRC
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3950e69dad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 17:55:31 +02:00
Joshua Henderson 1a8801a2a8 qt5base: Qt KMS support does not depend on opengl
Qt KMS support should not explicitly depend on the availability of opengl.
Don't explicitly disable KMS if opengl is not available and fallback to
detecting if libdrm is available before disabling kms.

The scenario where this is necessary involves using the Qt linuxfb backend
"dumb buffer" support via the DRM API.  This is new in Qt 5.9 [1] and only
requires KMS, but not opengl. Although on Qt 5.6, only eglfs actually
uses libdrm/kms, it doesn't hurt to add the dependency and the -kms
option there as well, and doing so keeps the logic in the .mk file
simple.

[1] http://doc.qt.io/qt-5/embedded-linux.html#linuxfb

Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f91ea94a6f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 17:53:43 +02:00
Bernd Kuhls adeedc9d24 package/mariadb: add option to disable build of embedded server
Size of output/target/usr:

with embedded: 1,7G
without embedded: 648M

This config option saves space on the target if the embedded server
is not used by any other package:

https://mariadb.com/kb/en/library/embedded-mariadb-interface/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: Ryan Coe <bluemrp9@gmail.com>
[Peter: make Config.in option depend on _MARIADB_SERVER]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 19df27ed03)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 17:51:23 +02:00
Marcel Patzlaff 994ab8b2f5 utils/diffconfig: remove BR2_* prefix restriction
The utils/diffconfig script works only on variables with the BR2_
prefix. This is OK for Buildroot [def]configs since this is the prefix
for all user-facing variables, but it prevents using the same script
to compare configs from kconfig-based packages.

Remove the BR2_ restriction, allowing usage such as:

  ./utils/diffconfig \
	board/qemu/xtensa-lx60/linux.config \
	board/qemu/xtensa-lx60/linux-nommu.config

Signed-off-by: Marcel Patzlaff <m.patzlaff@pilz.de>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf9ccfc37b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:48:56 +02:00
Thomas Petazzoni c494470c57 package/mongoose: add security patch fixing CVE-2018-10945
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dea3ab6840)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:46:07 +02:00
Thomas Petazzoni 6e2e798242 package/gcc: disable libcilkrts when there is no thread support
The libcilkrts configure script errors out with "Pthreads are required
to build libcilkrts" if the C library doesn't have thread support. To
fix that, we disable libcilkrts when thread support is not available.

This issue was not noticed until now, because we only regularly build
a no-thread toolchain for ARM, and libcilkrts was enabled on ARM only
starting in gcc 7.x.

This fixes the build of no-thread toolchains on architectures where
libcilkrts is supported, i.e x86/x86-64, ARM and Sparc.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 076fd27da7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:35:42 +02:00
Martin Bark df81782687 package/ca-certificates: create ca-certificates.crt reproducibly
Sort the certificates into alphabetical order so the contents of
ca-certificates.crt can be built reproducibly.

Note: The certificates are sorted uppercase then lowercase filenames
so the contents of ca-certificates.crt matches the source debian package.

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c61b49e5b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:34:06 +02:00
Martin Bark 89500d4219 package/ca-certificates: fix rebuilds
Rebuilding ca-certificates using make ca-certificates-rebuild
caused duplicate certificates to be installed in the target. Its build
system is broken: it doesn't detect that the output file already exists,
and instead of overwriting it, a duplicate is generated under a
different name. The net effect is that all certificates are installed
twice after rebuild.

Fix this by cleaning the build directory before building the package.

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 42b10634c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:33:02 +02:00
Martin Bark 8ca7134eca package/ca-certificates: don't hash certificates.crt
c_rehash looks at all files in /etc/ssl/certs, generates the hash for
the certificates in them, and makes a symlink from the hash to the
certificate file.

However, ca-certificates.crt is also installed in /etc/ssl/certs and
it contains all the certificates. c_rehash will take one of them (the
first?) and create a symlink from that hash to ca-certificates.crt.
Usually, this results in an error like:

WARNING: Skipping duplicate certificate ca-certificates.crt

and all is well. However, depending on filesystem order,
ca-certificates.crt may come first, and the actual certificate is
not symlinked.

To fix this install certificates.crt to /etc/ssl/certs *after* we run
c_rehash to prevent it getting hashed by mistake.

Note: $(TARGET_DIR)/etc/ssl/certs/ is already removed during install so
this fix also works for rebuilds.

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d07ddd8e4e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:31:49 +02:00
Yann E. MORIN 2fcf3e1295 core: detect and reject build paths which contain an '@'
gcc does not build when the srcdir path contains a '@', because that
path is then substitued in a texi file as argument to an @include
directive. But then, the '@' in the path will start a command evaluation
of its own, thus breaking the build. For example, with a $(O) path set
to /home/ymorin/dev/buildroot/O/to@ti :

    perl ../../gcc/../contrib/texi2pod.pl ../../gcc/doc/invoke.texi > gcc.pod
    ../../gcc/doc/invoke.texi:1678: unknown command `ti'
    ../../gcc/doc/invoke.texi:1678: @include: could not find /home/ymorin/dev/buildroot/O/to/build/host-gcc-initial-7.3.0/build/gcc/../../gcc/../libiberty/at-file.texi

[Peter: use findstring instead of subst/compare]
Reported-by: c32 on IRC
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 7007dc2bc9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:29:53 +02:00
Francois Gerin 7b02eb66cd qt download site update
The download link was broken, former qt versions are stored into a
distinct location.

Signed-off-by: Francois Gerin <francois.gerin@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2e6cd5c2d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:28:32 +02:00
Peter Korsgaard b5c0f5967b spice: security bump to version 0.14.1
Fixes CVE-2018-10873: A vulnerability was discovered in SPICE before version
0.14.1 where the generated code used for demarshalling messages lacked
sufficient bounds checks.  A malicious client or server, after
authentication, could send specially crafted messages to its peer which
would result in a crash or, potentially, other impacts.

Drop patches as they are now upstream.

Add host-pkgconf as the configure script uses pkg-config.  Drop removed
--disable-automated-tests configure flag.

Add optional opus support, as that is now supported and needs to be
explicitly disabled to not use.  Explicitly disable optional gstreamer
support for now as the dependency tree is fairly complicated.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f33f7a4f64)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:23:50 +02:00
Peter Korsgaard 13ea5c877f spice-protocol: bump version to 0.12.14
Needed by spice 0.14.x

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit de8a4b747f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:23:19 +02:00
Baruch Siach 6bbc887846 psmisc: correct license
The license heading in source files includes the "or any later"
language.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cfa3447a78)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:19:47 +02:00
Baruch Siach 5d3e778fb9 libarchive: security bump to version 3.3.3
Fixes CVE-2017-14501: An out-of-bounds read flaw exists in
parse_file_info in archive_read_support_format_iso9660.c in libarchive
3.3.2 when extracting a specially crafted iso9660 iso file, related to
archive_read_format_iso9660_read_header.

Drop upstream patches.

Use upstream provided tarball hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 946f136fe1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:19:02 +02:00
Bernd Kuhls 9191d78db9 {linux, linux-headers}: bump 4.{4, 9, 14, 18}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0064c7b251)
[Peter: drop 4.18.x, linux.hash]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:12:32 +02:00
Yann E. MORIN c8aacabc50 package/nodejs: use per-build cache directories
When two Buildroot builds run in parallel, and they both happen to call
npm at roughly the same time, the two npm instances may conflict when
accessing the npm cache, which is by default ~/.npm

Although npm is supposed to lock access to the cache, it seems it does
sometimes fail to do so properly, bailling out in error, when it would
never ever crash at all when not running in parallel. We suspect that
the sequence leading to such failures are something like:

    npm-1                           npm-2
      lock(retry=few, sleep=short)    .
      does-stuff()                    .
      .                               lock(retry=few, sleep=short)
      .                               # can't lock local cache
      .                               download-module()
      .                                 # can't download
      .                                 exit(1)
      unlock()

As per the docs [0], few = 10, short = 10. So if the first npm (npm-1)
takes more than 100s (which can happen behind slow links and/or big
modules that contain native code that is compiled), then the second npm
(npm-2) will bail out (the download would fail if there is no network
access, for example, and only local modules are used).

Point npm to use a per-build cache directory, so they no longer compete
across builds.

That would still need some care when we do top-level parallel builds,
though.

Note also that the conflicts are not totally eliminated: two or more npm
instances may still compete for some other resource that has not yet
been identified.

But, at least, the conflict window has been drastically shortened now,
to the point where it now seldom occurs.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4a16182d5f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 14:06:12 +02:00
Peter Korsgaard d8dc74d196 wireshark: security bump to version 2.2.17
Fixes the following security issues:

CVE-2018-16058: Bluetooth AVDTP dissector crash:
https://www.wireshark.org/security/wnpa-sec-2018-44.html

CVE-2018-16056: Bluetooth Attribute Protocol dissector crash:
https://www.wireshark.org/security/wnpa-sec-2018-45.html

CVE-2018-16057: Radiotap dissector crash:
https://www.wireshark.org/security/wnpa-sec-2018-46.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 11f4562cc5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 13:59:25 +02:00
Frank Hunleth 0f148f4a5c erlang: always use Buildroot's zlib
While Erlang includes a version of zlib, it's intended for Windows and
there's an expectation that non-Windows platforms provide it. It's also
not as regularly updated as the one in Buildroot. This change makes
Erlang always use a Buildroot-provided zlib.

Fixes this compile error:

 CC	/home/buildroot/autobuild/run/instance-0/output/build/erlang-21.0/erts/emulator/zlib/obj/x86_64-buildroot-linux-musl/opt/adler32.o
In file included from zlib/adler32.c:11:0:
zlib/zutil.h:172:39: error: "_LFS64_LARGEFILE" is not defined [-Werror=undef]
     (!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0)
                                       ^~~~~~~~~~~~~~~~

See http://autobuild.buildroot.net/results/fc633f80c7c36a90e641487f5a888fbb767c2a54/.

Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ec5378038f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 13:58:03 +02:00
Thomas Petazzoni a37a50e0b8 boot/uboot: fix environment image generation on big endian systems
As reported by Jeff Wittrock in bug #11396, the U-Boot environment
image checksum is invalid for big endian targets, because the test on
the BR2_ENDIAN Config.in option doesn't take into account that it is
double quoted.

The fix was provided by Jeff himself on bugzilla.

Fixes bug #11396.

Reported-by: Jeff Wittrock <jwittrock@faultrecorder.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d6fcf044a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 13:56:27 +02:00
Fabrice Fontaine 323255f36a gvfs: fix activation of http/dav backend
Since gvfs version 1.2.3, http/dav backend needs libxml2:
https://gitlab.gnome.org/GNOME/gvfs/commit/2ef5b4192f95f9205204215aec33787641608e58

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a78848202b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 13:50:31 +02:00
Thomas Petazzoni 08e0f9bb73 ustr: remove source code from target
For some reason, ustr installs its own source code, which means we end
up with 448 KB of source code in /usr/share in the target filesystem:

$ tree output/target/usr/share/
output/target/usr/share/
└── ustr-1.0.4
    ├── malloc-check.h
    ├── ustr-b-code.h
    ├── ustr-b-dbg-code.c
    ├── ustr-b-opt-code.c
    ├── ustr-cmp-code.h
    ├── ustr-cmp-dbg-code.c
    ├── ustr-cmp-internal.h
    ├── ustr-cmp-opt-code.c
    ├── ustr-cntl-code.h
    ├── ustr-fmt-code.h
    ├── ustr-fmt-dbg-code.c
    ├── ustr-fmt-internal.h
    [...]

$ du -sh output/target/usr/share/ustr-1.0.4/
448K	output/target/usr/share/ustr-1.0.4/

So let's drop this source code in a post-install target hook.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c27484b2ef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 13:45:20 +02:00
Baruch Siach 61b2dcb49e libssh: security bump to version 0.8.4
Fixes CVE-2018-10933: authentication bypass vulnerability in the server
code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authenticate without any credentials.

  https://www.libssh.org/security/advisories/CVE-2018-10933.txt

Drop an upstream patch.

Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit de24e47d90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 13:15:53 +02:00
Baruch Siach a1bc7d71d7 libssh: bump to version 0.8.3
Drop GNU glob detection patch; issue fixed upstream.

Add upstream patch that completes the build fix when GNU glob is not
present.

Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 540e37bf74)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 13:15:40 +02:00
Baruch Siach 5ece68f555 libssh: fix build with musl libc
libssh uses GNU extensions to the glob() API. Update the cmake test to
take that into account so that glob() is not used with musl libc.

Fixes:
http://autobuild.buildroot.net/results/0c2/0c2d17316fd6bd2bf1359e23a2a1273fa349cf2a/
http://autobuild.buildroot.net/results/936/936abac5362b33980fd1efe8b830409ee2f86f6b/
http://autobuild.buildroot.net/results/51b/51b1b136ab4209ee443c1b450a932341b2ff81b7/

Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 81e33bc77c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 13:15:21 +02:00
Baruch Siach 14d4522783 libssh: fix cross compile with older cmake
Old version of cmake break cross-compilation when FindThreads is used
because of a try_run call. Add a workaround that avoids try_run.

cmake bug report: https://gitlab.kitware.com/cmake/cmake/issues/16920

Should fix:
http://autobuild.buildroot.net/results/8aa/8aa2bd894416a4508ca7140f8947ff46243f8b78/
http://autobuild.buildroot.net/results/f2c/f2cc965bb134bf4fd9e625eb267b67c949c202fc/

Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f34f33baa6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 13:15:14 +02:00
Bernd Kuhls f429a69b71 package/libssh: bump version to 0.8.1
Fixed broken _SITE, added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 23430a63a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 13:15:06 +02:00
Fabrice Fontaine a8f6c9f95d open-plc-utils: fix build with static musl
Pass TARGET_LDFLAGS to EXTRA_LDFLAGS to fix following issue:
/home/buildroot/autobuild/run/instance-3/output/build/host-gcc-final-7.3.0/build/arm-buildroot-linux-musleabihf/libgcc/../../../libgcc/config/arm/lib1funcs.S:1545: undefined reference to `raise'

Also pass TARGET_CFLAGS to EXTRA_CFLAGS and TARGET_CXXFLAGS to
EXTRA_CXXFLAGS and move all these variables to
OPEN_PLC_UTILS_MAKE_OPTS for readability

Fixes:
 - http://autobuild.buildroot.org/results/67bc5e7ac8ae1c49c035b022a394d2f746705cf2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d8738d3b97)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 13:10:17 +02:00
Thomas Petazzoni c9bf7176e7 freetype: drop calling autogen, no longer needed
In commit a31a66802a ("freetype:
security bump to version 2.5.3"), the freetype package was changed to
call ./autogen.sh to regenerate the autotools stuff, because the
ltmain.sh provided by upstream freetype was not compatible with
Buildroot libtool-patching logic.

Since then, freetype has been bumped several times, and the current
version packaged in Buildroot has an ltmain.sh that is compatible with
our libtool-patching logic.

Therefore, this commit drops the no longer needed autogen stuff.

This autogen stuff was badly breaking per-package host/target
directory, because the autogen happened at the post-patch hook step,
at which point the host-automake/host-autoconf/host-libtool
dependencies have not yet been copied into this package host
directory.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 88c6329521)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 12:39:28 +02:00
Fabrice Fontaine 7652cbed45 nmap: use system liblinear
Use system liblinear instead of using included liblinear.
liblinear in buildroot is at version 2.20 released on December 2017
whereas liblinear in nmap has not been updated since 7 years (except for
liblinear.vcxproj which has been updated 2 years ago)

Do not use --with-liblinear option as otherwise nmap will forget to add
-llinear to LIBS due to the following line in configure.ac:

if test $have_liblinear != yes; then
  AC_CHECK_HEADERS([linear.h],
    AC_CHECK_LIB(linear, predict, [have_liblinear=yes; LIBLINEAR_LIBS="-llinear"; break],, [-lm])
)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c0d9ba562c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 12:27:26 +02:00
Yegor Yefremov 9610b1dd23 scanpypi: improve BSD licence handling
When used without spdx_lookup the BSD licence cannot be
detected correctly because many Python packages just specify
BSD without the exact version in their metadata. So add a
special message warning the user instead of the licence id.

Bonus: fix typo.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d05e41eb1a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 01:08:03 +02:00
Baruch Siach 361d9ae731 ntp: fix build without libcap and no threads
When threads support is missing the ntp build system builds the
work_fork code. This code added call to set_user_group_ids() that is
under HAVE_DROPROOT, which is disabled when libcap is not built.

Add a patch fixing that.

Fixes:
http://autobuild.buildroot.net/results/ab9/ab9ceff1151b8b5e6b9fa77d39c0f9b0cac1a080/

Cc: Artyom Panfilov <apanfilov@spectracom.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 13dcc69a39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 01:05:02 +02:00
Baruch Siach 8fb6893ef4 ntp: fix build for no-MMU with libcap
Commit 87d759ced5 (ntp: fix build for no-MMU) added a patch to make MMU
dependent code hidden behind HAVE_WORKING_FORK. It turns out that the
patch covers too much code. When libcap is enabled we pass
--enable-linuxcaps, which in turn enables HAVE_DROPROOT. This adds calls
to code that is covered by HAVE_WORKING_FORK.

Update the no-MMU fix so that HAVE_WORKING_FORK only covers the no-MMU
incompatible routine.

Fixes:
http://autobuild.buildroot.net/results/c5c/c5cf28bb969fec7c07864cdd094dedfa4d5439d2/

Cc: Artem Panfilov <apanfilov@spectracom.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7cf152852d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 01:04:57 +02:00
Baruch Siach 25d126cfe2 ntp: fix build for no-MMU
Code rearrange in the latest ntp version exposed code that used to be
hidden behind HAVE_WORKING_FORK. Put this code back where it belongs.

Fixes:
http://autobuild.buildroot.net/results/9f4/9f4710b451df1a60f95ab6503cfb7788ad998a65/
http://autobuild.buildroot.net/results/d0b/d0b20a6c0f37a8b06841afc2764c8aab6ffd27d2/
http://autobuild.buildroot.net/results/85c/85c89f5e9d36915567b8d14b9c99e3720c866577/

Cc: Artem Panfilov <apanfilov@spectracom.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 87d759ced5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 01:04:50 +02:00
Artyom Panfilov 35f859ecdb package/ntp: fix md5sum.
Signed-off-by: Artem Panfilov <apanfilov@spectracom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f3c6452729)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 01:04:45 +02:00
Artyom Panfilov a048bdf49d package/ntp: security bump to version 4.2.8p12
Release notes:
https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12

Fixed security issues:

  CVE-2016-1549 / CVE-2018-7170: Sybil vulnerability: ephemeral association
  attack

  CVE-2018-12327: The openhost() function used during command-line hostname
  processing by ntpq and ntpdc can write beyond its buffer limit

Signed-off-by: Artem Panfilov <apanfilov@spectracom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cf9344c45e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 01:04:39 +02:00
Fabrice Fontaine e9420f955a jasper: update license
Add hash for license file and use SPDX short term identifier

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ab666003e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 01:00:52 +02:00
Thomas Petazzoni 9e67f4a3db ptpd2: fix patch 0002 so that it applies properly
The patch
0002-ntp_isc_md5-rename-EVP_MD_CTX-into-PTPD_EVP_MD_CTX.patch added in
commit 5b7bc560a5 ("ptpd2: fix build
failures due to EVP_MD_CTX conflict and U64 missing") was broken and
did not apply correctly.

This commit fixes the patch so that it applies properly.

Fixes:

  http://autobuild.buildroot.net/results/ffa28ee2cecc77d66d934fdb03e1f2014189e45b/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d60973af00)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 00:58:31 +02:00
Giulio Benetti 4db458dd16 ptpd2: fix build failures due to EVP_MD_CTX conflict and U64 missing
In src/dep/ntpengine/ntp_isc_md5.*, the typedef of EVP_MD_CTX
conflicts with a definition of the same type done by OpenSSL. This
issue is referenced at https://github.com/ptpd/ptpd/issues/54, and has
been fixed upstream in commit
https://github.com/ptpd/ptpd/commit/838b985510c360e651d18134e64f258f2f4c6e7c.

In src/dep/snmp.c, U64 can be missing or conflicts with new perl as
reported at https://github.com/ptpd/ptpd/issues/25. This issue has
been fixed upstream in commit
https://github.com/ptpd/ptpd/commit/1886522b50fe44e5c0dedd01d13ac456b941f744. This
commit is adapted to apply on the current version of ptpd2 we have in
Buildroot.

Fixes:
http://autobuild.buildroot.net/results/47b99a6de256bfc0f5a8ae1484bb34e93b407237/
http://autobuild.buildroot.net/results/08365fc559dda74640b9750358c82e84600a68ea/
http://autobuild.buildroot.net/results/9b41c513500c63a9890973a0f17ffdb84d44d580/
http://autobuild.buildroot.net/results/2ed79d01635c9a5e1018229dc6f4b7240a995b87/
http://autobuild.buildroot.net/results/6d1b7e191f573334115684b85165f2bc27d75d8f/
http://autobuild.buildroot.net/results/f54c6fd841b3ea77dc12048c81f3f2991b679252/
http://autobuild.buildroot.net/results/332bc77bcde0bef1b2fd7b9993409dd051c27cd6/
http://autobuild.buildroot.net/results/4b416edaec9528d75a82c9570b8f8297718ca62d/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5b7bc560a5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 00:58:23 +02:00
Yegor Yefremov 6bc94e5f41 poco: disable fpenvironment for soft floating point configuration
Many platforms don't provide all FPU features needed by Poco when
configured for soft floating point in their fenv.h header. So
disable fpenvironment for this configuration to avoid build breakage.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c735f39881)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 00:54:16 +02:00
Matt Weber 40d02fabe5 package/setools: host variant needs host-python-enum34
The enum34 dependency is required for python2.7 for both the host and
target builds.  This patch adds the host dependency to match what is
already in place for the target.

The host build is used by the setools package seinfo tool offline for
host based policy analysis. The analysis is easiest performed offline
as the policy is checked for path/reachability, which is something
that occurs by taking the policy file and using debug libraries to
perform test cases.

Fixes the following runtime error:

$ ./output/host/bin/sesearch
Traceback (most recent call last):
[...]
  File "/home/test/buildroot/output/host/lib/python2.7/site-packages/setools-4.1.1-py2.7-linux-x86_64.egg/setools/policyrep/util.py", line 21, in <module>
    from enum import Enum
ImportError: No module named enum

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a5e4eddb84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 00:48:21 +02:00
Matt Weber b150c9fa62 package/python-enum34: enable host build
This is initially used by the setools package to do offline
policy analysis using host tools.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3ec98f0564)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-24 00:48:13 +02:00
Peter Korsgaard 1aa66ce3e8 tinc: security bump to version 1.0.35
Fixes the following security issues:

CVE-2018-16758: Michael Yonli discovered that tinc 1.0.34 and earlier allow
a man-in-the-middle attack that, even if the MITM cannot decrypt the traffic
sent between the two endpoints, when the MITM can correctly predict when an
ephemeral key exchange message is sent in a TCP connection between two
nodes, allows the MITM to force one node to send UDP packets in plaintext.
The tinc 1.1pre versions are not affected by this.

CVE-2018-16738: Michael Yonli discoverd that tinc versions 1.0.30 to 1.0.34
allow an oracle attack, similar to CVE-2018-16737, but due to the
mitigations put in place for the Sweet32 attack in tinc 1.0.30, it now
requires a timing attack that has only a limited time to complete.  Tinc
1.1pre16 and earlier are also affected if there are nodes on the same VPN
that still use the legacy protocol from tinc version 1.0.x.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d0758184c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-23 18:07:37 +02:00
Bernd Kuhls c9e87d9434 package/tinc: bump version to 1.0.34
Updated license hash after upstream commit:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=54b18a85f68652f94ac5ecffbd9d100879ed06ea

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2dbc549ca6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-23 18:07:30 +02:00
Thomas Petazzoni 9c04f4847b ljlinenoise: fix upstream URL in Config.in
The current URL no longer exists, as detected by the new pkg-stats.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 05200ad014)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-23 18:06:35 +02:00
Romain Naour cfe4f3cd3e package/binutils: remove binutils 2.27 patches
binutils 2.27 support was removed in commit
453d29f1f4.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9861d487e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 23:26:44 +02:00
Fabrice Fontaine 79393851f9 nmap: update license
nmap is licensed under GPL-2.0 but with additional restrictions (see
COPYING, especially the "IMPORTANT NMAP LICENSE TERMS" part).

So, following advices of Yann and Arnout (see
https://patchwork.ozlabs.org/patch/979081), set license to nmap license

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f6199d3654)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 14:58:03 +02:00
Fabrice Fontaine ac7b4c7e10 leveldb: fix parallel build
Build of leveldb sometimes fails on:
Fatal error: can't create out-shared/db/db_bench.o: No such file or directory

Patch is not upstreamable as upstream switched to cmake

Fixes:
 - http://autobuild.buildroot.net/results/945bb8096c1f98f307161a6def5a9f7f25b2454a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit abba4e7012)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 14:52:37 +02:00
Peter Korsgaard 1bad6d2a4e file: explicitly disable libseccomp support for host
Fixes:
http://autobuild.buildroot.net/results/8a2/8a2ea2e4426416447705492237f526fc84b595d7/
http://autobuild.buildroot.net/results/a1f/a1f2369d31c2387efdec908877e0bcaa728b5aeb/

file-5.33 added optional seccomp support, but the filters did not cover all
needed syscalls, leading to errors when the freshly built host-file is
executed as part of the build on distributions with seccomp support (E.G.
Arch Linux):

checking for seccomp_init in -lseccomp... yes
..
../src/file -C -m magic
make[3]: *** [Makefile:764: magic.mgc] Bad system call

This has been fixed in file-5.34, but it anyway makes sense to explicitly
disable libseccomp support for consistency as we do not need it for the host
build.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a609f83296)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 14:50:32 +02:00
Peter Korsgaard 3f32198bf2 utils/get-developers: make it callable from elsewhere than the toplevel directory
get-developers tries to open DEVELOPERS in the current directory, so it
breaks when calling it from elsewhere than the toplevel Buildroot directory.

Traceback (most recent call last):
  File "../utils/get-developers", line 107, in <module>
    __main__()
  File "../utils/get-developers", line 26, in __main__
    devs = getdeveloperlib.parse_developers(os.path.dirname()
  File "/home/peko/source/buildroot/utils/getdeveloperlib.py", line 161, in parse_developers
    with open(os.path.join(basepath, "DEVELOPERS"), "r") as f:
IOError: [Errno 2] No such file or directory: '/home/peko/source/buildroot/output-foo/DEVELOPERS'

Fix it by instead figuring out where the DEVELOPERS file is relative to the
location of get-developers (E.G. one level up).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Arnout:
  - add realpath to support a symlinked get-developers script;
  - pass devs_dir argument to check_developers() to support -c in subdir;
  - convert basepath to absolute path to support -f option.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit 62d5558f76)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 14:45:05 +02:00
Grégoire Delattre feea4715e1 utils/get-developers: fix python 3.x compatibility
This fixes a syntax error introduced in bcf2ed5cc3.

Output before the patch:
    $ ./utils/get-developers outgoing/*
        File "./utils/get-developers", line 97
            print dev
                    ^
        SyntaxError: Missing parentheses in call to 'print'. Did you mean
        print(dev)?

Output after the patch:
    $ ./utils/get-developers outgoing/*
    git send-email --to buildroot@buildroot.org

Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8320ad3341)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 14:44:52 +02:00
Peter Korsgaard 0aac4d6f3e utils/get-developers: add -e flag to only list email addresses for git send-email
When called with a list of patches, get-developers prints the entire git
send-email invocation line:

./utils/get-developers 0001-git-security-bump-to-version-2.16.5.patch
git send-email --to buildroot@buildroot.org --cc "Matt Weber <matthew.weber@rockwellcollins.com>"

This may be handy when creating an entire patch series and editing a cover
letter, but it does mean that this has to be explicitly executed and
get-developers cannot be used directly by the --cc-cmd option of git
send-email to automatically CC affected developers.

So add an -e flag to only let get-developers print the email addresses of
the affected developers in the one-email-per-line format expected by git
send-email, similar to how get_maintainer.pl works in the Linux kernel.

With this and a suitable git configuration:

git config sendemail.to buildroot@buildroot.org
git config sendemail.ccCmd "$(pwd)/utils/get-developers -e"

You can simply do:

git send-email master

To automatically mail the buildroot list and CC affected developers on
patches.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bcf2ed5cc3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 14:44:39 +02:00
Peter Korsgaard 01e4db9fcb qemu: security bump to 2.12.1
>From the release notes:

This update contains new mitigation functionality for CVE-2018-3639
(Speculative Store Bypass) in x86. There are also bug fixes for
migration, Intel IOMMU emulation, block layer/image handling, ARM
emulation, and various other areas.

https://www.mail-archive.com/qemu-devel@nongnu.org/msg553574.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b400c2ae0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 10:51:41 +02:00
Adam Duskett d6e1cdab58 qemu: bump to 2.12.0
In addition:
  - Update 0001-user-exec-fix-usage-of-mcontext-structure-on-ARM-uCl.patch
    with new line numbers and file location.
  - Remove upstream 0002-memfd-fix-configure-test.patch
  - Add new options found in 2.12.0 in qemu.mk as disabled.
  - Remove --with-system-pixman as it's no longer optional.

Tested with test-pkg:

./utils/test-pkg -p qemu -c configs/qemu_min_defconfig
                             br-arm-full [1/6]: OK
                  br-arm-cortex-a9-glibc [2/6]: OK
                   br-arm-cortex-m4-full [3/6]: SKIPPED
                          br-x86-64-musl [4/6]: OK
                      br-arm-full-static [5/6]: OK
                armv5-ctng-linux-gnueabi [6/6]: OK
6 builds, 1 skipped, 0 build failed, 0 legal-info failed

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 06e3957c16)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 10:51:27 +02:00
Thomas Petazzoni 5c5a3c6096 package/qemu: declare target variant before host variant
Our package infrastructure uses inheritance of a number of values from
the target package to the host package, which assumes the target
package is defined before the host package. In addition, future
changes are going to make this requirement even more important.

Therefore, let's fix the qemu package so that it declares its target
variant before its host variant, like all other packages in
Buildroot. We handle qemu separately from other packages, because
unlike other packages, it didn't had the "eval" for the host and
target packages at the end of the file, but rather all variables
related to the host variant first, then the call to the package
infrastructure for the host variant, then the variables related to the
target variant, and finally the call to the package infrastructure for
the target variant. We are inverting the order of those two big parts
in this commit.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2ae7b21e0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 10:51:10 +02:00
Adam Duskett 3855afdaf3 qemu: disable qemu user emulation on MIPS64 for host variant
According to target/mips/TODO in the Qemu sources:

MIPS64
------
- Userland emulation (both n32 and n64) not functional.

And indeed, trying to run a mips64n32 binary under qemu user emulation
results in:

Invalid ELF image for this architecture

So we move the BR2_mips64(el) dependency from
BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS to
BR2_PACKAGE_HOST_QEMU_SYSTEM_ARCH_SUPPORTS, so that only the system
emulation is available on mips64, and not the user-mode emulation.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 17024f5900)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 10:50:54 +02:00
Thomas Petazzoni 146cdbd540 qemu: introduce BR2_PACKAGE_HOST_QEMU_{SYSTEM, USER}_ARCH_SUPPORTS
Not all architectures are supported by both the system emulation and
user-mode emulation in Qemu, so a single
BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS doesn't work very well.

Therefore, this commit introduces the
BR2_PACKAGE_HOST_QEMU_{SYSTEM,USER}_ARCH_SUPPORTS hidden options. We
keep the BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS option for the (numerous)
architectures supported by both system emulation and user-mode
emulation.

The 'select' logic to make sure that at least either system emulation
or user-mode emulation is selected is reworked, and done carefully to
avoid recursive Kconfig dependencies.

For now BR2_PACKAGE_HOST_QEMU_SYSTEM_ARCH_SUPPORTS and
BR2_PACKAGE_HOST_QEMU_USER_ARCH_SUPPORTS are the same, but they will
become different in a follow-up commit.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d7f74dced9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 10:50:18 +02:00
Thomas Petazzoni ed56d69f15 qemu: rewrite BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS to be more readable
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 65e05cd914)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 10:50:09 +02:00
Ricardo Martincoski 6564d85f73 qemu/Config.in.host: fix overindented depends on
Do the same as used in all other Config.in files and use only one tab.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f9b9ad206a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 10:49:51 +02:00
Adam Duskett 4d6f105c40 qemu: remove support for some PowerPC processors in host qemu
The 620, 630, and 970 are not supported at this time by qemu.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit efc67deef3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 10:49:33 +02:00
Adam Duskett e538642aa1 qemu: add BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS
Match the style used with other packages such as valgrind.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 62099784d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 10:49:25 +02:00
Giulio Benetti 7948dcf3a8 netsnmp: improve linking avoiding useless -lz listing in shared build
In commit:
https://git.buildroot.net/buildroot/commit/?id=13722d58f77d0e9fea9eefc50bf083d19f835433
Patch "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
was intended to fix AC_CHECK_FUNCS() failure on openssl functions. This
was due to missing -lz during static linking.
But the patch is wrong and results in explicitly linking against -lz in
both shared and static build.
This makes no sense, since shared linking has transitive dependency so
it doesn't need to list -lz after -lssl, -lssl is enough.
Differently static linking needs -lz to be listed after -lssl.

So the real cause of previous build failure:
http://autobuild.buildroot.net/results/881/881139fb049738b16609d39ad5a49bd77ff6b4aa/
is that when AC_CHECK_FUNCS(), $LIBS variable is overwritten with
$LIBCRYPTO without taking into accout previous $LIBS content(i.e. where
-lz is present). This results in AC_CHEC_FUNCS() to fail while trying to
statically link without listing -lz.

Then:
- Remove current "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
- Add patch "0003-configure-fix-AC_CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch"
  where add $LIBS content to tail of new $LIBS variable like this:
  LIBS="$LIBCRYPTO $LIBS"
  NOTE: $LIBS is at the end to ensure static linking to work correctly.
- Add patch 0004-configure-fix-AC_CHECK_FUNCS-TLS_method-TLSv1_method.patch
  where add $LIBS content to tail of new $LIBS variable like this:
  LIBS="-lssl $LIBCRYPTO $LIBS"
  NOTE: $LIBS is at the end to ensure static linking to work correctly.

This way AC_CHECK_FUNCS(), when static linking, try to link with -lz too
appending it at the end of linking library list.
And after every AC_CHECK_FUNCS(), previously saved $LIBS variable gets
back to its original value(i.e. containing -lz if present) resulting in
having or not -lz appended to library list according to static or
shared build.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c5a7c287de)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 18:56:47 +02:00
Giulio Benetti aa0c2b3ec3 netsnmp: fix static build failure due to missing -lssl and -lz
During configure some checking needing -lssl and -lz don't have them
appended to linker tail. Since we are building static this leads to
configure failure because of mandatory functions lack produces:
"configure: error: The DTLS based transports require the libssl library
from OpenSSL to be available and support DTLS"

- Add 1 patch to fix -lssl lack in configure and .ac modules:
upstreamed: https://sourceforge.net/p/net-snmp/code/ci/bd59be8e4e339870a1400f6866a7b73ca11f6460/
- Add 2 patches to fix -lz lack in configure and .ac modules:
1 upstreamed: https://sourceforge.net/p/net-snmp/code/ci/13da2bcde8e22dd0127a668374fdf79bed04d353/
1 in Merge Request: https://sourceforge.net/p/net-snmp/code/merge-requests/19/
- Add NETSNMP_AUTORECONF = YES

Fixes:
http://autobuild.buildroot.net/results/ece/ece7af756c910f65f618c1d04a5de70cc574b5f4/
http://autobuild.buildroot.net/results/2a7/2a7020de6a4095cf9991d09fbe8f6e364783f63b/
http://autobuild.buildroot.net/results/e27/e2787d15f72949cbb347e8a1d344f5f80b4d7697/
http://autobuild.buildroot.net/results/439/4393ce8ddee294f91bdc3e6fb53e08d56fe52184/
http://autobuild.buildroot.net/results/da6/da6bbbbb3a8d8193ec1389b9d976164181e88ae2/
http://autobuild.buildroot.net/results/cf5/cf57686e7620cc0ec361631a9ff906aa0123fdb4/
http://autobuild.buildroot.net/results/104/1043a958314529240627005d1bf21a76f4e6fcf5/
http://autobuild.buildroot.net/results/885/8855545bd09388e0da451a3cb53b312e13b29c2c/
http://autobuild.buildroot.net/results/a3d/a3dab9618a7ed88f94597418a5892c87adc23c66/
http://autobuild.buildroot.net/results/18e/18e70b88c9bcb3b8ede7308e54bba9417d1fd3fb/
http://autobuild.buildroot.net/results/ee3/ee34f65f26da20c0f2fdb9e86bcbddd389f59a29/
http://autobuild.buildroot.net/results/a1e/a1eb848079080ddf7cf2fc9e554cdd63ade0e9aa/
http://autobuild.buildroot.net/results/4dc/4dc8b53ff9f504c0a3dfc2d72c2609ad4d34559b/
http://autobuild.buildroot.net/results/9cc/9cc19e481de20ea0b4b5163e45c5aee525b81229/
http://autobuild.buildroot.net/results/f15/f15c22e0257d7498456049d8aae195ed6a265d2e/
http://autobuild.buildroot.net/results/1b3/1b30f9813a4605056963bfe4532374f725830fda/
http://autobuild.buildroot.net/results/d02/d02afc174ac4c9888f0a2cf725820cc1f05fc4bf/
http://autobuild.buildroot.net/results/57b/57b3f4663058d728987ef848e4b346656cae21d4/
http://autobuild.buildroot.net/results/ed4/ed4c27bdffccc4374ab7f951c30baba8171d30e1/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 13722d58f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 18:56:36 +02:00
Bernd Kuhls a6e588e219 package/netsnmp: security bump to version 5.8
Fixes CVE-2018-18065: _set_key in agent/helpers/table_container.c in
Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an
authenticated attacker to remotely cause the instance to crash via a crafted
UDP packet, resulting in Denial of Service.

For more details, see description and PoC:
https://dumpco.re/blog/net-snmp-5.7.3-remote-dos

Removed patch, applied upstream, autoreconf is not needed anymore.
Added sha256 hashes for tarball and license file.
Switched _SITE to https.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1fe32e8375)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 18:56:28 +02:00
Peter Korsgaard 0709404fc3 git: security bump to version 2.16.5
Fixes CVE-2018-17456: RCE issue in handling of git submodules

For more details, see the announcement:
https://marc.info/?l=git&m=153875888916397&w=2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 063eff9bc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 00:01:28 +02:00
Baruch Siach f75f370c82 libcurl: add brotli optional dependency
The brotli package has recently been added to Buildroot. Add brotli an
an optional dependency to libcurl to make the build consistent.

It turns out that libcurl configure script uses pkg-config to figure
out link libraries only when --with-brotli is explicitly set. So this
also fixes static build failure.

Fixes:
http://autobuild.buildroot.net/results/64b/64bc0dfe284206390ae0680b94c0876863a3c0f3/
http://autobuild.buildroot.net/results/233/23376d8653dea6361e42b0f17b6aaab3c14d99cf/
http://autobuild.buildroot.net/results/b19/b198db4b69e18e6d01ec95aae9c6096c1912dd9c/

Cc: Adrian Perez de Castro <aperez@igalia.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e7d658e029)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-11 20:32:48 +02:00
Olivier Schonken 45e5d2ce68 cups-filters: add autoreconf
Because we are patching Makefile.am, Makefile.am is newer than Makefile.in

Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-08 10:34:06 +02:00
274 changed files with 3357 additions and 2825 deletions
+5
View File
@@ -51,6 +51,11 @@ check-package:
- output/build/packages-file-list.txt
.runtime_test: &runtime_test
# Running the runtime tests for every push is too much, so limit to
# explicit triggers through the API.
only:
- triggers
- tags
# Keep build directories so the rootfs can be an artifact of the job. The
# runner will clean up those files for us.
# Multiply every emulator timeout by 10 to avoid sporadic failures in
+5
View File
@@ -51,6 +51,11 @@ check-package:
- output/build/packages-file-list.txt
.runtime_test: &runtime_test
# Running the runtime tests for every push is too much, so limit to
# explicit triggers through the API.
only:
- triggers
- tags
# Keep build directories so the rootfs can be an artifact of the job. The
# runner will clean up those files for us.
# Multiply every emulator timeout by 10 to avoid sporadic failures in
+91
View File
@@ -1,3 +1,94 @@
2018.02.9, Released December 20th, 2018
Important / security related fixes.
defconfigs: Fixes for ci20
Updated/fixed packages: c-ares, dante, freetype, ghostscript,
glibc, gnutls, go, libcurl, libgpgme, libid3tag, libiscsi,
libmpd, libopenssl, libpjsip, linux, liquid-dsp, luvi, lynx,
msgpack, nginx, nodejs, php, popt, pps-tools, python-numpy,
python-requests, samba4, sdl2_net, squashfs, swupdate, uclibc,
wine, webkitgtk, xfsprogs
Issues resolved (http://bugs.uclibc.org):
#11426: pps-tools bash dependency
2018.02.8, Released November 26th, 2018
Important / security related fixes.
fs: Drop intermediate tarball from the filesystem handling to
fix an issue with xattrs handling related to fakeroot. Ensure
tarball target includes xattrs.
download: Fix confusion in git submodule handling if dl/ is a
symlink.
toolchain: Only allow enabling stack protection on
architectures with control flow integrity (CFI) support. Only
allow FORTIFY_SOURCE support on gcc >= 6.
genrandconfig: Fix missing newline in BR2_WGET handling,
causing the following line to be ignored. This would affect
BR2_ENABLE_DEBUG, BR2_INIT_BUSYBOX, BR2_INIT_SYSTEMD,
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV, BR2_STATIC_LIBS or
BR2_PACKAGE_PYTHON_PY_ONLY depending on the randomization.
show-build-order: Also include the dependencies of
rootfs-common.
Defconfigs: Fixes for Armadeus APF27, imx6sabre.
graph-depends: Fix for package names starting with a non-alpha
character.
Updated/fixed packages: attr, audit, bind, brotli, easydbus,
elfutils, gauche, gcc, giflib, gpsd, lcdproc, libcurl,
libiscsi, libnfs, libnspr, libnss, libkcapi, libsemanage,
liburiparser, lighttpd, linux, lua-curl, mariadb, mmc-utils,
mosquitto, mysql, neardal, netplug, network-manager,
nfs-utils, nginx, openocd, openswan, p11-kit, postgresql,
prosody, qemu, qt, rpm, ruby, samba4, squid, supertuxkart,
systemd, tar, trace-cmd, traceroute, twolame, uclibc,
usb_modeswitch, vtun, webkitgtk, xdriver_xf86-video-geode,
xlib_libfontenc, xproto_inputproto, xserver_xorg-server
Issues resolved (http://bugs.uclibc.org):
#11086: download/git submodule breaks on symlinked dl folder
#11251: Util scanpypi failes when package change - to _ in..
#11476: stdio2.h error invalid use of __builtin_va_arg_pack
#11481: Docs: Is external.desc required?
2018.02.7, Released October 25th, 2018
Important / security related fixes.
Detect and reject build paths containing '@', as this confuses
a number of packages, including GCC.
utils/get-developers: Add -e option for use with git
send-email.
utils/diffconfig: Make it work for (non-Buildroot) config
files not using the BR2_ prefix.
u-boot: Fix for environment image handling on big endian
systems.
Updated/fixed packages: binutils, ca-certificates,
cups-filters, erlang, libarchive, libcurl, libssh, live555,
ljlinenoise, file, freetype, gcc, git, gvfs, leveldb, mariadb,
mongoose, netsnmp, nmap, nodejs, ntp, open-plc-utils, poco,
psmisc, qptpd2, python-enum34, qemu, qt, qt5base, spice,
spice-protocols, setools, tinc, ustr, wireshark
Issues resolved (http://bugs.uclibc.org):
#11396: uboot environment image checksum invalid if target is big endian
2018.02.6, Released October 7th, 2018
Important / security related fixes.
+7
View File
@@ -67,6 +67,9 @@ config BR2_HOST_GCC_AT_LEAST_8
default y if BR2_HOST_GCC_VERSION = "8"
select BR2_HOST_GCC_AT_LEAST_7
# When adding new entries above, be sure to update
# the HOSTCC_MAX_VERSION variable in the Makefile.
# Hidden boolean selected by packages in need of Java in order to build
# (example: kodi)
config BR2_NEEDS_HOST_JAVA
@@ -795,6 +798,8 @@ config BR2_FORTIFY_SOURCE_NONE
config BR2_FORTIFY_SOURCE_1
bool "Conservative"
# gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
help
This option sets _FORTIFY_SOURCE to 1 and only introduces
checks that shouldn't change the behavior of conforming
@@ -802,6 +807,8 @@ config BR2_FORTIFY_SOURCE_1
config BR2_FORTIFY_SOURCE_2
bool "Aggressive"
# gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
help
This option sets _FORTIFY_SOURCES to 2 and some more
checking is added, but some conforming programs might fail.
+15 -4
View File
@@ -60,6 +60,11 @@ override O := $(patsubst %/,%,$(patsubst %.,%,$(O)))
# avoid empty CANONICAL_O in case on non-existing entry.
CANONICAL_O := $(shell mkdir -p $(O) >/dev/null 2>&1)$(realpath $(O))
# gcc fails to build when the srcdir contains a '@'
ifneq ($(findstring @,$(CANONICAL_O)),)
$(error The build directory can not contain a '@')
endif
CANONICAL_CURDIR = $(realpath $(CURDIR))
REQ_UMASK = 0022
@@ -87,9 +92,9 @@ all:
.PHONY: all
# Set and export the version string
export BR2_VERSION := 2018.02.6
export BR2_VERSION := 2018.02.9
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1538896000
BR2_VERSION_EPOCH = 1545305000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -355,8 +360,14 @@ export HOSTARCH := $(shell LC_ALL=C $(HOSTCC_NOCCACHE) -v 2>&1 | \
-e 's/macppc/powerpc/' \
-e 's/sh.*/sh/' )
HOSTCC_VERSION := $(shell $(HOSTCC_NOCCACHE) --version | \
sed -n -r 's/^.* ([0-9]*)\.([0-9]*)\.([0-9]*)[ ]*.*/\1 \2/p')
# When adding a new host gcc version in Config.in,
# update the HOSTCC_MAX_VERSION variable:
HOSTCC_MAX_VERSION := 8
HOSTCC_VERSION := $(shell V=$$($(HOSTCC_NOCCACHE) --version | \
sed -n -r 's/^.* ([0-9]*)\.([0-9]*)\.([0-9]*)[ ]*.*/\1 \2/p'); \
[ "$${V%% *}" -le $(HOSTCC_MAX_VERSION) ] || V=$(HOSTCC_MAX_VERSION); \
printf "%s" "$${V}")
# For gcc >= 5.x, we only need the major version.
ifneq ($(firstword $(HOSTCC_VERSION)),4)
@@ -0,0 +1,66 @@
From b3a1e97498e7987073775d49a703932c20f2df1d Mon Sep 17 00:00:00 2001
From: Ezequiel Garcia <ezequiel@collabora.com>
Date: Mon, 12 Nov 2018 14:04:46 -0300
Subject: [PATCH] mips: Remove default endiannes
Currently, trying to build ci20_mmc fails on little-endian
toolchains. The problem seems to be that some targets don't
have CONFIG_SYS_LITTLE_ENDIAN properly set, and therefore
the default -EB switch is selected.
Let's get rid of the default switch entirely, and fix this problem.
While this may be a hack, it is a quick solution until
U-Boot gets CI20 proper support.
make ARCH=mips CROSS_COMPILE=mips-linux-gnu- ci20_mmc
Configuring for ci20_mmc - Board: ci20, Options: SPL_MMC_SUPPORT,ENV_IS_IN_MMC
make
make[1]: Entering directory '/home/zeta/repos/u-boot-ci20'
Generating include/autoconf.mk
Generating include/autoconf.mk.dep
mips-linux-gnu-gcc: error: may not use both -EB and -EL
mips-linux-gnu-gcc: error: may not use both -EB and -EL
Generating include/spl-autoconf.mk
mips-linux-gnu-gcc: error: may not use both -EB and -EL
Generating include/tpl-autoconf.mk
mips-linux-gnu-gcc: error: may not use both -EB and -EL
mips-linux-gnu-gcc -DDO_DEPS_ONLY \
-g -Os -ffunction-sections -fdata-sections -D__KERNEL__ -I/home/zeta/repos/u-boot-ci20/include -fno-builtin -ffreestanding -nostdinc -isystem /home/zeta/repos/buildroot/mips/output/host/opt/ext-toolchain/bin/../lib/gcc/mips-linux-gnu/5.3.0/include -pipe -DCONFIG_MIPS -D__MIPS__ -G 0 -EB -msoft-float -fpic -mabicalls -march=mips32 -mabi=32 -DCONFIG_32BIT -mno-branch-likely -Wall -Wstrict-prototypes \
-o lib/asm-offsets.s lib/asm-offsets.c -c -S
if [ -f arch/mips/cpu/xburst/jz4780/asm-offsets.c ];then \
mips-linux-gnu-gcc -DDO_DEPS_ONLY \
-g -Os -ffunction-sections -fdata-sections -D__KERNEL__ -I/home/zeta/repos/u-boot-ci20/include -fno-builtin -ffreestanding -nostdinc -isystem /home/zeta/repos/buildroot/mips/output/host/opt/ext-toolchain/bin/../lib/gcc/mips-linux-gnu/5.3.0/include -pipe -DCONFIG_MIPS -D__MIPS__ -G 0 -EB -msoft-float -fpic -mabicalls -march=mips32 -mabi=32 -DCONFIG_32BIT -mno-branch-likely -Wall -Wstrict-prototypes \
-o arch/mips/cpu/xburst/jz4780/asm-offsets.s arch/mips/cpu/xburst/jz4780/asm-offsets.c -c -S; \
else \
touch arch/mips/cpu/xburst/jz4780/asm-offsets.s; \
fi
mips-linux-gnu-gcc: error: may not use both -EB and -EL
make[1]: *** [Makefile:747: lib/asm-offsets.s] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: Leaving directory '/home/zeta/repos/u-boot-ci20'
make: *** [.boards.depend:463: ci20_mmc] Error 2
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
---
https://github.com/MIPS/CI20_u-boot/pull/19
arch/mips/config.mk | 3 ---
1 file changed, 3 deletions(-)
diff --git a/arch/mips/config.mk b/arch/mips/config.mk
index c89279025507..43560abbc0e1 100644
--- a/arch/mips/config.mk
+++ b/arch/mips/config.mk
@@ -20,9 +20,6 @@ ifdef CONFIG_SYS_BIG_ENDIAN
ENDIANNESS := -EB
endif
-# Default to EB if no endianess is configured
-ENDIANNESS ?= -EB
-
PLATFORM_CPPFLAGS += -DCONFIG_MIPS -D__MIPS__
#
--
2.19.1
@@ -0,0 +1,89 @@
From 27a2cd6a1980adf3002412678c8fdec6528dc47d Mon Sep 17 00:00:00 2001
From: Trent Piepho <tpiepho@impinj.com>
Date: Fri, 6 Apr 2018 17:11:27 -0700
Subject: [PATCH] imx: Create distinct pre-processed mkimage config files
Each imx image is created by a separate sub-make and during this process
the mkimage config file is run though cpp.
The cpp output is to the same file no matter what imx image is being
created.
This means if two imx images are generated in parallel they will attempt
to independently produce the same pre-processed mkimage config file at
the same time.
Avoid the problem by making the pre-processed config file name unique
based on the imx image it will be used in. This way each image will
create a unique config file and they won't clobber each other when run
in parallel.
This should fixed the build bug referenced in b5b0e4e3 ("imximage:
Remove failure when no IVT offset is found").
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Tested-by: Fabio Estevam <fabio.estevam@nxp.com>
[fabio: Adapted to imx_v2017.03_4.9.11_1.0.0_ga]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
---
arch/arm/imx-common/Makefile | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/arch/arm/imx-common/Makefile b/arch/arm/imx-common/Makefile
index d862258..f1bae8d 100644
--- a/arch/arm/imx-common/Makefile
+++ b/arch/arm/imx-common/Makefile
@@ -69,9 +69,11 @@ endif
quiet_cmd_cpp_cfg = CFGS $@
cmd_cpp_cfg = $(CPP) $(cpp_flags) -x c -o $@ $<
-IMX_CONFIG = $(CONFIG_IMX_CONFIG:"%"=%).cfgtmp
+# mkimage source config file
+IMX_CONFIG = $(CONFIG_IMX_CONFIG:"%"=%)
-$(IMX_CONFIG): %.cfgtmp: % FORCE
+# How to create a cpp processed config file, they all use the same source
+%.cfgout: $(IMX_CONFIG) FORCE
$(Q)mkdir -p $(dir $@)
$(call if_changed_dep,cpp_cfg)
@@ -79,7 +81,7 @@ MKIMAGEFLAGS_u-boot.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imxim
-e $(CONFIG_SYS_TEXT_BASE)
u-boot.imx: MKIMAGEOUTPUT = u-boot.imx.log
-u-boot.imx: u-boot.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
+u-boot.imx: u-boot.bin u-boot.cfgout $(PLUGIN).bin FORCE
$(call if_changed,mkimage)
ifeq ($(CONFIG_OF_SEPARATE),y)
@@ -87,16 +89,15 @@ MKIMAGEFLAGS_u-boot-dtb.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T i
-e $(CONFIG_SYS_TEXT_BASE)
u-boot-dtb.imx: MKIMAGEOUTPUT = u-boot-dtb.imx.log
-u-boot-dtb.imx: u-boot-dtb.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
+u-boot-dtb.imx: u-boot-dtb.bin u-boot-dtb.cfgout $(PLUGIN).bin FORCE
$(call if_changed,mkimage)
endif
MKIMAGEFLAGS_SPL = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \
-e $(CONFIG_SPL_TEXT_BASE)
-
SPL: MKIMAGEOUTPUT = SPL.log
-SPL: spl/u-boot-spl.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
+SPL: spl/u-boot-spl.bin spl/u-boot-spl.cfgout $(PLUGIN).bin FORCE
$(call if_changed,mkimage)
MKIMAGEFLAGS_u-boot.uim = -A arm -O U-Boot -a $(CONFIG_SYS_TEXT_BASE) \
@@ -124,4 +125,4 @@ cmd_u-boot-nand-spl_imx = (printf '\000\000\000\000\106\103\102\040\001' && \
spl/u-boot-nand-spl.imx: SPL FORCE
$(call if_changed,u-boot-nand-spl_imx)
-targets += $(addprefix ../../../,$(IMX_CONFIG) SPL u-boot.uim spl/u-boot-nand-spl.imx)
+targets += $(addprefix ../../../,SPL spl/u-boot-spl.cfgout u-boot-dtb.cfgout u-boot.cfgout u-boot.uim spl/u-boot-nand-spl.imx)
--
2.7.4
@@ -1,55 +0,0 @@
From 24ba28680abe868e8db3442a9bf523ad3af1febd Mon Sep 17 00:00:00 2001
From: Fabio Estevam <fabio.estevam@nxp.com>
Date: Fri, 9 Mar 2018 08:25:00 -0300
Subject: [PATCH] imximage: Remove failure when no IVT offset is found
Sometimes imximage throws the following error:
CFGS board/freescale/vf610twr/imximage.cfg.cfgtmp
CFGS board/freescale/vf610twr/imximage.cfg.cfgtmp
MKIMAGE u-boot-dtb.imx
Error: No BOOT_FROM tag in board/freescale/vf610twr/imximage.cfg.cfgtmp
arch/arm/mach-imx/Makefile:100: recipe for target 'u-boot-dtb.imx' failed
Later on, when running mkimage for the u-boot.imx it will succeed in
finding the IVT offset.
Looks like some race condition happening during parallel build when
processing mkimage for u-boot-dtb.imx and u-boot.imx.
A proper fix still needs to be implemented, but as a workaround let's
remove the error when the IVT offset is not found.
It is useful to have such message, especially during bring-up phase,
but the build error that it causes is severe, so better avoid the
build error for now.
The error checking can be re-implemented later when we have a proper
fix.
Reported-by: Breno Lima <breno.lima@nxp.com>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
---
tools/imximage.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/tools/imximage.c b/tools/imximage.c
index 0c43196..bef56f8 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -765,11 +765,6 @@ static uint32_t parse_cfg_file(struct imx_header *imxhdr, char *name)
(*set_dcd_rst)(imxhdr, dcd_len, name, lineno);
fclose(fd);
- /* Exit if there is no BOOT_FROM field specifying the flash_offset */
- if (imximage_ivt_offset == FLASH_OFFSET_UNDEFINED) {
- fprintf(stderr, "Error: No BOOT_FROM tag in %s\n", name);
- exit(EXIT_FAILURE);
- }
return dcd_len;
}
--
2.7.4
+1 -1
View File
@@ -262,7 +262,7 @@ define UBOOT_GENERATE_ENV_IMAGE
>$(@D)/buildroot-env.txt
$(HOST_DIR)/bin/mkenvimage -s $(BR2_TARGET_UBOOT_ENVIMAGE_SIZE) \
$(if $(BR2_TARGET_UBOOT_ENVIMAGE_REDUNDANT),-r) \
$(if $(filter BIG,$(BR2_ENDIAN)),-b) \
$(if $(filter "BIG",$(BR2_ENDIAN)),-b) \
-o $(BINARIES_DIR)/uboot-env.bin \
$(@D)/buildroot-env.txt
endef
+4 -1
View File
@@ -28,4 +28,7 @@ BR2_LINUX_KERNEL_INTREE_DTS_NAME="imx27-apf27dev"
# U-boot
BR2_TARGET_UBOOT=y
BR2_TARGET_UBOOT_BOARDNAME="apf27"
BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y
BR2_TARGET_UBOOT_CUSTOM_VERSION=y
BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2018.09"
BR2_TARGET_UBOOT_BOARD_DEFCONFIG="apf27"
-1
View File
@@ -60,7 +60,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
BR2_PACKAGE_BLUEZ_UTILS=y
BR2_PACKAGE_BRIDGE_UTILS=y
BR2_PACKAGE_CAN_UTILS=y
BR2_PACKAGE_DROPBEAR=y
BR2_PACKAGE_ETHTOOL=y
BR2_PACKAGE_IPERF=y
BR2_PACKAGE_IPROUTE2=y
-1
View File
@@ -63,7 +63,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
BR2_PACKAGE_BLUEZ_UTILS=y
BR2_PACKAGE_BRIDGE_UTILS=y
BR2_PACKAGE_CAN_UTILS=y
BR2_PACKAGE_DROPBEAR=y
BR2_PACKAGE_ETHTOOL=y
BR2_PACKAGE_IPERF=y
BR2_PACKAGE_IPROUTE2=y
@@ -52,7 +52,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
BR2_PACKAGE_BLUEZ_UTILS=y
BR2_PACKAGE_BRIDGE_UTILS=y
BR2_PACKAGE_CAN_UTILS=y
BR2_PACKAGE_DROPBEAR=y
BR2_PACKAGE_ETHTOOL=y
BR2_PACKAGE_IPERF=y
BR2_PACKAGE_IPROUTE2=y
@@ -66,7 +66,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
BR2_PACKAGE_BLUEZ_UTILS=y
BR2_PACKAGE_BRIDGE_UTILS=y
BR2_PACKAGE_CAN_UTILS=y
BR2_PACKAGE_DROPBEAR=y
BR2_PACKAGE_ETHTOOL=y
BR2_PACKAGE_IPERF=y
BR2_PACKAGE_IPROUTE2=y
@@ -62,7 +62,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
BR2_PACKAGE_BLUEZ_UTILS=y
BR2_PACKAGE_BRIDGE_UTILS=y
BR2_PACKAGE_CAN_UTILS=y
BR2_PACKAGE_DROPBEAR=y
BR2_PACKAGE_ETHTOOL=y
BR2_PACKAGE_IPERF=y
BR2_PACKAGE_IPROUTE2=y
@@ -65,7 +65,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
BR2_PACKAGE_BLUEZ_UTILS=y
BR2_PACKAGE_BRIDGE_UTILS=y
BR2_PACKAGE_CAN_UTILS=y
BR2_PACKAGE_DROPBEAR=y
BR2_PACKAGE_ETHTOOL=y
BR2_PACKAGE_IPERF=y
BR2_PACKAGE_IPROUTE2=y
@@ -63,7 +63,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
BR2_PACKAGE_BLUEZ_UTILS=y
BR2_PACKAGE_BRIDGE_UTILS=y
BR2_PACKAGE_CAN_UTILS=y
BR2_PACKAGE_DROPBEAR=y
BR2_PACKAGE_ETHTOOL=y
BR2_PACKAGE_IPERF=y
BR2_PACKAGE_IPROUTE2=y
@@ -66,7 +66,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
BR2_PACKAGE_BLUEZ_UTILS=y
BR2_PACKAGE_BRIDGE_UTILS=y
BR2_PACKAGE_CAN_UTILS=y
BR2_PACKAGE_DROPBEAR=y
BR2_PACKAGE_ETHTOOL=y
BR2_PACKAGE_IPERF=y
BR2_PACKAGE_IPROUTE2=y
+1
View File
@@ -28,6 +28,7 @@ BR2_TARGET_UBOOT_BOARDNAME="ci20_mmc"
BR2_TARGET_UBOOT_CUSTOM_GIT=y
BR2_TARGET_UBOOT_CUSTOM_REPO_URL="https://github.com/MIPS/CI20_u-boot"
BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION="dd3c1b95dac7d10b2ca5806f65e5c1050d7dd0fa"
BR2_TARGET_UBOOT_PATCH="board/ci20/patches/uboot"
BR2_TARGET_UBOOT_FORMAT_IMG=y
BR2_TARGET_UBOOT_SPL=y
BR2_TARGET_UBOOT_SPL_NAME="spl/u-boot-spl.bin"
+1
View File
@@ -43,6 +43,7 @@ BR2_LINUX_KERNEL_DEFCONFIG="imx_v6_v7"
BR2_LINUX_KERNEL_DTS_SUPPORT=y
BR2_LINUX_KERNEL_INTREE_DTS_NAME="imx6q-sabresd imx6dl-sabresd imx6qp-sabresd"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/freescale/imx6-sabresd/linux_qt5.fragment"
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
# GL driver
BR2_PACKAGE_MESA3D=y
@@ -50,6 +50,7 @@ to you.
|
+-- Config.in (if using a br2-external tree)
+-- external.mk (if using a br2-external tree)
+-- external.desc (if using a br2-external tree)
------
Details on the files shown above are given further in this chapter.
+1 -1
View File
@@ -122,7 +122,7 @@ rootfs-$(1): $$(BINARIES_DIR)/rootfs.$(1)
ifeq ($$(BR2_TARGET_ROOTFS_$(2)),y)
TARGETS_ROOTFS += rootfs-$(1)
PACKAGES += $$(filter-out rootfs-%,$$(ROOTFS_$(2)_DEPENDENCIES))
PACKAGES += $$(filter-out rootfs-%,$$(ROOTFS_$(2)_DEPENDENCIES) $$(ROOTFS_COMMON_DEPENDENCIES))
endif
# Check for legacy POST_TARGETS rules
+1 -1
View File
@@ -8,7 +8,7 @@ TAR_OPTS := $(call qstrip,$(BR2_TARGET_ROOTFS_TAR_OPTIONS))
define ROOTFS_TAR_CMD
(cd $(TARGET_DIR); find -print0 | LC_ALL=C sort -z | \
tar $(TAR_OPTS) -cf $@ --null --no-recursion -T - --numeric-owner)
tar $(TAR_OPTS) -cf $@ --null --xattrs-include='*' --no-recursion -T - --numeric-owner)
endef
$(eval $(rootfs))
+5 -3
View File
@@ -278,6 +278,7 @@ define LINUX_KCONFIG_FIXUP_CMDS
# replaced later by the real cpio archive, and the kernel will be
# rebuilt using the linux-rebuild-with-initramfs target.
$(if $(BR2_TARGET_ROOTFS_INITRAMFS),
mkdir -p $(BINARIES_DIR)
touch $(BINARIES_DIR)/rootfs.cpio
$(call KCONFIG_SET_OPT,CONFIG_INITRAMFS_SOURCE,"$${BR_BINARIES_DIR}/rootfs.cpio",$(@D)/.config)
$(call KCONFIG_SET_OPT,CONFIG_INITRAMFS_ROOT_UID,0,$(@D)/.config)
@@ -287,6 +288,9 @@ define LINUX_KCONFIG_FIXUP_CMDS
$(call KCONFIG_ENABLE_OPT,CONFIG_DEVTMPFS_MOUNT,$(@D)/.config))
$(if $(BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV),
$(call KCONFIG_ENABLE_OPT,CONFIG_INOTIFY_USER,$(@D)/.config))
$(if $(BR2_PACKAGE_AUDIT),
$(call KCONFIG_ENABLE_OPT,CONFIG_NET,$(@D)/.config)
$(call KCONFIG_ENABLE_OPT,CONFIG_AUDIT,$(@D)/.config))
$(if $(BR2_PACKAGE_KTAP),
$(call KCONFIG_ENABLE_OPT,CONFIG_DEBUG_FS,$(@D)/.config)
$(call KCONFIG_ENABLE_OPT,CONFIG_ENABLE_DEFAULT_TRACERS,$(@D)/.config)
@@ -413,9 +417,7 @@ define LINUX_INSTALL_HOST_TOOLS
# Installing dtc (device tree compiler) as host tool, if selected
if grep -q "CONFIG_DTC=y" $(@D)/.config; then \
$(INSTALL) -D -m 0755 $(@D)/scripts/dtc/dtc $(HOST_DIR)/bin/linux-dtc ; \
if [ ! -e $(HOST_DIR)/bin/dtc ]; then \
ln -sf linux-dtc $(HOST_DIR)/bin/dtc ; \
fi \
$(if $(BR2_PACKAGE_HOST_DTC),,ln -sf linux-dtc $(HOST_DIR)/bin/dtc;) \
fi
endef
@@ -0,0 +1,126 @@
From 14adc898a36948267bfe5c63b399996879e94c98 Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruenba@redhat.com>
Date: Fri, 17 Aug 2018 14:07:31 +0200
Subject: Switch back to syscall()
Switch back to syscall() for the *xattr system calls. The current
mechanism of forwarding those calls to glibc breaks libraries like
libfakeroot (fakeroot) and libasan (the gcc address sanitizer; gcc
-fsanitize=address).
Those libraries provide wrappers for functions defined in other shared
libraries, usually glibc, do their own processing, and forward calls to
the original symbols looke dup via dlsym(RTLD_NEXT, "symbol_name"). In
our case, dlsym returns the libattr_*xattr wrappers. However, when our
wrappers try calling glibc, they end up calling the libfakeroot /
libasan wrappers instead because those override the original symbols =>
recursion.
The libattr_*xattr wrappers will only be used when symbols are looked up
at runtime (dlopen / dlsym). Programs linking against libattr will
directly use the glibc provided symbols. Therefore, the slightly worse
performance of syscall() won't affect any of the "normal" users of
libattr.
[nicolas.cavallari: with uclibc-ng, the recursion always happen]
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
---
libattr/syscalls.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/libattr/syscalls.c b/libattr/syscalls.c
index 3013aa0..721ad7f 100644
--- a/libattr/syscalls.c
+++ b/libattr/syscalls.c
@@ -22,6 +22,8 @@
#include "config.h"
+#include <unistd.h>
+#include <sys/syscall.h>
#include <sys/xattr.h>
#ifdef HAVE_VISIBILITY_ATTRIBUTE
@@ -31,67 +33,67 @@
int libattr_setxattr(const char *path, const char *name,
void *value, size_t size, int flags)
{
- return setxattr(path, name, value, size, flags);
+ return syscall(__NR_setxattr, path, name, value, size, flags);
}
int libattr_lsetxattr(const char *path, const char *name,
void *value, size_t size, int flags)
{
- return lsetxattr(path, name, value, size, flags);
+ return syscall(__NR_lsetxattr, path, name, value, size, flags);
}
int libattr_fsetxattr(int filedes, const char *name,
void *value, size_t size, int flags)
{
- return fsetxattr(filedes, name, value, size, flags);
+ return syscall(__NR_fsetxattr, filedes, name, value, size, flags);
}
ssize_t libattr_getxattr(const char *path, const char *name,
void *value, size_t size)
{
- return getxattr(path, name, value, size);
+ return syscall(__NR_getxattr, path, name, value, size);
}
ssize_t libattr_lgetxattr(const char *path, const char *name,
void *value, size_t size)
{
- return lgetxattr(path, name, value, size);
+ return syscall(__NR_lgetxattr, path, name, value, size);
}
ssize_t libattr_fgetxattr(int filedes, const char *name,
void *value, size_t size)
{
- return fgetxattr(filedes, name, value, size);
+ return syscall(__NR_fgetxattr, filedes, name, value, size);
}
ssize_t libattr_listxattr(const char *path, char *list, size_t size)
{
- return listxattr(path, list, size);
+ return syscall(__NR_listxattr, path, list, size);
}
ssize_t libattr_llistxattr(const char *path, char *list, size_t size)
{
- return llistxattr(path, list, size);
+ return syscall(__NR_llistxattr, path, list, size);
}
ssize_t libattr_flistxattr(int filedes, char *list, size_t size)
{
- return flistxattr(filedes, list, size);
+ return syscall(__NR_flistxattr, filedes, list, size);
}
int libattr_removexattr(const char *path, const char *name)
{
- return removexattr(path, name);
+ return syscall(__NR_removexattr, path, name);
}
int libattr_lremovexattr(const char *path, const char *name)
{
- return lremovexattr(path, name);
+ return syscall(__NR_lremovexattr, path, name);
}
int libattr_fremovexattr(int filedes, const char *name)
{
- return fremovexattr(filedes, name);
+ return syscall(__NR_fremovexattr, filedes, name);
}
#ifdef HAVE_VISIBILITY_ATTRIBUTE
--
cgit v1.0-41-gc330
@@ -0,0 +1,32 @@
From 6e1fd09f7bc131c8f16d9cc43e2455ba4650c651 Mon Sep 17 00:00:00 2001
From: Carlos Santos <casantos@datacom.com.br>
Date: Sat, 3 Nov 2018 08:25:58 -0300
Subject: [PATCH] Fix audispd path in auditd.conf
audispd is installed at /usr/sbin but the configuration file pointed
to /sbin, causing auditd to fail on startup.
This patch cannot be sent upstream because audispd does not exist
anymore on the master branch (it was merged to auditd).
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
---
init.d/auditd.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/init.d/auditd.conf b/init.d/auditd.conf
index 4dcda83..998904f 100644
--- a/init.d/auditd.conf
+++ b/init.d/auditd.conf
@@ -13,7 +13,7 @@ max_log_file = 8
num_logs = 5
priority_boost = 4
disp_qos = lossy
-dispatcher = /sbin/audispd
+dispatcher = /usr/sbin/audispd
name_format = NONE
##name = mydomain
max_log_file_action = ROTATE
--
2.17.1
+1 -1
View File
@@ -1,4 +1,4 @@
#Locally computed
sha256 67b59b2b77afee9ed87afa4d80ffc8e6f3a1f4bbedd5f2871f387c952147bcba audit-2.8.2.tar.gz
sha256 a410694d09fc5708d980a61a5abcb9633a591364f1ecc7e97ad5daef9c898c38 audit-2.8.4.tar.gz
sha256 32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670 COPYING
sha256 f18a0811fa0e220ccbc42f661545e77f0388631e209585ed582a1c693029c6aa COPYING.LIB
+2 -2
View File
@@ -4,7 +4,7 @@
#
################################################################################
AUDIT_VERSION = 2.8.2
AUDIT_VERSION = 2.8.4
AUDIT_SITE = http://people.redhat.com/sgrubb/audit
AUDIT_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries)
AUDIT_LICENSE_FILES = COPYING COPYING.LIB
@@ -38,7 +38,7 @@ AUDIT_CONF_OPTS += --disable-systemd
endif
define AUDIT_INSTALL_INIT_SYSV
$(INSTALL) -D -m 755 package/audit/S01auditd $(TARGET_DIR)/etc/init.d/S01auditd
$(INSTALL) -D -m 755 package/audit/S02auditd $(TARGET_DIR)/etc/init.d/S02auditd
endef
define AUDIT_INSTALL_INIT_SYSTEMD
@@ -1,74 +0,0 @@
From 254dc19788ba2a03504fc6d1036fef477a60035f Mon Sep 17 00:00:00 2001
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Fri, 22 Jan 2016 08:31:02 -0300
Subject: [PATCH] Rename ptrsize to ptr_size
This is to compensate for a uClibc mess caused by commit
70a04a287a2875c82e6822c36e071afba5b63a62 where ptrsize is defined for
mips, hence causing build breakage under certain conditions for programs
that use this variable name.
Status: definitely not upstreamable.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
lib/dns/rbt.c | 6 +++---
lib/dns/rbtdb.c | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
index 86b5183..5fd55de 100644
--- a/lib/dns/rbt.c
+++ b/lib/dns/rbt.c
@@ -113,7 +113,7 @@ struct file_header {
* information about the system on which the map file was generated
* will be used to tell if we can load the map file or not
*/
- isc_uint32_t ptrsize;
+ isc_uint32_t ptr_size;
unsigned int bigendian:1; /* big or little endian system */
unsigned int rdataset_fixed:1; /* compiled with --enable-rrset-fixed */
unsigned int nodecount; /* shadow from rbt structure */
@@ -517,7 +517,7 @@ write_header(FILE *file, dns_rbt_t *rbt, isc_uint64_t first_node_offset,
memmove(header.version1, FILE_VERSION, sizeof(header.version1));
memmove(header.version2, FILE_VERSION, sizeof(header.version2));
header.first_node_offset = first_node_offset;
- header.ptrsize = (isc_uint32_t) sizeof(void *);
+ header.ptr_size = (isc_uint32_t) sizeof(void *);
header.bigendian = (1 == htonl(1)) ? 1 : 0;
#ifdef DNS_RDATASET_FIXED
@@ -902,7 +902,7 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize,
}
#endif
- if (header->ptrsize != (isc_uint32_t) sizeof(void *)) {
+ if (header->ptr_size != (isc_uint32_t) sizeof(void *)) {
result = ISC_R_INVALIDFILE;
goto cleanup;
}
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index c7168cb..dbcf944 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -114,7 +114,7 @@ typedef struct rbtdb_file_header rbtdb_file_header_t;
struct rbtdb_file_header {
char version1[32];
- isc_uint32_t ptrsize;
+ isc_uint32_t ptr_size;
unsigned int bigendian:1;
isc_uint64_t tree;
isc_uint64_t nsec;
@@ -7593,7 +7593,7 @@ rbtdb_write_header(FILE *rbtfile, off_t tree_location, off_t nsec_location,
memset(&header, 0, sizeof(rbtdb_file_header_t));
memmove(header.version1, FILE_VERSION, sizeof(header.version1));
memmove(header.version2, FILE_VERSION, sizeof(header.version2));
- header.ptrsize = (isc_uint32_t) sizeof(void *);
+ header.ptr_size = (isc_uint32_t) sizeof(void *);
header.bigendian = (1 == htonl(1)) ? 1 : 0;
header.tree = (isc_uint64_t) tree_location;
header.nsec = (isc_uint64_t) nsec_location;
--
2.4.10
+2 -2
View File
@@ -1,4 +1,4 @@
# Verified from https://ftp.isc.org/isc/bind9/9.11.4-P1/bind-9.11.4-P1.tar.gz.asc
# Verified from https://ftp.isc.org/isc/bind9/9.11.5/bind-9.11.5.tar.gz.asc
# with key BE0E9748B718253A28BB89FFF1B11BF05CF02E57
sha256 a85af7b629109d41285c7adeae1515daac638bbe4d5dc30d1f4b343dff09d811 bind-9.11.4-P2.tar.gz
sha256 a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322 bind-9.11.5.tar.gz
sha256 336f3c40e37a1a13690efb4c63e20908faa4c40498cc02f3579fb67d3a1933a5 COPYRIGHT
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
BIND_VERSION = 9.11.4-P2
BIND_VERSION = 9.11.5
BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
# bind does not support parallel builds.
BIND_MAKE = $(MAKE1)
@@ -1,22 +0,0 @@
bfd/ChangeLog
2016-08-23 Nick Clifton <address@hidden>
* elf32-arm.c (elf32_arm_count_additional_relocs): Return zero if
there is no arm data associated with the section.
[Thomas: taken from https://lists.gnu.org/archive/html/bug-binutils/2016-08/msg00165.html.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c
index 1eba21b..4478238 100644
--- a/bfd/elf32-arm.c
+++ b/bfd/elf32-arm.c
@@ -18688,7 +18688,7 @@ elf32_arm_count_additional_relocs (asection *sec)
{
struct _arm_elf_section_data *arm_data;
arm_data = get_arm_elf_section_data (sec);
- return arm_data->additional_reloc_count;
+ return arm_data == NULL ? 0 : arm_data->additional_reloc_count;
}
/* Called to set the sh_flags, sh_link and sh_info fields of OSECTION which
-46
View File
@@ -1,46 +0,0 @@
From 1ceee199e9a32034c6def7700fdbb26335ca76a3 Mon Sep 17 00:00:00 2001
From: Romain Naour <romain.naour@gmail.com>
Date: Fri, 25 Dec 2015 11:38:13 +0100
Subject: [PATCH] sh-conf
Likewise, binutils has no idea about any of these new targets either, so we
fix that up too.. now we're able to actually build a real toolchain for
sh2a_nofpu- and other more ineptly named toolchains (and yes, there are more
inept targets than that one, really. Go look, I promise).
[Romain: rebase on top of 2.26]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
---
configure | 2 +-
configure.ac | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure b/configure
index 34b66f7..905bc7b 100755
--- a/configure
+++ b/configure
@@ -3939,7 +3939,7 @@ case "${target}" in
or1k*-*-*)
noconfigdirs="$noconfigdirs gdb"
;;
- sh-*-* | sh64-*-*)
+ sh*-*-* | sh64-*-*)
case "${target}" in
sh*-*-elf)
;;
diff --git a/configure.ac b/configure.ac
index 4977d97..1e69ee2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1276,7 +1276,7 @@ case "${target}" in
or1k*-*-*)
noconfigdirs="$noconfigdirs gdb"
;;
- sh-*-* | sh64-*-*)
+ sh*-*-* | sh64-*-*)
case "${target}" in
sh*-*-elf)
;;
--
2.4.3
@@ -1,33 +0,0 @@
From 78fb7e37eb8bb08ae537d6c487996ff17c810332 Mon Sep 17 00:00:00 2001
From: Trevor Saunders <tbsaunde+binutils@tbsaunde.org>
Date: Mon, 26 Sep 2016 12:42:11 -0400
Subject: [PATCH] tc-xtensa.c: fixup xg_reverse_shift_count typo
gas/ChangeLog:
2016-09-26 Trevor Saunders <tbsaunde+binutils@tbsaunde.org>
* config/tc-xtensa.c (xg_reverse_shift_count): Pass cnt_arg instead of
cnt_argp to concat.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gas/config/tc-xtensa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gas/config/tc-xtensa.c b/gas/config/tc-xtensa.c
index d062044..ca261ae 100644
--- a/gas/config/tc-xtensa.c
+++ b/gas/config/tc-xtensa.c
@@ -2228,7 +2228,7 @@ xg_reverse_shift_count (char **cnt_argp)
cnt_arg = *cnt_argp;
/* replace the argument with "31-(argument)" */
- new_arg = concat ("31-(", cnt_argp, ")", (char *) NULL);
+ new_arg = concat ("31-(", cnt_arg, ")", (char *) NULL);
free (cnt_arg);
*cnt_argp = new_arg;
--
2.1.4
@@ -1,42 +0,0 @@
From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Wed, 2 Aug 2017 00:36:05 -0700
Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.
They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
change should not affect processing of valid assembly/binary code.
bfd/
2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
entries for sysregs with negative indices.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
bfd/xtensa-isa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
index 8da75bea8109..8c6ee88fdeae 100644
--- a/bfd/xtensa-isa.c
+++ b/bfd/xtensa-isa.c
@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
xtensa_sysreg_internal *sreg = &isa->sysregs[n];
is_user = sreg->is_user;
- isa->sysreg_table[is_user][sreg->number] = n;
+ if (sreg->number >= 0)
+ isa->sysreg_table[is_user][sreg->number] = n;
}
/* Set up the interface lookup table. */
--
2.1.4
@@ -1,41 +0,0 @@
From d76a7549b43974fe8564971a3f40459bc495a8a7 Mon Sep 17 00:00:00 2001
From: Romain Naour <romain.naour@gmail.com>
Date: Fri, 25 Dec 2015 11:40:53 +0100
Subject: [PATCH] ld-makefile
[Romain: rebase on top of 2.26]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
---
ld/Makefile.am | 2 +-
ld/Makefile.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ld/Makefile.am b/ld/Makefile.am
index 0b3b049..3871c74 100644
--- a/ld/Makefile.am
+++ b/ld/Makefile.am
@@ -57,7 +57,7 @@ endif
# We put the scripts in the directory $(scriptdir)/ldscripts.
# We can't put the scripts in $(datadir) because the SEARCH_DIR
# directives need to be different for native and cross linkers.
-scriptdir = $(tooldir)/lib
+scriptdir = $(libdir)
EMUL = @EMUL@
EMULATION_OFILES = @EMULATION_OFILES@
diff --git a/ld/Makefile.in b/ld/Makefile.in
index ed98f87..530e4c9 100644
--- a/ld/Makefile.in
+++ b/ld/Makefile.in
@@ -413,7 +413,7 @@ AM_CFLAGS = $(WARN_CFLAGS) $(ELF_CLFAGS)
# We put the scripts in the directory $(scriptdir)/ldscripts.
# We can't put the scripts in $(datadir) because the SEARCH_DIR
# directives need to be different for native and cross linkers.
-scriptdir = $(tooldir)/lib
+scriptdir = $(libdir)
BASEDIR = $(srcdir)/..
BFDDIR = $(BASEDIR)/bfd
INCDIR = $(BASEDIR)/include
--
2.4.3
@@ -1,36 +0,0 @@
From ebe1cba46df52d7bf86def3d681271fd05fb453b Mon Sep 17 00:00:00 2001
From: Romain Naour <romain.naour@gmail.com>
Date: Fri, 25 Dec 2015 11:41:47 +0100
Subject: [PATCH] check-ldrunpath-length
[Romain: rebase on top of 2.26]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
---
ld/emultempl/elf32.em | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ld/emultempl/elf32.em b/ld/emultempl/elf32.em
index 0405d4f..efd3300 100644
--- a/ld/emultempl/elf32.em
+++ b/ld/emultempl/elf32.em
@@ -1242,6 +1242,8 @@ fragment <<EOF
&& command_line.rpath == NULL)
{
lib_path = (const char *) getenv ("LD_RUN_PATH");
+ if ((lib_path) && (strlen (lib_path) == 0))
+ lib_path = NULL;
if (gld${EMULATION_NAME}_search_needed (lib_path, &n,
force))
break;
@@ -1523,6 +1525,8 @@ gld${EMULATION_NAME}_before_allocation (void)
rpath = command_line.rpath;
if (rpath == NULL)
rpath = (const char *) getenv ("LD_RUN_PATH");
+ if ((rpath) && (strlen (rpath) == 0))
+ rpath = NULL;
for (abfd = link_info.input_bfds; abfd; abfd = abfd->link.next)
if (bfd_get_flavour (abfd) == bfd_target_elf_flavour)
--
2.4.3
@@ -1,52 +0,0 @@
From 30628870e583375f8927c04398c7219c6e9f703c Mon Sep 17 00:00:00 2001
From: Romain Naour <romain.naour@gmail.com>
Date: Fri, 25 Dec 2015 11:42:48 +0100
Subject: [PATCH] add sysroot fix from bug #3049
Always try to prepend the sysroot prefix to absolute filenames first.
http://bugs.gentoo.org/275666
http://sourceware.org/bugzilla/show_bug.cgi?id=10340
Signed-off-by: Sven Rebhan <odinshorse@googlemail.com>
[Romain: rebase on top of 2.26]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
---
ld/ldfile.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/ld/ldfile.c b/ld/ldfile.c
index 96f9ecc..1439309 100644
--- a/ld/ldfile.c
+++ b/ld/ldfile.c
@@ -335,18 +335,25 @@ ldfile_open_file_search (const char *arch,
directory first. */
if (! entry->flags.maybe_archive)
{
- if (entry->flags.sysrooted && IS_ABSOLUTE_PATH (entry->filename))
+ /* For absolute pathnames, try to always open the file in the
+ sysroot first. If this fails, try to open the file at the
+ given location. */
+ entry->flags.sysrooted = is_sysrooted_pathname (entry->filename);
+ if (!entry->flags.sysrooted && IS_ABSOLUTE_PATH (entry->filename)
+ && ld_sysroot)
{
char *name = concat (ld_sysroot, entry->filename,
(const char *) NULL);
if (ldfile_try_open_bfd (name, entry))
{
entry->filename = name;
+ entry->flags.sysrooted = TRUE;
return TRUE;
}
free (name);
}
- else if (ldfile_try_open_bfd (entry->filename, entry))
+
+ if (ldfile_try_open_bfd (entry->filename, entry))
return TRUE;
if (IS_ABSOLUTE_PATH (entry->filename))
--
2.4.3
@@ -1,306 +0,0 @@
From be366461dd49e760440fb28eaee5164eb281adcc Mon Sep 17 00:00:00 2001
From: Romain Naour <romain.naour@gmail.com>
Date: Fri, 25 Dec 2015 11:45:38 +0100
Subject: [PATCH] poison-system-directories
Patch adapted to binutils 2.23.2 and extended to use
BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni.
[Romain: rebase on top of 2.26]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[Gustavo: adapt to binutils 2.25]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Upstream-Status: Inappropriate [distribution: codesourcery]
Patch originally created by Mark Hatle, forward-ported to
binutils 2.21 by Scott Garman.
purpose: warn for uses of system directories when cross linking
Code Merged from Sourcery G++ binutils 2.19 - 4.4-277
2008-07-02 Joseph Myers <joseph@codesourcery.com>
ld/
* ld.h (args_type): Add error_poison_system_directories.
* ld.texinfo (--error-poison-system-directories): Document.
* ldfile.c (ldfile_add_library_path): Check
command_line.error_poison_system_directories.
* ldmain.c (main): Initialize
command_line.error_poison_system_directories.
* lexsup.c (enum option_values): Add
OPTION_ERROR_POISON_SYSTEM_DIRECTORIES.
(ld_options): Add --error-poison-system-directories.
(parse_args): Handle new option.
2007-06-13 Joseph Myers <joseph@codesourcery.com>
ld/
* config.in: Regenerate.
* ld.h (args_type): Add poison_system_directories.
* ld.texinfo (--no-poison-system-directories): Document.
* ldfile.c (ldfile_add_library_path): Check
command_line.poison_system_directories.
* ldmain.c (main): Initialize
command_line.poison_system_directories.
* lexsup.c (enum option_values): Add
OPTION_NO_POISON_SYSTEM_DIRECTORIES.
(ld_options): Add --no-poison-system-directories.
(parse_args): Handle new option.
2007-04-20 Joseph Myers <joseph@codesourcery.com>
Merge from Sourcery G++ binutils 2.17:
2007-03-20 Joseph Myers <joseph@codesourcery.com>
Based on patch by Mark Hatle <mark.hatle@windriver.com>.
ld/
* configure.ac (--enable-poison-system-directories): New option.
* configure, config.in: Regenerate.
* ldfile.c (ldfile_add_library_path): If
ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib,
/usr/lib, /usr/local/lib or /usr/X11R6/lib.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
ld/config.in | 3 +++
ld/configure | 14 ++++++++++++++
ld/configure.ac | 10 ++++++++++
ld/ld.h | 8 ++++++++
ld/ld.texinfo | 12 ++++++++++++
ld/ldfile.c | 17 +++++++++++++++++
ld/ldlex.h | 2 ++
ld/ldmain.c | 2 ++
ld/lexsup.c | 21 +++++++++++++++++++++
9 files changed, 89 insertions(+)
diff --git a/ld/config.in b/ld/config.in
index 276fb77..35c58eb 100644
--- a/ld/config.in
+++ b/ld/config.in
@@ -14,6 +14,9 @@
language is requested. */
#undef ENABLE_NLS
+/* Define to warn for use of native system library directories */
+#undef ENABLE_POISON_SYSTEM_DIRECTORIES
+
/* Additional extension a shared object might have. */
#undef EXTRA_SHLIB_EXTENSION
diff --git a/ld/configure b/ld/configure
index a446283..d1f9504 100755
--- a/ld/configure
+++ b/ld/configure
@@ -786,6 +786,7 @@ with_lib_path
enable_targets
enable_64_bit_bfd
with_sysroot
+enable_poison_system_directories
enable_gold
enable_got
enable_compressed_debug_sections
@@ -1442,6 +1443,8 @@ Optional Features:
--disable-largefile omit support for large files
--enable-targets alternative target configurations
--enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes)
+ --enable-poison-system-directories
+ warn for use of native system library directories
--enable-gold[=ARG] build gold [ARG={default,yes,no}]
--enable-got=<type> GOT handling scheme (target, single, negative,
multigot)
@@ -15491,7 +15494,18 @@ else
fi
+# Check whether --enable-poison-system-directories was given.
+if test "${enable_poison_system_directories+set}" = set; then :
+ enableval=$enable_poison_system_directories;
+else
+ enable_poison_system_directories=no
+fi
+
+if test "x${enable_poison_system_directories}" = "xyes"; then
+$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
+
+fi
# Check whether --enable-got was given.
if test "${enable_got+set}" = set; then :
diff --git a/ld/configure.ac b/ld/configure.ac
index 188172d..2cd8443 100644
--- a/ld/configure.ac
+++ b/ld/configure.ac
@@ -95,6 +95,16 @@ AC_SUBST(use_sysroot)
AC_SUBST(TARGET_SYSTEM_ROOT)
AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
+AC_ARG_ENABLE([poison-system-directories],
+ AS_HELP_STRING([--enable-poison-system-directories],
+ [warn for use of native system library directories]),,
+ [enable_poison_system_directories=no])
+if test "x${enable_poison_system_directories}" = "xyes"; then
+ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
+ [1],
+ [Define to warn for use of native system library directories])
+fi
+
dnl Use --enable-gold to decide if this linker should be the default.
dnl "install_as_default" is set to false if gold is the default linker.
dnl "installed_linker" is the installed BFD linker name.
diff --git a/ld/ld.h b/ld/ld.h
index d84ec4e..3476b26 100644
--- a/ld/ld.h
+++ b/ld/ld.h
@@ -164,6 +164,14 @@ typedef struct {
/* If set, display the target memory usage (per memory region). */
bfd_boolean print_memory_usage;
+ /* If TRUE (the default) warn for uses of system directories when
+ cross linking. */
+ bfd_boolean poison_system_directories;
+
+ /* If TRUE (default FALSE) give an error for uses of system
+ directories when cross linking instead of a warning. */
+ bfd_boolean error_poison_system_directories;
+
/* Big or little endian as set on command line. */
enum endian_enum endian;
diff --git a/ld/ld.texinfo b/ld/ld.texinfo
index 1dd7492..fb1438e 100644
--- a/ld/ld.texinfo
+++ b/ld/ld.texinfo
@@ -2332,6 +2332,18 @@ string identifying the original linked file does not change.
Passing @code{none} for @var{style} disables the setting from any
@code{--build-id} options earlier on the command line.
+
+@kindex --no-poison-system-directories
+@item --no-poison-system-directories
+Do not warn for @option{-L} options using system directories such as
+@file{/usr/lib} when cross linking. This option is intended for use
+in chroot environments when such directories contain the correct
+libraries for the target system rather than the host.
+
+@kindex --error-poison-system-directories
+@item --error-poison-system-directories
+Give an error instead of a warning for @option{-L} options using
+system directories when cross linking.
@end table
@c man end
diff --git a/ld/ldfile.c b/ld/ldfile.c
index 1439309..086b354 100644
--- a/ld/ldfile.c
+++ b/ld/ldfile.c
@@ -114,6 +114,23 @@ ldfile_add_library_path (const char *name, bfd_boolean cmdline)
new_dirs->name = concat (ld_sysroot, name + 1, (const char *) NULL);
else
new_dirs->name = xstrdup (name);
+
+#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
+ if (command_line.poison_system_directories
+ && ((!strncmp (name, "/lib", 4))
+ || (!strncmp (name, "/usr/lib", 8))
+ || (!strncmp (name, "/usr/local/lib", 14))
+ || (!strncmp (name, "/usr/X11R6/lib", 14))))
+ {
+ if (command_line.error_poison_system_directories)
+ einfo (_("%X%P: error: library search path \"%s\" is unsafe for "
+ "cross-compilation\n"), name);
+ else
+ einfo (_("%P: warning: library search path \"%s\" is unsafe for "
+ "cross-compilation\n"), name);
+ }
+#endif
+
}
/* Try to open a BFD for a lang_input_statement. */
diff --git a/ld/ldlex.h b/ld/ldlex.h
index 6f11e7b..0ca3110 100644
--- a/ld/ldlex.h
+++ b/ld/ldlex.h
@@ -144,6 +144,8 @@ enum option_values
OPTION_PRINT_MEMORY_USAGE,
OPTION_REQUIRE_DEFINED_SYMBOL,
OPTION_ORPHAN_HANDLING,
+ OPTION_NO_POISON_SYSTEM_DIRECTORIES,
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES,
};
/* The initial parser states. */
diff --git a/ld/ldmain.c b/ld/ldmain.c
index bb0b9cc..a23c56c 100644
--- a/ld/ldmain.c
+++ b/ld/ldmain.c
@@ -257,6 +257,8 @@ main (int argc, char **argv)
command_line.warn_mismatch = TRUE;
command_line.warn_search_mismatch = TRUE;
command_line.check_section_addresses = -1;
+ command_line.poison_system_directories = TRUE;
+ command_line.error_poison_system_directories = FALSE;
/* We initialize DEMANGLING based on the environment variable
COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the
diff --git a/ld/lexsup.c b/ld/lexsup.c
index 4cad209..be7d584 100644
--- a/ld/lexsup.c
+++ b/ld/lexsup.c
@@ -530,6 +530,14 @@ static const struct ld_option ld_options[] =
{ {"orphan-handling", required_argument, NULL, OPTION_ORPHAN_HANDLING},
'\0', N_("=MODE"), N_("Control how orphan sections are handled."),
TWO_DASHES },
+ { {"no-poison-system-directories", no_argument, NULL,
+ OPTION_NO_POISON_SYSTEM_DIRECTORIES},
+ '\0', NULL, N_("Do not warn for -L options using system directories"),
+ TWO_DASHES },
+ { {"error-poison-system-directories", no_argument, NULL,
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES},
+ '\0', NULL, N_("Give an error for -L options using system directories"),
+ TWO_DASHES },
};
#define OPTION_COUNT ARRAY_SIZE (ld_options)
@@ -542,6 +550,7 @@ parse_args (unsigned argc, char **argv)
int ingroup = 0;
char *default_dirlist = NULL;
char *shortopts;
+ char *BR_paranoid_env;
struct option *longopts;
struct option *really_longopts;
int last_optind;
@@ -1516,6 +1525,14 @@ parse_args (unsigned argc, char **argv)
}
break;
+ case OPTION_NO_POISON_SYSTEM_DIRECTORIES:
+ command_line.poison_system_directories = FALSE;
+ break;
+
+ case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES:
+ command_line.error_poison_system_directories = TRUE;
+ break;
+
case OPTION_PUSH_STATE:
input_flags.pushed = xmemdup (&input_flags,
sizeof (input_flags),
@@ -1559,6 +1576,10 @@ parse_args (unsigned argc, char **argv)
command_line.soname = NULL;
}
+ BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
+ if (BR_paranoid_env && strlen(BR_paranoid_env) > 0)
+ command_line.error_poison_system_directories = TRUE;
+
while (ingroup)
{
lang_leave_group ();
--
2.4.3
@@ -1,36 +0,0 @@
From c646b02fdcae5f37bd88f33a0c4683ef13ad5c82 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Mon, 31 Oct 2016 12:46:38 +1030
Subject: [PATCH] Revert part "Set dynamic tag VMA and size from dynamic
section when possible"
PR 20748
* elf32-microblaze.c (microblaze_elf_finish_dynamic_sections): Revert
2016-05-13 change.
Signed-off-by: Alan Modra <amodra@gmail.com>
Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
diff --git a/bfd/elf32-microblaze.c b/bfd/elf32-microblaze.c
index 477e7b3..5c66808 100644
--- a/bfd/elf32-microblaze.c
+++ b/bfd/elf32-microblaze.c
@@ -3396,13 +3396,13 @@ microblaze_elf_finish_dynamic_sections (bfd *output_bfd,
{
asection *s;
- s = bfd_get_linker_section (dynobj, name);
+ s = bfd_get_section_by_name (output_bfd, name);
if (s == NULL)
dyn.d_un.d_val = 0;
else
{
if (! size)
- dyn.d_un.d_ptr = s->output_section->vma + s->output_offset;
+ dyn.d_un.d_ptr = s->vma;
else
dyn.d_un.d_val = s->size;
}
--
2.1.4
@@ -1,33 +0,0 @@
Fix ld segfault for microblaze when --gc-sections is used
Upstream: pending
https://sourceware.org/bugzilla/show_bug.cgi?id=21180
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
diff -Nur binutils-2.27.orig/bfd/elf32-microblaze.c binutils-2.27/bfd/elf32-microblaze.c
--- binutils-2.27.orig/bfd/elf32-microblaze.c 2016-08-03 09:36:50.000000000 +0200
+++ binutils-2.27/bfd/elf32-microblaze.c 2017-02-23 19:43:12.612313590 +0100
@@ -3297,13 +3297,20 @@
|| h->dynindx == -1))
{
asection *sec = h->root.u.def.section;
+ bfd_vma value;
+
+ value = h->root.u.def.value;
+ if (sec->output_section != NULL)
+ /* PR 21180: If the output section is NULL, then the symbol is no
+ longer needed, and in theory the GOT entry is redundant. But
+ it is too late to change our minds now... */
+ value += sec->output_section->vma + sec->output_offset;
+
microblaze_elf_output_dynamic_relocation (output_bfd,
srela, srela->reloc_count++,
/* symindex= */ 0,
R_MICROBLAZE_REL, offset,
- h->root.u.def.value
- + sec->output_section->vma
- + sec->output_offset);
+ value);
}
else
{
@@ -1,88 +0,0 @@
From 29a4659015ca7044c2d425d32a0b828e0fbb5ac1 Mon Sep 17 00:00:00 2001
From: Richard Earnshaw <Richard.Earnshaw@arm.com>
Date: Wed, 7 Sep 2016 17:14:54 +0100
Subject: [PATCH] Automatically enable CRC instructions on supported ARMv8-A
CPUs.
2016-09-07 Richard Earnshaw <rearnsha@arm.com>
* opcode/arm.h (ARM_ARCH_V8A_CRC): New architecture.
2016-09-07 Richard Earnshaw <rearnsha@arm.com>
* config/tc-arm.c ((arm_cpus): Use ARM_ARCH_V8A_CRC for all
ARMv8-A CPUs except xgene1.
Upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=27e5a270962fb92c07e7d476966ba380fa3bb68e
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
gas/config/tc-arm.c | 18 +++++++++---------
include/opcode/arm.h | 2 ++
2 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c
index 73d05316..7c86184d 100644
--- a/gas/config/tc-arm.c
+++ b/gas/config/tc-arm.c
@@ -25332,17 +25332,17 @@ static const struct arm_cpu_option_table arm_cpus[] =
"Cortex-A15"),
ARM_CPU_OPT ("cortex-a17", ARM_ARCH_V7VE, FPU_ARCH_NEON_VFP_V4,
"Cortex-A17"),
- ARM_CPU_OPT ("cortex-a32", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("cortex-a32", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Cortex-A32"),
- ARM_CPU_OPT ("cortex-a35", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("cortex-a35", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Cortex-A35"),
- ARM_CPU_OPT ("cortex-a53", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("cortex-a53", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Cortex-A53"),
- ARM_CPU_OPT ("cortex-a57", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("cortex-a57", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Cortex-A57"),
- ARM_CPU_OPT ("cortex-a72", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("cortex-a72", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Cortex-A72"),
- ARM_CPU_OPT ("cortex-a73", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("cortex-a73", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Cortex-A73"),
ARM_CPU_OPT ("cortex-r4", ARM_ARCH_V7R, FPU_NONE, "Cortex-R4"),
ARM_CPU_OPT ("cortex-r4f", ARM_ARCH_V7R, FPU_ARCH_VFP_V3D16,
@@ -25361,10 +25361,10 @@ static const struct arm_cpu_option_table arm_cpus[] =
ARM_CPU_OPT ("cortex-m1", ARM_ARCH_V6SM, FPU_NONE, "Cortex-M1"),
ARM_CPU_OPT ("cortex-m0", ARM_ARCH_V6SM, FPU_NONE, "Cortex-M0"),
ARM_CPU_OPT ("cortex-m0plus", ARM_ARCH_V6SM, FPU_NONE, "Cortex-M0+"),
- ARM_CPU_OPT ("exynos-m1", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("exynos-m1", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Samsung " \
"Exynos M1"),
- ARM_CPU_OPT ("qdf24xx", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("qdf24xx", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"Qualcomm "
"QDF24XX"),
@@ -25389,7 +25389,7 @@ static const struct arm_cpu_option_table arm_cpus[] =
/* APM X-Gene family. */
ARM_CPU_OPT ("xgene1", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"APM X-Gene 1"),
- ARM_CPU_OPT ("xgene2", ARM_ARCH_V8A, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ ARM_CPU_OPT ("xgene2", ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
"APM X-Gene 2"),
{ NULL, 0, ARM_ARCH_NONE, ARM_ARCH_NONE, NULL }
diff --git a/include/opcode/arm.h b/include/opcode/arm.h
index 60715cf8..feace5cd 100644
--- a/include/opcode/arm.h
+++ b/include/opcode/arm.h
@@ -263,6 +263,8 @@
#define ARM_ARCH_V7M ARM_FEATURE_CORE (ARM_AEXT_V7M, ARM_EXT2_V6T2_V8M)
#define ARM_ARCH_V7EM ARM_FEATURE_CORE (ARM_AEXT_V7EM, ARM_EXT2_V6T2_V8M)
#define ARM_ARCH_V8A ARM_FEATURE_CORE (ARM_AEXT_V8A, ARM_AEXT2_V8A)
+#define ARM_ARCH_V8A_CRC ARM_FEATURE (ARM_AEXT_V8A, ARM_AEXT2_V8A, \
+ CRC_EXT_ARMV8)
#define ARM_ARCH_V8_1A ARM_FEATURE (ARM_AEXT_V8A, ARM_AEXT2_V8_1A, \
CRC_EXT_ARMV8 | FPU_NEON_EXT_RDMA)
#define ARM_ARCH_V8_2A ARM_FEATURE (ARM_AEXT_V8A, ARM_AEXT2_V8_2A, \
--
2.11.0
+6
View File
@@ -1,5 +1,11 @@
comment "Binutils Options"
config BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI
bool
default y
depends on !BR2_microblaze
depends on !(BR2_nios2 && (BR2_BINUTILS_VERSION_2_28_X || BR2_BINUTILS_VERSION_2_29_X))
choice
prompt "Binutils Version"
default BR2_BINUTILS_VERSION_2_28_X if BR2_ARM_INSTRUCTIONS_THUMB
@@ -1,4 +1,4 @@
From b60b613e7c2c9bf7a142c3c486ac6e77ad93f5d1 Mon Sep 17 00:00:00 2001
From 7289e5a378ba13801996a84d89d8fe95c3fc4c11 Mon Sep 17 00:00:00 2001
From: Adrian Perez de Castro <aperez@igalia.com>
Date: Mon, 26 Mar 2018 19:08:31 +0100
Subject: [PATCH] CMake: Allow using BUILD_SHARED_LIBS to choose static/shared
@@ -27,7 +27,7 @@ Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Upstream-Status: Submitted [https://github.com/google/brotli/pull/655]
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 99b9258..3867931 100644
index fc45f80..3f87f13 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -6,6 +6,8 @@ cmake_minimum_required(VERSION 2.8.6)
@@ -120,25 +120,25 @@ index 99b9258..3867931 100644
DIRECTORY ${BROTLI_INCLUDE_DIRS}/brotli
DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
diff --git a/c/fuzz/test_fuzzer.sh b/c/fuzz/test_fuzzer.sh
index 5c754e1..e85e12f 100755
index 9985194..4b99947 100755
--- a/c/fuzz/test_fuzzer.sh
+++ b/c/fuzz/test_fuzzer.sh
@@ -14,12 +14,12 @@ mkdir bin
@@ -13,12 +13,12 @@ mkdir bin
cd bin
cmake $BROTLI -DCMAKE_C_COMPILER="$CC" -DCMAKE_CXX_COMPILER="$CXX" \
cmake $BROTLI -DCMAKE_C_COMPILER="$CC" \
- -DBUILD_TESTING=OFF -DENABLE_SANITIZER=address
-make -j$(nproc) brotlidec-static
+ -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=OFF -DENABLE_SANITIZER=address
+make -j$(nproc) brotlidec
${CXX} -o run_decode_fuzzer -std=c++11 -fsanitize=address -I$SRC/include \
$SRC/fuzz/decode_fuzzer.cc $SRC/fuzz/run_decode_fuzzer.cc \
${CC} -o run_decode_fuzzer -std=c99 -fsanitize=address -I$SRC/include \
$SRC/fuzz/decode_fuzzer.c $SRC/fuzz/run_decode_fuzzer.c \
- ./libbrotlidec-static.a ./libbrotlicommon-static.a
+ ./libbrotlidec.a ./libbrotlicommon.a
mkdir decode_corpora
unzip $BROTLI/java/org/brotli/integration/fuzz_data.zip -d decode_corpora
--
2.16.3
2.19.1
@@ -1,31 +0,0 @@
From fea0b1e46c486225d57e730cc0f94fa06b5b93fc Mon Sep 17 00:00:00 2001
From: Adrian Perez de Castro <aperez@igalia.com>
Date: Mon, 26 Mar 2018 12:12:00 +0100
Subject: [PATCH] Tell CMake to not check for a C++ compiler
By default CMake checks both for C and C++ compilers, while the latter
is not needed. Setting the list of languages to just "C" in the call to
project() removes the unneeded check.
---
CMakeLists.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Upstream-Status: Submitted [https://github.com/google/brotli/pull/653]
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2dc7232..3fbcbfb 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -4,7 +4,7 @@
# support 2.8.7.
cmake_minimum_required(VERSION 2.8.6)
-project(brotli)
+project(brotli LANGUAGES C)
# If Brotli is being bundled in another project, we don't want to
# install anything. However, we want to let people override this, so
--
2.16.3
+1 -1
View File
@@ -1,5 +1,5 @@
# Locally generated:
sha512 93adcf437d730ac403e444285ac8aefbb2c8a6b5e1b064e8ee33684c067287a8159e0ee73d2217c167881e87da73fa494792d963a15508fd42b2ac4a5b52823c v1.0.3.tar.gz
sha512 a82362aa36d2f2094bca0b2808d9de0d57291fb3a4c29d7c0ca0a37e73087ec5ac4df299c8c363e61106fccf2fe7f58b5cf76eb97729e2696058ef43b1d3930a v1.0.7.tar.gz
# Hash for license files:
sha512 bae78184c2f50f86d8c727826d3982c469454c42b9af81f4ef007e39036434fa894cf5be3bf5fc65b7de2301f0a72d067a8186e303327db8a96bd14867e0a3a8 LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
BROTLI_VERSION = 1.0.3
BROTLI_VERSION = 1.0.7
BROTLI_SOURCE = v$(BROTLI_VERSION).tar.gz
BROTLI_SITE = https://github.com/google/brotli/archive
BROTLI_LICENSE = MIT
+3
View File
@@ -1,2 +1,5 @@
# Locally calculated after checking pgp signature
sha256 45d3c1fd29263ceec2afc8ff9cd06d5f8f889636eb4e80ce3cc7f0eaf7aadc6e c-ares-1.14.0.tar.gz
# Hash for license file
sha256 db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c LICENSE.md
+1 -2
View File
@@ -11,7 +11,6 @@ C_ARES_CONF_OPTS = --with-random=/dev/urandom
# Rebuild configure to avoid XC_CHECK_USER_CFLAGS
C_ARES_AUTORECONF = YES
C_ARES_LICENSE = MIT
# No standalone, use some source file
C_ARES_LICENSE_FILES = ares_mkquery.c
C_ARES_LICENSE_FILES = LICENSE.md
$(eval $(autotools-package))
+8 -4
View File
@@ -16,7 +16,7 @@ CA_CERTIFICATES_LICENSE = GPL-2.0+ (script), MPL-2.0 (data)
CA_CERTIFICATES_LICENSE_FILES = debian/copyright
define CA_CERTIFICATES_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) all
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) clean all
endef
define CA_CERTIFICATES_INSTALL_TARGET_CMDS
@@ -31,13 +31,17 @@ define CA_CERTIFICATES_INSTALL_TARGET_CMDS
# Create symlinks to certificates under /etc/ssl/certs
# and generate the bundle
cd $(TARGET_DIR) ;\
for i in `find usr/share/ca-certificates -name "*.crt"` ; do \
for i in `find usr/share/ca-certificates -name "*.crt" | LC_COLLATE=C sort` ; do \
ln -sf ../../../$$i etc/ssl/certs/`basename $${i} .crt`.pem ;\
cat $$i >>etc/ssl/certs/ca-certificates.crt ;\
done
cat $$i ;\
done >$(@D)/ca-certificates.crt
# Create symlinks to the certificates by their hash values
$(HOST_DIR)/bin/c_rehash $(TARGET_DIR)/etc/ssl/certs
# Install the certificates bundle
$(INSTALL) -D -m 644 $(@D)/ca-certificates.crt \
$(TARGET_DIR)/etc/ssl/certs/ca-certificates.crt
endef
$(eval $(generic-package))
+2 -1
View File
@@ -8,7 +8,8 @@ CUPS_FILTERS_VERSION = 1.20.3
CUPS_FILTERS_SITE = http://openprinting.org/download/cups-filters
CUPS_FILTERS_LICENSE = GPL-2.0, GPL-2.0+, GPL-3.0, GPL-3.0+, LGPL-2, LGPL-2.1+, MIT, BSD-4-Clause
CUPS_FILTERS_LICENSE_FILES = COPYING
# 0001-Replace-relative-linking-with-absolute-linking.patch
CUPS_FILTERS_AUTORECONF = YES
CUPS_FILTERS_DEPENDENCIES = cups libglib2 lcms2 qpdf fontconfig freetype jpeg
CUPS_FILTERS_CONF_OPTS = --disable-imagefilters \
+3 -3
View File
@@ -9,10 +9,10 @@ DANTE_SITE = http://www.inet.no/dante/files
DANTE_LICENSE = BSD-3-Clause
DANTE_LICENSE_FILES = LICENSE
# Dante uses a *VERY* old configure.ac
DANTE_LIBTOOL_PATCH = NO
# 0002-compiler.m4-do-not-remove-g-flag.patch touches a m4 file
DANTE_AUTORECONF = YES
DANTE_CONF_OPTS += --disable-client --disable-preload
DANTE_CONF_OPTS += --disable-client --disable-preload --without-pam
define DANTE_INSTALL_CONFIG_FILE
$(INSTALL) -D -m 644 $(@D)/example/sockd.conf \
@@ -0,0 +1,33 @@
From a4bd47f593fbe55bd3ab17532e64be74aff5b29d Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sat, 17 Nov 2018 11:38:05 +0100
Subject: [PATCH] easydbus is a C project file
Specify that easydbus is a C project file otherwise build will fail if
no C++ compiler is found by cmake
Fixes:
- http://autobuild.buildroot.org/results/486c3cd98124e7415dee2fd1463bd5e0fcc9ba91
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/mniestroj/easydbus/pull/2]
---
CMakeLists.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 58ccb2d..575eb24 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,7 +5,7 @@
#
cmake_minimum_required(VERSION 2.6)
-project(easydbus)
+project(easydbus C)
add_definitions("-Wall -Wextra -Wno-unused-parameter")
set(CMAKE_C_FLAGS_RELEASE "-O2")
--
2.17.1
@@ -1,4 +1,4 @@
From 1d8f27d73df6369b19ddd6732960df0d4fdec338 Mon Sep 17 00:00:00 2001
From 2688a0238eaf825d6659c16c012db0c16f07e197 Mon Sep 17 00:00:00 2001
From: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date: Mon, 29 May 2017 23:24:42 +0300
Subject: [PATCH] Really make -Werror conditional to BUILD_WERROR
@@ -20,17 +20,17 @@ Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
1 file changed, 1 deletion(-)
diff --git a/config/eu.am b/config/eu.am
index 8fe1e259f9e2..c5a6209a4e04 100644
index c2cc349ce876..99b368e09060 100644
--- a/config/eu.am
+++ b/config/eu.am
@@ -71,7 +71,6 @@ AM_CFLAGS = -std=gnu99 -Wall -Wshadow -Wformat=2 \
@@ -73,7 +73,6 @@ AM_CFLAGS = -std=gnu99 -Wall -Wshadow -Wformat=2 \
-Wold-style-definition -Wstrict-prototypes \
$(LOGICAL_OP_WARNING) $(DUPLICATED_COND_WARNING) \
$(NULL_DEREFERENCE_WARNING) $(IMPLICIT_FALLTHROUGH_WARNING) \
- $(if $($(*F)_no_Werror),,-Werror) \
$(if $($(*F)_no_Wunused),,-Wunused -Wextra) \
$(if $($(*F)_no_Wstack_usage),,$(STACK_USAGE_WARNING)) \
$($(*F)_CFLAGS)
$(if $($(*F)_no_Wpacked_not_aligned),-Wno-packed-not-aligned,) \
--
2.11.0
2.17.1
-24
View File
@@ -1,24 +0,0 @@
Disable the build of the po/ directory
Building the po/ directory complains that the scripts in there have
been generated with gettext 0.17, while we use gettext 0.18 in
Buildroot. Since we don't care that much about po files anyway, just
disable the build of this directory.
Based on the former patch by Thomas Petazzoni.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
diff -rup a/Makefile.am b/Makefile.am
--- a/Makefile.am 2014-11-07 15:14:39.018060884 +0000
+++ b/Makefile.am 2014-11-07 15:30:02.864918229 +0000
@@ -28,7 +28,7 @@ endif
# Add doc back when we have some real content.
SUBDIRS = config m4 lib libelf libebl libdwelf libdwfl libdw libcpu libasm \
- backends $(PROGS_SUBDIR) po tests
+ backends $(PROGS_SUBDIR) tests
EXTRA_DIST = elfutils.spec GPG-KEY NOTES CONTRIBUTING \
COPYING COPYING-GPLV2 COPYING-LGPLV3
-26
View File
@@ -1,26 +0,0 @@
Provide a compatibility alias __memcpy
For some reason, libelf uses the internal glibc alias __memcpy, which
doesn't exist in uClibc. Add a manual alias so that the build can
proceed with uClibc.
Based on the former patch by Thomas Petazzoni.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
diff -rup a/libelf/libelf.h b/libelf/libelf.h
--- a/libelf/libelf.h 2014-08-27 10:25:17.000000000 +0100
+++ b/libelf/libelf.h 2014-11-07 15:13:08.743508221 +0000
@@ -34,6 +34,11 @@
/* Get the ELF types. */
#include <elf.h>
+#ifndef _LIBC
+#ifndef __mempcpy
+#define __mempcpy mempcpy
+#endif
+#endif
/* Known translation types. */
typedef enum
+6 -2
View File
@@ -1,2 +1,6 @@
# From https://sourceware.org/elfutils/ftp/0.169/sha512.sum
sha512 0a81a20bb2aff533d035d6b76f1403437b2e11bce390db57e34b8c26e4b9b3150346d83dddcbfbbdc58063f046ca3223508dba35c6ce88e375d201e7a777a8b9 elfutils-0.169.tar.bz2
# From https://sourceware.org/elfutils/ftp/0.174/sha512.sum
sha512 696708309c2a9a076099748809ecdc0490f4a8a842b2efc1aae0d746e7c5a8b203743f5626739eff837216b0c052696516b2821f5d3cc3f2eef86597c96d42df elfutils-0.174.tar.bz2
# Locally calculated
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING-GPLV2
sha256 da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768 COPYING-LGPLV3
+2 -2
View File
@@ -4,12 +4,12 @@
#
################################################################################
ELFUTILS_VERSION = 0.169
ELFUTILS_VERSION = 0.174
ELFUTILS_SOURCE = elfutils-$(ELFUTILS_VERSION).tar.bz2
ELFUTILS_SITE = https://sourceware.org/elfutils/ftp/$(ELFUTILS_VERSION)
ELFUTILS_INSTALL_STAGING = YES
ELFUTILS_LICENSE = GPL-2.0+ or LGPL-3.0+ (library)
ELFUTILS_LICENSE_FILES = COPYING-GPLV2 COPYING-LGPLV3
ELFUTILS_LICENSE_FILES = COPYING COPYING-GPLV2 COPYING-LGPLV3
ELFUTILS_DEPENDENCIES = zlib $(TARGET_NLS_DEPENDENCIES)
HOST_ELFUTILS_DEPENDENCIES = host-zlib host-bzip2 host-xz
+1
View File
@@ -22,6 +22,7 @@ config BR2_PACKAGE_ERLANG
depends on BR2_USE_MMU # fork()
depends on !BR2_STATIC_LIBS
depends on BR2_PACKAGE_ERLANG_ARCH_SUPPORTS
select BR2_PACKAGE_ZLIB
help
Erlang is a programming language used to build massively
scalable soft real-time systems with requirements on high
+1 -2
View File
@@ -69,10 +69,9 @@ else
ERLANG_CONF_OPTS += --without-odbc
endif
ifeq ($(BR2_PACKAGE_ZLIB),y)
# Always use Buildroot's zlib
ERLANG_CONF_OPTS += --enable-shared-zlib
ERLANG_DEPENDENCIES += zlib
endif
# Remove source, example, gs and wx files from staging and target.
ERLANG_REMOVE_PACKAGES = gs wx
+1
View File
@@ -12,6 +12,7 @@ FILE_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'
FILE_INSTALL_STAGING = YES
FILE_LICENSE = BSD-2-Clause, BSD-4-Clause (one file), BSD-3-Clause (one file)
FILE_LICENSE_FILES = COPYING src/mygetopt.h src/vasprintf.c
HOST_FILE_CONF_OPTS = --disable-libseccomp
ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
FILE_CONF_OPTS += --enable-libseccomp
+1 -1
View File
@@ -3,4 +3,4 @@ config BR2_PACKAGE_FREETYPE
help
a free, high-quality and portable font engine.
http://www.freetype.org/
https://www.freetype.org/
+5 -5
View File
@@ -1,9 +1,9 @@
# From https://sourceforge.net/projects/freetype/files/freetype2/2.8.1/
md5 bf0a210b6fe781228fa0e4a80691a521 freetype-2.8.1.tar.bz2
sha1 417bb3747c4ac95b6f2652024a53fad45581fa1c freetype-2.8.1.tar.bz2
# From https://sourceforge.net/projects/freetype/files/freetype2/2.9.1/
md5 60ef7d8160cd4bf8cb118ee9d65367ca freetype-2.9.1.tar.bz2
sha1 220c82062171c513e4017c523d196933c9de4a7d freetype-2.9.1.tar.bz2
# Locally calculated
sha256 e5435f02e02d2b87bb8e4efdcaa14b1f78c9cf3ab1ed80f94b6382fb6acc7d78 freetype-2.8.1.tar.bz2
sha256 db8d87ea720ea9d5edc5388fc7a0497bb11ba9fe972245e0f7f4c7e8b1e1e84d freetype-2.9.1.tar.bz2
sha256 fd056de4196903a676208ef58cfddafc7d583d1f28fa2e44c309cf84a59e62fb docs/LICENSE.TXT
sha256 4a9a548027a2c1d37788519dea833294c9c81f1ebc280e817f41f50d0c642d78 docs/FTL.TXT
sha256 08c135755dd589039470f1fdbb400daaabaaa50d0b366d19cebff4d22986baa1 docs/FTL.TXT
sha256 c4120c6752c910c299e3bd9cb3a46ff262c268303ca2069b61f92f10a5656c18 docs/GPLv2.TXT
+4 -18
View File
@@ -4,7 +4,7 @@
#
################################################################################
FREETYPE_VERSION = 2.8.1
FREETYPE_VERSION = 2.9.1
FREETYPE_SOURCE = freetype-$(FREETYPE_VERSION).tar.bz2
FREETYPE_SITE = http://download.savannah.gnu.org/releases/freetype
FREETYPE_INSTALL_STAGING = YES
@@ -17,18 +17,9 @@ FREETYPE_CONFIG_SCRIPTS = freetype-config
HOST_FREETYPE_DEPENDENCIES = host-pkgconf
HOST_FREETYPE_CONF_OPTS = --without-zlib --without-bzip2 --without-png
# Regen required because the tarball ships with an experimental ltmain.sh
# that can't be patched by our infra.
# autogen.sh is because autotools stuff lives in other directories and
# even AUTORECONF with _OPTS doesn't do it properly.
# POST_PATCH is because we still need to patch libtool after the regen.
define FREETYPE_RUN_AUTOGEN
cd $(@D) && PATH=$(BR_PATH) ./autogen.sh
endef
FREETYPE_POST_PATCH_HOOKS += FREETYPE_RUN_AUTOGEN
HOST_FREETYPE_POST_PATCH_HOOKS += FREETYPE_RUN_AUTOGEN
FREETYPE_DEPENDENCIES += host-automake host-autoconf host-libtool
HOST_FREETYPE_DEPENDENCIES += host-automake host-autoconf host-libtool
# since 2.9.1 needed for freetype-config install
FREETYPE_CONF_OPTS += --enable-freetype-config
HOST_FREETYPE_CONF_OPTS += --enable-freetype-config
ifeq ($(BR2_PACKAGE_ZLIB),y)
FREETYPE_DEPENDENCIES += zlib
@@ -72,8 +63,3 @@ FREETYPE_POST_INSTALL_STAGING_HOOKS += FREETYPE_FIX_CONFIG_FILE_LIBS
$(eval $(autotools-package))
$(eval $(host-autotools-package))
# freetype-patch and host-freetype-patch use autogen.sh so add
# host-automake as a order-only-prerequisite because it is a phony
# target.
$(FREETYPE_TARGET_PATCH) $(HOST_FREETYPE_TARGET_PATCH): | host-automake
+35
View File
@@ -0,0 +1,35 @@
From 33ba5e73ec09f1308f897128334e955debd9ea43 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Wed, 21 Nov 2018 08:58:25 +0100
Subject: [PATCH] rfc: needs srfi
ext/rfc needs srfi-19 since version 0.9.5 and
https://github.com/shirok/Gauche/commit/bd22bc82361c5eeb5d3b58c3836236566746bb96
So add a dependency on srfi for rfc target in Makefile.in
Fixes:
- http://autobuild.buildroot.org/results/f4935e29ce6aaebdaa47d46c56120b7e97145d1b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/shirok/Gauche/pull/397]
---
ext/Makefile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/Makefile.in b/ext/Makefile.in
index 57ddf457e..de8d59a4d 100644
--- a/ext/Makefile.in
+++ b/ext/Makefile.in
@@ -54,7 +54,7 @@ bcrypt: mt-random
dbm : threads
-rfc: gauche util
+rfc: gauche srfi util
test : check
--
2.14.1
@@ -0,0 +1,41 @@
From 960a2552f7b418134cdf7a31e96023a3811b98dd Mon Sep 17 00:00:00 2001
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Sun, 4 Nov 2018 23:55:59 -0800
Subject: [PATCH] gcc: xtensa: don't force PIC for uclinux target
xtensa-uclinux uses bFLT executable file format that cannot relocate
fields representing offsets from data to code. C++ objects built as PIC
use offsets to encode FDE structures. As a result C++ exception handling
doesn't work correctly on xtensa-uclinux. Don't use PIC by default on
xtensa-uclinux.
gcc/
2018-11-05 Max Filippov <jcmvbkbc@gmail.com>
* config/xtensa/uclinux.h (XTENSA_ALWAYS_PIC): Change to 0.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Backported from: r265823
gcc/config/xtensa/uclinux.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gcc/config/xtensa/uclinux.h b/gcc/config/xtensa/uclinux.h
index ba26187c8f7a..c7743df9d97c 100644
--- a/gcc/config/xtensa/uclinux.h
+++ b/gcc/config/xtensa/uclinux.h
@@ -59,8 +59,8 @@ along with GCC; see the file COPYING3. If not see
#undef LOCAL_LABEL_PREFIX
#define LOCAL_LABEL_PREFIX "."
-/* Always enable "-fpic" for Xtensa Linux. */
-#define XTENSA_ALWAYS_PIC 1
+/* Don't enable "-fpic" for Xtensa uclinux. */
+#define XTENSA_ALWAYS_PIC 0
#undef TARGET_LIBC_HAS_FUNCTION
#define TARGET_LIBC_HAS_FUNCTION no_c99_libc_has_function
--
2.11.0
@@ -0,0 +1,41 @@
From 960a2552f7b418134cdf7a31e96023a3811b98dd Mon Sep 17 00:00:00 2001
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Sun, 4 Nov 2018 23:55:59 -0800
Subject: [PATCH] gcc: xtensa: don't force PIC for uclinux target
xtensa-uclinux uses bFLT executable file format that cannot relocate
fields representing offsets from data to code. C++ objects built as PIC
use offsets to encode FDE structures. As a result C++ exception handling
doesn't work correctly on xtensa-uclinux. Don't use PIC by default on
xtensa-uclinux.
gcc/
2018-11-05 Max Filippov <jcmvbkbc@gmail.com>
* config/xtensa/uclinux.h (XTENSA_ALWAYS_PIC): Change to 0.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Backported from: r265823
gcc/config/xtensa/uclinux.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gcc/config/xtensa/uclinux.h b/gcc/config/xtensa/uclinux.h
index ba26187c8f7a..c7743df9d97c 100644
--- a/gcc/config/xtensa/uclinux.h
+++ b/gcc/config/xtensa/uclinux.h
@@ -59,8 +59,8 @@ along with GCC; see the file COPYING3. If not see
#undef LOCAL_LABEL_PREFIX
#define LOCAL_LABEL_PREFIX "."
-/* Always enable "-fpic" for Xtensa Linux. */
-#define XTENSA_ALWAYS_PIC 1
+/* Don't enable "-fpic" for Xtensa uclinux. */
+#define XTENSA_ALWAYS_PIC 0
#undef TARGET_LIBC_HAS_FUNCTION
#define TARGET_LIBC_HAS_FUNCTION no_c99_libc_has_function
--
2.11.0
+5
View File
@@ -83,6 +83,11 @@ ifeq ($(BR2_sparc),y)
HOST_GCC_FINAL_CONF_OPTS += --disable-libcilkrts
endif
# Pthreads are required to build libcilkrts
ifeq ($(BR2_PTHREADS_NONE),y)
HOST_GCC_FINAL_CONF_OPTS += --disable-libcilkrts
endif
# Disable shared libs like libstdc++ if we do static since it confuses linking
# In that case also disable libcilkrts as there is no static version
ifeq ($(BR2_STATIC_LIBS),y)
+2 -2
View File
@@ -1,5 +1,5 @@
# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/SHA512SUMS
sha512 7a1c0b7546ed523f50c1452d4a1c13fcf043d6060fc9708bbc4b543f66ecb1b619b6e71998094ac702ef44a2fd159b6523271de19b1cae352981ef51fb637651 ghostscript-9.25.tar.xz
# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/SHA512SUMS
sha512 3ddb83029edf32282357bf606f4045a9ac73df6543cd423cfad09158ec12ada083a0dbb5aac3b73ae24cbc6c1e9d7574257a5c1fae63ba8776fbb00150ef2a3e ghostscript-9.26.tar.xz
# Hash for license file:
sha256 6f852249f975287b3efd43a5883875e47fa9f3125e2f1b18b5c09517ac30ecf2 LICENSE
+2 -2
View File
@@ -4,8 +4,8 @@
#
################################################################################
GHOSTSCRIPT_VERSION = 9.25
GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925
GHOSTSCRIPT_VERSION = 9.26
GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926
GHOSTSCRIPT_SOURCE = ghostscript-$(GHOSTSCRIPT_VERSION).tar.xz
GHOSTSCRIPT_LICENSE = AGPL-3.0
GHOSTSCRIPT_LICENSE_FILES = LICENSE
+2
View File
@@ -18,6 +18,8 @@ GIFLIB_BINS = \
gifrsize gifspnge giftext giftool gifwedge icon2gif raw2gif rgb2gif \
text2gif
GIFLIB_CONF_ENV = ac_cv_prog_have_xmlto=no
define GIFLIB_BINS_CLEANUP
rm -f $(addprefix $(TARGET_DIR)/usr/bin/,$(GIFLIB_BINS))
endef
+1 -1
View File
@@ -1,4 +1,4 @@
# From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
sha256 6e69b0e9c487e5da52a14d4829f0b6a28b2c18a0bb6fb67c0dc8b5b5658bd532 git-2.16.4.tar.xz
sha256 dfb71b053cbc38a9c5b08c2fe8b5eae210b4e3b63892426923e10cfd6ba63862 git-2.16.5.tar.xz
sha256 5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e COPYING
sha256 1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a LGPL-2.1
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
GIT_VERSION = 2.16.4
GIT_VERSION = 2.16.5
GIT_SOURCE = git-$(GIT_VERSION).tar.xz
GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
GIT_LICENSE = GPL-2.0, LGPL-2.1+
+3 -2
View File
@@ -4,6 +4,7 @@ config BR2_PACKAGE_GLIBC
bool
default y
select BR2_PACKAGE_LINUX_HEADERS
select BR2_TOOLCHAIN_HAS_SSP
select BR2_TOOLCHAIN_HAS_SSP if BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI
help
https://www.gnu.org/software/libc/
endif
+1 -1
View File
@@ -1,4 +1,4 @@
# Locally calculated (fetched from Github)
sha256 acbec224e69f29c9c59c34f15f0fbb19eecf3fce347eba8bb928fac507ae86c6 glibc-glibc-2.26-175-gc5c90b480e4f21ed1d28e0e6d942b06b8d9e8bd7.tar.gz
sha256 6c982204f990bef280359be29702143f22f41bd57491619970b70c315957812b glibc-glibc-2.26-193-ga0bc5dd3bed4b04814047265b3bcead7ab973b87.tar.gz
# Locally calculated (fetched from Github)
sha256 5aa9adeac09727db0b8a52794186563771e74d70410e9fd86431e339953fd4bb glibc-arc-2017.09-release.tar.gz
+1 -1
View File
@@ -10,7 +10,7 @@ GLIBC_SITE = $(call github,foss-for-synopsys-dwc-arc-processors,glibc,$(GLIBC_VE
else
# Generate version string using:
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master
GLIBC_VERSION = glibc-2.26-175-gc5c90b480e4f21ed1d28e0e6d942b06b8d9e8bd7
GLIBC_VERSION = glibc-2.26-193-ga0bc5dd3bed4b04814047265b3bcead7ab973b87
# Upstream doesn't officially provide an https download link.
# There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
# sometimes the connection times out. So use an unofficial github mirror.
+7
View File
@@ -82,4 +82,11 @@ else
GNUTLS_CONF_OPTS += --without-zlib
endif
# Provide a default CA cert location
ifeq ($(BR2_PACKAGE_P11_KIT),y)
GNUTLS_CONF_OPTS += --with-default-trust-store-pkcs11=pkcs11:model=p11-kit-trust
else ifeq ($(BR2_PACKAGE_CA_CERTIFICATES),y)
GNUTLS_CONF_OPTS += --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt
endif
$(eval $(autotools-package))
+1 -1
View File
@@ -1,2 +1,2 @@
# From https://golang.org/dl/
sha256 a4ab229028ed167ba1986825751463605264e44868362ca8e7accc8be057e993 go1.9.src.tar.gz
sha256 582814fa45e8ecb0859a208e517b48aa0ad951e3b36c7fff203d834e0ef27722 go1.9.7.src.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
GO_VERSION = 1.9
GO_VERSION = 1.9.7
GO_SITE = https://storage.googleapis.com/golang
GO_SOURCE = go$(GO_VERSION).src.tar.gz
+1
View File
@@ -19,6 +19,7 @@ GPSD_SCONS_ENV = $(TARGET_CONFIGURE_OPTS)
GPSD_SCONS_OPTS = \
arch=$(ARCH)\
manbuild=no \
prefix=/usr\
sysroot=$(STAGING_DIR)\
strip=no\
+2 -2
View File
@@ -95,8 +95,8 @@ else
GVFS_CONF_OPTS += --disable-nfs
endif
ifeq ($(BR2_PACKAGE_LIBSOUP),y)
GVFS_DEPENDENCIES += libsoup
ifeq ($(BR2_PACKAGE_LIBSOUP)$(BR2_PACKAGE_LIBXML2),yy)
GVFS_DEPENDENCIES += libsoup libxml2
GVFS_CONF_OPTS += --enable-http
else
GVFS_CONF_OPTS += --disable-http
+1
View File
@@ -1,2 +1,3 @@
# Locally calculated
sha256 b50413b41bfc82ae419298b41eadcde1aa31f362fb9dc2ac089e5cbc19f60c24 jasper-version-2.0.13.tar.gz
sha256 4ad1bb42aff888c4403d792e6e2c5f1716d6c279fea70b296333c9d577d30b81 LICENSE
+1 -1
View File
@@ -7,7 +7,7 @@
JASPER_VERSION = version-2.0.13
JASPER_SITE = $(call github,mdadams,jasper,$(JASPER_VERSION))
JASPER_INSTALL_STAGING = YES
JASPER_LICENSE = JasPer License Version 2.0
JASPER_LICENSE = JasPer-2.0
JASPER_LICENSE_FILES = LICENSE
JASPER_SUPPORTS_IN_SOURCE_BUILD = NO
JASPER_CONF_OPTS = \
+3 -1
View File
@@ -18,7 +18,9 @@ endif
LCDPROC_DEPENDENCIES = freetype ncurses zlib
LCDPROC_CONF_ENV += ac_cv_path_FT2_CONFIG=$(STAGING_DIR)/usr/bin/freetype-config
LCDPROC_CONF_ENV += \
ac_cv_mtab_file=/etc/mtab \
ac_cv_path_FT2_CONFIG=$(STAGING_DIR)/usr/bin/freetype-config
ifeq ($(BR2_PACKAGE_LIBPNG),y)
LCDPROC_DEPENDENCIES += libpng
@@ -0,0 +1,36 @@
From 293e1b08317567b2e479d24530986676ae4d2221 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Mon, 8 Oct 2018 23:08:19 +0200
Subject: [PATCH] fix parallel build
Build of leveldb sometimes fails on:
Fatal error: can't create out-shared/db/db_bench.o: No such file or directory
Fix this, by creating $(SHARED_OUTDIR) before building
(SHARED_OUTDIR)/db/db_bench.o
Fixes:
- http://autobuild.buildroot.net/results/945bb8096c1f98f307161a6def5a9f7f25b2454a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: not upstreamable as upstream switched to cmake]
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index f7cc7d7..edb56a5 100644
--- a/Makefile
+++ b/Makefile
@@ -386,7 +386,7 @@ $(STATIC_OUTDIR)/write_batch_test:db/write_batch_test.cc $(STATIC_LIBOBJECTS) $(
$(STATIC_OUTDIR)/memenv_test:$(STATIC_OUTDIR)/helpers/memenv/memenv_test.o $(STATIC_OUTDIR)/libmemenv.a $(STATIC_OUTDIR)/libleveldb.a $(TESTHARNESS)
$(XCRUN) $(CXX) $(LDFLAGS) $(STATIC_OUTDIR)/helpers/memenv/memenv_test.o $(STATIC_OUTDIR)/libmemenv.a $(STATIC_OUTDIR)/libleveldb.a $(TESTHARNESS) -o $@ $(LIBS)
-$(SHARED_OUTDIR)/db_bench:$(SHARED_OUTDIR)/db/db_bench.o $(SHARED_LIBS) $(TESTUTIL)
+$(SHARED_OUTDIR)/db_bench:$(SHARED_OUTDIR) $(SHARED_OUTDIR)/db/db_bench.o $(SHARED_LIBS) $(TESTUTIL)
$(XCRUN) $(CXX) $(LDFLAGS) $(CXXFLAGS) $(PLATFORM_SHARED_CFLAGS) $(SHARED_OUTDIR)/db/db_bench.o $(TESTUTIL) $(SHARED_OUTDIR)/$(SHARED_LIB3) -o $@ $(LIBS)
.PHONY: run-shared
--
2.17.1
@@ -1,42 +0,0 @@
From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Tue, 5 Sep 2017 18:12:19 +0200
Subject: [PATCH] Do something sensible for empty strings to make fuzzers
happy.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit fa7438a0ff
libarchive/archive_read_support_format_xar.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
index 7a22beb9d8e4..93eeacc5e6eb 100644
--- a/libarchive/archive_read_support_format_xar.c
+++ b/libarchive/archive_read_support_format_xar.c
@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
uint64_t l;
int digit;
+ if (char_cnt == 0)
+ return (0);
+
l = 0;
digit = *p - '0';
while (digit >= 0 && digit < 10 && char_cnt-- > 0) {
@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
{
int64_t l;
int digit;
-
+
+ if (char_cnt == 0)
+ return (0);
+
l = 0;
while (char_cnt-- > 0) {
if (*p >= '0' && *p <= '7')
--
2.14.1
@@ -1,78 +0,0 @@
From f9569c086ff29259c73790db9cbf39fe8fb9d862 Mon Sep 17 00:00:00 2001
From: John Starks <jostarks@microsoft.com>
Date: Wed, 25 Jul 2018 12:16:34 -0700
Subject: [PATCH] iso9660: validate directory record length
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit f9569c086ff
.../archive_read_support_format_iso9660.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
index f01d37bf682e..089bb7236cd1 100644
--- a/libarchive/archive_read_support_format_iso9660.c
+++ b/libarchive/archive_read_support_format_iso9660.c
@@ -409,7 +409,8 @@ static int next_entry_seek(struct archive_read *, struct iso9660 *,
struct file_info **);
static struct file_info *
parse_file_info(struct archive_read *a,
- struct file_info *parent, const unsigned char *isodirrec);
+ struct file_info *parent, const unsigned char *isodirrec,
+ size_t reclen);
static int parse_rockridge(struct archive_read *a,
struct file_info *file, const unsigned char *start,
const unsigned char *end);
@@ -1022,7 +1023,7 @@ read_children(struct archive_read *a, struct file_info *parent)
if (*(p + DR_name_len_offset) == 1
&& *(p + DR_name_offset) == '\001')
continue;
- child = parse_file_info(a, parent, p);
+ child = parse_file_info(a, parent, p, b - p);
if (child == NULL) {
__archive_read_consume(a, skip_size);
return (ARCHIVE_FATAL);
@@ -1112,7 +1113,7 @@ choose_volume(struct archive_read *a, struct iso9660 *iso9660)
*/
seenJoliet = iso9660->seenJoliet;/* Save flag. */
iso9660->seenJoliet = 0;
- file = parse_file_info(a, NULL, block);
+ file = parse_file_info(a, NULL, block, vd->size);
if (file == NULL)
return (ARCHIVE_FATAL);
iso9660->seenJoliet = seenJoliet;
@@ -1144,7 +1145,7 @@ choose_volume(struct archive_read *a, struct iso9660 *iso9660)
return (ARCHIVE_FATAL);
}
iso9660->seenJoliet = 0;
- file = parse_file_info(a, NULL, block);
+ file = parse_file_info(a, NULL, block, vd->size);
if (file == NULL)
return (ARCHIVE_FATAL);
iso9660->seenJoliet = seenJoliet;
@@ -1749,7 +1750,7 @@ archive_read_format_iso9660_cleanup(struct archive_read *a)
*/
static struct file_info *
parse_file_info(struct archive_read *a, struct file_info *parent,
- const unsigned char *isodirrec)
+ const unsigned char *isodirrec, size_t reclen)
{
struct iso9660 *iso9660;
struct file_info *file, *filep;
@@ -1763,7 +1764,11 @@ parse_file_info(struct archive_read *a, struct file_info *parent,
iso9660 = (struct iso9660 *)(a->format->data);
- dr_len = (size_t)isodirrec[DR_length_offset];
+ if (reclen == 0 || reclen < (dr_len = (size_t)isodirrec[DR_length_offset])) {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+ "Invalid directory record length");
+ return (NULL);
+ }
name_len = (size_t)isodirrec[DR_name_len_offset];
location = archive_le32dec(isodirrec + DR_extent_offset);
fsize = toi(isodirrec + DR_size_offset, DR_size_size);
--
2.18.0
@@ -1,34 +0,0 @@
From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Sat, 9 Sep 2017 17:47:32 +0200
Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR
archives.
Reported-By: OSS-Fuzz issue 573
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 5562545b5562
libarchive/archive_read_support_format_rar.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index cbb14c32dc3b..751de6979ba5 100644
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry,
return (ARCHIVE_FATAL);
}
filename[filename_size++] = '\0';
- filename[filename_size++] = '\0';
+ /*
+ * Do not increment filename_size here as the computations below
+ * add the space for the terminating NUL explicitly.
+ */
+ filename[filename_size] = '\0';
/* Decoded unicode form is UTF-16BE, so we have to update a string
* conversion object for it. */
--
2.18.0
@@ -1,32 +0,0 @@
From 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Thu, 19 Jul 2018 21:14:53 +0200
Subject: [PATCH] Reject LHA archive entries with negative size.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 2c8c83b9731
libarchive/archive_read_support_format_lha.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
index b8ef4ae10ece..95c99bb1f31e 100644
--- a/libarchive/archive_read_support_format_lha.c
+++ b/libarchive/archive_read_support_format_lha.c
@@ -701,6 +701,12 @@ archive_read_format_lha_read_header(struct archive_read *a,
* Prepare variables used to read a file content.
*/
lha->entry_bytes_remaining = lha->compsize;
+ if (lha->entry_bytes_remaining < 0) {
+ archive_set_error(&a->archive,
+ ARCHIVE_ERRNO_FILE_FORMAT,
+ "Invalid LHa entry size");
+ return (ARCHIVE_FATAL);
+ }
lha->entry_offset = 0;
lha->entry_crc_calculated = 0;
--
2.18.0
+2 -1
View File
@@ -1,3 +1,4 @@
# From http://www.libarchive.org/downloads/libarchive-3.3.3.sha512.txt
sha512 9d12b47d6976efa9f98e62c25d8b85fd745d4e9ca7b7e6d36bfe095dfe5c4db017d4e785d110f3758f5938dad6f1a1b009267fd7e82cb7212e93e1aea237bab7 libarchive-3.3.3.tar.gz
# Locally computed:
sha256 ed2dbd6954792b2c054ccf8ec4b330a54b85904a80cef477a1c74643ddafa0ce libarchive-3.3.2.tar.gz
sha256 ae6f35cc1979beb316e4d6431fc34c6fc59f0dd126b425c8552bb41c86e4825d COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBARCHIVE_VERSION = 3.3.2
LIBARCHIVE_VERSION = 3.3.3
LIBARCHIVE_SITE = http://www.libarchive.org/downloads
LIBARCHIVE_INSTALL_STAGING = YES
LIBARCHIVE_LICENSE = BSD-2-Clause, BSD-3-Clause
+2 -2
View File
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
# https://curl.haxx.se/download/curl-7.61.1.tar.xz.asc
# https://curl.haxx.se/download/curl-7.62.0.tar.xz.asc
# with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
sha256 3d5913d6a39bd22e68e34dff697fd6e4c3c81563f580c76fca2009315cd81891 curl-7.61.1.tar.xz
sha256 dab5643a5fe775ae92570b9f3df6b0ef4bc2a827a959361fb130c73b721275c1 curl-7.62.0.tar.xz
sha256 5f3849ec38ddb927e79f514bf948890c41b8d1407286a49609b8fb1585931095 COPYING
+10 -2
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBCURL_VERSION = 7.61.1
LIBCURL_VERSION = 7.62.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
@@ -46,7 +46,8 @@ LIBCURL_CONF_ENV += LD_LIBRARY_PATH=$(if $(LD_LIBRARY_PATH),$(LD_LIBRARY_PATH):)
LIBCURL_CONF_OPTS += --with-ssl=$(STAGING_DIR)/usr \
--with-ca-path=/etc/ssl/certs
else ifeq ($(BR2_PACKAGE_GNUTLS),y)
LIBCURL_CONF_OPTS += --with-gnutls=$(STAGING_DIR)/usr
LIBCURL_CONF_OPTS += --with-gnutls=$(STAGING_DIR)/usr \
--with-ca-fallback
LIBCURL_DEPENDENCIES += gnutls
else ifeq ($(BR2_PACKAGE_LIBNSS),y)
LIBCURL_CONF_OPTS += --with-nss=$(STAGING_DIR)/usr
@@ -75,6 +76,13 @@ else
LIBCURL_CONF_OPTS += --without-libssh2
endif
ifeq ($(BR2_PACKAGE_BROTLI),y)
LIBCURL_DEPENDENCIES += brotli
LIBCURL_CONF_OPTS += --with-brotli
else
LIBCURL_CONF_OPTS += --without-brotli
endif
define LIBCURL_FIX_DOT_PC
printf 'Requires: openssl\n' >>$(@D)/libcurl.pc.in
endef
+1
View File
@@ -12,6 +12,7 @@ LIBGPGME_LICENSE_FILES = COPYING.LESSER
LIBGPGME_INSTALL_STAGING = YES
LIBGPGME_DEPENDENCIES = libassuan libgpg-error
LIBGPGME_LANGUAGE_BINDINGS = cl
LIBGPGME_CONFIG_SCRIPTS = gpgme-config
LIBGPGME_CONF_OPTS = \
--with-gpg-error-prefix=$(STAGING_DIR)/usr \
@@ -0,0 +1,16 @@
configure: don't require GNU-specific files when running automake
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
diff -durN libid3tag-0.15.1b.orig/configure.ac libid3tag-0.15.1b/configure.ac
--- libid3tag-0.15.1b.orig/configure.ac 2004-01-24 00:22:46.000000000 +0100
+++ libid3tag-0.15.1b/configure.ac 2018-11-25 15:31:04.184342212 +0100
@@ -26,7 +26,7 @@
AC_CONFIG_SRCDIR([id3tag.h])
-AM_INIT_AUTOMAKE
+AM_INIT_AUTOMAKE([foreign])
AM_CONFIG_HEADER([config.h])
+4 -1
View File
@@ -10,6 +10,9 @@ LIBID3TAG_LICENSE = GPL-2.0+
LIBID3TAG_LICENSE_FILES = COPYING COPYRIGHT
LIBID3TAG_INSTALL_STAGING = YES
LIBID3TAG_DEPENDENCIES = zlib
LIBID3TAG_LIBTOOL_PATCH = NO
# Force autoreconf to be able to use a more recent libtool script, that
# is able to properly behave in the face of a missing C++ compiler.
LIBID3TAG_AUTORECONF = YES
$(eval $(autotools-package))

Some files were not shown because too many files have changed in this diff Show More