- Switch site to github
- License is now EPL-1.0 or EDL-1.0 as specified in the new LICENSE file
- Update indentation of hash file (two spaces)
- Drop first patch (already in version) and second patch (not needed since
f1ff324a4d)
- Fix CVE-2017-7243 as specified in
https://github.com/eclipse/tinydtls/issues/12 as well as other
security issues:
68a1cdaff9494a40dfbb2d9f0a8237
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These files are necessary for C or C++ programs to use the native java
interface (JNI.)
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2020-12740: tcprewrite in Tcpreplay through 4.3.2 has a
heap-based buffer over-read during a get_c operation. The issue is
being triggered in the function get_ipv6_next() at common/get.c.
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add basic /etc/iwd/main.conf configuration file to enable
network configuration (use built-in dhcp client).
For the non systemd-resolved case select the openresolv package
to fulfill the iwd resolvconf requirement (and adjust the
configuration file accordingly).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The machine has a NAND flash device and firmware capable of loading the
OS from a JFFS2 file system on it. Enable creation of JFFS2 image that
can be written to said flash device.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This makes the boot script set appropriate root parameters when it's
loaded from a NAND flash device.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The DCON driver for the platform is a staging driver.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The XO-1 laptop has a NAND flash and firmware capable of reading JFFS2
from it. Enable JFFS2 kernel support so that we'll be able to create
images capable of booting from the internal flash.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A couple of config symbols were mising that things we enable depend on.
Enable them.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is the keyboard connected via the SP "security processor" on a
XO-1.75. XO-1 has a regular PC keyboard.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
XO-1 has an internal MTD device.
Also, CONFIG_MTD_SPI_NOR was set twice for XO-1.75. One copy is removed,
one remains.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The eigen package was introduced as a generic package, but upstream was
in fact using CMake.
The motivation of this change is to fix package detection with CMake.
Eigen3 library normally installs a signature file named
"signature_of_eigen3_matrix_library" to help library detection:
https://gitlab.com/libeigen/eigen/-/blob/3.3.7/CMakeLists.txt#L423
The library also provide a CMake macro that use this file to
detect it:
https://gitlab.com/libeigen/eigen/-/blob/3.3.7/cmake/FindEigen3.cmake#L76
Without the signature file installed, packages searching for this
library with this method will fail. Other packages usings pkg-config are
not affected by this issue.
By using the cmake-package infrastructure, all the needed files
are now installed, fixing this CMake detection issue.
Other changes in this patch:
- Updated the Eigen git repository to the new url:
https://gitlab.com/libeigen/eigen
- Removed all build and install staging commands
(now included in upstream cmake)
- Package needs EIGEN_SUPPORTS_IN_SOURCE_BUILD = NO
- Removed the BR2_PACKAGE_EIGEN_UNSUPPORTED_MODULES option,
as this option is not proposed by the upstream CMake.
Unsupported module header files are now unconditionally installed. As
such, no need to introduce a legacy entry for
BR2_PACKAGE_EIGEN_UNSUPPORTED_MODULES: users that had it enabled will
still get the files installed, while those that did not will get them
installed now.
- Updated hash for source package, because the first component in the
stored paths changed from eigen-eigen-323c052e1731/ to eigen-3.3.7/
and some mercurial related files (.hg_archival.txt, .hgtags) got
dropped after the conversion to git.
- Reformat hash file with two spaces delimiters
- Define EIGEN_CONF_OPTS to set pkg-config .pc install path
Signed-off-by: Julien Olivain <juju@cotds.org>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, GNU Make expands the Python SYSCONFIGDATA_NAME variable;
however, when building with per-package directories, this variable is
not set because the evaluation of this variable occurs before buildroot
creates the per-package directories of a given package.
This can be easily demonstrated with that trivial Makefile:
$ cat Makefile
BLA = $(wildcard bla)
all:
@echo 'BLA=$(BLA)'
@touch bla
@echo 'BLA=$(BLA)'
$ make
BLA=
BLA=
$ make
BLA=bla
BLA=bla
I.e. the variables are evaluated at the beginning of a recipe, not for
each line of the recipe.
There are two solutions to fix this problem:
- add a step between "patch" and "configure," which would evaluate all
of the variables after creating the per-package directories;
- evaluate SYSCONFIGDATA_NAME via a shell expansion instead of
Makefile, to postpone the effective ex[ansion to until after the
file has been created.
Even though the first option is semantically the best solution, this is
also very intrusive, especially since python3 is so far the only case
where we would need it. The second option however is more expedient, adn
so this is what we're doing here.
We introduce PKG_PYTHON_SYSCONFIGDATA_PATH to avoid duplication and to
make the following line easier to read.
Then PKG_PYTHON_SYSCONFIGDATA_NAME is actually defined as a back-tick
shell expansion (although back-ticks have their drawbacks, using $(...)
in Makefile is not trivial either):
- we test that the file does exist, to cover the python2 and python3
cases: with python2, the file does not exist, so we want to expand
to an empty string; 'basename' only works on the filename, and does
not check the file actually exists;
- if the file exist, we get its basename without the .py extension,
and this makes our expansion;
- the "|| true" is added to ensure the old behavior of returning an
empty string if the file does not exist still works, when the
expansion is attempted in a shell where 'set -e' is in effect (the
test would fail with python2, but this is not an error).
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12941
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: slight rewording in commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The necessary system users are documented in the projects README.
Description is matched to the ones in the upstream sysusers.d
files. Remove homedirectory (upstream doesnt care either).
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since V235 the "gateway" and "upload" services use DynamicUsers,
requiring no entries in /etc/passwd.
This functionality requires nss-systemd, which is always
enabled in buildroot.
The "bus-proxy" user was removed in V230.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Reviewed-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Orange Pi Zero defconfig has been updated to use U-Boot 2020.04 by
commit 9e2bfccf4d (configs/orangepi_zero: bump kernel and uboot
versions). Since then it requires Python 3.x on the host.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/593313572
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The error is misleading: it reports that no name was provided,
when in fact the external.desc file is missing.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>p
Reviewed-by: Romain Naour <romain.naour@gmail.com>
When a br2-external tree has an issue, e.g. a missing file, or does not
have a name, or the name uses invalid chars, we report that condition by
setting the variable BR2_EXTERNAL_ERROR.
That variable is defined in the script support/scripts/br2-external,
which outputs it on stdout, and checked by the Makefile.
Before d027cd75d0, stdout was explicitly redirected to the generated
.mk file, with exec >"${ofile}" as the Makefile and Kconfig
fragments were generated each with their own call to the script, and
the validation phase would emit the BR2_EXTERNAL_ERROR variable in the
Makefile fragment.
But with d027cd75d0, both the Makefile and Kconfig fragments were now
generated with a single call to the script, and as such the semantics of
the scripts changed, and only each of the actual generators, do_mk and
do_kconfig, had their out put redirected. Which left do_validate with
the default stdout. Which would emit BR2_EXTERNAL_ERROR on stdout.
In turn, the stdout of the script would be interpreted by as part of the
Makefile. But this does not end up very well when a br2-external tree
indeed has an error:
- missing a external.desc file:
Makefile:184: *** multiple target patterns. Stop.
- empty external.desc file:
Config.in:22: can't open file "output/.br2-external.in.paths"
So we must redirect the output of the validation step to the
Makefile fragment, so that the error message is correctly caught by the
top-level Makefile.
Note that we don't need to append in do_mk, and we can do an overwrite
redirection: if we go so far as to call do_mk, it means there was no
error, and thus the fragment is empty.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Romain Naour <romain.naour@gmail.com>
- Fix CVE-2020-12049: An issue was discovered in dbus >= 1.3.0 before
1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file
descriptors when a message exceeds the per-message file descriptor
limit. A local attacker with access to the D-Bus system bus or another
system service's private AF_UNIX socket could use this to make the
system service reach its file descriptor limit, denying service to
subsequent D-Bus clients.
- Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
A gcc compiler, which was configured with
--with-gcc-major-version-only, will only return a single
number. (debian does this for example).
A simple modification allows the check to work with both
single numbers (eg. '9') and full versions (eg. '9.2.1').
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
First patch is not needed since version 1.67.0 and
90dd8146fb
Indeed, since this bump, the patch is wrongly patching
virtual string_type format(double value,size_t &code_points) const
instead of:
virtual string_type format(int64_t value,size_t &code_points) const
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Changelog: https://www.php.net/ChangeLog-7.php#7.4.7
Contrary to the release notification on the mailinglist
https://news-web.php.net/php.announce/287
which declares this release as "security bug fix release" no CVE IDs
could be found on the bugtracker entries mentioned in the Changelog.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Sent patch upstream and added URL for reference.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
ChangeLog:
- SCardEndTransaction(): greatly improve performances (x300)
- tokenparser: accept any Unicode character in a reader name
- Use /run instead of /var/run by default
- Fix a memory leak from a polkit call
- Some other minor improvements
Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>