Release notes: https://www.postgresql.org/docs/release/16.2/
The hash of the license file is updated due to a change in copyright
years:
-Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
+Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a bugfix release which mainly imroves device detection,
specially inside the Flatpak sandbox. Additionally, this version
includes the patch for building as a static library, and the patch
file can be removed.
Release notes:
27554bd118
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a small bugfix release, with fixes for device scaling handling
(i.e. HiDPI displays), and with support to toggle WebKit runtime
features. Release notes:
https://wpewebkit.org/release/cog-0.18.3.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Install janus to staging directory so that external plugins can be built.
Signed-off-by: Leo Soares <leojrfs@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Buildroot commit f95069814b disabled the
build of test programs unconditionally without considering the option
BR2_PACKAGE_LIBDRM_INSTALL_TESTS.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
setsebool/Makefile now unconditionally links against libsepol.
As such, it is now a new dependency.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
- Remove 0001-fix-musl-build.patch
Fixed with commit d88597798fdb1a2b344ca47e48f2f80ad433fd95 differently.
"""
libselinux: drop usage of _D_ALLOC_NAMLEN
_D_ALLOC_NAMLEN is not very portable. Currently, the code
mallocs based on _D_ALLOC_NAMLEN() and then strcpy's dirent
d_name into the buffer. Instead, just use strdup.
Change-Id: I5c8ca47da2c593ea2726caba5781f5e9d9d910ae
Signed-off-by: William Roberts <william.c.roberts@intel.com>
"""
- Remove 0003-libselinux-set-CFLAGS-for-pip-installation.patch
Fixed with commit 89dd980c1e9a800f104c1db2b4c9e77be532ca35.
"""
Add CPPFLAGS to Makefiles
This patch adds CPPFLAGS to all of the Makefiles as suggested.
Signed-off-by: Cameron Williams <ckwilliams.work@gmail.com>
Acked-by: James Carter <jwcart2@gmail.com>
"""
- Rename 0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch to
0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
- Remove "package/libselinux/0001-fix-musl-build.patch Upstream" from
.checkpackageignore
- Rename "0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch" to
"0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch" in the
.checkpackageignore
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since bump to version 2.0.0 in commit
0f5bb364c6 sdbus-cpp package requires
designated initializers support (C++20 feature), and fails to compile
with gcc < 8:
/home/buildroot/autobuild/run/instance-2/output-1/build/host-sdbus-cpp-2.0.0/src/Proxy.cpp: In member function 'virtual sdbus::Slot sdbus::internal::Proxy::callMethodAsync(const sdbus::MethodCall&, sdbus::async_reply_handler, uint64_t, sdbus::return_slot_t)':
/home/buildroot/autobuild/run/instance-2/output-1/build/host-sdbus-cpp-2.0.0/src/Proxy.cpp:146:90: sorry, unimplemented: non-trivial designated initializers not supported
, .floating = true });
Fixes: 0f5bb364c6
- http://autobuild.buildroot.net/results/1764ce0d48b390e430d2d8f54388013d3700e9d7
Signed-off-by: Sergey Bobrenok <bobrofon@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Set GROUP_T when installing configuration files as root to avoid the
following build failure raised since commit
b6816034eb:
/usr/bin/install: missing destination file operand after '/home/buildroot/instance-0/output-1/target/etc'
Fixes: b6816034eb
- http://autobuild.buildroot.org/results/eb4ccf248c9c5048e9b71058bb0311b1e0763883
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some kernel users find it useful to store submodules in the kernel
source tree for cross source trees definitions. Add option to download
these submodules.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Our git download backend switches the remote of our local clone, and
fetches all refs and tags from that remote.
When the local clone has a tag fetched from another remote, and the new
remote also has a tag by the same name, and that tag points to another
commit, then git refuses to fetch the new tag and exits in error, as it
considers that the new tag would clobber the existing one. This is safe
and sane behaviour when run interactively with a human that can take a
decision.
However, in our case, we don't care about any tags that were present
before, as only the last one makes sense in our case: the one from the
remote the user has requested for the current build.
Tell git to forcefully pull tags, even if they would clobber existing
ones.
Note that, although this changes the git backend, it does not change the
content of generated archives, so we do not need to bump the suffix
version.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Since tar *will* generate different archives, virtually all hashes will
change, so drop the blurb that states they usually would not.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout: say explicitly that the has will change]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
We can't stay in the past forever and ever...
Since tar 1.35, the way some fields (devmajor and devminor) are stored
has changed. These fields exist for each file in the tarball, but only
used for device nodes. In previous versions of GNU tar, they were set to
zero; since 1.35, they are set to empty.
Although this doesn't change anything about the content of the tarball,
and it will be extracted in exactly the same way regardless of the tar
version used for extracting, it does change the hash of the tarball.
Therefore, we have to
- make sure that the correct version of tar is used;
- update the format version so that the filename is different from
before.
Increment all BR_FMT_VERSION by one.
Require tar >= 1.35 instead of < 1.35.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout: also increment BR_FMT_VERSION and extend the commit message]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Fix CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a V7
archive in which mtime has approximately 11 whitespace characters.
With the bump to 1.35, the build will fail on systems that are not
Y2038, such as some uClibc configurations.
In order to preserve the previous behavior, pass --disable-year2038.
See the gnulib documentation for details [1]. Contrary to what the
option name might suggest, it doesn't really disable Y2038 support,
but only the check that the system is Y2038 compliant. So even with
--disable-year2038, if the system is Y2038 compliant (uses a 64-bit
arch, uses the musl C library, or uses the glibc C library with
BR2_TIME_BITS_64=y), tar will be Y2038 compliant.
Update hash of COPYING (http replaced by https)
[0] https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html
[1] https://www.gnu.org/software/gnulib/manual/html_node/Avoiding-the-year-2038-problem.html
For the version bump:
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d4d483451f)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For the Y2038 fix:
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7f1088f9ca)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Replace the names of the tarballs in the hash files to -git3.
Linux and U-Boot sources do contain symlinks, so the hashes change.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout: also update acmesystems/acqua-a5]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Replace all git and svn packages archive names in hash files:
$ sed -r -i -e 's/-br2/-git3/; s/-br3/-svn4/' $(
git grep -l -E -- '-br2|-br3' '*.hash'
)
$ sed -r -i -e 's/(\.tar\.gz)$/-go1\1/' $(
git grep -l -E '\$\(eval \$\((host-)?golang-package\)\)' '*.mk' \
|sed -r -e 's/\.mk$/.hash/' \
|sort -u
)
$ sed -r -i -e 's/(\.tar\.gz)$/-cargo1\1/' $(
git grep -l -E '\$\(eval \$\((host-)?cargo-package\)\)' '*.mk' \
|sed -r -e 's/\.mk$/.hash/' \
|sort -u
)
Then a bit of make source (based on: git diff --name-only), a lot of
sweat, and carefully checking the new archives to verify that only
modes have changed...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Replace the names of the tarballs in the hash files to -git3.
We don't have any symlinks in the tests, so the hashes themselves don't
change.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Currently, when we generate archives, we rely on a few assumptions and
mechanisms to ensure reproducilibity. So far, we mostly accounted for
the content (i.e. content, filenames, and path) of the files we
archived, and this is OK (git and svn should provide reproducilbe
content by design, and cargo and go vendoring are also supposed to be
generating reproducible content.
However, tarballs do not only contain the content of the files; they
also have a few metadata about those files. Beyond filenames and paths,
which are already reproducible, there is the timestamp, the user and
group name and ID. Those are also accounted for and made reproducible.
The final touch (so far!) is that files have access rights (aka mode),
and those too are stored in tarballs. So far we accounted for those by
ensuring that Buildroot would always run under a known umask, thus
generating files with reproducible modes.
That falls short in one case that we did not envision, though: a shared
download directory, where extended attributes are set to provide a
default ACL that is permissive, to allow two or more users (with
different uid and gid) to all read and write to such a directory. This
is trivially achieved with something like:
$ mkdir -p "${BR2_DL_DIR}"
$ setfacl -m 'default:user::rwx' "${BR2_DL_DIR}"
$ setfacl -m 'default:group::rwx' "${BR2_DL_DIR}"
$ setfacl -m 'default:other::rwx' "${BR2_DL_DIR}"
This has the effect that:
- files below BR2_DL_DIR are all set with user, group, and world read
and write access,
- files executable by the owner will also be group and world
executable,
- directories are user, group, and world readable, writable, and
searchable.
This means that all the archives we generate from files in BR2_DL_DIR
will have modes that are different from those generated on other systems,
where only the traditional umask is used.
There are various solutions to solve that issue:
- detect the situation and abort: that's not nice, because users have
a legitimiate reason to want to share that directory,
- find a solution for each affected download mechanism: git, svn, hg,
cvs, bzr... and for each of the affected vendoring mechanism: go and
cargo [0]; this is not nice, because it means a lot of repetition,
with the risk that they diverge over time (e.g. one is fixed for a
newer issue, while the others are left out due to an oversight...)
- find a single, common solution that works in all cases, whatever the
download mechanism and/or vendoring: this is the best, because we
can extend and fix it once and everything else benefits from it.
We obviously go for the third option.
The common solution is rather simple. When creating the tarball in
support/download/helpers, give an option to tar to set the group and
other permissions to those of the user, but without write permission.
This implies that we must bump the version-suffix for the download
backends [1] and for the vendoring post-processes. It also implies that
the hash may change, under the following circumstances:
- Symlinks normally have permissions 0777 (because symlink permissions
are in fact meaningless). They will now have permission 0755 in the
tarball.
- If the original tarball (for vendored go and cargo packages) contained
files that are readable or executable by owner but not by group or
other, they will now be readable resp. executable by group and other
too. Note that for writeable it is not the case, because those were
already handled by our 0022 umask (which makes them not writeable by
group and other).
Because the hash may change, we need to update the BR_FMT_VERSION for
everything that creates tarballs. Go and cargo didn't have one up to
now, the the previous commit added the possibility to give one. The ones
for git and svn have to be updated. Since it is now possible to have a
suffix for both the VCS and the post-processing, change the suffix to
something more descriptive than "-brX", i.e. -git3 for git, -go1 for
golang, etc.
The hash updates and filename changes will be handled in a follow-up
commit.
[0] Note however that the vendoring is currently not done in a
sub-directory of BR2_DL_DIR, but the cargo and go caches are located
there. Files that get copied from there to the vendoring area would be
tainted as well, and thus we want to address that situation as well.
[1] we currently do not have a CVS version suffix, because we do not
guarantee the reproducilibity of CVS archives (we can't); for hg, we are
currently using hg's own archive tool, and presumably that does not have
the mode issue because it is not using the checked-out files. Still,
doing the mode fix in a single location will help extend those two
backends in the future (if that ever happens...).
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
When we change the way we vendor packages, either because our download
backend or helpers evolve, or when the vendoring tools themselves change,
we must avoid generating new archives with the same name, or there would
be confusion when using older archives with newer Buildroot versions, or
the other way around (and that would mess with local caches, like the
one we share on s.b.o).
This is going to be the case for example, when we enforce a better and
more reproducible set of modes on archived files in the following
commits.
Introduce a version suffix for post-processed downloads, that we can
bump when needed.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
