While a hash check is being done, it's still better to use a download
URL with HTTPS.
Signed-off-by: Danilo Bargen <mail@dbrgn.ch>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2017-15873: Integer overflow in decompress_bunzip2.c leads to a read
access violation
CVE-2017-15874: Integer overflow in decompress_unlzma.c leads to a read
access violation
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The QT5TOOLS_SOURCE variable uses mismatch QT5BASE_VERSION variable.
This commit fixes the typo by using the appropriate QT5TOOLS_VERSION
variable.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Qt Enginio has been bumped to 1.6.3 with Qt 5.6.3.
This new version follows the Qt release number and has only one change
since 1.6.2[1].
[1]: e447818458
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The QT53D_SOURCE variable uses mismatch QT5SVG_VERSION variable.
This commit fixes the typo by using the appropriate QT53D_VERSION
variable.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2017-8872: An attackers can cause a denial of service (buffer
over-read) or information disclosure.
Patch from the upstream bug tracker.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
from https://www.postgresql.org/about/news/1829/
[1] CVE-2018-1052: Fix the processing of partition keys containing multiple
expressions
[2] CVE-2018-1053: Ensure that all temporary files made with "pg_upgrade" are
non-world-readable
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This fixes the following check-package warning:
./package/rust-bin/rust-bin.mk:27: expected indent with tabs
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues according to NEWS:
CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
to the allocation of too much memory. (This is not a security bug per se,
it is mentioned here only because of the CVE assignment.) Reported by
Qualys.
CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation of
the number of search path components. (This is not a security vulnerability
per se because no trust boundary is crossed if the fix for CVE-2017-1000366
has been applied, but it is mentioned here only because of the CVE
assignment.) Reported by Qualys.
CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN
for AT_SECURE or SUID binaries could be used to load libraries from the
current directory.
CVE-2018-1000001: Buffer underflow in realpath function when getcwd function
succeeds without returning an absolute path due to unexpected behaviour of
the Linux kernel getcwd syscall. Reported by halfdog.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Make the detection of libnuma in the configure script consistent when
the numactl package is enabled.
ltp-testsuite does not currently take explicit enable/disable for
libnuma, so none are used. The next ltp-testsuite version will add these
options.
Cc: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2017-15107: An attacker can craft an NSEC which wrongly proves
non-existence.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2017-10790: NULL pointer dereference and crash when reading crafted
input
CVE-2018-6003: Stack exhaustion due to indefinite recursion during BER
decoding
Add license files hashes.
Cc: Stefan Fröberg <stefan.froberg@petroprogram.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current version of lightning doesn't build with recent versions of
binutils. Since this has been fixed upstream in a dot release, let's
bump to the upstream version that has the fix.
While at it, add a hash for the license file.
Fixes:
http://autobuild.buildroot.net/results/51424c044e11b89544824dbdf1af45b05b499ba4/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes [1]:
keytable.c: In function 'test_event':
keytable.c:1351:12: error: 'EVIOCSCLOCKID' undeclared (first use in this function)
ioctl(fd, EVIOCSCLOCKID, &mode);
[1] http://autobuild.buildroot.net/results/8ba380471423bd2491e40103d7b1a45de1bd12ed
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This new package provides Cargo, the Rust official package manager.
Cargo is written in Rust and uses Cargo as its build system. It also
depends on other Rust packages.
Normally, a previously installed version of Cargo would be used to:
1. Fetch the dependencies.
2. Build the new version of Cargo, using the available Rust compiler.
But the fetching step prevents offline builds. So instead two features
of Cargo are leveraged: vendoring [1] and local registry.
First, a tarball of the build dependencies generated using `cargo
vendor` is fetched along with Cargo source code.
Then, the build process is as follows:
1. The tarball of the build dependencies is uncompressed in a local
registry.
2. A snapshot of Cargo, provided by cargo-bin, builds the final
version of Cargo.
3. A configuration file telling Cargo how to cross-compile programs for
the target is generated and installed.
Currently, only the host variant is provided.
[1] https://github.com/alexcrichton/cargo-vendor
[Peter: use src.fedoraproject.org, fix comment]
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Allow build of host variant of libhttpparser.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Allow build of host variant of libssh2, which depends on host-openssl.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This new package provides rustc, the compiler for the Rust programming
language, built from source.
Currently, only the host variant is built.
The Rust compiler uses LLVM as its backend: a copy of LLVM source code
is provided and CMake is used to build it. It is possible to use a
pre-built external copy. When LLVM/clang will be available in Buildroot,
it would be possible to benefit from this feature and thus decrease
build time.
LLVM is configured to generate code for x86, ARM, PowerPC and MIPS
architectures.
The Rust compiler uses Cargo as its build system and is written in Rust.
Therefore this package depends on cargo-bin and rust-bin.
The internal build process is as follows:
1. stage0 compiler, provided by rust-bin, is used to build stage1
compiler.
2. stage1 compiler builds the final Rust compiler (stage2 compiler)
and the standard library for the host architecture.
3. the standard library for the target architecture is built.
The target architecture to support is given by the GNU/LLVM target
triple. Rust supports some predefined targets [1]. As the build system
expects the triple to be in the form of <arch>-unknown-<system> and
Buildroot toolchain wrapper uses <arch>-buildroot-<system>, the package
Makefile uses $(RUST_TARGET_NAME) defined in the rustc package and uses
it instead of $(GNU_TARGET_NAME).
When compiling Rust code with this compiler, the generated program only
depends on the target C library, as it is statically linked to the Rust
standard library and any other code from Rust packages (a.k.a.
"crates").
If the jemalloc package is selected, support for this memory allocator
will be enabled in the target standard library.
The menuconfig entry for rustc is also updated to expose this provider.
[1] https://forge.rust-lang.org/platform-support.html
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This new package fetches a binary version of Cargo, suitable to
bootstrap the host variants of the Rust compiler and Cargo, the package
manager.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This package provides a pre-built version of rustc, the compiler for the
Rust programming language, fetched from the upstream project.
A pre-built version of the standard library for the host as well as one
for the chosen target are also fetched and installed.
Only the host variant is provided to allow the user to cross-compile
Rust programs and run them on the target.
This package could also be used to provide a bootstrap compiler when building
Rust from source. So, in order to add it as a build dependency, the compiler and
standard libraries are only installed in $(HOST_DIR) if the package is
explicitly selected.
The menuconfig entry for rustc is also updated to expose this provider.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The compiler for the Rust programming language is called rustc.
There is only one reference implementation for it, based on LLVM, from
the Rust project [1]. It can generate code for various architectures so
it can be labeled as a cross-compiler. But, as for GCC, building it
from source takes time.
So it would be sensible to have at least one package which provides it
as a pre-built version, fetched from the upstream project. Later another
package can be added, to build it from source code.
In addition to the compiler, the standard library for the host and/or
the target should also be fetched/built.
So, add a virtual package named rustc to enable support for multiple
providers.
Currently, only the host variant will be available to allow the user to
cross-compile Rust programs for the target.
[1] http://rust-lang.org
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Configure summary without this patch and without alsa-lib built before:
Extra tools required for testing and examples :
[...]
Have ALSA : ................... no
and with this patch
Extra tools required for testing and examples :
[...]
Have ALSA : ................... yes
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As pointed out by Joel Stanley:
https://patchwork.ozlabs.org/patch/863011/
Github now longer provides the exact same tarball for the or1k musl-5.4.0
tarball, breaking the build. Even more, musl-5.4.0 is the name of a git
branch, not a tag.
Fix both problems by changing to the or1k-musl-5.4.0-20170218 tag, which
points to the exact same git commit.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 233202597d, which
causes a lot of build failures. Part of the Python build process tries
to use os.replace(), which is only available since Python 3.3. It
should work if the host-python being built was used, but unfortunately
the system Python ends up being used, causing the build failure.
Fixes:
http://autobuild.buildroot.net/results/ed95a7ded6bd6c17bd0820b3a96862487b71eb2b/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Upstream changed to URL of the source tarball and removed SHA1SUMS.
Added license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes line size in Config.in, trailing whitespace after # and empty line
Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/50971692
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If OpenSSL is selected, --enable-openssl-random should be explicitly
enabled for consistency with the disable case.
[Peter: tweak commit text]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Otherwise, explicitly disable it, so that the configure script does not
misdetect a system-installed libedit for example.
Also, add a profile snippet enabling line editing, Emacs style.
[Peter: move DASH_INSTALL_PROFILE inside conditional,
ensure /etc/profile.d exists]
Change-Id: I68c6dbbafa95e266860329cb9c7ff5519fda5bf8
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remi is a GUI library for Python applications which transpiles an
application's interface into HTML to be rendered in a web browser.
This removes platform-specific dependencies and lets you easily
develop cross-platform applications in Python!
https://github.com/dddomodossola/remi/tree/master
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix gdk-pixbuf broken by host package moved to /lib instead of /usr/lib
Regression occured following commit 19ba17ee3b (Globally replace
$(HOST_DIR)/usr/lib with $(HOST_DIR)/lib).
The host package loader.cache now refer to $(HOST_DIR)/lib, and the target
one should refer to /usr/lib.
Fix it by adjusting the sed invocation.
[Peter: extend commit message]
Signed-off-by: Pierre CROKAERT <pct@crookies.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
These versions are very old and no longer supported according to
https://www.kernel.org/category/releases.html, so drop them and add legacy
entries.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
handle new dependency to Jansson (since 1.10.0).
[Peter: unconditionally disable ovs support as suggested by Thomas]
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The isc assertions from the bundled bind dns library are
using the __FILE__ macro for debug messages (see
dhcp-4.3.5/bind/bind-9.9.9-P3/lib/isc/include/isc/assertions.h).
Disabling the assertions gains:
- reproducible builds (no build time paths in the executable)
- space saving on the target:
dhcpd: 1.9M -> 1.6M
dhcrelay: 1.6M -> 1.3M
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
