Fixes:
CVE-2016-1950 - Fixed a heap-based buffer overflow related to the
parsing of certain ASN.1 structures. An attacker could create a
specially-crafted certificate which, when parsed by NSS, would cause a
crash or execution of arbitrary code with the permissions of the user.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that we use unbundled ffmpeg the licensing becomes much easier.
Relevant code is under ext/*, which according to COPYING and comments is
GPLv2+, except for ext/libswscale/gstffmpegscale.c which is LGPLv2+ -
however that's not built/used when using system ffmpeg.
The code under gst-libs/ is the bundled ffmpeg itself.
Tests are under LGPLv2+ as well but we don't build them since we
disabled gst-check support in the gstreamer1 package.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It avoids the crazy in handling all of the ffmpeg options here as well,
and potentially avoids target code duplication, hence resulting in a
size reduction.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: extend help text as suggested by Arnout.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The format of the ACL database in tvheadend has changed, and generating
a default user is a little bit more involved than just dumping a file in
the correct locations: filenames are now md5sum (of something?) and the
usernames and passwords now have their own DB.
However, tvheadend has a wizard mode, where it is possible to configure
the basic features, of which creating an admin user.
We remove our canned ACL database, and change the startup script to
start in wizard mode on first run. We also switch to using our infra to
set the permissions.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Remove the bundled sqlite unconditionally, as we always want to use
the external sqlite.
- Remove the --with-system-sqlite option as is only valid for the
bundled sqlite configure script which we will no longer use.
- Do not remove TDBC when BR2_PACKAGE_SQLITE is not selected as it may
be used for other TDBC drivers such as MySQL or PostgreSQL.
Fixes:
http://autobuild.buildroot.net/results/022/02296f8624d3406a63d3a179f53862f245c56dc1/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Those [0-9] expressions are needlessly complex, and they actually no
longer work now that sqlite3.11.0 is bundled internally (11 is two
digits, which was accounted for).
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
aer-inject allows to inject PCIE AER errors on the software level into
a running Linux kernel. This is intended for validation of the PCIE
driver error recovery handler and PCIE AER core handler.
Signed-off-by: Tiago Brusamarello <tiago.brusamarello@datacom.ind.br>
[Thomas:
- tweak commit log
- rewrap Config.in help text
- remove useless AER_INJECT_MAKE_OPTS variable, use
TARGET_CONFIGURE_OPTS directly
- add missing newline at end of .mk file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When a toolchain is glibc based, the getent package assumes that
$(STAGING_DIR)/usr/bin contains the getent program. Unfortunately, the
Codescape MIPS toolchains do not conform with this:
$(STAGING_DIR)/usr/{bin,sbin} are empty, and instead three directories
are provided: bin-o32, bin-n32 and bin-n64 (ditto for sbin), one for
each supported MIPS ABI.
Since this is a toolchain-specific oddity, we handle it by adding a
post-install fixup hook that creates $(STAGING_DIR)/usr/{bin,sbin} as
symbolic link to the appropriate directory.
Fixes:
http://autobuild.buildroot.org/results/9c0ee836021553319f166f9de88750535aee0a58/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It only provided the host variant, which was only used by crda (no
longer necessary), and wasn't available as a host selection.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add an upstream-submitted (but not accepted) patch in order to allow
crda to be built with python2 as well as python3.
This drops m2crypto usage (python2-only) in favour of pycrypto which can
be built against both major versions.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Will be used by the crda python3-enabling patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It's used for JUnit XML output support.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It doesn't have an enable/disable switch so it's just the dependency.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It's in the rpi backend block which makes no sense, and it depends on
xwayland being enabled which we currently don't support so remove it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The weston-launch supplemental group is for users to be able to
use/launch weston.
For a full weston(-launch) experience users should be at least members
of weston-launch, video (for framebuffer permissions) and optionally
audio.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It's used for the recorder.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When it's enabled set the default weston backend to fbdev, otherwise the
drm backend is the default even though we are not building it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also drop simple-egl-clients from the rpi compositor since it's a
duplicate of the global one.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch makes below changes to powerpc-utils package:
- Update to latest upstream version (v1.3.1)
- Update License (from CPL to GPLv2)
- Update source link (from SF to github)
- Disable librtas by default
- Finally make necessary adjustment to compile the source
(run autogen.sh before ./configure as we don't have configure in new tarball).
RTAS:
This package contains few tools (like nvram, ppc64_cpu, etc) which are not
dependent on RTAS support. Traditionally we always had RTAS support (at least
on IBM Power system). But now a days we do have environments like PowerNV host
where we do not have RTAS support. Instead we use OPAL for runtime service [1].
Hence lets disable RTAS by default. If someone wants to build powerpc-utils
with RTAS they can enable it.
[1] https://github.com/open-power/skiboot.git
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
[Thomas: re-add hash file, fix license, it's GPLv2+, improve commit title.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As indicated by the uClibc-ng source code, the NPTL thread
implementation is only available on MMU platforms, so we replicate
this dependency in Buildroot so that the appropriate thread
implementation is chosen by default on ARM noMMU.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As explained by Waldemar, enabling DOPIC in uClibc will lead to the
creation of a Position Independent library. In turn, this will cause
elf2flt to generate a "Has-PIC-GOT" flat binary, which doesn't work on
ARM. In fact, elf2flt on ARM really expect to have non-PIC code as
input, so we must disable DOPIC in the uClibc configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Older gcc were not capable of building a uClibc library, with threads
enabled, in Thumb1. However, the issues have been fixed since gcc 4.9,
so this commit narrows down the condition to just gcc 4.7 and 4.8.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that uClibc is capable of figuring out by itself whether 'bx' can
be used or not, we can simplify the logic in Buildroot.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a number of patches to uClibc that radically
simplifies the Thumb handling. uClibc currently has three options that
you need to toggle on Thumb configurations depending on the specific
ARM CPU being targeted.
However, it turns out that none of those options are necessary:
- USE_BX can simply be guessed by looking at the ARM core being
used. The bx instruction is available for all ARM cores >=
ARMv4T. This is exactly what glibc is doing.
- USE_LDREXSTREX can also be guessed by looking at the ARM core being
used: whenever you have Thumb2, ldrex/strex is available.
- COMPILE_IN_THUMB becomes useless, since all it does is passing
-mthumb. But just like the uClibc config options to set
--march=<foo> have been removed a long time ago, there's no need to
-have an option to pass -mthumb.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
mesa3d can in fact build the DRI infrastructure/drivers just fine
without lingering x11 libs around, it just needs libdrm & friends which
are already accounted for.
So make the libGL (full OpenGL) providing abilities dependant on x11
being present.
It serves it's purpose for EGL+GLES hardware acceleration, and can in
fact be built without them, but it's probably not very useful (still,
leave the option for people inclined to do so).
Simple test defconfig:
BR2_arm=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_MESA3D_DRI_DRIVER_SWRAST=y
BR2_PACKAGE_MESA3D_DRI_DRIVER_NOUVEAU=y
BR2_PACKAGE_MESA3D_DRI_DRIVER_RADEON=y
BR2_PACKAGE_MESA3D_OPENGL_EGL=y
BR2_PACKAGE_MESA3D_OPENGL_ES=y
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add more upstream commits to fix build errors with perl 5.10
introduced by the previous patch to fix build errors with perl 5.22.
Fixes
http://autobuild.buildroot.net/results/325/32519c6d4084f334b7fed9edfb8a8c68a1f840a8/
and many others.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: reformat patches as proper Git formatted patches.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>