libanl.so is needed for asynchronous network address and service
translation, declared in netdb.h
Signed-off-by: Jesper Bækdahl <jbb@gamblify.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libanl.so is needed for asynchronous network address and service
translation, declared in netdb.h
Signed-off-by: Jesper Bækdahl <jbb@gamblify.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit a5015f1025 ("util-linux: security
bump to version 2.29.2") incorrectly removed <pkg>_AUTORECONF = YES.
While the patches touching configure.ac have indeed been removed, there
is still a patch touching a Makemodule.am file, which triggers an
autoreconf a build time, which itself fails because autoconf/automake
are not available.
So re-add <pkg>_AUTORECONF, with a comment pointing specifically at the
patch that makes it necessary.
Fixes:
http://autobuild.buildroot.net/results/309127a532eed00e406bbaf0b1a51b7241a10505/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
configure.ac uses PKG_CHECK_MODULES() so it needs host-pkgconf.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently the host build of Python 2 defaults to narrow unicode (UCS2),
ignoring the BR2_PACKAGE_PYTHON_UCS4 configuration option which may be
set to wide (UCS4).
This results in host and target Python packages which are incompatible
in subtle ways.
For example, installing wheels into the target fails when they are made
with the host python, citing incompatibility (as can be seen by the
package tags which may be "cp27u-manylinux1" instead of
"cp27mu-manylinux1").
Compiling the host Python 2 with the same UCS configuration as the
target ensures that the packages are compatible (and the tags match).
This does not affect Python 3 as support for narrow unicode was
deprecated in version 3.3, see https://www.python.org/dev/peps/pep-0393/
Thanks to Tony Breeds <tony@bakeyournoodle.com> for reporting this.
Signed-off-by: Chris Smart <mail@csmart.io>
[Thomas: add comment in the code.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It updates to the ffmpeg 3.2.4 codebase, fixing several security bugs.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2017-5847 - The gst_asf_demux_process_ext_content_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote
attackers to cause a denial of service (out-of-bounds heap read) via vectors
involving extended content descriptors.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2017-5848 - The gst_ps_demux_parse_psm function in
gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows
remote attackers to cause a denial of service (invalid memory read and
crash) via vectors involving PSM parsing.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It turned out that the troll character U+c2a0 was added by our own
patch.
So fix it amd drop our second patch.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a patch to btrfs-progs that fixes the build of
docker-engine, and possibly other packages including kerncompat.h from
btrfs-progs.
For the btrfs-progs build itself, a --disable-backtrace option allows to
indicate whether backtrace()/<execinfo.h> support should be used or
not. However, once btrfs-progs is installed, it simply looks at whether
__GLIBC__ is defined or not to decide to use backtrace() or not.
However, uClibc defines __GLIBC__ but does not provide backtrace()
functionality. The additional patch tweaks the kerncompat.h to look at
__UCLIBC__ and not use backtrace() functionality in this case.
Fixes:
http://autobuild.buildroot.net/results/9dc9370a79c5c44e6c92be6a44334842c211d923/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
Makefile:532: *** mbedtls is in the dependency chain of bctoolbox that
has added it to its _DEPENDENCIES variable without selecting it or
depending on it from Config.in. Stop.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Trying to copy loaders.cache from host-gdk-pixbuf to the gdk-pixbuf
build directory in the post-patch hook is too early when using TLP (it
breaks horribly) since host-gdk-pixbuf isn't built yet during the
massive unpack/patch cycle.
Switch it to the pre-build hook instead which ensures that gdk-pixbuf
dependencies were already built.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This release needs a new tweak regarding loaders.cache - it's now used
to build the thumbnailer.
Since we already generate it using the host variant for the target we
can re-use this for the build step.
It's not necessary to used the tweaked version since the build one is
only used to account for mime types, not the plugins/loaders themselves.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Wojciech Nizinski <niziak@spox.org>
[Thomas: use the v2.1.0 tag rather than a full commit sha1.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update the comment about the ARC exception to match the one used in VLC,
so that a 'git grep "ARC toolchain issue"' returns the list of packages
to re-evaluate on ARC when the ARC toolchain gets upgraded.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package fails when building for ARC due to ARC toolchain issue.
Marking this with special comment "# ARC toolchain issue" as the package
is to be enabled as soon as the issue with the ARC toolchain is
resolved.
Fixes:
http://autobuild.buildroot.net/results/ebae0ed90b88db5a3b34a46f2ca1ff97e01fe83c/
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
[Thomas:
- add autobuilder reference
- propagate dependency to Config.in comment.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It assumes the MIPS target has an FPU and uses FPU assembler
instructions which cause the compilation to fail when building it for
soft-float.
Fixes:
http://autobuild.buildroot.net/results/f40/f407ca9245e2445619420a9dfd595856729a2b2b/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
[Thomas:
- propagate dependency to Config.in comment
- add comment above the "depends on" to explain why.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Because with libimxvpuapi older than 0.10.3, the gst1-imx-0.12.3 "imxvpu"
plugin will not build.
Changelog:
* properly pass on color format in simplified JPEG encoder interface
* add alternative write-callback-style encoding mode
also add encode example variant which uses write-callback style output
* add support for "fake grayscale mode" in encoders
this is done by using I420 internally and filling the U and V planes
with 0x80 bytes
* make sure JPEG quantization table is copied in standardized zig zag order
the VPU does not, so this has to be done explicitely
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-2629 - curl SSL_VERIFYSTATUS ignored
>From the advisory (http://www.openwall.com/lists/oss-security/2017/02/21/6):
Curl and libcurl support "OCSP stapling", also known as the TLS Certificate
Status Request extension (using the `CURLOPT_SSL_VERIFYSTATUS` option). When
telling curl to use this feature, it uses that TLS extension to ask for a
fresh proof of the server's certificate's validity. If the server doesn't
support the extension, or fails to provide said proof, curl is expected to
return an error.
Due to a coding mistake, the code that checks for a test success or failure,
ends up always thinking there's valid proof, even when there is none or if the
server doesn't support the TLS extension in question. Contrary to how it used
to function and contrary to how this feature is documented to work.
This could lead to users not detecting when a server's certificate goes
invalid or otherwise be mislead that the server is in a better shape than it
is in reality.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From https://www.kernel.org/pub/linux/utils/util-linux/v2.29/v2.29.2-ReleaseNotes
This release fixes su(1) security issue CVE-2017-2616:
It is possible for any local user to send SIGKILL to other processes with root
privileges. To exploit this, the user must be able to perform su with a
successful login. SIGKILL can only be sent to processes which were executed
after the su process. It is not possible to send SIGKILL to processes which
were already running.
Drop upstream patches and autoreconf since it's no longer required.
[Peter: extend commit message with CVE info / description]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit limits results from the javascript query for selecting
messages from the mailing list. It was not limited before.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The imx6ul-liteboard dts patches have been upstreamed in kernel 4.10,
so bump to this version and remove the local patches
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
And use same version for header headers as well.
[Peter: explicitly set BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_10 as pointed
out by Thomas]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#9666 [1]
cp -dpfr .../host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/qml/QtQuick/PrivateWidgets .../target/usr/qml/QtQuick
cp: cannot stat ‘.../host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/qml/QtQuick/PrivateWidgets’: No such file or directory
[1] https://bugs.busybox.net/show_bug.cgi?id=9666
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 76838f6341.
The commit referenced above explicitly states that the function was
copied as-is from the gcc source code at the time. And indeed that is
exactly how the function appeared in gcc in commit
e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934.
However, our toolchain wrapper is "GPLv2 only", while the file this function
was copied from is "GPLv3 or later". As such we can't include that function
and still comply to both licenses.
Furthermore, the code is far from optimum.
Since this feature is not release-critical, revert it until we re-implement
it.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Jérôme Pouiller <jezz@sysmic.org>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Ilias Apalodimas <apalos@gmail.com>
[Thomas:
- rewrap Config.in help text
- add dependency on !BR2_STATIC_LIBS since the code uses libdl.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Some packages may require libipset, for example keepalived.
Signed-off-by: Ilias Apalodimas <apalos@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 497f15b301.
As the comment says, musl version 1.1.13 contains commit 53f41fb568ae4.
Buildroot now ships musl version 1.1.16, so enable build with musl.
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
By default, bctoolbox adds the rpath to the shared library. Prevent this
by setting `CMAKE_SKIP_RPATH` [1] to a true value.
[1] https://cmake.org/cmake/help/latest/variable/CMAKE_SKIP_RPATH.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently we force selection on mbedtls for bctoolbox. If, for whatever
reason, mbedTLS is not found, bctoolbox searches for PolarSSL and, if
not present, fails with:
```
Could NOT find PolarSSL (missing: POLARSSL_INCLUDE_DIRS
HAVE_POLARSSL_SSL_H)
```
This happens because bctoolbox enables support for mbedTLS and PolarSSL
by default, whereas, if both are enabled, mbedTLS is preferred over
PolarSSL.
However, crypto support is not mandatory and support for both libraries
can be turned off. Therefore, optionally depend on mbedTLS or PolarSSL
and enable/disable the library support explicitly.
This fixes the issue of searching for PolarSSL altough the dependency is
not declared in the bctoolbox package.
Note, that this does not fix the issue why mbedtls is not found although
it is enabled. This issue is address in this thread [1].
Fixes:
http://autobuild.buildroot.net/results/cfe/cfeb2f542598e5d450b332fb51a6d79bae24158c/
.. and more.
[1] http://lists.busybox.net/pipermail/buildroot/2017-February/183055.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Static linking with bctoolbox fails when using pkg-config as the
generated bctoolbox.pc file only consists of an '-L' string without any
search path or libraries flags:
```
libtool: link: need path for `-L' option
```
That's because of an typo in mbedtls_library_path. However,
mbedtls_library_path contains a string of the mbedtls libraries
concatenated by an ';' which cannot be parsed by pkg-config.
Therefore, use MBEDTLS_LIBRARY instead of MBEDTLS_LIBRARIES to get
the library path.
Furthermore, add the three mbedtls libraries mbedtls, mbedcrypto, and
mbedx509 to LIBS_PRIVATE so these libraries are added to the
Libs.private field of bctoolbox.pc.
Fixes:
http://autobuild.buildroot.net/results/37d5625df4be11ccdc063871e9f6e13d5f59fb52http://autobuild.buildroot.net/results/1999c841fae41f860f00747a362327cb2857e687
.. and many more.
Upstream status: Pending
https://github.com/BelledonneCommunications/bctoolbox/pull/4
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>