We have some internal packages which automatically bake a version string
from the git checkout, and we usually combine these with a
*_OVERRIDE_SRCDIR. I would like to let Buildroot *not* skip the .git
directory when picking up sources from the local checkout. It turns out
that the existing mechanism (*_OVERRIDE_SRCDIR_RSYNC_EXCLUSIONS) only
supports adding to the exclude list because `rsync` simply uses the
first match from the provided filtering rules.
Solve this by using the user-provided values first. If they match, then
`rsync` won't exclude stuff based on the generic VCS exclude patterns.
Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a27078d32d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop third patch which is not upstreamable and set XSLTPROC to false
instead to disable documentation
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 48a9848cd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch is not needed since version 4.9.0 and
859698d29b
which solved the issue by avoiding calling this function.
Also renumber the remaining patches.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit df859a83f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mpd can't be built statically with tremor and vorbis, build fails on:
block.c:(.text+0x11c): multiple definition of `vorbis_block_init'
/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib/libvorbisidec.a(block.o):block.c:(.text+0x0): first defined here
/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/7.4.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: Disabling relaxation: it will not work with multiple definitions
/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib/libvorbis.a(block.o): In function `_vorbis_block_alloc':
Fix this by making both options mutually exclusive
It should be noted that upstream explicitly removed the possibility to
enable tremor and vorbis at the same time since version 0.21.6 and
c18cd941aa
Since we only have 0.20.23, it is still possible to build them together,
but there is clearly no need to allow it.
Fixes:
- http://autobuild.buildroot.org/results/60c721a82ffd668bebf02d80bca83780d6cdb2f2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5395b1ca45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop tremor select added by commit
d428dddf68
Indeed, nowadays, mpd can be built successfully even if there is no
input plugin selected.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5d4ee34c39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2019-12308: AdminURLFieldWidget XSS¶
The clickable "Current URL" link generated by AdminURLFieldWidget displayed
the provided value without validating it as a safe URL. Thus, an
unvalidated value stored in the database, or a value provided as a URL query
parameter payload, could result in an clickable JavaScript link.
AdminURLFieldWidget now validates the provided value using URLValidator
before displaying the clickable link. You may customize the validator by
passing a validator_class kwarg to AdminURLFieldWidget.__init__(), e.g.
when using formfield_overrides.
Patched bundled jQuery for CVE-2019-11358: Prototype pollution¶
jQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because of
Object.prototype pollution. If an unsanitized source object contained an
enumerable __proto__ property, it could extend the native Object.prototype.
The bundled version of jQuery used by the Django admin has been patched to
allow for the select2 library’s use of jQuery.extend().
For more details, see the release notes:
https://docs.djangoproject.com/en/dev/releases/2.1.9/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 426084e25f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper
validation of recipient address in deliver_message() function in
src/deliver.c may lead to remote command execution.
For more details, see the advisory:
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 83967ef53d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop 5.{0, 1}.x bump]
(cherry picked from commit b827a3f50e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dosfstools and busybox may each install mkfs.vfat, so dosfstools must
be installed before busybox.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca42df2111)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Peter: drop 5.{0, 1}.x bump]
(cherry picked from commit b24f274abe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes a kernel 5.1.x compatibility issue. The only changes
between 0.12.1 and 0.12.2 are:
d3b198ef6f57ca512fb25147c9d85b922fd4651a Released v0.12.2
376c2c28bd7d4470cd92ff646d6087ca70cd9d2e fixed typo
6edc4b164b1f05bee74cb507a4f50776a65ceb73 mentioned support for 5.0.0
0b8feb80fdef9a415d8250bca1790b3ff23e8391 Replace v4l2_get_timestamp with ktime_get_ts(64)
541e3bc7aaf46dc9a21f92c7f527397fce03dfd8 Update README.md
So the only functional change is the actual ktime_get_ts() fix, which
is needed for Linux 5.1 compatibility. Therefore, bumping is pretty
much the same as backporting just this commit.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Thomas: extend the commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7a8460d45b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This should fix a kernel 5.x.x compatibility issue.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eb81fe39a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The decklink plugin uses <dlfcn.h> functions: dlopen(), dlsym(), etc.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e49d5e946d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We can't use dosfstools' install target, because it'll install *all*
binaries, even the disabled ones. Also, we can't just delete dosfstools
binaries from the target directory after installing them, because other
packages (specifically Busybox) may provide tools of the same name, and
we may end up deleting those instead.
To avoid any issues, we create our own install routines, which only
copy the enabled binaries into the target location.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
[Thomas: use full destination path for INSTALL commands.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4cc31dfa3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
(3.41) CVE-2018-12404: Cache side-channel variant of the Bleichenbacher
attack
(3.42.1) CVE-2018-18508: Add additional null checks to several CMS functions
to fix a rare CMS crash. Thanks to Hanno Böck and Damian Poddebniak for the
discovery and fixes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8c0bff1b4f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
no-dso option has been removed with
31b6ed76df
To fix this error, use "gcc" target in static builds. This target is
very minimalistic, we need to manually pass -lpthread and
-DOPENSSL_THREADS however we can also remove libdl workarounds
Fixes:
- http://autobuild.buildroot.org/results/96d6b89d20980e8f7fa450b832474a81d492b315
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8c2c959b02)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
every encryption operation. RFC 7539 specifies that the nonce value (IV)
should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
front pads the nonce with 0 bytes if it is less than 12 bytes. However it
also incorrectly allows a nonce to be set of up to 16 bytes. In this case
only the last 12 bytes are significant and any additional leading bytes are
ignored.
It is a requirement of using this cipher that nonce values are unique.
Messages encrypted using a reused nonce value are susceptible to serious
confidentiality and integrity attacks. If an application changes the
default nonce length to be longer than 12 bytes and then makes a change to
the leading bytes of the nonce expecting the new value to be a new unique
nonce then such an application could inadvertently encrypt messages with a
reused nonce.
Additionally the ignored bytes in a long nonce are not covered by the
integrity guarantee of this cipher. Any application that relies on the
integrity of these ignored leading bytes of a long nonce may be further
affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is
safe because no such use sets such a long nonce value. However user
applications that use this cipher directly and set a non-default nonce
length to be longer than 12 bytes may be vulnerable.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cfedfdee95)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patches 4..6 as they are now upstream.
Update the hash of the license file as the copyright dates changed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c2c57aa30f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since linux-4.19, the kernel's build system internally touches its
.config file.
However, we currently used that file as a timestamp to detect whether
our kconfig fixups were to be (re)applied or not, which in turn is used
to decide whether we should (re)build the package or not.
But with latest kernel versions, this timestamp heuristic is now broken,
and we always rebuild the kernel on subsequent builds.
We fix that by introducing a separate timestamp file of our own, which
we know the kernel (or the kconfig-based packages, for that matters)
does not use.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 05fea6e4a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to the LICENSE file curve25519-donna is licensed under
BSD-3-Clause license.
There is only BSD-2-Clause license mentioned so remove
BSD-2-Clause-like.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b7f1363050)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a number of crashes / bugs. For details, see:
https://github.com/cython/cython/blob/master/CHANGES.rst
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f2c9e9707e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Provide additional details on how Mender works within Buildroot.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
[Thomas: remove duplicate "Default configuration files" title, rewrap
text]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a10d911788)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There are two additional inventory scripts provided in
the Mender client repository, let's install them.
- mender-inventory-os
- will push content of /etc/os-release
- mender-inventory-rootfs-type
- will push filesystem type of rootfs
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit bbb4bc7dfa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configuration options (RootfsPartA/RootfsPartB) must
provide a valid path to a block devices.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 637352b50b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Always set CMAKE_BUILD_TYPE to Release otherwise supertux will be built
with -pg since:
afd5f1b33c
This will result in the following build failure on uclibc or musl:
[ 77%] Linking C executable sq_static
CMakeFiles/sq_static.dir/sq.c.o: In function `quit':
/home/buildroot/autobuild/instance-3/output/build/supertux-0.6.0/external/squirrel/sq/sq.c:42: undefined reference to `__gnu_mcount_nc'
Fixes:
- http://autobuild.buildroot.org/results/b0b2e25af198d01713d1e2bcf38c77ae8ffbd7de
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c283f0216d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Check-package gives error on flare-engine due to trailing whitespace in
flare-engine.mk comment inserted with commit:
https://git.buildroot.net/buildroot/commit/?id=1203cca1b51eefb4ee236d998ab6ec32bdd087d8
Remove trailing whitespace in flare-engine.mk comment.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit bf6c06152f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With Microblaze Gcc version < 8.x the build hangs due to bug 85180:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180
To avoid this, the flare-engine package has a
!BR2_TOOLCHAIN_HAS_GCC_BUG_85180 dependency. However, gcc bug 85180 only
triggers when optimization is enabled, so we can work around the issue
by passing -O0, which is what we do in other Buildroot packages to work
around this bug.
So, this commit passes -O0 when BR2_TOOLCHAIN_HAS_GCC_BUG_85180, and
re-enables flare-engine on Microblaze. It is not enough to set
CMAKE_CXX_FLAGS, because flare-engine's CMakeLists.txt sets
CMAKE_CXX_FLAGS_<BUILD_TYPE> (depending on the value of
CMAKE_BUILD_TYPE), and the build-type-specific flags come after the
generic flags, so our -O0 gets overridden again. Therefore, also set
CMAKE_BUILD_TYPE to the dummy value Buildroot.
Fixes:
http://autobuild.buildroot.net/results/706/7065e14917a8bbc0faf21b29183ac55b6c800ee3/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[Arnout: extend explanatory comment and update commit log]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1203cca1b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Modify config.sub so that it knows about the C-SKY
architecture. Without this, all autotools projects fail to build on
C-SKY.
Signed-off-by: Guo Ren <ren_guo@c-sky.com>
[Thomas: improved commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2213636675)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
limited_max_clients and limited_max_devices have been renamed in 3.12
as max_clients and max_devices, respectively.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Benoît Thébaudeau <benoit.thebaudeau.dev@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 87cc11688d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop 5.{0, 1}.x bump]
(cherry picked from commit 8990bd3032)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For early microcode loading, there is no need to install the individual
microcode files to /lib/firmware - So make that optional.
Let the option default to y for backwards compatibility, and select it from
iucode-tool as the init script relies on the /lib/firmware files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a134aeb995)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To support building in (a subset of) the intel-microcode files into the
kernel using the CONFIG_EXTRA_FIRMWARE option, we need to ensure that the
microcode files are installed before the Linux kernel is built.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f26dc16ab4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Microcode based security mitigation (E.G. MDS) requires that the microcode
gets loaded very early. This can be handled by one of:
- Concatenating (a subset of) the intel-microcode files and write to
kernel/x86/microcode/GenuineIntel.bin in the initrd. Requires that the
(first) initrd is external from the kernel and NOT compressed.
- Build (a subset of) the intel-microcode files into the kernel using the
CONFIG_EXTRA_FIRMWARE option.
Install the microcode files into images to support these use cases (E.G.
through a post-build script for the initrd, or by pointing
CONFIG_EXTRA_FIRMWARE_DIR to ${BR_BINARIES_DIR}, similar to how we include
the .cpio image inside the kernel).
Notice that there may be licensing concerns when embedded non-GPL firmware
in the kernel.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7c5dfea804)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With Microblaze ccc version < 8.x the build hangs due to bug 85180:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180. To avoid this, the
assimp package has a !BR2_microblaze dependency. However, gcc bug
85180 only triggers when optimization is enabled, so we can work
around the issue by passing -O0, which is what we do in other
Buildroot packages to work around this bug.
So, this commit passes -O0 when BR2_TOOLCHAIN_HAS_GCC_BUG_85180, and
re-enables assimp on Microblaze.
Note that the comment was talking about gcc bug 71124, but this gcc
bug is a duplicate of 85180. Since all Buildroot packages now use the
reference to gcc bug 85180 and the option is named
BR2_TOOLCHAIN_HAS_GCC_BUG_85180, we use this naming as well for
assimp.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b7c9a7d602)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With Microblaze Gcc version < 8.x the build hangs due to gcc bug
85180: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180. To avoid
this problem, until now, ffmpeg could not be selected on
Microblaze. However, this problem only happens due to optimization,
and can worked around by forcing -O0.
So, when BR2_TOOLCHAIN_HAS_GCC_BUG_85180=y, this commit:
- adds --disable-optimizations to FFMPEG_CONF_OPTS
- passes -O0 to CFLAGS in FFMPEG_CONF_ENV
Then, we remove 'depends on !BR2_microblaze' from Config.in to
re-enable the package.
Note that the comment was talking about gcc bug 71124, but this gcc
bug is a duplicate of 85180. Since all Buildroot packages now use the
reference to gcc bug 85180 and the option is named
BR2_TOOLCHAIN_HAS_GCC_BUG_85180, we use this naming as well for
ffmpeg.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[Thomas: tweak CFLAGS logic, improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3b38f440c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With Microblaze Gcc version < 8.x the build hangs to gcc bug 85180:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180. This package has
been excluded from building if the toolchain is affected by gcc bug
85180. To be consistent with how we deal with this issue in other
packages, we re-enable the package and instead work around the issue
by building with -O0, since gcc bug 85180 manifests itself only when
optimization is enabled.
To achieve this:
- add --disable-optimizations to EXTRA_OPTS, which gets passed down to
the built-in libav library
- pass -O0 to CFLAGS in CONF_ENV
Then we remove 'depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_85180' and its
comment if not available from Config.in
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[Thomas: tweak CFLAGS logic, improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a2e55071b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With Microblaze Gcc version < 8.x the build hangs due to gcc bug
85180: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180. The bug
shows up when building postgresql with optimization but not when
building with -O0. To work around this, if
BR2_TOOLCHAIN_HAS_GCC_BUG_85180=y we force using -O0.
Fixes:
http://autobuild.buildroot.net/results/53c270c696ee999d541da0b09bf6a215e5335e9a/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[Thomas: tweak CFLAGS logic, improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5bbcccad9d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
