libressl support has been fixed since version 3.4.2 and
ce489ebb47
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From https://www.zetetic.net/blog/2019/08/14/defcon-sqlite-attacks:
"We strongly recommend that all applications upgrade to SQLCipher 4.2.0
to take advantage of the latest security updates, especially if an
application interacts with non-encrypted databases using SQLCipher."
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the
data-container property of tooltip.
- Fix an XSS vulnerability (CVE-2019-8331) in our tooltip and popover
plugins by implementing a new HTML sanitizer
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Development moved to github.com.
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-doxygen use std::make_unique which is a C++14 feature and so not
available with host gcc 4.8 so add a Config.in.host for doxygen and add
host gcc 4.9 dependency to host-doxygen and sigrok C++ option
Fixes:
- http://autobuild.buildroot.org/results/3ac78c5d4728287bafdfeb3a54f50eb193934b63
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Update site in Config.in, see
604ae3c286
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-19307: An integer overflow in parse_mqtt in mongoose.c in
Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS
(infinite loop), or possibly cause an out-of-bounds write, by sending
a crafted MQTT protocol packet.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also install "fileop", another file system benchmarking tool
provided by the iozone package.
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also enabled support for Opus music playback using opusfile library
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes high rngd startup latency along with other minor bugs:
https://github.com/nhorman/rng-tools/releases/tag/v6.9
Signed-off-by: Wesley Chow <wes.chow@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
/home/test/autobuild/run/instance-1/output-1/host/lib/gcc/xtensa-buildroot-linux-uclibc/8.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: ../../lib/libOgreMain.so.1.12.0: undefined reference to `__atomic_fetch_add_8'
This is often for example the case on sparc v8 32 bits.
Fixes:
- http://autobuild.buildroot.org/results/3a09e2d1d26b19243244eb7f9235c85488a788d2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the r300 driver was introduced in c5ae77c97 (package/mesa3d: add
support for gallium r300 driver), a last-minute fix was introduced by
Yann, to properly propagate the dependency of a selected symbol.
However, this ended up causing a spurious circular dependency that does
not really exists, but that Kconfig is not smart enough to detect is in
fact OK.
Fixing this is pretty non-obvious, but we have an easy way out: the
dependency is about libdrm's radeon driver requirement for a toolchain
that has the sync4 family of primitives, which is always a given for an
x86 toolchain. As the radeon r300 driver is x86-only, this dependency is
forcefully fulfilled.
So, we drop the propagated dependency, and replace it by a fat comment.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add missing qstrip wrapping to the new
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS option.
Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Forcibly disable the JavaScriptCore JIT compilation support
for MIPSr6 processors, which are unsupported.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
exim builds some files during the 'make install' step, and these fail with
an error:
lookups/lf_quote.c:49:3: error: 'for' loop initial declarations are only allowed in C99 mode
for (int j = 0; j < vlength; j++)
^
Fix by passing the -std=c99 here, as it is already passed in the build
step.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building with the Sourcery CodeBench ARM 2014.05 the build fails with this
error:
>>> exim_dbmbuild utility built
.../buildroot/output/host/bin/arm-none-linux-gnueabi-gcc -DEXIM_DUMPDB exim_dbutil.c
exim_dbutil.c: In function 'main':
exim_dbutil.c:568:1: error: 'for' loop initial declarations are only allowed in C99 mode
for (uschar * key = dbfn_scan(dbm, TRUE, &cursor);
^
exim_dbutil.c:568:1: note: use option -std=c99 or -std=gnu99 to compile your code
exim_dbutil.c:630:2: error: 'for' loop initial declarations are only allowed in C99 mode
for (int i = 1; i <= wait->count; i++)
^
exim_dbutil.c:642:6: error: 'for' loop initial declarations are only allowed in C99 mode
for (int j = 0; j < MESSAGE_ID_LENGTH; j++)
^
Fix by enforcing C99. This completes commit
2c692e81a8 ("package/exim: fix host build")
to also fix target builds.
Fixes: http://autobuild.buildroot.net/results/6b7e08090f5f0f2627cc3e89b349c2052b6e3116/
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select BR2_PACKAGE_BLUEZ5_UTILS only if all its reverse dependencies
are selected
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop all patches (already in version)
- Update indentation in hash file (two spaces)
- This bump also fix a build failure with BR2_ENABLE_DEBUG thanks to
d5f8e00825
Fixes:
- http://autobuild.buildroot.org/results/17e564fc6465e6e83742c421f2a48b8a0a4923bc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Recent is*_l fix broke uclibc build because removed __isctype_l
definition was used in libc/misc/ctype/ctype.c. Restore it.
Fixes: 8723c5e7a6 ("package/uclibc: fix ctype.h is*_l definitions")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
[yann.morin.1998@free.fr:
- add new patch, don't fix existing one
- add URL to upstream ML post
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2016-6328: A vulnerability was found in libexif. An integer overflow
when parsing the MNOTE entry data of the input file. This can cause
Denial-of-Service (DoS) and Information Disclosure (disclosing some
critical heap chunk metadata, even other applications' private data).
- CVE-2017-7544: libexif through 0.6.21 is vulnerable to out-of-bounds heap
read vulnerability in exif_data_save_data_entry function in
libexif/exif-data.c caused by improper length computation of the allocated
data of an ExifMnote entry which can cause denial-of-service or possibly
information disclosure.
- CVE-2018-20030: An error when processing the EXIF_IFD_INTEROPERABILITY and
EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to
exhaust available CPU resources.
- CVE-2019-9278: In libexif, there is a possible out of bounds write due to
an integer overflow. This could lead to remote escalation of privilege in
the media content provider with no additional execution privileges needed.
User interaction is needed for exploitation.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Backport patch from upstream to fix build failures such as:
In file included from /home/buildroot/autobuild/instance-0/output-1/build/gnuradio-3.8.0.0/gr-digital/lib/glfsr.cc:23:
/home/buildroot/autobuild/instance-0/output-1/build/gnuradio-3.8.0.0/gr-digital/lib/../include/gnuradio/digital/glfsr.h:42:5: error: 'uint32_t' does not name a type; did you mean 'u_int32_t'?
uint32_t d_shift_register;
^~~~~~~~
u_int32_t
Since Gnuradio policy is Less boost == better and C++11 is used, use cstdint
instead of boost/cstdint.hpp.
Applied in gnuradio master (475e4a156b516c089175afb998acdc80b740b437)
fix:
- http://autobuild.buildroot.net/results/14015f499e58fee530877ac052878bbe2f799942/
- http://autobuild.buildroot.net/results/53239f98dd5e03d4dc1bb4eb91ed765f77dbf0ec/
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[yann.morin.1998@free.fr:
- add upstream reference in the patch itself
- minor eye-candy in commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: also guard comment with x86 dependency]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
iris is inherently an x86-only driver, and it hard codes gcc options
specific to x86m like -msse2, causing build breakage on other
architectures.
iris also does not use kmsro, but the select was accidentally added when
iris was introduced.
Fix both by adding the missing dependency to x86, and by removing the
select to kmsro.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- ad dependency to x86
- reword commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
These updated patches fix the same issues but are backported from upstream
commits instead of pull requests.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
After commit:
https://git.buildroot.net/buildroot/commit/?id=fb49c7a26182f9d48f8283e7328fddc216962c94
gstreamer entry in package/Config.in was left behind resulting in every
make call to fail. So let's remove orphaned gstreamer entry from
package/Config.in
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Gstreamer 0.10 has been deprecated upstream since 2012 and is missing a lot
of features and (security) fixes compared to gstreamer1, so remove it.
All gstreamer-0.10 sub packages depends on gstreamer, so we only need to add
a legacy entry for that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With the upcoming removal of gstreamer 0.10, the logic for installing
binaries using gstreamer 0.10.x in nvidia-tegra23-binaries must go as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With the upcoming removal of gstreamer 0.10, the logic for building freerdp
with support for it must go as well.
As there is now a single option for gstreamer (1.x) support, convert the
gstreamer support choice to a normal option for simplicity.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With the upcoming removal of gstreamer 0.10, the logic for building opencv3
with support for it must go as well.
As there is now a single option for gstreamer (1.x) support, convert the
gstreamer support choice to a normal option for simplicity.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With the upcoming removal of gstreamer 0.10, the logic for building opencv
with support for it must go as well.
As there is now a single option for gstreamer (1.x) support, convert the
gstreamer support choice to a normal option for simplicity.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Libplayer is dead upstream. The mercurial repo is no longer online, it
hasn't seen any releases since 2010 and the mplayer backend was removed from
Buildroot in 2018.
With the upcoming removal of gstreamer 0.10, there is no longer any backends
available in Buildroot, so remove the package.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With the upcoming removal of gstreamer 0.10, the logic for building
qt5multimeda with support for it must go as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With the upcoming removal of gstreamer 0.10, the logic for building
libnice with support for it must go as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With the upcoming removal of gstreamer 0.10, the logic for building
gupnp-dlna with support for it must go as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With the upcoming removal of gstreamer 0.10, the logic for building
classpath with support for it must go as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Most, but not all our C code follows the Linux kernel code style (as
documented in Documentation/process/coding-style.rst). Adjust the few
places doing differently:
- Braces:
..but the preferred way, as shown to us by the prophets Kernighan
and Ritchie, is to put the opening brace last on the line
- Spaces after keywords:
Use a space after (most) keywords
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When Buildroot is released, it knows up to a certain kernel header
version, and no later. However, it is possible that an external
toolchain will be used, that uses headers newer than the latest version
Buildroot knows about.
This may also happen when testing a development, an rc-class, or a newly
released kernel, either in an external toolchain, or with an internal
toolchain with custom headers (same-as-kernel, custom version, custom
git, custom tarball).
In the current state, Buildroot would refuse to use such toolchains,
because the test is for strict equality.
We'd like to make that situation possible, but we also want the user not
to be lenient at the same time, and select the right headers version
when it is known.
So, we add a new Kconfig blind option that the latest kernel headers
version selects. This options is then used to decide whether we do a
strict or loose check of the kernel headers.
Suggested-by: Aaron Sierra <asierra@xes-inc.com>
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
[yann.morin.1998@free.fr:
- only do a loose check for the latest version
- expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>