Fixes the following security vulnerabilities:
- CVE-2020-7921: (4.0.15) Improper serialization of internal state in the
authorization subsystem in MongoDB Server's authorization subsystem
permits a user with valid credentials to bypass IP whitelisting protection
mechanisms following administrative action.
Plus a number of other bugfixes. For details, see the release notes:
https://docs.mongodb.com/manual/release-notes/4.0/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
oracle-mysql won't built its own bundled zlib since commit
6fed83a030 so don't unconditionally link
with zlib instead use mysql_config to retrieve cflags and libs as
suggested by Thomas Petazzoni in review of first iteration
Fixes:
- No autobuilder failures yet
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit efffb3ea45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gtkvncviewer has been added since version 0.9.13 and
2650cfc17b,
disable it as it is only an example
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c89f62cec6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop all patches (already in version)
- Fix CVE-2018-21247: An issue was discovered in LibVNCServer before
0.9.13. There is an information leak (of uninitialized memory contents)
in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
- Fix CVE-2019-20839: libvncclient/sockets.c in LibVNCServer before
0.9.13 has a buffer overflow via a long socket filename.
- Fix CVE-2019-20840: An issue was discovered in LibVNCServer before
0.9.13. libvncserver/ws_decode.c can lead to a crash because of
unaligned accesses in hybiReadAndDecode.
- Fix CVE-2020-14396: An issue was discovered in LibVNCServer before
0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
- Fix CVE-2020-14397: An issue was discovered in LibVNCServer before
0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
- Fix CVE-2020-14398: An issue was discovered in LibVNCServer before
0.9.13. An improperly closed TCP connection causes an infinite loop in
libvncclient/sockets.c.
- Fix CVE-2020-14399: An issue was discovered in LibVNCServer before
0.9.13. Byte-aligned data is accessed through uint32_t pointers in
libvncclient/rfbproto.c.
- Fix CVE-2020-14400: An issue was discovered in LibVNCServer before
0.9.13. Byte-aligned data is accessed through uint16_t pointers in
libvncserver/translate.c.
- Fix CVE-2020-14401: An issue was discovered in LibVNCServer before
0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
- Fix CVE-2020-14402: An issue was discovered in LibVNCServer before
0.9.13. libvncserver/corre.c allows out-of-bounds access via
encodings.
- Fix CVE-2020-14403: An issue was discovered in LibVNCServer before
0.9.13. libvncserver/hextile.c allows out-of-bounds access via
encodings.
- Fix CVE-2020-14404: An issue was discovered in LibVNCServer before
0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
- Fix CVE-2020-14405: An issue was discovered in LibVNCServer before
0.9.13. libvncclient/rfbproto.c does not limit TextChat size.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e1b60ef181)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-14148: The Server-Server protocol implementation in
ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated
by the IRC_NJOIN() function.
- Fix a static build failure with openssl thanks to
ad86a41eee
- Update indentation in hash file (two spaces)
Fixes:
- http://autobuild.buildroot.org/results/078a7afc432786316a1d2ea03f96444ff741b942
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 53f92e65ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
* CVE-2020-8619: It was possible to trigger an INSIST failure when a
zone with an interior wildcard label was queried in a certain
pattern.
Release notes:
https://ftp.isc.org/isc/bind9/cur/9.11/RELEASE-NOTES-bind-9.11.20.txt
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cc7740825a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit 'package/rpi-firmware: fix startup file names' ([1]) the
start and fixup file names are normalized to start.elf/fixup.dat,
adjust the rpi4 genimage config files accordingly.
Fixes:
ERROR: file(rpi-firmware/fixup4.dat): stat(.../images/rpi-firmware/fixup4.dat) failed: No such file or directory
ERROR: vfat(boot.vfat): could not setup rpi-firmware/fixup4.dat
[1] https://git.buildroot.net/buildroot/commit/?id=1bdc0334ff6273761b2e7fda730cdcc7e1f46862
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 59c3426c51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2020-7212 (1.25.2 - 1.25.7)
The _encode_invalid_chars function does not remove duplicate percent
encodings in the _percent_encodings array, which combined with the
normalization step could take O(N^2) time to compute for a URL of
length N. This results in a marginally higher CPU consumption
compared to the potential linear time achieved by deduplicating
the _percent_encodings array.
CC: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fc57db8401)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As spotted by Thomas Petazzoni during review of
https://patchwork.ozlabs.org/project/buildroot/patch/20200713215943.2240412-1-fontaine.fabrice@gmail.com,
oracle-mysql uses its bundled version of zlib if it is not found on the
system
So explictly disable zlib if needed and add a patch fixing build
failures without it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6fed83a030)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
EXIV2_ENABLE_LIBXMP has been dropped since version 0.27 and
2784b1f7f7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e5310ad13e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
EXIV2_ENABLE_BUILD_SAMPLES has been renamed into EXIV2_BUILD_SAMPLES
since version 0.27 and
60d436c969
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9188421331)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Prior to gzip 1.10, the compression pipeline used with PCF fonts was
not reproducible due to the implicit -N/--name injecting a timestamp:
$ cat /path/to/file | gzip > /path/to/file.gz
This updates Portable Compiled Format font packages to have a host-gzip
dependency, so gzip version 1.10 or newer will reliably be used.
This change does not affect encodings, which use a seemingly
synonymous compression pipeline, but that happens to be reproducible
with gzip versions at least as old as version 1.3.13:
$ gzip < /path/to/file > /path/to/file.gz
Reported-by: Jordan Speicher <jspeicher@xes-inc.com>
Signed-off-by: Aaron Sierra <asierra@xes-inc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 10082b2e43)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, we delete /usr/share/bash-completion when bash is not enabled.
We need to delete /etc/bash_completion.d too. For example, the jo package
installs files there:
/etc/bash_completion.d/jo.bash
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 18072ecc24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some toolchains, like the Linaro gcc7 toolchains, now install libstdc++ debug
library symbols to /lib/debug, which can be as large as the library itself.
This commit removes the extra debug content if debugging is not enabled.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 04e9a1ec8c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
- Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
private key that didn't include the uncompressed public key), as well
as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with
a NULL f_rng argument. An attacker with access to precise enough
timing and memory access information (typically an untrusted operating
system attacking a secure enclave) could fully recover the ECC private
key.
- Fix issue in Lucky 13 counter-measure that could make it ineffective
when hardware accelerators were used (using one of the
MBEDTLS_SHAxxx_ALT macros). This would cause the original Lucky 13
attack to be possible in those configurations, allowing an active
network attacker to recover plaintext after repeated timing
measurements under some conditions.
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07
Switch to github to get latest release
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7f79bb5cfd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-15466: It may be possible to make Wireshark consume
excessive CPU resources by injecting a malformed packet onto the wire or
by convincing someone to read a malformed packet trace file.
https://www.wireshark.org/security/wnpa-sec-2020-09.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 17ebc1366c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-4030: In FreeRDP before version 2.1.2, there is an out of
bounds read in TrioParse. Logging might bypass string length checks
due to an integer overflow.
- Fix CVE-2020-4031: In FreeRDP before version 2.1.2, there is a
use-after-free in gdi_SelectObject. All FreeRDP clients using
compatibility mode with /relax-order-checks are affected.
- Fix CVE-2020-4032: In FreeRDP before version 2.1.2, there is an
integer casting vulnerability in update_recv_secondary_order. All
clients with +glyph-cache /relax-order-checks are affected.
- Fix CVE-2020-4033: In FreeRDP before version 2.1.2, there is an out of
bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions
with color depth < 32 are affected.
- Fix CVE-2020-11095: In FreeRDP before version 2.1.2, an out of bound
reads occurs resulting in accessing a memory location that is outside
of the boundaries of the static array
PRIMARY_DRAWING_ORDER_FIELD_BYTES.
- Fix CVE-2020-11096: In FreeRDP before version 2.1.2, there is a global
OOB read in update_read_cache_bitmap_v3_order. As a workaround, one
can disable bitmap cache with -bitmap-cache (default).
- Fix CVE-2020-11097: In FreeRDP before version 2.1.2, an out of bounds
read occurs resulting in accessing a memory location that is outside
of the boundaries of the static array
PRIMARY_DRAWING_ORDER_FIELD_BYTES.
- Fix CVE-2020-11098: In FreeRDP before version 2.1.2, there is an
out-of-bound read in glyph_cache_put. This affects all FreeRDP clients
with `+glyph-cache` option enabled.
- Fix CVE-2020-11099: In FreeRDP before version 2.1.2, there is an out
of bounds read in license_read_new_or_upgrade_license_packet. A
manipulated license packet can lead to out of bound reads to an
internal buffer.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7f54bfc169)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-12695: The Open Connectivity Foundation UPnP specification before
2020-04-17 does not forbid the acceptance of a subscription request with a
delivery URL on a different network segment than the fully qualified
event-subscription URL, aka the CallStranger issue
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- MEDIUM: Sec 3661: Memory leak with CMAC keys
Systems that use a CMAC algorithm in ntp.keys will not release a bit of
memory on each packet that uses a CMAC key, eventually causing ntpd to run
out of memory and fail. The CMAC cleanup from https://bugs.ntp.org/3447,
part of ntp-4.2.8p11 and ntp-4.3.97, introduced a bug whereby the CMAC
data structure was no longer completely removed.
https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d6d4557b7a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump jq package to latest to fix seg fault errors reported at
https://github.com/stedolan/jq/issues/2003
Signed-off-by: Lyle Franklin <lylejfranklin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c94794175f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a minor release which provides fixes for CVE-2020-9800,
CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806,
CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, and CVE-2020-13753.
Updating from 2.28.2 also brings in the usual batch of fixes, including
important improvements to threading in the media player. Full release
notes can be found at:
https://webkitgtk.org/2020/07/09/webkitgtk2.28.3-released.html
A detailed security advisory can be found at:
https://webkitgtk.org/security/WSA-2020-0006.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fa1185412e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a minor release which provides fixes for CVE-2020-9800,
CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806,
CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, and CVE-2020-13753.
Updating from 2.28.2 also brings in the usual batch of fixes, including
important improvements to threading in the media player. Full release
notes can be found at:
https://wpewebkit.org/release/wpewebkit-2.28.3.html
A detailed security advisory can be found at:
https://wpewebkit.org/security/WSA-2020-0006.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit aa2c6cfd31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Quoting https://www.php.net/
"For windows users running an official build, this release contains a
patched version of libcurl addressing CVE-2020-8159.
For all other consumers of PHP, this is a bug fix release."
Changelog: https://www.php.net/ChangeLog-7.php#7.4.8
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a6a500bb99)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following CVEs:
- CVE-2019-19923 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service condition because of a NULL
pointer dereferencing while handling `SELECT DISTINCT`statements.
- CVE-2019-19924 (Fixed in 3.31.0)
The SQLite mishandles certain SQL commands due to improper error
handling by ` sqlite3WindowRewrite() ` function.
- CVE-2020-13435 (Fixed in 3.32.1)
SQLite is vulnerable to denial-of-service (DoS) due to improper handling
of query rewriting. An attacker could exploit this vulnerability by
supplying a system with maliciously crafted input.
- CVE-2020-13632 (Fixed in 3.32.0)
SQLite is vulnerable to denial-of-service (DoS) due to improper pointer
management in the FTS3 virtual table module. An attacker could exploit
this vulnerability by supplying a system with maliciously crafted input.
- CVE-2020-13434 (Fixed in 3.32.1)
SQLite is vulnerable to denial-of-service (DoS) due to improper handling
of floating-point operations. An attacker could exploit this
vulnerability by supplying a system with maliciously crafted input.
- CVE-2020-13871 (Fixed in 3.32.3)
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c
because the parse tree rewrite for window functions is too late.
- CVE-2020-13630 (Fixed in 3.32.0)
SQLite is vulnerable to denial-of-service (DoS) due to a use after free
issue in the FTS3 virtual table module. An attacker could exploit this
vulnerability by supplying a system with maliciously crafted input.
- CVE-2020-15358 (Fixed in 3.32.3)
SQLite is vulnerable to a heap-based buffer overflow flaw in part of an
optimization feature. An attacker able to issue specially crafted
queries could cause the application to crash, resulting in a
denial-of-service (DoS).
- CVE-2020-9327 (Fixed in 3.32.0)
SQLite is vulnerable to a Null pointer dereference flaw. A remote
attacker able to issue specially crafted SQL statements may be able to
cause a segmentation fault and application crash, resulting in a
denial-of-service (DoS).
- CVE-2019-19645 (Fixed in 3.31.0)
It was discovered that SQLite contains an denial-of-service (DoS)
vulnerability. An attacker could exploit this to trigger an infinite
recursion resulting in excessive resource consumption leading to a DoS
condition.
- CVE-2019-19926 (Fixed in 3.31.0)
The SQLite allows denial-of-service attack due to improper input
validation of user-supplied input.
- CVE-2020-11655 (Fixed in 3.32.0)
SQLite contains a memory corruption vulnerability. Successfully
exploiting this issue may allow attackers to cause a denial-of-service
(DoS). This allows an attacker to cause SQLite to crash by issuing a
crafted SQL query to the database.
- CVE-2019-19925 (Fixed in 3.31.0)
The INSERT statement fails when the zip file path is `NULL`.
- CVE-2019-19242 (Fixed in 3.31.0)
SQLite is vulnerable to a denial-of-service (DoS). An attacker could
exploit this vulnerability by supplying a maliciously crafted query to
cause an application crash.
- CVE-2019-19244 (Fixed in 3.31.0)
SQLite is vulnerable to a denial-of-service. An attacker could exploit
this vulnerability by providing a crafted SELECT statement to the SQL
server, resulting in an application crash.
- CVE-2020-13631 (Fixed in 3.32.0)
SQLite is vulnerable to data manipulation due to improper management of
virtual tables. An attacker could exploit this vulnerability by
supplying a system with maliciously crafted input.
- CVE-2020-11656 (Fixed in 3.32.0)
SQLite contains a Use-After-Free vulnerability. Successfully exploiting
this issue may allow attackers to cause a denial-of-service (DoS). This
allows an attacker to cause SQLite to crash by issuing a crafted SQL
query to the database.
- CVE-2019-19880 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service (DoS) due to the mismanagement
of memory resources. A remote attacker could cause a victim's instance
of the application to crash by submitting crafted request that will lead
to the application parsing problematic integer values.
- CVE-2019-20218 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service (DoS) due to improper
exception handling which could lead to unwinding of the `WITH` stack
following parsing errors. An attacker could exploit this vulnerability
by supplying a system with maliciously crafted input.
- CVE-2019-19603 (Fixed in 3.31.0)
It was discovered that SQLite contains a denial-of-service (DoS)
vulnerability. An authenticated attacker could exploit this
vulnerability by creating tables with the same name as shadow table
names.
- CVE-2019-19959 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service (DoS) due to the mismanagement
of system memory resources. A remote attacker could cause a victim's
instance of the application to crash by causing it to process a SQL
statement that references a maliciously crafted file name.
- CVE-2019-19646 (Fixed in 3.31.0)
SQLite is vulnerable to a denial-of-service (DoS). An attacker could
exploit this vulnerability by supplying malicious SQL in order to crash
the application.
- CVE-2019-19317 (Fixed in 3.31.0)
SQLite contains a denial-of-service (DoS) vulnerability due to incorrect
logic in name lookups. An attacker could exploit this to cause a
application crash.
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
CC: Peter Korsgard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a231f01e4b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This won't enable install to staging unless capitalized.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b6141b2aa1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed patch which was applied upstream, reformatted hashes.
Release notes:
https://lists.gnu.org/archive/html/libmicrohttpd/2020-06/msg00013.html
"This release fixes a potential buffer overflow and is thus considered a
security release. Please upgrade as soon as possible."
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7a9a554cfc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Video4Linux2 plugins can udev for device probing and monitor.
This greatly improves load time and monitoring performance.
It also enables hotplug monitoring for cameras.
gstreamer is libglib2-based; libgudev is libnglib2-based. So they both
have the same basic dependencies as liblib2 has, and thus propagating
the dependencies of libgudev is not necessary (but might be confusing in
the future, even though such a change is highly unlikely...)
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f50086e59f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 0737f48c5f (package/poco: disable build for riscv) did not
propagate the new dependency on BR2_riscv to the comment.
Introduce BR2_PACKAGE_POCO_ARCH_SUPPORTS to solve this issue.
Signed-off-by: Julien Olivain <juju@cotds.org>
[yann.morin.1998@free.fr:
- reword the commit log
- use separate 'depend on !arch'
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4f733a4de7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The output of 'find' depends on the directory entries, and is not
ordered. As a consequence, the cpio archive is not reproducible.
Fix that by sorting the output of find. Use the 'C' locale to enforce
reproducibility that does not depend on the locale.
The command line is now pretty long, so we wrap it.
Signed-off-by: Yurii Monakov <monakov.y@gmail.com>
[yann.morin.1998@free.fr:
- use LC_ALL=C when sorting
- wrap long line
- reword commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4728fdd4c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using precompiled headers, changing any macros defined on the
command line will invalidate the precompiled header. With
toolchain-wrapper adding __DATE__ and __TIME__, any commits to Buildroot
will invalidate incremental builds regardless of whether the precompiled
header actually uses those values (affecting _OVERRIDE_SRCDIR).
GCC-7 and later support SOURCE_DATE_EPOCH and use it to define __DATE__
and __TIME__ internally, avoiding any impact on precompiled headers.
Disable the custom handling in toolchain-wrapper if GCC is version 7 or
newer.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 408bc354a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When booting, a Raspberry Pi will load the appropriate start files,
depending on the provided configuration. For example, if the config.txt
file contains ’gpu_mem=16’ the board will automatically load the
cut-down startup files (start_cd.elf and fixup_cd.dat on non-Rpi4).
Unfortunately, even when the appropriate version is selected in the
configuration menu, if the rpi-firmware makefile takes the good files,
it renames them to non-qualified, i.e. start.elf and fixup.dat. But as
these are not the files searched by the Raspberry Pi, the board will not
start.
This patch will set the names of the files to load as constant in the
config.txt file. This guarantees that the rpi firmware blobs do not take
any other corner-case decision based on any other as-yet unknown
conditions.
This eases the maintenance, as only the names of the source files
matter; the destination filenames are constants, and so are the
filenames in config.txt.
Fixes: #13026
Signed-off-by: Stéphane Veyret <sveyret@gmail.com>
[yann.morin.1998@free.fr:
- very minor fix in commit title
- drop the non-conditional macro and move its content into
RPI_FIRMWARE_INSTALL_IMAGES_CMDS
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1bdc0334ff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes a possible loop-forever bug.
Release notes:
https://github.com/martinh/libconfuse/releases/tag/v3.3
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2747d96714)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BSD style locks such as implemented by flock are translated to POSIX
advisory file locks (implemented by the fcntl system call on Linux). It
is not possible to lock a directory using POSIX advisory file locks.
Hence, the lock strategy used by Buildroot doesn't work when used over
NFS.
Using flock on a simple file works correctly though, so use a '.lock'
file inside the download directory instead. If the lockfile does not
exist, flock will create it (in a race-free fashion).
Tested using NFS v4.2 and Linux 5.4.43.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
[yann.morin.1998@free.fr:
- slightly expand commit log about creation of the lockfile
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2e9d6565fc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We are using autotools build system for sdl2, so the sdl2-config.cmake
include path are not resolved like for sdl2-config script [1].
Remove sdl2-config.cmake file and avoid unsafe include path if this
file is used by a cmake based package.
This trigger an issue with ogre 1.12.6 package that replaced
FindSDL2.cmake by sdl2-config.cmake [2].
Thanks to Pavel Rojtberg for the help [3].
[1] https://bugzilla.libsdl.org/show_bug.cgi?id=4597
[2] 6de6f9b408
[3] https://github.com/OGRECave/ogre/issues/1568
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d59261836a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Nicolas Robin <nrosfs@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fe29913fa9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
