Fixes the following security vulnerabilities:
CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via
HTTPS
For more details, see the announcement:
https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
As per: 4645e21913
"For Windows targets, libtool uses a wrapper executable, not a wrapper
script (see [1]), which it compiles with the host compiler. This
doesn't work when cross-compiling."
Because of this change, builds fail on Linux hosts without a static
libc. This patch reverts this change as we are guaranteed to build in a
Linux environment.
Fixes:
http://autobuild.buildroot.net/results/ac7c777e5fe31b6eda8b8b662881b07299e57ae9
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
X11_CFLAGS no longer exists in version 1.6.8 of libX11, making the
XLIB_LIBX11_DISABLE_MAKEKEYS_X11_CFLAGS post patch hook useless.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Globally change Adam Duskett's email address to aduskett@gmail.com.
Note that one or two of the patches may have been applied upstream with
the old email address, but in that case those patches will anyway be
removed when bumping.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When running in a CI system, stat messages become white noise. Introduce
an option to suppress non-error, non-warning, messages.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Barebox starting from 2019.02 no longer ships flex/bison generated
parser. Add conditional kconfig dependencies, same as we did for kernel
and uboot.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security vulnerability:
CVE-2019-13045: Use after free when sending SASL login to the server found
by ilbelkyr
For more details, see the advisory:
https://irssi.org/security/html/irssi_sa_2019_06/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, foo-depends only builds build dependencies. This means that
download and extract dependencies are not built.
First, but a minor point, this is inconsistent with foo-show-depends,
which does display all dependencies:
$ make host-gzip-show-depends
host-skeleton host-tar
$ make host-gzip-depends
# Only host-skeleton is built and installed
Second, and more important, it makes it more difficult to preapre a
debug build, like so:
$ make foo-depends
$ tar cf output.tar output
$ make foo
# bummer, broken
# edit foo.mk to try and fix it
$ rm -rf output; tar xf output.tar
# rince and repeat
Change foo-depends so that it really builds all the dependencies for
foo, bringing it on-par with foo-show-depends.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 4102db0f7 (package/libglib2: bump to version 2.60.3) did convert
libglib2 over to meson. In doing so, it left a very corner-case along.
When the target is an ARM CPU and the build is in thumb mode, then we
want to ensure that libglib2 is still built in arm mode (because of
inline asm).
But with meson, CFLAGS from the environment are passed to the host
compiler, so the build breaks, and the meson log contains:
Appending CFLAGS from environment: '-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -marm'
No LDFLAGS in the environment, not changing global flags.
No CPPFLAGS in the environment, not changing global flags.
Sanity testing C compiler: cc
Is cross compiler: False.
Sanity check compiler command line: cc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -marm [...]/build/libglib2-2.60.4/build/meson-private/sanitycheckc.c -o [...]/build/libglib2-2.60.4/build/meson-private/sanitycheckc.exe
Sanity check compile stdout:
-----
Sanity check compile stderr:
cc: error: unrecognized command line option ‘-marm’; did you mean ‘-mabm’?
-----
meson.build:1:0: ERROR: Compiler cc can not compile programs.
Fix that by using the new per-package CFLAGS feature of the meson infra.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libglib2 uses a very crude and error-prone way to detect the intl
functions, which basically fails when the C library is not glibc.
There is a bug report about this in upstream meson [1], but it doesn't
seem to get any progress. Fixing that properly in Buildroot looks
complicated.
Now that a meson package can specify its LDFLAGS, use that to pass the
infrastructure-provided TARGET_NLS_LIBS to link with.
Fixes:
http://autobuild.buildroot.org/results/f0d/f0d85d76786343d767fba9c7c5c01f042ecfc018/
[...]
[1] https://github.com/mesonbuild/meson/issues/3740
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Meson does not allow to pass CFLAGS/LDFLAGS/CXXFLAGS via the environment
or via command-line arguments or options (instead, those flags from the
environment are passed to the host compiler, which is seldom what we
need). The only way to pas those flags is via the cross-compilation.conf
file.
Add LIBFOO_CFLAGS, LIBFOO_LDFLAGS and LIBFOO_CXXFLAGS variables to allow
packages to provide their own flags, possibly overriding the generic
ones entirely, as we allow for other infras. Those per-package flags will
then be used to generate the per-package cross-compilation.conf.
This means that the meson infra is the first and only infra for which
FOO_CFLAGS, FOO_LDFLAGS, and FOO_CXXFLAGS are meaningful, while for the
other infras, they are just variables private to the package itself.
Instead of naming those variables after the meson infra (e.g.
FOO_MESON_CFLAGS), we name them with a generic name, as maybe, just
maybe, we could also change the other infras to also recognise those
variables.
Just like for the HOST_MESON_SED_CFLAGS etc., we need to add auxiliary
variables to do convert the shell-formatted argument list into the
JSON-formatted list that meson expects. We can't use a pure-make
construct because the CFLAGS can contain quoting that needs to be
expanded by the shell. Similarly, we need a condition on the strip'ed
variable to avoid passing empty arguments.
To mimic this feature for packages that are built from the SDK, we also
install a templatised version of cross-compilation.conf, with three new
placeholders for custom flags. If a user wants to build a package that
needs custom flags, they can use that template to generate a per-package
cross-compilation.conf.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When TARGET_CFLAGS (or _LDFLAGS or _CXXFLAGS) are empty, but were
constructed by appending other variables, like:
TARGET_CFLAGS = $(SOMETHING) $(SOMETHING_ELSE)
and both variables are empty, then $(TARGET_CFLAGS) is _not_ the
null-string; it's value is a string made of a single space.
This means that the construct:
$(if $(TARGET_CFLAGS),true,false)
will in fact return 'true'.
In our case, it means that we will call:
`printf '"%s", ' `
which expands to just:
"",
which we are then happy to insert as-is in the generated
cross-compilation.conf.
Then meson, will happily call the compiler with an empty argument.
The compiler is less happy, though:
arm-none-linux-gnueabi-gcc: error: : No such file or directory
And this is not even trivial to debug either... The only clue being that
there seems to be something missing between ': :'
We fix that testing the $(strip)ed value. We can still pass the
non-$(strip) expansion, because the shell will just do it for us, and we
are then sure there is at least one non-blank word in there.
Thanks a lot to Adam for his invaluable help debugging this!
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This test case builds a native library and ensures a Java class can load
and interact with the native library. The test also verifies Java code
can make system calls via the native library.
Signed-off-by: Daniel J. Leach <dleach@belcan.com>
Acked-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Arnout: rebase after change of version formatting]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
A string transformation library that singularizes and pluralizes English
words, and transforms strings from CamelCase to underscored string.
Inflection is a port of Ruby on Rails' inflector to Python.
https://github.com/jpvanhal/inflection
Signed-off-by: John Faith <jfaith@impinj.com>
[Arnout: select unicodedata, add hash for license file]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security vulnerabilites:
CVE-2018-20843: In libexpat in Expat before 2.2.7, XML input including XML
names that contain a large number of colons could make the XML parser
consume a high amount of RAM and CPU resources while processing (enough to
be usable for denial-of-service attacks).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>