icu is required to build Q5tWebkit.
When UChar is defined as char16_t in ICU, then qtbase fails to detect ICU.
The issue is described https://bugreports.qt.io/browse/QTBUG-49586
Build fails with following error messages:
...
ustring.h:473:20: error: ‘UChar’ does not name a type
u_strCompare(const UChar *s1, int32_t length1,
^
^
make[2]: *** [Makefile:195: icu.o] Error 1
ICU disabled.
The ICU library support cannot be enabled.
Signed-off-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 89a82e7210)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On x86_64, we use the host compiler instead of the target compiler to
build kvm-unit-tests, because it is built with -m32 and our target
compiler doesn't support that.
However, the compiler on Arch Linux is broken: it *always* builds with
-fstack-protector, even when -ffreestanding is passed. However, when
-fnostdlib is passed at link time (which is normally the case when
building with -ffreestanding), it is not linked with the stack-protector
library. This leads to a link time error:
/usr/bin/ld: x86/realmode.o: in function `print_serial_u32':
.../x86/realmode.c:104: undefined reference to `__stack_chk_fail'
Since the entire package is built with -ffreestanding, it doesn't
support stack-protector at all. Therefore, simply pass
-fno-stack-protector explicitly on x86_64 to work around the bug in Arch
Linux.
Bug reported upstream: https://bugs.archlinux.org/task/64270
Fixes:
- http://autobuild.buildroot.org/results/e6f767755ffdb5ecc014eb5ad7519814f075a60e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c0ffd16e40)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Openssl is required so that Gem can install ruby gems from secure websites.
ERROR: While executing gem ... (Gem::Exception)
Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or
use non-HTTPS sources
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ed5549b987)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
sox implements a custom mechanism to detect whether the toolchain has
SSP suport or not. In doing so, it explicitly tries to see if libssp.so
is present, in which case it unconditionally links with it, even though
the compiler, if left by itself, would have used the SSP support
provided by the C library.
However, with Buildroot, the SSP options are handled in our gcc
wrapper, so packages should just not bother with that.
It turns out that, when sox is configured with --disable-stack-protector,
it does not disable it, but really does nothing, which is good for us.
Currently, SSP is conditionally disabled in sox, under various
conditions: that the toolchain does not have SSP, or that it is one of
the know SSP-challenged (i.e. broken) toolchains. Those conditions dates
back tpo before our wrapper started handling that.
Remove all those conditions, unconditionally disable SSP in sox, and let
our gcc wrapper handle the SSP options.
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4653d273b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Buildroot, the internal toolchain backend uses the SSP support from
the C library, not that of gcc.
Some external toolchains come with SSP suport in gcc, which is
implemented in libssp.so, rather than in the C library.
When a toolchain even has both, it is up to the compiler to decide
whether it will link to libssp or use the support from the C library.
However, in the latter case, a (incorrectly written) package may decide
to explicitly link with libssp.so when it is available (even though the
compiler may have decided otherwise if left by itself). This is the case
for example with sox, which results in runtime failures, such as:
$ sox
sox: error while loading shared libraries: libssp.so.0: cannot open
shared object file: No such file or directory
Even if sox is wrong in doing so, the case for libssp-only toolchains is
still valid, and we must copy it as we copy other libs.
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 971479ed62)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
SGI is gone (RIP). Use the github project as landing page.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f5ff55822d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes compilation issue in case memfd_create is a stub in libc.
Patch already merged in lxc master branch
(344b8ee293f4d3730a70a6ccaa03d7e4a516ae95).
Copy of the original commit log:
In case the internal memfd_create has to be used, make sure we don't
clash with the already existing memfd_create function from glibc.
This can happen if this glibc function is a stub. In this case, at
./configure time, the test for this function will return false, however
the declaration of that function is still available. This leads to
compilation errors.
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0d6b305e52)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since <package>-rebuild implies <package>-reinstall and
<package>-reconfigure implies <package>-rebuild, it is confusing
to mention the make and make <package> commands when describing
the restart of the configuration, compilation and installation of
the package.
Therefore remove the ", followed by +make+ or +make <package>+"
portions in the "8.3. Understanding how to rebuild packages" section,
and add a new paragraph clarifying how to include the rebuilt package
in the filesystem image, if that is necessary.
Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9155d1a38d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerablities:
- CVE-2018-1000222: Libgd version 2.2.5 contains a Double Free Vulnerability
vulnerability in gdImageBmpPtr Function that can result in Remote Code
Execution . This attack appear to be exploitable via Specially Crafted
Jpeg Image can trigger double free
- CVE-2018-5711: gd_gif_in.c in the GD Graphics Library (aka libgd), as used
in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x
before 7.2.1, has an integer signedness error that leads to an infinite
loop via a crafted GIF file, as demonstrated by a call to the
imagecreatefromgif or imagecreatefromstring PHP function
- CVE-2019-11038: When using the gdImageCreateFromXbm() function in the GD
Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP
versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it
is possible to supply data that will cause the function to use the value
of uninitialized variable. This may lead to disclosing contents of the
stack that has been left there by previous code
- CVE-2019-6978: The GD Graphics Library (aka LibGD) 2.2.5 has a double free
in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 505a70edbe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
NSS_ENABLE_ECC is not supported anymore, then remove it from our
libnss.mk file.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8223904643)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2019-11756: Remove refcounting from sftk_FreeSession
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 551d81c079)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release fixes CVE-2019-9740, CVE-2019-9948, CVE-2019-15903.
Adjust 0002-Fix-get_python_inc-for-cross-compilation.patch for 2.7.17.
Remove the following patches (now on upstream):
* 0035-bpo-35907-CVE-2019-9948-urllib-rejects-local_file-sc.patch
* 0036-bpo-36216-Add-check-for-characters-in-netloc-that-no.patch
* 0037-3.7-bpo-36216-Only-print-test-messages-when-verbose-.patch
* 0038-bpo-36742-Fixes-handling-of-pre-normalization-charac.patch
* 0039-bpo-36742-Corrects-fix-to-handle-decomposition-in-us.patch
* 0040-2.7-bpo-36742-Fix-urlparse.urlsplit-error-message-fo.patch
* 0041-bpo-30458-Disallow-control-chars-in-http-URLs-GH-127.patch
Full release details at:
https://github.com/python/cpython/blob/v2.7.17/Misc/NEWS.d/2.7.17rc1.rst
run-tests results:
10:30:20 TestPython2 Starting
10:30:21 TestPython2 Building
10:37:37 TestPython2 Building done
10:37:47 TestPython2 Cleaning up
.
----------------------------------------------------------------------
Ran 1 test in 448.616s
OK
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7df07cb611)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On uClibc up to at least v1.0.32, syscall() for x86_64 is defined in
libc/sysdeps/linux/x86_64/syscall.S as
syscall:
movq %rdi, %rax /* Syscall number -> rax. */
movq %rsi, %rdi /* shift arg1 - arg5. */
movq %rdx, %rsi
movq %rcx, %rdx
movq %r8, %r10
movq %r9, %r8
movq 8(%rsp),%r9 /* arg6 is on the stack. */
syscall /* Do the system call. */
cmpq $-4095, %rax /* Check %rax for error. */
jae __syscall_error /* Branch forward if it failed. */
ret /* Return to caller. */
And __syscall_error is defined in
libc/sysdeps/linux/x86_64/__syscall_error.c as
int __syscall_error(void) attribute_hidden;
int __syscall_error(void)
{
register int err_no __asm__ ("%rcx");
__asm__ ("mov %rax, %rcx\n\t"
"neg %rcx");
__set_errno(err_no);
return -1;
}
Notice that __syscall_error returns -1 as a 32-bit int in %rax, a 64-bit
register i.e. 0x00000000ffffffff (decimal 4294967295). When this value
is compared to -1 in _sys_chk_seccomp_flag_kernel() the result is false,
leading the function to always return 0.
Prevent the error by coercing the return value of syscall() to int in a
temporary variable before comparing it to -1. We could use just an (int)
cast but the variable makes the code more readable and the machine code
generated by the compiler is the same in both cases.
All other syscall() invocations were inspected and they either already
coerce the result to int or do not compare it to -1.
The same problem probably occurs on other 64-bit systems but so far only
x86_64 was tested.
A bug report is being submitted to uClibc.
Upstream status: https://github.com/seccomp/libseccomp/pull/175
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 440c7a9d9e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a BPF generation bug where the optimizer mistakenly identified
duplicate BPF code blocks.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d5787d1ab1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 0.53 has a fix for INVALIDATE and SHUTDOWN requests being
ignored.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Doug Kehn <rdkehn@yahoo.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2de1289282)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
These patches are already in qemu upstream under:
- 184943d827ce09375284e6fbb9fd5eeb9e369529
- 71ba74f67eaca21b0cc9d96f534ad3b9a7161400
They rename gettid() to sys_gettid() to avoid clash with glibc
Signed-off-by: Paulo Matos <pmatos@igalia.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9dcca3ae40)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Required since the bump from 3.1.1.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1ef6d39565)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On uClibc-ng sysconf(_SC_LEVEL1_{I,D}CACHE_LINESIZE) returns -1, which
is a valid result, meaning that the limit is indeterminate. Add a patch
that handles this situation using fallback values instead of crashing
due to an assertion failure.
Upstream status:
https://lists.nongnu.org/archive/html/qemu-devel/2019-10/msg04115.html
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5e968678fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a couple of important things and among other things the build of
pvrdma code:
----------------------->8---------------------
In function 'create_qp':
hw/rdma/vmw/pvrdma_cmd.c:517:16: error: 'rc' undeclared
----------------------->8---------------------
Bumped into this build problem while building vanilla
qemu_arm_versatile_defconfig.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Alexander Dahl <post@lespocky.de>
Cc: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4bed6dbec9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e440f7d86c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 62dbc17ef4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2019-14287: a sudo user may be able to run a command as root
when the Runas specification explicitly disallows root access as long as
the ALL keyword is listed first.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4a96d62749)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update hash of license file:
- update in year
- add arc4random.c, arc4random_uniform.c and getentropy.c license (ISC)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 276072dbd4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
CVE-2019-13503: mq_parse_http in mongoose.c in Mongoose 6.15
has a heap-based buffer over-read.
See https://github.com/cesanta/mongoose/releases/tag/6.16
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit aeee0b9bd7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Back in commit 025b863e6f, the option
BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS was introduced, to
separate the option that host packages needing Rust should depend on
(BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS) from the option that target
packages needing Rust should depend on
(BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS).
Since the example in the manual is showing a target package, we must
use BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Sam Voss <sam.voss@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit edee45b843)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit modifies the main() function so that it returns the sum of
build and legal errors, making sure the overall test-pkg script exists
with a non-zero error code upon failure.
Signed-off-by: Heiko Thiery <heiko.thiery@kontron.com>
[Thomas: improved commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5093435f66)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build sometimes fails on:
Fatal error: can't create build/load_aiff.o: No such file or directory
Fixes:
- http://autobuild.buildroot.org/results/c800ef60d8af0cd76f2f1de9aff573120ebd8ada
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fcc22749e8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The license file for this application is BSD-2-Clause and not
BSD-3-Clause as we currently state in the _LICENSE variable.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1eb8252cce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ash is no longer working at Savoir-faire Linux. Update his email
address in the DEVELOPERS file.
Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e32e92233f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
WITH_LUAVER must be set with a value depending of Lua interpreter,
by this way, the module is installed in the correct location
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f2d1ec39e4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Morgan's e-mail is bouncing:
"""
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
m.delestre@sinters.fr
retry timeout exceeded
"""
And I was confirmed by CORJON Julien <CORJON.J@ecagroup.com> that
Morgan is no longer at ECA/Sinters.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6015b46865)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In a private e-mail answering one of our notifications about packages
being outdated, Jonathan replied:
"""
I switched from Buildroot to OpenEmbedded in 2013 so am no longer actively
involved with Buildroot.
Please unsubscribe me from outdated package notifications.
"""
So let's remove him from the DEVELOPERS file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 175c3f8b2d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
