Binutils 2.29 and 2.30 are affected by a bug in ADR and ADRL
pseudo-instruction [1] that was fixed in Binutils 2.31 [2].
* The ADR and ADRL pseudo-instructions supported by the ARM assembler
now only set the bottom bit of the address of thumb function symbols
if the -mthumb-interwork command line option is active.
Due to this issue, we were default to binutils 2.28 for ARM Thumb. But
now that the issue has been fixed in binutils 2.31 and that this
version is the default, the special casing to use 2.28 is no longer
needed.
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=21458
[2] https://sourceware.org/ml/binutils/2018-07/msg00213.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that binutils 2.32 has been released, it is time to move to
binutils 2.31.x as the default binutils version, instead of 2.29.1.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We currently have a patch that replaces the use of (hard-coded) agetty
in systemd, to use just plain getty. That patch dates back to commit
f4a5eed474 (Add the systemd package), when util-linux was not a
dependency, and we relied on busybox to actually provide getty.
But nowadays, util-linux is a mandatory dependency of systemd anyway.
agetty is about 42KiB, while busybox' getty is around 5KiB (give or
take). That's an extra ~40KiB, but it has to be balanced against the
rest of the system: systemd only runs on a glibc system, needs dbus and
thus expat, and kmod, that a ~40KiB overhead is barely noticeable (a
miminal systemd setup with nothing enabled, on ARM, is already ~20MiB)
So, drop our agetty-dropping patch, and forcibly enable agetty in
util-linux.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the arrival of linux v5.0, we need yet another condition to set
_SITE correctly. Instead of continuing this madness, solve the problem
generically: use v2.6 for 2.6.*, and use the number before the first dot
in the other cases.
While we're at it, remove the comment which has been incorrect since
80d7b68167 (7 years ago).
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Adam Duskett <aduskett@gmail.com>
Reviewed-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-rc kernels after v3.x are no longer available in the testing
subdirectory. Instead they should be fetched from cgit.
Commit ff4cccbdcf did this for linux
itself, now we also do it for linux-headers.
When fetched from cgit, .tar.xz can't be used. Adding this to the
existing condition is not so simple, so refactor how _SOURCE is set:
simply set it explicitly in each branch of the condition. While more
verbose (it is repeated 4 times), it's easier to understand and to
maintain.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In addition:
- Remove patches that have been committed upstream.
- Update hash for the README file. (Meson and Dbus dependency version updates)
./support/testing/run-tests -d dl -o output -k tests.init.test_systemd
14:18:20 TestInitSystemSystemdRwNetworkd Starting
14:18:21 TestInitSystemSystemdRwNetworkd Building
14:26:20 TestInitSystemSystemdRwNetworkd Building done
14:27:01 TestInitSystemSystemdRwNetworkd Cleaning up
.14:27:01 TestInitSystemSystemdRwIfupdown Starting
14:27:01 TestInitSystemSystemdRwIfupdown Building
14:28:35 TestInitSystemSystemdRwIfupdown Building done
14:29:03 TestInitSystemSystemdRwIfupdown Cleaning up
.14:29:03 TestInitSystemSystemdRwFull Starting
14:29:04 TestInitSystemSystemdRwFull Building
14:44:35 TestInitSystemSystemdRwFull Building done
14:45:18 TestInitSystemSystemdRwFull Cleaning up
.14:45:18 TestInitSystemSystemdRoNetworkd Starting
14:45:19 TestInitSystemSystemdRoNetworkd Building
14:55:59 TestInitSystemSystemdRoNetworkd Building done
14:56:23 TestInitSystemSystemdRoNetworkd Cleaning up
.14:56:23 TestInitSystemSystemdRoIfupdown Starting
14:56:24 TestInitSystemSystemdRoIfupdown Building
15:06:42 TestInitSystemSystemdRoIfupdown Building done
15:07:09 TestInitSystemSystemdRoIfupdown Cleaning up
.15:07:09 TestInitSystemSystemdRoFull Starting
15:07:10 TestInitSystemSystemdRoFull Building
15:21:17 TestInitSystemSystemdRoFull Building done
15:21:46 TestInitSystemSystemdRoFull Cleaning up
.
----------------------------------------------------------------------
Ran 6 tests in 3806.472s
OK
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The optional dbus dependency of libpcap creates a circular dependency
chain:
$ make libpcap-show-recursive-depends
Recursion detected for : systemd
which is a dependency of: dbus
which is a dependency of: libpcap
which is a dependency of: iptables
which is a dependency of: systemd
make: *** [package/libpcap/libpcap.mk:55: libpcap-show-recursive-depends] Error 1
Of all these dependencies the one of libpcap on dbus seems to be less
useful. Drop it.
Fixes:
http://autobuild.buildroot.net/results/0b5d18bff816cbcee11e8645449701722d956de5/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2017-6519: avahi-daemon in Avahi through 0.6.32 and 0.7
inadvertently responds to IPv6 unicast queries with source addresses
that are not on-link, which allows remote attackers to cause a denial
of service (traffic amplification) and may cause information leakage
by obtaining potentially sensitive information from the responding
device via port-5353 UDP packets.
Signed-off-by: Artem Panfilov <panfilov.artyom@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Python library to scan and decode advertised BLE info.
Uses asyncio.
https://github.com/frawau/aioblescan
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We unfortunately cannot easily download these because of the file names (not
ending in patch) and patch format (p0), so convert to p1 format and include
in package/bash with the following script:
j=1; for i in 19 20 21 22 23; do
file=$(printf '%04d-patch44-0%d.patch' $j $i)
cat > $file << EOF
>From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
EOF
curl https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i | \
sed -e 's|^\*\*\* \.\./|*** |' -e 's|^--- |--- b/|' >> $file
j=$(( j + 1 ))
done
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This release fixes the following issue with new kernels:
kexec --load bzImage --reuse-cmdline
Unhandled rela relocation: R_X86_64_PLT32
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change bumps libiio, to version 0.15.
This version is currently the most stable version in the series. It
contains several fixes over 0.14.
0.16 & 0.17 have been released but they have some issues with backwards
compatibility, so they are not yet recommended.
Changelog for version 0.15 (over 0.14).
Link:
https://github.com/analogdevicesinc/libiio/releases/tag/v0.15
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit 6fb4c14ecb. Indeed,
as Peter Seiderer pointed out, the comment is in fact partially
correct: with Qt 5.6, QT5DECLARATIVE_QUICK does require OpenGL
support.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
qt5declarative can be built/used without opengl support so fix the
dependency comment in qt5webengine.
Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, we repeat all the SSP level selection deep down to the
toolchain wrapper itself, where we eventually translate it to the
actual SSP option to use. This is a bit redundant.
Additionally, we will want to check that the toolchain actually
supports that option (for those toolchain where it was backported).
So, move the translation into kconfig, and add the qstrip'ed value
to the additional flags passed to the wrapper. Add it before
user-supplied opitons, to keep the previous behaviour (and allow
anyone crazy-enough to override it with BR2_TARGET_OPTIMIZATION).
Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, we pass the user-supplied so-called target optimisation flags
to the wrapper.
We're going to have additional such CFLAGS to pass, so push-back the
formatting loop to quote the options at the last moment.
Reported-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- change from git download to official release and
download site (drop need for autoreconf)
- drop dependency on kernel headers >= 3.17 (should be fixed with
commit 'v4l2: make ZBar build and run on Kernels < 3.16' (see [1]),
fall back to original kernel headers >= 3.0 dependency propagated
from libv4l
[1] https://git.linuxtv.org/zbar.git/commit/?id=fa5c48127ec1e3670e28540c2e6a03431ebac5b8
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop three patches (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove two patches (already in version)
- Update hash of LICENSE.md, clarifications on BSD and zlib were added:
90e2d7f3fd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add LIBCDIO_PARANOIA_SOURCE to download a tar.bz2 (tar.gz is not
available for this version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Set the GOCACHE environment variable properly.
It was previously unset, and defaults to $HOME/.cache/go-build.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a 'VARS=...' setting to the example. To make it clear that several
variables can be specified, use two variables in the first example.
Only 2 variables are printed, so the ... is removed.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Using 'make printvars' for printing all variables is not very useful.
E.g. all macros will output some bogus value. In addition, the same can
be achieved with 'make -p'.
We can simply remove the condition on $(VARS). If VARS is not set, the
filter expression will be empty which matches nothing, so nothing is
printed.
Note that the old behaviour can still be achieved with:
make printvars VARS=%
Update the 'make help' text to match the new behaviour.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Current git contains fixes for a number of post-2.3.0 security issues:
git shortlog --no-merges -i --grep cve --grep overflow --grep zero v2.3.0..
Even Rouault (2):
Avoid out-of-bounds write overflow due to uint32 overflow computation on images with huge dimensions.
color_apply_icc_profile: avoid potential heap buffer overflow
Hugo Lefeuvre (4):
convertbmp: fix issues with zero bitmasks
jp3d/jpwl convert: fix write stack buffer overflow
jp2: convert: fix null pointer dereference
convertbmp: detect invalid file dimensions early
Karol Babioch (2):
jp3d: Replace sprintf() by snprintf() in volumetobin()
opj_mj2_extract: Check provided output prefix for length
Stefan Weil (1):
Fix some potential overflow issues (#1161)
Young_X (5):
[MJ2] To avoid divisions by zero / undefined behaviour on shift
[JPWL] fix CVE-2018-16375
[JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
[JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
[JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
ichlubna (1):
openjp3d: Int overflow fixed (#1159)
setharnold (1):
fix unchecked integer multiplication overflow
Drop now upstreamed 0004-install-static-lib.patch.
Add a hash for the LICENSE file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
"5.0.0 is a breaking release and not compatible to the 0.4 series", so
update minetest-game package in the same commit.
Update GCC dependency to 4.9+.
Use LICENSE.txt as license file instead of the README.md.
Update license files hash for minetest-game after checking what's changed.
Add new license files for minetest-game.
https://forum.minetest.net/viewtopic.php?t=22278
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bugfix release, fixing a number of issues discovered post-1.5.7
https://mosquitto.org/blog/2019/02/version-1-5-8-released/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
php-7.3.3 fixes a number of security issues (no CVE known, bugtracker issues
not yet public): https://secure.php.net/ChangeLog-7.php#7.3.3
Drop 0004-OPcache-flock-mechanism-is-obviously-linux-so-force-.patch as the
flock detection has been removed since commit 9222702633 (Avoid dependency
on "struct flock" fields order.)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2019-8906: do_core_note in readelf.c in libmagic.a in file 5.35 has
an out-of-bounds read because memcpy is misused.
CVE-2019-8904: do_bid_note in readelf.c in libmagic.a in file 5.35 has a
stack-based buffer over-read, related to file_printf and file_vprintf.
Update license files hashes; removal of trailing white spaces.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As stated in SConstruct, the altivec runtime test breaks
cross-compilation: "This checks for an altivec optimization we use in
full text search. Different versions of gcc appear to put output bytes
in different parts of the output vector produced by vec_vbpermq. This
configure check looks to see which format the compiler produces. NOTE:
This breaks cross compiles, as it relies on checking runtime
functionality for the environment we're in."
Fixes:
- http://autobuild.buildroot.org/results/162198617979a83b66f70ed6013251942ed04d67
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove first two patches (already in version)
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>